# basic encryption and decryption

Document Sample

```					                     Computer Security
Basic Encryption and Decryption
Dr Amer AbuAli

    Terminology and background
S- sender ,            R- receiver,        T- transmission medium
O- outsider ( interceptor, intruder ) who wants the message and tries to
access it
Encryption- (encoding, enciphering) process of encoding a message so
that its meaning is not obvious.
Decryption (E) - ( decoding, deciphering) Is the reverse process.
Cryptosystem- a system of encryption and decryption.
Plaintext (P)- original form of a message.
Ciphertext (C)- the encrypted form.
Cryptography- Hidden writing.
Cryptanalyst- -who studies encryption and encrypted message with the goal
of finding hidden meaning of the message.
Cryptology- include both cryptography and cryptanalysis
Computer Security
Basic Encryption and Decryption

Learning Objectives
   To explain the history of encryption and the role that
encryption plays in a modern society.
   To understand and appreciate how the following
relate to a modern business environment.
   Public-Key and Private-Key encryption system
   Key management
   Digital signatures
   Electronic contract and contract signing.
   To be aware of the UK government’s current crypto
policy and its implications to individuals and
Computer Security
Basic Encryption and Decryption
Dr Amer AbuAli

   Encryption Algorithms
P=(p1,p2,p3,…..,pn)- sequence of individual character.
C=(c1,c2,c3,…..,cm), sequence of ciphered character.
The transformations between plaintext and cyphertext are denoted:
C=E(P) and P=D( C ) , where E is the encryption algorithm and Decryption
algorithm.
Encryption model without key.

Plaintext   Encryption   Cyphertext   Decryption       Original plaintext
Computer Security
Basic Encryption and Decryption
Dr Amer AbuAli

Encryption with keys:

Symmetric Cryptosystem
Key

Plaintext Encryption      Cyphertext   Decryption       Original plaintext

Ke                       Kd

Plaintext   Encryption    Cyphertext Decryption       Original plaintext

Asymmetric Cryptosystem
Jobs of Cryptography
   Cryptography is used to fulfill the following functions.
   Confidentiality
   The information contained in a message is only accessible by
those people authorized to access it.
   Authentication
   It should be possible for the receiver of a message to ascertain
its origins; an intruder should not be able to masquerade as
someone else.
   Integrity
   It should be possible for the receiver of a message to verify that
it has not been modified in transit; an intruder should not be
able to substitute a false message for a legitimate one.
   Non-repudiation
   A sender should not be able falsely to deny later that he/she
sent a message.
Characteristics of Good Ciphers

In 1949 Claude Shannon [SHA49] proposed characteristics of a
good cipher.
   Principle 1
   The amount of secrecy needed should determine the amount
of labour appropriate for encryption and decryption.

   Principle 2
   The set of keys and the enciphering algorithm should be free
from complexity.
Characteristics of Good Ciphers

   Principle 3
   The implementation of the process should be as simple
as possible.

   Principle 4
   Errors in ciphering should not propagate and cause
corruption of further information in the message.

   Principle 5
   The size of the enciphered text should be no longer that
the text of the original message.
Types of Ciphers

There are in essence two types of ciphers:
    A Symmetric cipher is a cipher that uses the same key to encrypt and
decrypt information, thus KENC = KDEC
    An Asymmetric cipher is a cipher that does not use then same key to
encrypt and decrypt information, thus KENC  KDEC

Encryption Key                 Decryption Key
KENC                           KDEC

Cipher Text                     Original
Plain Text                        C                            Plain
Encryption                      Decryption
P                                                          Text
C=E( KENC , P                   P=E( KDEC , C       P
)                                )
A Simple Cipher

The Caesar cipher is named after Julius Caesar, said to be the first to use it.
In the Caesar cipher each character is substituted by another. This technique
is called a monoalphabetic cipher.
Plaintext:        A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext:       O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

Thus using a Caesar cipher, the message “Mission Impossible” would be
encoded as

So what do the following ciphertexts mean ?
1)        IWXH XH P ITHI
2)        JE AR RQ UR YC
Types of Ciphers
   A Simple Substitution cipher, or Monoalphabetic cipher, is one in which each character in
the plain text is replaced with a corresponding character of cipher-text.

