TMK 264: COMPUTER SECURITY CHAPTER TWO: CRYPTOGRAPHY 1
INTRODUCTION Cryptography provides many mechanisms on which security techniques and technologies are built. Cryptography is a deep mathematical subject. The word cryptography comes from two Greek words meaning ‘secret writing’ and is the art and science of concealing meaning. The goal of cryptography is to keep enciphered information secret. 2
3 WHAT IS CRYPTOGRAPHY Cryptography is the study of transforming information into an encoded or scrambled format. Cryptography is a secret writing which is the strongest tool for controlling against many kinds of security threats. Well-disguised data cannot be read, modified or fabricated easily. Cryptography is rooted in higher mathematics: group and field theory, computational complexity, and even real analysis, not to mention probability and statistics.
4 ENCRYPTION TERMINOLOGY Encryption is the process of encoding a message so that its meaning is not obvious. Encryption is the process of encoding a message so that its meaning is not obvious. Decryption is the reverse process which is transforming an encrypted message back into normal. Decryption is the reverse process which is transforming an encrypted message back into normal. Encipher, decipher, encode, decode is the same word for encryption and decryption. Encipher, decipher, encode, decode is the same word for encryption and decryption. Cryptography is the art of keeping messages secure Cryptography is the art of keeping messages secure Cryptosystem is referring to a system for encryption and decryption. Cryptosystem is referring to a system for encryption and decryption. Cryptanalysis is the art of breaking cipher-text Cryptanalysis is the art of breaking cipher-text
ENCRYPTION TERMINOLOGY Four ways cryptanalysis can do: Four ways cryptanalysis can do: Attempt to break a single message Attempt to break a single message Attempt to recognize patterns in encrypted message. Attempt to recognize patterns in encrypted message. Attempt to deduce the key. Attempt to deduce the key. Attempt to find weakness in the implementation or environment of use of encryption. Attempt to find weakness in the implementation or environment of use of encryption. 5
6 TYPES OF ENCRYPTION Two main types of encryption: Asymmetric encryption (public-key encryption) Symmetric encryption (secret-key encryption). Two simple encryption method are: Substitution - One letter is change for another letter. Transposition – The order of the letter is rearranged. Encryption is the method to make sure that the message didn’t access by illegal person.
7 Figure Encryption with Keys
8
9 Figure: Symmetric Encryption
10 Table: Comparing Secret Key and Public Key Encryption
11 REPRESENTING CHARACTERS ENGLISH ALPHABET ENGLISH ALPHABET Also known as a modular arithmetic Also known as a modular arithmetic We want to study ways of encrypting any computer material, whether it is written as ASCII or EBCDIC characters. We want to study ways of encrypting any computer material, whether it is written as ASCII or EBCDIC characters. However, to simplify the explanations, we begin with the encryption of message written in the standard 26 letter English alphabet: However, to simplify the explanations, we begin with the encryption of message written in the standard 26 letter English alphabet:
12 ENGLISH ALPHABET
13 ENGLISH ALPHABET ► The letters A represented by a zero, B by one and so on. ► This representation allows us to consider performing arithmetic on the “letters” of a message. ► That is, we can perform addition and subtraction on letters by adding and subtracting the corresponding code numbers. ► Every result of an arithmetic operation is between 0 and 25.
14 ENGLISH ALPHABET ► Example: A + 3 = D K – 1 = J Y + 3 = B ► Exercises: By using modular arithmetic, decode the following statements: (5 - 5), ( ), (5 * 2 + 4), (55 % 8), (8 * 1 * 0) ► Answer: ALOHA
15 SUBSTITUTION CIPHERS THE CAESAR CIPHER –J–J–J–Julius Caesar is said to have been the first to use this scheme, in which each letter is translated to a letter a fixed number of places after it in the alphabet. –C–C–C–Caesar used a shift of 3. –E–E–E–Each letter of the alphabet is represented by some other letter. –T–T–T–The correspondence may be random or systematic. –2–2–2–26! possible substitution ciphers
16 THE CAESAR CIPHER
17 THE CAESAR CIPHER Exercises: Encrypt the following statements by using Caesar Cipher method. GOOD LUCK TO YOU Advantages Easy to memorize and implement. The pattern was easy to memorize and implement. Simple to write and protected. Disadvantages Easy to predict by other users. The pattern of words is easy to break. A secure encryption should not allow an interceptor to use a small piece of the ciphertext to predict the entire pattern of the encryption.
