Chapter 7 Overview

(1)

1

CCNA Security

Chapter Seven

Cryptographic Systems

(2)

Lesson Planning

•

• This lesson should take 3-4 hours to present

This lesson should take 3-4 hours to present

•

• The lesson should include lecture,

The lesson should include lecture,

demonstrations, discussions and assessments

•

• The lesson can be taught in person or using

The lesson can be taught in person or using

remote instruction

(3)

Major Concepts

•

• Describe how the types of encryption, hashes,

Describe how the types of encryption, hashes,

and digital signatures work together to provide

confidentiality, integrity, and authentication

•

• Describe the mechanisms to ensure data

Describe the mechanisms to ensure data

integrity and authentication

•

• Describe the mechanisms used to ensure data

Describe the mechanisms used to ensure data

confidentiality

•

• Describe the mechanisms used to ensure data

Describe the mechanisms used to ensure data

confidentiality and authentication using a public

key

(4)

Lesson Objectives

Upon completion of this lesson, the successful participant

will be able to:

1.

1. Describe the requirements of secure communications includingDescribe the requirements of secure communications including integrity, authentication, and confidentiality

integrity, authentication, and confidentiality 2.

2. Describe cryptography and provide an exampleDescribe cryptography and provide an example 3.

3. Describe cryptanalysis and provide an exampleDescribe cryptanalysis and provide an example 4.

4. Describe the importance and functions of cryptographic hashesDescribe the importance and functions of cryptographic hashes 5.

5. Describe the features and functions of the MD5 algorithm and ofDescribe the features and functions of the MD5 algorithm and of the SHA-1 algorithm

the SHA-1 algorithm 6.

6. Explain how we can ensure authenticity using HMACExplain how we can ensure authenticity using HMAC 7.

(5)

Lesson Objectives

8.

8. Describe how encryption algorithms provide confidentialityDescribe how encryption algorithms provide confidentiality 9.

9. Describe the function of the DES algorithmsDescribe the function of the DES algorithms 10.

10. Describe the function of the 3DES algorithmDescribe the function of the 3DES algorithm 11.

11. Describe the function of the AES algorithmDescribe the function of the AES algorithm 12.

12. Describe the function of the Software Encrypted AlgorithmDescribe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithm

(SEAL) and the Rivest ciphers (RC) algorithm 13.

13. Describe the function of the DH algorithm and its supporting roleDescribe the function of the DH algorithm and its supporting role to DES, 3DES, and AES

to DES, 3DES, and AES 14.

14. Explain the differences and their intended applicationsExplain the differences and their intended applications 15.

15. Explain the functionality of digital signaturesExplain the functionality of digital signatures 16.

16. Describe the function of the RSA algorithmDescribe the function of the RSA algorithm 17.

(6)

Lesson Objectives

18.

18. Describe the various PKI standardsDescribe the various PKI standards 19.

19. Describe the role of CAs and the digital certificates that theyDescribe the role of CAs and the digital certificates that they issue in a PKI

issue in a PKI 20.

(7)

Secure Communications

•

• Traffic between sites must be secureTraffic between sites must be secure •

• Measures must be taken to ensure Measures must be taken to ensure it cannot be altered, forged, orit cannot be altered, forged, or deciphered if intercepted deciphered if intercepted MARS MARS Remote Branch Remote BranchVPNVPN VPN VPN Iron Port Iron Port Firewall Firewall IPS IPS CSA CSA Web Web Server Server Email Email Server Server DNSDNS CSA CSA CSA CSA CSACSA CSA CSA CSA CSA CSA CSA CSA CSA

(8)

Authentication

•

• An ATM Personal

An ATM Personal

Information Number (PIN)

is required for

authentication.

•

• The PIN is a shared

The PIN is a shared

secret between a bank

account holder and the

financial institution.

(9)

Integrity

•

• An unbroken wax seal on an envelop ensures integrity.

An unbroken wax seal on an envelop ensures integrity.

•

• The unique unbroken seal ensures no one has read the

The unique unbroken seal ensures no one has read the

contents.

(10)

Confidentiality

•

• Julius CaesarJulius Caesar would send would send encrypted encrypted messages to his messages to his generals in the generals in the battlefield. battlefield. • • Even ifEven if intercepted, his intercepted, his enemies usually enemies usually could not read, let could not read, let alone decipher, alone decipher, the messages. the messages. I O D Q N H D V W I O D Q N H D V W D W W D F N D W G D Z Q D W W D F N D W G D Z Q

(11)

History

Scy

Scytaltale -e - (70(700 BC)0 BC)

Jefferson encryption device Jefferson encryption device

Vigenère table Vigenère table

German Enigma Machine German Enigma Machine

(12)

Transposition Ciphers

F...K...T...T...A...W. F...K...T...T...A...W. .L.N.E.S.A.T.A.K.T.A.N .L.N.E.S.A.T.A.K.T.A.N ..A...A...T...C...D... ..A...A...T...C...D... Ciphered Text Ciphered Text 3 3 FKTTAW FKTTAW LNESATAKTAN LNESATAKTAN AATCD AATCD

The clear text message would be The clear text message would be encoded using a key of 3.

encoded using a key of 3.

1 1

FLANK EAST FLANK EAST ATTACK AT ATTACK AT DAWNDAWN

Use a rail fence cipher and a Use a rail fence cipher and a key of 3.

key of 3.

2 2

The clear text message would The clear text message would appear as follows.

appear as follows.

