Scribd
Upload
55 views

Chapter three

Uploaded by

Getaneh Awoke
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
55 views

Chapter three

Uploaded by

Getaneh Awoke
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 108

Chapter 3: Cryptography and Encryption Techniques

Content
 3.1 Basic cryptographic terms
3.2 Historical background 3.6.3 Digital Signature
3.3 Cipher Techniques 3.6.3.1 Using Public Key
3.3.1 Transposition Cipher 3.6.3.2 Using Message Digest
3.3.2 Substitution Cipher 3.6.3.2.1 MD4family
3.4 Conventional encryption algorithms 3.6.3.2.2 SHA family
3.5 Cryptanalysis 3.6.3.2.3 RIPEMD
3.6 Cryptographic Systems 3.6.4 Public key Infrastructure (PKI)
3.6.1 Symmetric key cryptography 3.6.4.1.1 Trusted Third Party
3.6.1.1 DES 3.6.4.1.2 Certification
3.6.1.2 3DES 3.6.4.1.3 Key Distribution
3.6.1.3 AES 3.6.4.1.4 PKI Topology
3.6.1.4 Block Cipher Modes 3.6.4.1.5 Enrollment and Revocation
3.6.2 Public key cryptography Procedures
3.6.2.1 Diffie-Hellman
3.6.2.2 RSA
Introduction: Cryptography
❑ Comes from the Greek kryptós which means ‘hidden’ and gráphein, ‘to write’)
is the study of designing the techniques of cryptosystem.
❑ It is the science and study of secret writing (practice and study of hiding
information)
❑ It is the art and science of making a cryptosystem that is capable of providing
information security.
❑ It deals with the actual securing of digital data.
❑ It refers to the design of mechanisms based on mathematical algorithms that
provide fundamental information security services.
❑ You can think of cryptography as the establishment of a large toolkit containing
different techniques in security applications.
3.1 Basic cryptographic terms
❑ Plaintext : The information in its original form. This is also
known as cleartext.
❑ Ciphertext : The information after it has been obfuscated by
the encryption algorithm.
❑ Algorithm: The method of manipulation that is used to
change the plaintext into ciphertext and vice versa.
❑ Secrete Key : The input data into the algorithm that
transforms the plaintext into the ciphertext or the ciphertext
into the plaintext that is only known by sender and receiver.
❑ Encryption/Enciphering: The process of changing the
plaintext into ciphertext.
❑ Decryption/Deciphering: The process of changing the
ciphertext into plaintext.
Cont…
❑ Cryptography: The art of concealing information using encryption.

❑ Cryptographer: An individual who practices cryptography.

❑ Cryptanalysis: The art of analyzing cryptographic algorithms with the


intent of identifying weaknesses. (from the Greek kryptós, "hidden", and
analýein, "to loosen" or "to untie"). The art and science of breaking the
cipher text

❑ Cryptanalyst: An individual who uses cryptanalysis to identify and use


weaknesses in cryptographic algorithms.
❑ Cryptology is the study of Cryptosystems. Cryptosystems are the
techniques for ensuring the secrecy and/or authenticity of information.
=(cryptography +cryptanalysis)
Cont…
 Key-space – Total number of possible values of keys in a crypto
algorithm
 Cryptosystem: The package of all processes, formulae, and
instructions for encoding and decoding messages using
cryptography.
- The combination of algorithm, key, and key management
functions used to perform cryptographic operations
 A cryptosystem is a 5-tuple (E,D,M,K,C), where
M:the set of plaintexts
K: the set of keys
C: the set of ciphertexts
E: (M x K →C) the set of enciphering functions(P = DK (C))
D: (C x K→M) the set of deciphering functions (C = EK (P))
 Security depends on the secrecy of the key, not the secrecy of
the algorithm
Cont…
 The need for cryptography
If you have the best firewall, very tight security policies, hardened operating
systems, virus scanners, intrusion detection/prevention system, antispyware,
and every other computer security angle covered but send your data in raw,
plain text, then you simply are not secure
 Description
A sender S wants to transmit message M to a receiver R
To protect the message M, the sender first encrypts it into an
unintelligible message M’
After receipt of M’, R decrypts the message to obtain M
M is called the plaintext: what we want to encrypt
M’ is called the ciphertext: the encrypted output
 Note: Steganography is a technique for hiding a secret message within a larger
one so that others cannot discern the presence or contents of the hidden
message; it is used to claim ownership; it is not encryption
Cryptographic systems
are characterized along three dimensions
 operations used for transforming
 Substitution: Replace (bit, letter, group of bits letters)
 Transposition: Rearrange the order
 number of keys used
 Symmetric: same key , secret-key, private-key
 Asymmetric: different key , public-key
 way in which the plaintext is processed
 block cipher
 Stream cipher
Symmetric Key cryptography/classical or
conventional encryption Technique
 Symmetric Key Cryptography (Secret Key /Private Key Cryptography)
 Same Key is used/shared by both parties
Advantages
 Simpler and Faster
Disadvantages
 Less Secured
 A symmetric encryption scheme has five ingredients:
- Plaintext - Secret key - Decryption algorithm
- Encryption algorithm - Ciphertext
 Under Substitution Technique
✓ Monoalphabetic Ciphers
✓ Caesar Cipher-(shift/additive cipher), Multiplicative cipher, Affine
cipher
✓ Polyalphabetic Ciphers
✓ Playfair Cipher, Hill Cipher, One-Time Pad
 Under Transposition Technique
✓ rail fence
✓ columnar transposition
Substitution …

