Principles of Encryption Michael Jones

Introduction to Encryption Review Data can be held in three forms: Plain text: e.g., txt, php, html Binary: e.g., jpg Encrypted Plain text documents are encoded Encoding: character for character substitution Because of machine and other requirements Examples: UTF-8 (ASCII), UTF-16, etc. Michael Jones Introduction to Encryption

Introduction to Encryption Also known as: enciphering Application of: a cipher (algorithm) Output: ciphertext – (binary) data Difference between encoding and encryption Encoding: character-by-character substitution Encryption: multiple characters processed at a time Michael Jones Introduction to Encryption

Introduction to Encryption Key Terms CIA Confidentiality: Entitlement to view, modify Integrity: Is data unchanged? Authenticity: With whom is the data actually associated? Availability: who can access the data CAIN Non-repudiation: Cannot deny sending or receiving a message PANIC Privacy: wider view of availability Encryption can be used in all aspects Michael Jones Introduction to Encryption

Introduction to Encryption Scope Three scopes relating to encryption Transit Data moving around a network Rest Data stored on persistent storage Archive Long-term data storage Each has a different set of requirements for encryption Michael Jones Introduction to Encryption

Introduction to Encryption Terms in Encryption Plaintext The original data Ciphertext The encrypted data Cipher The algorithm used to encrypt the data Key Used for encryption or decryption Michael Jones Introduction to Encryption

Example – Using OpenSSL openssl is available as a command on most *nix systems To encrypt a file using the AES-256-CBC cipher: openssl enc –e -aes-256-cbc -in a.txt -out b.dat -k password To decrypt the file: openssl enc -d -aes-256-cbc -in b.dat -out c.txt -k password The files a.txt and c.txt should be identical Michael Jones Introduction to Encryption

Introduction to Encryption Adding Encoding The output from the encryption will use all 8 bits in the byte Making the result unreadable (by an editor) There may be issues in communication Adding a ‘-a’ flag encodes the result into Base64 Making the result readable in a text editor And easier to transmit Michael Jones Introduction to Encryption

Introduction to Encryption Origins Encryption is the product of the application of cryptography Origins: Greek for ‘hidden or secret writing’ Techniques Produce ciphertext Hide in ‘plain view’ Steganography Early example: slave and tattoo Example: German Enigma machine Encoder or encipher? Michael Jones Introduction to Encryption

Introduction to Encryption Cracking Codes A cipher manipulates plaintext into ciphertext Cracking involves three basic techniques Reverse engineering Analysing lots of examples to identify patterns Forward engineering E.g., trying all possibilities: brute-force Social engineering Gain access to the cipher, keys used Use influence to dictate the ciphers and keys Zero day and cracking Useful time to exploit a cracked (illegally obtained) cipher and key Michael Jones Introduction to Encryption

Introduction to Encryption Modern Cryptography To compensate for increased computational power for ‘crackers’ Ciphers include the use of ‘strong’ keys Even if the algorithm is known, cracking will not be simple Cryptanalysis: science of cracking Objective of cryptography: Make the effort involved in cryptanalysis greater than the value of that which is being encrypted Michael Jones Introduction to Encryption

Introduction to Encryption Pre-computation The power and memory of modern computers creates the possibility of pre-computing the ciphertexts (hashes) for all possible plaintexts Example: cracking passwords Suppose we have access to a ‘users’ table, but all passwords have been encrypted And we know that the passwords are all 8 digit numbers And we know the cipher (e.g., MD5) Michael Jones Introduction to Encryption

Size of Pre-computation Table 8 digits = 10 to the power 8 = 100,000,000 Each entry in the table consists of: A number – 4 bytes A hash – 32 bytes Size required: 36 x 100MB = 3.6GB What if: Keys can be variable sized Keys can include letters and special characters Michael Jones Introduction to Encryption

Introduction to Encryption Rainbow Tables A complete pre-computation table will require too much memory What is needed is a means to link subsets of possible plaintexts Then only one of each subset is required A rainbow table is a means of creating subsets of plaintexts Using what is called a ‘reduction’ function Michael Jones Introduction to Encryption

How Rainbow Tables Work Start with a possible plaintext value: 12345678 Using MD5 as the cipher, produces: 25d55ad283aa400af464c76d713c07ad Now select the first 8 digits – 25552834 And compute the ciphertext (hash) again Repeat while each plaintext value is unique We only then need to store the first value Michael Jones Introduction to Encryption

Introduction to Encryption Notes A number of sequences will be needed to cover all possible plaintext values Each item in a sequence must be unique across all sequences Processing overhead Michael Jones Introduction to Encryption

Using Salt to Combat the Rainbow Pre-computed rainbow tables can be found Theses represent a threat to password protection Solution: create an additional (random) item Called an Initialisation Vector (IV) Use this in the creation of the hash A rainbow table will be needed for each IV value In OpenSSL Add a ‘-salt’ flag to the command line Michael Jones Introduction to Encryption