Clear Text Clear Text

(13)

Substitution Ciphers

Caesar Cipher

Cipherered text Cipherered text 3 3 IODQN HDVW IODQN HDVW DWWDFN DW GDZQ DWWDFN DW GDZQ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 1

FLANK EAST FLANK EAST ATTACK AT D ATTACK AT DAWNAWN

Shift the top Shift the top scroll over by scroll over by three characters three characters (key of 3), (key of 3), an Aan A becomes D, B becomes D, B becomes E, and becomes E, and so on. so on. 2 2

The clear text message would The clear text message would be encrypted as follows using a be encrypted as follows using a key of 3.

key of 3.

Clear text Clear text

(14)

Cipher Wheel

Cipherered text Cipherered text 3 3 IODQN HDVW IODQN HDVW DWWDFN DW GDZQ DWWDFN DW GDZQ

1 1

FLANK EAST FLANK EAST ATTACK AT ATTACK AT DAWNDAWN

Shifting the inner wheel by 3, then Shifting the inner wheel by 3, then the

the A becomes D, B becomes A becomes D, B becomes E,E, and so on.

and so on.

2 2

The clear text message would The clear text message would

appear as follows using a key of 3. appear as follows using a key of 3.

Clear text Clear text

(15)

Vigen

ѐ

_{re Table}

a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z A A a b c d e f a b c d e f g h i j k l m g h i j k l m n o p q r s t n o p q r s t u v w x y zu v w x y z B B b c d e f g b c d e f g h i j k l m n h i j k l m n o p q r s t u o p q r s t u v w x y z av w x y z a C C c d e f g h c d e f g h i j k l m n o i j k l m n o p q r s t u v p q r s t u v w x y z a bw x y z a b D D d e f g h i d e f g h i j k l m n o p j k l m n o p q r s t u v w q r s t u v w x y z a b cx y z a b c E E e f g h i j e f g h i j k l m n o p q k l m n o p q r s t u v w x r s t u v w x y z a b c dy z a b c d F F f g h i j k f g h i j k l m n o p q r l m n o p q r s t u v w x y s t u v w x y z a b c d ez a b c d e G G g h i j k l g h i j k l m n o p q r s m n o p q r s t u v w x y z t u v w x y z a b c d e fa b c d e f H H h i j k l m h i j k l m n o p q r s t n o p q r s t u v w x y z a u v w x y z a b c d e f gb c d e f g I I i j k l m n i j k l m n o p q r s t u o p q r s t u v w x y z a b v w x y z a b c d e f g hc d e f g h J J j k l m n o j k l m n o p q r s t u v p q r s t u v w x y z a b c w x y z a b c d e f g h id e f g h i K K k l m n o p k l m n o p q r s t u v w q r s t u v w x y z a b c d x y z a b c d e f g h i je f g h i j L L l m n o p q l m n o p q r s t u v w x r s t u v w x y z a b c d e y z a b c d e f g h i j kf g h i j k M M m n o p q r m n o p q r s t u v w x y s t u v w x y z a b c d e f z a b c d e f g h i j k lg h i j k l N N n o p q r s n o p q r s t u v w x y z t u v w x y z a b c d e f g a b c d e f g h i j k l mh i j k l m O O o p q r s t o p q r s t u v w x y z a u v w x y z a b c d e f g h b c d e f g h i j k l m ni j k l m n P P p q r s t u p q r s t u v w x y z a b v w x y z a b c d e f g h i c d e f g h i j k l m n oj k l m n o Q Q q r s t u v q r s t u v w x y z a b c w x y z a b c d e f g h i j d e f g h i j k l m n o pk l m n o p R R r s t u v w r s t u v w x y z a b c d x y z a b c d e f g h i j k e f g h i j k l m n o p ql m n o p q S S s t u v w x s t u v w x y z a b c d e y z a b c d e f g h i j k l f g h i j k l m n o p q rm n o p q r T T t u v w x y t u v w x y z a b c d e f z a b c d e f g h i j k l m g h i j k l m n o p q r sn o p q r s U U u v w x y z u v w x y z a b c d e f g a b c d e f g h i j k l m n h i j k l m n o p q r s to p q r s t V V v w x y z a v w x y z a b c d e f g h b c d e f g h i j k l m n o i j k l m n o p q r s t up q r s t u W W w x y z a b w x y z a b c d e f g h i c d e f g h i j k l m n o p j k l m n o p q r s t u vq r s t u v X X x y z a b c x y z a b c d e f g h i j d e f g h i j k l m n o p q k l m n o p q r s t u v wr s t u v w Y Y y z a b c d y z a b c d e f g h i j k e f g h i j k l m n o p q r l m n o p q r s t u v w xs t u v w x Z Z z a b c d e z a b c d e f g h i j k l f g h i j k l m n o p q r s m n o p q r s t u v w x yt u v w x y

(16)

Stream Ciphers

•

• Invented by the Norwegian Army Signal

Invented by the Norwegian Army Signal

Corps in 1950, the ETCRRM machine

uses the Vernam stream cipher method.

•

• It was used by the US and Russian

It was used by the US and Russian

governments to exchange information.

•

• Plain text message is eXclusively OR'ed

Plain text message is eXclusively OR'ed

with a key tape containing a random

stream of data of the same length to

generate the ciphertext.

•

• Once a message was enciphered the

Once a message was enciphered the

key tape was destroyed.

•

(17)

Defining Cryptanalysis

Cryptanalysis is from the Greek words kryptós (hidden), and analýein Cryptanalysis is from the Greek words kryptós (hidden), and analýein (to loosen or to untie). It is the

(to loosen or to untie). It is the practice and the study of determiningpractice and the study of determining the meaning of encrypted information (cracking the code), without the meaning of encrypted information (cracking the code), without access to the shared secret key.

access to the shared secret key.

Allies decipher secret

NAZI encryption code!

