Foundation of Security Encryption Foundation of Security Started in organization and systems, migrated to DB, then enhanced for software engineering. This is the longest of the three. Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Introduction Encryption is mechanism for obscuring a message from others in a reversible way Historically used to send messages during wars Non-standard hieroglypics date back to at least 1900 BC Most of the historic ciphers are relatively easy to break Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Why? Are we at war? Bank of America sent a backup tape to offsite repository in December 2004 1,200,000 names, numbers, addresses, SSNs, etc Never arrived, never recovered Not encrypted This an similar scenarios have been repeated again and again The stolen or lost laptop Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Terminology Plain text A message that is readable AKA Clear text Cipher text A message that has been disguised Key A string that allows the encryption and decrpytion Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill What we want Encryption technique E(M,K) which takes a message M and a key K Decryption technique D(M,K) which also takes message M and key K Both E and D return a string M = D(E(M,K),K) Neither E nor D needs to be concealed Only secret thing is K the key E and D are efficiently computable Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Transposition Cipher AKA Caesar cipher Number the letters Add a value, divide by 26 and keep remainder Key is the value Decryption subtracts the value There are very few keys so easy to crack rot13 is a variant Copyright © - 2004-2018 – Curt Hill

Transposition Example Plain ASCII B A T ASCII Numeric 66 65 84 Transpose 5 Cipher numeric 71 70 89 Cipher as ASCII G F Y Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Substitution Cipher Generalization of transposition cipher Each letter is substituted by another letter or character For 26 characters there are 26! keys Usually succumbs to letter frequency attacks Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Substitution Example Plain ASCII B A T See table Cipher as ASCII U G M A G B U C … T M Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Enigma Code machine used by Germans in World War II Several rotors A letter is typed in the rotors provide a single substitution cipher for that letter The rotors are now advanced The next letter gets a different transposition The key becomes the initial rotor settings The Colosus was used to break Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Enigma Again Would have been secure if used properly Instead they often used same key for too long Predictable openings were often used: Common greetings: Mein Fueherer! This gives away the key to analysis Users thought it was magic so did not worry enough about security Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill One time pad The one time pad is a string of offsets to add to each letter of message Two copies of the pad: the sender and receiver Pad is never reused Algorithmically unbreakable if there is no pattern in the pad Transfer of the pad may be a problem Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill OTP Example Plain ASCII B A T ASCII Numeric 66 65 84 One time pad 12 9 23 Cipher numeric 78 74 107 Cipher as ASCII N J k Copyright © - 2004-2018 – Curt Hill

Data Encryption Standard A form of Feistel Cipher Key size could be 40 or 56 bits Use 16 rounds This is breakable but difficult to do so Algorithm has shown no weaknesses but the length of key makes a brute force appoach practical In 1998 Electronic Frontier Foundation created a cracker for $250K The 56 bit DES took about three days Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Triple DES After DES was shown to be vulnerable 3DES was proposed Use the same algorithm but increase key to 112 or 168 bits This reduces the threat of the brute force attack However, the algorithm itself is comparatively slow Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Distribution The problem with all of these is called the key distribution problem How is the key given to the receiver by the sender? Since everything else is known this becomes a weak link The next technique does not suffer from this problem Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Public key encryption AKA Trapdoor algorithms Each user has a public and private key To encrypt a message you need your private key and the person’s public key that you will send to Everyone uses the same algorithms Postulated by Diffie and Hellman They did not produce an algorithm that had the needed characteristics Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Requirements The algorithm needs these requirements: Computationally easy to generate the keys Computationally easy to encrypt the message to be sent using the receiver’s public key and sender’s private key Computationally easy for receiver to decrypt using the sender’s public key and own private key Intractable to find a private key or the plaintext message given an encrypted message and the public key Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill RSA Ron Rivest, Adi Shamir and Leonard Adleman came up with the first effective algorithm These are usually very large numbers, based on large primes The concept is that multiplying/dividing very large numbers is easy Factoring a very large number into primes is very difficult Conceivably taking years Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill RSA RSA became the name of the algorithm MIT patented Published in 1977 Proofs of its effectiveness abound Rivest, Shamir and Adleman received Turing award Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Key Generation Find two large primes, P and Q Approximately equal in size Compute the product N = PQ N should be 1024 bits or larger Known as the modulus Compute  = (P-1)(Q-1)  is spelled phi and pronounced fee Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Two more Choose E such that 1 < E <  E and  must be relatively prime Neither needs to be prime but relatively prime to each other This is the public exponent or encryption exponent Find D 1 < D <  ED mod  = 1 This is the secret exponent or decryption exponent Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill How it works The public key is a pair (E,N) and the private key is also a pair (D,N) Everyone participating in concealed messages publishes their public key where anyone can access The private key as well as P, Q and N are also kept secret Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Sending a message Albert wants to send Bob a secret message Obtains Bobs public key (E,N) Convert the clear text into numeric chunks of the suitable length, call one of these M Compute cipher text: C = ME mod N Repeat for subsequent chunks and send Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Reading sent message Bob now wants to read Albert’s message Using his own private key to restore the plain text M = CD mod N Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Another Thought Anyone may send a message to anyone else How do we determine if someone has falsified a message? The digital signing process is not that much different than the encryption and decryption Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Digital Signing Albert extracts pieces of the message to make a digest Albert uses his private key to compute S = MD mod N Bob uses Albert’s public key to compute V = SE mod N Bob uses the same extraction method and compares this with the sent signature Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Alternative Trap Door Another algorithm is the Elliptic Curve Cryptography Also includes a public and private key Appears to give the same security for a shorter key size Less well received because it has not been as thoroughly studied and tested IEEE has a standard P1363-2000 Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Where? There are a number of places to locate the encryption and decryption Any application may encrypt on writing to an external device An OS may encrypt within the file system Hardware may encrypt at the controller Copyright © - 2004-2018 – Curt Hill

Copyright © - 2004-2018 – Curt Hill Finally We should encrypt sensitive files: On disk In the process of transmission Most practical algorithms, except one time pad, are crackable The problem is how long will it take? If the cost exceeds the benefit nobody will attempt Copyright © - 2004-2018 – Curt Hill