Ch 1: Overview of encryption

1
Ch 1 Overview of encryption
Type of encryption algorithm (Symmetric and
Asymmetric) Hash - one way function Digital
Signature Applications of cryptography
2
Cryptography

• Cryptography
• a science of protecting information by encoding
  it into an unreadable format.
• Cryptosystem
• a computer system that implements one or more
  specific encryption algorithms
• Cryptanalysis
• Process of analyzing cipher text.
• Cryptanalyst
• Person who performs cryptanalysis.
• Cryptographic toolkit
• Software that provides cryptographic
  algorithms/operations for use in applications.

3
Cryptographic Techniques - 1

• Plain text
• Message in an understandable/readable form, same
  as Clear text
• Cipher text
• Result of encryption on a plain text message.

4
Cryptographic Techniques - 2

• Symmetric key cryptography (classical)
• Cryptographic technique where the same key is
  used for encryption and decryption operations.
• Substitution cipher
• Transposition cipher
• Product cipher
• substitution transposition
• Asymmetric Key Cryptography
• Cryptographic technique where a key pair is used
  for encryption and decryption operations.

5
Symmetric key cryptography - 1

• Symmetric Algorithms
• also known as secret key algorithm
• use single key on encrypt and decrypt
• usually hardware assisted

6
Symmetric key cryptography - 2

• Strength
• efficient, take less time to encrypt a message
• smaller key size
• Fast and well proven technology
• Weakness
• The session key need to be transmitted in the
  first place
• both parties must have a secret key, distribution
  of key is very difficult.
• there is a lot of keys needed to maintain
• N(N-1) /2 keys for N people

7
Typical Symmetric algorithms

• Substitution cipher
• Transposition cipher
• Stream cipher
• Product cipher
• substitution transposition
• Typical symmetric algorithm DES, 3DES, AES
• DES used a combination of above cipher techniques
• AES - Advanced Encryption Standard
• to replace DES gt winner of the algorithm (in
  1998) gt Rijndael (by Rimmen and Daemen)

8
Substitution cipher

• Substitution cipher
• abcdefghijklmnopqrstuvwxyz
• poiuytrewqasdfghjklmnbvczx
• replace each plaintext character in message with
  matching ciphertext character
• plaintext Charlotte, my love
• ciphertext iepksgmmy, dz sgby

9
Transposition ciphers

• Transposition cipher move characters or bits to
  another place within the message block instead of
  substituting them with another value.
  (Permutation.)
• Eg. Simple Columnar Transposition
• Place the plaintext in a 2-dimensional matrix
• (left to right, top to bottom).
• Output column order
• (top to bottom, left to right)

10
Stream Ciphers

• Plaintext to cipher text
• 1 bit or byte at a time
• Key stream generator k1, k2,
• Encryption ci pi xor ki
• Decryption pi ci xor ki
• Often used for video streaming, WEP etc.
• Eg. RC 4

11
The Data Encryption Standard (DES) - 1

• The most widely used encryption scheme
• The algorithm referred to is the Data Encryption
  Algorithm (DEA)
• DES is a block cipher.
• Block cipher algorithm break the plaintext
  message into several blocks of bits and then work
  on the individual blocks one at a time.
• The algorithm puts the bits within these blocks
  through several rounds of substitution and
  transposition.

12
The Data Encryption Standard (DES) - 2

• The plaintext is processed in 64- bit blocks
• The key is 56- bits in length.
• 56 Bit Key Big enough?
• 256 72,057,594,037,927,900
• It is a symmetric system - the same key is used
  for both enciphering and deciphering.

13
The Data Encryption Standard (DES) - 3

• Substitution cipher19 stages of transformations
• 16 involving functions of key
• Each of the 16 iterations mentioned above uses a
  different 48-bit key derived from the initial
  56-bit key K.

14
Other symmetric algorithms - 1

• Use three keys and three executions of the DES
  algorithm (encrypt- decrypt- encrypt)
• Effective key length of 168 bits
• Better protection
• Advantage compatible with all software and
  hardware that support DES.