   A Homophonic substitution cipher is like a simple substitution crypto-system, except that a
single character of plaintext can map to one of several characters of ciphertext. For Example, A
could correspond to 5, 14 and 147.
   These types of ciphers where used as early as 1401 by the Duchy of Mantua.

   A Polygram substitution cipher is one which blocks of characters are encrypted in groups.
For Example, ABA could correspond to RTQ.
   The Playfair cipher is an example of this type of cipher and was used by the British in World War One.

   A Polyalphabetic substitution cipher is made up of multiple monoalphabetic ciphers. The
particular cipher used changes with the position of each character in the plain text.
   These types of ciphers where used in the American Civil War by the Union.
Cryptanalysis and Attacks

   There are five general types of cryptanalysis:
   Ciphertext-only attack. The crypt-analyst has the ciphertext of several messages, all of which
have been encrypted using the same encryption algorithm and key.
   Known-plain text attack. The crypt-analyst has access not only to the ciphertext of several
messages, but also to the plaintext of the messages. His job is to deduce the keys used to encrypt the
messages.
   Chosen-plain text attack. The crypt-analyst not only has access to the ciphertext and associated
plaintext for several messages, but he also chooses the plaintext that gets encrypted. His job is to
deduce the keys used to encrypt the messages.
   Adaptive-chosen plain text attack. This is a special case of the chosen-plain text attack. Not
only can the crypt-analyst choose the plaintext, he can also modify his choice based upon the results of
previous encryption. His job is to deduce the keys used to encrypt the messages.
   Purchase-key attack. The crypt-analyst threatens, blackmails, tortures, or bribes someone until
they give him the key.
Data Encryption Standard (DES)
   DES is a block mode chaining algorithm. The blocks are 64 bits in
length and the key is 56 bits long. It was created in the 1977 and
defined as a standard by the U.S National Bureau of Standards (NBS).

P1                   P2                        Pn

Initial
Vector

Key                  Key                            Key
E                    E                            E

C1                   C2                        Cn

It is possible to build a \$1 million system that can attack DES and recover a key in an average of 3.5
Triple DES

   With Triple DES, each block of plaintext is processed three times
   The two-key version of triple DES is estimated to be 1013 times
stronger than single-DES. The three-key version is even stronger.
   If Key1, Key2 and Key3 are all the same the Triple-Des collapses to
Single DES.
   The issue with Triple-Des is Key Management.
Key1
Key                 or
Key1
2                 Key3

Plaintext      DES                                    DES       Ciphertext
DES
Encrypt            Decrypt             Encrypt
Public Key Encryption Systems
With a Public Key or asymmetric encryption system, each user has two
keys: a public key and a private key. The user may publish their public key
freely. The keys operate as inverses. Let KPRIV be a user’s private key, and let
KPUB be the corresponding public key. Then,
P = D(KPRIV , E(KPUB , P) )
   That is a user can decode with a private key what someone else has encrypted
with the corresponding public key.

P = D(KPUB , E(KPRIV, P) )
   That is a user can decode with a public key what someone else has encrypted
with the corresponding private key. This is used for Digital Signatures.
Security Requirements and Key
Length
Security Requirements for Different Information
Type of Traffic                                     Lifetime                 Min key length

Product announcements, interest rates               days/weeks               64 bits
Long-term business plans                            years                    80 bits
Identification of spies                             > 50 years               128 bits

Average time estimated for a Hardware Brute-Force attack (1995)
Length of Key in bits

Cost                 40        56        64         80         112           128

\$100 k               2s        35 h      1y         70,000 y   1014 y        1019 y
\$1 M                 .2        3.5 h     37 d       7,000 y    1013 y        1018 y
\$10 M                .02 S     21 m      4d         700 y       1012 y       1017 y
Key Management Security
Issues
   The fundamental security requirement of every key management system is the control of
keying material through the entire lifetime of the keys in order to prevent unauthorized
disclosure, modification, substitution, replay and improper use.
    Data Confidentiality: secret keys and possibly other data are to be kept confidential
while transmitted or stored.
    Modification Detection: is to counter the active threat of unauthorized modification of
data items.
