Public-Key Encryption and Cryptography

advertisement
Public-Key Encryption and Cryptography
Stanton Vincent
CSC 540: Social, Ethical, and Professional Issues in the Information
Age
Dr. Lyle
April 2, 2015
Overview
With the Information Age well amongst the population in this day and age,
technology is the rave of the twenty-first century. Facebook, Twitter, and Pinterest are
just a few examples of the importance society places on technology and social media.
The amount of personal data and information is exuding from each individual on planet
Earth because of the advancements of technology and the accessibility of it between
people. However, with this much technological communication and private information
flying across the internet, precautions must be made in order to secure this information
and that each individuals’ right to privacy is fortified.
Data encryption is one such way of fortifying an individuals’ amendments and
privacy. Without encryption, hackers and other users of the internet could easily obtain
an individuals’ data, some of which could be private and confidential like credit card
numbers and social security identification numbers. If these were to ever find a place in
the wrong hands, the consequences could be dire. Thus, data encryption exists to make
sure that these scenarios never happen and to ensure high amounts of security on a
persons’ data and communication over a technological channel.
A Brief History
Prior to the 1970s, symmetric-key cryptography had been the only cryptographic
mode: parties involved in covert communications would agree on a shared secret key to
encrypt and authenticate their exchanges. (Certicom) In 1974, Dr. Ralph Merkle created
the basic idea of public-key encryption from his “quarter project”. From this project, the
Public-Key Encryption and Cryptography
seeds of public-key cryptography were sown, where the idea of keys could be publicly
known while the contents of the information exchanges they relate to would remain
essentially secure. (Certicom)
Examples of Public-Key Encryption
Asymmetric cryptography is also known as public-key cryptography. Symmetric
cryptography works like a simple lockbox. The owner locks away something valuable in
the box with a key so that none other may take it, but whomever has the key that unlocks
the box has access to the valuable locked inside. Thus, only the owner of the key or
someone who has a copy of the key can open the box. (Vryonis)
Public-Key cryptography, or asymmetric cryptography, works a bit differently.
Assume Anna has a lockbox with a very special key. The lock on her box has three
states: A (locked), B (unlocked), and C (locked). Also, the box has two separate keys.
The first can only turn clockwise, that is from A to B to C. The second key can only
move counter-clockwise, that is from C to B to A. Anna picks the first key and keeps it
for herself. This key is called the private key because only Anna has it. The second key
is called the public key, which Anna makes a hundred copies of, but she can make
however many she desires. Some of these public keys are given to her friends and
family, while some are left on her desk at work, and she also hangs two of them by the
door at her house. When someone asks for her business card, she also provides them
with a public key. (Vryonis)
2
Public-Key Encryption and Cryptography
Thus, Anna has her private key that turns from A to B to C, and everyone else has
public keys that she provided which turn from C to B to A. With these keys, many
interesting things are possible to execute. (Vryonis)
Firstly, imagine Bill, who has a public key, wants to send Anna a very personal
message. He puts the message in the lockbox and locks it with a copy of Anna’s public
key. Since public keys turn counter-clockwise and Bill is locking the lockbox, the public
key transitions the state from B to A. Now, only a private key can access the message
inside the lockbox, since it is the only type of key that turns clockwise. Thus, only Anna
can access the message from Bill. (Vryonis)
The above example is the basic definition of public-key encryption. Everyone
who has a public key can put documents or messages in the lockbox, lock it, i.e. encrypt
it, and know that the only person who can unlock the box is the person who has the
private key. (Vryonis)
Secondly, suppose Anna puts a document in the lockbox and uses her private key
to lock it. In other words, she changes the state from B to C. Now, anyone with Anna’s
public key can access this document from Anna, since public keys turn counterclockwise. Everyone who owns Anna’s public key knows that this document came
specifically from Anna, since they cannot open the lockbox by turning it clockwise. This
is an example of a digital signature. (Vryonis)
Realization of Public-Key Encryption
Utilizing the above scenarios and examples, a realistic, modern definition and
view of public-key encryption is given. Keys are just very large numbers with many
3
Public-Key Encryption and Cryptography
digits. Users can keep their private key in a text file or in a special app. Public keys can
be placed in an email signature or even a website. Instead of lockboxes, files are locked
and unlocked by using apps and these keys. (Vryonis)
If anyone encrypts a file with a public key, only the individual with a private key
can decrypt it. Alternatively, if the owner of the private key encrypts a file, anyone with
a public key can decrypt it. This use serves as a proof that the owner of the private key
encrypted the file and, thus, digitally signed by the owner. This can be viewed as a
memo created by a boss in which he/she passes it out to the employees with his/her
personal signature on the memo. (Vryonis)
Of course, there are scenarios where public-key encryption can get quite
complicated. An owner of the private key can sign a file and then have someone use their
public key in order to encrypt the file so that only the owner of the private key can read it.