A conventional scheme that replaces


elements of the plain text to get a
cyphertext
involves replacing plaintext bit patterns with
ciphertext bit patterns
Example
Monoalphabetic Cipher
Polyalphabetic Cypher
Cont…
Cont…
Additive Cipher
(Shift Cipher / Caesar Cipher)
Cont..
Cont..
Multiplicative Cipher
The multiplicative cipher is similar to additive cipher except the
fact that the key bit is multiplied to the plain-text symbol during
encryption.
Likewise, the cipher-text is multiplied by the multiplicative
inverse of key for decryption to obtain back the plain-text.
C = (M * k) mod n
M = (C * k-1) mod n
where, k-1 -> multiplicative inverse of k (key)
The key space of multiplicative cipher is 12. Thus, it is also not
very secure
Multiplicative Ciphers
 Figure 3.10 Multiplicative cipher

Note

In a multiplicative cipher, the plaintext and ciphertext are


integers in Z26; the key is an integer in Z26*.
Multiplicative Ciphers - Continued
Example 3.7

 What is the key domain for any multiplicative cipher?


 Solution
 The key needs to be in Z26*. This set has only 12 members: 1,
3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25.
Example 3.8

 We use a multiplicative cipher to encrypt the message “hello”


with a key of 7. The ciphertext is “XCZZU”.
Multiplicative Ciphers - Continued

21
Affine ciphers
Affine ciphers
The affine cipher uses a pair of keys in which the first key is from Z26* and the
second is from Z26. The size of the key domain is 26 × 12 = 312.

Use an affine cipher to encrypt the message “hello” with the key pair (7, 2).
Affine ciphers
Use the affine cipher to decrypt the message “ZEBBW” with the key pair (7, 2) in
modulus 26.

Solution
Cont…
Cont…
 Or we can use Vigenère table.
Vigenère Table
Hill Cipher
 It is a polyalphabetic substitution cipher.
 Developed by mathematician Laster Hill in 1929.
 Encrypts a group of letters: digraph, trigraph or
polygraph.
 Based on linear algebra.
 Keyword is given as 𝑛𝑥𝑛 matrix.
 C = KP mod 26 (encryption)

 P =( K-1C )mod 26 (decryption)

 K-1 = where, d is determinant of matrix and


adj=adjugate matrix of K.
Cont…
Cont…
Cont…
Cont…
Cont…
One time pad cipher
Cont…
Transposition Technique
Example:
Asymmetric Key Cryptography(Public Key Cryptography)

