Fundamentals of Cryptography

Credera is a full-service management and

technology consulting firm. Our clients range

from Fortune 1,000 companies to emerging

industry leaders. We provide expert, objective

advice to help solve complex business and

technology challenges.

Dallas Office15303 Dallas ParkwaySuite 300Addison, TX 75001

972.692.0010 Phone972.692.0019 Fax

Denver Office5445 DTC ParkwaySuite 1040Greenwood Village, CO 80111

303.623.1344 Phone303.484.4577 Fax

Houston Office800 Town & Country BlvdSuite 300Houston, TX 77024

713.496.0711 Phone713.401.9650 Fax

Austin Office9020 N Capital of Texas HwySuite 345Austin, TX 78759

512.327.1112 Phone512.233.0844 Fax

Discussion document – Strictly Confidential & Proprietary

Dallas, TX

March 12, 2013

John Lutteringer

Fundamentals of Cryptography

04/12/2023

Dallas Web Security Group

3

Agenda …

Tonight we will overview some cryptography principles, and how symmetric and asymmetric approaches address them

• What is Cryptography?

– Definition

– Four basic principles

• How do we get these principles?

– Two methods

• Symmetric Key Cryptography

– Diffie-Hellman key exchange

– Limitations

• Asymmetric Key Cryptography

– Satisfying cryptographic principles

– RSA keygen algorithm

• Q&A

04/12/2023


4

Introduction

04/12/2023


5

Introduction …

John Lutteringer

John Lutteringer

John Lutteringer is a Consultant in the Custom Java practice at Credera. John graduated from Baylor University with a BS in Computer Science – Software Engineering and a minor in Mathematics. His technical skills include a focus on predominately open source web technologies with Java + Spring MVC as the most familiar. Additionally, John is familiar with relevant technologies like HTML and CSS, Javascript, SQL, and also agile development methodologies, software development life cycle, software design, and design patterns.

John’s background in web security comes from a combination of personal study and schooling along with a passion for learning about new technologies.

04/12/2023


6

What is Cryptography?

04/12/2023


7

Cryptography focuses on one major problem – How do we establish communication secure from third parties?

Definition• The science or study of the techniques of secret writing, especially code and cipher systems,

methods, and the like

The Perfect Cryptographic System• What should it do?

– Provide secure communication

– Anything else??

• What other characteristics should it have?

– Hard or impossible to decrypt

– Simple to understand/implement

– Fast

– Versatile in terms of medium (internet, paper messages, radio, etc.)

– Deterministic

– Variable

– Walks your dog

What is Cryptography? …

04/12/2023


8


Four basic principles

• Encryption

– How do we convert data into some unreadable form?

• Authentication

– How can I prove you are who you say you are?

• Integrity

– How can I be sure the message you sent hasn’t been modified?

• Non Repudiation

– How can I prove that the message was sent by you, even if you deny it?

04/12/2023


9


Encryption – How do we convert data into some unreadable form?

• The sender and receiver share some “secret” that they only know. This secret is then used to encrypt and decrypt messages so that intercepted messages are unreadable.

• What do we want?

– Has to be hard or impossible to decrypt (computationally intractable)

– Has to be hard to decrypt even if the attacker has access to an unlimited number of plaintext and its corresponding ciphertext

– Need some way to distribute our secret key without a secure channel (key distribution problem)

04/12/2023


10


Authentication – How can I prove you are who you say you are?

• Why do we need this?

– Internet is inherently anonymous

– Trust is a problem

– What if a trusted source has been compromised? How do we know?

04/12/2023


11


Integrity – How can I be sure the message you sent hasn’t been modified?


– The internet is essentially a series of handoffs between routers

– Even if the endpoints are secure, and intermediary router could be compromised

– Possible to modify encrypted text even if an attacker can’t understand it

04/12/2023


12


Non Repudiation – How can I prove the message was sent by you, even if you deny it?


– Legal reasons

– Digital signatures

– Accountability

04/12/2023


13

How do we get these principles?

04/12/2023


14

How do we get these principles? …

Two predominate methods

• Symmetric Key Cryptography

– “Familiar” approach

– Sender and receiver share a secret key and use that secret key to encrypt and decrypt messages

• Asymmetric Key Cryptography (Public Key Cryptography)

– Pairs of keys - each entity as a public key, which is shared to everyone, and a private key, which is shared to no one

– Any message encrypted with a public key can be decrypted with a private key and vice versa, but an encrypted message cannot be decrypted by the same key that encrypted it as in symmetric key encryption

• In practice, the methods are typically used together as a way to play off the advantages of each

– RSA/IDEA

– DSA/BLOWFISH

04/12/2023


15

Symmetric Key Cryptography

04/12/2023


16

Symmetric Key Cryptography …

Symmetric Key Cryptography

• Principles satisfied

– Encryption - Yes!

