Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Encryption

PublishDomenic Hamilton Modified over 6 years ago

Similar presentations

Presentation on theme: "Principles of Encryption"— Presentation transcript:

1 Principles of Encryption
Michael Jones

2 Introduction to Encryption
Review Data can be held in three forms: Plain text: e.g., txt, php, html Binary: e.g., jpg Encrypted Plain text documents are encoded Encoding: character for character substitution Because of machine and other requirements Examples: UTF-8 (ASCII), UTF-16, etc. Michael Jones Introduction to Encryption

3 Introduction to Encryption
Also known as: enciphering Application of: a cipher (algorithm) Output: ciphertext – (binary) data Difference between encoding and encryption Encoding: character-by-character substitution Encryption: multiple characters processed at a time Michael Jones Introduction to Encryption

4 Introduction to Encryption
Key Terms CIA Confidentiality: Entitlement to view, modify Integrity: Is data unchanged? Authenticity: With whom is the data actually associated? Availability: who can access the data CAIN Non-repudiation: Cannot deny sending or receiving a message PANIC Privacy: wider view of availability Encryption can be used in all aspects Michael Jones Introduction to Encryption

5 Introduction to Encryption
Scope Three scopes relating to encryption Transit Data moving around a network Rest Data stored on persistent storage Archive Long-term data storage Each has a different set of requirements for encryption Michael Jones Introduction to Encryption

6 Introduction to Encryption
Terms in Encryption Plaintext The original data Ciphertext The encrypted data Cipher The algorithm used to encrypt the data Key Used for encryption or decryption Michael Jones Introduction to Encryption

7 Example – Using OpenSSL
openssl is available as a command on most *nix systems To encrypt a file using the AES-256-CBC cipher: openssl enc –e -aes-256-cbc -in a.txt -out b.dat -k password To decrypt the file: openssl enc -d -aes-256-cbc -in b.dat -out c.txt -k password The files a.txt and c.txt should be identical Michael Jones Introduction to Encryption

8 Introduction to Encryption
Adding Encoding The output from the encryption will use all 8 bits in the byte Making the result unreadable (by an editor) There may be issues in communication Adding a ‘-a’ flag encodes the result into Base64 Making the result readable in a text editor And easier to transmit Michael Jones Introduction to Encryption

9 Introduction to Encryption
Origins Encryption is the product of the application of cryptography Origins: Greek for ‘hidden or secret writing’ Techniques Produce ciphertext Hide in ‘plain view’ Steganography Early example: slave and tattoo Example: German Enigma machine Encoder or encipher? Michael Jones Introduction to Encryption

10 Introduction to Encryption
Cracking Codes A cipher manipulates plaintext into ciphertext Cracking involves three basic techniques Reverse engineering Analysing lots of examples to identify patterns Forward engineering E.g., trying all possibilities: brute-force Social engineering Gain access to the cipher, keys used Use influence to dictate the ciphers and keys Zero day and cracking Useful time to exploit a cracked (illegally obtained) cipher and key Michael Jones Introduction to Encryption

11 Introduction to Encryption
Modern Cryptography To compensate for increased computational power for ‘crackers’ Ciphers include the use of ‘strong’ keys Even if the algorithm is known, cracking will not be simple Cryptanalysis: science of cracking Objective of cryptography: Make the effort involved in cryptanalysis greater than the value of that which is being encrypted Michael Jones Introduction to Encryption

12 Introduction to Encryption
Pre-computation The power and memory of modern computers creates the possibility of pre-computing the ciphertexts (hashes) for all possible plaintexts Example: cracking passwords Suppose we have access to a ‘users’ table, but all passwords have been encrypted And we know that the passwords are all 8 digit numbers And we know the cipher (e.g., MD5) Michael Jones Introduction to Encryption

13 Size of Pre-computation Table
8 digits = 10 to the power 8 = 100,000,000 Each entry in the table consists of: A number – 4 bytes A hash – 32 bytes Size required: 36 x 100MB = 3.6GB What if: Keys can be variable sized Keys can include letters and special characters Michael Jones Introduction to Encryption

14 Introduction to Encryption
Rainbow Tables A complete pre-computation table will require too much memory What is needed is a means to link subsets of possible plaintexts Then only one of each subset is required A rainbow table is a means of creating subsets of plaintexts Using what is called a ‘reduction’ function Michael Jones Introduction to Encryption

15 How Rainbow Tables Work
Start with a possible plaintext value: Using MD5 as the cipher, produces: 25d55ad283aa400af464c76d713c07ad Now select the first 8 digits – And compute the ciphertext (hash) again Repeat while each plaintext value is unique We only then need to store the first value Michael Jones Introduction to Encryption

16 Introduction to Encryption
Notes A number of sequences will be needed to cover all possible plaintext values Each item in a sequence must be unique across all sequences Processing overhead Michael Jones Introduction to Encryption

17 Using Salt to Combat the Rainbow
Pre-computed rainbow tables can be found Theses represent a threat to password protection Solution: create an additional (random) item Called an Initialisation Vector (IV) Use this in the creation of the hash A rainbow table will be needed for each IV value In OpenSSL Add a ‘-salt’ flag to the command line Michael Jones Introduction to Encryption

