Cryptography - ::.Fix IT for Me.Net | Computer Service.::



Cryptography

Block Cipher – Breaks the plaintext into blocks and encrypts each with the same algorithm

Cipher – Cryptographic transformation operates on the characters or bites

Ciphertext or Cryptogram – unintelligible message

Clustering – plaintext message generates identical ciphertext using the same algorithm but different keys

Codes – A cryptographic transformation that operates at the word or phrase level

Cryptanalysis – act of obtaining plaintext or key from ciphertext. It is used to obtain valuable information and to pass on altered or fake messages in order to deceive the original intended recipient.

Cryptographic Algorithm – Step-by-step procedure used to encipher plaintext and decipher ciphertext

Cryptography – Art and Science of hiding the meaning of communication

Cryptology – encompasses cryptography and cryptanalysis

Cryptosystem – set of transformations from message space to ciphertext space; A strong cryptosystem has a large keyspace (entire keyspace to choose the values from) . It has a reasonably large unicity distance. A system that provides encryption and decryption.

Strength of cryptosystem: An algorithm with no flaws, a large key, using all possible values within a key space and protecting the actual key are important elements of encryption. If one is weak it affects the whole process.

Cryptoperiod: period for which the same is used.

Decipher - to undo cipherment process

Encipher – to make a message unintelligible to all except recipient

End-to-end encryption – Encrypted information that is send from sender to receiver. End-to-end encryption: refers to the protection of data from the originating host all the way to the final destination host with no unprotected transmission points. In a complex environment, end to end encryption is provided at the presentation or application layer.

Encryption (Encipher) is the transformation of data into a form that is as close to impossible as possible to read with out the appropriate knowledge (a key). Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data.

Decryption (Decipher) is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.

Exclusive Or

n Boolean Operation

n Indicated by XOR

n Indicated by symbol [pic]

n Easily implemented in hardware

n 0+0=0, 0+1=1, 1+1=0, 1+1=0

|Input A |Input B |Output T |

|0 |0 |0 |

|0 |1 |1 |

|1 |0 |1 |

|1 |1 |0 |

n XOR operated on the bit level

n XOR the plain text (byte level) with the keystream source

n Can be reversed by simple XOR of output plus keystream.

n A XOR B = T

n T XOR B = A

Key – cryptovariable

n Information or sequence that controls enciphering and deciphering of message

Plaintext – a message in clear text

Steganogrophy

n Secret communication of a message where communication is hidden

n Example – least significant bit of each pixel in an image file contains bit of a message.

n Hiding the existence of the message.

n A digital watermark would be used to detect copying of digital images

Work Function (Factor)

n Difficulty in recovering plain text from ciphertext as a factor if time and cost

n Systems security is directly proportional to the work function

n Work function should be commensurate with the value of the data

Security of cryptosystem should depend ONLY on the secrecy of keys and not on algorithm

History of Cryptography

Traced back to the Egyptians in 3000B.C.

Scytale

n used by Spartans in 400B.C. – wrap message around wooden dowel

n diameter and length are the keys to the cipher.

Caesar cipher

n Monoalphabetic substitution – only used one alphabet

n Specifically - Involved shifting the alphabet three letters

n Known as C3 (Caesar shift 3 places)

Cipher Disks

n Two concentric disks with letters on the edge

n Can be used to match up letters

Arabs invented cryptanalysis

n Arab philosopher al-Kindi wrote Manuscript on Deciphering Cryptographic Messages

Thomas Jefferson - disks

n 1790 developed device with 26 disks that could be rotated individually

n Message would assembled by lining up the disks to the alignment bar

n Then the bar was rotated a given angle and the resulting letters were the cipher text

n The angle of rotation of the alignment bar was the key

Disks used extensively during the civil war

UNIX – ROT13 shift the alphabet 13 places

Hagelin Machine

n Developed in 1920 by Boris Hagelin – Stockholm Sweden

n Known as the M-209 in the US

1920’a Herbert O. Yardley was in charge of U.S. MI-8 (a.k.a. the Black Chamber)

n Cracked codes of a number of Nations

n Gave U.S edge in Japanese negotiations in 1921-1922

n U.S. State Department shut down MI-8

n Upset, Yardley published book The American Black Chamber 1931

n Japanese got new codes

n Yardley is father of American Cryptology

William Frederick Frederick published the Index of coincidence and its applications in cryptography. He is referred to as the “father of modern cryptography”.