(18)

Cryptanalysis Methods

Known Ciphertext Known Ciphertext

Brute Force Attack

With a Brute Force attack, the attacker has some portion of With a Brute Force attack, the attacker has some portion of

ciphertext. The attacker attempts to unencrypt the ciphertext with ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys.

all possible keys.

Successfully Successfully Unencrypted Unencrypted Key found Key found

(19)

Meet-in-the-Middle Attack

With a Meet-in-the-Middle attack, the attacker has some portion of text With a Meet-in-the-Middle attack, the attacker has some portion of text in both plaintext and ciphertext. The attacker attempts to unencr

in both plaintext and ciphertext. The attacker attempts to unencryptypt

the ciphertext with all possible keys while at the same time encrypt the the ciphertext with all possible keys while at the same time encrypt the plaintext with another set of possible keys until one match is found. plaintext with another set of possible keys until one match is found.

K

Knnoowwn n CCiipphheerrtteexxtt KKnnoowwn n PPllaaiinntteexxtt

Use every possible Use every possible

decryption key until a result decryption key until a result is

is found found matching matching thethe corresponding plaintext. corresponding plaintext.

Use every possible Use every possible encryption key until a encryption key until a result

result is is found found matchingmatching the corresponding the corresponding ciphertext. ciphertext. MATCH of MATCH of Ciphertext! Ciphertext! Key found Key found

(20)

Choosing a Cryptanalysis Method

Cipherered text Cipherered text 2 2 IO IODDQN HQN HDD V V W W D D WW WWDDFNFN DD W W GGDDZQZQ

There are 6 occurrences of the cipher There are 6 occurrences of the cipher letter D and 4 occurrences of the cipher letter D and 4 occurrences of the cipher letter W.

letter W.

Replace the cipher letter D first with Replace the cipher letter D first with popular

popular clear text clear text letters including letters including E, TE, T,, and finally A.

and finally A. T

Trying A rying A would rwould reveal the shift eveal the shift pattern of pattern of 3.3.

1

1 The graph outlines theThe graph outlines the_{frequency of letters in the}_{frequency of letters in the}

English language. English language.

For example, the letters E, For example, the letters E, T and A are the most

T and A are the most popular.

(21)

Defining Cryptology

Cryptography Cryptography

Cryptology

+

Cryptanalysis Cryptanalysis

(22)

Cryptanalysis

(23)

Cryptographic Hashes, Protocols,

and Algorithm Examples

IInntteeggrriittyy AAuutthheennttiiccaattiioonn CCoonnffiiddeennttiiaalliittyy

MD5 MD5 SHA SHA HMAC-MD5 HMAC-MD5 HMAC-SHA-1 HMAC-SHA-1 RSA and DSA RSA and DSA

DES DES 3DES 3DES AES AES SEAL SEAL RC RC (RC2, RC4, RC5, and RC6)(RC2, RC4, RC5, and RC6)

N

NIIS

ST

T

R

Riivve

esstt

HASH

HASH w/Key

Encryption

(24)

Hashing Basics

•

• Hashes are used for

Hashes are used for

integrity assurance.

•

• Hashes are based on

Hashes are based on

one-way functions.

•

• The hash function hashes

The hash function hashes

arbitrary data into a

fixed-length digest known as

length digest known as

the hash value, message

digest, digest, or

fingerprint.

Data of Arbitrary Data of Arbitrary Length Length Fixed-Length Fixed-Length Hash Value

(25)

Hashing Properties

X

Why is x not in Why is x not in Parens? Parens?

h

e883aa0b24c09fe883aa0b24c09f

H

(H)

Why is H in Why is H in Parens? Parens?

=

(x)

h

Hash Hash Value Value Hash Hash Function Function Arbitrary Arbitrary length text length text

(26)

Hashing in Action

•

• Vulnerable to man-in-the-middle attacksVulnerable to man-in-the-middle attacks

-- Hashing does not provide security to transmission.Hashing does not provide security to transmission.

•

• Well-known hash functionsWell-known hash functions

-- MD5 with 128-bit hashesMD5 with 128-bit hashes

-- SHA-1 with 160-bit hashesSHA-1 with 160-bit hashes

Pay to Terry Smith

$100.00

One Hundred and xx/100

Dollars

Pay to Alex Jones

$1000.00

One Thousand and

xx/100 Dollars

4ehIDx67NMop9

4ehIDx67NMop9 _{12ehqPx67NMoX}_{12ehqPx67NMoX}

Match = No changes Match = No changes No match

No match = = AlterationsAlterations

Internet

I would like to I would like to cash this cash this check. check.

(27)

MD5

•

• MD5 is a ubiquitous hashing

MD5 is a ubiquitous hashing

algorithm

•

• Hashing properties

Hashing properties

-- One-way function—easy toOne-way function—easy to compute hash and infeasible to compute hash and infeasible to compute data given a hash compute data given a hash

-- Complex sequence of simpleComplex sequence of simple binary operations (XORs, binary operations (XORs, rota

rotatiotions,ns, etcetc.) whi.) which finach finallylly produces a 128-bit hash. produces a 128-bit hash.

MD5

(28)

SHA

•

• SHA is similar in design to the MD4 and

SHA is similar in design to the MD4 and

MD5 family of hash functions

-- Takes an input message of no more than 2Takes an input message of no more than 26464 _bits_bits

-- Produces a 160-bit message digestProduces a 160-bit message digest

•

• The algorithm is slightly slower than MD5.

The algorithm is slightly slower than MD5.

•

• SHA-1 is a revision that corrected an

SHA-1 is a revision that corrected an

unpublished flaw in the original SHA.

•

• SHA-224, SHA-256, SHA-384, and SHA-

224, 256, 384, and

SHA-512 are newer and more secure versions of

512 are newer and more secure versions of

SHA and are collectively known as SHA-2.