    Replay Detection/Timeliness: Reply detection is to counter unauthorized duplication of
data items. Timeliness is required that the response to a challenge message is prompt
and does not allow for playback of some authentic response message by an
impersonator.
    Entity Authentication is to corroborate that an entity is the one claimed.
    Data Origin Authentication (Proof/Norepudiation of Origin) is to corroborate that the
source of a message is the one claimed.
    Proof/Norepudiation of Reception shows the sender of a message that the message has
    Notarization is the registration of messages to attest at a later stage its content origin
Key Management Services
   Entity Registration
   Any secure system ultimately requires a procedure by which an individual or
device is authenticated to the system. A key management system has to
provide some link between an entity and its uniquely defined keys.
   In any system, an entity is represented by some public data called it’s
public credentials such as a User-ID or an Address, and some private
credentials such as testimonials or passwords.
   When an entity is registered, a certificate based upon its credentials is
issued as a proof of registration.
   Key Generation
   This refers to the procedure by which keys or pairs of keys of good
cryptographic quality are securely and unpredictably generated.
   This requires the use of a good method for generating random numbers.
Key Management Services
   Certification (On-Line/Off-Line)
   Certificates are issued for authentication purposes. A credential containing
identifying data together with other information (e.g. public keys) is rendered
unforgeable by some certifying information (e.g. digital signatures provided by
the key certification centre). Certification may be:
   an on-line service where some certification authority provides interactive support and
is actively involved in key distribution processes; or
   it may be an off-line service so that certificates are issued to each entity only at some
initial stage.
   Authentication/Verification
   The three main types of authentication are 1) entity authentication, 2) message
content authentication, and 3) message origin authentication. The term
verification refers to checking the appropriate claims, i.e. the correct identity of
an entity. The validity of a certificate may can be verified using some public
information (e.g. a public key), and can be carried out without the need for
assistance of the certification authority.
Key Management Services

   Key Distribution
   Key distribution refers to the procedures by which keys are securely provided to parties
legitimately asking for them. The basic elements of a key distribution are:
   Encipherment: The confidentiality of a data item can be ensured by enciphering the data item with
an appropriate key.
   Modification Detection Codes: To detect the modification of a data item, one can add some
redundancy that has to be calculated using a collision free function. (e.g a CRC check)
   Replay Detection Codes: To detect the replay of a message and to check its timeliness, some
explicit or implicit challenge and response mechanism has to be used, since the recipient has to be
able to decide on the acceptance.
   Proof of Knowledge of a Key: Authentication can be implemented by showing knowledge of a
secret (e.g. a secret key), or by responding to a challenge in a defined manner. This response will
typically involve the use of the key to encrypt and decrypt messages.
Key Management Services

   Key Maintenance
   Storage of Keying Material refers to a key storage facility which
provides secure storage of keys for future use, e.g. confidentiality
and integrity for secret keying material, or integrity for public keys.
For all keying materials unauthorized modification must be
detectable by suitable authentication mechanisms.
   Key Archival refers to procedures by which keys for notarization or
nonrepudiation services can be securely archived. Archived keys
may need to be retrieved at a much later date.
   Key Replacement enables parties to update securely their keying
material. A replaced key shall not be reused. A key shall be
replaced when its compromise is known or suspected.
   Key Recovery refers to cryptographic keys which may become lost
due to human error, software bugs, or hardware malfunction.
   Key Deletion refers to procedures by which parties are assured of
the secure destruction of keys that are no longer needed.
Key Centres
   The purpose of a Key Distribution Centre (KDC) is to generate or
acquire and distribute keys to parties, each of which already
shares a key with the KDC. For example they know the public-
key of the KDC.

   The main purpose of the Key Certification Centre (KCC) is to
maintain a database of all users of a system or a certificate.
   This allows people to certify if an entity holds, or is entitled to hold
a certificate.

   The KCC needs to maintain some sort of blacklist.

   Depending on the set of users it may be necessary to create a
Example of Key Management System

   Kerberos is a system that supports authentication in distributed
systems.
   The basis of Kerberos is a central server that provides authenticated tokens
called Tickets to requesting applications.
   A ticket is an unforgeable, nonreplayable, authenticated object.
   A ticket is also an encrypted data structure naming a user and a service
that the user is allowed to obtain.