18
STREAM CIPHER Implement the secret key encryption. Implement the secret key encryption. Is a method to encrypting text (to produce cipher text) in which a cryptographic key and algorithm are applied to each binary digit in a data stream. Is a method to encrypting text (to produce cipher text) in which a cryptographic key and algorithm are applied to each binary digit in a data stream. Usually used in old cryptography system. Usually used in old cryptography system. Designed to be exceptionally fast, much faster than any block cipher. Designed to be exceptionally fast, much faster than any block cipher. Most stream cipher designs are for synchronous stream cipher. Most stream cipher designs are for synchronous stream cipher. Are often used in application where plaintext comes in quantities of unknowable length. Are often used in application where plaintext comes in quantities of unknowable length. Advantages: Advantages: The secret key is short. The secret key is short. Very high speed (Gigabyte/per second) Very high speed (Gigabyte/per second) Low error propagation. Low error propagation. Disadvantages: Disadvantages: Do not satisfy the perfect secrecy condition. Do not satisfy the perfect secrecy condition. Easily to encrypt from the intelligent fraud. Easily to encrypt from the intelligent fraud. Sender and receiver must be synchronized. Sender and receiver must be synchronized. Low diffusion. Low diffusion. 19
VERNAM CIPHER Also known as one-time pad. Invented by Gilbert Vernam and patented in Advantages: This cipher is unbreakable in a very strong sense.This cipher is unbreakable in a very strong sense. Any message can be transformed into any cipher by using a pad.Any message can be transformed into any cipher by using a pad. All transformation are equally likely.All transformation are equally likely. More simple compared than other types of cryptographic algorithms.More simple compared than other types of cryptographic algorithms. Example of using Vernam Cipher: Vernam encoded “++---“ as A, B as “+--++”, G as “-+-++”, combining G + B are “++---“.Vernam encoded “++---“ as A, B as “+--++”, G as “-+-++”, combining G + B are “++---“. 20
21
SUMMARY OF SUBSTITUTIONS Substitution is effective cryptography devices. In fact, they were the basis of many cryptographic algorithm used for diplomatic communication through the first half of the twentieth century. But substitution is not the only kind of encryption technique. In the next section, we introduce the other basic cryptographic invention; the transposition (permutation). Substitution and permutation together form a basis for some widely used commercial grade encryption algorithms that we discuss later in this chapter. 22
TRANSPOSITIONS METHOD (PERMUTATIONS) The goal of substitution is confusion; the encryption method is an attempt to make it difficult for an cryptanalyst or intruder to determine how a message and key were transformed into ciphertext. A transposition is an encryption in which the letters of the message are rearranged. With transposition, the cryptography aims for diffusion, widely spreading the information from the message or the key across the ciphertext. Transposition tries to break established pattern. Because a transposition is a rearrangement of the symbols of a message, it is also known as a permutation. 23
24 COLUMNAR TRANSPOSITION Columnar transposition is rearrangement of the characters of the plaintext into columns. The set of characters are arranged in n- column transposition according the situation.
