Secret Key vs Public key Encryption
advertisement
COVER SHEET Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 1 - University of Northampton BSc Computing (Year 3) CSY3023 Internet & Computer Security Marking Tutor: Amir Minai Ben Cole 20214020 Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 2 - Table of contents Cover Sheet Page 1 Front Cover Page 2 Table of Contents Page 3 Abstract/ Preface Page 4 Introduction Page 5 Main Body Page 6-20 Conclusions and Recommendations References Ben Cole 20214020 Page 21 Page 22-24 Internet & Computer Security Assignment One CSY3023 Page - 3 - Abstract/Preface In this paper I am going to take the role of an internet security consultant and develop a suitable security policy for a commercial organisation. This will involve research into and an analysis of a security tool from the internet security Field. To start the paper I will identify the security threats from internal and external sources and recommend a suitable solution that would serve the security requirements of the organisation. I will then my give recommendations to the company. Symmetric cryptography vs. Public key Cryptography The area that the commercial company have asked me to look into is the use of cryptography to encrypt private files that are transferred across the organisations network both locally and globally. Cryptography is used to encrypt private data packets that are sent across networks into a format that can not be read by a user until the data is decrypted. It is a method used to stop hackers from intercepting private data and either changing or corrupting it. There are two types of cryptography that can be used to achieve this task. Symmetric cryptography and public key cryptography, the company have called me in to evaluate the two type of encryption, find the advantages of disadvantages of both and come to a conclusion as to which method is best out of the two. After these two methods have been evaluated I will also research further into the field to determine whether there is any more up to date or more effective methods of encryption available to achieve the task of sending data securely across the organisations network. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 4 - Introduction With the ever growing use of technology in world industry, more and more people are finding a need to transfer computer files across the internet. Reasons for this include sending files such as important financial spreadsheets and memos across both local and wide area networks. It is widely believed that the need to transfer computer files safely has never been greater. The files that are being transferred for commercial purposes are often confidential and therefore not meant to be viewed by anyone other than the intended recipient. However, due to the insecure nature of computer network, this is not always the case. Computer hackers with the correct skills and knowledge can gain unauthorized access to files being transferred across both local and wide area network; this presents a big problem for anyone wishing to transfer files across a network safely. A hypothetical example of this problem, a branch of a bank in London needs to send a customer’s bank details across a network to a branch of their bank in Scotland. The details are sent across the network from London but before the file arrives in Scotland it is intercepted by a hacker and copied. The file is then sent on to Scotland and they are unaware anything has even happened. The hacker now has a copy of a customers confidential bank details and could use them for malicious purposes like identity theft. Transferring file across a network involves sending packets of data from one pc to another, this often involves using sockets. Sockets send the packets of data across networks using TCP (Transmission Control Protocol). A socket is a connection between two hosts; once the two hosts (or peers) are connected they can perform tasks such as sending and receiving data. When peers receive data from one another using sockets, the basic stages are to create the sockets and then connect to the other peer. Once the connection is established the two peers use input and output streams to send files to each other. Once the transmission of data is complete either one or both sides close the connection. To make a network secure it is essential that the sockets used to send the files are secure. For the sockets to be secure the files being sent through Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 5 - them need to be encrypted by the sending peer and then decrypted by the receiver once received. There are two ways to encrypt files being sent through sockets, the first is to use a method called the symmetric key. With this method the same key is used by both peers; they both have access to the key and it is used for both encrypting and decrypting data. The other method of encrypting data is to use an asymmetric encryption keys. To encrypt the data using this method a key known as the public key is used, this key can be seen by anyone. But to decrypt the data once it is received involves the use of another private key that only the receiving peer has access to. In this paper I will analyse both types of ‘keys’ in turn before drawing conclusions on the advantages and disadvantage of each. I will then research further into the use of encryption of data looking for other possible methods of securing files that are transferred. Once the project is complete I will conclude my finding and give my recommendations on the best type of encryption. