Cryptography in .Net
Chapters 12-17 (O’Reilly book)
CS 795
References
• Video:
•
http://channel9.msdn.com/Events/aspConf/aspConf/Cryptography-101Using-the-NET-Framework-and-ASP-NET
https://www.youtube.com/watch?v=FFE-72t2Chg
Goals
• Confidentiality---no one else can intercept a
message as it passes from A to B---Encryption is
the answer
• Integrity---message is not tampered as it passes
from A to B --- Hashing is the answer
• Authentication---B wants to be sure to be sure it
is A who has sent the message---digital
signature is the answer
Hashing Algorithms
• Create a message digest or hash code for a
given message
• Hashing algorithms break a message into fixed
blocks (512 or 1024 bits)
• Given a seed value and the 1st block, it produces
a hash code. This hash code and the next block
are fed again, that produce a new hash code.
This continues until the last data block. The final
hash code is the message digest.
.Net Framework Hashing
Algorithms
Name
Input block
size (bits)
Message
limit (bits)
Hash code
size (bits)
MD5
512
264
128
SHA-1
512
264
160
SHA-256
512
264
256
2128
384
2128
512
SHA-384
SHA-512
1024
Programming Hashing Algorithms
• Managed (e.g., SHA1Managed) and unmanaged (e.g.,
SHA1CryptoServiceProvider)
• System.Security.Cryptography.HashAlgorithm class: Methods:
Create, ComputeHash, Initialize, Clear, TransformBlock,
SHA1Managed hash_alg = new SHA1Managed();
Or
hashAlgorithm hash_alg = HashAlgorithm.Create(“SHA1”);
byte[ ] hash_code = hash_alg.ComputeHash(message_data);
To validate hash code, generate a new hash code and compare byteby-byte.
Keyed Hashing Algorithms (MAC)
• These mix a secret key with the message
data blocks when creating a hash code.
• HMAC is one standard to combine secret
key and message data (e.g., HMAC-SHA1)---here the key is used as the 1st data
block
• HMAC-SHA-1 and MAC-Triple-DES
KeyedHashAlgorithm hash_alg = KeyedHahAlgorithm.Create(“HMACSHA1”);
Hash_alg.Key = key_bytes;
byte [ ] hash_code = hasg_alg.ComputeHash(message_data);
Symmetric Encryption
•
•
•
•
•
•
Both parties agree on a secret key
Sender encrypts the message using secret key and sends the encrypted
data
Receiver decrypts the received data using the secret key
To create encrypted data: (i) Data is treated as a number of fixed-size
blocks
(ii) The fixed-size blocks are converted to encrypted blocks
http://msdn.microsoft.com/en-us/library/ff650720.aspx
.Net Framework Encryption
Algorithms
Name
Block size (bits)
Key length (bits)
DES
64
56
RC2
64
40,48,…,128
Triple-DES
64
2 or 3 56-bit keys, expressed as
64-bit numbers
Rijndale (AES)
128,192,256
128,192,256
http://www.javamex.com/tutorials/cryptography/ciphers.shtml
http://www.crypt.gen.nz/papers/backup_encryption.html
Programming Symmetric
Encryption
• System.Security.SymmetricAlgorithm
• Managed (DES, TripleDES, RC2, Rijndeal) and unmanaged
(DESCryptoServiceProvider, TripleDESCryptoServiceProvider…)
• Methods: Create, CreateEncryptor, CreateDecryptor, GenerateIV,
ValidKeySize
• Padding mode: PKCS7 (value of the padding byte is the number of
padded bytes); Zeros (0’s are padded)
• Cipher Modes: ECB, CBC, CFB, CTS, OFB
• KeySizes structure: MinSize, SkipSize (increments), MaxSize of the
range of key sizes
• IV: Initialization vector; .Net Framework has some default value for
it; but it can be changed
• Secret key: Same as in the case of IV
Configuring the Symmetric
Encryption Algorithms
SymmetricAlgorithm algx = SymmetricAlgorithm.Create(“Rijndael”);
//This assigns default values to the parameters; but they may be
changed as follows
algx.BlockSize = 192;
algx.KeySize = 128;
KeySizes[ ] x_size_ranges = algx.LegalKeySizes;
Console.WriteLine(x_size_ranges[0].MinSize);
algx.Padding = PaddingMode.Zeros;
algx.Mode = CipherMode.ECB;
byte[ ] x_secretkey = algx.Key; // Get the secret key value assigned
algx.Key = new byte[ ] {0x64, …..};
algx.IV = new bytes[ ] {…};
Symmetric Encryption (Cont.)
• Encrypting and Decrypting is done by
ICryptoTransform interface
SymmetricAlgorithm algx = SymmetricAlgorithm.Create(“Rijndael”);
ICryptoTransform encryptorx = algx.CreateEncryptor();
ICryptoTransform decryptorx = algx.CreateDecryptor();
See pages 356-358 (O’Reilly book) for an example
Asymmetric Encryption
•
•
•
•
•
•
Public-key encryption
A has a public-secret (or private) key pair
B has a public-secret (or private) key pair
A encrypts a message using B’s public key and sends it to B
B uses corresponding secret key to decrypt it
Main limitation: Very slow relative to symmetric encryption
Creating Asymmetric Keys
•
•
1.