 2 different keys are used


 Users get the Key from an Certificate Authority
Advantages
✓ More Secured
✓ Authentication
Disadvantages
✓ Relatively Complex
DES: Data Encryption Standard
 Adopted in 1977 by National Bureau of Standards (now NIST)
 Divides message into blocks of 64 bits, and uses a key of 56 bits
(in reality, 64 bits, but 8 are used as parity-check bits for error
control)
 DES is a Feistel cipher with 16 rounds;
 each round of DES uses a 48-bit subkey and each subkey consists
of a 48-bit subset of the 56-bit key
 Key idea for this: XOR the data with the key
 (Remember XOR? How did it work?)
Cont…
 In July 1998, DES was officially cracked by a machine built
by the EFF
 Total cost: under $250,000
 Total time: 6-8 months
 They then published the details of their approach, which
essentially was a brute force attack
 Note: 56 bits means 256 keys to try
 Also, not as easy as just trying. What do you always do to
files before sending them somewhere?
3DES
 Effort to salvage DES
 Main algorithm: repeat DES 3 times with different keys (so
key size is now 168 bits)
 Still very secure - brute force attacks would take too long,
and that is the only way to attack this algorithm
 Main problem: SLOW
Advanced Encryption Standard (AES)
 Designed in response to a call by NIST in 1998, and
officially adopted in 2001
 Block length is 128 bits, and keys can be 128, 192, or
256 bits.
 Essentially, proceeds in 4 rounds (which are repeated):
 Substitute bytes
 Permute
 Mix columns
 Add round key
 3.6.1.2 3DES
3.6.1.3 AES
3.6.1.4 Block Cipher Modes
Block Cipher Modes
3.3 Asymmetric (Public-key) Cryptosystem
▪ It is a form of cryptosystem in which encryption and decryption
are performed using different keys - one public key (KE) and
one private key (KD) - that form a unique pair
▪ C = EKE(P)
▪ P = DKD(C)  P = DKD[EKE(P)]
▪ The two keys have the property that deriving the private key
from the public key is computationally infeasible
▪ Proposed by Diffie and Hellman in 1976
▪ Uses Mathematical functions whose inverse is not known by
Mathematicians of the day
▪ It is a revolutionary concept since it avoids the need of using a
secure channel to communicate the key
▪ It has made cryptography available for the general public and
made many of today’s online applications feasible 62
▪ Steps in Asymmetric Cryptosystems
1. Each user generates a pair of keys to be used for the
encryption and decryption of messages
2. Each user places one of the two keys in a public register or
other accessible file. This is the public key. The companion
key is kept private
3. If Bob wishes to send a confidential message to Alice, Bob
encrypts the message using Alice’s public key
4. When Alice receives the message, she decrypts it using her
private key. No other recipient can decrypt the message
because only Alice knows Alice’s private key
▪ At any time, a user can change its private key and publish the
companion public key to replace its old public key
66
▪ Common misconceptions concerning public-key encryption
1. Public-key encryption is not more secure from cryptanalysis than
is symmetric encryption. The security of any encryption scheme
depends on the length of the key and the computational work
involved in breaking a cipher. There is nothing in principle about
either symmetric or public-key encryption that makes one superior
to another from the point of view of resisting cryptanalysis
2. Public-key encryption has not made symmetric encryption
obsolete. On the contrary, because of the computational
overhead of current public-key encryption schemes, there seems
no foreseeable likelihood that symmetric encryption will be
abandoned
3. Finally, there is a feeling that key distribution is trivial when using
public-key encryption, compared to the rather cumbersome
handshaking involved with key distribution centers for symmetric
encryption. In fact, some form of protocol is needed, generally
involving a central agent, and the procedures involved are not
simpler nor any more efficient than those required for symmetric
encryption 67
▪ Why public-key cryptography?
▪ In an attempt to attack two of the most difficult problems
associated with symmetric encryption
▪ The first problem is that of key distribution since key
distribution under symmetric encryption requires either (1) that
two communicants already share a key, which somehow has
been distributed to them; or (2) the use of a Key Distribution
Center (KDC)
▪ The second requirement negates the very essence of
cryptography: the ability to maintain total secrecy over your
own communication; “what good would it do after all to
develop impenetrable cryptosystems, if their users were
forced to share their keys with a KDC that could be
compromised by either burglary or other means?”
▪ The second problem is that of digital signatures. If the use of
cryptography was to become widespread, then electronic
messages and documents would need the equivalent of
signatures used in paper documents
68
▪ Use of Public-key Cryptosystems
▪ It can be used for confidentiality, authentication, or both
▪ Depending on the application, the sender uses either the
sender’s private key, the receiver’s public key, or both to perform
some type of cryptographic function
▪ The use of public-key cryptosystems can be classified into three:
▪ Encryption/decryption: For confidentiality, the sender
encrypts a message with the recipient’s public key
▪ Digital signature: For authentication, the sender “signs” a
message with its private key. Signing is achieved by a
cryptographic algorithm applied to the message or to a small
block of data that is a function of the message
▪ Key exchange: Two sides cooperate to exchange a session
key, (i.e., a user wishes to set up a connection with another
user and uses a secret key to encrypt messages on that
connection); Different approaches are possible, involving the
private key(s) of one or both parties
▪ Some algorithms are suitable for all three applications, whereas69
others can be used only for one or two of these applications
Applications of Public-Key Cryptosystems
▪ RSA - Rivest-Shamir-Adleman
▪ DSS - Digital Signature Standard

▪ You can read about Diffie-Hellman, DSS, and Elliptic Curve Cryptography
(ECC) algorithms

