Cryptography - cs.stir.ac.uk · Computer-Security-&-Forensics Autumn-2014 Cryptography...

Cryptography

Computer-Security-&-Forensics-

Security-in-Compu5ng,-Chapters-2-&-12

Autumn-2014Computer-Security-&-Forensics

• Using-Encryp5on-

•Commercial-Encryp5on-

•Cryptographic-Hash-Func5ons-

•Public-Key-Encryp5on-

•Digital-Signatures-

•Cer5ficates

Cryptography-F-Topics

! Background-

! Symmetric-&-Asymmetric-Encryp5on-

! Cryptographic-Algorithms-

! Cryptographic-AKacks-

! Crea5ng-Encryp5on-Algorithms

2


Cryptography

“Cryptography-is-the-study-and-prac5ce-of-protec5ng-informa5on-by-data-

encoding-and-transforma5on-techniques.-It-includes-means-of-hiding-

informa5on-(such-as-encryp5on)-and-means-of-proving-that-informa5on-is-

authen5c-and-has-not-been-altered-from-its-original-form-(such-as-digital-

signatures).”--F-www.corestreet.com-

! Cryptography-plays-a-significant-role-in-mee5ng-the-security-requirements-of--

! privacy-

! authen5ca5on-

! integrity

3


Cryptography-&-Privacy

! Encrypted-data-is-private-data-

! If-I-wish-to-send-you-a-private-

message,-I-can-encrypt-it-with-a-

method-that-is-known-only-to-you-

and-me-

! An-eavesdropper-would-need-to-

work-out-what-the-encryp5on-

method-was-and-usually-which-

par5cular-‘key’-is-required-to-read-

the-message-

! Introducing-Sally,-Rob-and-Eve

?

Eve

?

Sally Rob

4


Cryptography-&-Authen5ca5on-

! Cryptography-is-an-important-element-in-Authen5ca5on:-

! Passwords-

! When-you-login,-your-password-is-encrypted-and-checked-against-the-

encrypted-version-that-was-stored-when-your-account-was-set-up-

! Cer5ficates-

! Cer5ficates-can-be-issued-by-trusted-third-par5es-which-verify-that-you-are-

who-you-say-you-are-

! A-user-can-take-your-cer5ficate-and-check-with-the-issuer-that--the-cer5ficate-is-

valid-

! The-mechanism-by-which-this-is-achieved-will-be-discussed-later

5


Cryptography-&-Integrity-

! Encrypted-data-can-be-5ed-to-a-unique-key-or-‘digital-fingerprint’-that-will-not-

match-if-the-data-has-been-altered-since-the-key-was-made-

! Cryptographic-Hash/Checksum-Func5ons-

! Message-Digests-(e.g.-MD5)-

! Again,-more-on-this-later...

6


Terminology

! Sender-(S)-

! The-originator-of-a-message-

! Plaintext-(P)-

! The-clear-message-

! Encryp5on-/-Encode-/-Encipher-(E)-

! The-process-of-turning-the-plaintext-into-cipher,text

! Cipher-Text-(C)-

! The-encrypted-and-unreadable-message-

! Decryp5on-/-Decode-/-Decipher-(D)-

! The-process-of-turning-the-cipher,text,into-plaintext-

! Receiver-(R)-

! The-intended-recipient-of-the-message

Sally

Sender Plaintext Encryp5on

?

Cipher-Text Decryp5on

Rob

ReceiverPlaintext

7


Nota5on

! A-formal-nota5on-is-helpful-for-describing-the-processes-involved-in-

cryptography:-

! Plaintext:-P-=-<p1,-p

2,-p

3,....,-p

n>-

! e.g.-P-=-<s,e,c,r,e,t,s>-

! Cipher-Text:-C-=-<c1,-c

2,-c

3,....,-c

n>-

! e.g.-C-=--<t,f,d,s,f,u,t>-

! Encryp5on-Algorithm-/-Cipher:-E(P)-

! C-=-E(P),---<t,f,d,s,f,u,t>-=-E(<s,e,c,r,e,t,s>)-

! Decryp5on-Algorithm:-D(C)-

! P-=-D(C),-<s,e,c,r,e,t,s>-=-D(<t,f,d,s,f,u,t>)-

! Goal:-P-=-D(E(P))

