Credera is a full-service management and
technology consulting firm. Our clients range
from Fortune 1,000 companies to emerging
industry leaders. We provide expert, objective
advice to help solve complex business and
technology challenges.
Dallas Office15303 Dallas ParkwaySuite 300Addison, TX 75001
972.692.0010 Phone972.692.0019 Fax
Denver Office5445 DTC ParkwaySuite 1040Greenwood Village, CO 80111
303.623.1344 Phone303.484.4577 Fax
Houston Office800 Town & Country BlvdSuite 300Houston, TX 77024
713.496.0711 Phone713.401.9650 Fax
Austin Office9020 N Capital of Texas HwySuite 345Austin, TX 78759
512.327.1112 Phone512.233.0844 Fax
Discussion document – Strictly Confidential & Proprietary
Dallas, TX
March 12, 2013
John Lutteringer
Fundamentals of Cryptography
04/12/2023
Dallas Web Security Group
3
Agenda …
Tonight we will overview some cryptography principles, and how symmetric and asymmetric approaches address them
• What is Cryptography?
– Definition
– Four basic principles
• How do we get these principles?
– Two methods
• Symmetric Key Cryptography
– Diffie-Hellman key exchange
– Limitations
• Asymmetric Key Cryptography
– Satisfying cryptographic principles
– RSA keygen algorithm
• Q&A
04/12/2023
Dallas Web Security Group
4
Introduction
04/12/2023
Dallas Web Security Group
5
Introduction …
John Lutteringer
John Lutteringer
John Lutteringer is a Consultant in the Custom Java practice at Credera. John graduated from Baylor University with a BS in Computer Science – Software Engineering and a minor in Mathematics. His technical skills include a focus on predominately open source web technologies with Java + Spring MVC as the most familiar. Additionally, John is familiar with relevant technologies like HTML and CSS, Javascript, SQL, and also agile development methodologies, software development life cycle, software design, and design patterns.
John’s background in web security comes from a combination of personal study and schooling along with a passion for learning about new technologies.
04/12/2023
Dallas Web Security Group
6
What is Cryptography?
04/12/2023
Dallas Web Security Group
7
Cryptography focuses on one major problem – How do we establish communication secure from third parties?
Definition• The science or study of the techniques of secret writing, especially code and cipher systems,
methods, and the like
The Perfect Cryptographic System• What should it do?
– Provide secure communication
– Anything else??
• What other characteristics should it have?
– Hard or impossible to decrypt
– Simple to understand/implement
– Fast
– Versatile in terms of medium (internet, paper messages, radio, etc.)
– Deterministic
– Variable
– Walks your dog
What is Cryptography? …
04/12/2023
Dallas Web Security Group
8
What is Cryptography? …
Four basic principles
• Encryption
– How do we convert data into some unreadable form?
• Authentication
– How can I prove you are who you say you are?
• Integrity
– How can I be sure the message you sent hasn’t been modified?
• Non Repudiation
– How can I prove that the message was sent by you, even if you deny it?
04/12/2023
Dallas Web Security Group
9
What is Cryptography? …
Encryption – How do we convert data into some unreadable form?
• The sender and receiver share some “secret” that they only know. This secret is then used to encrypt and decrypt messages so that intercepted messages are unreadable.
• What do we want?
– Has to be hard or impossible to decrypt (computationally intractable)
– Has to be hard to decrypt even if the attacker has access to an unlimited number of plaintext and its corresponding ciphertext
– Need some way to distribute our secret key without a secure channel (key distribution problem)
04/12/2023
Dallas Web Security Group
10
What is Cryptography? …
Authentication – How can I prove you are who you say you are?
• Why do we need this?
– Internet is inherently anonymous
– Trust is a problem
– What if a trusted source has been compromised? How do we know?
04/12/2023
Dallas Web Security Group
11
What is Cryptography? …
Integrity – How can I be sure the message you sent hasn’t been modified?
• Why do we need this?
