CRYPTOGRAPHY DECRYPTED

Mel FM

3/15/01, 11:03 AM

Mel FM

3/15/01, 11:03 AM

CRYPTOGRAPHY DECRYPTED

H. X. Mel Doris Baker

Math Appendix by Steve Burnett Foreword by John Kinyon

Boston San Francisco New York Toronto Montreal London Munich Paris Madrid Capetown Sydney Tokyo Singapore Mexico City

MEL_FM.pm6

4/6/04, 8:12 PM

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Addison-Wesley was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. Screen shots reprinted by permission from Microsoft Corporation. The author(s) and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. The publisher offers discounts on this book when ordered in quantity for bulk purchases and special sales. For more information, please contact: U.S. Corporate and Government Sales (800) 382-3419 [email protected] For sales outside of the U.S., please contact: International Sales (317) 581-3793 [email protected] Visit Addison-Wesley on the Web: www.awprofessional.com Library of Congress Cataloging-in-Publication Data Mel, H.X., 1948Cryptography decrypted / H. X. Mel, Doris M. Baker; math appendix by Steve Burnett; foreword by John Kinyon. p. cm. Includes bibliographical references and index. ISBN 0-201-61647-5 1. Computer security. 2. Cryptography. I. Baker, Doris M. II. Title. QA76.9.A25 M44 2000 005.8'2dc21 Copyright 2001 by Cary Meltzer and Doris Baker All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher. Printed in the United States of America. Published simultaneously in Canada. For information on obtaining permission for use of material from this work, please submit a written request to: Pearson Education, Inc. Rights and Contracts Department 75 Arlington Street, Suite 300 Boston, MA 02116 Fax: (617) 848-7047 ISBN 0-201-61647-5 Text printed on recycled paper 5 6 7 8 9 10PH0807060504 Fifth printing, May 2004

00-046878

MEL_FM.pm6

4/6/04, 8:12 PM

For Max Samuel who showed us a good hiding place is hard to find

Mel FM

3/15/01, 11:03 AM

KEY POINTS
PARTS CHAPTER MAJOR TOPICS Cryptographic methods are separate from cryptographic keys 14 Strong cryptographic methods are secure Best feasible attack is to try each possible key Part I: Secret Key Cryptography 5 6 7 8 9 10 11 Part II: Public Key 12 13 14 15 16 Part III: Key Distribution 17 18 DES was secure, but technology has weakened it History leading to modern cryptography Secret key assurances: confidentiality, authentication, and integrity Secret key sharing problems Foundation of public key cryptography: easy and hard problems Public key encryption assurance: confidentiality Simple cryptographic arithmetic Private key encryption assurances: authentication, integrity, and nonrepudiation Detecting message modification with message digests Message digest assurances: one-wayness and collision resistance Comparing secret key, public key, and message digests Digital certificates are signed public keys X.509 digital certificates, certificate authorities, and certificate revocation Pretty Good Privacy (PGP) digital certificates PGP compared to X.509 Examples of real world systems (secure email, SSL, IPsec) Some cryptographic attacks Protecting your keys with smartcards Mathematics underlying public key technology Additional IPsec details

1921 Part IV: Real World Systems

6

22 23 A

7
8

Mel FM

Appendixes B

3/15/01, 11:03 AM

CONTENTS

Foreword Preface Introduction Part I Secret Key Cryptography Chapter 1 Locks and Keys
Locks and Combinations Defining Cryptographic Terms Making and Solving Puzzles Review

xv xvii xix 1 3
3 5 6 6

Chapter 2 Substitution and Caesars Cipher

Cryptanalysis of Caesars Cipher Empowering the Masses The Importance of Separating the Method and the Key Adding Keys A Weakness of Caesars Ciphers: The Failure to Hide Linguistic Patterns More Complex Substitution: Vigenres Cipher Review

7
10 11 12 13 14 15 19

Chapter 3 Transposition Ciphers: Moving Around

Patterns and Cryptanalysis Adding Complexity Computer Transposition Combining Substitution and Transposition Review

21
22 23 25 26 28

vii

Mel FM

3/15/01, 11:03 AM

viii

CONTENTS

Chapter 4 Diffuse and Confuse: How Cryptographers Win the End Game
Diffusion The Polybius Cipher The Principle of Confusion Cryptographic Locks and Keys Review