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 6 - Main Body The aim of this paper is to find the most secure method of encryption to help a commercial company find a way to send data around their global network securely. The first method of encryption I am going to look into is Symmetric keys encryption. Symmetric key encryption uses a single key to both encrypt and decrypt data. For example, suppose that you took a document and placed it in a file cabinet and then locked the cabinet with a key. For you or anyone else to access the document, they would need the key to the file cabinet. Each computer has a secret key (or code) that is used to encrypt a packet of information before it is sent over the network. It is like a code between the two computers that each computer must know in order to decode the packet back into plaintext. Symmetric-key’s requires that you know which computers will be talking to each other so you can install the key on each one. The packet of data is encrypted by the sender using a code that has been previously agreed, the code that encrypts the message provides the key to decoding the message. Then once the receiver has the packet they use that code to decode the message. Say you wanted to send a memo to your boss over the company’s network about resigning your post. The message is only intended to be read by your boss and therefore needs to be encrypted. The original message reads “I quit”, you then create a message coding key in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". Your boss is then sent the key that he needs to decrypt the message. The original message “I quit” is the encrypted and becomes “K SWKV”. The encrypted message is then sent to your boss across the network and once he has received it he can decrypt the message using the symmetric key that was previously sent to him. Figure one shows this process. Anyone else who maybe intercepting messages on the network will only see the encrypted message which to them will seem like a load of nonsense. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 7 - Figure One – Symmetric Encryption Example The message to be encrypted is known as plaintext, this plaintext is transformed by the use of a function or algorithm (known as a cipher) into an encrypted message known as Ciphertext. In symmetric keys the same key is used for encryption and decryption. The example I used in figure one shows a very basic method of encryption, which simply involves shifting down 2 letters in the alphabet, methods like this are known as substitution ciphers. Substitution cipher is not the only method though there are many different types of encryption that use more complex key coding functions. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 8 - There are different types of ciphers, the first and most simple kind of cipher is a substitution cipher. This is the simplest technique, whereby each character in the message is replaced by another using some rule. The order of the encrypted characters is the same as in the plaintext. There are many examples of this technique however most falls into the general category of monoalphabetic substitution. A simple example of this is the one I used in figure one where letters are shifted down 2 places so c becomes e and I becomes K and so on. A more complex example uses a "random" re-ordering of the letters as shown in figure two. Figure Two – Cipher that uses a “random” re-ordering of letter The problem with this type of cipher is that for a professional hacker it would be relatively easy to break. Despite the huge keyspace (26) this can be done using known statistical characteristics of English (or other languages). For example certain letter appears more often like “e” and “t”. Words like “and” are more common and appear in the text more often and certain words may be more likely to be used in the particular context. Another type of Cipher is Transposition Ciphers. Using this system, the order of the plaintext characters is changed, but the characters themselves are not; so the encrypted message would still contains all the same characters as the plaintext. For example, a simple columnar cipher could be constructed as shown in figure three. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 9 - An Example of Transposition Ciphers Plain text message: MEET AT FIVE TODAY Key M O U S E 2 3 5 4 1 M E E T A T F I V E T O D A Y Order in the alphabet Plaintext is written across The Ciphertext is read column wise, starting with this column as “E” is first in the alphabet Ciphertext message: AEYMTTEFOTVAEID Figure Three- A Transposition Cipher The finally type of cipher I will look into is DES or data encryption standard. DES is a block cipher. There are two types of DES, Electronic Code Book (ECB) and Chain Block Cipher (CBC). The basic algorithm for this type of cipher has two stages, the substitution stage and the transposition stage. The substitution stages of DES involve re-arranging the order of the bits from the previous stage, and using the XOR function to combine them with the key. Then, the transposition stage re-arranges (swaps) the positions of all 64 bits; this is shown in figure four. DES decryption is performed by the exact same algorithm as encryption using the same key, the way it is encrypted is just more complex making it more secure and harder to crack than other single key algorithms. Figure four - an example of the Electronic Code Book DES Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 10 - The effectiveness of DES is based on the complexity of the stages. The more complex the stages the more secure the cipher. The diagram in figure four will result in two identical 64-bit ciphertext’s if the same two plaintexts are entered. This type of DES is called the Electronic Code Book (ECB). The other type of DES is the Chain Block Cipher (CBC). In this version of DES each block of plaintext is put through the exclusive OR algorithm with the ciphertext output from the previous encryption operation. Thus, the next block of ciphertext is a function of its corresponding plaintext, the 56-bit key and the previous block of ciphertext; this is shown