– The internet is essentially a series of handoffs between routers
– Even if the endpoints are secure, and intermediary router could be compromised
– Possible to modify encrypted text even if an attacker can’t understand it
04/12/2023
Dallas Web Security Group
12
What is Cryptography? …
Non Repudiation – How can I prove the message was sent by you, even if you deny it?
• Why do we need this?
– Legal reasons
– Digital signatures
– Accountability
04/12/2023
Dallas Web Security Group
13
How do we get these principles?
04/12/2023
Dallas Web Security Group
14
How do we get these principles? …
Two predominate methods
• Symmetric Key Cryptography
– “Familiar” approach
– Sender and receiver share a secret key and use that secret key to encrypt and decrypt messages
• Asymmetric Key Cryptography (Public Key Cryptography)
– Pairs of keys - each entity as a public key, which is shared to everyone, and a private key, which is shared to no one
– Any message encrypted with a public key can be decrypted with a private key and vice versa, but an encrypted message cannot be decrypted by the same key that encrypted it as in symmetric key encryption
• In practice, the methods are typically used together as a way to play off the advantages of each
– RSA/IDEA
– DSA/BLOWFISH
04/12/2023
Dallas Web Security Group
15
Symmetric Key Cryptography
04/12/2023
Dallas Web Security Group
16
Symmetric Key Cryptography …
Symmetric Key Cryptography
• Principles satisfied
– Encryption - Yes!
– Authentication - ???
– Integrity - ???
– Non repudiation - ???
• Advantages
– Fast
– Conceptually simple to understand
• Disadvantages
– How do we distribute keys?
Hardcode keys?
Some other way??
– Can we satisfy our four baseline principles?
04/12/2023
Dallas Web Security Group
17
Symmetric Key Cryptography …
Solving the key distribution problem - Diffie-Hellman key exhange
• The algorithm relies on the mathematical identity:
– (ga)b mod p = (gb mod p)a mod p
04/12/2023
Dallas Web Security Group
18
Symmetric Key Cryptography …
Solving the key distribution problem - Diffie-Hellman key exhange
AliceKnows: a = 6
EveBob
Knows: b = 15
Computes secret integer a = 6
Computes secret integer b = 15
04/12/2023
Dallas Web Security Group
19
Symmetric Key Cryptography …
Solving the key distribution problem - Diffie-Hellman key exhange
AliceKnows: a = 6p = 23g = 5
EveKnows:p = 23g = 5
BobKnows: b = 15p = 23g = 5
Sends prime number p = 23 and
base g = 5Recieves p and gIntercepts p and g
04/12/2023
Dallas Web Security Group
20
Symmetric Key Cryptography …
Solving the key distribution problem - Diffie-Hellman key exhange
AliceKnows: a = 6p = 23g = 5A = 8
EveKnows:p = 23g = 5
BobKnows: b = 15p = 23g = 5B = 19
Calculates A = ga mod p
A = 8
Calculates B = gb mod p
B = 19
04/12/2023
Dallas Web Security Group
21
Symmetric Key Cryptography …
Solving the key distribution problem - Diffie-Hellman key exhange
AliceKnows: a = 6p = 23g = 5A = 8
EveKnows:p = 23g = 5A = 8
BobKnows: b = 15p = 23g = 5B = 19A = 8
Sends A Recieves AIntercepts A
04/12/2023
Dallas Web Security Group
22
Symmetric Key Cryptography …
Solving the key distribution problem - Diffie-Hellman key exhange
AliceKnows: a = 6p = 23g = 5A = 8B = 19
EveKnows:p = 23g = 5A = 8B = 19
BobKnows: b = 15p = 23g = 5B = 19A = 8
Receives B Sends BIntercepts B
04/12/2023
Dallas Web Security Group
23
Symmetric Key Cryptography …
Solving the key distribution problem - Diffie-Hellman key exhange
AliceKnows: a = 6p = 23g = 5A = 8B = 19s = 2
EveKnows:p = 23g = 5A = 8B = 19s = ???