70
3.3.1 RSA - Asymmetric Cryptosystem Example
▪ The most widely used public-key cryptosystem is RSA
▪ RSA is from Ron Rivesh, Adi Shamir and Leonard Adleman
(in 1977)
▪ It is a block cipher in which the plaintext and ciphertext are
integers between 0 and m-1 for some m
▪ The private and public keys are constructed from very large
prime numbers (consisting of hundreds of decimal digits)
▪ Principle: No mathematical method is yet known to efficiently
find the prime factors of large numbers
▪ Breaking RSA is equivalent to finding the prime factors: this is
known to be computationally infeasible, i.e., security is based
on the difficulty of factoring large integers
▪ It is only the person who has produced the keys from the
prime numbers who can decrypt messages 71
▪ RSA - Key Generating Algorithm
1. Choose two large prime numbers, p and q
2. Compute n = pq and (phi) φ = (p-1)(q-1)
3. Choose an integer e, 1 < e < φ, such that GCD(e, φ) = 1
(Note: The Greatest Common Divisor of two integers is the
largest positive integer that exactly divides both integers) or e
and φ are relatively prime (two integers are relatively prime if
their only common positive integer factor is 1)
4. Determine the secret exponent d, 1 < d < φ, such that
φ divides (ed-1); i.e., the remainder of (ed-1)/φ is zero
5. The public key is the pair of integers (e, n) and the private key
is (d, n), i.e., both sender and receiver must know the value of
n. The sender knows the value of e, and only the receiver
knows the value of d
▪ Keep all the values d, p, q and φ secret
▪ n is known as the modulus
▪ e is known as the public exponent or encryption exponent
▪ d is known as the secret exponent or decryption exponent
72
▪ RSA- Encryption
▪ Sender A does the following
▪ Obtains the recipient B's public key (e, n)
▪ Represents the plaintext message as a positive integer M
▪ Computes the ciphertext C = Me mod n
▪ Sends the ciphertext C to B
▪ RSA- Decryption
▪ Recipient B does the following
▪ Uses his/her private key (d, n) to compute M = Cd mod n
▪ Extracts the plaintext from the message representative M
▪ Compared to DES, RSA is computationally more complex;
encryption is 100-1000 times slower than DES
▪ Hence encryption systems use RSA to exchange only shared
keys (for symmetric cryptosystems) in a secure way 73
▪ RSA Simple Example - Key Generation
1. Choose two prime numbers: p=11, q=3
2. n = pq = 11*3 = 33
φ = (p-1)(q-1) = 10*2 = 20
3. Choose e, 1 < e < φ; we choose e=3
Check GCD(e, φ) = GCD(3, 20) = 1 (i.e., 3 and 20 are
relatively prime)
4. Determine d, 1<d<φ, such that φ divides ed-1 (or 20 divides
3d-1)
Simple testing (d = 2, 3, ...) gives d = 7
Check: ed-1 = 3*7 - 1 = 20, which is divisible by φ (20)
5. Public key = (e, n) = (3, 33)
Private key = (d, n) = (7, 33)

74
▪ RSA- Encryption Example
▪ Now say we want to encrypt the message M = 7
▪ C = Me mod n = 73 mod 33 = 343 mod 33 = 13
▪ Hence the ciphertext C = 13
▪ RSA- Decryption Example
▪ For decryption, we compute
▪ M = Cd mod n = 137 mod 33 = 7

75
▪ RSA - More Meaningful Example
▪ Message: ATTACKxATxSEVEN
▪ Group the characters into blocks of three and compute a
message representative integer for each block
▪ ATT ACK XAT XSE VEN
▪ In the same way that a decimal number can be
represented as the sum of powers of ten,
(e.g., 135 = 1 x 102 + 3 x 101 + 5 x 100), we could
represent our blocks of three characters in base 26 using
A=0, B=1, C=2, ..., Z=25
▪ ATT = 0 x 262 + 19 x 261 + 19 x 260 = 513
ACK = 0 x 262 + 2 x 261 + 10 x 260 = 62
XAT = 23 x 262 + 0 x 261 + 19 x 260 = 15567
XSE = 23 x 262 + 18 x 261 + 4 x 260 = 16020
VEN = 21 x 262 + 4 x 261 + 13 x 260 = 14313
76
1. Generate two prime numbers: p=137 and q=131
2. n = pq = 137*131 = 17,947
φ = (p-1)(q-1) = 136*130 = 17680
3. Choose e = 3
Check GCD(3,17680)=1 (i.e., e and φ are relatively prime)
4. Determine d, 1<d<φ, such that φ divides ed-1 (or 17680
divides 3d-1); d = 11787; (11787*3-1)/17680 = 2
5. Hence
▪ Public key, (e, n) = (3, 17947) and
▪ Private key (d, n) = (11787, 17947)

