Cryptography, Summaries of Cryptography and System Security

Download Cryptography and more Summaries Cryptography and System Security in PDF only on Docsity! Cryptography Cryptography comes from the two Greek words meaning “secret writing” and and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. Basically, what we have is Def: A cryptosystem is a 5-tuple (E, D, M, K, C), where M is the set of plaintexts, K is the set of keys, C is the set of ciphertexts, E: M K C is the set of enciphering functions, and D: C K M is the set of deciphering functions A classical example of a cryptosystem is the Caesar cipher where letters in the plaintext are shifted to get the ciphertext. Suppose that we have the message “GO CLEMSON”, and we want to encrypt that message using the Caesar cipher. Our key might be 2. The plaintext “GO CLEMSON” would turn into the ciphertext “IQ ENGOUQP”. Our cryptosystem would be: M = { all sequences of letters } K = { integers from 1 to 25 } C = { all sequences of letters } E = { Ek | k K and m M Ek(m) = (m+k) mod 26 } D = { Dk | k K and c C Dk(c) = (26+c-k) mod 26 } The goal of cryptography is to keep enciphered information secret. We assume that an adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that the adversary knows the algorithm used to encipher the plain text. The adversary does not know the specific cryptographic key. Hence, D and E are known. Key Dates 800 AD Al-Kindi, an Arab scholar and mathematician living in Baghdad, writes Manuscript for Deciphering Cryptographic Messages. It has the first known description of frequency analysis and other cryptanalysis techniques. 1586 Thomas Phelippes uses frequency analysis to decrypt messages between Mary I of Scotland and conspirators against Elizabeth I of England. Mary and the conspirators are all executed. 1918 Major Joseph O. Mauborgne of the U.S. Army and Gilbert Vernam of AT&T Bell Laboratories invent the one-time pad, in which the random, secret key is as long as the message itself and is only ever used once. 1944 At Bietchley Park in England, Colossus (the first vacuum-tube-based, programmable computing machine) decrypts German High Command messages, providing invaluable information prior to the D-day invasion of Normandy. 1945 Claude Shannon of AT&T Bell Laboratories proves that the one-time pad is unbreakable even against an adversary with unlimited computational power. This definition of secrecy is so strong, however, that he also proves that the one-time pad is the only possible cryptosystem satisfying it. 1976 Whitfield Diffie and Martin E. Hellman, both at Stanford University, propose public-key encryption and authentication. 1977 Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman, all at the Massachusetts Institute of Technology, construct the first public-key cryptosystem, the RSA algorithm. August 1977 In Martin Gardner’s Scientific American column, Rivest et al. challenge readers to decrypt a message encrypted by the RSA algorithm with a 129-digit key (RSA-129). They estimate that doing so may take 40 quadrillion years. 1982 Shafi Goldwasser and Silvio Micali, then PhD students at the University of California, Berkeley, developed the definitional foundations of modern cryptography, including a practical definition of security. 1985 Goldwasser, Micali, and Charles Rackoff of the University of Toronto invent zero-knowledge proofs. A year late Oded Goldrecih of Technion Israel Institute of Technology in Haifa, Avi Wigderson of the Hebrew University of Jerusalem, and Micali devise the zero-knowledge proof for graph three- colorability 1987 Goldreich, Wigderson, and Micali construct protocols for multiparty computation, or secure function evaluation, building on a two-party protocol developed by Andrew C. Yao of Princeton University. 1994 Netscape Communications releases the Secure Sockets Layer protocol, which employs public-key encryption to provide security for transaction on the World Wide Web. 1994 Arjen K. Lenstra of Bell Communications Research and more than 600 volunteers on the internet, using about 1,600 computers running recently developed factoring algorithms, take eight months to factor RSA-129. They reveal the message, “THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE.” 2008 An RSA key of recommended length (2,048) would take more than a quadrillion years to break on a modern PC. Rail Fence Cipher P: H E L L O W O R L D H L W L E O O D L R C: H L W L E O O D L R Susceptible to a frequency of occurrence to discover the transposition Substitution Cipher A substitution cipher changes the characters in the plaintext to produce