DataCommunication&Networks Cryptology Cryptology Social importance - first military use now very important for internet, electronic transactions and electronic payment transaction, also science and economy economy espionage is wide spread History - - cryptography is as old as the writing transmitted from the antiquity "Skytale von Sparta" 2500 years ago, for encryption of military messages message on a paper winded on a cylinder; after curling it up there was no sense in it (but very easy to crack) KR L O Aus MA S P - - - Y G C A P I H S T O E wird KLMSROAPYGCAPIHSTETSO. T S another is lettering of Cesar alphabet was shifted on a special number (but also very easy to crack) 16th century Blaise de Vegniere used polyalphabetic coding different key-alphabets for every letter more difficult to crack first algorithm was published in 1863 by Kasiski second in 1925 Friedman both were basics of the crypto analysis 20th century cryptography was very important for the war technology Chiffrierzylinder several discs were the alphabet was marked in a special way - for cracking a special set of discs in a special way was used every letter was with a different disc encoded M94 (USA); CSP 642 (Jap) 1 DataCommunication&Networks Cryptology - rotor maschines many discs beside by electrical grind contact many substitutions took out by encoding the discs rotated after every letter (left or right) very complex and difficult ENIGMA - 50s first computer programs for encoding with mathematic methods Cryptology - 2 sides: encryption of messages and cracking of these another differentiation is : visualization of an encryption (everybody knows that it is encrypted) or you have to find out whether a message is encrypted or not (non visualization) - originally cryptography was only for encoding messages, now its more: o keep secret of the message content o security of the integrity and origin of the message o identification of the communication partner(special id-name & id-no. temporary IP) o authentication (improvement of identity)-by digital signatures o transmit a message by using an ordinary information - not visible changes in a picture or music file can include many pages of text steganography key management symmetric encoding: same key for communication partner asymmetric encoding: private key; communication partner has a public key crypto analysis cares about making secret information visible and to identify anonymous communication partners - - 2 DataCommunication&Networks Cryptology Steganography - covered communication very simple method is the link of several first letters of an open message possible by using other positions of the words or a special pattern, too mathematic method for encoding is the number of letters in a word even=0(bit) -- uneven=1 digital messages hidden in a text or picture(high expenditure) bits are written in the color value of the pixel - principal: replace unimportant data by secure information - mostly the messages are written in the LSB (least significant bit) per byte of the original data one bit of the secure information is hidden but before entering the bit values an encoding method is used and after that the an image comprime method some programs: JPEG-JSTEG; PGE(Pretty Good Envelope); Steganos II; S-Tools 4; Texto; MP3 Stego; - Symmetrical method - usage of the same key for coding and decoding of the information e.g.: 'Morsecode', 'Lochschablone'(marks only few of a collection of letters and numbers) book page code-> only page number, column number and word position is sent (without knowing the book, this method is really difficult) - shifting the letters of the alphabet, so that a new one results (Cesar) - irregular instruction of the letters (Substitution) very simple - better is a code without a regular method (not every letter appears in the same way) polyalphabetic coding several key alphabets with different shifting constants (by a key word) Alphabet A B C D E F G H I I J J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H N O P Q R S T U V W X Y Z A B C D E F G H I Key alphabets F G H I J J K L M K L M N O P Q R S T U V W X Y Z A B C D E O P Q R S T U V W X Y Z A B C D E F G H I R S T U V W X Y Z A B C D E F G H I 3 J J K L M N K L M N O P Q DataCommunication&Networks Cryptology M N O P Q R S T U V W X Y Z A B C D E F G H I A B C D E F G H I J J K L K L M N O P Q R S T U V W X Y Z T U V W X Y Z A B C D E F G H I I J J K L M N O P Q R S K L M N O P Q R S T U V W X Y Z A B C D E F G H K L M N O P Q R S T U V W X Y Z A B C D E F G H I HALLO=PNQZF - the most important standard methods are today DES(Data Encryption Standard) and IDEA(International Data Encryption Algorithm) DES: developed by IBM, in 1977 normed as US-encryption standard - by NBS(National Bureau of Standards) but can be cracked in a few days coded text results in blocks by several mathematical operations like permutations, non linear substitutions and logical multiplication individual key for user text is separated in blocks of 64bit length; the key is mostly bigger operations are quite simple: advantage - good direct implementation into the hardware and high speed for coding and decoding IDEA: uses 64bit blocks, too but uses longer keys more security, because the still coded text is coded more times by the same method result is the 8th loop can be implemented into the hardware very good, too key distribution/exchange--the secure transfer of the key to the receiver of the message key management—many key pairs to