Encryption and Security
Outline Overview of encryption –Terminology –History –Common issues Secret-key encryption –Block and stream ciphers –DES –RC5
Overview Intro, history and terminology Symmetric-key encryption –Techniques –DES, RC5 Public-key encryption –RSA, hash functions, digital signatures Key exchange, certificates, PKI
Overview Types of attacks and countermeasures Application layers –S-HTTP, SSL Steganography and digital watermarking Security and trust
Terminology Code –Replacement based on words or semantic structures Cipher –Replacement based on symbols
Terminology Cryptography –The science of encrypting or hiding secrets. Cryptanalysis –The science of decrypting messages or breaking codes and ciphers. Cryptology –The combination of the two.
Terminology Plaintext – an unencrypted message Cyphertext – an encrypted message Security: a combination of –Authentication –Access control
Three eras of cryptology Pre-WWII –Cryptography as a craft –Widely used, but few provable techniques 1940s-1970 –Secret key encryption introduced –Information theory used to characterize security 1970-present –Public key systems introduced
Early cryptography Caesar cipher –Replace each letter l with l +3 mod 26 –“Attack at dawn” becomes –Dwwdfn dw gdzq Two components: –Algorithm: Shift characters by a fixed amount –Key: the fixed amount. Note: Knowing the algorithm (but not the key) makes this cipher much easier to crack –26 possibilities vs 26!
Weaknesses of the Caesar Cipher Word structure is preserved. –Break message into equal-length blocks. dww dfn dwg dzq Letter frequency is a big clue –e,t,a,o most common English letters. –Using a single key preserves frequency. Solution: use multiple keys –E.g. shift by (3,5,7) “Attack at dawn” becomes dya dhr dyk dbu Better, but frequency information still present. An attacker that knows the block size can separate out characters encoded with different keys.
Caesar Cipher The Caesar cipher is still useful as a way to prevent people from unintentionally reading something. –ROT-13 –By decrypting, the user agrees that they want to view the content. Fundamental problem: key length is shorter than the message.
Vernam Cipher 1920’s: introduction of the one-time pad. Randomly generated key –Same length as message –XORed with message Theoretically unbreakable –Attacker can do no better than guessing –Ciphertext gives no information about plaintext.
Vernam Cipher Example: winning lottery number is 117 – (7 bits) –Randomly generated key: –XOR: No two bits are encoded with the same mapping – an attacker has no frequency information to help guess the key. Problem: keys are very large. –How to distribute this key? –Shared source of randomness?
Symmetric Key Encryption The Caesar Cipher and the one-time pad are examples of symmetric-key (secret-key) encryption. Single key shared by all users. Fast How to distribute keys?
Keyspace The keyspace is the set of all possible keys. –Caesar cipher: keyspace = {0,1,2,…,25} –Vernam cipher: |keyspace| = 2 n –1 Size of the keyspace helps us estimate security. –Assumption: exhaustive search is the only way to find a key.
Substitution Ciphers Symbols are replaced by other symbols according to a key. –Caesar cipher is a substitution cipher. To escape frequency analysis, we can use a homophonic substitution cipher –Map symbols to multiple symbols. –e.g 0 -> {01, 10}, 1->{00,11} – becomes: –Advantage: frequencies hidden –Disadvantage: message and key are longer –Substitution is said to add confusion Measure of the relationship between plaintext and ciphertext
Transposition Ciphers A transposition cipher is one that permutes the symbols of the message according to a preset pattern. –“Attack at dawn” becomes “cda tka wan tat” –Helps avoid detection of symbols based on correspondence. ‘q’ followed by ‘u’. –Said to increase diffusion Reduce redundancies in plaintext.
Product ciphers By themselves, substitution and transposition ciphers are relatively insecure. By combining these operations, we can produce a secure cipher. –This is how DES works. M -> Sub(M) -> Trans(Sub(M)). –Might go through multiple rounds.