Also, one user, or even an organization, can digitally sign other users’ keys to verify their
authenticity. Thus, as can be seen, public-key encryption can offer many encryption
methods and schemas for many situations. Certainly, public-key encryption offers more
complexity than symmetric encryption. (Vryonis)
Algorithms
Within the field of public-key encryption, there are many types of algorithms
used. Some may be used for the encryption itself, while other algorithms can be used by
hackers to decipher any encrypted message. Additionally, authentication algorithms exist
to verify if a message has not been altered while on route to its intended recipient.
Within the branch of encryption, the RSA (Rivest-Shamir-Adleman) algorithm is
the most common public algorithm in use today with relation to public-key encryption.
4
Public-Key Encryption and Cryptography
In fact, it has been used in Netscape’s Secure Sockets Layer Protocol (SSL) and even
Microsoft’s Private Communications Technology (PCT). (ABCSEO) The great
advantage of the RSA algorithm is it solves the key management problem. However, the
RSA algorithm is not as efficient as the DES algorithm, which is the most widely used
encryption algorithm in the world, with respects to time management. (Grabbe)
Additionally, the RSA algorithm needs larger key sizes, around 1,024 bits instead of the
weak 512, and it is more vulnerable to plaintext and timing attacks than other such
algorithms. (ABCSEO)
A Java program implementing the RSA algorithm is provided in the Appendix.
As can be seen, this program uses BigIntegers as a means to a private key and public key.
First, it outputs the original message before encryption. Then, it uses the private key to
encrypt the message and gives the encrypted message as output. Then, it deciphers the
encrypted message using a public key, or BigInteger, and then outputs the decrypted
message. The output of the RSA program in Java is as follows:
Plaintext: Yellow and Black Border Collies
Ciphertext:983661698216665348264500637219746413051268559862444668803820
92592298117156395858773587836365994162585812681593121788553570784737987
90637852219720576465697138560292629947891863632967992128391246425929118
79604894764833996719794441027243301322294456488382598574520319705748029
2429589977355320433224626523346630
Plaintext: Yellow and Black Border Collies
The entire purpose of encrypting messages is to ensure security and privacy
towards individuals with private communications and data. However, with the successful
5
Public-Key Encryption and Cryptography
fruition of data encryption also comes the successful fruition of the dark-side of
encryption. Hackers have devised some algorithms to decrypt messages even though
they may not have a public key. Examples of these attacks are Known-Plaintext attack,
Man-in-the-Middle attack, and an Implementation attack, just to name a few. If the
hacker has no information as to knowledge of the keys or portions of the data they are
wishing to decrypt, they must revert to a Brute Force attack, using the Brute Force
algorithm to find the exact number for a key. (ABCSEO)
In a Known-Plaintext attack, the attacker knows some of the plaintext contained
within the data and/or message. Thus, they use this information to work backwards in
order to obtain they key used. A Man-in-the-Middle attack is when an attacker is
between two communicators impersonating each party to the other, substituting their keys
with their own. This type of attack is great at obtaining information flowing between two
parties, but the attacker must obtain a key in some way, hacked or not. Finally, an
Implementation attack occurs when the encryption algorithm used for the original
message is badly implemented. Thus, the attacker uses this knowledge of
implementation in order to obtain a key. Usually, encryption algorithms that utilize
random number generators are extremely difficult to use an Implementation attack on.