25
EXERCISES Encrypt the following message by using permutation technique WHERE ARE WE FOR THE TIME BEING RIGHT NOW! Answer: W H E R E A R E W E F O R T H E T I M E B E I N G R I G H T N O W ! X X X X X X The cipher text are: wafebrnxxxhroteioxxxeerii gwxxxrwtmnh!xxxeehegtxxxx 26
CHARACTERISTICS OF GOOD CIPHER In 1949, Claude Shannon proposed several characteristics that identify a good cipher: –The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption. –The set of keys and the enciphering algorithm should be free from complexity. –The implementation of the process should be as simple as possible. –Errors in ciphering should not propagate and cause corruption of further information in the message. –The size of the enciphered text should be no longer than the text of the original message. These principles were developed before the ready availability of digital computers, even though Shannon was aware of computers and the computational power they represented. 27
28 DATA ENCRYPTION STANDARD (DES) Developed for the U.S government and was intended for use by the general public.Developed for the U.S government and was intended for use by the general public. It has been officially accepted as a cryptographic standard both in the United State and abroad.It has been officially accepted as a cryptographic standard both in the United State and abroad. Moreover, many hardware and software systems have been designed with the DES.Moreover, many hardware and software systems have been designed with the DES. The DES algorithm is careful and complex combination of two fundamental building blocks of encryption which is substitutions and transposition.The DES algorithm is careful and complex combination of two fundamental building blocks of encryption which is substitutions and transposition. DES uses only standard arithmetic and logical operations on number up to 64 bits long, so it is suitable for implementation in software on most current computersDES uses only standard arithmetic and logical operations on number up to 64 bits long, so it is suitable for implementation in software on most current computers
29 DATA ENCRYPTION STANDARD (DES) Characteristics for DES algorithm: Able to provide a high level of security. Specified and easy to understand. Available to all users. Efficient to use. Able to validate.
30 ADVANCES ENCRYPTION STANDARD (AES) TThe AES is likely to be the commercial-grade symmetric algorithm of choice for years, if not decades. CCharacteristics of AES algorithm: Available royalty-free for use worldwide. Symmetric block cipher algorithm. Publicly disclosed. EExample of the best AES algorithm – Rijndael The algorithm’s name derived from the creator’s name, Vincent Rijmen and Joan Daemen.
31 ADVANCES ENCRYPTION STANDARD (AES) –Advantages: Fast algorithm that can be implemented easily on a simple processor. Fast algorithm that can be implemented easily on a simple processor. Strong mathematical function and much secure compare than DES. Strong mathematical function and much secure compare than DES. Simple to describe and understood. Simple to describe and understood.
32 Table: Comparison of DES and AES DESAES Date Block Size 64 bits128 bits Key Length 56 bits128, 192, 256 Encryption Primitives Substitution, permutationSubstitution, shift, bit mixing Cryptographic Primitives Confusion, Diffusion Design Open Design Rationale ClosedOpen Selection Process SecretSecret, but accepted open public comment Source IBM, enhanced by NSAIndependent Dutch cryptographers
33 PUBLIC KEY ENCRYPTION With public key security systems, each user of the system has one public key and one private key (only two keys). With public key security systems, each user of the system has one public key and one private key (only two keys). The system is asymmetric which means that when a message is encrypted with the public key, it cannot be decrypted by using the public key again. The system is asymmetric which means that when a message is encrypted with the public key, it cannot be decrypted by using the public key again. The same is true of encryption with the private key. The same is true of encryption with the private key. A message encrypted using the public key can only be decrypted using the private key and a message encrypted using the private key can only be decrypted using the public key. A message encrypted using the public key can only be decrypted using the private key and a message encrypted using the private key can only be decrypted using the public key.
34 Rivest-Shamir-Adelman (RSA ) Encryption Introduced in 1978 and to date remains secure. Introduced in 1978 and to date remains secure. Combines results from number theory with the degree of difficulty in determining the prime factors of a given number. Combines results from number theory with the degree of difficulty in determining the prime factors of a given number. Two keys used, d and e, are used for decryption and encryption. Two keys used, d and e, are used for decryption and encryption. The RSA algorithm has become the de facto standard for industrial-strength encryption, especially for data sent over the Internet. The RSA algorithm has become the de facto standard for industrial-strength encryption, especially for data sent over the Internet. It is built into many software products, including Netscape Navigator and Microsoft Internet Explorer. It is built into many software products, including Netscape Navigator and Microsoft Internet Explorer. The technology is so powerful that the U.S. government has restricted exporting it to foreign countries. The technology is so powerful that the U.S. government has restricted exporting it to foreign countries.
