Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Cryptography
Computer-Security-&-Forensics-
Security-in-Compu5ng,-Chapters-2-&-12
Autumn-2014Computer-Security-&-Forensics
• Using-Encryp5on-
•Commercial-Encryp5on-
•Cryptographic-Hash-Func5ons-
•Public-Key-Encryp5on-
•Digital-Signatures-
•Cer5ficates
Cryptography-F-Topics
! Background-
! Symmetric-&-Asymmetric-Encryp5on-
! Cryptographic-Algorithms-
! Cryptographic-AKacks-
! Crea5ng-Encryp5on-Algorithms
2
Autumn-2014Computer-Security-&-Forensics
Cryptography
“Cryptography-is-the-study-and-prac5ce-of-protec5ng-informa5on-by-data-
encoding-and-transforma5on-techniques.-It-includes-means-of-hiding-
informa5on-(such-as-encryp5on)-and-means-of-proving-that-informa5on-is-
authen5c-and-has-not-been-altered-from-its-original-form-(such-as-digital-
signatures).”--F-www.corestreet.com-
! Cryptography-plays-a-significant-role-in-mee5ng-the-security-requirements-of--
! privacy-
! authen5ca5on-
! integrity
3
Autumn-2014Computer-Security-&-Forensics
Cryptography-&-Privacy
! Encrypted-data-is-private-data-
! If-I-wish-to-send-you-a-private-
message,-I-can-encrypt-it-with-a-
method-that-is-known-only-to-you-
and-me-
! An-eavesdropper-would-need-to-
work-out-what-the-encryp5on-
method-was-and-usually-which-
par5cular-‘key’-is-required-to-read-
the-message-
! Introducing-Sally,-Rob-and-Eve
?
Eve
?
Sally Rob
4
Autumn-2014Computer-Security-&-Forensics
Cryptography-&-Authen5ca5on-
! Cryptography-is-an-important-element-in-Authen5ca5on:-
! Passwords-
! When-you-login,-your-password-is-encrypted-and-checked-against-the-
encrypted-version-that-was-stored-when-your-account-was-set-up-
! Cer5ficates-
! Cer5ficates-can-be-issued-by-trusted-third-par5es-which-verify-that-you-are-
who-you-say-you-are-
! A-user-can-take-your-cer5ficate-and-check-with-the-issuer-that--the-cer5ficate-is-
valid-
! The-mechanism-by-which-this-is-achieved-will-be-discussed-later
5
Autumn-2014Computer-Security-&-Forensics
Cryptography-&-Integrity-
! Encrypted-data-can-be-5ed-to-a-unique-key-or-‘digital-fingerprint’-that-will-not-
match-if-the-data-has-been-altered-since-the-key-was-made-
! Cryptographic-Hash/Checksum-Func5ons-
! Message-Digests-(e.g.-MD5)-
! Again,-more-on-this-later...
6
Autumn-2014Computer-Security-&-Forensics
Terminology
! Sender-(S)-
! The-originator-of-a-message-
! Plaintext-(P)-
! The-clear-message-
! Encryp5on-/-Encode-/-Encipher-(E)-
! The-process-of-turning-the-plaintext-into-cipher,text
! Cipher-Text-(C)-
! The-encrypted-and-unreadable-message-
! Decryp5on-/-Decode-/-Decipher-(D)-
! The-process-of-turning-the-cipher,text,into-plaintext-
! Receiver-(R)-
! The-intended-recipient-of-the-message
Sally
Sender Plaintext Encryp5on
?