2.
3.
4.
RSA (Rivest, Shamir, Adleman, 1977)
Algorithm:
Choose two large random #s, p and q, of equal length and multiply them together
to create n, the RSA key modulus: n=p*q; If p=23, q=31, n=713
Randomly choose e, the public exponent so that e and (p-1)(q-1) are relatively
prime (i.e., share no common factors except 1). In the above, (p-1)(q-1)=660;
choose e=19
Find d such that d*e = 1 mod (p-1)(q-1)
19d= 1 mod 660; So 19d=661, 1321, 1981, 2641, .. Here, d=2641/19=139
Public key consists of e and n. Private key is d. Discard p and q, but do not reveal
their values.
Why is RSA algorithm secure? Because it is hard to find the factors of a large number.
Here, we are given n. So we have to find factors p and q so that n=p*q
http://msdn.microsoft.com/en-us/library/ff650720.aspx
http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml
Encryption (with asymmetric keys)
•
•
Break the plaintext into small blocks of data
Encrypt each plaintext block using the public key and the encryption
function
• Concatenate the encrypted blocks
• Length of block = trunc[(length of n in the public key -1)/8]
• RSA Algorithm
• Example: Encryption: If m= 25, (n=713,e=19) as the public key, c=(me)mod
n
= (2519)mod 713 = 156
Decryption: c=156, use private key (n=713, d=139), compute m =
cd (mod n) = 156139 mod 713 = 25
• RSA Cipher Demonstration
How secure is Asymmetric Encryption?
Given the public key e and n, how many computations does it
take to discover the private key d?
Once we know factors p and q, it is relatively easy to calculate
d, and decrypt cipher text. So the secret is in the values d,p,
and q.
Symmetric key length (bits)
Asymmetric key length (bits)
64
512
80
768
112
1792
128
2304
Programming Asymmetric
Encryption
• System.Security.Cryptography.AsymmetricAlgorithm
• System.Security.Cryptography.RSA
• System.Security.Cryptography.RSACryptoServiceProvider
Digital Signatures
• Purpose: For receiver to verify the sender (or
author of a document)
• Use asymmetric keys
• Sender signs the message; receiver verifies it
A generates a digital signature on a message using its private key;
B receives the message and the signature;
B uses A’s public key to verify the signature and that the content has not been
changed
Due to the slow performance of the asymmetric algorithms, A first creates a
cryptographic hash code of the message and then applies the signature
algorithm on the hash code.
Joint signatures on a document
DS: Generation/Verification
Private
Key
Message
Hashing Algorithm
Digital
Signature
Signature
function
Hash code
Digital Signature Generation
Public
Key
Digital
Signature
Message
Hashing Algorithm
Hash code
Verification
function
Hash code
Digital
Signature
Digital Signature Verification
Message
Message
RSA Algorithm for DS
Digital signing
Sender A does the following:1. Creates a message digest (hash code) of the information to be sent.
2. Represents this digest as an integer m between 0 and n-1.
3. Uses her private key (n, d) to compute the signature s = m^d mod n.
4. Sends this signature s to the recipient, B.
Signature verification
Recipient B does the following:• Uses A's public key (n, e) to compute integer v = s^e mod n.
• Extracts the message digest from this integer.
• Independently computes the message digest (hash code) of the
information that has been signed.
• If both message digests are identical, the signature is valid.
DS and Encryption/Decryption
• Decryption and signing are identical as far as the mathematics is
concerned as both use the private key.
• Similarly, encryption and verification both use the same
mathematical operation with the public key.
• That is, mathematically, m = (m^e mod n)^d mod n = (m^d mod n)^e
mod n, m < n
• However, note these important differences in implementation:– The signature is derived from a message digest of the original
information. The recipient will need to follow exactly the same process
to derive the message digest, using an identical set of data.
– The recommended methods for deriving the representative integers are
different for encryption and signing (encryption involves random
padding, but signing uses the same padding each time).
DS Algorithms in .Net
•
•
•
•
RSA algorithm (used for encryption and digital signatures)
DSA or Digital Signature Algorithm (only digital signature, not encryption)
Hashing algorithms to be used prior to digital signature generation:
MD5, SHA-1, SHA-256 (minimum key length 256 bit ), SHA-384, SHA512
• http://en.wikipedia.org/wiki/SHA_hash_functions
XML Signatures
•
.Net supports XML signatures specification or
XMLDSIG for XML documents
<book>
<title> Programming .Net Security </title>
<author>Adam Freeman </author>
<year>2004</year>
</book>
(i)
Create a URL reference for the document (page 414, O’Reilly)
(ii)
Create a new instance of the SignedXML class and the URL reference;
(iii)
Create a new asymmetric signing algorithm instance and assign it to the
reference object created along with all other parameters (signing key, etc.)
(iv)
Call ComputeSignature on the reference object.
(v)
Use GetXml().OuterXml to get the signature.
Follow similar procedure for verification of the signature.
• Performance of web services security
• Performance Comparison: Security Design Choices