35 THE USES OF ENCRYPTION Digital Signatures –D–Digital signature is a protocol that produces the same effect as real signature. –I–It is a mark that only the sender can make, but other people can easily recognize as belonging to the sender. –J–Just like a real signature, a digital signature is used to confirm agreement to a message. –O–Only the owner can create the digital signature, hence it can be used to verify who created a message.
36 Sign the entire/whole document Public key encryption can be used to sign a document. The sender uses her private key to encrypt (sign) the message. The receiver uses the public key of the sender to decrypt the message. The private key is used for encryption and the public key for decryption
37 Figure: Signing the whole document
38 SIGNING THE DIGEST The sender creates a miniature version of the document and signs it. The receiver checks the signature on the miniature. To create a digest of the message, use HASH FUNCTION Hash function creates a fixed-size digest from a variable-length message. 2 most common :- MD5 ( Message Digest 5), 120-bit and SHA-1 (Secure Hash Algorithm 1), 160-bit
39 Figure: Signing the Digest
40 Figure: Signing the Digest (Sender site)
41 Figure: Signing the Digest (Receiver Site)
42 DIGITAL SIGNATURE Digital signature must meet two primary conditions: –It must be unforgeable. If person P signs message M with signature S (P, M), it is impossible for anyone else to produce the pair. –It must be authentic. If a person R receives the message from P, R can check that the signature is really from P. Only P could have created this signature, and the signature is firmly attached to M.
43 DIGITAL SIGNATURE Two more properties are added: Two more properties are added: It is not alterable It is not alterable After being transmitted, the message’s content cannot be changed. After being transmitted, the message’s content cannot be changed. It is not reusable It is not reusable A previous message presented again will be instantly detected by the receiver. A previous message presented again will be instantly detected by the receiver.
Digital Signature 44
45 Key Exchange Suppose you send a protected message to someone you do not know and who does not know you. This situation is more common than you may think. For instances: –How you send an income tax return to the government? –You want the information to be protected, but you do not necessarily know the person who is receiving the in formations. Are the information protected? This situation depends on being able to exchange an encryption key in such a way that nobody else can intercept it. To establish an encrypted session, you need an encrypted means to exchange keys.
46 Figure: The idea behind key exchange
47 WHY ENCRYPTION IS NECESSARY? To make sure the message are safe and secured. To make sure the message are safe and secured. To make the message is difficult to read/ write or modify by unauthorized person. To make the message is difficult to read/ write or modify by unauthorized person. E-commerce requires strong, unbreakable encryption; otherwise, money could not be safely exchanged over the Internet. E-commerce requires strong, unbreakable encryption; otherwise, money could not be safely exchanged over the Internet. Encryption process is used to block the outsider to Encryption process is used to block the outsider to Block the important message. Block the important message. Intercept the message. Intercept the message. Modify the contents of the message. Modify the contents of the message.
48 WEAKNESS IN CRYPTOGRAPHY A cryptanalyst works against humans, who can be hurried, lazy, careless, naïve or uninformed. A cryptanalyst works against humans, who can be hurried, lazy, careless, naïve or uninformed. Below are some of the weakness of having the cryptography: Below are some of the weakness of having the cryptography: Human fails to change cryptographic keys when needed. Human fails to change cryptographic keys when needed. Choose key in predictable manner Choose key in predictable manner Humans can be bribed or coerced. Humans can be bribed or coerced. Hardware and software fails. Hardware and software fails. The only rule that applies to the attacker is that there are no rules. The only rule that applies to the attacker is that there are no rules.
49 WEAKNESS IN CRYPTOGRAPHY All of the weakness has been settle by using the three most widely used encryption scheme today, which is: All of the weakness has been settle by using the three most widely used encryption scheme today, which is: Data Encryption Standard (DES) Data Encryption Standard (DES) Advances Encryption Standard (AES) Advances Encryption Standard (AES) Rivest Shamir Adelman (RSA) Rivest Shamir Adelman (RSA)
CONCLUSION 50