Chapter 2 : Cryptography Lecture #1-Week 3 Dr.Khalid, Dr. Mohannad Information Security 1 CIT460 Information Security Dr.Khalid, Dr. Mohannad
2 Block Cipher Modes of Operation and Stream Ciphers CIT460 Information Security Dr.Khalid, Dr. Mohannad
Outline We will discuss How to use block ciphers? RC4: a widely used stream cipher Problems with WEP’s use of RC4 3 CIT460 Information Security Dr.Khalid, Dr. Mohannad
How to use a block cipher? Block ciphers encrypt fixed-size blocks e.g. DES encrypts 64-bit blocks We need some way to encrypt a message of arbitrary length e.g. a message of 1000 bytes NIST defines several ways to do it called modes of operation 4 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Five Modes of Operation Electronic codebook mode (ECB) Cipher block chaining mode (CBC) – most popular Output feedback mode (OFB) Cipher feedback mode (CFB) Counter mode (CTR) 5 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Message Padding The plaintext message is broken into blocks, P 1, P 2, P 3,... The last block may be short of a whole block and needs padding. Possible padding: Known non-data values (e.g. nulls) Or a number indicating the size of the pad Or a number indicating the size of the plaintext The last two schemes may require an extra block. 6 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Electronic Code Book (ECB) The plaintext is broken into blocks, P 1, P 2, P 3,... Each block is encrypted independently: C i = E K (P i ) For a given key, this mode behaves like we have a gigantic codebook, in which each plaintext block has an entry, hence the name Electronic Code Book 7 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Remarks on ECB Strength: it’s simple. Weakness: Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. If the same message (e.g., an SSN) is encrypted (with the same key) and sent twice, their ciphertexts are the same. Typical application: secure transmission of short pieces of information (e.g. a temporary encryption key) 8 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Cipher Block Chaining (CBC) 9 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Cipher Block Chaining (CBC) 10 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Remarks on CBC The encryption of a block depends on the current and all blocks before it. So, repeated plaintext blocks are encrypted differently. Initialization Vector (IV) Must be known to both the sender & receiver Typically, IV is either a fixed value or is sent encrypted in ECB mode before the rest of ciphertext. 11 CIT460 Information Security Dr.Khalid, Dr. Mohannad
CIT460 Information Security Dr.Khalid M.O Nahar 12 Chapter 2 : Cryptography Lecture #2-Week 3 Dr.Khalid, Dr. Mohannad Information Security
13 Public-Key Cryptography- Asymmetric Encryption probably most significant advance in the 3000 year history of cryptography uses two keys – a public & a private key asymmetric since parties are not equal uses clever application of number theoretic concepts to function complements rather than replaces private key crypto
14 Public-Key Cryptosystems CIT460 Information Security Dr.Khalid, Dr. Mohannad
15 Public-Key Applications can classify uses into 3 categories: encryption/decryption (provide secrecy) digital signatures (provide authentication) key exchange (of session keys) some algorithms are suitable for all uses, others are specific to one CIT460 Information Security Dr.Khalid, Dr. Mohannad
16 Security of Public Key Schemes like private key schemes brute force exhaustive search attack is always theoretically possible but keys used are too large (>512bits) security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalysis) problems more generally the hard problem is known, its just made too hard to do in practise requires the use of very large numbers hence is slow compared to secret key schemes CIT460 Information Security Dr.Khalid, Dr. Mohannad
17 Public key encryption algorithms need K ( ) and K ( ) such that BB.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm +- K (K (m)) = m B B CIT460 Information Security Dr.Khalid, Dr. Mohannad
18 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B - CIT460 Information Security Dr.Khalid, Dr. Mohannad
19 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens! c CIT460 Information Security Dr.Khalid, Dr. Mohannad
20 RSA example: Hani chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. letter m m e c = m mod n e l c m = c mod n d c d letter l Encrypt: Decrypt: CIT460 Information Security Dr.Khalid, Dr. Mohannad
21 RSA: Why is that m = (m mod n) e mod n d (m mod n) e mod n = m mod n d ed Useful number theory result: If p,q prime and n = pq, then: x mod n = x mod n yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 ) CIT460 Information Security Dr.Khalid, Dr. Mohannad
22 What We Have Covered So Far Symmetric encryption Public encryption Data Integrity Digital Signature Key distribution CIT460 Information Security Dr.Khalid, Dr. Mohannad
Chapter 2 : Cryptography Lecture #2-Week 3 cont. Dr.Khalid, Dr. Mohannad Information Security 23 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Hash Algorithms see similarities in the evolution of hash functions & block ciphers increasing power of brute-force attacks leading to evolution in algorithms from DES to AES in block ciphers from MD4 & MD5 to SHA-1 & RIPEMD- 160 in hash algorithms likewise tend to use common iterative structure as do block ciphers 24 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Data integrity Data integrity is the data security service by which the data are protected from unauthorized or accidental modification. Hash function is a cryptographic tool that is used to ensure the integrity of data. It is also called a Manipulation Detection Code (MDC, for short). 25 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Properties of Hash function (A) Compression function Hash function is a function h: M Y that has, as a minimum, two properties: it compresses a sequence m M of bits of arbitrary length, including the empty sequence, into a sequence h(m) Y of the constant (fixed) length, for any m M it is easy to compute h(m). 26 CIT460 Information Security Dr.Khalid, Dr. Mohannad