15
Other symmetric algorithms - 2

• RC algorithms
• Symmetric key block encryption algorithm,
  involving variable length keys by RSA.
• RC2 block mode, 64-bit blocks, variable key
  length
• RC4 stream mode, variable key length
• RC5 block mode, variable block size, variable
  key length
• RC6 to fix the design flaws of RC5
• MARS
• developed by IBM, 128bit data block, stronger
  security and better performance speed than DES

16
Other symmetric algorithms (3)

• Blowfish Twofish
• developed by Bruce Schneier (author of famous
  textbook Applied Cryptography)
• Blowfish block cipher, variable key length from
  32 to 488 bits
• used with SSH
• Twofish 128 bit block cipher, 28, 192, 256 bit
  key
• Rijindael
• block cipher supports 128, 192 and 256 bit
• US government has selected Rijindael to replace
  DES as the Advanced Encryption Standard (AES)

17
Asymmetric Key Cryptography

• Also known as public-key algorithms
• Pair of keys (i.e. private and public)
• Key management is relatively easy
• Computational intensive
• Slow (100 times slower than symmetric algorithms
  of similar strengths!!)
• Many new algorithms develop recently

18
Asymmetric cryptographic system

• Based on the concepts of same cryptographic
  process but with the different secret keys pair,
  that is private key and public key
• The sequence of keys does not alter the
  end-result.

19
Applications of asymmetric key - 1

• Confidentiality ensure content of email is
  decrypted by receiver with a proper private key.

20
Applications of asymmetric key - 2

• Authentication ensure email can only be
  encrypted by sender private key. This is part of
  non-repudiation

21
Applications of asymmetric key - 3

• Message Confidentiality and Authentication
• Only B can view the message.
• The message is confirmed to be sent by A.

22
Concepts of Asymmetric key cryptographic system

• it is impossible (or extremely difficult) to
  determine the decryption key (private key) by
  providing just the encryption algorithm and
  encryption key (public key)
• the public key usually can be found easily if the
  private key is known
• the encryption and decryption algorithm may not
  be the same

23
Concepts of Asymmetric key cryptographic system
(2)

• Based on the idea in mathematics
• one-way functions with trap-door
• it is easy to go in one direction but impossible
  to reverse the process unless you know the
  trap-door

f(x)
f( )
x
f(x)
x
unless thru the trap door
24
Cryptographic technique usingasymmetric
algorithms

• RSA
• based on Rivest, Shamir, Aldermann
• Diffie-Hellman (a key exchange algorithm)
• El Gamal
• Knapsack
• EC (Elliptic Curve)

Factoring the Product of large Prime numbers
Finding discrete Logarithm in a Finite field
25
Comparisons of Asymmetric and Symmetric
cryptographic system

• Asymmetric
• 512 bit
• 1792 bit
• 2304 bit

• Symmetric
• 64 bit
• 112 bit
• 128 bit

• Public-key algorithms are more efficient for
  short messages, or a session key
• session key is a random number generated as the
  symmetric key used for both encryption and
  decryption
• It is commonly used to solve the problem of
  secret-key distribution (KDC)
• e.g. Diffie-Hellman (DH) Key distribution

26
Hybrid cryptography

• It is generally not to use public and private key
  to encrypt and decrypt the document directly
• it is too slow
• Sender generates a random session key and carry
  out two processes (symmetric and asymmetric)
• use symmetric cryptography to encrypt the
  document using a random key (i.e. the session
  key)
• use asymmetric cryptography to encrypt the
  session key itself
• send the encrypted document with encrypted
  session key
• Receiver decrypt these information in two
  processes
• use his own private key to decrypt the session
  key
• once it is successful, he can use this session
  key to decrypt the protected document

27
Key distribution

• To have the advantages of both secret-key and
  public-key encryption, we can encrypt the secret
  key using the public key and encrypt the message
  using the secret key.

28
Diffie-Hellman (DH) Key distribution

• DH is one of the most popular key exchange
  algorithm to address the problem of key exchange.
• provides a way for two users, A and B, to
  establish a shared secret key that only they
  know.
• need to agree on certain parameters, i.e. q and n

• Alice side
• Step 1
• Alice select Xa (Alice private key)
• Alice calculate Ya (Alices public key) using nXa
  mod q
• send Ya to Bob
• Step 2
• use Yb received from Bob, Alice calculates DH key
  Kb
• Kb (YbXa mod q)

• Bob side
• Step 1
• Bob select Xb (Bob private key)
• Bob calculate Yb (Bobs public key) using nXb mod
  q
• send Yb to Alice
• Step 2
• use Ya received from Alice, Bob calculate DH key
  Kb
• Kb (YaXb mod q)