BobKnows: b = 15p = 23g = 5B = 19A = 8s = 2
Computes s = Ba mod p
s = 2
Computess = Ab mod p
s = 2
We know Ba mod p = Ab mod p = (ga)b mod p from our identity:
(ga)b mod p = (gb mod p)a mod p
04/12/2023
Dallas Web Security Group
24
Symmetric Key Cryptography …
What about our four principles?
• Now we know we can distribute symmetric keys over an unsecure network to establish a secure channel, can we also use symmetric keys to get our four desired properties?
• Encryption – This one is easy!
– Alice sends message M to Bob encrypted with their shared key s: Es(M)
– Bob decrypts Alice’s message with the shared key: Ds(Es(M)) = M
• Authentication
– Since the keys are temporary, there’s no good way to establish authenticity baked into the cryptographic system
– Authentication is not possible through symmetric key encryption, at least not without using some mechanism external to the cryptographic method itself
04/12/2023
Dallas Web Security Group
25
Symmetric Key Cryptography …
What about our four principles?
• Integrity
– Alice sends encrypted message M to Bob Es(M) along with its encrypted hash Es(H(M))
– Bob decrypts Alice’s message Ds(Es(M)) = M and the hash Ds(Es(H(M))) = H(M)
– Bob hashes Alices message H(M) and compares it to the hash Alice sent, if the hashes are equal, then we can be confident that integrity holds
• Non repudiation
– Much like authentication, without permanent keys trust cannot be established, so this is not possible without some external mechanism
04/12/2023
Dallas Web Security Group
26
Asymmetric Key Cryptography
04/12/2023
Dallas Web Security Group
27
Asymmetric Key Cryptography …
Asymmetric Key Cryptography
• In asymmetric key cryptography, each party has two keys, a public key and a private keys
• The public key is shared to the world, and the private key is kept private
• The keys are generated in such a way that any message encrypted by the public key in the pair can only be decrypted by the private key, and vice versa
• Advantages
– Symmetric Key Cryptography only satisfied two of our four principles. We can do better!
– Key distribution isn’t a problem. We want everyone to see our public key!
• Disadvantages
– Slow, at least compared against symmetric key cryptography
– Non intuitive
04/12/2023
Dallas Web Security Group
28
Asymmetric Key Cryptography …
Encryption - Can we satisfy our four basic principles?
AlicePublic Key: ApubPrivate Key: Apriv
BobPublic Key: BpubPrivate Key: Bpriv
Wants to send Bob an
encrypted message
Sends Bob a message M encrypted with Bob’s public keyEBpub(M)
Decrypts Alice’s message with his private key
DBpriv(EBpub(M)) = M
04/12/2023
Dallas Web Security Group
29
Asymmetric Key Cryptography …
Authentication - Can we satisfy our four basic principles?
AlicePublic Key: ApubPrivate Key: Apriv
BobPublic Key: BpubPrivate Key: Bpriv
Sends Bob an encrypted messageEBpub(M)
“signed” with her private key to get
EApriv(EBpub(M))
Wants to validate Alice’s
identity
Decrypts message with Alice’s public key
DApub(EApriv(EBpub(M))) = EBpub(M))
Then, decrypts with private key
DBpriv(EBpub(M)) = M
04/12/2023
Dallas Web Security Group
30
Asymmetric Key Cryptography …
Integrity - Can we satisfy our four basic principles?
AlicePublic Key: ApubPrivate Key: Apriv
BobPublic Key: BpubPrivate Key: Bpriv
Wants to know Alice’s message
hasn’t been modified
Sends Bob an encrypted messageEBpub(Mo)
and the hash of that
message, encrypted
EBpub(H(Mo))
Decrypts message DBpriv(EBpub(Mr)) = Mr
Decrypts hashDBpriv(EBpub(H(Mo))) = H(Mo)Verify integrity by hashing
received messageH(Mr) = H(Mo)
04/12/2023
Dallas Web Security Group
31
Asymmetric Key Cryptography …
Non Repudiation - Can we satisfy our four basic principles?
