View
224
Download
0
Category
Tags:
Preview:
Citation preview
LTU CISP Security
Cryptography
Basic concepts and terms Public/Private Key Algorithms Key Distribution/Management Digital Signatures Miscellaneous Crypto
LTU CISP Security
Crytpo Intro
Why Encrypt? Protect stored information Protect
Encryption - process by which plaintext is converted to ciphertext using a key
Decryption - process by which ciphertext is converted to plaintext (with the appropriate key)
plaintext (cleartext)- intelligible data
LTU CISP Security
Crypto Terms
Cryptography - art/science relating to encrypting, decrypting information
cryptanalysis - art/science relating to converting ciphertext to plaintext without the (secret) key
Link encryption - the individual application of encryption to data on each link of a network (nodes are a weak link)
end-to-end encryption - the encryption of data from source system to end system (https)
LTU CISP Security
CISSP and Cryptology Limited Keys, There Use
Need to encrypt the key as well Took new programmer 15 minutes to break
Triple – DES, He put the compiled DLL into notepad and found a phrase
Symmetry Types
Nor Which Data To Encrypt Passwords? Nor What data not to encrypt
Different keys / approaches for different data Not the Underlying Mathematics
Nor Theoretical Probabilities Definition and Use
LTU CISP Security
Crypto Terms
Repudiation - In communication between parties, Denial by one party of having participated in communication (commonly heard as non-repudiation)
Traffic analysis - inference of information from analysis of traffic (presence, absence, frequency, etc.)
Traffic padding - generation of spurious data units Work Factor - effort/time needed to overcome a
protective measure
LTU CISP Security
One - Time Pad
Two identical pads (keys), one with sender, one with recipient
The random pads (keys) are the same length as the message
Unbreakable by exhaustive search Relies on physical security of the pads Pads can only be used once
LTU CISP Security
Cryptanalysis Terms
Ciphertext-only attack - attacker attempts to decrypt ciphertext
Known-plaintext attack - attacker attempts to decrypt ciphertext given knowledge of some plaintext (think “Login: “)
Chosen-plaintext attack - attacker obtains ciphertext corresponding to selected plaintext
Chosen-ciphertext attack - attacker obtains plaintext corresponding to selected ciphertext (in a public key system, when trying to deduce private key)
LTU CISP Security
Crypto System Properties
Encryption/decryption transformations must be efficient for all keys
System must be easy to use The security of the system should depend
ONLY on the secrecy of the keys and not on the secrecy of the encryption/decryption transformations
LTU CISP Security
Secrecy Requirements
If ciphertext and plaintext are known, it should be computationally infeasible to determine the deciphering algorithm
It should be computationally infeasible to systematically determine plaintext from intercepted ciphertext (Even if you decrypt ciphertext once, it should require the same amount of work to do it again.)
Note: “systematically” allows for a lucky guess Note: “Computationally infeasible” means great effort, doesn’t
account for advances in computing, mathematics
LTU CISP Security
Authenticity Requirements
If ciphertext and plaintext are known, it should be computationally infeasible to determine the enciphering algorithm
It should be computationally infeasible to find valid ciphertext (Even if you encrypt plaintext so that it can be decrypted once, it should require the same amount of work to do it again.)
LTU CISP Security
Public vs. Private Key Encryption
Private key encryption uses the same key for both encryption and decryption (faster) (DES)
Private key encryption known as symmetric Public key encryption uses two different keys, one to
decrypt and one to encrypt (RSA) Thus, one key can be “public”, because the other key is still
necessary for decryption More complex, key management is an issue
Public key encryption known as asymmetric
LTU CISP Security
Public Key
– Message encryption using a secret key (S) to encode the message and a public key (P) to encode the secret key
PS
S S
S
P
M essageM essage
LTU CISP Security
Encipherment Modes
Block Mode ciphers - Message broken into blocks, each block encrypted separately blocks of identical plaintext have identical ciphertext replay and substitution attacks easier (insertion or deletion
of blocks
Block chaining - parts of the previous block are inserted into the current block makes replay and substitution attacks much harder
DES is a block cipher
LTU CISP Security
Encipherment Modes
Stream Ciphers - Message broken into characters or bits and enciphered with a “key stream” key stream - should be
random and generated independently of the message stream
LTU CISP Security
Digital Encryption Standard (DES)
Developed by IBM in 1972 Never approved for national security applications 64-bit plain & cipher text block size 56-bit true key plus 8 parity bits Single chip (hardware) implementation
Most implementations now software
16 rounds of transpositions & substitutions Standard for unclassified government data symmetric, private key
LTU CISP Security
Applications of DES
Double DES Effective key length of 112 bits Work factor about the same as single DES
Triple DES Encrypt with first key Decrypt with second key Encrypt with first key Very secure
LTU CISP Security
Public key