Block Ciphers The ciphers we have seen so far are known as block ciphers. Plaintext is broken into blocks of size k. Each block is encrypted separately. Advantages: random access, potentially high security Disadvantages: larger block size needed, patterns retained throughout messages.
Stream Ciphers A stream cipher encodes a symbol based on both the key and the encoding of previous symbols. –C i = M i XOR K i XOR M i-1 Advantages: –can work on smaller block sizes – little memory/processing/buffering needed. Disadvantages: –Random access difficult, hard to use large keys. –Sender and receiver must be synchronized Inserted bits can lead to errors.
Combinations Many ciphers combine stream and block properties. –Work on multiple symbols, but contain a feedback loop. Electronic Code Book (ECB) –Pure block cipher, no feedback plaintextE key ciphertextplaintext E -1 key
Cipher-block Chaining XOR previous block –Chaining dependency – order matters. –Some error propagation plaintext Ekey ciphertext E -1 key XOR plaintext
Cipher-Block Chaining Also incorporated into block ciphers. Makes tampering easier to detect. –Helps prevent substitution and impersonation attacks. Secret key can also be used to construct a running-key generator. –Longer sequence of pseudo-random numbers. –Can be used to build a one-time pad.
Modifications to CBC Cipher feedback –Shift register is used to store data. –r-bit are shifted into mask of size m. –Allows a small number of bits to be immediately sent. Output feedback –Like cipher feedback, but uses output of encryption function. –Eliminates error propagation.
DES Data Encryption Standard –DEA is actually the algorithm. First commercial-grade algorithm with open implementation details. Uses a 64-bit key with 8 parity bits, for an effective key of 56 bits. –Keyspace = 2 56 = 10 17
DES Is a combination of a product cipher and a Feistel cipher. –Product cipher: transposition and substitution. –Feistel cipher: Iterates through a number of rounds of a product cipher mapping (L,R) to (R’, L’) 16 rounds Block size=48 –In each round, a different 48-bit subkey is selected from the 56-bit key.
Security of DES Keyspace is approximately Thought to be secure in 70’s. Recently, 56-bit DES broken in under 1 day. –Combination of distributed.net & EFF’s DeepCrack. Able to search several billion keys per second.
Extensions to DES 3DES –Message is run through DES 3 times –C = k 3 (k 2 (k 1 (M))) –Backwards-compatible with DES if all three keys are the same. –Keyspace is –Drawback: bit-oriented operations are slow to implement in software
RC5 Symmetric encryption algorithm Word-oriented block cipher. Can vary word length, number of rounds, and key length. Goals: fast, easy to understand and implement, flexible, low memory requirements, secure. Uses stream techniques to modify data
RC5 Uses three mathematical operations: –Two’s complement addition –XOR –Left cyclic rotation by variable amounts. These are all fast operations that are directly supported by most modern processors.
RC5 Algorithm Parameters: K (key), w (word length), r (number of rounds) Input: a 2w length plaintext in registers A and B. Output: a 2w length ciphertext. 1. Expand K into a table S[2(r+1)] keys. To encrypt: –A =A + S[0]; B = B + S[1] –For i = 1 to r do A = ((A xor B) << B) + S[2 * i] B = ((B xor A) << A) + S[2*i + 1] Decryption is the same thing in reverse.
RC5 Simple algorithm – key is the data-dependent rotations. Keys are accessed sequentially, allowing for small caches. Security still unclear, but looks good. –56-bit key: 250 days by distributed.net –64-bit key: 1747 days by distributed.net 1.02x10^11 keys/sec, 1.5 x10^19 keyspace –72-bit key in progress. 4.8x10^10 keys/sec, 4x10^21 keyspace 100% in 788,747 days = 2160 years
Summary Secret-key algorithms (DES, RC5) have been widely studied. –Fast –Potentially highly secure –Well-understood. –Excellent for repeated communication. –Hard to use in open environments, one-shot communications –Works for hiding secrets; what about signing things? Public-key encryption evolved as an answer to this problem.