Cipher-Text Decryp5on
Rob
ReceiverPlaintext
7
Autumn-2014Computer-Security-&-Forensics
Nota5on
! A-formal-nota5on-is-helpful-for-describing-the-processes-involved-in-
cryptography:-
! Plaintext:-P-=-<p1,-p
2,-p
3,....,-p
n>-
! e.g.-P-=-<s,e,c,r,e,t,s>-
! Cipher-Text:-C-=-<c1,-c
2,-c
3,....,-c
n>-
! e.g.-C-=--<t,f,d,s,f,u,t>-
! Encryp5on-Algorithm-/-Cipher:-E(P)-
! C-=-E(P),---<t,f,d,s,f,u,t>-=-E(<s,e,c,r,e,t,s>)-
! Decryp5on-Algorithm:-D(C)-
! P-=-D(C),-<s,e,c,r,e,t,s>-=-D(<t,f,d,s,f,u,t>)-
! Goal:-P-=-D(E(P))
8
Autumn-2014Computer-Security-&-Forensics
-Symmetric-Encryp5on-&-Keys
! Encryp5on-methods-can-use-one-or-more-keys-(K)-to-adjust-the-opera5on-of-
the-encryp5on-algorithm-such-that-we-get-a-different-C-for-each-K.-
! C-=-E(K,P)-
! In-the-previous-example:-
! <t,f,d,s,f,u,t>-=-E(1,<s,e,c,r,e,t,s>),-K=1-
! <s,e,c,r,e,t,s>-=-E(0,<s,e,c,r,e,t,s>),-K=0-
! <r,d,b,q,d,s,r>-=-E(F1,<s,e,c,r,e,t,s>),-K=F1-
! This-uses-the-same-key-for-encryp5on-and-decryp5on-
! It-is-symmetric-since-C-=-E(K,P)-&-P-=-D(K,C)
9
! It-is-some5mes-useful-to-have-a-different-key-to-encrypt-a-message-compared-with-the-
one-needed-to-decrypt-it-
! C-=-E(K1,P),-P-=-D(K
2,C),-K
1--≠-K
2--
! Since-the-keys-are-not-the-same,-the-encryp5on-process-is-said-to-be-asymmetric-! This-process-enables-Rob-to-decrypt-a-message-with-a,private,key-that-only-he-knows-(K
2)-
having-given-Sally-a-public,key-(K1)-to-encrypt-the-original-message-
! Asymmetric-encryp5on-techniques-are-also-called-public/key-ciphers-since-one-of-the-keys-can-be-made-publicly-available-
! Even-if-Eve-the-eavesdropper-can-obtain-C-and-K1,-this-will-not-help-her-work-out-P-
! Asymmetric-encryp5on-can-be-computa5onally-intensive,-~-10,000-5mes-more-work-
Autumn-2014Computer-Security-&-Forensics
Asymmetric-Encryp5on
Sally Rob
C-=-E(K1,P) P-=-D(K
2,C)
C PP
10
Autumn-2014Computer-Security-&-Forensics
Ciphers
! Secret-messages-have-been-encrypted-for-millennia-
! Early-focus-was-on-transmission-of-secret-messages-(cipher-text)-and-their-subsequent-decoding,-whilst-
trying-to-prevent-eavesdroppers-from-decoding-them-–-cryptanalysis-
! Chinese,-Greeks,-Romans-
! Caesar-cipher:--<v,h,f,u,h,w,v>-=-E(3,<s,e,c,r,e,t,s>)-
! Relied-on-fact-that-most-people-couldn’t-read-
! Had-to-be-able-to-read-and-understand-concept-of-a-cipher-
! Two-common-approaches:-
! Subs5tu5on-Ciphers-
! Subs5tute-a-plain-text-character-for-a-cipher-text-character,-e.g.-Caesar-Cipher-
! Goal-is-to-confuse-cryptanalyst-by-hiding-paKerns-
! Transposi5on-Cipher-
! Rearrange-message-characters--
! Goal-is-to-diffuse
11
Autumn-2014Computer-Security-&-Forensics
Subs5tu5on-Ciphers
! -Subs5tu5on-ciphers-work-by-replacing-each-plain-text-character-with-a-cipher-
text-character-in-a-systema5c-way-
! A-table-or-list-of-character-mappings-is-created-which-instructs-the-coder-on-
which-character-to-use-to-subs5tute-for-a-plain-text-character-
! Early-forms-of-subs5tu5on-cipher-would-always-replace-a-given-plain-text-character-
with-the-same-cipher-text-character-
! For-example,-in-the-Caesar-cipher,-an-‘s’-is-always-changed-to-a-‘v’-
! -<v,h,f,u,h,w,v>-=-E(<s,e,c,r,e,t,s>)-
! Even-if-your-subs5tu5on-table-is-more-irregular,-paKerns-can-be-determined-in-the-
cipher-text
12
Autumn-2014Computer-Security-&-Forensics
Subs5tu5on-Cipher-–-Example
! Take-the-following-randomised-
subs5tu5on-table-and-the-plain-text:-
! the-cat-sat-on-the-mat-
! It-produces-a-cipher-text-of:-
! FTM-VSF-ASF-NX-FTM-RSF--
! What-do-you-no5ce-about-paKerns-in-the-
cipher-text?