SHA

(29)

Hashing Example

In this example the clear text enter

In this example the clear text entered is displaying hasheded is displaying hashed results using MD5, SHA-1, and SHA256. Notice the

results using MD5, SHA-1, and SHA256. Notice the difference in key lengths between the var

difference in key lengths between the various algorithm. Theious algorithm. The longer the

(30)

Features of HMAC

•

• Uses an additional secret

Uses an additional secret

key as input to the hash

function

•

• The secret key is known

The secret key is known

to the sender and receiver

-- Adds authentication toAdds authentication to integrity assurance integrity assurance

-- Defeats man-in-the-middleDefeats man-in-the-middle attacks

attacks

•

• Based on existing hash

Based on existing hash

functions, such as MD5

and SHA-1.

The same procedure is used for

generation and verification of

secure fingerprints secure fingerprints Fixed Length Fixed Length Authenticated Authenticated Hash Value Hash Value

+

SecretSecretKeyKey

Data of Arbitrary Data of Arbitrary Length Length e883aa0b24c09f e883aa0b24c09f

(31)

HMAC Example

Data Data HMAC HMAC (Authenticated (Authenticated Fingerprint) Fingerprint) Secret Secret Key Key Pay

Pay to to Terry Terry Smith Smith $100.00$100.00 One

One Hundred Hundred and and xx/100 xx/100 DollarsDollars

4ehIDx67NMop9 4ehIDx67NMop9

Pay

4ehIDx67NMop9 4ehIDx67NMop9 Received Data Received Data HMAC HMAC (Authenticated (Authenticated Fingerprint) Fingerprint) Secret Key Secret Key 4ehIDx67NMop9 4ehIDx67NMop9 Pay

If the generated HMAC matches the If the generated HMAC matches the sent HMAC, then integrity and

sent HMAC, then integrity and authenticity have been verified. authenticity have been verified. If they don’t match, discard the If they don’t match, discard the message.

(32)

Using Hashing

•

• Routers use hashing with secret keysRouters use hashing with secret keys •

• Ipsec gateways and clients use hashing algorithmsIpsec gateways and clients use hashing algorithms •

• Software images downloaded from the website have checksumsSoftware images downloaded from the website have checksums •

• Sessions can be encryptedSessions can be encrypted

Fixed-Length Hash Fixed-Length Hash Value Value e883aa0b24c09f e883aa0b24c09f Data Integrity Data Integrity Entity Authentication Entity Authentication Data Authenticity Data Authenticity

(33)

Key Management

Key

Management

Key Generation

Key Storage

Key Verification

Key Exchange

Key Revocation and Destruction

(34)

Keyspace

D

DEES S KKeeyy KKeeyyssppaaccee # # oof f PPoossssiibblle e KKeeyyss

56-bit 56-bit 22 56 56 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 72,000,000,000,000,00072,000,000,000,000,000 57-bit 57-bit 2 25757 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11 144,000,000,000,000,000144,000,000,000,000,000 58-bit 58-bit 22 58 58 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 1111 288,000,000,000,000,000288,000,000,000,000,000 59-bit 59-bit 2 25959 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 111111 576,000,000,000,000,000576,000,000,000,000,000 60-bit 60-bit 22 60 60 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 1,152,000,000,000,000,0001,152,000,000,000,000,000 

For each bit added to the DES key, the attacker would require twice the amount of time toFor each bit added to the DES key, the attacker would require twice the amount of time to search the keyspace.

search the keyspace. 

Longer keys are more secure but are also more resource intensive and can affect throughput.Longer keys are more secure but are also more resource intensive and can affect throughput. With 60-bit DES With 60-bit DES an attacker would an attacker would require sixteen require sixteen more time than more time than

56-bit DES 56-bit DES Twice as Twice as much time much time Four time as Four time as much time much time

(35)

Types of Keys

224

224 2432

2432

1

112

12

Protection up Protection up to 20 years to 20 years

192

192 1776

1776

96

160

160 1248

1248

80

Protection up Protection up to 3 years to 3 years Hash Hash Digital Digital Signature Signature Asymmetric Asymmetric Key Key Symmetric Symmetric Key Key

256

256 3248

3248

128

512

512 15424

15424

256

Protection against Protection against quantum computers quantum computers 

Calculations are based on the fact that computing power will continue toCalculations are based on the fact that computing power will continue to grow at its present rate and the ability to perform brute-force attacks will grow at its present rate and the ability to perform brute-force attacks will grow at the same rate.

grow at the same rate.



Note the comparatively short symmetric key lengths illustrating thatNote the comparatively short symmetric key lengths illustrating that symmetric algorithms are the strongest type of algorithm.

(36)

Shorter keys = faster

processing, but less secure

Longer keys = slower

processing, but more

secure

Key Properties

(37)

Confidentiality and the OSI Model

•

• For Data Link Layer confidentiality, use proprietary link-

For Data Link Layer confidentiality, use proprietary

link-encrypting devices

encrypting devices

•

• For Network Layer confidentiality, use secure Network

For Network Layer confidentiality, use secure Network

Layer protocols such as the IPsec protocol suite

•

• For

For Session

Session Layer

Layer confidentiality,

confidentiality, use

use protocols

protocols such

such as

as

Secure Sockets Layer (SSL) or Transport Layer Security

(TLS)

•

• For Application Layer confidentiality, use secure e-mail,

For Application Layer confidentiality, use secure e-mail,

secure database sessions (Oracle SQL*net), and secure

messaging (Lotus Notes sessions)

(38)

Symmetric Encryption

•

• Best known as shared-secret key algorithmsBest known as shared-secret key algorithms •