the ciphertext. The Caesar cipher is an example of a substitution cipher and is shown below. Caesar Cipher The idea again with the Caesar cipher is to shift letters n characters with wrap around. ABCDEFGHIJKLMNOPQRSTUVWXYZ Let’s do a 4 shift P H E L L O C L I P P S P = C = { all sequences of letters } K = { I | I is an integer o I 25 } E = { Ek | k K and p P, Ek(p) = (p + k) mod 26 } D = { Dk | k K and c C, Dk(p) = (26 + c - k) mod 26 } Caesar ciphers are susceptible to statistical attacks. Good Cipher Characteristics In 1949 Shannon proposed the following characteristics for a good cipher: 1. The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption This is just common sense in that why spend tons of money on protecting something that has little value? 2. The set of keys and the enciphering algorithm should be free from complexity This implies that we should restrict neither the choice of keys nor the types of plaintext on which the algorithms can work. If the process is too complex, it will not be used. Furthermore, the key must be transmitted, stored, and remembered, so it must be short. 3. The implementation of the process should be as simple as possible. This principle reflects the date when the characteristics were proposed. It references a hand implementation of an encryption algorithm. Today with the computational power that we have, we have very complex encryption algorithms. Still keeping it as simple as possible is a good idea. 4. Errors in ciphering should not propagate and cause corruption of further information in the message. Principle 4 acknowledges that there are errors in the enciphering process, errors in computing, transmission, or human entry. One early error in the process should not throw off the entire remaining cipher. 5. The size of the enciphered text should be no larger than the text of the original message. A ciphertext that expands dramatically in size cannot possibly carry more information than the plaintext, yet it gives the cryptanalyst more data from which to infer a pattern. Also a longer ciphertext implies more space for storage and more time to communicate. Properties of Trustworthy Encryption Systems 1. It is based on sound mathematics Good cryptographic algorithms are not just invented. They are derived from solid principles. 2. It has been analyzed by competent experts and found to be sound Even the best cryptographic experts can think of only so many possible attacks. The developers may become too convinced of the strength of their own algorithm. A review by critical outside experts is essential. 3. It has stood the “test of time”. As a new algorithm gains popularity, people continue to review both its mathematical foundations and the way that it builds upon those foundations. Although a long period of successful use and analysis is not a guarantee of a good algorithm, the flaws in many algorithms are discovered relative soon after their release. We will be talking about several commercial grade data encryption algorithms later. Three algorithms are popular in the commercial world, namely DES (data encryption standard), RSA (Rivest-Shamir-Adelman), and AES (advanced encryption standard). The table below compares the symmetric and public key approaches to encryption. Symmetric Key Public (Asymmetric) Key Number of Keys 1 2 Protection of Key Must be kept secret One key must be kept secret; the other can be freely exposed Best Uses Cryptographic workhorse; secrecy and integrity of data – single characters to blocks of data, messages, files Key exchange, authentication Key Distribution Must be out-of-band Public key can be used to distribute other keys Speed Fast Slow; typically, 10,000 times slower than symmetric key Data & Origin Authentication Sender encrypts with her private key. Receiver decrypts with the sender’s public key. Alice encrypts with her private key. Only she knows her private key. Bob decrypts with Alice’s public key and knows that the message is authenticate because only Alice knows her private key. Therefore, the message has been authenticated as being sent by Alice. Confidentiality and Authentication Sender encrypts sender’s private key and recipient’s public key Alice encrypts with her private key and again with Bob’s public key C = (KBPub, ( KAPri, P)) Bob decrypts with his private key and Alice’s public key. P = (KAPub, (KBPri, C)) Note: In practice n is very large ~ 1024, 2048, or 4096 bytes Note: Symmetric encryption is the work horse x Very fast Addition, Xor, substitution, shifting Public Key Encryption is used for special applications 10,000x slow multiplication, division