P C P C
a S n X
b W o N
c V p J
d Q q E
e M r K
f Y s A
g B t F
h T u L
i P v Z
j U w D
k H x C
l I y G
m R z O
t h e c a t s a t o n t h e m a t
F T M V S F A S F N X F T M R S F
13
Autumn-2014Computer-Security-&-Forensics
Subs5tu5on-Cipher-–-Book-Cipher
! Straight-subs5tu5on-ciphers-produce-regular-paKerns-in-the-cipher-text-which-
can-be-matched-to-frequently-occuring-words-or-leKers-
! A-‘book-cipher’-provides-a-stronger-form-of-subs55on-cipher-that-can-hide-
the-regular-paKerns-
! A-phrase-from-a-book-or-some-agreed-data-source-is-aligned-with-plain-text,-and-the-
following-cipher-text-derived:-
! cn-=-(p
n-+-b
n)-%-26-
! To-decipher-the-cipher-text,-we-reverse-the-process-
! pn-=-(c
n-–-b-+-26
n)-%-26
14
Autumn-2014Computer-Security-&-Forensics
Book-Cipher-–-Encoding
Plain/text t h e c a t s a t o n t h e m a t
Book/Text a n y b o o k c a n p r o v i d e a k e y t
P# 19 7 4 2 0 19 18 0 19 14 13 19 7 4 12 0 19
B# 0 13 24 14 14 10 0 13 15 14 21 3 4 0 4 24 19
(B#/+/P#)%26 19 20 2 16 14 3 18 13 8 2 8 22 11 4 16 24 12
Cipher/text t u c q o d s n i c i w l e q y m
15
Autumn-2014Computer-Security-&-Forensics
Book-Cipher-–-Decoding
Cipher/text t u c q o d s n i c i w l e q y m
Book/Text a n y b o o k c a n p r o v i d e a k e y t
C# 19 20 2 16 14 3 18 13 8 2 8 22 11 4 16 24 12
B# 0 13 24 14 14 10 0 13 15 14 21 3 4 0 4 24 19
(C#AB#+26)%26 19 7 4 2 0 19 18 0 19 14 13 19 7 4 12 0 19
Plain/text t h e c a t s a t o n t h e m a t
16
Autumn-2014Computer-Security-&-Forensics
Transposi5on-/-Permuta5on-Ciphers
! Transposi5on-Ciphers-transpose-data-items-according-to-the-rules-of-the-
cipher-
! Aim-is-to-diffuse-message-in-cipher-such-that-no-obvious-structure-can-be-
determined-–-the-more-complex-the-cipher,-the-more-likely-this-is-to-occur-
! Common-transposi5on-ciphers-are-
! Route-Ciphers-
! Columnar-Ciphers
17
Autumn-2014Computer-Security-&-Forensics
Transposi5on-F-Route-Ciphers
! A-route-cipher-lays-the-message-data-out-in-a-grid,-
then-traverses-it-in-a-specified-route-–-the-cipher-is-
the-route-to-take-
! A-reverse-route-does-not-take-long-to-solve...-
! <s,t,e,r,c,e,s>-=-E(<s,e,c,r,e,t,s>)-
! What-route-has-been-used-to-encode-the-message-on-
the-right-if-the-following-cipher-text-is-obtained?-
! xieeigreedhhhsleKlbhteonmrl
t h e r
e b e g
o l d i
n t h e
m t h e
r e h i
l l s x
18
Autumn-2014Computer-Security-&-Forensics
Transposi5on-–-Columnar-Cipher
! Columnar-ciphers-are-specialised-forms-of-route-cipher-
where-we-read-columns-in-an-order-determined-from-a-key-
(SinC,-p55)-
! For-example,-to-encrypt-the-plain-text-‘there,be,gold’-with-the-key-‘shoe’-! Count-leKers-in-key-‘shoe’-–-4-! Arrange-leKers-in-4x4-grid,-padding-out-with-rarely-used-leKers-
! Label-columns-with-key-leKers-
! Read-off-grid-columns-in-alphabe5c-order-of-key-leKers-
! Column-‘e’-then-‘h’-then-‘o’-then-‘s’-
! Result:,relyh7g7eboxte7d
s h o e
t h e r
e F b e
F g o l
d F x y
19
Autumn-2014Computer-Security-&-Forensics
Transposi5on-–-Columnar-Cipher
! To-extract-the-plain-text-from-the-cipher-text-‘relyh7g7eboxte7d’,-we-reverse-the-process:-