• The uThe usual sual key lkey length ength is 8is 80 -0 - 256 bi256 bitsts •

• A sender and receiver must share a secret keyA sender and receiver must share a secret key •

• Faster processing because they use simple mathematical operations.Faster processing because they use simple mathematical operations. •

• Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish.Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. K Keeyy KKeeyy

E

En

nccrryyp

ptt

D

De

eccrryyp

ptt

$1000 $1000 $!@#IQ$!@#IQ $1000$1000 Pre-shared Pre-shared key key

(39)

Symmetric Encryption and XOR

Plain

Plain T

Te

ex

xt

t

1 1 1

1 0

0 1

1 0

0 0

0 1

1 1

1 Ke

Key

y ((A

Ap

pp

plly

y)

)

0

1

0

1

0

1

0

1

1 X

XOR

OR (Cipher

(Cipher T

Te

ex

xtt)

)

1

0

1

0

0 Ke

Key

y (Re

(Re

_‐‐

A

Ap

pp

plly

y)

)

0

1

0

1

0

1

0

1

1 X

XOR

OR (Plain

(Plain T

Te

ex

xtt)

)

1

0

1

0

1

1 The XOR operator results in a 1 when the value of

The XOR operator results in a 1 when the value of

either the

first bit first bit

_{or the}

second bit second bit

_{is a 1}

The XOR operator results in a 0

The XOR operator results in a 0 when

when

neither neither

_or

both both

of the bits is 1

(40)

Asymmetric Encryption

•

• Also known as public key algorithmsAlso known as public key algorithms •

• The usual key length is 512–4096 bitsThe usual key length is 512–4096 bits •

• A sender and receiver do not share a secret keyA sender and receiver do not share a secret key •

• Relatively slow because they are based on difficult computationalRelatively slow because they are based on difficult computational algorithms

algorithms •

• Examples include RSA, ElGamal, elliptic curves, and DH.Examples include RSA, ElGamal, elliptic curves, and DH. Encryption Key

Encryption Key Decryption KeyDecryption Key

E

En

nccrryyp

ptt

D

De

eccrryyp

ptt

$1000 $1000 %3f7&4%3f7&4 $1000$1000 Two separate Two separate keys which are keys which are

not shared not shared

(41)

Asymmetric Example : Diffie-Hellman

Get Out Your Calculators?

(42)

Symmetric Algorithms

Symmetric Symmetric Encryption Encryption Algorithm Algorithm Key length Key length (in bits)

(in bits) DescriptionDescription

DES

DES 5656

Designed at IBM during the 1970s and was

Designed at IBM during the 1970s and was the NIST standard until 1997.the NIST standard until 1997. Although considered outdated, DES remains widely in use.

Although considered outdated, DES remains widely in use.

Designed to be implemented only in hardware, and is therefore extremely Designed to be implemented only in hardware, and is therefore extremely slow in software.

slow in software. 3DES

3DES 112 and 168112 and 168

Based on using DES three times which means that the input data is Based on using DES three times which means that the input data is encrypted three times and therefore cons

encrypted three times and therefore considered much stronger than DES.idered much stronger than DES. However

However, it is , it is rather slow compared to some new block rather slow compared to some new block ciphers such as AES.ciphers such as AES. AES

AES 128, 192, and 256128, 192, and 256

Fast in both software and hardware, is relatively easy to

Fast in both software and hardware, is relatively easy to implement, andimplement, and requires little

requires little memorymemory..

As a new encryption standard, it is currently being deployed on a large scale. As a new encryption standard, it is currently being deployed on a large scale. Software Software Encryption Encryption Algorithm (SEAL) Algorithm (SEAL) 160 160

SEAL is an alternative algorithm to DES,

SEAL is an alternative algorithm to DES, 3DES, and AES.3DES, and AES. It uses a 160-bit encryption key and has a lower impact

It uses a 160-bit encryption key and has a lower impact to the CPU whento the CPU when compared to other software-based algorithms.

compared to other software-based algorithms.

The RC series The RC series RC2 (40 and 64) RC2 (40 and 64) RC4 (1 to 256) RC4 (1 to 256) RC5 RC5 (0 (0 to to 2040)2040) RC6 (128, 192, RC6 (128, 192, and 256) and 256)

A set of symmetric-key encryption algorithms invented by Ron Rivest. A set of symmetric-key encryption algorithms invented by Ron Rivest. RC1 was never published and RC3 was broken before ever being used. RC1 was never published and RC3 was broken before ever being used. RC4 is the

RC4 is the world's most widely used stworld's most widely used stream cipher.ream cipher. RC6, a 128-bit block c

RC6, a 128-bit block cipher based heavily on RC5, was an AES finalistipher based heavily on RC5, was an AES finalist developed in 1997.

(43)

Symmetric Encryption Techniques

6

64 4 b

biitts

s

6

64 4b

biitts

s

6

64 4b

biitts

s

01010010110010101 01010010110010101 01010010110010101 01010010110010101 1100101 1100101 bl

blanankk blblanankk

0101

0101010001001011010101010101000100001001001000100100010011 01001010101010010101010100101010101000010001001001001000100101

Block

Block Cipher Cipher –– encryptencryption ion is is complecompletedted in 64 bit blocks

in 64 bit blocks

Stream

Stream Cipher Cipher –– encrypencryption tion is ois one bine bitt at a time

(44)

Selecting an Algorithm

D

DE

ES

S

3 3D

DE

ES

S

A

AE

ES

S

The algorithm is trusted by The algorithm is trusted by the cryptographic the cryptographic community community Been Been replaced by replaced by 3DES 3DES Y

