Chapter Cryptographic Tools Symmetric Encryption • • • The universal technique for providing confidentiality for transmitted or stored data Also referred to as conventional encryption or single-key encryption Two requirements for secure use: • • Need a strong encryption algorithm Sender and receiver must have obtained copies secure fashion and must of the secret key in a keep the key secure Secret key shared by sender and recipient Secret key shared by sender and recipient K K Transmitted ciphertext X Y =E[K, X] Plaintext input Encryption algorithm (e.g., DES) X =D[K, Y] Decryption algorithm (reverseof encryption algorithm) Figure 2.1 Simplified Model of Symmetric Encryption Plaintext output Attacking Symmetric Encryption Cryptanalytic Attacks   Rely on:   Nature of the algorithm  Some sample plaintext-ciphertext pairs Some knowledge of the general characteristics of the plaintext Exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or the key being used  If successful all future and past messages encrypted with that key are compromised Brute-Force Attack  Try all possible keys on some ciphertext until an intelligible translation into plaintext is obtained  On average half of all possible keys must be tried to achieve success Table 2.1 DES TripleDES AES Plaintext block size(bits) 64 64 128 Ciphertext block size(bits) 64 64 128 Key size(bits) 56 112 or 168 128, 192, or 256 DES = Data Encryption Standard AES = Advanced Encryption Standard Comparison of Three Popular Symmetric Encryption Algorithms Data Encryption Standard (DES) • The most widely used encryption scheme • FIPS PUB 46 • Referred to as the Data Encryption • Uses 64 bit plaintext block and 56 bit key to Algorithm (DEA) produce a 64 bit ciphertext block Strength concerns: • Concerns about algorithm • • DES is the most studied encryption algorithm in existence Use of 56-bit key • Electronic Frontier Foundation (EFF) announced in July 1998 that it had broken a DES encryption Table 2.2 Key size (bits) 56 Cipher DES Number of Alternative Keys TimeRequired at 109 decryptions/s TimeRequired at 1013 decryptions/s 256 ≈ 7.2 × 1016 255 ns = 1.125 years hour ≈ 3.4 × 2127 ns = 5.3 × 1021 years 5.3 × 1017 years Triple DES 2167 ns = 5.8 × 1033 2168 ≈ 3.7 × 1050 years 5.8 × 1029 years 192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040 years 9.8 × 1036 years 256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060 years 1.8 × 1056 years 128 168 AES 2128 1038 Average Time Required for Exhaustive Key Search Triple DES (3DES)    Repeats basic DES algorithm three times using either two or three unique keys First standardized for use in financial applications in ANSI standard X9.17 in 1985 Attractions:    168-bit key length overcomes the vulnerability to brute-force attack of DES Underlying encryption algorithm is the same as in DES Drawbacks:   Algorithm is sluggish in software Uses a 64-bit block size Advanced Encryption Standard (AES) Should Should have have a a security security strength strength Needed a equal equal to to or or better better than than 3DES 3DES NIST called for replacement for proposals for a new 3DES was not 3DES AES in 1997 Significantly Significantly improved improved efficiency efficiency reasonable for long term use Selected Rijndael in November 2001 Published as FIPS 197 Symmetric Symmetric block block cipher cipher 128 128 bit bit data data and and 128/192/256 128/192/256 bit bit keys keys Security of Hash Functions There are two approaches to attacking a secure hash function: SHA most widely used hash Additional secure hash algorithm function applications: Cryptanalysis Passwords • Exploit logical weaknesses in the • Hash of a password is stored by an algorithm operating system Brute-force attack Intrusion detection • Strength of hash function depends solely • Store H(F) for each file on a system and on the length of the hash code produced by the algorithm secure the hash values Some Asymm two ol is Uses • protoc etric form of separ needed ate for distrib ution keys • Public Based on mathe matical functio ns key Publicl y propos ed by Diffie and Hellma n in 1976 and privat e key • Public key is Public-Key Encryption Structure made public for others to use  Plaintext   Encryption algorithm   Pair of keys, one for encryption, one for decryption Ciphertext   Performs transformations on the plaintext Public and private key   Readable message or data that is fed into the algorithm as input Scrambled message produced as output Decryption key  Produces the original plaintext Bob (a) Encryption with public key Alice Alice's public key ring J oy Ted Mike PRb PUb Bob's private key Bob Bob's public key X= D[PUb, Y] Transmitted ciphertext X Y =E[PRb, X] Plaintext input Encryption algorithm (e.g., RSA) Bob Decryption algorithm (b) Encryption with privatekey Plaintext output Alice Figure2.6 Public-Key Cryptography  User encrypts data using his or her own private key  Anyone who knows the corresponding public key will be able to decrypt the message Table 2.3 Applications for Public-Key Cryptosystems Algorithm Digital Signature Symmetric Key Distribution Encryption of Secret Keys RSA Yes Yes Yes Diffie-Hellman No Yes No DSS Yes No No Elliptic Curve Yes Yes Yes Requirements for Public-Key Cryptosystems Computationally easy to create key pairs Computationally easy for sender Useful if either key can be used knowing public key to encrypt for each role messages Computationally infeasible for Computationally easy for opponent to otherwise recover receiver knowing private