! Count-leKers-in-key-‘shoe’-–-4-! Create-a-4x4-grid-with-the-key-leKers-from-‘shoe’-as-column-headers-
! Put-the-first-four-leKers-in-the-cipher-text-in-column-‘e’,-the-next-four-in-
column-‘h’-and-so-on--
! Now-read-off-grid-rows-in-order-
! Result:-‘there,be,gold’-! Note-that-we-would-not-normally-use-‘F’-spacers,-it-just-makes-example-
easier-to-read-in-this-case-
! You-could-use-two-keys-to-give-different-column-and-row-dimensions-
! If-not,-it’s-easy-to-work-out-grid-dimensions-then-try-moving-columns-
about-un5l-you-get-sensible-words-to-appear-
! Repea5ng-process-on-first-stage-cipher-text-with-another-key-makes-it-
much-harder-to-break-but-also-longer-to-decipher
s h o e
t h e r
e F b e
F g o l
d F x y
20
Autumn-2014Computer-Security-&-Forensics
AKacks-F-Cryptanalysis
! We-will-now-consider-cryptanalysis-–-the-process-of-breaking-ciphers-
! Methods:-
! Break-a-given-cipherFtext-to-decode-a-message-
! Recognise-a-general-paKern-allowing-all-messages-to-be-deciphered-
! Infer-meaning-by-no5ng-communica5on-paKerns-rather-than-content-
! Determine-the-key-and-algorithm,-thus-nega5ng-the-encryp5on-method-
! Determine-if-poor-use-is-made-of-encryp5on-method,--
! e.g.-repeated-use-of-a-one-5me-pad-or-repe55on-at-the-start-of-a-message-
! Find-mathema5cal--weaknesses-in-the-encryp5on-algorithm-and-exploit-them
21
Autumn-2014Computer-Security-&-Forensics
Breakable-Encryp5on
! An-algorithm-is-theore9cally,breakable-if-! A-cryptanalyst-could-determine-cipher-text-given-sufficient-9me,and-data-by-working-through-all-the-op5ons-
and-checking-which-appear-valid-
! For-example-
! Consider-two-messages-encoded-using-only-lowercase-alphabe5c-characters-and-a-computer-able-to-
generate-each-poten5al-solu5on-at-the-rate-of-1,000,000-a-second-(106)-
! Message-one:-3-characters-long,-263-(17576)-possible-plaintext-equivalents-which-could-be-generated-
in-approximately-0.02-seconds-
! Message-two:-30-characters-long,-10-5mes-as-many-characters-but-2630--(2.8-x-1042)-permuta5ons-
which-would-take-us-2.8-x-1036-seconds-(8.92-x-1028-years)-to-generate-all-the-solu5ons-
! We-s5ll-need-to-check-each-paKern-to-see-if-it-makes-sense...-
! Would-a-faster-computer-help?-
! If-the-algorithm-is-suitably-hard,-it-is-prac9cally,unbreakable-
! A-cryptanalyst-will-try-to-avoid-breaking-the-algorithm-the-hard-way...
22
Autumn-2014Computer-Security-&-Forensics
AKacks
! The-type-of-aKack-used-to-break-a-cipher-depends-upon-its-type:-
! Symmetric-
! Brute-force-–-see-previous-
! Look-for-paKerns--
! Asymmetric-
! Algorithm-is-frequently-known-
! The-challenge-is-to-determine-the-key-
! This-is-mathema5cally-challenging-–-see-Chapter-12,-SiC
23
Autumn-2014Computer-Security-&-Forensics
Looking-for-PaKerns
! Given-sufficient-cipher-text,-a-straight-subs5tu5on-cipher-is-easy-to-break-
! Look-for-frequent-paKerns-that-can-be-matched-to-common-language-traits-
! The-longer-the-text,-the-more-likely-these-frequencies-will-match-
! LeKers-(Source-F-Oxford-English-Dic5onary),-columns-are-leKer,-frequency,-distribu5on-
rela5ve-to-Q-(e.g.-E-occurs-56.88-5mes-more-than-Q).