8


-Symmetric-Encryp5on-&-Keys

! Encryp5on-methods-can-use-one-or-more-keys-(K)-to-adjust-the-opera5on-of-

the-encryp5on-algorithm-such-that-we-get-a-different-C-for-each-K.-

! C-=-E(K,P)-

! In-the-previous-example:-

! <t,f,d,s,f,u,t>-=-E(1,<s,e,c,r,e,t,s>),-K=1-

! <s,e,c,r,e,t,s>-=-E(0,<s,e,c,r,e,t,s>),-K=0-

! <r,d,b,q,d,s,r>-=-E(F1,<s,e,c,r,e,t,s>),-K=F1-

! This-uses-the-same-key-for-encryp5on-and-decryp5on-

! It-is-symmetric-since-C-=-E(K,P)-&-P-=-D(K,C)

9

! It-is-some5mes-useful-to-have-a-different-key-to-encrypt-a-message-compared-with-the-

one-needed-to-decrypt-it-

! C-=-E(K1,P),-P-=-D(K

2,C),-K

1--≠-K

2--

! Since-the-keys-are-not-the-same,-the-encryp5on-process-is-said-to-be-asymmetric-! This-process-enables-Rob-to-decrypt-a-message-with-a,private,key-that-only-he-knows-(K

2)-

having-given-Sally-a-public,key-(K1)-to-encrypt-the-original-message-

! Asymmetric-encryp5on-techniques-are-also-called-public/key-ciphers-since-one-of-the-keys-can-be-made-publicly-available-

! Even-if-Eve-the-eavesdropper-can-obtain-C-and-K1,-this-will-not-help-her-work-out-P-

! Asymmetric-encryp5on-can-be-computa5onally-intensive,-~-10,000-5mes-more-work-


Asymmetric-Encryp5on

Sally Rob

C-=-E(K1,P) P-=-D(K

2,C)

C PP

10


Ciphers

! Secret-messages-have-been-encrypted-for-millennia-

! Early-focus-was-on-transmission-of-secret-messages-(cipher-text)-and-their-subsequent-decoding,-whilst-

trying-to-prevent-eavesdroppers-from-decoding-them-–-cryptanalysis-

! Chinese,-Greeks,-Romans-

! Caesar-cipher:--<v,h,f,u,h,w,v>-=-E(3,<s,e,c,r,e,t,s>)-

! Relied-on-fact-that-most-people-couldn’t-read-

! Had-to-be-able-to-read-and-understand-concept-of-a-cipher-

! Two-common-approaches:-

! Subs5tu5on-Ciphers-

! Subs5tute-a-plain-text-character-for-a-cipher-text-character,-e.g.-Caesar-Cipher-

! Goal-is-to-confuse-cryptanalyst-by-hiding-paKerns-

! Transposi5on-Cipher-

! Rearrange-message-characters--

! Goal-is-to-diffuse

11


Subs5tu5on-Ciphers

! -Subs5tu5on-ciphers-work-by-replacing-each-plain-text-character-with-a-cipher-

text-character-in-a-systema5c-way-

! A-table-or-list-of-character-mappings-is-created-which-instructs-the-coder-on-

which-character-to-use-to-subs5tute-for-a-plain-text-character-

! Early-forms-of-subs5tu5on-cipher-would-always-replace-a-given-plain-text-character-

with-the-same-cipher-text-character-

! For-example,-in-the-Caesar-cipher,-an-‘s’-is-always-changed-to-a-‘v’-

! -<v,h,f,u,h,w,v>-=-E(<s,e,c,r,e,t,s>)-

! Even-if-your-subs5tu5on-table-is-more-irregular,-paKerns-can-be-determined-in-the-

cipher-text

12


Subs5tu5on-Cipher-–-Example

! Take-the-following-randomised-

subs5tu5on-table-and-the-plain-text:-

! the-cat-sat-on-the-mat-

! It-produces-a-cipher-text-of:-

! FTM-VSF-ASF-NX-FTM-RSF--

! What-do-you-no5ce-about-paKerns-in-the-

cipher-text?