– Authentication - ???

– Integrity - ???

– Non repudiation - ???

• Advantages

– Fast

– Conceptually simple to understand

• Disadvantages

– How do we distribute keys?

Hardcode keys?

Some other way??

– Can we satisfy our four baseline principles?

04/12/2023


17


Solving the key distribution problem - Diffie-Hellman key exhange

• The algorithm relies on the mathematical identity:

– (ga)b mod p = (gb mod p)a mod p

04/12/2023


18



AliceKnows: a = 6

EveBob

Knows: b = 15

Computes secret integer a = 6

Computes secret integer b = 15

04/12/2023


19



AliceKnows: a = 6p = 23g = 5

EveKnows:p = 23g = 5

BobKnows: b = 15p = 23g = 5

Sends prime number p = 23 and

base g = 5Recieves p and gIntercepts p and g

04/12/2023


20



AliceKnows: a = 6p = 23g = 5A = 8

EveKnows:p = 23g = 5

BobKnows: b = 15p = 23g = 5B = 19

Calculates A = ga mod p

A = 8

Calculates B = gb mod p

B = 19

04/12/2023


21



AliceKnows: a = 6p = 23g = 5A = 8

EveKnows:p = 23g = 5A = 8

BobKnows: b = 15p = 23g = 5B = 19A = 8

Sends A Recieves AIntercepts A

04/12/2023


22



AliceKnows: a = 6p = 23g = 5A = 8B = 19

EveKnows:p = 23g = 5A = 8B = 19

BobKnows: b = 15p = 23g = 5B = 19A = 8

Receives B Sends BIntercepts B

04/12/2023


23



AliceKnows: a = 6p = 23g = 5A = 8B = 19s = 2

EveKnows:p = 23g = 5A = 8B = 19s = ???

BobKnows: b = 15p = 23g = 5B = 19A = 8s = 2

Computes s = Ba mod p

s = 2

Computess = Ab mod p

s = 2

We know Ba mod p = Ab mod p = (ga)b mod p from our identity:

(ga)b mod p = (gb mod p)a mod p

04/12/2023


24


What about our four principles?

• Now we know we can distribute symmetric keys over an unsecure network to establish a secure channel, can we also use symmetric keys to get our four desired properties?

• Encryption – This one is easy!

– Alice sends message M to Bob encrypted with their shared key s: Es(M)

– Bob decrypts Alice’s message with the shared key: Ds(Es(M)) = M

• Authentication

– Since the keys are temporary, there’s no good way to establish authenticity baked into the cryptographic system

– Authentication is not possible through symmetric key encryption, at least not without using some mechanism external to the cryptographic method itself

04/12/2023


25


What about our four principles?

• Integrity

– Alice sends encrypted message M to Bob Es(M) along with its encrypted hash Es(H(M))

– Bob decrypts Alice’s message Ds(Es(M)) = M and the hash Ds(Es(H(M))) = H(M)

– Bob hashes Alices message H(M) and compares it to the hash Alice sent, if the hashes are equal, then we can be confident that integrity holds

• Non repudiation

– Much like authentication, without permanent keys trust cannot be established, so this is not possible without some external mechanism

04/12/2023


26

Asymmetric Key Cryptography

04/12/2023


27

Asymmetric Key Cryptography …

Asymmetric Key Cryptography

• In asymmetric key cryptography, each party has two keys, a public key and a private keys

• The public key is shared to the world, and the private key is kept private

• The keys are generated in such a way that any message encrypted by the public key in the pair can only be decrypted by the private key, and vice versa

• Advantages

– Symmetric Key Cryptography only satisfied two of our four principles. We can do better!

– Key distribution isn’t a problem. We want everyone to see our public key!

• Disadvantages

– Slow, at least compared against symmetric key cryptography

– Non intuitive

04/12/2023


28


Encryption - Can we satisfy our four basic principles?

AlicePublic Key: ApubPrivate Key: Apriv

BobPublic Key: BpubPrivate Key: Bpriv

Wants to send Bob an

encrypted message

Sends Bob a message M encrypted with Bob’s public keyEBpub(M)

Decrypts Alice’s message with his private key

DBpriv(EBpub(M)) = M

04/12/2023


29


Authentication - Can we satisfy our four basic principles?