E// 11.16% 56.88 C/ 4.54% 23.13 Y/ 1.78% 9.06
A/ 8.5% 43.31 U/ 3.63% 18.51 W/ 1.29% 6.57
R/ 7.58% 38.64 D/ 3.38% 17.25 K/ 1.1% 5.61
I/ 7.54% 38.45 P/ 3.17% 16.14 V/ 1.01% 5.13
O/ 7.16% 36.51 M// 3.01% 15.36 X/ 0.29% 1.48
T/ 6.95% 35.43 H/ 3% 15.31 Z/ 0.27% 1.39
N/ 6.65% 33.92 G/ 2.47% 12.59 J/ 0.2% 1
S/ 5.74% 29.23 B/ 2.07% 10.56 Q/ 0.2% 1
L/ 5.49% 27.98 F/ 1.81% 9.24
24
Autumn-2014Computer-Security-&-Forensics
Looking-for-PaKerns-F-Words
! Certain-words-are-more-frequent-than-others-
! the,-is-
! of,-and,-a,-in,-that,-have,-I,-it,-for,-be,-not,-with,-he,-as-
! do,-at,-this-
! his,-by,-from-
! her,-say---
! Source-F-Oxford-English-Dic5onary-
! If-certain-paKerns-occur-in-the-cipher-text-according-to-the-above-ranking,-a-cryptanalyst-can-try-a-small-subset-
of-subs5tu5ons-to-see-if-they-make-sense-
! Once-certain-word-and-leKer-subs5tu5ons-are-worked-out,-they-can-be-‘crossed-off’-the-check-list,-thus-
reducing-the-search-space-
! Once-matches-are-made,-they-provide-clues-to-the-likely-subs5tu5on-algorithm-
! One-5me-pads-and-book-ciphers-remove-the-regularity-and-are-much-harder-to-break
25
Autumn-2014Computer-Security-&-Forensics
Making-Ciphers-F-Shannon’s-Rules
! Claude-Shannon-proposed-some--key-features-of-good-ciphers-
! Required-secrecy-should-determine-effort-involved-in-encryp5on/decryp5on-
! Depending-upon-context,-a-simple-cipher-may-be-more-relevant-than-a-5me-
consuming-and-complex-one-
! The-set-of-possible-keys-should-be-simple-and-rela5vely-unrestricted-
! The-key-should-not-have-to-be-carefully-chosen-to-work-with-the-cipher-text-
! The-implementa5on-of-the-encryp5on-algorithm-should-be-as-simple-as-is-
prac5cable
26
Autumn-2014Computer-Security-&-Forensics
Making-Ciphers-F-Shannon’s-Rules
! Errors-introduced-in-the-cipher-process-should-not-propagate-and-corrupt-the-rest-
of-the-message-
! The-size-of-the-cipher-text-should-not-be-larger-than-the-plaintext-
! A-larger-cipher-text-does-not-convey-any-further-informa5on-
! The-more-cipher-text,-the-more-data-available-to-the-cryptanalyst-
!! The-advent-of-powerful-computers/grids-has-negated-some-of-these-issues-but-
there-are-cases-where-they-remain-relevant
27
Autumn-2014Computer-Security-&-Forensics
Making-Ciphers-F-Stream-&-Block-Ciphers
! There-are-two-common-form-of-ciphers-:-stream-and-block--
! Stream-Ciphers-
! Encipher-plainFtext-one-character-at-a-5me-as-it-is-received-F-e.g.-subs5tu5on-cipher-
! Does-not-require-complete-message-before-encryp5on-process-can-begin-
! Useful-for-telecommunica5ons-where-‘stream’-of-data-is-sent-
! Block-Ciphers-
! Block-ciphers-encipher-blocks-of-plain-text-at-a-5me-F-e.g.-route-cipher-
! Requires-data-to-be-collated-together-in-chunks-
! Some-block-ciphers-require-complete-message-before-encryp5on-can-proceed-
! Block-ciphers-can-make-it-harder-to-break-a-cipher-since-paKerns-in-plain-text-are-lost-
28
Autumn-2014Computer-Security-&-Forensics
Making-Ciphers-F-Confusing-versus-Diffusing
! Encryp5on-algorithms-aim-to-confuse-a-cryptanalyst-and-diffuse-the-plaintext-informa5on-
throughout-the-cipher-text-
! Confusion-
! Changing-one-plain-text-leKer-should-not-enable-a-cryptanalyst-to-determine-the-effect-on-the-cipher-text-
! Straight-subs5tu5on-ciphers-are-not-confusing-F-an-immediate-one-to-one-rela5onship-is-evident-
