CHAPTER 12 Encryption 207 Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use. A ll we need to be secure is good encryption and that will take care of everything. That is the refrain that used to be heard. If the information is protected by encryp - tion, then no one can see it or modify it. If we use encryption, we know whom we are talking to so we have authentication as well. As with everything, if it sounds too good to be true, it usually is. That is the case with encryption as well. Encryption is certainly an important security tool. Encryption mecha - nisms can help protect the confidentiality and integrity of information. Encryption mech - anisms can help identify the source of information. But encryption by itself is not the answer. Encryption mechanisms can and should be a part of a comprehensive security pro - gram. In fact, encryption mechanisms are probably the most widely used security mecha - nisms just because they can help with confidentiality, integrity, and accountability. However, encryption is only a delaying action. We know that any encryption system can be broken. It is just that the length of time and the resources required to gain access to the information being protected by the encryption are both significant. Thus, the attacker may try some other weakness in the overall system. This chapter is intended to provide you with a basic understanding of what encryp - tion is and how it can be used. We will not be talking about the underlying mathematical theory (not much anyway), so you will not need an advanced degree in calculus. But we will use some examples so you understand how the various encryption algorithms can be used in a good security program. ENCRYPTION CONCEPTS Encryption is simply the obfuscation of information in such a way as to hide it from unau- thorized individuals while allowing authorized individuals to see it. Individuals are defined as authorized if they have the appropriate key to decrypt the information. This is a very simple concept. The “how” of doing it is where the difficultly lies. Another important concept to keep in mind is that the intent with any encryption sys - tem is to make it extremely difficult for an unauthorized individual to gain access to the information, even if that individual has the encrypted information and knows the algo - rithm used to encrypt it. As long as the unauthorized individual does not have the key, the information should be safe. Through the use of encryption, we can provide portions of three security services: ▼ Confidentiality Encryption can be used to hide information from unauthorized individuals either in transit or in storage. ■ Integrity Encryption can be used to identify changes to information either in transit or in storage. ▲ Accountability Encryption can be used to authenticate the origin of information and prevent the origin of information from repudiating the fact that the information came from that origin. 208 Network Security: A Beginner’s Guide Encryption Terms Before we begin the detailed discussion of encryption, it will be helpful to define several terms that we will use during the discussion. First, we have terms for the components of the encryption and decryption operation. Figure 12-1 shows the basic operation. ▼ Plaintext The information in its original form. This is also known as cleartext. ■ Ciphertext The information after it has been obfuscated by the encryption algorithm. ■ Algorithm The method of manipulation that is used to change the plaintext into ciphertext. ■ Key The input data into the algorithm that transforms the plaintext into the ciphertext or the ciphertext into the plaintext. ■ Encryption The process of changing the plaintext into ciphertext. ▲ Decryption The process of changing the ciphertext into plaintext. There are four other terms that are helpful to understand: ▼ Cryptography The art of concealing information using encryption. ■ Cryptographer An individual who practices cryptography. ■ Cryptanalysis The art of analyzing cryptographic algorithms with the intent of identifying weaknesses. ▲ Cryptanalyst An individual who uses cryptanalysis to identify and use weaknesses in cryptographic algorithms. Chapter 12: Encryption 209 Figure 12-1. The basic encryption operation 210 Network Security: A Beginner’s Guide Attacks Against Encryption Encryption systems can be attacked in three ways: ▼ Through weaknesses in the algorithm ■ Through brute force against the key ▲ Through weaknesses in the surrounding system When an algorithm is attacked, the cryptanalyst is looking for a weakness in the way that the algorithm changes plaintext into ciphertext so that the plaintext may be recovered without knowing the key. Algorithms that have weaknesses of this type are rarely con - sidered strong enough for use. This is because a known weakness can be used to quickly recover the original plaintext. The attacker will not be forced to use significant