   Kerberos uses Public-Private key encryption.
   Kerberos uses a Ticket Server to authenticate a ticket when a user tries to
use it.

2: Session Key and
Ticket                     2: Session Key
User                                                              Ticket
U                                                                Server
Kerberos
Server
1: User’s
Protocols and Key Distribution

A protocol is a series of steps, involving two or more parties, designed to accomplish
a task. A cryptographic protocol is a protocol that uses cryptography. The typical use
of a protocol is to distribute and validate keys so that two or more parties may
communicate with each other.

In general there are three types of protocols.

1)        An Arbitrated Protocol
-         uses a trusted third party (TTP) to mediate the transaction between
the various parties.
-         uses an adjudicator to evaluate if any party to the transaction cheated.
3)        A Self-Enforcing Protocol
-         makes it obvious to all parties involved in a transaction when a party
attempts to cheat.
Arbitrated Protocols
   An arbitrator is a trusted third party (TTP) who can mediate a
transaction between two distrusting parties.
   There are several disadvantages in using an arbitrated computer
protocol.
   The two sides may not agree on a neutral third party.
   Maintaining the availability of an arbitrator represents a cost to the users or the
network, that cost may be to high.
   Arbitration causes a time delay in communication because the third party must
receive, act on and then forward every transaction.
   If the arbitration service is heavily used it may become a bottle neck in the
network.
sensitive information.

A                                            B

Arbiter
   An adjudicator is a trusted third party (TTP) who can judge
whether a transaction was performed fairly.
   Adjudicated protocols involve the services of a TTP only in the
cases of a dispute.
   Within a adjudicated protocol enough data is available for the TTP
to judge fairness based on the evidence.
   Not only can the TTP determine whether two disputing parties acted fairly
within the rules of the protocol, but the TTP can also determine who cheated.

A Acted Fairly

Evidence                         Evidence
Self-Enforcing Protocols
   A self-enforcing protocol is one that guarantees fairness.
   If either party tries to cheat, that fact becomes evident to the other party.
   No outsider or TTP is needed to ensure fairness.
   Self-enforcing protocols are preferable to other types, However, there is not a self-enforcing
protocol for every situation. Thus there are levels of protocols.
   Arbitrated                   - A TTP takes part in the transaction between distrusting parties.
   Adjudicated                  - A TTP judges after the fact and decides what was fair.
   Self-Enforcing - No TTP used, if a party tries to cheat then the other party knows.

A                                                          B

A Cheated
Symmetric Key Exchange With a
Server
    Symmetric keys can be used both to encrypt and decrypt the same data.
    Suppose that Pablo and Robert want a secret encryption key by which
they can exchange messages, but they have no key in common. Suppose
that a key repository exists such that Robert shares a key (KR) with it and
Pablo shares a key (KP) with it.
1.   First Pablo sends a message to the server containing [P, R, IP]. P is the
identity of Pablo, R is Pablo’s intended recipient. IP is a unique identifier
2.   The key repository generates fresh encryption keys for Pablo and Robert to
use.
3.   The key repository sends Pablo E( KP , [ Ip, R, KPR, E( KR ,[KPR, P]
)]). Pablo decrypts the message and get the following:
   The message Identify IP
   Robert’s identification R
   A Key for Communication, KPR
   A string containing (KPR, P) that only Robert and decrypt. Note that P is Pablo’s
identification.
4.   Pablo then send the string containing (KPR, P) to Robert , and Robert
decrypts it.
Symmetric Key Exchange Without a
Server

   Assume that the two users already have a copy of a single symmetric
(secret) key K known only to them. However they do not want to use K
all the time, as the more data that is encrypted with K the greater is the
chance that it will be compromised.
   Pablo creates a new key called KNEW and encrypts its using K.
   Thus C = E(KNEW, K). Pablo then sends the message C to Robert.
   Robert decrypts the message using K and thus derives KNEW.
   Thus KNEW = D(KNEW, K).
   The new key KNEW is called a session key and the single symmetric
(secret) key K is called a Master Key.
   The disadvantage of this approach is that two users must both share one
key that is unique to them. Other pairs of users need unique keys, and in
general N users need N(N+1)/2 keys.