! OneF5me-pads/book-ciphers-will-confuse-since-there-is-not-a-one-to-one-rela5onship-between-plaintext-
characters-and-their-eventual-cipher-text-equivalent-
! Diffusion-
! Diffusion-aims-to-spread-the-plaintext-informa5on-throughout-the-cipher-text-such-that-adjacency-paKerns-
are-not-obvious-(or-present)-
! The-more-diffusion-created-by-the-cipher,-the-more-of-the-cipher-text-that-will-be-needed-to-break-it
29
Autumn-2014Computer-Security-&-Forensics
Stream-vs-Block-:-Confusion-&-Diffusion
Stream Block
AdvantagesSpeed-
Low-error-propaga5onStrong-diffusion
Disadvantages Weak/No-diffusion
Rela5vely-slow-
Suscep5ble-to-error-
propaga5on
30
Autumn-2014Computer-Security-&-Forensics
Using-Encryp5on-Algorithms
! Commercial-Encryp5on-
! Hash-Func5ons-
! Key-Exchange-
! Digital-Signatures-
! Cer5ficates-
! Trust
31
Autumn-2014Computer-Security-&-Forensics
Commercial-Encryp5on
! Commercial-grade-encryp5on-systems-should:-
! Be-derived-from-solid-mathema5cal-principles-
! Analysed-and-tested-by-experts-–-peer-reviewed-
! Withstand-repeated-real-world-use-
! You-don’t-want-to-be-the-‘enthusias5c-adopter’-when-security-is-at-stake-
! Commercial-/-government-approaches-to-security-tend-to-be-very-conserva5ve-
! Current-‘commercial-grade’-encryp5on-algorithms-
! DES-–-Data-Encryp5on-Standard-
! RSA-–-RivestFShamirFAdelman-
! AES-–-Advanced-Encryp5on-Standard
32
Autumn-2014Computer-Security-&-Forensics
Data-Encryp5on-Standard--F-DES
! DES-F-Symmetric-key-cipher-(private-key)-
! Method-
! Applies-16-itera5ons-of-subs5tu5on-and-diffusion-
! Uses-standard-arithme5c-and-logical-operators-
! Plaintext-can-be-values-requiring--up-to-64-bits--to-encode-them-
! Suitable-for-opera5on-on-a-standard-PC-or-chip-
! Effec5vely-weak-56-bit-key-
! See-SiC,-p68F72-&-p733F748
33
Autumn-2014Computer-Security-&-Forensics
RivestFShamirFAdelman--F-RSA
! RSA-F-Asymmetric-cipher,-public-&-private-keys-
! Designed-by-Ron-Rivest,-Adi-Shamir-and-Leonard-Adleman-
! Published-in-1978,-s5ll-regarded-as-secure-despite-many-aKempts-to-break-it-
! P-=-E(D(P,K1),K2)-=-D(E(P,K2),K1)-F-either-key-can-be-used-as-public-or-private-key-
! Plaintext-block-P-is-encoded-
! C-=-E(P)-=-Pe-mod-n--
! P-=-D(C)-=-(Pe)d-mod-n-
! e-and-d-are-the-keys-
! The-trick-is-working-out-d,given-e,
! U5lises-factoring-of-large-prime-numbers-to-prevent-cracking-
34
Autumn-2014Computer-Security-&-Forensics
Advanced-Encryp5on-Standard--F-AES
! AES-F-Symmetric-(private-key)-
! Fast-
! Subs5tu5on-and-Transposi5on-
! Repeat-cycles-of-10,12,14-
! Key-length-of-128,192-&-256-bits-
! Algorithm-permits-extension-to-more-cycles-and-larger-keys-
! Cycle-steps-
! 128-bit-blocks-use-8-bit-subs5tu5ons-F-diffuses-data-
! Logical-shi{-F-creates-a-transposi5on-
! Shi{-and-Exclusive-Or-F-adds-both-confusion-and-diffusion-
! Add-sub-key-element-F-adds-confusion-and-introduces-key-binding-
! See-SiC,-p72F75-and-p748F754
35
Autumn-2014Computer-Security-&-Forensics
Cryptographic-Hash-Func5ons-
! It-was-previously-noted-that-encrypted-data-
can-be-5ed-to-a-unique-‘seal’-or-checksum-
! This-seal-will-not-match-if-the-data-has-been-
altered,since-the-key-was-made-–--
1. Sally-generates-a-checksum-which-uniquely-
iden5fies-data-
2. She-sends-the-data-and-its-checksum-
3. Rob-can-check-that-the-received-data-
generates-the--same-checksum-that-Sally-
sent-
4. If-Eve-wants-to-alter-the-data,-she-would-