Japanese Purple Machine

After Yardley William Friedman resumed cryptanalysis for U.S. Army

Broke the new Japanese cipher.

U.S. Navy broke the Purple Machine naval codes during World War II

German Enigma Machine

n Polyalphabetic substitution cipher - using mechanical rotors

n Developed in 1919 by Dutchman Arthur Scherbius obtained US Patent for Berlin firm

n Polish cryptanalyst broke the three-ring system with card file of all 6 x 17,576 possible rotor positions

n 1938 German went to six rings

n In 1938 Poles and French developed the “Bombe” there own Enigma machine

n British took over in 1940 and by 1943 British and US had high speed “bombe”

n Disks have 26 contacts on each side, to communicate with each neighboring disk one of them makes contact with the other disk

n Also rotates the disks after encryption of each letter

n Rotates next highest rotor like a “gas pump” – polyalphabetic

n Other rotor machines – German Enigma, Japanese Red, Japanese Purple and American SIGABA “Big Machine”

Vigenere Polyalphabetic Cipher

n Caesar is a subset of the Vigenere Polyalphabetic Cipher

n Vigenere used 26 alphabets

n Each letter of the message corresponds to a different alphabet

n Subject to guessing the period, when the alphabet changes

Modulo returns the remainder over the modulo value

C=(M+b) mod N

Where

C = Cipher Text

M= Message

B = fixed integer

N = size of alphabet

Caesar monoalphabetic can be attacked by using frequency analysis.

Polyalphabetic cipher is accomplished through the use of multiple substitution: counters frequency analysis but can be attacked by discovery of periods.

Transposition – Permutation

n Columnar Transposition – write the message vertically and read horizontally

n Can be attacked through frequency analysis however hides the statistical properties of letter pairs such as IS and TOO.

Book or Running Key Cipher

n Using text from a book as the key and performing modulo26 addition on it.

n Would use specific line and page number

Codes - Deal with words and phrases and represent them with other numbers or letter

Identify types of Encryption systems

|Types of Cipher |Characteristcs |Problems |

|Classical substitution ciphers |Replaces bits, characters, or blocks of characters | |

| |with different bits, characters, or blocks. | |

|Transposition (permutation) |The letters of the plaintext are permuted. |Frequency analysis |

|ciphers | |But it hides the statistical |

| | |properties of letter pairs and triples|

| | |such as IS and TOO. |

|Monoalphabetic or simple |Only one alphabet was used, which are |Frequency analysis |

|substitution ciphers |monoalphabetic substitution | |

|Polyalphabetic Ciphers |Does not replace the original text with different |Counters Frequency analysis however, |

| |text but moves the original text around. Is |attacked by discovery of periods. |

| |accomplished through use of multiple substitution | |

| |ciphers | |

|Running key ciphers |Using text from a book as the key and performing |- |

| |modulo26 addition on it. | |

| |Would use specific line and page number | |

| |Does not require electronic algorithm and bit | |

| |alterations | |

|Concealment |The true letters of plaintext are hidden/disguised |- |

| |in a sentence say every third word in a sentence. | |

| |Does not require electronic algorithm and bit | |

| |alterations | |

|Digital System | | |

|Codes |Deal with words and phrases and represent them with| |

| |other numbers or letter | |

|Steganography | | |

| |Hiding the existence of the message. | |

| |A digital watermark would be used to detect | |

| |copying of digital images | |

|Machines | | |

|End-to-end encryption |Encrypted information that is send from sender to |Headers, addresses, routing and |

| |receiver |trailer information are not encrypted |

| |Protection of data from the originating host all |hence attackers can learn more about |

| |the way to the final destination host with no |capture packet |

| |unprotected transmission points. |Destination to have same encryption |

| |In a complex environment, end to end encryption is |mechanism to properly decrypt the |