29
example of DH key

• assume q 53, n23
• alice use Xa11
• alice calculate Ya
• 2311 mod 53 30
• alice got Yb
• alice calculate shared secret Kb
• 2311 mod 53 30

• assume q 53, n23
• bob use Xb13
• bob calculate Yb
• 2313 mod 53 23
• bob got Ya
• bob calculate shared secret Kb
• 3013 mod 53 30

30
Digital signature - 1

• Properties in e-commerce
• Integrity the received message is unmodified
• Confidentiality the message is seen by
  designated receiver
• Authentication receiver is sure of the senders
  identify and that an imposter has not sent the
  message
• Non-repudiation receiver can prove that a
  received message came from a specific sender and
  sender must not able to deny sending a message

31
Digital signature - 2

• Properties
• Detect unauthorized modification of data
  (Integrity)
• Authenticate the identity of user
• Non-repudiation (both parties cannot denial the
  signed document)
• Digital signature can only address the 3 of the 4
  properties, it does not provide confidentiality.
• it needed to be enforced by cryptographic system
• another layer of encryption/decryption must be
  applied, such as SSL

32
Hash - 1

• MD is fixed length, used to verify the integrity
  of data (c.f. CRC)
• Convert a stream of data into check pattern
  known as message digest
• Many algorithms (MD1 - 5, SHA-1)
• The MD series is a group of one-way hash
  algorithm developed by Ron Rivest.
• MD5 is stronger than MD4 and still produces a
  128-bit has. It is commonly used in mobile phone
  authentication. MD5 is discussed in RFC 1321.
• Based on the concept of one-way function (cannot
  get the message back)

33
Hash - 2

• The Message Digest is to be send along with the
  the message.
• At the receiver end, the receiver calculate again
  the hash value from the received message.
• If the calculated MD and received MD matches, the
  integrity of the message ensures ( the same
  concept as CRC).

34
Generation of Digital Signature

• Digital Signature is the technique of appending a
  string of characters to an electronic message in
  order to authenticate the sender.
• One method is the encryption of MD with
  asymmetric key (senders private key)

35
Verification of digital signature

• verification at receiver site

36
PGP at the sender site
37
PGP at the receiver site
38
PGP Explanation - 1

• Encrypted message digest, appended to doc, known
  as Digital Signature
• Document gt encrypted with random key
• Random number (session key) gt encrypted using
  receivers public key
• Send document encrypted random numbers
  (envelope) encrypted document with digital
  signature (contents)

39
PGP Explanation - 2

• Only Receiver with private key can open the
  envelope
• Once opened, the session key, ciphertext,
  digital signature can be obtained
• use symmetric algorithm to decrypted the
  ciphertext gtoriginal document
• use hash algorithm to calculate a new Message
  Digest
• use senders public key to decrypted the Message
  Digest from the Digital Signature gt
  authentication proved
• if the new MD is same as the Message Digest, the
  document is un-altered gt integrity proved
• use the concept of matched digital signature
  only can be generated sender private key, the
  document must be encrypted by the sender. gt
  non-reputation proved

40
Authentication using secret key -1

• User A want to be authenticated by Server B
• A sends a message to B (e.g. user ID)
• B sends a number R, called nonce (number once) to
  challenge A
• A encrypts the number using the secret key and
  send E(R) to B

41
Authentication using secret key -2

• B decrypts the message using the same secret key
• If B gets the original number, user A is
  authenticated
• Point of attack intruder can listen to the line
  and make a copy of the packet containing E(R)
• To prevent playback attack, R must be different
  every time

42
Authentication using public key - 1

• User A want to be authenticated by Server B
• A sends a message to B (e.g. user ID)
• B sends a number R, called nonce (number once) to
  challenge A
• A encrypts the number using the private key and
  send E(R) to B

43
Authentication using public key - 2

• B decrypts the message using As public key
• If B gets the original number, user A is
  authenticated
• Point of attack intruder can listen to the line
  and make a copy of the packet containing E(R)
• To prevent playback attack, R must be different
  every time

44
Summary

• Encryption
• Asymmetric (private key and public key)
• Symmetric (secret key)
• Provide confidentiality
• Hashing
• Provide data integrity
• One-way method to create check pattern called
  message digest
• Digital Signature
• Symmetric encryption (fast and secure)
• Asymmetric encryption (easy key management)
• Message digest to provide integrity
• Provide non-repudiation