This type of attack was responsible for breaking Netscape’s Secure Sockets Layer
Protocol. (ABCSEO)
Finally, since attackers have many tools at their disposal to send, create, and alter
encrypted messages and data, there are algorithms to determine if a message is indeed
from the original, intended sender and/or has been manipulated with as it crossed the data
channel. Signing a message with a private key may seem like the optimal choice, but
6
Public-Key Encryption and Cryptography
signing long messages takes a considerable amount of time and is also slower than using
a public key. Additionally, signing with a private key does not ensure that an encrypted
message is not altered in some way. (ABCSEO)
The solution to the above problems lies within a concept known as message
digest. Message digest is a short, fixed-length string that is computed from the original
message using some form of hashing algorithm. If a hashing algorithm can be devised
with properties such that it is impossible to find another message that hashes to the same
value, then it can be used to validate that the received message to which the hash is
attached is the same as the sent one. There are many commonly used algorithms for
generating message digests, such as MD2, MD4, and MD5, where MD stands for
message digest. However, the most commonly used hash algorithm is known as the
SHA, which stands for Secure Hash Algorithm. (ABCSEO)
The SHA is a cryptographic hash algorithm published by the United States
government. However, the algorithm is still quite new, so it is constantly being updated
and fortified so that no faults occur within it. In the appendix, a Java program
implementing the SHA-256 is provided. As can be seen, this program uses the SHA-256
hashing algorithm to generate a hash value for password “123456”. It provides two
methods in order to hash the password into a hexadecimal value. The output of the
program is as follows: (Kyong)
Hex format :
8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
Hex format :
8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
7
Public-Key Encryption and Cryptography
All-in-all, there exists many types of algorithms that are useful for encryption.
Some are used for encryption itself, attacking encrypted messages, or even determining if
a message has been tampered with. The field of encryption algorithms is still relatively
new, so advancements are being made on a constant basis. There is still much to learn
and implement within the field of encryption and its manipulative methods.
PGP
Of course, one does not have to manually create a code in order to enact a publickey encryption. There are several programs that exist just for the purpose of public-key
encryption and security. For instance, PGP, which stands for Pretty Good Privacy, is a
downloadable program that offers public-key encryption services at a price. PGP was
free in the past, but now costs $85.00 for one license for one year. (Norton) However,
the public is allowed to download the source code for peer review. (Zimmermann) Links
are provided in the appendix for the source code address and the address to purchase
PGP.
PGP is a product aimed at consumers interested in keeping data and files from
being read by the wrong people or out of the hands of those it doesn’t belong to. It offers
services in file encryption, digital signatures, and even email. This amazing software
encrypts and decrypts data just as the concept of public-key encryption does. However,
PGP does offer the user to provide a digital signature, rather than encrypting an entire file
or email, which is beneficial when they are lengthy. (Hoel)
8
Public-Key Encryption and Cryptography
Conclusion
As can be seen, the fields of encryption and cryptography, just like computer
science, are expanding at an exponential rate. Discoveries are being made left and right,
at a nearly constant basis. Public-key encryption offers every American their right to
privacy and the fortification of the First Amendment of the Bill of Rights. Thus, it is
vital and important to further advance the field so security and privacy attain an absolute
maximum value to provide to every individual across the United States. So much so, that
the right to privacy is never abused and taken advantage of ever again across the cyber
channel and internet for any American.
9
Appendix
RSA Algorithm Code in Java (Brodrick) (Johnston)
//package atnf.atoms.mon.util;
import java.math.BigInteger;
import java.security.SecureRandom;
/**
* Simple RSA public key encryption algorithm implementation.