| |provided at the presentation or application layer. |message. |

| |Start to finish; more flexibility; higher | |

| |granularity becos each application different key; | |

| |hop computer does not need to have key for | |

| |decryption. | |

|Link-to-link encryption : |Each entity has key in common with two neighboring |Key distribution and key management is|

| |nodes. |more complex because each hop computer|

| |Node 1 –Encrypts with key A |must receive a key and when the keys |

| |Node 2 – Decrypts with key A and encrypts with key |change each must be updated. |

| |B |Messages are decrypted at each hop |

| |Node 3 – Decrypts with Key B and encrypts with Key |thus there are more points of |

| |C |vulnerability. |

| |The term refers to the use of encryption to protect| |

| |a single segment between two physically contiguous |Both End to End and link should be |

| |nodes. It is usually a hardware device operating at|used to strengthen the process: |

| |layer 2. Such devices are used by financial firms | |

| |to protect automatic teller machines transactions. |The data is encrypted with the End to |

| |Another common form of link-to-link encryption in |End and entire packet ie header and |

| |the secure telephone unit (STU) used by the |encrypted data packet is encrypted |

| |military. |with link – great |

| |Provides data flow security since everything is | |

| |encrypted. | |

| |Users need not do anything; works at lowest layer –| |

| |physical layer | |

|One-Time pad |Vernam Cipher. |More overhead |

| |Unbreakable and each pad is used |Distribution of pad, or key can be |

| |exactly once. |challenging |

| |Truly non-repeating set of random bits that are |Perfect synchronization of timing for |

| |combined bitwise XOR with message to produce cipher|usage. |

| |text. Encryption with key K ith components k1, |Cipher |

| |k2,…kn, the encipherment uses each component of k |Long as message hence infeasible to |

| |to encrypt message M with components m1, m2,…mn. |use in all application. Not very |

| |The Key is the same length as the Message; Random |practical |

| |key | |

| |Key only used once and never again | |

| |Key must be completely random | |

| |Two identical key pads one with sender and another | |

| |with receiver | |

| |Unbreakable by exhaustive search | |

| |Relies on physical security of the pad | |

| |Used | |

| |Invented 1917 by the US Army Signal Corps and AT&T | |

|Clipper Chip |Clipper Chip – implemented in tamper proof hardware|Only 80 bit hence weak and not opened |

| |Skipjack algorithm |for testing or any proof of trying |

| | |out. |

| | |16 bit checksum can be defeated |

| | |CC id tagged and identified every |

| | |communication session. |

|Double/Triple DES | -refer above- | |

|Public Key |-refer above- | |

|RSA |-refer above- | |

|Elliptic curve |-refer above- | |

|PGP |-refer below- | |

|El Gamal |-refer above- | |

|Diffie-Hellman |-refer above- | |

|Escrowed encryption |US government clipper chip; | |

| |Allowing law enforcement to obtain the keys to view| |

| |peoples encrypted data | |

| |Escrow the key in two pieces with two trusted | |

| |escrow agents | |

| |Court order to get both pieces | |

| |Clipper Chip – implemented in tamper proof hardware| |

| |80 bit family key and 80 bit unit key ( which is to| |

| |be secret and this encrypts the session key). | |

| |Session key is used to encrypt the message. | |

| |Based on Skipjack algorithm | |

| |Key exchange through Diffie-Hellman | |

|Key Escrow |Uses public key cryptography |Criminal encryption use exists. |

| |Fair Cryptosystems – Sylvio Micali, MIT |Encryption is not regulatable outside |

| |Private key is split and distributed |the US. |

| |Can verify each portion of the key without joining.|Key recovery is expensive for both |

| |Public key is also split and sent along |government and software companies. |

| | |Escrow has not been thoroughly tested.|

| | | |

| | |Mandatory escrow can be circumvented. |

| | |There is no way to "scan" the Internet|

| | |to detect use of non-escrowed |

| | |encryption. |

| | |Escrow involves humans. |

| | |The government would hold the key to |

| | |everyone's personal data. Under |

| | |current proposed legislation, keys |

| | |would be released by a court subpoena,|

| | |not a judicial order. |

Types of Encryption

Secret Key Cryptography – Symmetric Key

n Sender and receiver both know the key

n Encrypt and decrypt with the same key

n Secret key should be changed frequently

n Requires secure distribution of keys – by alternate channel; Out of band method is used to exchange the key.