77
▪ To encrypt the first integer that represents "ATT“ (513), we have
▪ C = Me mod n = 5133 mod 17947 = 8363
▪ We can verify that our private key is valid by decrypting
▪ M = Cd mod n = 836311787 mod 17947 = 513
▪ Overall, our plaintext is represented by the set of integers m
▪ (513, 62, 15567, 16020, 14313)
▪ After decryption, these numbers are converted to their textual
equivalents by successively dividing by 26 and taking the
remainders
▪ We compute the corresponding ciphertext integers
C = Me mod n
▪ (8363, 5017, 11884, 9546, 13366)

78
▪ Do public and private keys form a unique pair?
Iteration on i using d=(φ*i+1)/e, i.e., φ divides ed-1
i d
i d
n 33 1 7.00000 n 17947 1 5,893.66667
φ 20 2 13.66667 e 3 2 11,787.00000
e 3 3 20.33333 φ 17680 3 17,680.33333
d 7 4 27.00000
d 11787 4 23,573.66667
φ divides ed-1 5 33.66667
φ divides ed-1 5 29,467.00000
20 divides 3*d-1 6 40.33333
17680 divides 3*d-1 6 35,360.33333
7 47.00000
8 53.66667 7 41,253.66667
8 47,147.00000

PubK (3, 33)


PubK (3, 17947)
PrvK (7, 33) PrvK (11787, 17947)

▪ e and d form no unique pair!, i.e., with RSA, we can make


several private keys for single public key and vice versa
▪ We have to avoid to make more than one public key for a single
private key because combining two such keys helps revealing
the private key 79
▪ How large should p and q be?
▪ The larger the values, the more difficult it is to break RSA, but
the longer it takes to perform the encoding and decoding
▪ RSA Laboratories recommends that the product of p and q be
on the order of 1,024 bits for corporate use and 768 bits for
use with “less valuable information”
▪ Other issues
▪ How do we choose large prime numbers?
▪ How do we then choose e and d?
▪ How do we perform exponentiation with large prime
numbers?
▪ You can read about the methods used for the above issues

80
3.3.2 Digital Signature
▪ Confidentiality ensures that messages cannot be intercepted and
read by eavesdroppers, i.e., encryption protects against passive
attack
▪ A different requirement is to protect against active attack
(falsification of data and transactions). Protection against such
attacks is known as message authentication
▪ A message, file, document, or other collection of data is said to
be authentic when it is genuine (not altered) and comes from its
alleged source
▪ A digital signature is not used to ensure the confidentiality of a
message, but rather to guarantee who sent the message, i.e.,
authentication (nonrepudiation); it proves who the sender is
▪ Nonrepudation can be source repudiation (denial of transmission
of message by source) or destination repudiation (denial of
receipt of message by destination)
▪ Just as with handwritten signatures, digital signing should be
done in a way that is verifiable and nonforgeable
81
▪ Digital signature is also used for Message Integrity; it ensures
that messages are protected against modification
▪ Note: authentication may mean both nonrepudation and data
integrity and sometimes only data integrity
▪ Digital Signature for Assurance
▪ Consider the situation where Bob has just sold Alice
something for 500 Birr through a deal that is made by e-mail
▪ Alice sends an e-mail accepting to pay 500 Birr
▪ Two issues need to be taken care of in addition to
authentication
▪ Alice needs to be assured that Bob will not modify the
amount and show that Alice promised to pay more than
500 Birr
▪ Bob needs to be assured that Alice will not deny that she
sends the message, i.e., source repudiation
82
▪ If Alice signs the message digitally, the two issues will be
solved so that her signature is uniquely tied to its content
 Bob’s change will be noticed and Alice also cannot deny
▪ There are several ways to place digital signatures; One
popular way is to use public-key cryptosystem such as RSA,
i.e., message encryption by itself can provide measure of
authentication
▪ Digital signature reverses the asymmetric encryption process

83
Notation: KX- : Private key of X
KX+ : Public key of X
▪ Alice encrypts the message using her private key
C = E(KA-, M) – this is Alice’s signature
▪ Sends the encrypted message to Bob
▪ Bob then decrypts the signature using Alice’s public key
M = D(KA+, C)
▪ If Bob can decrypt it with Alice’s public key, the message
must have been encrypted by Alice; No one else has Alice’s
private key, and therefore no one else could have created a
ciphertext that could be decrypted with Alice’s public key –
nonforgeable and verifiable
▪ Therefore, the encrypted message serves as a digital
signature
▪ In addition, it is impossible to alter the message without
access to Alice’s private key, so the message is authenticated
both in terms of source and in terms of data integrity