18 Introduction to Encryption
Key Exchange Two people can exchange a key using a ‘key and box’ metaphor: A puts a secret message in a box, and locks it. A keeps the key, and sends the box to B. B receives the box, puts a second lock on the box. B keeps the second key, then sends the box back to A. A receives the box, and uses his/her key to unlock his/her lock and takes it off, then sends the box back to B. B can now remove the second lock on the box with his/her key. As there are no longer any locks on the box, B can open the box and access the secret message inside. Michael Jones Introduction to Encryption

19 Introduction to Encryption
Types of Encryption Symmetric key Block or stream ciphers Same key used to encrypt, decrypt Asymmetric key E.g., Public Key Infrastructure One key used for encryption, another for decryption Michael Jones Introduction to Encryption

20 Symmetric Key Encryption
Block: Each block is encrypted with a key into a block of the same size Examples: Data Encryption Standard (DES) Deprecated See also: Triple DES (TDES) Advanced Encryption Standard (AES) Stream: Arbitrary length output Based on manipulation of internal state Example: RC4 Block ciphers can be used in stream mode Michael Jones Introduction to Encryption

21 Introduction to Encryption
AES Principles AES is an iterative block cipher with variable length keys, based on the Rijndael algorithm Winner of a competition organised by US government Block cipher 128 bits Key of variable lengths: 128, 192, 256 bits Iteration Number of times the algorithm is applied Michael Jones Introduction to Encryption

22 Introduction to Encryption
How AES Works (128 bit) State: 4 x 4 matrix of bytes Key: 4 x 4 matrix of bytes (if using 128 bit key) Number of rounds 128 bit: 10, 192-bit: 12, 256-bit: 14 In each round Generation of a round key Subsitutions Shifts of each row a certain number of bits to the left Transformations on columns Application of the round key Michael Jones Introduction to Encryption

23 Introduction to Encryption
Issues Single key = single point of failure Key usage may persist To avoid problem of managing keys Michael Jones Introduction to Encryption

24 Asymmetric Encryption
Basic idea: One key to encrypt Different key to decrypt i.e., a pair of keys To be used in addition to symmetric key For reliable transfer of keys Origin Diffie-Hellman – mid 1970’s Also CESG Michael Jones Introduction to Encryption

25 Diffie-Hellman Protocol
A and B each have a key pair Public and private Each sends the other their public keys A encrypts the symmetric key using his/her private key, and sends this to B B decrypts the message using A’s public key B then sends his/her symmetric key using the same process Michael Jones Introduction to Encryption

26 Introduction to Encryption
Issues Asymmetric encryption is much more computationally expensive Susceptible to man-in-the-middle attacks Michael Jones Introduction to Encryption

27 Introduction to Encryption
Creating PKI Keys Based on the concept of an inverse function A ‘trapdoor’ If a function (f1) has an inverse function (f2) Then: x == f1(f2(x)) Problem: finding the inverse for a given function is computationally prohibitive Michael Jones Introduction to Encryption

28 Introduction to Encryption
Basic Principle The RSA (Rivest, Shamir, Adleman) algorithm is a demonstration of the Diffie-Hellman (Merkle) proposal Basic elements: Prime numbers Modulus arithmetic (remainders) Michael Jones Introduction to Encryption

29 Introduction to Encryption
Basic Principle The 2 people share a (numeric secret) Computed two ways: b^c mod a and d^e mod a The issue is: Each person must know 2 things A secret they keep to themselves Something received from the other person Michael Jones Introduction to Encryption

30 Introduction to Encryption
The Process The 2 people agree to share two prime numbers – e.g., 3 and 5 Each selects a secret number – e.g., A selects 4 and B selects 2 Each calculates 3^(selected number) mod 5 For A: 3^4 mod 5 = 81 mod 5 = 1 For B: 3^2 mod 5 = 9 mod 5 = 4 They tell each other these numbers Michael Jones Introduction to Encryption

31 Introduction to Encryption
Process… Both know the original numbers (3 and 5) A also knows his/her secret number (4) and the number supplied by B (4) B also knows his/her secret number (2) and the number supplied by A (1) Both now calculate the shared secret number: Supplied number ^ secret number mod 5 For A: 4^4 mod 5 = 1 For B: 1^2 mod 5 = 1 Michael Jones Introduction to Encryption

32 Introduction to Encryption
Notes Even if all the numbers are sent in plaintext the secret number cannot be calculated unless one or other of the secret numbers is known Much larger prime numbers are needed There is a relationship between the 2 original numbers For more information search for ‘Diffie-Hellman explanation’ Michael Jones Introduction to Encryption

33 Introduction to Encryption
Summary Encryption is the process of producing ciphertext from plaintext Decryption is the opposite Cryptanalysis attempts to understand the algorithm (to break it) Symmetric encryption uses one key Asymmetric encryption uses 2 keys Key terms: CAAIN Michael Jones Introduction to Encryption

Download ppt "Principles of Encryption"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Modern Cryptography.

Modern Cryptography.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Chapter 12 Cryptography (slides edited by Erin Chambers)

Chapter 12 Cryptography (slides edited by Erin Chambers)
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
Information Systems Security

Information Systems Security
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Similar presentations

Ads by Google