1. IS 302: Information Security and Trust Week 2: Encryption Basics 2012

2. © Yingjiu Li 20072 Treasure Hunter’s Parchment “53‡‡†305))6*;4826)4‡);806*;48†8 ¶60))85;I‡(;:‡*8†83(88)5*†;46(;88*96 *?;8)*‡(;485);5*†2:*‡(;4956*2(5*-4)8 ¶8*;4069285);)6†8)4‡‡;I(‡9;48081;8:8‡ I;48†85;4)485†528806*81(‡9;48;(88;4 (‡?34;48)4‡;161;:188;‡?;”

3. © Yingjiu Li 20073 Confidentiality How to protect message from adversary? Bob Alice Mallory The secret is… plaintext

4. © Yingjiu Li 20074 Cryptography Use a language that only Alice and Bob can understand Bob Alice Mallory Nz dsfejr dbse ovncds jt… ciphertext

5. © Yingjiu Li 20075 Concepts Cryptography – hidden writing Encryption – encode or encipher Decryption – decode or decipher Cryptosystem – a system for encryption and decryption Cryptographer – anyone who invents encryption algorithms Cryptanalyst – anyone who attempts to break encryption algorithms Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis

6. © Yingjiu Li 20076 Cryptosystem Algorithms with a parameter – key K Encryption Algorithm E Decryption Algorithm D PlaintextCiphertextPlaintext PPC

7. © Yingjiu Li 20077 Jeff Moser: http://www.moserware.com/2009/09/stick-figure- guide-to-advanced.html

8. © Yingjiu Li 20078 Encryption –Input: plaintext and key –Output: ciphertext Encryption Function Plaintext

9. © Yingjiu Li 20079 Decryption –Input: ciphertext and a key –Output: original plaintext Decryption Function Plaintext

10. © Yingjiu Li 200710 Symmetric Cryptosystem C=E(P,K) P=D(C,K) Encryption Algorithm E Decryption Algorithm D PlaintextCiphertextPlaintext PPC KK Secret channel

11. © Yingjiu Li 200711 Cryptanalysis (Attacks) Cryptanalyst (Mallory) –E and D are public –Given ciphertext, find plaintext –What else Mallory knows? Ciphertext onlyMallory knows ciphertext only Known plaintext Mallory happens to know some plaintext- ciphertext pairs Chosen plaintext Mallory knows some plaintext-ciphertext pairs for selected plaintext Chosen ciphertext Mallory knows some plaintext-ciphertext pairs for selected ciphertext

12. © Yingjiu Li 200712 Classical Ciphers Caesar cipher Vigenére cipher Zimmerman cipher Vernam cipher

13. © Yingjiu Li 200713 Caesar Cipher –Shifting alphabet –How many possible keys?

14. © Yingjiu Li 200714 Discussion Follow me with CrypTool Observation: –The break between two words is preserved –Repeated letters are mapped to repeated letters Decrypt the following Caesar cipher –Wklv phvvdjh lv qrw wrr kdug wr euhdn –Hints: Observe the following patterns Wrr, wr Wklv, lv

15. © Yingjiu Li 200715 “Unbreakable” cipher: Vigenére Tableau –Same letters are not mapped to the same letters –Encrypt Keyword: hothot (repeat: row) Plaintext: attack (column) ciphertext: hhmhqd –Decrypt Keyword: hothot (repeat: column) Ciphertext: hhmhqd (from that column find c letter) Plaintext: attack (the index of row)

16. © Yingjiu Li 200716

17. © Yingjiu Li 200717 Discussion –Follow me with CrypTool –How “unbreakable” is Vigenére cipher?

18. © Yingjiu Li 200718 Codebook/Zimmermann Cipher A codebook is literally a dictionary-like book containing words and their corresponding codewords. Zimmerman Telegram Februar13605 fest13732 finanzielle 13850 folgender13918 Frieden17142 Friedenschluss17149 What is the key? Compare it with Vigenére cipher w.r.t key size How secure is Zimmermann cipher?