Yeses Verdict isVerdict is still out still out The algorithm adequately

The algorithm adequately protects against brute-force protects against brute-force attacks

attacks

N

(45)

DES Scorecard

Description

Description Data Encryption StandardData Encryption Standard Timeline

Timeline Standardized 1976Standardized 1976 T

Type ype of Algorithmof Algorithm SymmetricSymmetric Key size (in bits)

Key size (in bits) 56 bits56 bits Speed

Speed MediumMedium Time to crack

Time to crack

(Assuming a computer could try (Assuming a computer could try

255 keys per second) 255 keys per second)

Days

Days (6.4 days by (6.4 days by the COPthe COPACABANA machine, a specializACABANA machine, a specializeded cracking device)

cracking device)

Resource Resource Consumption

(46)

Block Cipher Modes

D D E E S S D D E E S S D D E E S S D D E E S S D D E E S S D D E E S S D D E E S S D D E E S S D D E E S S D D E E S S Initialization Initialization Vector Vector ECB ECB CBCCBC

Message of Five 64-Bit Blocks Message of Five 64-Bit Blocks Message of Five 64-Bit Blocks

(47)

Considerations

•

• Change keys frequently to helpChange keys frequently to help prevent brute-force attacks. prevent brute-force attacks. •

• Use a secure channel toUse a secure channel to

communicate the DES key from communicate the DES key from the sender to the receiver.

the sender to the receiver. •

• Consider using DES in CBCConsider using DES in CBC mode. With CBC, the

mode. With CBC, the

encryption of each 64-bit block encryption of each 64-bit block depends on previous blocks. depends on previous blocks. •

• Test a key to see if it is a weakTest a key to see if it is a weak key before using it.

key before using it.

DES DES

(48)

3DES Scorecard

Description

Description Triple Data Encryption StandardTriple Data Encryption Standard Timeline

Timeline Standardized 1977Standardized 1977 T

Key size (in bits) 112 and 168 bits112 and 168 bits Speed

Speed LowLow Time to crack

Time to crack

4.6 Billion years with current technology 4.6 Billion years with current technology Resource

Resource Consumption

(49)

Encryption Steps

When the 3DES ciphered text When the 3DES ciphered text is received, the process is is received, the process is reversed. That is, the

reversed. That is, the

ciphered text must first be ciphered text must first be decrypted using Key 3, decrypted using Key 3,

encrypted using Key 2, and encrypted using Key 2, and finally decrypted using Key 1. finally decrypted using Key 1.

1

2

The clear text fr

The clear text from om Alice isAlice is encrypted using Key 1. That encrypted using Key 1. That ciphertext is decrypted

ciphertext is decrypted

using a different key, Key 2. using a different key, Key 2. Finally that ciphertext is Finally that ciphertext is encrypted using another encrypted using another key

(50)

AES Scorecard

Description

Description Advanced Encryption StandardAdvanced Encryption Standard Timeline

Timeline Official Standard since 2001Official Standard since 2001 T

Type oype of Algorithmf Algorithm SymmetricSymmetric Key size (in bits)

Key size (in bits) 128, 192, and 256128, 192, and 256 Speed

Speed HighHigh Time to crack

Time to crack

149 Trillion years 149 Trillion years Resource

(51)

Advantages of AES

•

• The key is much stronger due to the key

The key is much stronger due to the key length

length

•

• AES runs faster than 3DES on comparable hardware

AES runs faster than 3DES on comparable hardware

•

• AES is more efficient than DES and 3D

AES is more efficient than DES and 3DES on

ES on

comparable hardware

The plain text is now The plain text is now encrypted using 128 encrypted using 128 AES AES An attempt at An attempt at

deciphering the text deciphering the text using a lowercase, using a lowercase, and incorrect key and incorrect key

(52)

SEAL Scorecard

Description

Description Software-Optimized Encryption AlgorithmSoftware-Optimized Encryption Algorithm Timeline

Timeline First published in 1994. Current version is 3.0 (1997)First published in 1994. Current version is 3.0 (1997) T

Key size (in bits) 160160 Speed

Speed HighHigh Time to crack

Time to crack

Unknown but considered very safe Unknown but considered very safe Resource

(53)

Rivest Codes Scorecard

D

Deessccrriippttiioonn RRCC22 RRCC44 RRCC55 RRCC66 Timeline

Timeline 11998877 11998877 11999944 11999988 T

Type ype of Algorithmof Algorithm Block cipherBlock cipher StreamStream cipher

cipher BBlolocck ck ciipphheerr BBlloock ck cciipphheerr Key size (in bits)

Key size (in bits) 440 0 aannd d 6644 1 1 -- 225566

0 to 2040 0 to 2040 bits (128 bits (128 suggested) suggested) 128, 192, or 128, 192, or 256 256

(54)

DH Scorecard

Description

Description Diffie-Hellman AlgorithmDiffie-Hellman Algorithm Timeline

Timeline 19761976 T

Type ype of Algorithmof Algorithm AsymmetricAsymmetric Key size (in bits)

Key size (in bits) 512, 1024, 2048512, 1024, 2048 Speed

Speed SlowSlow Time to crack

Time to crack

(Assuming a computer could (Assuming a computer could

try 255 keys per second) try 255 keys per second)

Unknown but considered very safe Unknown but considered very safe Resource

(55)

Using Diffie-Hellman

A

Alliic

ce

e

B

Bo

ob

b

C Caallcc CCaallcc 5 566modmod2323==

8

1.

1. Alice and Bob agree to use the same two numbers. For example, theAlice and Bob agree to use the same two numbers. For example, the base numberbase number

g

g==

5

andand priprime me nunumbmberer pp==

23

2.

2. Alice now chooses aAlice now chooses a secsecret ret nunumbmbererxx==

6

.. 3.