be managed in network (there should be frequently change of the key) Asymmetric Method - concept of public-key cryptography was introduced in 1976 by Whitfield Diffie and Martin Hellman uses one public key(decoding) and one private key(encoding) intention to keep the process of transforming plain text to cipher text relatively easy and the reverse process of converting cipher text to plain text effectively impossible One- way function 4 J DataCommunication&Networks Cryptology - encryption and decryption are two mathematical functions that are inverses of each other - additional thing you can do with public key technology is to generate a digital signature on a message digital signature is like an electronic fingerprint that only the private key holder can generate - - most commonly used implementation of public key algorithm is RSA approach RSA Algorithm - developed by Rivest, Shamir and Aldeman in 1977 select two random prime numbers p and q (normally 500 digits at length) simple example: p=3 q=11 compute n with n= p*q n=33 compute O(n)=(p-1)(q-1) O(n)=20 5 DataCommunication&Networks Cryptology - - select a small odd integer e that is relatively prime to O(n) e=3 compute d as the multiplicative inverse of e modulo O(n) we need e*d mod O(n) = 1 3*7 mod 20 = 21 mod 20 = 1 public the pair P=(e,n) as the public key keep secret the pair S=(d,n) as private key encrypt message M (example a c=’3’) with C=Me mod n C=33 mod 33= 27 decrypt message C with M=Cd mod n M=277 mod 33= 3 public key cryptography mostly use for secure E-commerce to fit the following four requirements confidentiality = protecting data from all but the intended receiver (s) authentication = proving identity integrity = ensuring no unauthorized alteration of data non- repudiation = preventing an entity from denying previous commitments or actions simple applications and their underlying technology secure mail SMIME protocol secure web browsing SSL(Secure Socket Layer) protocol, developed by Netscape o example: the following is a way SSL uses public key cryptography techniques for authentication (where Alice wants to authenticate Bob): 1. Alice sends some random message r to Bob. 2. Bob encrypts r using his private key and sends to Alice. 3. Alice decrypts the data sent by Bob using Bob's public key and compares it with r (that she sent) to find out the identity of Bob. o because Bob's private key is known only to Bob, he could only have encrypted the message r if the comparison at Alice's end was successful secure credit card transactions supported secure electronic transactions (SET) protocol, designed by VISA and MasterCard. 6 DataCommunication&Networks Cryptology Cryptanalysis - is the science of cracking codes, decoding secrets, violating authentication schemes in general, breaking cryptographic protocols various techniques attempting to compromise cryptosystems refer to as attacks cryptanalytic attacks are generally classified into six categories that distinguish the kind of information the cryptanalyst has available to mount an attack (listed in decreasing order of the level of difficulty) o ciphertext-only attackcryptanalyst obtains a sample of ciphertext, without the plaintext o chosen-plaintext attackcryptanalyst is able to choose plaintext samples dynamically, and alter his or her choices based on the results of previous encryptions o chosen-ciphertext attackcryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext o adaptive-chosen-ciphertext attackcryptanalyst can mount an attack of this type in a scenario in which he has free use of a piece of decryption hardware, but is unable to extract the decryption key from it Questions 1. What is the difference between symmetric and asymmetric cryptography? Symmetric cryptography: - usage of the same key for coding and decoding of the information - ( shifting the letters of the alphabet, so that a new one results (Cesar) - irregular instruction of the letters (Substitution) - polyalphabetic coding (several key alphabets with different shifting constants) Asymmetric cryptography: - uses one public key(decoding) and one private key(encoding) - intention to keep the process of transforming plain text to cipher text relatively easy and the reverse process of converting cipher text to plain text effectively impossible One- way function - encryption and decryption are two mathematical functions that are inverses of each other 7 DataCommunication&Networks Cryptology 2. Give a short definition of steganography! Steganography: - covered communication - replace unimportant data by secure information - mostly the messages are written in the LSB (least significant bit) 3. What are the disadvantages of the symmetric encryption? - mostly very simple and easy to crack main problem of the symmetric cryptography is the secure transfer of the key to the receiver of the message 4. What requirements must be fulfilled for coding? confidentiality = protecting data from all but the intended receiver (s) authentication = proving identity integrity = ensuring no unauthorized alteration of data non- repudiation = preventing an entity from denying previous commitments or actions 5. What are the advantages of asymmetric cryptography? Public key can be transmitted via every medium, must not be kept secret Not as much keys as in symmetric cryptography key management in a network Everyone can use your public key to send an encrypted message to you Difficult to crack because of the usage of large prime numbers 8