84
▪ But anyone can decrypt the message using Alice’s public key if
it is not important that the message be kept secret
▪ To combine both confidentiality and authentication
▪ Alice has to first encrypt the message using her private key
▪ Then encrypt the message with Bob’s public key
C = E(KB+, E(KA-, M))
▪ Sends the encrypted message to Bob
▪ Bob decrypts the message using his private key
▪ Bob then decrypts the message using Alice’s public key
M = D(KA+, D(KB-, C))
▪ Disadvantage: The public-key algorithm must be applied four
times rather than two which has an impact on efficiency

85
▪ Symmetric encryption can also be used for authentication
▪ A message transmitted from source A to destination B is
encrypted using a secret key shared by only A and B. If no
other party knows the key, then confidentiality is provided:
No other party can recover the plaintext of the message; B
is also assured that the message was generated by A
(authentication)
▪ But, Alice can deny that she has sent the message; Bob can
also modify the amount

Symmetric Encryption: Authentication and Confidentiality


86
▪ Digital Signature Using Message Digest
▪ Problems in Digital Signature
▪ Alice may claim that her private key has been stolen before
the message was sent
▪ Alice may change her private key; a solution could be to
have a central authority that keeps track of changes in keys
and that signed messages be timestamped
▪ Alice’s entire message is encrypted which may be expensive
in terms of processing requirements
▪ It also requires a great deal of storage. Each document must
be kept in plaintext to be used for practical purposes. A copy
also must be stored in ciphertext so that the origin and
contents can be verified in case of a dispute
▪ A better and cheaper method is to use a message digest

87
▪ Hash Functions
▪ A hash function H takes a message m of arbitrary length and
produces a fixed size bit string h, h = H(m)
▪ When the hash value h is sent with the message m (not
encrypted), it enables to determine whether m has been
modified or not; the principal objective of a hash function is
data integrity
▪ When a hash function is used to provide message integrity, the
hash function value h is often referred to as a message digest
▪ The two most common hashing algorithms are MD5 (Message
Digest version 5) which produces a 128-bit hash and Secure
Hash Algorithm or SHA (SHA-1 and later versions like SHA-
256) by NIST which produces a 160-bit message digest

88
▪ Example
▪ Assume we want to send the number 12345 and use hashing
to make sure there were no changes to this transmission
▪ The chosen algorithm (highly simplified) is
▪ Multiply the data by 56,789
▪ Invert the result
▪ Chop off all but the first four characters
Multiply: 12345 x 56789 = 701060205
Invert: 502060107
Truncate: 5020
▪ Hence 5020 is the hash value that is sent along with 12345
▪ The receiver follows the same steps to hash the message; if
the results match then there was no modification
▪ A typical hash combines encryption and truncation or padding to
get to a fixed-size authentication value

89
▪ If m is changed to m’, its hash h’ = H(m’) will be different from
h = H(m) and can be easily detected
▪ Alice first computes a message digest and encrypts it with her
private key
▪ E(KA-, H(m)) is sent with m so that Bob knows that it comes from
Alice by decrypting it with her public key
▪ Bob decrypts the digest and calculates the message digest; if they
match he knows the message has not been altered

Digitally signing a message using a message digest 90


▪ m can be sent as plaintext or if confidentiality is required can be
encrypted using Bob’s public key, but with an implication on
performance
▪ E(KA-, H(m)) and E(KB+, m) are sent so that Bob knows that it
comes from Alice by decrypting the message digest with her public
key and m is also protected from eavesdropping

91
▪ The message digest can be encrypted using symmetric encryption
if it is assumed that only the sender and receiver share the
encryption key

Using Symmetric Encryption


▪ The public-key approach has two advantages: (1) It provides a
digital signature as well as message integrity. (2) It does not
require the distribution of keys to communicating parties 92
▪ Message Authentication Code (MAC)
▪ Some hash functions require a key; others do not
▪ When encryption is used with hashing, it is extremely expensive
▪ Without encryption, Trudy can claim to be Alice and send a
bogus message m’ and H(M’) to Bob - Masquerading
▪ To perform message integrity, in addition to a hash function,
Alice and Bob will need a shared secret s, which is just a string
of bits called the authentication key, but distributing s has the
same problem as a symmetric key – see later for the solution
▪ Steps
▪ Alice concatenates s with m to create m+s and calculates the
hash h=H(M+s); h is called a Message Authentication Code
(MAC)
▪ Alice appends the MAC to m and sends the extended
message (m, h) to Bob – no encryption
▪ Bob calculates H(m+s) and compares it with h since he
knows s
93
▪ Properties of Hash Functions
▪ One-way function: It is computationally infeasible to find m that
corresponds to a known output of h
▪ Or given a hash value h it should be difficult to find the
message m such that h = H(m)
▪ That means you cannot “unhash” something
▪ Collision resistance
▪ Weak-collision resistance: It is computationally infeasible,
given m and H, to find m’ ≠ m such that H(m) = H(m’)
▪ Strong-collision resistance: Given H, it is computationally
infeasible to find any two different input values m and m’,
such that H(m) = H(m’)
▪ The output is of fixed-length no matter what input is given. This
is exactly how Windows stores passwords. For example, if the
password is password, then Windows will first hash it
producing something like:
0BD181063899C9239016320B50D3E896693A96DF 94
▪ It then stores it in the SAM (Security Accounts Manager) file in the
Windows System directory. When you log on, Windows cannot
unhash your password (remember it is one-way). So, what
Windows does is take whatever password you type in, hash it,
and then compare the result with what is in the SAM file. If they
match (exactly), then you can log in
▪ Caution: password remains invisible while being entered, but
▪ it is transferred in clear from keyboard to memory
▪ it is present in clear in memory for a short time
▪ Hence, beware of eavesdropping and password sniffers!