Asymmetric Key Exchange With a
Server
   Pablo sends a message to the distribution server saying that I would like
to send a message to Robert, and Pablo does not know Robert’s public
key.
   The server responds with E(DD, [ER, R]). Remember that DD is the
private key for the distribution server, ER is the public key for Robert and
R is Robert’s identification.
   Pablo now sends a message E(ER, [P, IP]) to Robert using Roberts
public key. This message contains his identification P and a reference
number IP.
   Robert sends a message to the server asking for Pablo’s public key.
   The server responds with E(DD, [EP, P]). Remember that DD is the
private key for the distribution server, EP is the public key for Pablo and
P is the Pablo’s identification.
   Robert now sends E(EP, [IP, IR]) to Pablo as prove that Robert has
   Pablo now sends IR back to Robert as prove that the reply to his
message has arrived.
Asymmetric Key Exchange Without a
Server
   Suppose that Pablo and Robert want to exchange a message, and
each has a private and public key pair and each knows the public
key of the other. Denote Pablo’s public key as EP and his private
key as DP. Denote Robert’s public key as ER and his private key as
DR.
   Asymmetric encryption and decryption is very expensive in time so
Pablo may want to use a asymmetric algorithm to establish a
shared key KPR for symmetric algorithm S.
   Pablo sends the message E(ER , E(DP , KPR)).
   Only Robert can decrypt the outer layer using his private key DR, so
Robert is assured of secrecy.
   Robert can then use Pablo’s public key EP to decrypt the inner layer.
Only Pablo could have applied on inner layer so Robert is assured of
its authenticity.
   Typically Robert and Pablo also exchange a test message to make
sure that the other party as properly received the message. For
this Robert would send a random number called N and Pablo would
return the N+1.
Certificates
   As humans we establish and use trust all the time. However trust is
based upon the ability of people to identify and certify who and what
they are.
   We use certificates and trust all the time to do business.
   Within modern encryption systems a public key and a user’s identity
are bound into a certificate which is then signed by someone to certify
the accuracy of that binding.
   Certificates can be awarded by certification authorities (CA), and
certificate authorities can themselves have certificates
   Encryption keys are used to create and manage certificates, as keys
may have a limited life to them.

Certificate for Andrew Blyth         Name:       Andrew Blyth        Encrypted under University of
Position:   Lecturer
Public Key: 71F1890ACDE45…..      Glamorgan’s Private Key
Chain of Certificates
Name:       University of Glam
Position:   Employer
Encrypted under HEFC’s
Public Key: 7897636361FA…..              Private Key
   There are a number of advantages and disadvantages associated with the use of
certificates and the protocols by which they are generated and used.
   What operational restrictions are there ? For example, does the protocol for the use of
certificates require a continuously available facility such as a key distribution centre.
   What trust requirements are there ?            Who and what entities must be trusted to act
properly.
   What is the protection against failure ?
   Can an outsider impersonate any of the entities in the protocol and subvert security ?
   Can any party of the protocol cheat without detection ?
   How efficient is the protocol ? A protocol requiring several steps to establish an
encryption key that will be used many times is one thing; it is quite another to go
through several time-consuming steps for a one-time use.
   How easy is the protocol to implement ?
Digital Signatures
   A digital signature is a protocol that produces the same effect as a real
signature: it is a mark that only the sender can make, but other people
can easily recognize as belonging to the sender. Just like read signatures,
a digital signature is used to confirm agreement to a message.
   Digital signatures must meet two primary conditions:
   Unforgeable:
   If person P signs a message M with a signature S(P,M) it is impossible for anyone
else to produce the pair [M, S(P, M)].
   Authentic:
   If a person R receives the pair [M, S(P, M)] purportedly from P, R can check that
the signature is really from P. Only P could have created this signature, and the
signature is firmly attached to M.
   Two additional requirements are also desirable:
   Not alterable:
   After being transmitted, M cannot be changed by R or an interceptor.
   Not Reusable:
   A previous message presented will be instantly detected by R.
Symmetric Key Digital Signatures
   With private key encryption, the secrecy of the key guarantees the
authenticity of the message as well as secrecy. If Sandy and the Bank
have an encryption key in common, she can encrypt her request to
transfer money. The bank can be sure of its authenticity because nobody
else has Sandy’s key.