resources. Brute-force attacks are attempts to use every possible key on the ciphertext to find the plaintext. On the average, an analyst using this method will have to try 50 percent of the keys before finding the correct key. The strength of the algorithm is then only defined by the number of keys that must be attempted. Thus, the longer the key, the larger the total num- ber of keys and the larger the number of keys that must be tried until the correct key is found. Brute-force attacks will always succeed eventually if enough time and resources are used. Therefore, algorithms should be measured by the length of time the information is expected to be protected even in the face of a brute-force attack. An algorithm is consid- ered computationally secure if the cost of acquiring the key through brute force is more than the value of the information being protected. The last type of attack, through weaknesses in the surrounding system, is normally not discussed in the context of encryption. However, the fact of the matter is that it is usu- ally easier to successfully attack the surrounding system than it is to attack the encryption algorithm. Think of this example: An algorithm is strong and has a long key that will re- quire millions of dollars of computer equipment to brute force in a reasonable period of time. However, the organization using this algorithm sends the keys to its remote locations via regular mail. If I know when the key will be sent, it may be easier for me to intercept the envelope and gain access to the key that way. Perhaps even a better example of a weakness in the surrounding system can be found with a commonly used encryption package. This package uses strong encryption algo - rithms to encrypt electronic mail and files. The encryption used cannot be easily attacked through the algorithm or by brute force. However, the user’s key is stored in a file on his computer. The file is encrypted with a password. Given that most people will not use ran - dom characters in their password, it is significantly easier to guess or brute force the user’s password than it is to brute force the user’s key. TEAMFLY Team-Fly ® Chapter 12: Encryption 211 The lesson here is that the surrounding system is just as important to the overall secu - rity of encryption as the algorithm and the key. PRIVATE KEY ENCRYPTION There are two primary types of encryption: private key and public key. Private key en - cryption requires all parties who are authorized to read the information to have the same key. This then reduces the overall problem of protecting the information to one of protect - ing the key. Private key encryption is the most widely used type of encryption. It provides confidentiality of information and some guarantee that the information was not changed while in transit. What Is Private Key Encryption? Private key encryption is also known as symmetric key encryption because it uses the same key to encrypt information as is needed to decrypt information. Figure 12-2 shows the basic private key encryption function. As you can see from the figure, both the sender and the receiver of the information must have the same key. Private key encryption provides for the confidentiality of the information while it is encrypted. Only those who know the key can decrypt the message. Any change to the message while it is in transit will also be noticed as the decryption will not work properly. Private key encryption does not provide authentication as anyone with the key can cre- ate, encrypt, and send a valid message. Generally speaking, private key encryption is fast and can be easy to implement in hardware or software. Figure 12-2. Private key encryption Substitution Ciphers Substitution ciphers have been around for as much as 2,500 years. The earliest known ex - ample is the Atbash cipher. It was used around 600 B.C. and consisted of reversing the Hebrew alphabet. Julius Caesar used a substitution cipher call the Caesar cipher. This cipher consisted of replacing each letter with the letter three positions later in the alphabet. Therefore “A” would be come “D,” “B” would become “E,” and “Z” would become “C.” As you can see from this example, the substitution cipher operates on the plaintext one letter at a time. As long as both the sender and receiver of the message use the same substitution scheme, the message can be understood. The key for the substitution cipher is either the number of letters to shift, or a completely reordered alphabet. Substitution ciphers suffer from one primary weakness—the frequency of the letters in the original alphabet does not change. In English, the letter “E” is the most frequently used letter. If another letter is substituted for “E,” that letter will be the most frequently used (over the course of many messages). Using this type of analysis, the substitution cipher can be bro - ken. Further development of frequency analysis also shows that certain two- and