Crytography Chapter 8 Cryptology Cryptography Comes from Greek Kryptos meaning “hidden” Grahein meaning “to write” Process of making and using codes to secure the transmission of information Cryptanalysis Process of obtaining the original message form encrypted message Cryptology Encryption Process of converting an original message into a form that is unreadable to unauthorized individuals Decryption Process of converting the encrypted message (cipertext) into an easily read message (plain text) Basic Definitions Algorithm Programmatic steps to encrypt message Cipher Encryption method or process Ciphertext or cryptogram Encrypted message Code Process of converting unencrypted components into encrypted components Basic Definitions Decipher Convert to plaintext Encipher To encrypt Key or crypto-variable Information used with the algorithm to encrypt Key-space Entire range of values that can possibly be used to construct an individual key Basic Definitions Link encryption Series of encryptions /decryptions between a number of systems Plaintext or clear text The original message Steganography Process of hiding messages Work factor Amount - effort required to perform cryptanalysis Cipher methods Bit stream method Each bit in the plaintext is transformed bit by bit Most common use XOR Block cipher method Messaged divided into blocks Each block is encoded Substitution, transposition, XOR or combination Substitution Cipher Substitute one value for another 3 character substitution to the right Original alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ Encrypted alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC Simple by itself – powerful when combined with other operations Substitution Cipher Polyalphabetic substitution Orig: ABCDEFGHIJKLMNOPQRSTUVWXYZ Sub1: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Sub2: G H I J K L M N O P Q R S T U V W X Y Z A B C D E F Sub3: J K L M N O P Q R S T U V W X Y Z A B C D E F G H I Sub4: M N O P Q R S T U V W X Y Z A B C D E F G H I J K L Sub5: P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Using this technique what is?ZTPG 3 shift to the right is know as the Caesar Cipher Vigenere Cipher Implemented using the Vigenere Square 26 distinct cipher alphabets Header row – normal order Each additional row – shift right Start in first row and find a substitution for one letter Move down the rows for each subsequent letter of plaintext Transposition Cipher Simply rearranges the values within a block Can be done at the bit level or the byte level Key pattern: 1 4, 2 8, 3 1, 4 5,5 7, 7 6,8 3 Julius Caesar was associated with the early version of this cipher also Larger blocks or keys makes cipher stronger Exclusive OR (XOR) Function of Boolean algebra Two bits are compared If identical, result is binary 0 If not identical, result is binary 1 Very simple encryption Not very secure Vernam Cipher One-time pad Uses a set of characters only one time for each encryption process Each character of the plaintext is turned into a number and a pad value for that position is added Sum is then converted back to a cipher text Decryption requires knowledge of pad values or difficult cryptanalysis. Book or Running Key Cipher Cipher text List of codes representing a page number, line number, and word number of the plaintext word. Must know which book was used Hash functions Not an encryption methodology Mathematical algorithm -generates a message summary or digest Fingerprinting Used to determine if it is the same message Not used to decypher Message always provide same hash value if unaltered Hash functions Do not require keys Uses Message Authentication Code (MAC) Key-dependent Used in password verification systems Secure Hash Standard (SHS) Secure algorithm Standard issued by National Institute of Standards and Technology (NIST) SHA-1 Produces a 160 bit digest Family of SHA SHA-256 A 256-bit cipher algorithm Creates a key - encrypting the intermediate hash value with the message block functioning as the key Cryptographic Algorithms Symmetric and asymmetric and hybrid Distinguished by the types of keys they use Symmetric Encryption Requires the same secret key Encryption methods use mathematical operations Both the sender and receiver must have the secret key Primary challenge – getting key to receiver Symmetric Encryption Cryptosystems Data Encryption Standard (DES) Key length of 128 bits 64-bit block size 56-bit key Too weak Triple DES (3DES) Advanced Encryption Standards Used by federal agencies other than national defense Declassified, publicly disclosed, royalty-free Uses block cipher, variable length block, key length of 128, 192, or 256 Asymmetric Encryption Uses two different but related keys Either key can encrypt or decrypt Must use other to perform other function One key private One key public Also know as public key encryption Based on one-way functions One is simple to compute , the opposite is complex Asymmetric Encryption Based on hash value Uses mathematical trapdoor Secret mechanism that enable you to easily accomplish the reverse function in a one-way function. Public key becomes the true key Private is derived form public key using trapdoor Public Key RSA (Rivest-Shamir-Adlemann) First public key encryption algorithm Published for commercial use E-commerce browsers Has become the de facto standard Encryption Key Size Cryptovariable or key size must be decided Length of key increase the number of random selections to be guessed Length of key influences strength The security of encrypted data is NOT dependent on keeping the algorithm secret Depends on keeping some or all of the elements of the keys secret See table on page 367 Public Key Infrastructure (PKI) Integrated system of software, encryption methodologies, protocols, legal agreements, and 3rd part services Based on public key Include digital certificates and certificate authorities Digital Certificates Public key container files that allow computer program to validate the key and identify to whom it belongs. Allows integration of key characteristics to be integrated into business practices Authentication Integrity Privacy Authorization Non-repudiation Digital Certificate Used by third party Certifies the authenticity of the Digital signature is attached Certify that file is from the entity that it claims to be Has not been modified Certificate authority Software agent Manages the issuance of certificates Serves as the electronic notary pubic Verify the certificates worth and integrity PKI Common implementation Systems to issue digital certificates to users and servers Directory enrollment Key issuing systems Tools for managing the key issuance Verification and return cetificates Digital Signatures Created to verify information transferred using electronic systems Currently asymmetric encryption processes are used to create digital signatures Encrypted messages that can be mathematically authentic Used when using DSS (digital Signature Standard) Digital Signatures Process Create a message digest using the hash Input into the digital signature algorithm along with a random number to be used for generating the digital signature Depends upon the sender’s private key and other info provided by the CA Verified by the recipient through use of the sender’s public key Hybrid Cryptography Systems Pure asymmetric keys encryption is not widely used except in digital certificates More widely used as part of hybrid system Diffie-Hellman Key Exchange method Exchanging private keys using public key encryption Asymmetric encryption is used to exchange session keys Limited use keys Temporary communications Steganography Process of hiding information Not technically a form of cryptography Most popular version Hiding information within files that appear to contain digital picture or other images Use one bit per color or 3 bits per pixel to store information. Compute files that don’t use all available bits Protocols for Secure Communication Secure Socket Layer (SSL) Used public key encryption to secure channel Support by most internet browsers Client and server establish HTTP session Client requests access part of web site - requires secure communications Server sends message to client Client respond - sending its public key & security parameters Server finds a public key match Sends a digital certificate to the client Client must verify - digital certificate –received, valid & trustworthy Lasts for duration of session Protocols for Secure Communication SSL Two layers of protocol SSL Record Protocol Compression, encryption and attachment of SSL header Received encrypted messages are decrypted and reassembled Basic security at top level of SSL protocol stack Standard HTTP Internet communication services Protocols for Secure Communication S-HTTP (Secure Hypertext Transfer Protocol) Extended version of hypertext transfer protocol Provides for encryption of individual messages between client and server No session Designed for sending individual messages Securing E-mail Secure Multipurpose Internet mail Extensions (S/MIME) Adds encryption of MIME (Multipurpose Internet Mail Extensions) PEM Uses 3DES symmetric key encryption and RSA for key exchanges and digital signature PGP Pretty Good Privacy Used IDEA Cipher