29
29 30 33 34 35

Chapter 5 DES Isnt Strong Anymore

The Historical Need for an Encryption Standard Cycling Through Computer Keys Double and Triple DES DES (and Other Block Cipher) Modes The Avalanche Effect Supplement: Binary Numbers and Computer Letters Review

37
37 40 41 42 42 43 44

Chapter 6 Evolution of Cryptography: Going Global

Early Cryptography Commercial and Military Needs Entering the Computer Age Review

45
46 48 49 51

Chapter 7 Secret Key Assurances

Confidentiality Authentication An Authentication Attack Not Really Random Numbers Integrity Using the MAC for Message Integrity Assurance Why Bother Using a Message Authentication Code? File and MAC Compression Nonrepudiation: Secret Keys Cant Do It Review

53
54 55 57 57 59 60 62 62 63 64

Chapter 8 Problems with Secret Key Exchange

The Problem and the Traditional Solution Using a Trusted Third Party Key Distribution Center and Key Recovery

65
66 68 70

Mel FM

3/15/01, 11:03 AM

CONTENTS

ix

Problems with Using a Trusted Third Party Growth in the Number of Secret Keys Trust and Lifetime Review

71 71 72 72

Part II

Public Key Cryptography

75 77
77 77 78 79 80 81 82 84 84 86 86 88

Chapter 9 Pioneering Public Key: Public Exchange of Secret Keys

The Search for an Innovative Key Delivery Solution Developing an Innovative Secret Key Delivery Solution First Attempt: A Database of Key/Serial Number Pairs Second Attempt: An Encrypted Database of Key/Serial Number Pairs Merkles Insight: Individually Encrypted Key/Serial Number Pairs Black Hats Frustrating Problem The Key to Public Key Technology A New Solution: Diffie-Hellman-Merkle Key Agreement Alice and Bob Openly Agree on a Secret Key Problems with the Diffie-Hellman Method Separate Encryption and Decryption Keys Review

Chapter 10

Confidentiality Using Public Keys

89
89 92 92 94 95

New Twists on Old Security Issues Confidentiality Assurances Distribution of Public Keys Two-Way Confidentiality Review

Chapter 11

Making Public Keys: Math Tricks

97
98 100 101 103 106 109 110 110 111

Alices Easy Problem Grade School Math Tricks More Grade School Math Division and Remainders: Modular Math Modular Inverses Using Modular Inverses to Make a Public Key Putting It All Together Giving BlackHat a Difficult, Time-Consuming Problem Trapdoor to the Easy Problem

Mel FM

3/15/01, 11:03 AM

CONTENTS

Knapsack Cryptography Modulo Calculations Exercise: Find Which Numbers Sum to 103 Review

112 112 112 113

Chapter 12 Creating Digital Signatures Using the Private Key

Written and Digital Signature Assurances Reviewing and Comparing Authentication Secret Key Authentication Private Key Authentication Authentication and Integrity Using Private and Secret Keys Private Key Authentication Methods RSA DSA Signing Terminology Nonrepudiation Assurances in Both Directions Summary of Public Key Assurances Public Key Means Public / Private Key Assurance Initiated Compressing before Signing Review

115
116 117 117 117 119 120 120 121 122 122 123 123 124 124 124 125

Chapter 13

Hashes: Non-keyed Message Digests

127
129 131 133 135 136 137 138

Detecting Unintentional Modifications Detecting Intentional Modifications Signing the Message Digest Detecting BlackHats Forgery Replay Attacks Supplement: Unsuccessfully Imitating a Message Digest Review

Chapter 14

Message Digest Assurances

141
141 143 143 143 144 145 147

Two Message Digest Flavors Non-keyed Message Digest Assurances One-wayness Collision Resistance Weak Collision Resistance Examples of One-way and Weak Collision Resistance Strong Collision Resistance

Mel FM

10

3/15/01, 11:03 AM

CONTENTS

xi

Non-keyed Digest Implementations Keyed Message Digest Assurances A MAC Made with DES DES-MAC Security Message Digest Compression Digest Speed Comparisons Hashed MAC Review