need-to-make-sure-it-generated-the-same-
checksum-that-Sally-published-
5. If-the-data-has-been-altered,-integrity-is-lost-
and-the-checksums-will-not-match
5
Eve4
Rob
3
Sally
1
2
36
Autumn-2014Computer-Security-&-Forensics
Cryptographic-Hash-Func5ons
! Hash-/-checksum-func5ons-are-based-on-oneFway-func5ons-
! One-way-func5ons-are-easy-to-compute-in-one-direc5on-but-not-in-their-inverse-direc5on-
! Consider-y=x3,-if-x=2,-y=?-
! If-you-knew-that-y=27,-what-is-x?-
! A-one-way-hash-of-a-message-is-quickly-computed-and-provides-a-‘seal’-for-the-message-
! Because-it-is-very-difficult-to-work-back-the-way,-it-is-extremely-hard-to-work-out-how-to-adjust-the-message-and-s5ll-get-the-
same-‘seal’-
! DES-and-AES-allow-for-the-addi5on-of-this-checksum-to-the-end-of-the-encrypted-message-
! Not-only-is-the-message-encrypted,-it-also-has-a-check-at-the-end-to-indicate-whether-it-has-been-tampered-with-
! Message-Digest-5-(MD5)-and-Secure-Hash-Algorithm-(SHA)-are-popular-cryptographic-hash-func5ons-
! MD5-produces-a-128-bit-signature-or-digest-for-any-given-message-
! SHA-produces-a-160-bit-digest-
! MD5-is-regarded-as-rela5vely-weak-and-can-be-cracked-given-sufficient-5me-and-compu5ng-power-
37
Autumn-2014Computer-Security-&-Forensics
Public-Key-Encryp5on-&-Key-Exchange
! Asymmetric-keys-enable-a-receiver-R-to-ask-a-sender-S-to-send-a-message-that-
only-R-is-able-to-decode,-even-though-R-has-published-an-encryp5on-key-
! What-if-you-wish-to-establish-a-trusted-two-way-communica5on-process?-
! You-want-to-communicate-but-want-to-guarantee-messages-are-coming-from-the-
correct-person-
! e.g.-secure-web-site,-secure-emails,-secure-networking-
! We-cannot-use-a-symmetric-key-approach-since-it-would-involve-publishing-this-
private-key-in-order-for-communica5on-to-occur-
! We-need-two-sets-of-public-and-private-keys-
! SkFpriv,-SkFpub,-RkFpriv,-RkFpub-
38
Autumn-2014Computer-Security-&-Forensics
Key-Exchange-F-Process
! S-uses-private-key-SkFpriv--to-encrypt-plaintext-message-P,-producing-cipher-text-CS--
! CS-can-be-only-be-decrypted-with-S’s-public-key-(SkFpub),-proving-S-sent-P-
! S-encrypts-CS-with-R’s-public-key-RkFpub-to-produce-a-double-encrypted-cipher-text-message-CSR--
! Only-R-can-decrypt-CSR-since-R’s-private-key-(RkFpriv)-is-the-only-way-it-can-be-unlocked-
! S-sends-CSR-to-the-receiver-R-F-this-message-is-secure-since-only-R-can-decrypt-it-
! R-uses-own-private-key-(RkFpriv)to-decrypt-CSR-into-CS--F-note-CS-is-s5ll-encrypted-
! R-then-uses-S’s-public-key-SkFpub-to-decrypt-CS-to-produce-P-
! This-achieves-secure-communica5on-via-CSR-and-authen5ca5on-since-only-S-could-create-CS-and-only-R-
can-open-CSR--
! h=ps-uses-this-approach-to-enable-communica5on-between-a-secure-web-site-and-a-browser
39
Autumn-2014Computer-Security-&-Forensics
Digital-Signatures
! Digital-Signatures-are-used-to-determine-that-a-par5cular-person/company-sent-a-
message.-Digital-signatures-need-to-be:-
! Unique-
! It-should-not-be-possible-to-forge-someone-else’s-signature-
! Authen5c--
! The-sender-S-should-be-the-only-en5ty-able-to-send-a-given-signed-message-
! Immutable-
! It-should-not-be-possible-for-the-sender-S-or-the-receiver-R-to-change-the-message-once-it-is-
signed-
! Finite-
! The-sender-should-not-be-able-send-the-same-message-again-(e.g.-try-to-cash-a-digital-check-
twice).