Introduction to Encryption Key Exchange Two people can exchange a key using a ‘key and box’ metaphor: A puts a secret message in a box, and locks it. A keeps the key, and sends the box to B. B receives the box, puts a second lock on the box. B keeps the second key, then sends the box back to A. A receives the box, and uses his/her key to unlock his/her lock and takes it off, then sends the box back to B. B can now remove the second lock on the box with his/her key. As there are no longer any locks on the box, B can open the box and access the secret message inside. Michael Jones Introduction to Encryption

Introduction to Encryption Types of Encryption Symmetric key Block or stream ciphers Same key used to encrypt, decrypt Asymmetric key E.g., Public Key Infrastructure One key used for encryption, another for decryption Michael Jones Introduction to Encryption

Symmetric Key Encryption Block: Each block is encrypted with a key into a block of the same size Examples: Data Encryption Standard (DES) Deprecated See also: Triple DES (TDES) Advanced Encryption Standard (AES) Stream: Arbitrary length output Based on manipulation of internal state Example: RC4 Block ciphers can be used in stream mode Michael Jones Introduction to Encryption

Introduction to Encryption AES Principles AES is an iterative block cipher with variable length keys, based on the Rijndael algorithm Winner of a competition organised by US government Block cipher 128 bits Key of variable lengths: 128, 192, 256 bits Iteration Number of times the algorithm is applied Michael Jones Introduction to Encryption

Introduction to Encryption How AES Works (128 bit) State: 4 x 4 matrix of bytes Key: 4 x 4 matrix of bytes (if using 128 bit key) Number of rounds 128 bit: 10, 192-bit: 12, 256-bit: 14 In each round Generation of a round key Subsitutions Shifts of each row a certain number of bits to the left Transformations on columns Application of the round key Michael Jones Introduction to Encryption

Introduction to Encryption Issues Single key = single point of failure Key usage may persist To avoid problem of managing keys Michael Jones Introduction to Encryption

Asymmetric Encryption Basic idea: One key to encrypt Different key to decrypt i.e., a pair of keys To be used in addition to symmetric key For reliable transfer of keys Origin Diffie-Hellman – mid 1970’s Also CESG Michael Jones Introduction to Encryption

Diffie-Hellman Protocol A and B each have a key pair Public and private Each sends the other their public keys A encrypts the symmetric key using his/her private key, and sends this to B B decrypts the message using A’s public key B then sends his/her symmetric key using the same process Michael Jones Introduction to Encryption

Introduction to Encryption Issues Asymmetric encryption is much more computationally expensive Susceptible to man-in-the-middle attacks Michael Jones Introduction to Encryption

Introduction to Encryption Creating PKI Keys Based on the concept of an inverse function A ‘trapdoor’ If a function (f1) has an inverse function (f2) Then: x == f1(f2(x)) Problem: finding the inverse for a given function is computationally prohibitive Michael Jones Introduction to Encryption

Introduction to Encryption Basic Principle The RSA (Rivest, Shamir, Adleman) algorithm is a demonstration of the Diffie-Hellman (Merkle) proposal Basic elements: Prime numbers Modulus arithmetic (remainders) Michael Jones Introduction to Encryption

Introduction to Encryption Basic Principle The 2 people share a (numeric secret) Computed two ways: b^c mod a and d^e mod a The issue is: Each person must know 2 things A secret they keep to themselves Something received from the other person Michael Jones Introduction to Encryption

Introduction to Encryption The Process The 2 people agree to share two prime numbers – e.g., 3 and 5 Each selects a secret number – e.g., A selects 4 and B selects 2 Each calculates 3^(selected number) mod 5 For A: 3^4 mod 5 = 81 mod 5 = 1 For B: 3^2 mod 5 = 9 mod 5 = 4 They tell each other these numbers Michael Jones Introduction to Encryption

Introduction to Encryption Process… Both know the original numbers (3 and 5) A also knows his/her secret number (4) and the number supplied by B (4) B also knows his/her secret number (2) and the number supplied by A (1) Both now calculate the shared secret number: Supplied number ^ secret number mod 5 For A: 4^4 mod 5 = 1 For B: 1^2 mod 5 = 1 Michael Jones Introduction to Encryption

Introduction to Encryption Notes Even if all the numbers are sent in plaintext the secret number cannot be calculated unless one or other of the secret numbers is known Much larger prime numbers are needed There is a relationship between the 2 original numbers For more information search for ‘Diffie-Hellman explanation’ Michael Jones Introduction to Encryption

Introduction to Encryption Summary Encryption is the process of producing ciphertext from plaintext Decryption is the opposite Cryptanalysis attempts to understand the algorithm (to break it) Symmetric encryption uses one key Asymmetric encryption uses 2 keys Key terms: CAAIN Michael Jones Introduction to Encryption