19. © Yingjiu Li 200719 Zimmerman Telegram Decrypted

20. © Yingjiu Li 200720 Perfect Cipher

21. © Yingjiu Li 200721 Vernam Cipher The only unbreakable stream cipher –K: a long, non-repeating sequence of random numbers Exclusive OR PlaintextCiphertextPlaintext PPC KK Secret channel 1 0 =1; 0 1=1 0 0 =0; 1 1=0

22. © Yingjiu Li 200722 Vernam Cipher An example of Vernam Cipher –Alice: –Bob: 1 0 =1; 0 1=1 0 0 =0; 1 1=0 P: 100 010 111 011 110 001… K: 010 011 101 101 010 111… C: 110 001 010 110 100 110… P: 100 010 111 011 110 001… K: 010 011 101 101 010 111… C: 110 001 010 110 100 110…

23. © Yingjiu Li 200723 Discussion Follow me with CrypTool Why is Vernam cipher perfectly secure?

24. © Yingjiu Li 200724 Modern Ciphers Basic ideas: confusion and diffusion Combinations Evaluation

25. © Yingjiu Li 200725

26. © Yingjiu Li 200726 Confusion Permutation operations 1.First remove spaces A legitimate receiver can breakmostmessagesintowordsfairlyeasily 2.Then break messages arbitrarily into blocks of a uniform size (e.g., every five letters) 3.Map each plaintext letter to a unique ciphertext letter (usually in the same alphabet) How many keys for permuting 26 English letters?

27. © Yingjiu Li 200727 Caveat All permutation ciphers are subject to –ciphertext only attack –not to mention known plaintext attack, chosen plaintext and chosen ciphertext attacks

28. © Yingjiu Li 200728 Frequency Attack source: http://knight.cis.temple.edu/~jfiore/2006/fall/386/handouts/ch2/ch2_part2_4ups.pdf

29. © Yingjiu Li 200729 Diffusion –Spread out the message by re-arranging letters

30. © Yingjiu Li 200730 Product Cipher Combinations of confusion and diffusion operations in many rounds –DES (56 bits) 16 rounds –AES (128, 192, 256) 9, 11, 13 rounds Deterministic vs non-deterministic

31. © Yingjiu Li 200731 Evaluation Shannon’s characteristics of good ciphers –Amount of secrecy (key size) determines amount of labor –Set of keys and enciphering algorithm are simple –Implementation is simple –Errors do not propagate –Size of ciphertext is no larger than original message

32. © Yingjiu Li 200732 How Secure is Secure It takes your computer at least 1000 years to break my cipher!! No matter how powerful your computer is, you don’t have enough information to defeat the system !! Computational security Unconditional security

33. © Yingjiu Li 200733 However…

34. © Yingjiu Li 200734 Hands-On Exercise Installation: –Download LabPrep.doc and follow its instructions to install OpenSSL (Win32openSSL-0_9_8d.exe) HHD HexEditor (http://www.asciitable.com/ )http://www.asciitable.com/ JCE (jdk-1_5_0_08-windows-i586-p.exe) –Mac computers have already these tools pre- installed

35. © Yingjiu Li 200735 Hands-On Exercise Testing: –Download LabTest.doc –Follow its instructions in section 2.1 to test openSSL –Follow its instructions in section 2.2 to test JCE

36. © Yingjiu Li 200736 Introduction to OpenSSL OpenSSL is an open source toolkit to ensure secure communication. –Symmetric key (secret key) encryption –Asymmetric key (public key) encryption –Message Digests and digital signatures –Certificates

37. © Yingjiu Li 200737 Example 1: Keys Generation openssl genrsa -des3 -out privkey.pem 2048 genrsa – Generates RSA Key des3 – Password protects the key using triple DES encryption out – Save the key in a file. In this example, its privkey.pem -Size of the key generated. In this example, its 2048 bits

38. © Yingjiu Li 200738 Example 2: Certificate Request openssl req -new -key privkey.pem -out cert.csr req - Generate certificate request. new –New certificate request. key - Specify the file to read the private key from. In this example, its privkey.pem out - Save the request in a file. In this example, its cert.csr

39. © Yingjiu Li 200739 Example 3: Encryption openssl des3 -salt -in file.txt -out file.des3 des3 – Encrypt using the TripleDES algorithm salt - Use a salt in the key derivation routines in - Input file with the clear message out - Output file with the encrypted message –Users will be prompted to enter a password to complete the encryption