150 151 151 152 154 155 155 156

Chapter 15 Comparing Secret Key, Public Key, and Message Digests

Encryption Speed Key Length Ease of Key Distribution Cryptographic Assurances Symmetric (Secret) Key Asymmetric (Public) Key Review

157
157 158 158 159 159 159 161

Part III Distribution of Public Keys Chapter 16 Digital Certificates

Verifying a Digital Certificate Attacking Digital Certificates Attacking the Creator of the Digital Certificate Malicious Certificate Creator Attacking the Digital Certificate User The Most Devastating Attack Understanding Digital Certificates: A Familiar Comparison Issuer and Subject Issuer Authentication Transfer of Trust from the Issuer to the Subject Issuers Limited Liability Time Limits Revoking Trust More than One Certificate Fees for Use The Needs of Digital Certificate Users Getting Your First Public Key Certificates Included in Your Browser Review

163 165
167 167 168 168 168 168 169 169 169 170 171 171 171 172 172 172 173 174 174

Mel FM

11

3/15/01, 11:03 AM

xii

CONTENTS

Chapter 17

X.509 Public Key Infrastructure

177
178 179 179 181 182 182 183 187 188 189 189 190 190

Why Use X.509 Certificate Management? What Is a Certificate Authority? Application, Certification, and Issuance Certificate Revocation Polling and Pushing: Two CRL Delivery Models Building X.509 Trust Networks Root Certificates More Risks and Precautions Distinguished Names Certification Practice Statement X.509 Certificate Data Challenge Response Protocol Review

Chapter 18 Pretty Good Privacy and the Web of Trust

The History of PGP Comparing X.509 and PGP Certificates Building Trust Networks Bob Validates Alices Key Casey Validates Alices Key Sent by Bob Dawn Validates Alices Key Sent by Casey via Bob Web of Trust PGP Certificate Repositories and Revocation Compatibility of X.509 and PGP Review

193
193 194 196 196 197 198 200 200 201 201

Part IV Real-World Systems

E-mail Cryptographic Parameters Negotiation of SSL and IPsec Cryptographic Parameters User Initiation of Cryptographic E-mail, SSL, and IPsec

203
204 204 205

Chapter 19

Secure E-mail

207
207 209 211 211 212 213 213

Generic Cryptographic E-mail Messages Invoking Cryptographic Services Confidentiality and Authentication Choosing Services Positioning Services Deterring E-mail Viruses Review

Mel FM

12

3/15/01, 11:03 AM

CONTENTS

xiii

Chapter 20 Secure Socket Layer and Transport Layer Security

History of SSL Overview of an SSL Session An SSL Session in Detail Hello and Negotiate Parameters Key Agreement (Exchange) Authentication Confidentiality and Integrity TLS Variations Anonymous Diffie-Hellman Fixed and Ephemeral Diffie-Hellman Comparing TLS, SSL v3, and SSL v2 A Big Problem with SSL v2 A Possible Problem with TLS and SSL Generating Shared Secrets Bob Authenticates Himself to AliceDotComStocks Review

215
216 216 218 219 221 222 223 224 224 225 225 225 225 226 227 227

Chapter 21

IPsec Overview

229
229 230 231 231 232 232 232 233 235 235 237 238 241 243 244 245 246

Enhanced Security Key Management Manual Distribution Automated Distribution IPsec Part 1: User Authentication and Key Exchange Using IKE SSL/TLS and IPsec Key Agreement Security Association Phases IKE Nomenclature Benefits of Two-Phase Key Exchange IPsec Part 2: Bulk Data Confidentiality and Integrity for Message or File Transport Protocol and Mode ESP Examples AH Examples Management Control Implementation Incompatibilities and Complications Review

Chapter 22

Cryptographic Gotchas

247
247

Replay Attack

Mel FM

13

3/15/01, 11:03 AM

xiv

CONTENTS

Man-in-the-Middle Attack Finding Your Keys in Memory Does Confidentiality Imply Integrity? Example 1: Substituting a Forged Key Example 2: Cut-and-Paste Attack Public Key as a Cryptanalysis Tool Example 1: The Chosen Plaintext Attack Public Key Cryptographic Standards Example 2: The Bleichenbacher Attack BlackHat Uses Bobs RSA Private Key Review