P C P C

a S n X

b W o N

c V p J

d Q q E

e M r K

f Y s A

g B t F

h T u L

i P v Z

j U w D

k H x C

l I y G

m R z O

t h e c a t s a t o n t h e m a t

F T M V S F A S F N X F T M R S F

13


Subs5tu5on-Cipher-–-Book-Cipher

! Straight-subs5tu5on-ciphers-produce-regular-paKerns-in-the-cipher-text-which-

can-be-matched-to-frequently-occuring-words-or-leKers-

! A-‘book-cipher’-provides-a-stronger-form-of-subs55on-cipher-that-can-hide-

the-regular-paKerns-

! A-phrase-from-a-book-or-some-agreed-data-source-is-aligned-with-plain-text,-and-the-

following-cipher-text-derived:-

! cn-=-(p

n-+-b

n)-%-26-

! To-decipher-the-cipher-text,-we-reverse-the-process-

! pn-=-(c

n-–-b-+-26

n)-%-26

14


Book-Cipher-–-Encoding

Plain/text t h e c a t s a t o n t h e m a t

Book/Text a n y b o o k c a n p r o v i d e a k e y t

P# 19 7 4 2 0 19 18 0 19 14 13 19 7 4 12 0 19

B# 0 13 24 14 14 10 0 13 15 14 21 3 4 0 4 24 19

(B#/+/P#)%26 19 20 2 16 14 3 18 13 8 2 8 22 11 4 16 24 12

Cipher/text t u c q o d s n i c i w l e q y m

15


Book-Cipher-–-Decoding

Cipher/text t u c q o d s n i c i w l e q y m

Book/Text a n y b o o k c a n p r o v i d e a k e y t

C# 19 20 2 16 14 3 18 13 8 2 8 22 11 4 16 24 12

B# 0 13 24 14 14 10 0 13 15 14 21 3 4 0 4 24 19

(C#AB#+26)%26 19 7 4 2 0 19 18 0 19 14 13 19 7 4 12 0 19

Plain/text t h e c a t s a t o n t h e m a t

16


Transposi5on-/-Permuta5on-Ciphers

! Transposi5on-Ciphers-transpose-data-items-according-to-the-rules-of-the-

cipher-

! Aim-is-to-diffuse-message-in-cipher-such-that-no-obvious-structure-can-be-

determined-–-the-more-complex-the-cipher,-the-more-likely-this-is-to-occur-

! Common-transposi5on-ciphers-are-

! Route-Ciphers-

! Columnar-Ciphers

17


Transposi5on-F-Route-Ciphers

! A-route-cipher-lays-the-message-data-out-in-a-grid,-

then-traverses-it-in-a-specified-route-–-the-cipher-is-

the-route-to-take-

! A-reverse-route-does-not-take-long-to-solve...-

! <s,t,e,r,c,e,s>-=-E(<s,e,c,r,e,t,s>)-

! What-route-has-been-used-to-encode-the-message-on-

the-right-if-the-following-cipher-text-is-obtained?-

! xieeigreedhhhsleKlbhteonmrl

t h e r

e b e g

o l d i

n t h e

m t h e

r e h i

l l s x

18


Transposi5on-–-Columnar-Cipher

! Columnar-ciphers-are-specialised-forms-of-route-cipher-

where-we-read-columns-in-an-order-determined-from-a-key-

(SinC,-p55)-

! For-example,-to-encrypt-the-plain-text-‘there,be,gold’-with-the-key-‘shoe’-! Count-leKers-in-key-‘shoe’-–-4-! Arrange-leKers-in-4x4-grid,-padding-out-with-rarely-used-leKers-

! Label-columns-with-key-leKers-

! Read-off-grid-columns-in-alphabe5c-order-of-key-leKers-

! Column-‘e’-then-‘h’-then-‘o’-then-‘s’-

! Result:,relyh7g7eboxte7d

s h o e

t h e r

e F b e

F g o l

d F x y

19


Transposi5on-–-Columnar-Cipher

! To-extract-the-plain-text-from-the-cipher-text-‘relyh7g7eboxte7d’,-we-reverse-the-process:-

! Count-leKers-in-key-‘shoe’-–-4-! Create-a-4x4-grid-with-the-key-leKers-from-‘shoe’-as-column-headers-

