Security fundamentals Topic 4 Encryption Agenda • • • • • • Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography Cryptography • Means ‘secret writing’ – Taking plaintext and encrypting it into ciphertext – Ensure confidentiality and integrity – Store confidential data – Authenticate users – Protect passwords – Ensure identity Uses of cryptography • Confidentiality – Only authorised people can access data • Data Integrity – Unauthorised modifications to the data are detected (protection from man-in-middle attacks) • Authentication – Data originates from the legitimate source/destination • Non-repudiation – Ensures a user cannot deny performing a task or sending data (cannot refute signing a contract) • Anti-replay protection – Prevents a message being intercepted and replayed (re-sent) at a later time Algorithms and keys • A mathematical formula that is applied to data to convert plaintext to ciphertext or ciphertext to plaintext. C = f(M) • Weakness: If the algorithm is not secret it can be used to decrypt any message • Key: A key varies the function of the algorithm • The strength of the encryption is in the key not the algorithm • If the key is discovered, only the messages encrypted with that key are compromised Strength of cryptographic methods • How difficult it is for unauthorised people to reconstruct the plaintext from ciphertext? • The strongest algorithms are those that have been made publicly available for cryptographers to try to break • Good cryptography creates ciphertext that appears to be entirely random • It can only be broken by discovery of the key (theft or social engineering) or by brute force: Trying every possible combination • Increase the strength of encryption by increasing the key length, complexity and/or changing the key frequently • 64 bit key length = 12000 years to brute force • Encryption is strong enough when it becomes impractical for an attacker to carry out a brute force attack Making encryption secure • Increase the key length • Keys should be chosen at random and not be predictable • Change keys where appropriate • Some governments (USA) restrict the use and import/export of encryption technologies Symmetric encryption • Uses the same key for encrypting and decrypting data • Uses a shared secret Uses of symmetric encryption • Primary use is to provide confidentiality (not data integrity, authentication, non-repudiation or antireplay protection) • Anyone who possesses the key can decrypt the message • Symmetric encryption works well to provide confidentiality and the key can easily be kept secret – does not work well where the key has to be distributed to many others. • Number of keys required n(n-1)/2 (10 people will require 45 keys) • If many people share a single key there is greater probability that the key will be not be kept secret Advantages of symmetric encryption • Easy to use • Encryption/decryption is fast • Used when the confidentiality of the key can be easily managed and large amounts of data need to be encrypted Symmetric encryption algorithms • DES: Data Encryption Standard – 56 bit key, relatively slow – Used in EFS for Windows 2000 • 3DES: Triple DES – 3 encryption passes on the data using 56 bit keys – More secure and widely used • AES Advanced Encryption Standard, Rijndael – Key lengths of 128, 192, 256 bits – Current standard used by NIST National Institute for Standards US Symmetric encryption algorithms • IDEA: International Data Encryption Algorithm – 128 bit keys – Patented and requires licensing for commercial use • Blowfish: – Extremely fast, variant is Twofish, free for use of any kind – Variable length keys from 32 bits to 448 bits • RC4: – Stream cipher, use in WEP for wireless, modifies the key as successive portions of text are encrypted – Uses variable key lengths Hash functions • Is a type of encryption that takes data of any length and encrypts it to a fixed length string called a hash (or a digest) • Hash functions are one way functions, the original data cannot be reconstructed from the hash • A hash is used to prove data integrity and not used for confidentiality. Hashes are generated at different times and compared, if the hashes are identical then the message has not been changed • A good hash results in a large unpredictable change in hash, even when there is just a very small change in the original data • Hashes are a fixed length so that an attacker cannot deduce the original length of data • A good hash ensures that it is unlikely that another message will produce the same hash Hash uses • To guarantee data integrity • To store passwords (Windows NT Challenger/Response NTLM) • Digital signing Hash algorithms • SHA1: Secure Hash Algorithm: – 160 bits long slower – use in govt agencies • MD5/MD4 Message Digest: – 128 bits long – used in applications that don’t have to comply with US government requirements Public key encryption • Public key available to anyone, private key must be kept secret • Person who uses private key, generates key pair- the public key stored in a certificate (send the private key to a CA to create the certificate) • A brute force attack can derive a private key from the public key – increase the key length to make that infeasible • Anyone can encrypt data using your pubic key: only you can decrypt using the private key • You can encrypt using private key and anyone can decrypt using the public key • In a key pair the public key is based on the product of two large prime numbers: the private key is based on the numbers itself • Based on the idea that there is no known way to discover two large prime numbers from just their product Digital signing • Authenticate an email, file or program • Encrypt the item with the private key, recipient decrypts with the public key • Encrypt a hash of the message (saves time) • Create a hash of email message, sign the hash by encrypting with private key • Recipient decrypts the hash by using your public key to verify that you sent the message • Recipient performs the same hashing function to compare the hash sent with message, if both match then integrity is verified • Because only the public key can be used to decrypt a message signed with the private key, signing proves non-repudiation Public key encryption uses • Confidentiality: – encrypt with your public key – only your private key can decrypt • Data Integrity: – digital signing ensures that a message is not changed • Authentication: – ensures a specific private key was used to sign the message • Non-Repudiation: – recipient can be sure that only the owner signed the message (if key not compromised) Algorithms • Public key encryption is slow, inefficient for large amounts of data • RSA: Ron Rivest, Adi Shamir, Leonard Adleman – Now free and de facto standard • Diffie-Hellman: Whitfield Diffie and Martin Hellman – Enables two people to exchange a secret key over an insecure medium without first agreeing on a shared secret – used to establish a VPN tunnel • Elliptic Curve cryptography: – Uses secure shorter keys for small storage spaces- smart cards and handhelds Combining symmetric and asymmetric encryption • The EFS process: – OS creates a random File Encryption Key – Symmetric algorithm (3DES, DES) used to encrypt the file using the FEK as the key – OS retrieves the users public key from users profile – OS uses RSA to encrypt the FEK with the users public key and stores in DDF field of header – OS retrieves the public key for each EFS recovery agent – OS uses RSA to encrypt the FEK of each recovery agent with their public key and stores in DRF field of file header • To open file: – OS retrieves users private key – stored on users computer – OS uses RSA with users private key to decrypt DDF and retrieve FEK – OS uses FEK to decrypt the file Summary • Why we use encryption • What the term cryptography means and why we use it in computer security • How symmetric encryption, hash functions and public key or asymmetric encryption work • Applying cryptography and uses of cryptographic functions