247 249 249 250 250 251 251 253 253 253 257

Chapter 23

Protecting Your Keys

259
259 260 261 261 261 262

Smart Cards Types of Smart Cards Whats Inside a Smart Card Protections and Limitations Smart Card Attacks Review

Epilogue Appendix A Public Key Mathematics (and Some Words on Random Numbers) Appendix B (A Few) IPsec Details Bibliography Index

263 267 321 337 345

Mel FM

14

3/15/01, 11:03 AM

FOREWORD

e-Everything
Every January for the past 10 years, members of a cult from all over the world have headed to Silicon Valley for a summit. In the early years, only a few cryptographers, mathematicians, and forward thinkers in the relatively new field of computer security showed up for this then-obscure event, known as the RSA Security Conference. Imagine, if you will, a group of distinguished eggheads and computer nerds getting together to talk about cryptographic algorithms and how they might one day be used to solve security problems. In Internet years, that first event was a very long time ago. A decade for everyday people, it was an Internet generation for those of us involved with computer technology. The problems were small and often theoretical then. We couldnt imagine the looming frenzied pace of change, the way the World Wide Web (World Wide what?it wouldnt be invented for another year) would explode, and the e-izing of everything and anything. With those changes came what those original visionaries predicted: e-fraud, e-theft, e-vandalism, e-scams, e-viruses, and e-everything-else bad along with e-everything good. Nowadays, there are dozens of computer security conferences and exhibits. Even so, our understanding of cryptography is weak, often only abstract. Practical applications of cryptography are just beginning to become commonplace. These solutions are still young. It is a struggle for an information technology professional, and often an information protection professional, to understand how security technology works and how to apply cryptography appropriately to solve real business problems. The RSA Security Conference is bigger than ever. Hidden among the product demos, sales pitches, and seminars, interesting technical papers are still presented. It was at RSA 2000 that I met the joyful and energetic H. X. Mel. Like many others, he and Doris Baker had a vision of how to improve security. Their vision, however, was not product implementation, but educationto make cryptography understandable to the people who need it. Their book, this book, is more than Alice and Bob diagrams and yet less than a tome full of math.

xv

Mel FM

15

3/15/01, 11:03 AM

xvi

FOREWORD

Instead, it is filled with examples of the principles behind todays solutions, explained with an interesting historical perspective. Even after 10 years working in the field of information protection for a major electronics manufacturing company, I learned a lot from this book. I think you will, too. John Kinyon

Mel FM

16

3/15/01, 11:03 AM

PREFACE

A Tool for Everyone

In the past, cryptography was used mainly to secure the communications of the powerful and influential, the military and royalty. But the widespread use of computers, and the attacks to which they are vulnerable, has expanded the need for secure communications around the globe. This book describes the protection afforded by modern computer cryptographic systems and explains how the pace of modern technology requires continuing attention to the security of those systems. The advent of computers changed a great many things, but not the fundamentals of cryptography. Through stories and pictures, Cryptography Decrypted presents cryptographys evolution into a modern-day science, laying out patterns from the past that are applicable today. It also gives you a thorough understanding of terms that are destined to become as much a part of our language and life as megabyte and Internet. As you begin to think about controlling various aspects of your life using wired or wireless communication, on line all the time, your understanding of cryptographyits benefits and its pitfallswill make you feel a little more in control of a rapidly changing world. Because rapid advances in the speed of hardware will continue to threaten the security of current cryptographic methods, its essential that you choose appropriate techniques and perform ongoing assessment if you want to maintain your digital security. You can make such choices and assessments only if you know the basic concepts of cryptography. Cryptography Decrypted offers you that knowledge through visual representation of difficult concepts, an easy-to-use reference for reviewing key cryptographic terminology, and instructive historical information. You need little or no background in cryptography to read this book. Neither does it require technical or math genius. Its designed so that anyone from CIOs to self-taught computer enthusiastsand everyone in betweencan pick up this book without any knowledge of encryption and find it fascinating, understandable, and instructive.