! Put-the-first-four-leKers-in-the-cipher-text-in-column-‘e’,-the-next-four-in-

column-‘h’-and-so-on--

! Now-read-off-grid-rows-in-order-

! Result:-‘there,be,gold’-! Note-that-we-would-not-normally-use-‘F’-spacers,-it-just-makes-example-

easier-to-read-in-this-case-

! You-could-use-two-keys-to-give-different-column-and-row-dimensions-

! If-not,-it’s-easy-to-work-out-grid-dimensions-then-try-moving-columns-

about-un5l-you-get-sensible-words-to-appear-

! Repea5ng-process-on-first-stage-cipher-text-with-another-key-makes-it-

much-harder-to-break-but-also-longer-to-decipher

s h o e

t h e r

e F b e

F g o l

d F x y

20


AKacks-F-Cryptanalysis

! We-will-now-consider-cryptanalysis-–-the-process-of-breaking-ciphers-

! Methods:-

! Break-a-given-cipherFtext-to-decode-a-message-

! Recognise-a-general-paKern-allowing-all-messages-to-be-deciphered-

! Infer-meaning-by-no5ng-communica5on-paKerns-rather-than-content-

! Determine-the-key-and-algorithm,-thus-nega5ng-the-encryp5on-method-

! Determine-if-poor-use-is-made-of-encryp5on-method,--

! e.g.-repeated-use-of-a-one-5me-pad-or-repe55on-at-the-start-of-a-message-

! Find-mathema5cal--weaknesses-in-the-encryp5on-algorithm-and-exploit-them

21


Breakable-Encryp5on

! An-algorithm-is-theore9cally,breakable-if-! A-cryptanalyst-could-determine-cipher-text-given-sufficient-9me,and-data-by-working-through-all-the-op5ons-

and-checking-which-appear-valid-

! For-example-

! Consider-two-messages-encoded-using-only-lowercase-alphabe5c-characters-and-a-computer-able-to-

generate-each-poten5al-solu5on-at-the-rate-of-1,000,000-a-second-(106)-

! Message-one:-3-characters-long,-263-(17576)-possible-plaintext-equivalents-which-could-be-generated-

in-approximately-0.02-seconds-

! Message-two:-30-characters-long,-10-5mes-as-many-characters-but-2630--(2.8-x-1042)-permuta5ons-

which-would-take-us-2.8-x-1036-seconds-(8.92-x-1028-years)-to-generate-all-the-solu5ons-

! We-s5ll-need-to-check-each-paKern-to-see-if-it-makes-sense...-

! Would-a-faster-computer-help?-

! If-the-algorithm-is-suitably-hard,-it-is-prac9cally,unbreakable-

! A-cryptanalyst-will-try-to-avoid-breaking-the-algorithm-the-hard-way...

22


AKacks

! The-type-of-aKack-used-to-break-a-cipher-depends-upon-its-type:-

! Symmetric-

! Brute-force-–-see-previous-

! Look-for-paKerns--

! Asymmetric-

! Algorithm-is-frequently-known-

! The-challenge-is-to-determine-the-key-

! This-is-mathema5cally-challenging-–-see-Chapter-12,-SiC

23


Looking-for-PaKerns

! Given-sufficient-cipher-text,-a-straight-subs5tu5on-cipher-is-easy-to-break-

! Look-for-frequent-paKerns-that-can-be-matched-to-common-language-traits-

! The-longer-the-text,-the-more-likely-these-frequencies-will-match-

! LeKers-(Source-F-Oxford-English-Dic5onary),-columns-are-leKer,-frequency,-distribu5on-

rela5ve-to-Q-(e.g.-E-occurs-56.88-5mes-more-than-Q).

E// 11.16% 56.88 C/ 4.54% 23.13 Y/ 1.78% 9.06

A/ 8.5% 43.31 U/ 3.63% 18.51 W/ 1.29% 6.57

R/ 7.58% 38.64 D/ 3.38% 17.25 K/ 1.1% 5.61

I/ 7.54% 38.45 P/ 3.17% 16.14 V/ 1.01% 5.13

O/ 7.16% 36.51 M// 3.01% 15.36 X/ 0.29% 1.48

T/ 6.95% 35.43 H/ 3% 15.31 Z/ 0.27% 1.39

N/ 6.65% 33.92 G/ 2.47% 12.59 J/ 0.2% 1

S/ 5.74% 29.23 B/ 2.07% 10.56 Q/ 0.2% 1

L/ 5.49% 27.98 F/ 1.81% 9.24

24


Looking-for-PaKerns-F-Words

! Certain-words-are-more-frequent-than-others-

! the,-is-

! of,-and,-a,-in,-that,-have,-I,-it,-for,-be,-not,-with,-he,-as-

! do,-at,-this-

! his,-by,-from-

! her,-say---

! Source-F-Oxford-English-Dic5onary-

! If-certain-paKerns-occur-in-the-cipher-text-according-to-the-above-ranking,-a-cryptanalyst-can-try-a-small-subset-

