Unformatted text preview: VNSA220 VNSA220 Cyber Self Defense
Encryption Erik Golen Bill Stackpole & Daryl Johnson
© Daryl G Johnson 2006 What is Encryption? What is Encryption?
• Based on the word “cipher” – an algorithm designed to conceal the meaning of a message. • Definition: the process of obscuring information to make it unreadable without special knowledge, sometimes referred to as scrambling.
http://en.wikipedia.org/wiki/Encryption History History
• Encryption has been used to protect communications for centuries • Only organizations and individuals with an extraordinary need for secrecy had made use of it • Expensive and slow because done manually History History
• Spartan generals
• Method secret – Before winding
– After winding
| | | | H E N T | | | | E I D T | | | | L A E A | | | | P M R C | | | | M U A K – Spiral wound parchment HENTEIDTLAEAPMRCMUAK
| | | | History History
• Julius Caesar used substitution cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM • URYYB -> • HELLO • How would you break this • How many combinations? – Letter frequency – Key (letter offset) is secret • Limit to 25 different key values History History
• Greeks first to use • • •
numerical substitution 34 51 33 41 32 51 13 53 33 43 25 > SEND HELP NOW How would you break this?
– Letter frequency 1 1 2 3 A F L Q V 2 B G M R 3 C H N S 4 D O T Y 5 E P U Z I/J K • How many combinations? 4 – Table secret 5 • 1.4 * 10^25 key values WX When do you use encryption? When do you use encryption?
– Turn on your cell phone – Check voice / email (PGP) – Use debit / credit cards (Hopefully) – Order PPV movies – Drive on the thruway (EZPass) – Online gaming – Visit your doctor (Kind of) … But do you REALLY need it? But do you REALLY need it?
• • • • •
To do your banking? To purchase an item? On your cell phone? On your computer? For everyday conversation? No encryption required No encryption required
• • • • •
Purchase with cash Deposit/withdrawal at teller Don’t use wireless phone Speak in private If your communications do not pass through an insecure channel Questions Questions
• Is your communication/data sensitive?
– Is there value you don’t realize? – Is there something there that I don’t want someone else to get? – How do you know? – Can you be sure? • Is the channel public/private? Why use encryption? Why use encryption?
• • • • •
Hide communications or information Ensuring privacy Ensuring confidentiality Lack of trust Your communications or information must pass through some insecure area (e.g., internet) Goals of Cryptography Goals of Cryptography
• Privacy • Authentication • Integrity
– Keep private content private – You’re talking to who you think you’re talking to • Digital Signatures – Ensure the content SENT is the content RECEIVED • NonRepudiation • Oneway hash functions – Binding the transaction (prevents party from claiming they were not part of the transaction) Ethics of Encryption Ethics of Encryption
• Who has access to high grade, uncrackable encryption?
– You, your buddies, friends, siblings, parents, and grandparents – The US Government & its agencies (FBI, CIA, NSA, etc) local & state law enforcement, the military – Other governments & their militaries, people you may not like or may not WANT to have access – Your doctor, lawyer, teachers, grocer, butcher – Those you or your government considers terrorists or your enemy – EVERYONE Is this availability a GOOD thing? Is this availability a GOOD thing? • Balance – public interest and public safety with/against – right to privacy/right to free expression Recent History Recent History
• 1976 DiffieHellman– Introduced the concept of Public •
Key Cryptography in their paper titled “New Directions in Cryptography“ – also introduced a new keyexchange mechanism (diffiehellman key exchange) 1978 Rivest, Shamir & Adleman –provided practical public key encryption / signature scheme (now referred to as RSA)
– Security is based on complexity of factoring HUGE prime numbers • 1985 – ElGamal – alternative public key scheme (powerful and practical as well) Recent History Recent History
• 1991 – First international standard for – Based on RSA digital signatures (ISO/IEC 9796) adopted adopted by US Govt. (Based on ElGamal standard) • 1994 – Digital Signature Standard (DSS) Recent History Recent History
• 1991 – Pretty Good Privacy (PGP) published via CompuServe by Phil Zimmermann
– – – Designed as a humanrights tool Leveraged RSA publickey scheme Started a threeyear criminal investigation • US BATF Export restrictions on “munitions” were violated • Dropped in 1996 – Became most widelyused email encryption software in the world. – Current product “zfone” – endtoend VoIP telephony encryption How does it work? (mechanics) How does it work? (mechanics)
• Substitution exchange one thing for • • • • •
another Transposition change the order One time pad (codebook) Block cipher Stream cipher (one at a time) Hash
– – Digital Fingerprint Hash (vb.) How does it work? (cont.) How does it work? (cont.)
• All types require the use of a KEY • Use of cryptography assumes some understanding of the cryptographic functions and risk of being broken I have written this book partly to I have written this book partly to correct a mistake. One Time Pads One Time Pads
• • ILWTY NQUVC XBCVM YNEIW GFTKQ QTAXB RLLRC MSNTO FNBAF CIERD UAHAD JVULW CLORV LGPBY CATXC QCWBJ QYRUJ YEAYY LVPSW OTZMH • ProblemTransposition & substitution use the same key over and over for each letter Can lead to frequency analysis OTPs provide a list of key values
– – – – • Drawback Must be as long as the message you want to encrypt, making it impractical Enough for a different key for each letter Can not do freq analysis “perfect secrecy” – cipher gives no added info http://www.alpharubicon.com/elect/otptoboe.htm Encryption categories Encryption categories
• Symmetric key encryption • Asymmetric key encryption Symmetric key encryption Symmetric key encryption
• Two parties share an identical key • Key used to ENCRYPT data is same as key used to DECRYPT data • K = key, D = data, C = ciphertext (encrypted data) • Mathematically commutative • f(D)K=C, f(C)K=D – (you remember commutative, right?) Asymmetric key encryption Asymmetric key encryption
• AKA public key cryptography • Three keys – – – One “public”, one “private”, one symmetric Document to be sent is encrypted with symmetric key Symmetric key is encrypted with public key of recipient – PRIVATE key of recipient is used to decrypt the symmetric key, which is then used to decrypt the document. – Locked mailbox with mail slot – Digital Signature — Wax seal • Two analogies Public Key Infrastructure Public Key Infrastructure
• Issue is ensuring the public key hasn’t been •
tampered with Digital Certificates are PKI
– Use Trusted Third Party to hold / distribute / validate keys. Public key servers Public key servers
• Store copies of public keys • Allow individualsto search for posted public keys • How do you determine key validity? (see next slide) Public key servers Public key servers Breakable? Breakable?
• • •
Time Complexity Not if but when! ...
View Full Document
- Fall '08
- Encryption, Public Key Encryption, Symmetric Key Encryption, asymmetric key encryption, Public key servers