xvii

Mel FM

17

3/15/01, 11:03 AM

xviii

PREFACE

If you have some understanding of computer cryptography, Cryptography Decrypted is systematic and comprehensive enough to solidify your knowledge. It provides a simple description of the component parts of secret key and public key cryptography. (Those who already understand and dont wish to cover any more material about secret key cryptography may choose to read only Parts II through IV, bypassing Part I.) Throughout the book, we use images to clarify cryptographic terms. After explaining the basic cryptographic components, we describe real-world cryptographic systems, some possible attacks on those systems, and ways to protect your keys. The book provides a historical framework on which to build your understanding of how and why computer cryptography works. After a discussion of how cryptography has evolved into an essential Internet tool, we analyze secret key exchange problems and then explain the evolution of public key cryptography, with its solution to the key exchange problem. Along the way we explain some simple background on the math tricks that make public key cryptography secure. Traditionally, those who have thoroughly understood cryptography have been trained as mathematicians or scientists. Our goal here is to explain computer cryptography with rather little discussion of math. If the esoteric details arent of immediate concern to you, you can skip Chapter 11 (Making Public Keys: Math Tricks), Chapter 14 (Message Digest Assurances), and the appendixes without diminishing your understanding of the basic concepts. Appendix A describes some aspects of public key mathematics, including inverses, primes, the Fermat test, Diffie-Hellman, DSA, elliptic curve, and pseudo-random number generation. Appendix B provides details of IPsec, a security system introduced in Chapter 21.

Acknowledgments
It was no small task to wade through and distill the technical and historical material to write a cryptography book that would be understandable to a broad audience. We could not have done it without the considerable help we received from conscientious reviewers who left no stone unturned. They included Paul Brown, Sheila Frankel, Russ Housley, Doug Hughes, John Kinyon, Marcus Leech, Greg Rose, Ben Rosengart, Anton Stiglic, David Youd, and Neal Ziring. Of course, we might never have gotten through the many months of creation and rewrite without our editors, Tyrrell Albaugh, Karen Gettman, Betsy Hardinger, Mary Hart, and Lisa Hernandez, who helped us stay focused on the light at the end of the tunnel. Our heartfelt thanks to them all.

Mel FM

18

3/15/01, 11:03 AM

INTRODUCTION

Welcome to the Front Line

If your computer is connected to or transmits over an electronic network, your data is on the front line. Attackers are getting more competent by the month, and their attacks more intrusive, virulent, and widespreadfrom Melissa to the Love Bug to the unknown virus that ate your hard drive. Although few of us leave our valuables unlocked, few of us know how to use cryptographic locks to secure our digital possessions. By the time you finish reading this book, you will. Most governments, including those of Canada, China, France, Saudi Arabia, and the United States, consider cryptographic tools to be munitions of war, so its reasonable to think of potential attacks on your data as a kind of war. Your opponent is anyone who wants to read, modify, or destroy your private documents. In large part, this is a book about the cryptographic keys and methods you use to safeguard your digital possessions. Figure I-1 shows cryptographic keys and the symbols we use to portray them. Part I of this book explains secret keys

A Devastating Opponent In World War II the German Observation ServiceBeobachtungs-Dienst, or B-Dienstwas a small group of codebreakers who played a powerful role in the Battle of the Atlantic. B-Dienst uncovered the positions of Allied convoys that German submarines then destroyed, devastating the Allied Atlantic forces from 1941 to 1943. For example, during three days in March 1943, the Germans sank 21 Allied vessels while losing only one submarine. Better communications security and new technologies such as sonar helped the Allies turn the tide.

xix

Mel FM

19

3/15/01, 11:03 AM

xx

INTRODUCTION

Secret Key

Public Key

Private Key

Figure I-1 Cryptographic keys used in this book.

and secret key methods. Part II describes public and private keys and public key methods. Part III explains how keys are distributed, and Part IV shows how three real-world systemssecure mail, Secure Socket Layer (SSL), and Internet Protocol Security (IPsec)use cryptographic keys and methods.

Need a Quick Read?

Chapters 3, 4, 11, and 14 contain details that can be skimmed or skipped. Chapters 3 and 4 show cryptographic techniques that strengthen secret key methods. Chapter 11 explains a simple math trick to make public/private keys. Chapter 14 illustrates some cryptographic tools used to identify message tampering.

Mel FM

20

3/15/01, 11:03 AM