40
Autumn-2014Computer-Security-&-Forensics
Digital-Signatures-F-Method
! Asymmetric-Digital-Signatures-rely-on-the-fact-that-algorithms-such-as-RSA-are-
commuta5ve-
! P-=-E(E(P,K1),K2)-=-E(E(P,K2),K1)-
! Process-
! S-sends-a-cipher-text-version-of-a-message-P-such-that-C-=-E(P,KsFpriv)-
! R-performs-the-opera5on-P-=-E(C,KsFpub)-
! This-is-equivalent-to--E(E(P,KsFpriv),KsFpub)-
! If-this-opera5on-does-not-work-(the-retrieved-P-is-nonsense),-then-the-signing-of-the-
message-by-S-is-not-valid-since-the-commuta5ve-rela5onship-did-not-hold
41
Autumn-2014Computer-Security-&-Forensics
Digital-Signatures-F-Checklist
! Unique-
! For-any-given-message-P-and-private-key-KsFpriv,-there-should-only-be-one-unique-C-
! Authen5c--
! Only-S-is-able-to-‘sign’-the-message-with-their-private-key-to-create-this-matching-rela5onship--C-=-E(P,KsFpriv)--
! Immutable-
! Since-any-change-to-P-would-break-the-rela5onship-with-the-recorded-cipher-text-C,-the-recorded-message-P-
cannot-be-changed-by-either-party-otherwise-a-different-C-would-be-produced-
! Finite-
! If-S-tries-to-send-C-again,-R-can-check-it-against-their-records-and-show-that-it-has-already-been-received-
! S-cannot-deny-this-since-they-are-the-only-one-able-to-generate-the-message-that-R-has-on-record
42
Autumn-2014Computer-Security-&-Forensics
Cer5fica5on-of-Digital-Signature
! Developer-
! Generates-there-own-public/private-key-pair-
! Creates-a-Cer5ficate-Signing-Request-(CSR)-containing-ID-and-public-key-
! Private-key-used-to-sign-request-
! Sends-CSR-to-Cer5ficate-Authority-(CA)-
! Cer5ficate-Authority-
! Checks-integrity-of-CSR-
! Checks-authen5city-of-CSR-ID-
! CA-creates-a-cer5ficate-containing-iden5ty-and-signed-via-CA-private-key-
! CS-public-key-is-available-allowing-CA-signature-to-be-checked-via-decryp5on
43
Autumn-2014Computer-Security-&-Forensics
Cer5fica5on-Process
! Developer-publishes-an-applica5on-(e.g.-web-or-PDA-app)-
! Signs-it-with-their-private-key-and-provides-CA-signed-cer5ficate-as-verifica5on-
! The-developer’s-public-key-verifies-the-app,-the-CA’s-public-key-decrypts-the-
cer5ficate-and-indicates-that-the-developer’s-iden5ty-is-valid
44
Autumn-2014Computer-Security-&-Forensics
Cer5ficates-&-Cer5ficate-Authori5es
! Digital-cer5ficates-are-used-to-enable-trust-to-
be-established-between-two-par5es-who-
have-never-met-but-wish-to-exchange-
informa5on-securely-
! Principle-is-based-on-a-a-hierarchy-of-trusted-
third-par5es-or-‘Cer5ficate-Authori5es’-
! Each-party-uses-the-authority-above-them-to-
determine-if-they-can-trust-the-other-
! The-requests-are-traced-up-the-tree-un5l-a-
common-trusted-connec5on-is-found-(or-not)-
! For-example,-A-establishes-trust-between-C-&-E
A
B D
C E
45
Autumn-2014Computer-Security-&-Forensics
Cer5ficates-F-Process
! The-actual-process-works-in-reverse,-where-each-parent-node-in-the-tree-vouches-for-the-node-directly-
below-it-
! Each-node-collects-a-cer5ficate-chain-for-all-the-nodes-above-it-
! If-trust-needs-to-be-established,-two-people-can-check-their-cer5ficate-list-to-determine-if-there-is-a-common,-trusted-
connec5on-
! Once-the-common-link-is-found,-the-rest-of-the-chain-can-be-crossFchecked-to-ensure-it-matches-all-the-way-to-the-top-
! For-any-given-en5ty-in-the-chain-
! Their-public-key-and-iden5ty-are-combined-in-a-cer5ficate-which-is-then-digitally-signed-by-the-authority-above-them-
and-passed-up-to-the-next-parent-authority-and-signed-again-
! The-final-cer5ficate-is-composed-of-all-the-appended-cer5ficates-of-the-parent-authori5es-plus-the-original-cer5ficate-
! Just-one-problem-F-who-vouches-for-the-authority-at-the-top-given-the-internet-is-a-distributed-organisa5on-
! Mul5ple-tops!
46
Autumn-2014Computer-Security-&-Forensics
• Using-Encryp5on-
•Commercial-Encryp5on-
•Cryptographic-Hash-Func5ons-
•Public-Key-Encryp5on-
•Digital-Signatures-
•Cer5ficates
Summary
! Symmetric-&-Asymmetric-Encryp5on-
! Cryptographic-Algorithms-
! Cryptographic-AKacks-
! Crea5ng-Encryp5on-Algorithms
47
Autumn-2014Computer-Security-&-Forensics
Further-Reading
! Security-in-Compu5ng,-Chapters-2-&-12-
! The-Code-Book,-Simon-Singh
48