of-subs5tu5ons-to-see-if-they-make-sense-

! Once-certain-word-and-leKer-subs5tu5ons-are-worked-out,-they-can-be-‘crossed-off’-the-check-list,-thus-

reducing-the-search-space-

! Once-matches-are-made,-they-provide-clues-to-the-likely-subs5tu5on-algorithm-

! One-5me-pads-and-book-ciphers-remove-the-regularity-and-are-much-harder-to-break

25


Making-Ciphers-F-Shannon’s-Rules

! Claude-Shannon-proposed-some--key-features-of-good-ciphers-

! Required-secrecy-should-determine-effort-involved-in-encryp5on/decryp5on-

! Depending-upon-context,-a-simple-cipher-may-be-more-relevant-than-a-5me-

consuming-and-complex-one-

! The-set-of-possible-keys-should-be-simple-and-rela5vely-unrestricted-

! The-key-should-not-have-to-be-carefully-chosen-to-work-with-the-cipher-text-

! The-implementa5on-of-the-encryp5on-algorithm-should-be-as-simple-as-is-

prac5cable

26


Making-Ciphers-F-Shannon’s-Rules

! Errors-introduced-in-the-cipher-process-should-not-propagate-and-corrupt-the-rest-

of-the-message-

! The-size-of-the-cipher-text-should-not-be-larger-than-the-plaintext-

! A-larger-cipher-text-does-not-convey-any-further-informa5on-

! The-more-cipher-text,-the-more-data-available-to-the-cryptanalyst-

!! The-advent-of-powerful-computers/grids-has-negated-some-of-these-issues-but-

there-are-cases-where-they-remain-relevant

27


Making-Ciphers-F-Stream-&-Block-Ciphers

! There-are-two-common-form-of-ciphers-:-stream-and-block--

! Stream-Ciphers-

! Encipher-plainFtext-one-character-at-a-5me-as-it-is-received-F-e.g.-subs5tu5on-cipher-

! Does-not-require-complete-message-before-encryp5on-process-can-begin-

! Useful-for-telecommunica5ons-where-‘stream’-of-data-is-sent-

! Block-Ciphers-

! Block-ciphers-encipher-blocks-of-plain-text-at-a-5me-F-e.g.-route-cipher-

! Requires-data-to-be-collated-together-in-chunks-

! Some-block-ciphers-require-complete-message-before-encryp5on-can-proceed-

! Block-ciphers-can-make-it-harder-to-break-a-cipher-since-paKerns-in-plain-text-are-lost-

28


Making-Ciphers-F-Confusing-versus-Diffusing

! Encryp5on-algorithms-aim-to-confuse-a-cryptanalyst-and-diffuse-the-plaintext-informa5on-

throughout-the-cipher-text-

! Confusion-

! Changing-one-plain-text-leKer-should-not-enable-a-cryptanalyst-to-determine-the-effect-on-the-cipher-text-

! Straight-subs5tu5on-ciphers-are-not-confusing-F-an-immediate-one-to-one-rela5onship-is-evident-

! OneF5me-pads/book-ciphers-will-confuse-since-there-is-not-a-one-to-one-rela5onship-between-plaintext-

characters-and-their-eventual-cipher-text-equivalent-

! Diffusion-

! Diffusion-aims-to-spread-the-plaintext-informa5on-throughout-the-cipher-text-such-that-adjacency-paKerns-

are-not-obvious-(or-present)-

! The-more-diffusion-created-by-the-cipher,-the-more-of-the-cipher-text-that-will-be-needed-to-break-it