3. Alice performs the DH algorithm:Alice performs the DH algorithm: ggxx _modulo_{modulo p}_p _{= (}_{= (}

5

66_modulo_modulo

23

23 )

)

₌₌

8 (Y)

_and_and

sends the new number

8 (Y)

to Bob.to Bob. 5

5,, 2323

5

5 ,, 23

23

6

Secret

Secret SharedShared

Shared

Shared SecretSecret

1 1 11 2 2 3 3

8

(56)

Using Diffie-Hellman

A

Alliic

ce

e

B

Bo

ob

b

6

Secret

Secret CCaallcc SShhaarreedd CCaallcc

15

5

566modmod2323==

8

4.

4. MeaMeanwhinwhile Bob hle Bob has alsas also choso chosen aen a secsecret ret numnumberberxx==

15

, performed the DH algorithm:, performed the DH algorithm: g

gxx _modulo_{modulo p}_p _{= (}_{= (}

5

1515 _modulo_{modulo 23}₂₃_{) =}_{) =}

19 (Y)

_{and sent the new number}_{and sent the new number}

19 (Y)

_to_to

Alice. Alice. 5.

5. AlAlice nice now comow computputeses YYxx _modulo_{modulo p}_p _{= (}_{= (}

19

66 _modulo_modulo

23)

₌₌

2

_..

6.

6. BoBob nob now comw computputeses YYxx _modulo_{modulo p}_p _{= (}_{= (}

8

66 _modulo_modulo

23)

₌₌

2

_..

5

51515modmod2323== 1919

19

1966modmod 2323==

2

₈₈1515_mod_mod ₂₃₂₃₌₌

2

The result (

The result (22) is the same) is the same for both Alice and Bob. for both Alice and Bob. This number can now be This number can now be used as a shared secret used as a shared secret key by the encryption key by the encryption algorithm.

algorithm.

Shared

Shared SecretSecret

8

19

4 4 4 4 5 5 6 6 5 5,, 2323

5

5 ,, 23

23

(57)

Asymmetric Key Characteristics

•

• Key length ranges from 512–4096 bits

Key length ranges from 512–4096 bits

•

• Key lengths greater than or equal to 1024 bits can be

Key lengths greater than or equal to 1024 bits can be

trusted

•

• Key lengths that are shorter than 1024

Key lengths that are shorter than 1024 bits are

bits are

considered unreliable for most algorithms

Plain Plain text text Encrypted Encrypted text

text PlainPlaintexttext

Encryption

Encryption DecryptionDecryption

Encryption Encryption Key Key Decryption Decryption Key Key

(58)

Public Key (Encrypt) + Private Key

(Decrypt) = Confidentiality

Computer Computer A A Bob’s Public Bob’s Public Key Key

Can I get your Public Key please? Can I get your Public Key please?

Here is my Public Key. Here is my Public Key. 1 1 Bob’s Public Bob’s Public Key Key 3 3 2 2 Encrypted Encrypted Text Text Bob’s Private Bob’s Private Key Key 4 4 Encryption Encryption Algorithm Algorithm Encryption Encryption Algorithm Algorithm Encrypted Encrypted Text Text Computer Computer B B Computer A acquires Computer A acquires Computer B’s public key Computer B’s public key

Computer A

Computer A uses Computer uses Computer B’sB’s public key to encrypt a message public key to encrypt a message using an agreed-upon algorithm using an agreed-upon algorithm

Computer A transmits Computer A transmits The encrypted message The encrypted message to Computer B

to Computer B

Computer B uses Computer B uses its private key to its private key to decrypt and reveal decrypt and reveal the message

(59)

Private Key (Encrypt) + Public Key

(Decrypt) = Authentication

Bob uses the public key to Bob uses the public key to

successfully decrypt the message successfully decrypt the message and authenticate that the message and authenticate that the message did, indeed, come

did, indeed, come from from Alice.Alice.

Alice’s Private Alice’s Private Key Key 1 1 EncryptedEncrypted Text Text Encryption Encryption Algorithm Algorithm Encrypted Encrypted Text Text 2 2 Alice’s Public Alice’s Public Key Key

Can I get your Public Key please? Can I get your Public Key please?

Here is my Public Key Here is my Public Key

3 3 4 4 Encryption Encryption Algorithm Algorithm Encrypted Encrypted Text Text Alice’s Public Alice’s Public Key Key Computer Computer A A ComputerComputer_B_B

Alice encrypts a message Alice encrypts a message with her private key

with her private key

Alice transmits the Alice transmits the encrypted message encrypted message to Bob

to Bob

Bob needs to verify that the message Bob needs to verify that the message actually came from Alice. He requests actually came from Alice. He requests and acquires Alice’s public key

(60)

Asymmetric Key Algorithms

Key Key length length (in bits) (in bits) Description Description DH DH 512, 1024,512, 1024, 2048 2048

Invented in 1976 by Whitfield Diffie and Martin

Invented in 1976 by Whitfield Diffie and Martin Hellman.Hellman. Tw

Two parties to agree on a key that they o parties to agree on a key that they can use to encrypt messagescan use to encrypt messages The assumption

The assumption is that it is easy to raise a number to a certain poweris that it is easy to raise a number to a certain power, but difficult, but difficult to compute which power was used

to compute which power was used given the number and the outcome.given the number and the outcome.

Digital Signature Digital Signature Standard (DSS) and Standard (DSS) and Digital Signature Digital Signature Algorithm (DSA) Algorithm (DSA) 51 512 -2 - 10102424

Created by NIST and specifies DSA as the algorithm

Created by NIST and specifies DSA as the algorithm for digital signatures.for digital signatures. A public key algorithm based on the ElGamal signature scheme.

