1Serbia 2003

INTRODUCTIONto

CRYPTOGRAPHYFred Piper

Codes & Ciphers Ltd12 Duncan Road, RichmondSurrey, TW9 2JDENGLAND

Royal Holloway, University of LondonEgham Hill, EghamSurrey TW20 0EX

ENGLAND

2Serbia 2003

Sender Am I happy that the whole world sees this ? What am I prepared to do to stop them ? What am I allowed to do to stop them ?

Recipient Do I have confidence in :

the originator the message contents and message stream no future repudiation.

Network Manager Do I allow this user on to the network ? How do I control their privileges ?

Some Security Issues

3Serbia 2003

Cipher System

cryptogramc

EncipheringAlgorithm

DecipheringAlgorithm

Key k(E) Key k(D)

messagem

messagem

Interceptor

4Serbia 2003

The Attacker’s Perspective

DecipheringAlgorithm

Unknown Keyk(D)

Known c Wants m

Note: k(E) is not needed unlessit helps determine k(D)

5Serbia 2003

Two Types of Cipher System

• Conventional or Symmetrick(D) easily obtained from k(E)

• Public or AsymmetricComputationally infeasible to determine k(D) from k(E)

6Serbia 2003

Mortice Lock.If you can lock it, then you can unlock it.

Bevelled Sprung Lock.Anyone can lock it, only keyholder can unlock it.

7Serbia 2003

Types of Attack

• Ciphertext only• Known plaintext• Chosen ciphertext

8Serbia 2003

Assumptions About Attacker (1)

Military/Government:Try to keep details of system (including algorithm) secret

Worst Case Conditions:Commercial:

Assume he knows: System (including algorithm) All ciphertext Some corresponding plaintext/ ciphertext

9Serbia 2003

Warning

THE FACT THAT AN ALGORITHM HAS

BEEN PUBLISHED SAYS NOTHING

ABOUT ITS STRENGTH.

10Serbia 2003

Breaking Algorithm

• Finding a method of determining

message from cryptogram without

being given deciphering key.

11Serbia 2003

Exhaustive Key Search Attacks

• The security depends on the secrecy of the deciphering key.

• One potential attack, if the algorithm is known, is to try all possible deciphering keys and to eliminate all incorrect ones.

• To withstand this type of attack a large key space is required.

12Serbia 2003

Exhaustive Key Searches

Estimating time required for key

search requires assumptions about the

attacker’ resources

13Serbia 2003

Saints or Sinners ?Receiver

Interceptor

Sender

Who are the ‘good’ guys ?

14Serbia 2003

If Someone Wants Your Plaintext

• Give it to them• Give them the decryption key• They may break algorithm• They may ‘find’ plaintext in system• They may ‘find’ key in system

15Serbia 2003

Practical Considerations when Implementing Encryption

• Key management is the difficult part • Keys need to be generated, distributed,

stored, changed securely• History shows that most cryptanalytic

attacks exploit poor implementation and/or key management Example: Enigma in World War 2

16Serbia 2003

Cryptography is used to provide:

1. Confidentiality

2. Data Integrity

3. Entity/Origin Verification

4. Non-Repudiation

5. Access Control

17Serbia 2003

Choosing an Algorithm

The choice of algorithm depends upon the application.

Applications of encryption include :• Data confidentiality• Data integrity• Digital Signatures.

18Serbia 2003

Misuse of Encryption

GradeGood student xxxxxBad student xxxxx

Grades can be changed

19Serbia 2003

Classification of Techniques

• Bit / Block operation

• Positional dependence/independence

• Message dependence/independence

20Serbia 2003

Vernam Cipher

Random sequence k1,k2,…,kn

Message m1,m2,…,mn

+Ciphertext

k1m1,k2 m2,…,kn mn

The message and key are bit strings

21Serbia 2003

Stream Cipher

Plaintext data

Keystream sequence

Ciphertext

Key

SequenceGenerator

XOR

22Serbia 2003

Stream Cipher

• Enciphers bit by bit

• Positional dependence

• Security depends on properties of

the keystream

23Serbia 2003

Stream Ciphers

Applications•Widely used for military and paramilitary applications for both data and digitised speech

•The main reason for their wide use is that military communications are often over poor channels and error propagation is unacceptable

24Serbia 2003

Symmetric Block Cipher System

Key dependentpermutation

on s-bit blocks

s-bitplaintext block

s-bitciphertext block

Key

25Serbia 2003

Block Ciphers : Key Sizes

• Depends on security requirement

• Key searches on size 290 are currently considered infeasible

26Serbia 2003

DES: Key Search on Internet (1997)

DES has 256 keys DES key found Search took 140 days Search used over 10,000 computers Peak rate: 7.109 keys/sec ‘Might’ have taken 32 days

27Serbia 2003

DES Breaker (1998)

Electronic Frontier FoundationDesign cost $ 80,000Manufacturing cost $130,000Test key found in 56 hoursComplete search in 220 hours90 Billion keys per secondDesign details published

28Serbia 2003

DES : Double Length Key

k = (k1,k2) k1,k2 DES keys Ek(m) = Ek1(Dk2(Ek1(m))) key is 112 bits key search with 2112 trials is

infeasible.

29Serbia 2003

Advanced Encryption Standard (AES)

• Block ciphers

• Block size 128 bits

• Key lengths 128, 192, 256 bits

• Must be faster than triple DES

30Serbia 2003

AES (Continued)

June 1998: 15 candidates

August 1998: 11

April 1999: 5

Decision October 2000

Rijndael

31Serbia 2003

The following slides will not be discussed but are included for completeness

32Serbia 2003

Applications

• Access Control• Authentication

33Serbia 2003

The Challenge / Response Principle

Key Key

Random number

Challenge PIN-Controlled

A A

Response

A - Encipher or OWFY/N = ?

34Serbia 2003

Digital Signatures

According to ISO, the term Digital Signature is used: ‘to indicate a particular authentication technique used to establish the origin of a message in order to settle disputes of what message (if any) was sent’.

35Serbia 2003

Digital Signatures

A signature on a message is some data• that validates a message and verifies its origin• a receiver can keep as evidence• a third party can use to resolve disputes.

It depends on• the message• a secret parameter only• available to the sender

It should be• easy to compute • (by one person only)• easy to verify• difficult to forge

36Serbia 2003

Principle of Digital Signatures

There is a (secret) number which:• Only one person can use• Is used to identify that person• ‘Anyone’ can verify that it has been

used NB: Anyone who knows the value of

a number can use that number.

37Serbia 2003

Certification Authority

Aim :To guarantee the authenticity of public keys.

Method :The Certification Authority guarantees the authenticity by signing a certificate containing user’s identity and public key with its secret key.

Requirement :All users must have an authentic copy of the Certification Authority’s public key.

38Serbia 2003

Certification Process

Verifies credentials

CreatesCertificate

Receives(and checks)

Certificate

Presents Public Key and

credentials

Generates Key Set

Distribution

Centre

Owner

39Serbia 2003

How Does it Work?

The Certificate can accompany all Fred’s messages

The recipient must directly or indirectly:• Trust the CA• Validate the certificate

The CA certifiesthat Fred Piper’s

public key is………..

Electronicallysigned by

the CA

40Serbia 2003

Fundamental Requirement

Internal infrastructure to support secure technological implementation