in figure five. Figure five - an example of the Chain Block Cipher DES With this method identical blocks of plaintext no longer generate identical ciphertext, unlike with the electronic code book method discussed previously; this makes the encryption even harder to crack. Chain block cipher is the most secure type of symmetric key encryption that can be used. The next method of encryption I am going to investigate is asymmetric key encryption; asymmetric key encryption is also known as public key cryptography. With this encryption method each user that is sending or receiving data packets has two separate keys. One of the keys is known as the public key and the other the private key. To encrypt the data using this method the key known as the public key is used, this key can be seen by anyone on the network including a potential hacker. The difference between this method and symmetric keys is that to decrypt the data once it is received involves the use of another key; this key is called the private key. Only the receiving peer has access to this private key and it is not known to anyone else on the network. For example if compuer1 needed to send a message to compuer2 then Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 11 - compuer1 would ask compuer2 for their public key. Compuer2 would then send their public key to compuer1 using an insecure connection, compuer1 then uses compuer2’s public key to encrypt the data and send it. Once the data has been received compuer2 can use their private key to decrypt the data, only compuer2 can decrypt this data because although you only need the public key to encrypt the data you need both public and private keys to decrypt it; the diagram in figure five shows this process more clearly. No one else knows compuer2’s private key and therefore no one else can decrypt the data. Figure six – asymmetric key encryption Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 12 - The reason only computer2 can decrypt the data is because computer2’s public and private keys are combined in what’s known as a key set or shared secret. You can encrypt data with just the public key, but you need both keys in the key set to decrypt the data. A digital signature is a type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper. Digital signature’s normally have two algorithms, one for signing which involves the user's private key, and one for verifying signatures which involves the user's public key. The signature provides authentication of a "message" or document. These digital signatures are used to create public key infrastructure (PKI) in which a user's public key is tied to a user by a digital identity certificate issued by a certificate authority identification. The example below involves user1 and user2 wishing to share data. With his private key and the right software, user1 puts digital signatures on the data to be sent. The digital signature is like a "stamp" which is unique to the user and very difficult to forge. The signature also assures that any changes made to data that has been signed can not go undetected. To sign a document, the software will crunch down the data into just a few lines by a process called "hashing". These few lines are called a message digest. User1 then encrypted the message digest with his private key and the result is a digital signature. The software will then append the digital signature to the document. The data is then sent to User2 who’s software decrypts the signature using User1‘s public key changing it back into a message digest. If this worked, then it proves that the data was signed by User1, because only User1 knows his private key. User2 then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then User2 knows that the signed data has not been changed. To make this system even more secure the data can also be signed to a digital certificate that is issued by a trusted third party. The trusted third party can create the certificate by signing the public key to the certificate along with some common information about the user who owns the public Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 13 - key. Common certificate’s includes data such as personal information about the owner of the key like name and address, Information about the certificate like expiration date and serial number and the public key. When using digital signature’s if User2 receives data they can first check User1’s trusted certificate to ensure that the public key they have received truly belongs to User1. Furthermore, to verify the signature on the document, user2’s software first uses the public key of the certificate authority's to check that the signature on User’s certificate is valid. Algorithms that are used to encrypt data in asymmetric keys are different to the one’s that encrypt data for symmetric keys. Common algorithms for asymmetric keys are RSA, DSA and ELGAMA. RSA stands for Rivest Shamir Adleman which is the surnames of the three people who invented the algorithm. RSA algorithm is used for both asymmetric key encryption and digital signatures. RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated using the method shown in figure seven. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 14 - RSA encryption and decryption Note: The parameters used here are very small to make the example as simple as possible 1. Choose two prime numbers p = 61 and q = 53 2. Compute n = 61 * 53 = 3233 3. Compute the totient 4. Choose e > 1 coprime to 3120 e = 17 5. Compute such that e.g. by computing the modular inverse of e modulo : d = 2753 17 * 2753 = 46801 = 1 + 15 * 3120. The public key is (n = 3233, e = 17). For a padded message the encryption function is: The private key is (n = 3233, d = 2753). The decryption function is: For example, to encrypt m = 123, we calculate To decrypt c = 855, we calculate . Figure seven – RSA algorithm example Another asymmetric key algorithm is The Data Encryption Standard or DES. This algorithm was developed and endorsed by the U.S. government in 1977 as an official standard and forms the basis for Automatic Teller Machine’s (ATM’s) PIN authentication system. In light of new computer Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 15 - hacking technology Triple-DES (3DES) has also emerged as a stronger method. This 3DES using standard DES encryption but triple-DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of about 112-168 bits. It is widely believed that the larger the key’s bit block size is the harder it is to crack, figure eight show a table of most of the common algorithms used to encrypt asymmetric keys, the output size of the algorithm along with the block and length size that can be generated. Algorithm Output size (bits) Internal Block Length Word state size size size size HAVAL 256/224/192/160/128 256 1024 64 32 MD2 128 384 128 No 8 MD4 128 128 512 64 32 MD5 128 128 512 64 32 PANAMA 256 8736 256 No 32 RadioGatún Arbitrarily long 58 words 3 words No 1-64 RIPEMD 128 128 512 64 32 RIPEMD-128/256 128/256 128/256 512 64 32 RIPEMD-160/320 160/320 160/320 512 64 32 SHA-0 160 160 512 64 32 SHA-1 160 160 512 64 32 SHA-256/224 256/224 256 512 64 32 SHA-512/384 512/384 512 1024 128 64 Tiger(2)-192/160/128 192/160/128 192 512 64 64 WHIRLPOOL 512 512 512 256 8 Figure eight – Common encryption algorithms The next section of this paper is an evaluation of the two types of key encryption methods discussed in this paper and the advantages and disadvantages of each. The advantages of symmetric keys are that they are much faster and easier to implement. Encryption algorithms used with symmetric keys like substitution and transposition ciphers are much easier to understand than the algorithms used with asymmetric keys like RSA and DSA. The keys that are generated from symmetric key encryption are also much smaller than asymmetric keys and take less time to create which mean they take up less network bandwidth when in use there for reducing the use of system and Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 16 - network resources. Due to this reduce in network resources and the keys being much smaller they can transfer between parties up to up to 10,000 times faster. The advantage of asymmetric keys is that they are much more secure than symmetric keys. This mean the data that is being sent has less chance of being intercepted by a malicious third party. The hypothetical example in figure nine shows the big disadvantage of symmetric keys which in turn shows why the use of asymmetric keys means your data will be much more secure in transmission. Figure nine – Symmetric key encryption problem Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 17 - As shown in figure nine the major problem with using the symmetric key encryption method is that the key has to be sent un-securely across the network so that the receiver knows how to decrypt the message. If the key is intercepted and then a hacker could easily intercept and successfully de-crypt any data that is sent using that key to encrypt it. When using asymmetric keys the public key is sent across the network un-securely just the same as it is with symmetric keys however the difference is that if the key is intercepted by a hacker they will still be unable to decrypt an data they intercept because they will also need the private key that was used to encrypt the data. The disadvantage of asymmetric keys is that the algorithms used to encrypt the data are highly complex and therefore very hard to implement. This is also as a disadvantage as data encrypted with these algorithms tends to be much larger than data encrypted with methods like substation cipher this is because the key’s bit block size is much larger. This is a disadvantage because transfer of the data will subsequently be much slower. The advantage of using a complex algorithm though is that highly complex algorithms make it near impossible for a hacker to decrypt the data without having access to both the public and private key used to encrypt the data. After evaluating both methods it is clear that asymmetric keys are much more secure than symmetric keys due to the use of both public and private keys to encrypt data and more complex methods of encrypting the data originally. In next section of this paper I am going to research into other encryption methods that can be used to encrypt data and try to find any that are more secure that asymmetric keys. Another method of key encryption is a system called Kerberos; Kerberos is named after a three headed dog from Greek methodology that guarded the gates of the dead and decided who could enter. With Kerberos there are three parties present, the Kerberos server the applicant host and the verifier host. The applicant host is the equivalent of user1 in previous examples and the Verifier host the equivalent of user2; the names have been Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 18 - changed so it is easier to define the keys that are sent from the kerberos server. The process of using Kerberos to send data is explained in figure ten. Figure ten – Kerberos The Kerberos server is used to manage security by encrypting data sent between parties with symmetric keys and overlooking the whole process, Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 19 - in this system it is impossible for the applicant and verifier to communicate without authorisation from the kerberos server. The main advantage of kerberos is that the transferring of data is done using symmetric keys once all the authorisation has been complete this means that the transfer of data is much faster than using asymmetric keys and a lot easier to implement. The other advantage of kerberos is that although the process uses symmetric keys, which