29


Stream-vs-Block-:-Confusion-&-Diffusion

Stream Block

AdvantagesSpeed-

Low-error-propaga5onStrong-diffusion

Disadvantages Weak/No-diffusion

Rela5vely-slow-

Suscep5ble-to-error-

propaga5on

30


Using-Encryp5on-Algorithms

! Commercial-Encryp5on-

! Hash-Func5ons-

! Key-Exchange-

! Digital-Signatures-

! Cer5ficates-

! Trust

31


Commercial-Encryp5on

! Commercial-grade-encryp5on-systems-should:-

! Be-derived-from-solid-mathema5cal-principles-

! Analysed-and-tested-by-experts-–-peer-reviewed-

! Withstand-repeated-real-world-use-

! You-don’t-want-to-be-the-‘enthusias5c-adopter’-when-security-is-at-stake-

! Commercial-/-government-approaches-to-security-tend-to-be-very-conserva5ve-

! Current-‘commercial-grade’-encryp5on-algorithms-

! DES-–-Data-Encryp5on-Standard-

! RSA-–-RivestFShamirFAdelman-

! AES-–-Advanced-Encryp5on-Standard

32


Data-Encryp5on-Standard--F-DES

! DES-F-Symmetric-key-cipher-(private-key)-

! Method-

! Applies-16-itera5ons-of-subs5tu5on-and-diffusion-

! Uses-standard-arithme5c-and-logical-operators-

! Plaintext-can-be-values-requiring--up-to-64-bits--to-encode-them-

! Suitable-for-opera5on-on-a-standard-PC-or-chip-

! Effec5vely-weak-56-bit-key-

! See-SiC,-p68F72-&-p733F748

33


RivestFShamirFAdelman--F-RSA

! RSA-F-Asymmetric-cipher,-public-&-private-keys-

! Designed-by-Ron-Rivest,-Adi-Shamir-and-Leonard-Adleman-

! Published-in-1978,-s5ll-regarded-as-secure-despite-many-aKempts-to-break-it-

! P-=-E(D(P,K1),K2)-=-D(E(P,K2),K1)-F-either-key-can-be-used-as-public-or-private-key-

! Plaintext-block-P-is-encoded-

! C-=-E(P)-=-Pe-mod-n--

! P-=-D(C)-=-(Pe)d-mod-n-

! e-and-d-are-the-keys-

! The-trick-is-working-out-d,given-e,

! U5lises-factoring-of-large-prime-numbers-to-prevent-cracking-

34


Advanced-Encryp5on-Standard--F-AES

! AES-F-Symmetric-(private-key)-

! Fast-

! Subs5tu5on-and-Transposi5on-

! Repeat-cycles-of-10,12,14-

! Key-length-of-128,192-&-256-bits-

! Algorithm-permits-extension-to-more-cycles-and-larger-keys-

! Cycle-steps-

! 128-bit-blocks-use-8-bit-subs5tu5ons-F-diffuses-data-

! Logical-shi{-F-creates-a-transposi5on-

! Shi{-and-Exclusive-Or-F-adds-both-confusion-and-diffusion-

! Add-sub-key-element-F-adds-confusion-and-introduces-key-binding-

! See-SiC,-p72F75-and-p748F754

35


Cryptographic-Hash-Func5ons-

! It-was-previously-noted-that-encrypted-data-

can-be-5ed-to-a-unique-‘seal’-or-checksum-

! This-seal-will-not-match-if-the-data-has-been-

altered,since-the-key-was-made-–--

1. Sally-generates-a-checksum-which-uniquely-

iden5fies-data-

2. She-sends-the-data-and-its-checksum-

3. Rob-can-check-that-the-received-data-

generates-the--same-checksum-that-Sally-

sent-

4. If-Eve-wants-to-alter-the-data,-she-would-

need-to-make-sure-it-generated-the-same-

checksum-that-Sally-published-

5. If-the-data-has-been-altered,-integrity-is-lost-

and-the-checksums-will-not-match

5

Eve4

Rob

3

Sally

1

2

36


Cryptographic-Hash-Func5ons

! Hash-/-checksum-func5ons-are-based-on-oneFway-func5ons-

! One-way-func5ons-are-easy-to-compute-in-one-direc5on-but-not-in-their-inverse-direc5on-

! Consider-y=x3,-if-x=2,-y=?-

! If-you-knew-that-y=27,-what-is-x?-

! A-one-way-hash-of-a-message-is-quickly-computed-and-provides-a-‘seal’-for-the-message-