key to original message decrypt ciphertext Computationally infeasible for opponent to determine private key from public key Asymmetric Encryption Algorithms RSA (Rivest, Shamir, Most widely accepted and Developed in 1977 implemented approach to public-key encryption Adleman) DiffieHellman key exchange algorithm Enables two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent Limited to the exchange of the keys symmetric encryption of messages Digital Signature Standard Provides only a digital Cannot be used for signature function with encryption or key SHA-1 exchange (DSS) Elliptic curve cryptography (ECC) Security like RSA, but with much smaller keys Block cipher in which the plaintext and ciphertext are integers between and n-1 for some n Digital Signatures  Used for authenticating both source and data integrity  Created by encrypting hash code with private key  Does not provide confidentiality  Even in the case of complete encryption  Message is safe from alteration but not eavesdropping Unsigned certificate: contains user ID, user's public key, as well as information concerning the CA H Bob's ID information Bob's public key H Recipient can verify signature by comparing hash code values CA information E Generate hash code of unsigned certificate D Signed certificate Encrypt hash code with CA's private key to form signature Create signed digital certificate Decrypt signature with CA's public key to recover hash code Use certificate to verify Bob's public key Figure2.7 Public-Key CertificateUse Message Digital E Encrypted message Random symmetric key Digital envelope E Envelopes Encrypted symmetric key Receiver's public key (a) Creation of a digital envelope D  Encrypted message Protects a message without needing Random symmetric key to first arrange for sender and receiver to have the same secret key  Equates to the same thing as a sealed envelope containing an Digital envelope Message D Encrypted symmetric key (b) Opening a digital envelope unsigned letter Figure2.8 Digital Envelopes Receiver's private key Random Keys for public-key algorithms Numbers Stream key for symmetric stream cipher Symmetric key for use as a temporary session key or in creating a digital envelope Handshaking to prevent replay attacks  Session key Uses include generation of: Random Number Requirements Randomness Unpredictability Criteria: Uniform distribution Frequency of occurrence of each of the numbers should be approximately the same Independence No one value in the sequence can be inferred from the others Each number is statistically independent of other numbers in the sequence Opponent should not be able to predict future elements of the sequence on the basis of earlier elements Random versus Pseudorandom Cryptographic applications typically make use of algorithmic techniques for random number generation • Algorithms Algorithms are are deterministic deterministic and and therefore therefore produce produce sequences sequences of of numbers numbers that that are are not not statistically statistically random random Pseudorandom numbers are: • • Sequences Sequences produced produced that that satisfy satisfy statistical statistical randomness randomness tests tests Likely Likely to to be be predictable predictable True random number generator (TRNG): • • Uses Uses a a nondeterministic nondeterministic source source to to produce produce randomness randomness Most Most operate operate by by measuring measuring unpredictable unpredictable natural natural processes processes • • e.g e.g radiation, radiation, gas gas discharge, discharge, leaky leaky capacitors capacitors Increasingly Increasingly provided provided on on modern modern processors processors Practical Application: Encryption of Stored Data Common to encrypt transmitted data Much less common for stored data There is often little protection beyond domain authentication and operating system access controls Approaches to encrypt stored data: Data are archived for indefinite periods Use a commercially available encryption package Even though erased, until disk sectors are reused data are recoverable Back-end appliance Library based tape encryption Background laptop/PC data encryption Summary • • • Confidentiality with symmetric encryption    Symmetric encryption Symmetric block encryption algorithms Stream ciphers Message authentication and hash functions   Authentication using symmetric encryption   Secure hash functions Message authentication without message encryption Other applications of hash functions • Public-key encryption • Digital signatures and key management Random and pseudorandom numbers   The use of random numbers Random versus pseudorandom         Structure Applications for public-key cryptosystems Requirements for public-key cryptography Asymmetric encryption algorithms Digital signature Public-key certificates Symmetric key exchange using public-key encryption Digital envelopes ... Sender and receiver must have obtained copies secure fashion and must of the secret key in a keep the key secure Secret key shared by sender and recipient Secret key shared by sender and recipient... mode) Key K Key K Pseudorandombyte generator (key streamgenerator) Pseudorandombyte generator (key streamgenerator) k Plaintext bytestream M ENCRYPTION k Ciphertext bytestream C DECRYPTION (b)... advantage is that they are almost always faster and use far less code Encrypts Encrypts plaintext plaintext one one byte byte at at a a time time Pseudorandom stream is one that is unpredictable without