RSA - Rivest, Shamir, and Adleman Introduced in 1976 Relies on factoring of large numbers
Elliptic Curve Cryptosystem (ECC) Highest strength/bit of public key stream Big savings over other public key systems
Computation Bandwidth Storage
LTU CISP Security
Strength Comparison
EC Key Size RSA Key Size MIPs Year160 1,024 1012
320 5,120 1036
600 21,000 1079
1,200 120,000 10168
LTU CISP Security
Key Selection
Similar to password selection, users are the weak link
Random number generators may not be random Key clustering - two different keys produce
equivalent ciphertext from equivalent plaintext
LTU CISP Security
Key Management
Using a public key system, A wants to talk to B
C is the Key Distribution Center, has A and B’s public key
A calls B, and the calling protocol contacts C C encrypts a session key, “k”, with the public
keys and sends the encrypted “k” to A and B A and B can then communicate
LTU CISP Security
Key Management Issues
Key storage, recovery Key revocation (lost, compromised keys) Must be fully automated No key in clear outside crypto system Choose key randomly from entire key space Key-encrypting key must be separate from
data keys Infrequently use keys with long life
LTU CISP Security
Key Escrow
Separate agencies maintain components of private key, which, when combined, can be used to decrypt ciphertext
Stated reason is to decrypt drug related communications
Clipper chip is an example secret algorithm Unpopular, unused
Issues include key storage, Big Brother
LTU CISP Security
Digital Signature
Used like a written signature, binds a message to an individual (Provides non-repudiation):
S is sender, R is recipient, and M is the Message R must be able to validate S’s signature on M No one can forge S’s signature If S denies signing M, a 3rd party must be able to resolve
the dispute between S and R
Easy with public key encryption - S encrypts with private key, R can decrypt with public (so can 3rd party)
LTU CISP Security
Digital Signature
Previous method results in M in ciphertext, anyone without S’s public key cannot view
An alternative is to compute a digest of the message using a public hash function, then encrypt the digest using private key. Thus, the only ciphertext is the hash.
MD2, MD4, and MD5 are public hash functions that create message digests. MD5 is strongest, a Rivest upgrade of MD4
LTU CISP Security
Hash Function
Hash function produces a message digest message digest also known as fingerprint,
imprint 2 messages with the same digest are
extremely unlikely Signer can’t claim a different message was
signed Recipient can’t claim a different message was
signed
LTU CISP Security
Digital Signature Standard (DSS)
Uses secure hash algorithm Condenses message to 160 bits Key size 512 - 1024 bits Proposed by NIST in 1991 Adopted???
LTU CISP Security
Basic public-key cryptography message formats
S P
S
P
M essage
P
M essage
PS
S
M essage
EncryptedM essage
SignedM essage
Signed and EncryptedM essage
LTU CISP Security
Attacks
Brute force attack Attempt to use all keys
expensive time consuming
But, processing speed doubles every 18 months, Clustered workstations, etc.
LTU CISP Security
Attacks
Analytic Use algorithm and algebraic manipulation to
reduce complexity Statistical
Use statistical weaknesses in design (more 1’s than 0s in keystream on average, for example)
Implementation Microsoft - PPTP, LANMAN passwords poor randomization on Netscape key
LTU CISP Security
Kerberos
Authentication and encryption system designed at MIT
Assigns a unique key, called a “ticket”, to each user on the network
“Ticket” embedded in user’s messages to identify sender
LTU CISP Security
Certificate Authority
Trusted, 3rd party organization CA (Certificate Authority) guarantees that the
individual granted a certificate is who he/she claims to be
CA usually has arrangement with financial institution to confirm identity
Critical to data security and electronic commerce
LTU CISP Security
Public Key Infrastructure
Known as PKI Necessary for widespread electronic
commerceNo absolute definition or standard! A system of digital certificates, Certificate
Authorities, and other registration authorities that verify and authenticate the validity of parties in Internet transactions
LTU CISP Security
Steganography
Art of hiding communications Why? Deny message exists Hide data transmissions
(remember the microdot?)
Common implementations hide information in graphic files, sound files, or slack space
Can be combined with encryption!
LTU CISP Security
Attacks
Ciphertext-only attack: The attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm.
Known-plaintext only:The attacker has the plaintext and ciphertext of one or more messages.
Chosen-plaintext attack: The attacker has the plaintext and ciphertext and can choose the plaintext that gets encrypted.
Chosen-ciphertext attack: The attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext
LTU CISP Security
More Attacks
Man-in-the-middle attack: Eavesdropping on different conversations. Using digital signatures during the session-key exchange can circumvent the attack.
Dictionary attacks: Takes a password file with on-way function values and then takes the most commonly used passwords and run them through the same one-way function. These files are then compared.
Replay attack: An attacker copies a ticket and breaks the encryption and then tries to impersonate the client and resubmit the ticket at a later time to gain unauthorized access to a resource.
Recommended