95
▪ Hashing also has other applications
▪ For example, it can be used for intrusion detection and virus
detection. Store H(F) for each file on a system and secure the
hash values (e.g., on a CD-R that is kept secure). One can
later determine if a file has been modified by recomputing
H(F). An intruder would need to change F without changing
H(F)

96
3.3.3 Symmetric Key Distribution
▪ For symmetric encryption to work, the two parties to an
exchange must share the same key, and that key must be
protected from access by others
▪ Frequent key changes are usually desirable to limit the amount
of data compromised if an attacker learns the key
▪ Symmetric Key Distribution Using Symmetric Encryption
▪ Key distribution can be achieved in a number of ways. For two
parties A and B, the following can be used
1. A key could be selected by A and physically delivered to B
2. A third party could select the key and physically deliver it to A
and B
▪ The above two are manual delivery of a key and difficult in
a distributed system where any given host or terminal
may need to engage in exchanges with many other hosts
and terminals over time and each device needs a number
of keys supplied dynamically
97
3. If A and B have previously and recently used a key, one
party could transmit the new key to the other, using the old
key to encrypt the new key
▪ The problem with this option is if an attacker ever
succeeds in gaining access to one of the keys
4. If A and B each have an encrypted connection to a third
party C, C could deliver a key on the encrypted links to A
and B
▪ This is preferable and two kinds of keys are used
▪ Permanent key: used between entities for the purpose
of distributing session keys
▪ Session key: when two end systems (hosts, terminals,
etc.) wish to communicate, they establish a logical
connection (e.g., virtual circuit). For the duration of
that logical connection, called a session, all user data
are encrypted with a one-time session key. At the
conclusion of the session, the session key is
98
destroyed
▪ Option 4 requires a Key Distribution Center (KDC) that determines
which systems are allowed to communicate with each other
▪ The operation of a KDC is as follows
1. When host A wishes to set up a connection to host B, it
transmits a connection request packet to the KDC. The
communication between A and the KDC is encrypted using a
master key (or permanent key) shared only by A and the KDC
2. If the KDC approves the connection request, it generates a
unique one-time session key. It encrypts the session key using
the permanent key it shares with A and delivers the encrypted
session key to A. Similarly, it encrypts the session key using the
permanent key it shares with B and delivers the encrypted
session key to B
3. A and B can now set up a logical connection and exchange
messages and data, all encrypted using the temporary session
key
99
▪ The automated key distribution approach provides the flexibility and
dynamic characteristics needed to allow a number of users to
access a number of servers and for the servers to exchange data
with each other. The most widely used application that implements
this approach is Kerberos (details later in Chapter 5)
▪ Benefits of Session Keys
▪ The session key is safely discarded when the channel is no
longer used
▪ When a key is used very often it becomes vulnerable. Thus by
using the permanent key less often, we make them less
vulnerable
▪ Replay attacks can be avoided (i.e., using the key later after the
session ends to pretend as one of the communicating parties)
▪ Such a combination of long-lasting and cheaper (more
temporary) session keys is a good choice