   Conventional symmetric key encryption does not prevent forgery.
   Any one who knows the key can create a digital signature.
   Thus the bank has no protection against repudiation (denial of sending a
message).
   The repudiation problem can be solved if both the sender and the
   Sender and arbiter share a key Ks
   Recipient and arbiter share a key KR
   Identity of sender is S and identity of recipient is R
   Content of message between sender and recipient is M
   The arbitrator will use a sealing function. A sealing function is a mathematical
function affected by every bit of its input. For example, the bytes of the input
can be used as numbers and the sum of all input computed.
Symmetric Key Digital Signatures

S sends sealed
1     M to Arbiter                             ARBITER
Arbiter retrieves       M
KS                                   2
SENDER                                               plaintext M from S
M

KR

KS
M          S       M

Arbiter seals [ Message received from
RECIPIENT                              3   Sender E(M,KS), Identify of Sender S,
and copy of plaintext M ] and sends all to R
Asymmetric Key Digital
Signatures
    The basic digital signature protocol using asymmetric encryption
protocol is as follows.
    Alice encrypts a document M with her private key APRI, thereby
signing the document, e.g. E( APRI , M ).
    Alice encrypts the message with Bob’s public key BPUB, and then
sends the message C to Bob, e.g. C = E(BPUB , E( APRI , M
) )
    Bob decrypts the message using his private key BPRI and then
Alice’s public key APUB, thereby verifying the signature,
   e.g M = D(BPRI , D( APUB , M ) )

BPU                             SENDER                               RECIPIENT
B
1   Encrypts message with                Decrypts message
BPUB and APRI and                2
APRI                                                        with
then send the message                BPRI and APUB
M                                           M       in order to derive M.
Digital Signatures and
Timestamps
     In order to stop a message that has been signed using a digital
signature from being reused, we need to make use of
timestamps.
     The protocol is the same as the asymmetric protocol for signing
documents except that the message contains a time stamp.
   e.g. M = [ Message , Time-Stamp ]
     The timestamp will define when the message was sent.
   Two messages with the same contents and the same time-stamp
will be ignored, thus a message can not be re-used.

BPU                        SENDER                              RECIPIENT
B
1   Encrypts message with               Decrypts message
BPUB and APRI and               2
APRI                                                     with
then send the message               BPRI and APUB
M                                        M       in order to derive M.
Public Keys and Digital
Signatures
   There are many Digital Signature Algorithm that have been
developed, and they all make use of large prime numbers and
modular arithmetic on the plain text to be signed.
   The Digital Signature Algorithm (DSA) has been proposed by the
U.S. National Institute for Standards and Technology (NIST) for use
in their Digital Signature Standard (DSS). The standard was
proposed in August 1991. Digital Signature Algorithm was developed
by the U.S. National Security Agency (NSA)
   RSA is a general public-key/private-key encryption system
   Schnorr and ElGamal Algorithm is a specific digital signature
algorithm.
   GOST Digital Signature Algorithm (This is the Russian digital
signature standard and is officially called GOST R 43.10-94)
Contract Signing
   Suppose that Andrew and Alison agree to something and wish to sign a contract to show their
agreement. Both of them are committed to performing some act by the contract but each wants
to commit only if the other does.
   A Contracting protocol requires two things
   Commitment.
   After a certain point both parties are bound by the contract; until then neither is.
   Enforceability,
   The signatures of the contract must be demonstrably authentic; that is, it must be possible for either party to prove
that the signature of the other is authentic.

   One solution is to use a Trusted Third Party (TTP) as an Arbitrator
1.     Andrew signs a copy of the contract and sends it to the TTP.
2.     Alison signs a copy of the contract and sends it to the TTP.
3.     The TTP announces when both signed contracts have arrived.
4.     Alison signs two copies of the contract and sends them to Andrew.
5.     Andrew signs both copies of the contract and, keeps one for himself, and sends the other to Alison.
6.     Alison and Andrew both inform the TTP that each have a copy of the contract signed by both of them.
7.     The TTP destroys his two copies of the contract with only one signature each.

```
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
 views: 2 posted: 1/18/2013 language: English pages: 39
How are you planning on using Docstoc?