! Because-it-is-very-difficult-to-work-back-the-way,-it-is-extremely-hard-to-work-out-how-to-adjust-the-message-and-s5ll-get-the-

same-‘seal’-

! DES-and-AES-allow-for-the-addi5on-of-this-checksum-to-the-end-of-the-encrypted-message-

! Not-only-is-the-message-encrypted,-it-also-has-a-check-at-the-end-to-indicate-whether-it-has-been-tampered-with-

! Message-Digest-5-(MD5)-and-Secure-Hash-Algorithm-(SHA)-are-popular-cryptographic-hash-func5ons-

! MD5-produces-a-128-bit-signature-or-digest-for-any-given-message-

! SHA-produces-a-160-bit-digest-

! MD5-is-regarded-as-rela5vely-weak-and-can-be-cracked-given-sufficient-5me-and-compu5ng-power-

37


Public-Key-Encryp5on-&-Key-Exchange

! Asymmetric-keys-enable-a-receiver-R-to-ask-a-sender-S-to-send-a-message-that-

only-R-is-able-to-decode,-even-though-R-has-published-an-encryp5on-key-

! What-if-you-wish-to-establish-a-trusted-two-way-communica5on-process?-

! You-want-to-communicate-but-want-to-guarantee-messages-are-coming-from-the-

correct-person-

! e.g.-secure-web-site,-secure-emails,-secure-networking-

! We-cannot-use-a-symmetric-key-approach-since-it-would-involve-publishing-this-

private-key-in-order-for-communica5on-to-occur-

! We-need-two-sets-of-public-and-private-keys-

! SkFpriv,-SkFpub,-RkFpriv,-RkFpub-

38


Key-Exchange-F-Process

! S-uses-private-key-SkFpriv--to-encrypt-plaintext-message-P,-producing-cipher-text-CS--

! CS-can-be-only-be-decrypted-with-S’s-public-key-(SkFpub),-proving-S-sent-P-

! S-encrypts-CS-with-R’s-public-key-RkFpub-to-produce-a-double-encrypted-cipher-text-message-CSR--

! Only-R-can-decrypt-CSR-since-R’s-private-key-(RkFpriv)-is-the-only-way-it-can-be-unlocked-

! S-sends-CSR-to-the-receiver-R-F-this-message-is-secure-since-only-R-can-decrypt-it-

! R-uses-own-private-key-(RkFpriv)to-decrypt-CSR-into-CS--F-note-CS-is-s5ll-encrypted-

! R-then-uses-S’s-public-key-SkFpub-to-decrypt-CS-to-produce-P-

! This-achieves-secure-communica5on-via-CSR-and-authen5ca5on-since-only-S-could-create-CS-and-only-R-

can-open-CSR--

! h=ps-uses-this-approach-to-enable-communica5on-between-a-secure-web-site-and-a-browser

39


Digital-Signatures

! Digital-Signatures-are-used-to-determine-that-a-par5cular-person/company-sent-a-

message.-Digital-signatures-need-to-be:-

! Unique-

! It-should-not-be-possible-to-forge-someone-else’s-signature-

! Authen5c--

! The-sender-S-should-be-the-only-en5ty-able-to-send-a-given-signed-message-

! Immutable-

! It-should-not-be-possible-for-the-sender-S-or-the-receiver-R-to-change-the-message-once-it-is-

signed-

! Finite-

! The-sender-should-not-be-able-send-the-same-message-again-(e.g.-try-to-cash-a-digital-check-

twice).

40


Digital-Signatures-F-Method

! Asymmetric-Digital-Signatures-rely-on-the-fact-that-algorithms-such-as-RSA-are-

commuta5ve-

! P-=-E(E(P,K1),K2)-=-E(E(P,K2),K1)-

! Process-

! S-sends-a-cipher-text-version-of-a-message-P-such-that-C-=-E(P,KsFpriv)-

! R-performs-the-opera5on-P-=-E(C,KsFpub)-

! This-is-equivalent-to--E(E(P,KsFpriv),KsFpub)-

! If-this-opera5on-does-not-work-(the-retrieved-P-is-nonsense),-then-the-signing-of-the-

message-by-S-is-not-valid-since-the-commuta5ve-rela5onship-did-not-hold

41


Digital-Signatures-F-Checklist

! Unique-

! For-any-given-message-P-and-private-key-KsFpriv,-there-should-only-be-one-unique-C-