(B) Collision resistance Apart from the property of compression and ease of computation a hash function should have additionally other potential properties: one-way – for almost all y Y it is computationally infeasible to find any input m M such that h(m)=y; weak collision resistance – for a given m it is computationally infeasible to find a second input m' such that h(m)= h(m'); strong collision resistance – it is computationally infeasible to find any two distinct inputs m and m' such that h(m)= h(m'). 27 CIT460 Information Security Dr.Khalid, Dr. Mohannad
General model of the hash function h H i = (m i, H i–1 ) for i = 1,2,…,t, h(m) = ψ(H t ), m 1, m 2,…,m t–1 IV – Initial value 28 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Computational complexity theory P: computationally feasible problem means a decision problem which can be resolved (computed) in polynomial time by means of a deterministic device (machine). NP: computationally infeasible problem can be resolved in polynomial time by the use of a nondeterministic device or in exponential time using a deterministic device P NP One way Function 29 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Diagram of hash function 30 CIT460 Information Security Dr.Khalid, Dr. Mohannad
MD5 designed by Ronald Rivest (the R in RSA) latest in a series of MD2, MD4 produces a 128-bit hash value until recently was the most widely used hash algorithm in recent times have both brute-force & cryptanalytic concerns specified as Internet standard RFC CIT460 Information Security Dr.Khalid, Dr. Mohannad
Secure Hash Algorithm (SHA-1) SHA was designed by NIST & NSA in 1993, revised 1995 as SHA-1 US standard for use with DSA signature scheme standard is FIPS , also Internet RFC3174 nb. the algorithm is SHA, the standard is SHS produces 160-bit hash values now the generally preferred hash algorithm based on design of MD4 with key differences 32 CIT460 Information Security Dr.Khalid, Dr. Mohannad
33 Digital Signatures Simple digital signature for message m: Hani signs m by encrypting with his private key K B, creating “signed” message, K B (m) - - Dear Suha Oh, how I have missed you. I think of you all the time! …(blah blah blah) Hani Hani’s message, m Public key encryption algorithm Hani’s private key K B - Hani’s message, m, signed (encrypted) with his private key K B - (m) CIT460 Information Security Dr.Khalid, Dr. Mohannad
34 Digital Signatures (more) Suppose Suha receives msg m, digital signature K B (m) Suha verifies m signed by Hani by applying Hani’s public key K B to K B (m) then checks K B (K B (m) ) = m. If K B (K B (m) ) = m, whoever signed m must have used Hani’s private key. Suha thus verifies that: üHani signed m. üNo one else signed m. üHani signed m and not m’. Non-repudiation: Suha can take m, and signature K B (m) to court and prove that Hani signed m CIT460 Information Security Dr.Khalid, Dr. Mohannad
Introduction Definition of digital signature Main goals of digital signature Symmetric key signature Asymmetric key signature Message digits signature Some problems Solutions Main components of DS Conclusions Digital Signatures (more) 35 CIT460 Information Security Dr.Khalid, Dr. Mohannad
What is digital signature? A digital signature is the electronic equivalent of a handwritten signature, verifying the authenticity of electronic documents. In fact, digital signatures provide even more security than their handwritten counterparts. 36 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Algorithm Conditions The receiver can verify the claimed identity of the sender The sender cannot later deny the content of the message The receiver himself cannot have the possible of falsify the message. 37 CIT460 Information Security Dr.Khalid, Dr. Mohannad
More benefits of using Digital Signature It insures by means of verification and validation that the user is whom he/she claims to be. Digital certificates insure data Integrity giving the user piece of mind that the message or transaction has not been accidentally or maliciously altered. 38 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Digital certificates ensure confidentiality and ensure that messages can only be read by authorized intended recipients. Digital certificates also verify date and time so that senders or recipients can not dispute if the message was actually sent or received. More benefits cont. 39 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Symmetric key signature Suha Suha’s key Hani Hani’s key 40 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Schema of symmetric Digital Signature Suha key Trust Side Suha key Trust S. key Hani’s key 41 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Asymmetric key signature Suha public key Suha private key Suha 42 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Hani’s keys Hani’s Public key Hani’s Private key Hani 43 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Sending message from Suha to Hani by using digital signature Suha private key Hani’s Public key 44 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Hani