Sends Bob an encrypted messageEBpub(M)

“signed” with her private key to get

EApriv(EBpub(M))

Wants to validate Alice’s

identity

Decrypts message with Alice’s public key

DApub(EApriv(EBpub(M))) = EBpub(M))

Then, decrypts with private key


04/12/2023


30


Integrity - Can we satisfy our four basic principles?



Wants to know Alice’s message

hasn’t been modified

Sends Bob an encrypted messageEBpub(Mo)

and the hash of that

message, encrypted

EBpub(H(Mo))

Decrypts message DBpriv(EBpub(Mr)) = Mr

Decrypts hashDBpriv(EBpub(H(Mo))) = H(Mo)Verify integrity by hashing

received messageH(Mr) = H(Mo)

04/12/2023


31


Non Repudiation - Can we satisfy our four basic principles?



Sends Bob an encrypted messageEBpub(M)

“signed” with her private key to get

EApriv(EBpub(M))

Wants to validate Alice’s

identity

Decrypts message with Alice’s public key

DApub(EApriv(EBpub(M))) = EBpub(M))

Then, decrypts with private key


04/12/2023


32


How does asymmetric key cryptography work?

• Asymmetric key cryptography works in a similar manner to symmetric key cryptography except that the keys are generated in a special manner that allows them to decrypt only messages encrypted by the other key in the pair

• While there are many ways to do this, the most common algorithm is known as the RSA keygen algorithm

• RSA Algorithm:

1. Choose two distinct prime numbers p and q

2. Compute n = pq

3. Compute φ(n) = (p – 1)(q – 1) where φ is Euler’s totient function

4. Chose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 (e and φ(n) are coprime)

5. Solve for d given de ≡ 1 (mod φ(n))

6. Compute keys:

Public key: (n, e); To encrypt: C ≡ Me (mod n)

Private key (n, d); To decrypt: M ≡ Ce (mod n)

04/12/2023


33


RSA key generation algorithm

1. Choose two distinct prime numbers p and q

p = 61

q = 53

04/12/2023


34



p = 61

q = 53

2. Compute n = pq

n = (61)(53) = 3233

04/12/2023


35



p = 61

q = 53

n = 3233

3. Compute the totient of the product (pq) as (p - 1)(q - 1)

φ(3233) = (61 - 1)(53 - 1) = 3120

04/12/2023


36



p = 61

q = 53

n = 3233

φ(n) = 3120

4. Choose and number 1 < e < φ(n) that is coprime to φ(n)

Picking this number could be hard, but if we choose a prime number, then we just have to make sure that 3120 isn’t divisible by it

So lets choose e = 17

04/12/2023


37



p = 61

q = 53

n = 3233

φ(n) = 3120

e = 17

5. Solve for d given de ≡ 1 (mod φ(n))

This is a different way to write the modular multiplicative inverse of e (mod φ(n))

d(17) ≡ 1 (mod 3120)

d = 2753

(17 * 2753 = 46801 which has remainder 1 when divided by 3120)

04/12/2023


38



p = 61

q = 53

n = 3233

φ(n) = 3120

e = 17

d = 2753

• To encrypt, our public key is (n = 3233, e = 17) with function

C ≡ Me (mod n)

Lets say M = 65

C ≡ 6517 (mod 3233)

C = 2790

04/12/2023


39



p = 61

q = 53

n = 3233

φ(n) = 3120

e = 17

d = 2753

C = 2790

• To decrypt, our private key is (n = 3233, d = 2753) with function

M ≡ Cd (mod n)

M ≡ 2790 2753 (mod 3233)

M = 65

04/12/2023


40

Credits

04/12/2023


41

Credits …

Credits

• Credera

• http://dictionary.reference.com/browse/cryptography

• http://www.thegeekstuff.com/2012/07/cryptography-basics/

• http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html

• All of Wikipedia

• http://mathworld.wolfram.com

http://dictionary.reference.com/browse/cryptography

http://dictionary.reference.com/browse/cryptography

http://www.thegeekstuff.com/2012/07/cryptography-basics/

http://www.thegeekstuff.com/2012/07/cryptography-basics/

http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html

http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html

http://mathworld.wolfram.com/

http://mathworld.wolfram.com/

04/12/2023


42

Q&A

Fundamentals of Cryptography

Technology

Transcript of Fundamentals of Cryptography