were previously concluded to be less secure than asymmetric keys, the system is still secure. The reason the system is as safe is that the users both have to get the key that they use to transfer packets from the kerberos server and to get this key the kerberos server has to authorise that the two parties are not malicious using a login and ticket granting tickets. Connections between the server and the hosts are also secured from interception using symmetric keys, this key is supplied to the user when they register with the server (AS or VS key in the figure ten) meaning that this system is almost completely secured from interceptions. One disadvantage of this system is that one central server handles all the functions required for authentication and if this server goes down no one can get authenticated meaning the whole network is down. The other disadvantage of kerberos is that the kerberos server clock and the host machines clocks must be synchronised to ensure that time stamps are valid and stay valid. Think of it this way, when host is issued with a service ticket the time stamp might say the ticket is valid for one hour, but if the server clock is one hour out of sync with the hosts clock the ticket will be immediately invalid, this problem can however be solved with the use of network time protocol Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 20 - Conclusions and Recommendations After researching into symmetric and asymmetric keys I concluded that asymmetric keys were much more secure than symmetric keys this conclusion was made with the needs of the commercial company in mind. My reason are highlighted in this section The main advantage of the company using asymmetric key is the fact that with data packets being transferred all around the globe there is a much bigger chance of the data being intercepted than if the packets were just being transferred locally. The disadvantages of the company using asymmetric keys and the advantages of using symmetric keys is that symmetric keys are much cheaper and easier to implement due to the less complex nature of the algorithms that create the encrypting and decrypting methods. This means that transfer across the global network would be much faster (up to 10,000 times) and cheaper to implement than asymmetric keys. However, because the scope of data transfer is so large, anyone in the world could be listening; symmetric keys are just not plausible as they are far too insecure. This means that although asymmetric keys are much larger, more expensive to implement and use much more network if it was a choice between the two then asymmetric keys would be the only plausible option. Luckily there is a third type of encryption the company can use. This method is called kerberos. Kerberos involves a central server that authenticated the transferring between hosts of all symmetric keys. Using kerberos there is almost no chance of the symmetric keys being intercepted making them just as secure as asymmetric keys. This means that the commercial company can use symmetric keys and have all the cost and speed advantages of them, with the added assurance that the data being sent is completely secure. Some well known companies that use kerberos for there network security are Cisco, Microsoft and Apple In conclusion kerberos is the most cost and network bandwidth efficient solution for sending data packets around a global commercial company. My recommendation to the commercial company is that they use kerberos for there network security. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 21 - References Lecture Notes Minai, A. (2007). DES-ASE-RSA. Internet & computer security, CSY3023. University of Northampton, Nov 2007. Minai, A. (2007) Kerberos, Internet & computer security CSY3023. University of Northampton, Nov 2007. Websites Anon. (cited 2008). Introduction to Encryption [online]. Available on: http://194.81.104.27/~amir/02-net-mgt/16-intro-enc.html#fn1 [16/02/2008]. Anon. (2008). RSA Algorithm [online]. Available on: http://www.dimgt.com.au/rsa_alg.html [17/02/2008]. Anon. (cited 2008). Encryption Algorithms [online]. Available on: http://www.mycrypto.net/encryption/crypto_algorithms.html [17/02/2008]. Anon. (2007). Symmetric Key Cryptography [online]. Available on: http://proprofs.com/mwiki/index.php?title=Symmetric_Key_Cryptography [16/02/2008]. Anon. (2008). How Kerberos Authentication Works [online]. Available on: http://learn-networking.com/network-security/how-kerberos-authenticationworks [18/02/2008]. Posey, B.M. (2002). Understanding the Differences between Public Key and Symmetric Key Encryption [online]. Available on: http://www.brienposey.com/kb/public_vs__symmetric_key_encryption.asp [16/02/2008]. Tyson, J. (cited 2008). How Encryption Works [online]. Available on: http://computer.howstuffworks.com/encryption2.htm [16/02/2008]. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 22 - Diagrams Figure Two – Cipher that uses a “random” re-ordering of letter Anon. (cited 2008). Introduction to Encryption [online]. Available on: http://194.81.104.27/~amir/02-net-mgt/16-intro-enc.html#fn1 [16/02/2008]. Figure four - an example of the Electronic Code Book DES Anon. (cited 2008). Introduction to Encryption [online]. Available on: http://194.81.104.27/~amir/02-net-mgt/16-intro-enc.html#fn1 [16/02/2008]. Figure five - an example of the Chain Block Cipher DES Anon. (cited 2008). Introduction to Encryption [online]. Available on: http://194.81.104.27/~amir/02-net-mgt/16-intro-enc.html#fn1 [16/02/2008]. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 23 - Figure eight – Common encryption algorithms Barreto, P.S.L.M. (2006). The Hash Function Lounge [online]. Available on: http://paginas.terra.com.br/informatica/paulobarreto/hflounge.html [18/02/2008]. Ben Cole 20214020 Internet & Computer Security Assignment One CSY3023 Page - 24 -