! Authen5c--

! Only-S-is-able-to-‘sign’-the-message-with-their-private-key-to-create-this-matching-rela5onship--C-=-E(P,KsFpriv)--

! Immutable-

! Since-any-change-to-P-would-break-the-rela5onship-with-the-recorded-cipher-text-C,-the-recorded-message-P-

cannot-be-changed-by-either-party-otherwise-a-different-C-would-be-produced-

! Finite-

! If-S-tries-to-send-C-again,-R-can-check-it-against-their-records-and-show-that-it-has-already-been-received-

! S-cannot-deny-this-since-they-are-the-only-one-able-to-generate-the-message-that-R-has-on-record

42


Cer5fica5on-of-Digital-Signature

! Developer-

! Generates-there-own-public/private-key-pair-

! Creates-a-Cer5ficate-Signing-Request-(CSR)-containing-ID-and-public-key-

! Private-key-used-to-sign-request-

! Sends-CSR-to-Cer5ficate-Authority-(CA)-

! Cer5ficate-Authority-

! Checks-integrity-of-CSR-

! Checks-authen5city-of-CSR-ID-

! CA-creates-a-cer5ficate-containing-iden5ty-and-signed-via-CA-private-key-

! CS-public-key-is-available-allowing-CA-signature-to-be-checked-via-decryp5on

43


Cer5fica5on-Process

! Developer-publishes-an-applica5on-(e.g.-web-or-PDA-app)-

! Signs-it-with-their-private-key-and-provides-CA-signed-cer5ficate-as-verifica5on-

! The-developer’s-public-key-verifies-the-app,-the-CA’s-public-key-decrypts-the-

cer5ficate-and-indicates-that-the-developer’s-iden5ty-is-valid

44


Cer5ficates-&-Cer5ficate-Authori5es

! Digital-cer5ficates-are-used-to-enable-trust-to-

be-established-between-two-par5es-who-

have-never-met-but-wish-to-exchange-

informa5on-securely-

! Principle-is-based-on-a-a-hierarchy-of-trusted-

third-par5es-or-‘Cer5ficate-Authori5es’-

! Each-party-uses-the-authority-above-them-to-

determine-if-they-can-trust-the-other-

! The-requests-are-traced-up-the-tree-un5l-a-

common-trusted-connec5on-is-found-(or-not)-

! For-example,-A-establishes-trust-between-C-&-E

A

B D

C E

45


Cer5ficates-F-Process

! The-actual-process-works-in-reverse,-where-each-parent-node-in-the-tree-vouches-for-the-node-directly-

below-it-

! Each-node-collects-a-cer5ficate-chain-for-all-the-nodes-above-it-

! If-trust-needs-to-be-established,-two-people-can-check-their-cer5ficate-list-to-determine-if-there-is-a-common,-trusted-

connec5on-

! Once-the-common-link-is-found,-the-rest-of-the-chain-can-be-crossFchecked-to-ensure-it-matches-all-the-way-to-the-top-

! For-any-given-en5ty-in-the-chain-

! Their-public-key-and-iden5ty-are-combined-in-a-cer5ficate-which-is-then-digitally-signed-by-the-authority-above-them-

and-passed-up-to-the-next-parent-authority-and-signed-again-

! The-final-cer5ficate-is-composed-of-all-the-appended-cer5ficates-of-the-parent-authori5es-plus-the-original-cer5ficate-

! Just-one-problem-F-who-vouches-for-the-authority-at-the-top-given-the-internet-is-a-distributed-organisa5on-

! Mul5ple-tops!

46


• Using-Encryp5on-

•Commercial-Encryp5on-

•Cryptographic-Hash-Func5ons-

•Public-Key-Encryp5on-

•Digital-Signatures-

•Cer5ficates

Summary

! Symmetric-&-Asymmetric-Encryp5on-

! Cryptographic-Algorithms-

! Cryptographic-AKacks-

! Crea5ng-Encryp5on-Algorithms

47


Further-Reading

! Security-in-Compu5ng,-Chapters-2-&-12-

! The-Code-Book,-Simon-Singh

48

Cryptography - cs.stir.ac.uk · Computer-Security-&-Forensics Autumn-2014 Cryptography...

Documents

Transcript of Cryptography - cs.stir.ac.uk · Computer-Security-&-Forensics Autumn-2014 Cryptography...