Encryption

1
Encryption

• You understand this if you can
• Explain public key encryption
• Explain symmetric key encryption
• Outline brute force plain text attacks
• Show how encryption helps
• Authentication
• Digital signatures

2
Why do we care about encryption?

• Secrecy
• To protect wireless communication (e.g. WPA)
• Commercial communication
• Secure Web pages (HTTPS)
• Hide credit card details
• Authentication
• To identify the source of information
• Digital Certificates
• Tell you who provided a program

3
Encryption

• Use algorithm to modify data with key
• Difficult to reconstruct data without key
• E.g Caesar Algorithm

plaintext
Encode Key 3
Decode Key 3
cyphertext
4
Attacks

• Brute Force
• There are a limited number of possible keys
• Try all possibilities
• Statistical
• Letter frequency e t a o i n s h r d l, small
  words
• Need large sample
• Plaintext
• Any method using some plaintext its cyphertext

a, i
7 E, 3 R, S, I, 2 T, A, O Not perfect, but
can guide search
5
Symmetric Public/Private Systems

• Symmetric key
• Use same key to encrypt and decrypt
• Public/Private key
• Use one key to encrypt
• Use another key to decrypt
• Difficult to find the missing key from the other

6
Key Distribution

• For symmetric key
• Both ends must know the key
• How can the key be distributed to participants?
• For public/private key
• Each person has own public/private key pair
• Keep private key secret
• Publish public key
• Need private key to decrypt data encoded with
  public key
• Does this solve the distribution problem?

7
Man-in-the-middle Attack
Shop
Secret information

• The bad guy intercepts the request for the shops
  public key.
• Sends customer bad guys public key.
• Decrypts passes on customers requests.
• Uses secret information later.

Public key directory
Shop
Secrets
Secrets
8
Public Key Encryption

• The two keys are inverses (opposites)
• Each decodes a message encoded by the other
• The public key is published in a directory
• The owner keeps the private key secret

data
data
9
Authentication who are you?

• Authentication by shared secret
• E.g. password
• Authentication using public key encryption
• You send me a message
• I encrypt the message with my private key
• Only I can do this (why?)
• You decrypt the message

10
Digital Signature

• How do we know a digital contract was made?
• Anyone could alter a digital document
• Could use a trusted third party to keep a copy
• Encode contract with private key
• Keep encoded version with contract
• How does this guarantee I agreed to the contract?
• Can I guarantee the time of the contract?

Contract
Contract encoded with my secret key
11
Summary

• Encryption vital for distributed applications
• Advantages of Public Key Encryption
• No key distribution problem
• Can use for authentication
• Digital Certificates
• Can use for signing a document
• Encode a document with private key like signing
• Disadvantages
• Slower than Symmetric Key Encryption
• Various attacks
• brute force, man-in-the-middle