A public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar with RSA, but is slower for

Signature creation speed is similar with RSA, but is slower for verification.verification.

RSA encryption RSA encryption

algorithms

algorithms 512 to 2048512 to 2048

Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977 Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977 Based on the current difficulty of factoring very large numbers

Based on the current difficulty of factoring very large numbers Suitable for signing as well as encryption

Suitable for signing as well as encryption Widely used in electronic commerce protocols Widely used in electronic commerce protocols

EIGamal

EIGamal 51512 -2 - 10102424

Based on the Diffie-Hellman key agreement. Based on the Diffie-Hellman key agreement. Described by T

Described by Taher Elgamal in 1984and is aher Elgamal in 1984and is used in GNU used in GNU Privacy Guard sPrivacy Guard software,oftware, PGP

PGP, , and other and other cryptosystems.cryptosystems.

The encrypted message becomes about twice the s

The encrypted message becomes about twice the size of the original messageize of the original message and for this reason it is

and for this reason it is only used for small messages such as secret only used for small messages such as secret keyskeys Elliptical curve

Elliptical curve techniques

techniques 160160

Invented by Neil Koblitz in 1987 and by Victor Miller in 1986. Invented by Neil Koblitz in 1987 and by Victor Miller in 1986. Can be used to adapt many

Can be used to adapt many cryptographic algorithmscryptographic algorithms Keys can be much smaller

(61)

Sec

Securit

urity

y Ser

Servic

vices-

es-

Dig

Digita

ital

l Sign

Signatur

atures

es

•

• Authenticates a source,

Authenticates a source,

proving a certain party

has seen, and has signed,

the data in question

•

• Signing party cannot

Signing party cannot

repudiate that it signed

the data

•

• Guarantees that the data

Guarantees that the data

has not changed from the

time it was signed

_Authenticity_Authenticity

Integrity Integrity Nonrepudiation

(62)

Digital Signatures

•

• The signature is authentic andThe signature is authentic and not forgeable:

not forgeable: The signature isThe signature is proof that the signer, and no one proof that the signer, and no one else, signed the document.

else, signed the document. •

• The signature is not reusable:The signature is not reusable:

The signature is a part of the document and cannot be moved to a The signature is a part of the document and cannot be moved to a different document.

different document. •

• The signature is unalterable:The signature is unalterable: After a document is signed, it cannotAfter a document is signed, it cannot be altered.

be altered. •

• The signature cannot be repudiatedThe signature cannot be repudiated: For legal purposes, the: For legal purposes, the

signature and the document are considered to be physical things. The signature and the document are considered to be physical things. The signer cannot claim later that they did

(63)

The Digital Signature Process

Confirm Confirm Order Order Encrypted Encrypted hash hash Confirm Confirm Order Order ____________ ____________ 0a77b3440… 0a77b3440… Signature Signature Algorithm Algorithm Signature Signature Key Key Data Data Signature Verified Signature Verified 0a77b3440… 0a77b3440… Verification Verification Key Key 0a77b3440… 0a77b3440… Signed Data Signed Data 1 1 2 2 3 3 4 4 6 6

Validity of the digital Validity of the digital signature is verified signature is verified hash hash 5 5

The sending device creates The sending device creates a hash of the document a hash of the document

The sending device The sending device encrypts only the hash encrypts only the hash with the private key with the private key of the signer

of the signer _{The signature algorithm}_{The signature algorithm} generates a digital signature generates a digital signature and obtains the public key and obtains the public key

The receiving device The receiving device accepts the document accepts the document with digital signature with digital signature

and obtains the public key and obtains the public key

Signature is Signature is verified with verified with the verification the verification key key

(64)

Code Signing with Digital Signatures

•

• The publisher of the software attaches a digital signature to theThe publisher of the software attaches a digital signature to the executable, signed with the signature key of the publisher.

executable, signed with the signature key of the publisher. •

• The user of the software needs The user of the software needs to obtain the public key of theto obtain the public key of the publisher or the CA certificate of the publisher if PKI is used. publisher or the CA certificate of the publisher if PKI is used.

(65)

DSA Scorecard

Description

Description Digital Signature Algorithm (DSA)Digital Signature Algorithm (DSA) Timeline

Timeline 19941994 T

Type ype of Algorithmof Algorithm Provides digital signaturesProvides digital signatures Advantages:

Advantages: Signature generation is fastSignature generation is fast Disadvantages:

(66)

RSA Scorecard

Description

Description Ron Rivest, Adi Shamir, and Len AdlemanRon Rivest, Adi Shamir, and Len Adleman Timeline

Timeline 19771977 T

Type ype of Algorithmof Algorithm Asymmetric algorithmAsymmetric algorithm Key size (in bits)

Key size (in bits) 55112 -2 - 22004488 Advantages:

Advantages: Signature verification is fastSignature verification is fast Disadvantages:

(67)

Properties of RSA

•

• One hundred times slower thanOne hundred times slower than DES in hardware

DES in hardware •

• One thousand times slowerOne thousand times slower than DES in software

than DES in software •

• Used to protect small amountsUsed to protect small amounts of data

of data •

• Ensures confidentiality of dataEnsures confidentiality of data thru encryption

thru encryption •

• Generates digital signatures forGenerates digital signatures for authentication and

authentication and nonrepudiation of data nonrepudiation of data

(68)

Public Key Infrastructure

Alice applies for a driver’s license. Alice applies for a driver’s license. She receives her driver’s license She receives her driver’s license after her identity is proven

after her identity is proven

..

Alice attempts to cash a check. Alice attempts to cash a check.

Her identity is accepted after her Her identity is accepted after her driver’s license is checked.