AlicePublic Key: ApubPrivate Key: Apriv
BobPublic Key: BpubPrivate Key: Bpriv
Sends Bob an encrypted messageEBpub(M)
“signed” with her private key to get
EApriv(EBpub(M))
Wants to validate Alice’s
identity
Decrypts message with Alice’s public key
DApub(EApriv(EBpub(M))) = EBpub(M))
Then, decrypts with private key
DBpriv(EBpub(M)) = M
04/12/2023
Dallas Web Security Group
32
Asymmetric Key Cryptography …
How does asymmetric key cryptography work?
• Asymmetric key cryptography works in a similar manner to symmetric key cryptography except that the keys are generated in a special manner that allows them to decrypt only messages encrypted by the other key in the pair
• While there are many ways to do this, the most common algorithm is known as the RSA keygen algorithm
• RSA Algorithm:
1. Choose two distinct prime numbers p and q
2. Compute n = pq
3. Compute φ(n) = (p – 1)(q – 1) where φ is Euler’s totient function
4. Chose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 (e and φ(n) are coprime)
5. Solve for d given de ≡ 1 (mod φ(n))
6. Compute keys:
Public key: (n, e); To encrypt: C ≡ Me (mod n)
Private key (n, d); To decrypt: M ≡ Ce (mod n)
04/12/2023
Dallas Web Security Group
33
Asymmetric Key Cryptography …
RSA key generation algorithm
1. Choose two distinct prime numbers p and q
p = 61
q = 53
04/12/2023
Dallas Web Security Group
34
Asymmetric Key Cryptography …
RSA key generation algorithm
p = 61
q = 53
2. Compute n = pq
n = (61)(53) = 3233
04/12/2023
Dallas Web Security Group
35
Asymmetric Key Cryptography …
RSA key generation algorithm
p = 61
q = 53
n = 3233
3. Compute the totient of the product (pq) as (p - 1)(q - 1)
φ(3233) = (61 - 1)(53 - 1) = 3120
04/12/2023
Dallas Web Security Group
36
Asymmetric Key Cryptography …
RSA key generation algorithm
p = 61
q = 53
n = 3233
φ(n) = 3120
4. Choose and number 1 < e < φ(n) that is coprime to φ(n)
Picking this number could be hard, but if we choose a prime number, then we just have to make sure that 3120 isn’t divisible by it
So lets choose e = 17
04/12/2023
Dallas Web Security Group
37
Asymmetric Key Cryptography …
RSA key generation algorithm
p = 61
q = 53
n = 3233
φ(n) = 3120
e = 17
5. Solve for d given de ≡ 1 (mod φ(n))
This is a different way to write the modular multiplicative inverse of e (mod φ(n))
d(17) ≡ 1 (mod 3120)
d = 2753
(17 * 2753 = 46801 which has remainder 1 when divided by 3120)
04/12/2023
Dallas Web Security Group
38
Asymmetric Key Cryptography …
RSA key generation algorithm
p = 61
q = 53
n = 3233
φ(n) = 3120
e = 17
d = 2753
• To encrypt, our public key is (n = 3233, e = 17) with function
C ≡ Me (mod n)
Lets say M = 65
C ≡ 6517 (mod 3233)
C = 2790
04/12/2023
Dallas Web Security Group
39
Asymmetric Key Cryptography …
RSA key generation algorithm
p = 61
q = 53
n = 3233
φ(n) = 3120
e = 17
d = 2753
C = 2790
• To decrypt, our private key is (n = 3233, d = 2753) with function
M ≡ Cd (mod n)
M ≡ 2790 2753 (mod 3233)
M = 65
04/12/2023
Dallas Web Security Group
40
Credits
04/12/2023
Dallas Web Security Group
41
Credits …
Credits
• Credera
• http://dictionary.reference.com/browse/cryptography
• http://www.thegeekstuff.com/2012/07/cryptography-basics/
• http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html
• All of Wikipedia
• http://mathworld.wolfram.com
04/12/2023
Dallas Web Security Group
42
Q&A
Top Related