* <P>
* Taken from "Paj's" website:
* <TT>http://pajhome.org.uk/crypt/rsa/implementation.html</TT>
* <P>
* Adapted by David Brodrick
*/
public class RSA {
private BigInteger n, d, e;
private int bitlen = 1024;
/** Create an instance that can encrypt using someone elses public key. */
public RSA(BigInteger newn, BigInteger newe) {
n = newn;
e = newe;
}
/** Create an instance that can both encrypt and decrypt. */
public RSA(int bits) {
bitlen = bits;
SecureRandom r = new SecureRandom();
BigInteger p = new BigInteger(bitlen / 2, 100, r);
i
Appendix
BigInteger q = new BigInteger(bitlen / 2, 100, r);
n = p.multiply(q);
BigInteger m = (p.subtract(BigInteger.ONE)).multiply(q
.subtract(BigInteger.ONE));
e = new BigInteger("3");
while (m.gcd(e).intValue() > 1) {
e = e.add(new BigInteger("2"));
}
d = e.modInverse(m);
}
/** Encrypt the given plaintext message. */
public synchronized String encrypt(String message) {
return (new BigInteger(message.getBytes())).modPow(e, n).toString();
}
/** Encrypt the given plaintext message. */
public synchronized BigInteger encrypt(BigInteger message) {
return message.modPow(e, n);
}
/** Decrypt the given ciphertext message. */
public synchronized String decrypt(String message) {
return new String((new BigInteger(message)).modPow(d, n).toByteArray());
}
/** Decrypt the given ciphertext message. */
public synchronized BigInteger decrypt(BigInteger message) {
return message.modPow(d, n);
}
/** Generate a new public and private key set. */
public synchronized void generateKeys() {
ii
Appendix
SecureRandom r = new SecureRandom();
BigInteger p = new BigInteger(bitlen / 2, 100, r);
BigInteger q = new BigInteger(bitlen / 2, 100, r);
n = p.multiply(q);
BigInteger m = (p.subtract(BigInteger.ONE)).multiply(q
.subtract(BigInteger.ONE));
e = new BigInteger("3");
while (m.gcd(e).intValue() > 1) {
e = e.add(new BigInteger("2"));
}
d = e.modInverse(m);
}
/** Return the modulus. */
public synchronized BigInteger getN() {
return n;
}
/** Return the public key. */
public synchronized BigInteger getE() {
return e;
}
/** Trivial test program. */
public static void main(String[] args) {
RSA rsa = new RSA(1024);
String text1 = "Yellow and Black Border Collies";
System.out.println("Plaintext: " + text1);
BigInteger plaintext = new BigInteger(text1.getBytes());
BigInteger ciphertext = rsa.encrypt(plaintext);
System.out.println("Ciphertext: " + ciphertext);
iii
Appendix
plaintext = rsa.decrypt(ciphertext);
String text2 = new String(plaintext.toByteArray());
System.out.println("Plaintext: " + text2);
}
}
SHA-256 Algorithm Code in Java (Kyong)
package com.mkyong.test;
import java.security.MessageDigest;
public class SHAHashingExample
{
public static void main(String[] args)throws Exception
{
String password = "123456";
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(password.getBytes());
byte byteData[] = md.digest();
//convert the byte to hex format method 1
iv
Appendix
StringBuffer sb = new StringBuffer();
for (int i = 0; i < byteData.length; i++) {
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100,
16).substring(1));
}
System.out.println("Hex format : " + sb.toString());
//convert the byte to hex format method 2
StringBuffer hexString = new StringBuffer();
for (int i=0;i<byteData.length;i++) {
String hex=Integer.toHexString(0xff & byteData[i]);
if(hex.length()==1) hexString.append('0');
hexString.append(hex);
}
System.out.println("Hex format : " + hexString.toString());
}
}
Link for PGP Purchase
http://buy.symantec.com/estore/clp/productdetails/pk/endpoint-encryption
Link for PGP Source Code
http://www.symantec.com/connect/downloads/symantec-pgp-desktop-peer-review-source-code
v
Bibliography
ABCSEO. Public-Key Algorithms. ABCSEO.com, 2006. Web. 2 Apr. 2015.
Brodrick, David. Simple RSA public key encryption algorithm implementation. : RSA <<
Security << Java. Java2S, N.D. Web. 2 Apr. 2015.
Certicom. The origins of public-key cryptography and ECC. Blackberry, N.D. Web. 1
Apr. 2015.
Grabbe, J. Orlin. The DES Algorithm Illustrated. University of Berlin, N.D. Web. 2 Apr.
2015.
Hoel, Jeremy. PGP for Everyday Use. SANS Institute, 3 Apr. 2015. Web. 3 Apr. 2015.
Johnston, Paul. Java RSA Code. BSD, 13 Jul. 2009. Web. 2 Apr. 2015.
Kyong, M. Java SHA Hashing Example. 24 Feb. 2010. Web. 2 Apr. 2015.
Norton. Symantec Endpoint Encryption (powered by PGP Technology). Symantec, 2015.
Web. 3 Apr. 2015.
Vryonis, Panayotis. Explaining public-key cryptography to non-geeks. Longaccess, 27
Aug. 2013. Web. 1 Apr. 2015.
Zimmermann, Philip. Where to get PGP. Philip Zimmermann & Associates LLC, N.D.
Web. 3 Apr. 2015.
Download