verify the message Suha’s Public key Hani’s private key 45 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Digital signature by using message digest Hash Result Hash Message Suha’s private key 46 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Hani verify the message digest Hash Suha’s Public key dividing IF THEN OK ELSE BAD 47 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Some problems Replying of the same message Fresh less of the message Responding of the receiver 48 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Solutions Generating a pseudo number for every sent message Time stamping The receiver must do the same operation that the sender did. 49 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Components that a digital signature Your public key, private key Receiver public, private key Your name and address Name of receiver and address Expiration date of the public key Name of the company Serial number of the Digital ID Digital signature of the CA (certification Authority) Time stamping 50 CIT460 Information Security Dr.Khalid, Dr. Mohannad
How long do digital signatures remain valid? Normally, a key expires after some period of time, such as one year, and a document signed with an expired key should not be accepted. However, there are many cases where it is necessary for signed documents to be regarded as legally valid for much longer than two years; long-term leases and contracts are examples. By registering the contract with a digital time-stamping service at the time it is signed, the signature can be validated even after the key expires. 51 CIT460 Information Security Dr.Khalid, Dr. Mohannad
Conclusion AAuthentication. AAsymmetric DS is more common than symmetric ones. WWe have two general methods of DS: SSecret without using message digest OOvert by using message digest 52 CIT460 Information Security Dr.Khalid, Dr. Mohannad
53 Key Distribution symmetric schemes require both parties to share a common secret key issue is how to securely distribute this key often secure system failure due to a break in the key distribution scheme CIT460 Information Security Dr.Khalid, Dr. Mohannad
54 Key Distribution given parties A and B have various key distribution alternatives: 1.A can select key and physically deliver to B 2.third party can select & deliver key to A & B 3.if A & B have communicated previously can use previous key to encrypt a new key 4.if A & B have secure communications with a third party C, C can relay key between A & B CIT460 Information Security Dr.Khalid, Dr. Mohannad
55 Trusted Intermediaries Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC) acting as intermediary between entities Public key problem: When Suha obtains Hani’s public key (from web site, , diskette), how does she know it is Hani’s public key, not Trudy’s? Solution: trusted certification authority (CA) CIT460 Information Security Dr.Khalid, Dr. Mohannad
56 Key Distribution Center (KDC) Suha, Hani need shared symmetric key. KDC: server shares different secret key with each registered user (many users) Suha, Hani know own symmetric keys, K A-KDC K B-KDC, for communicating with KDC. K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC K P-KDC KDC CIT460 Information Security Dr.Khalid, Dr. Mohannad
57 Key Distribution Center (KDC) Suha knows R1 Hani knows to use R1 to communicate with Suha Suha and Hani communicate: using R1 as session key for shared symmetric encryption Q: How does KDC allow Hani, Suha to determine shared symmetric secret key to communicate with each other? KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) ) CIT460 Information Security Dr.Khalid, Dr. Mohannad
58 Distribution of Public Keys can be considered as using one of: Public announcement Publicly available directory Public-key authority Public-key certificates CIT460 Information Security Dr.Khalid, Dr. Mohannad
59 Public Announcement users distribute public keys to recipients or broadcast to community at large eg. append PGP keys to messages or post to news groups or list major weakness is forgery anyone can create a key claiming to be someone else and broadcast it until forgery is discovered can masquerade as claimed user CIT460 Information Security Dr.Khalid, Dr. Mohannad
CIT460 Information Security Dr.Khalid M.O Nahar 60 Publicly Available Directory can obtain greater security by registering keys with a public directory directory must be trusted with properties: contains {name,public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically still vulnerable to tampering or forgery
CIT460 Information Security Dr.Khalid M.O Nahar 61 Public-Key Authority improve security by tightening control over distribution of keys from directory has properties of directory and requires users to know public key for the directory then users interact with directory to obtain any desired public key securely does require real-time access to directory when keys are needed
62 CIT460 Information Security Dr.Khalid, Dr. Mohannad Public-Key Authority
63 CIT460 Information Security Dr.Khalid, Dr. Mohannad Public-Key Certificates certificates allow key exchange without real-time access to public-key authority a certificate binds identity to public key usually with other info such as period of validity, rights of use etc with all contents signed by a trusted Public-Key or Certificate Authority (CA) can be verified by anyone who knows the public-key authorities public-key
CIT460 Information Security Dr.Khalid M.O Nahar 64 Public-Key Certificates
65 A certificate contains: Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer CIT460 Information Security Dr.Khalid, Dr. Mohannad