100
▪ Symmetric Key Distribution Using Asymmetric Encryption
▪ Because of the inefficiency of public key cryptosystems, they
are almost never used for the direct encryption of sizable block
of data, but are limited to relatively small blocks
▪ One of the most important uses of a public-key cryptosystem is
to encrypt secret keys for distribution
▪ Assume that A and B have exchanged public keys
1. A uses B’s public key to encrypt a message (m1) to B
containing an identifier of A (IDA) and a nonce (N1), which is
used to identify this transaction uniquely
m1 = E(KB+, IDA+N1)
2. B sends a message (m2) to A encrypted with A’s public key
and containing A’s nonce N1 as well as a new nonce N2
generated by B. Because only B could have decrypted
message m1, the presence of N1 in message m2 assures A
that the correspondent is B
101
m2 = E(KA+, N1+N2)
3. A returns N2, encrypted using B’s public key, to assure B
that its correspondent is A
m = E(KB+, N2)
4. A selects a secret key Ks and sends M = E(KB+, E(KA-, Ks))
to B. Encryption of this message with B’s public key ensures
that only B can read it; encryption with A’s private key
ensures that only A could have sent it
5. B computes to recover the secret key
▪ This scheme ensures both confidentiality and authentication
(steps 1 and 2) in the exchange of a secret key

102
3.3.4 Public Key Distribution
▪ Public Announcement of Public Keys
▪ Send a public key to any other participant or broadcast the
key to the community
▪ But anyone can forge such a public announcement, i.e.,
some user could pretend to be a legitimate user and send a
public key to another participant or broadcast it; or Trudy can
send Alice a public key pretending to be Bob
▪ Public-key Infrastructure
▪ We need a body that certifies the public key is that of the
party (a person, a router, etc.) we wish to communicate with,
i.e., Certification/Certificate Authority (CA) that signs
(certifies) the public key; an example is VeriSign
▪ Public-Key Infrastructure (PKI) is the set of hardware,
software, people, policies, and procedures needed to create,
manage, store, distribute, and revoke digital certificates
based on asymmetric cryptography 103
▪ Users publish certificates with the X.509 standard (for formatting
certificates)
▪ A certificate is a public key and some naming “stuff”, digitally
signed by someone you trust (third party), i.e., the CA
▪ The resulting certificate will contain information like user’s
name/ID, user’s public key, name of CA, start date of certificate,
and length of time it is valid
▪ When Bob sends a message (encrypted with his private key) and
his CA-signed certificate, Alice uses the CA’s public key to check
the validity of Bob’s certificate and extract Bob’s public key
▪ The Internet Engineering Task Force (IETF) Public Key
Infrastructure X.509 (PKIX) working group has been the driving
force for deploying a certificate-based architecture on the Internet

▪ Read more about the Internet Engineering Task Force (IETF)


Public Key Infrastructure X.509 (PKIX)
104
3.4 Concluding Remarks about Encryption
▪ Symmetric Cryptography
▪ Advantage: It is efficient
▪ Disadvantage: It is impractical for exchanging messages with a
large group of previously unknown correspondents over a public
network, e.g., in e-commerce, for a merchant to conduct
transactions securely with millions of customers, each customer
would need a distinct key assigned by that merchant and
transmitted over a separate secure channel
▪ Asymmetric Cryptography
▪ Advantage: It allows for secrecy between two parties who have
not arranged in advance to have a shared key (or trusted some
third party to give it to them)
▪ Disadvantage: inefficient
▪ Therefore, in practice, hybrid systems use public-key to establish
session key for symmetric encryption
105
▪ Legitimate Versus Fraudulent Encryption Methods
▪ Dozens of encryption methods are released to the public for free
or are patented and sold for profit every year. However, it is
important to realize that this particular area of the computer
industry is full of fraud
▪ Search (Google) for encryption to find many advertisements for
the latest and greatest “unbreakable” encryption
▪ How do you separate legitimate encryption methods from
frauds?
▪ Here are some warning signs
▪ Unbreakable: there is no such thing as an unbreakable code
▪ There are codes that have not yet been broken
▪ There are codes that are very hard to break
▪ But when someone claims that their method is “completely
unbreakable”, be suspicious 106
▪ Certified: There is no recognized certification process for
encryption methods. Therefore, any “certification” the company
has is totally worthless
▪ Inexperienced people: A company is marketing a new encryption
method
▪ What is the experience of the people working with it?
▪ Does the cryptographer have a background in maths,
encryption, or algorithms?
▪ If not, has s/he submitted the method to experts in peer-
reviewed journals?
▪ Or, is s/he at least willing to disclose how the method works so
that it can be fairly judged?
▪ Some claim that you should only use widely known methods
such as Blowfish and PGP (Pretty Good Privacy – to be briefly
covered in Chapter 4 - Network Security Concepts and
107
Mechanisms)
▪ Older is better
▪ In Cryptography, Older is better
▪ It is usually unwise to use the “latest thing” in encryption for the
simple reason that it is unproven
▪ An older encryption method, provided it has not yet been broken,
is usually a better choice because it has been subjected to years
of examination by experts and to cracking attempts by both
experts and less honorably motivated individuals

108

You might also like