40. © Yingjiu Li 200740 Example 4: Decryption openssl des3 -d -salt -in file.des3 -out file.txt des3 – Use the TripleDES algorithm d – decrypt the file salt - Use a salt in the key derivation routines in - Input file with the encrypted message out - Output file with the decrypted message –Users will be prompted to enter a password to complete the decryption

41. © Yingjiu Li 200741 Introduction to JCA and JCE Java Cryptography Architecture (JCA) is part of Java 2 run-time environment.  java.security.* Java Cryptography Extension (JCE) is an extension to JCA and is integrated into Java 2 SDK since the 1.4 release.  javax.crypto.*

42. © Yingjiu Li 200742 JCE Core Classes –Cipher Class Provide the functionality of encryption and decryption –KeyGenerator Class Generate secret keys for encryption and decryption –The SealedObject Class Create an object and protect its confidentiality –The Mac Class Provide integrity protection with Message Authentication Code (MAC). Reference: http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html

43. © Yingjiu Li 200743 Class: java.crypto.KeyGenerator Methods: –getInstance(String algorithm) Creates an instance of KeyGenerator for a specific algorithm such as “AES”,“DES”,”HMACSHA1” –generateKey() Generate a key for the algorithm specified in the KeyGenerator instance

44. © Yingjiu Li 200744 Example: Key Generation The following example generate a SecretKey object using AES. //Create an instance of KeyGenerator with algorithm AES KeyGenerator kg = KeyGenerator.getInstance(“AES"); //Generate the secret key SecretKey mykey = kg.generateKey();

45. © Yingjiu Li 200745 Secure Key Storage JCA provides an extensible architecture to manage keys through KeyStore. A KeyStore object maintains an in-memory table of key and certificate entries, indexed by alias strings, allowing retrieval, insertion and deletion of entries. Keystore files are usually password protected.

46. © Yingjiu Li 200746 Class: java.security.KeyStore Methods: –getInstance (String type) Create an instance of KeyStore of the specified type. –load(InputStream stream, char[] password)) Open keystore with password and load keys from keystore file to memory –getKey(String alias, char[] password) Access the keystore with password and get the key based on a given key alias –setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) Set a new key entry in the keystore –store(OutputStream stream, char[] password) Store this keystore to the given output stream, and protect its integrity with the given password.

47. © Yingjiu Li 200747 Example:Create a null KeyStore object The following sample creates null KeyStore object with password protection. //Create an instance of KeyStore of type “JCEKS”. //JCEKS refers the KeyStore implementation from SunJCE provider ks = KeyStore.getInstance("JCEKS"); //Load the null Keystore and set the password to “changeme” ks.load(null, "changeme".toCharArray());

48. © Yingjiu Li 200748 Example:Set Key Entry The following sample sets the generated key “mykey” in the KeyStore. //Create an instance of KeyStore.SecretKeyEntry using “mykey” KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mykey); //Get key alias name from user input. String alias=args[0]; //Create KeyStore Password KeyStore.PasswordProtection password; password = new KeyStore.PasswordProtection("changeme".toCharArray()); //Set the key entry in the key store with an alias. ks.setEntry(alias, skEntry, password);

49. © Yingjiu Li 200749 Example:Store KeyStore object in file The following sample writes the KeyStore object into a file for storage. //Create a new file to store the KeyStore object java.io.FileOutputStream fos = new java.io.FileOutputStream("keystorefile.jce"); //Write the KeyStore into the file ks.store(fos, "changeme".toCharArray()); //Close the file stream fos.close();

50. © Yingjiu Li 200750 Example:Retrieving Keys from KeyStore The following sample retrieves keys from a KeyStore file. //Open the KeyStore file FileInputStream fis = new FileInputStream("keystorefile.jce"); //Create an instance of KeyStore of type “JCEKS” ks = KeyStore.getInstance("JCEKS"); //Load the key entries from the file into the KeyStore object. ks.load(fis, "changeme".toCharArray()); fis.close(); //Get the key with the given alias. String alias=args[0]; Key k = ks.getKey(alias, "changeme".toCharArray());

51. © Yingjiu Li 200751 A Quick Review Which of the following is subject to frequency attack? 1.Caesar cipher 2. Vigenére 3. Vernam A perfect cipher is? 1.Combination of confusion and diffusion 2.Combination of substitution and transposition 3.Unconditionally secure