Encryption - VNSA220 VNSA220 Cyber Self Defense Encryption Erik Golen Bill Stackpole& Daryl Johnson © Daryl G Johnson 2006 What is Encryption

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: VNSA220 VNSA220 Cyber Self Defense Encryption Erik Golen Bill Stackpole & Daryl Johnson © Daryl G Johnson 2006 What is Encryption? What is Encryption? • Based on the word “cipher” – an algorithm designed to conceal the meaning of a message. • Definition: the process of obscuring information to make it unreadable without special knowledge, sometimes referred to as scrambling. http://en.wikipedia.org/wiki/Encryption History History • Encryption has been used to protect communications for centuries • Only organizations and individuals with an extraordinary need for secrecy had made use of it • Expensive and slow because done manually History History • Spartan generals • Method secret – Before winding – After winding | | | | H E N T | | | | E I D T | | | | L A E A | | | | P M R C | | | | M U A K – Spiral wound parchment HENTEIDTLAEAPMRCMUAK | | | | History History • Julius Caesar used substitution cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM • URYYB -> • HELLO • How would you break this • How many combinations? – Letter frequency – Key (letter offset) is secret • Limit to 25 different key values History History • Greeks first to use • • • numerical substitution 34 51 33 41 32 51 13 53 33 43 25 ­> SEND HELP NOW How would you break this? – Letter frequency 1 1 2 3 A F L Q V 2 B G M R 3 C H N S 4 D O T Y 5 E P U Z I/J K • How many combinations? 4 – Table secret 5 • 1.4 * 10^25 key values WX When do you use encryption? When do you use encryption? – Turn on your cell phone – Check voice / email (PGP) – Use debit / credit cards (Hopefully) – Order PPV movies – Drive on the thruway (EZPass) – Online gaming – Visit your doctor (Kind of) … But do you REALLY need it? But do you REALLY need it? • • • • • To do your banking? To purchase an item? On your cell phone? On your computer? For everyday conversation? No encryption required No encryption required • • • • • Purchase with cash Deposit/withdrawal at teller Don’t use wireless phone Speak in private If your communications do not pass through an insecure channel Questions Questions • Is your communication/data sensitive? – Is there value you don’t realize? – Is there something there that I don’t want someone else to get? – How do you know? – Can you be sure? • Is the channel public/private? Why use encryption? Why use encryption? • • • • • Hide communications or information Ensuring privacy Ensuring confidentiality Lack of trust Your communications or information must pass through some insecure area (e.g., internet) Goals of Cryptography Goals of Cryptography • Privacy • Authentication • Integrity – Keep private content private – You’re talking to who you think you’re talking to • Digital Signatures – Ensure the content SENT is the content RECEIVED • Non­Repudiation • One­way hash functions – Binding the transaction (prevents party from claiming they were not part of the transaction) Ethics of Encryption Ethics of Encryption • Who has access to high grade, uncrackable encryption? – You, your buddies, friends, siblings, parents, and grandparents – The US Government & its agencies (FBI, CIA, NSA, etc) local & state law enforcement, the military – Other governments & their militaries, people you may not like or may not WANT to have access – Your doctor, lawyer, teachers, grocer, butcher – Those you or your government considers terrorists or your enemy – EVERYONE Is this availability a GOOD thing? Is this availability a GOOD thing? • Balance – public interest and public safety with/against – right to privacy/right to free expression Recent History Recent History • 1976 ­ Diffie­Hellman– Introduced the concept of Public • Key Cryptography in their paper titled “New Directions in Cryptography“ – also introduced a new key­exchange mechanism (diffie­hellman key exchange) 1978 ­ Rivest, Shamir & Adleman –provided practical public key encryption / signature scheme (now referred to as RSA) – Security is based on complexity of factoring HUGE prime numbers • 1985 – ElGamal – alternative public key scheme (powerful and practical as well) Recent History Recent History • 1991 – First international standard for – Based on RSA digital signatures (ISO/IEC 9796) adopted adopted by US Govt. (Based on ElGamal standard) • 1994 – Digital Signature Standard (DSS) Recent History Recent History • 1991 – Pretty Good Privacy (PGP) published via CompuServe by Phil Zimmermann – – – Designed as a human­rights tool Leveraged RSA public­key scheme Started a three­year criminal investigation • US BATF Export restrictions on “munitions” were violated • Dropped in 1996 – Became most widely­used email encryption software in the world. – Current product “zfone” – end­to­end VoIP telephony encryption How does it work? (mechanics) How does it work? (mechanics) • Substitution ­ exchange one thing for • • • • • another Transposition ­ change the order One time pad (codebook) Block cipher Stream cipher (one at a time) Hash – – Digital Fingerprint Hash (vb.) How does it work? (cont.) How does it work? (cont.) • All types require the use of a KEY • Use of cryptography assumes some understanding of the cryptographic functions and risk of being broken I have written this book partly to I have written this book partly to correct a mistake. One Time Pads One Time Pads • • ILWTY NQUVC XBCVM YNEIW GFTKQ QTAXB RLLRC MSNTO FNBAF CIERD UAHAD JVULW CLORV LGPBY CATXC QCWBJ QYRUJ YEAYY LVPSW OTZMH • Problem­­Transposition & substitution use the same key over and over for each letter Can lead to frequency analysis OTPs provide a list of key values – – – – • Drawback ­ Must be as long as the message you want to encrypt, making it impractical Enough for a different key for each letter Can not do freq analysis “perfect secrecy” – cipher gives no added info http://www.alpharubicon.com/elect/otptoboe.htm Encryption categories Encryption categories • Symmetric key encryption • Asymmetric key encryption Symmetric key encryption Symmetric key encryption • Two parties share an identical key • Key used to ENCRYPT data is same as key used to DECRYPT data • K = key, D = data, C = ciphertext (encrypted data) • Mathematically commutative • f(D)K=C, f(C)K=D – (you remember commutative, right?) Asymmetric key encryption Asymmetric key encryption • AKA public key cryptography • Three keys – – – One “public”, one “private”, one symmetric Document to be sent is encrypted with symmetric key Symmetric key is encrypted with public key of recipient – PRIVATE key of recipient is used to decrypt the symmetric key, which is then used to decrypt the document. – Locked mailbox with mail slot – Digital Signature — Wax seal • Two analogies Public Key Infrastructure Public Key Infrastructure • Issue is ensuring the public key hasn’t been • tampered with Digital Certificates are PKI – Use Trusted Third Party to hold / distribute / validate keys. Public key servers Public key servers • Store copies of public keys • Allow individualsto search for posted public keys • How do you determine key validity? (see next slide) Public key servers Public key servers Breakable? Breakable? • • • Time Complexity Not if but when! ...
View Full Document

This note was uploaded on 05/27/2009 for the course NSSA 4050-220 taught by Professor Golen during the Fall '08 term at RIT.

Ask a homework question - tutors are online