three- letter combinations also show up frequently. This type of analysis can break any substitu- tion cipher if the attacker gains sufficient ciphertext. One-Time Pads One-time pads (OTPs) are the only theoretically unbreakable encryption system. An OTP is a list of numbers, in completely random order, that is used to encode a message (see Figure 12-3). As its name implies, the OTP is only used once. If the numbers on the OTP are truly random and the OTP is only used once, then the ciphertext provides no mecha- nism to recover the original key (the OTP itself) and therefore, the messages. OTPs are used but only for short messages in very high-security environments. For example, the Soviet Union used OTPs to allow spies to communicate with Moscow. The two main problems with OTPs are the generation of truly random pads and the distribu - tion of the pads themselves. Obviously, if the pads are compromised, so is the informa - tion they will protect. If the pads are not truly random, patterns will emerge that can be used to allow frequency analysis. 212 Network Security: A Beginner’s Guide Figure 12-3. One-time pad operation One other important point about OTPs is that they can only be used once. If they are used more than once, they can be analyzed and broken. This is what happened to some Soviet OTPs during the Cold War. A project called Venona at the National Security Agency was created to read this traffic. Venona intercepts can be examined at the NSA Web site (http://www.nsa.gov). Some encryption systems today claim to mimic OTPs. While this type of system may provide enough security, it may just as well be an easily breakable system that provides little in the way of security. Generally, OTPs are not feasible for use in high-traffic environments. Data Encryption Standard The algorithm for the Data Encryption Standard (DES) was developed by IBM in the early 1970s. The United States National Institute of Standards and Technology (NIST) adopted the algorithm (as FIPS publication 46) for DES in 1977 after it was examined, modified, and approved by NSA. The standard was reaffirmed in 1983, 1988, 1993, and 1999. DES uses a 56-bit key. The key uses seven bits of eight 8-bit bytes (the eighth bit of each byte is used for parity). DES is a block cipher that operates on one 64-bit block of plaintext at a time (see Figure 12-4 for a block diagram of the algorithm). There are 16 rounds of en- cryption in DES with a different sub-key used in each round. The key goes through its own algorithm to derive the 16 sub-keys (see Figure 12-5). In the DES block diagram, you can see several blocks where permutations occur. The standard defines a specific rearrangement of bits for each permutation. The same is true for the sub-key generation algorithm. There are specific bit rearrangements for permuted choice 1 and 2. In Figure 12-4, you can also find a call out of the function “f.” Within the function, there is a block that says “S” boxes. The “S” boxes are table lookups (also de- fined in the standard) that change a 6-bit input into a 4-bit output. There are four modes of operation for DES: ▼ Electronic Code Book This is the basic block encryption where the text and the key are combined to form the ciphertext. Identical input produces identical output in this mode. ■ Cipher Block Chaining In this mode, each block is encrypted as in electronic code book but a third factor, derived from the previous input, is added. In this case, identical input (plaintext) does not produce identical output. ■ Cipher Feedback This mode uses previously generated ciphertext as input to DES. The output is then combined with plaintext to produce new ciphertext. ▲ Output Feedback This mode is similar to cipher feedback but uses DES output and does not chain ciphertext. There are no known attacks against the DES algorithm. However, the 56-bit key has be - come a weakness. The key provides a total of 2 55 potential keys (less a few keys that are known to be weak and not used). With today’s computer systems, this entire key space can be examined within a small amount of time. In 1997, the Electronic Frontier Foundation Chapter 12: Encryption 213 214 Network Security: A Beginner’s Guide Figure 12-4. DES block diagram Chapter 12: Encryption 215 (EFF) announced a computer system that can find a DES key in four days. This system cost $250,000 to build. With today’s hardware systems, the time to brute-force a DES key is far too short to protect information that must be kept secret. Figure 12-5. DES sub-key generation algorithm . information. But encryption by itself is not the answer. Encryption mechanisms can and should be a part of a comprehensive security pro - gram. In fact, encryption mechanisms are probably the most. primary types of encryption: private key and public key. Private key en - cryption requires all parties who are authorized to read the information to have the same key. This then reduces the overall