n Ideally only used once

n Secret Key Cryptosystem does have both public and private information

n Large keys like >128 bit are very hard to break

n Very fast

n Key needs to be secret.

n Sender requires different key for each receiver

n Time stamps can be associated to the key so valid only during time window (counters replay)

n Symmetric key do no Authentication or repudiation

n Best known is DES developed by IBM in 1970’s for commercial use

n Key Management: only for symmetric wide distribution of keys. Can be manual, or through link or end to end encryption and last choice is through KDC.

n Algorithm need not be secret though we need strong algorithm. Used in : low cost chip implementations which are widely available and incorporated into a number of products, because algorithm need not be secure.

The encryption scheme is computationally secure if the cipher text meets one or both criteria such as cost of breaking the cipher exceeds the value of the encrypted information and time required is more than the useful life of the data.

Public

n Algorithm for enciphering plaintext

n Possibly some plaintext and cipher text

n Possibly encipherment of chosen plaintext

Private

n The KEY

n One cryptographic transformation out of many possible transformations

Fiestal : Dr. Horst Feistel led a research project at the IBM Watson Research Lab in the 1960's which developed the Lucifer cipher. This later inspired the US DES (below) and other product ciphers, creating a family labeled ``Feistel ciphers''.

1. Higher block size it is safe but reduced speed; tradeoff 64

2. key size – higher the better ; trade off 128

3. number of rounds : higher the better typical is 16

4. subkey generation algorithm and round key function : more complex the better.

Speed is a concern if the encryption is embedded in applications which precludes the hardware hence slower; also, ease of analysis is good but DES is not done that way.

Public Key Cryptography

n Employee private and public key

n Public made available to anyone wanting to encrypt a message

n Private key is used to decrypt

n Public Key cannot decrypt the message it encrypted

n Ideally private key cannot be derived from the public key

n The other can decrypt a message encrypted by one of the keys

n Private key is kept private

n 1,000 to 10,000 times slower than secret key encryption

n Hybrids use public key to encrypt the symmetric key

n Important algorithms Diffie-Helllman RSA, El Gamal, Knapsack, Elliptic Curve

n Whitfield Diffie and Martin Hellman published ``New Directions in Cryptography'', introducing the idea of public key cryptography.

n Key management: only transcription and storage.

n Very slow, better key distribution, scalability and provide confidentiality, authentication and non-repudiation.

n In order to be useful should have a trap door, a secret mechanism that enables you to accomplish the reverse function in a ONE WAY HASH FUNCTION.

A mathematical function that is easier to compute in one direction (forward direction) than in the opposite direction (inverse direction)

Forward direction could take seconds, inverse months

‘Trap-door one way function’ is a one way function for which the inverse direction is easy given a piece of information (the trap door)

Public Key Cryptography is based on ‘trap-door one way functions’

Public key: gives info about the function

Private key: gives info about the trap door

Whoever knows the trap door (private key) can compute function easily in both directions

Under Public Key Cryptography, there are two formats:

Open message ( if authentication is more important)

▪ Sender encodes message with own private key

▪ Receiver decodes with sender's public key

Secure message format ( if confidentiality is more important)

▪ Sender encodes in the receiver’s public key.

▪ Receiver decodes with own private key

Secure & signed message

▪ Sender encodes message with own private key

▪ Sender re-encodes message with receiver's public key

▪ Receiver decodes message with own private key

▪ Receiver decodes message with sender's public key

Hybrid systems

Using Symmetric and Asymmetric known as public key cryptography: symmetric for bulk data encryption and asymmetric for protecting encryption keys and key distribution.

▪ Asymmetric algorithm performs encryption and decryption by using public and private keys

▪ Symmetric algorithm performs encryption and decryption by using a secret key.

▪ A secret key is used to encrypt the actual message

▪ Public and private keys are used to encrypt the secret key

▪ A secret key is synonymous to a symmetric key

▪ An asymmetric key refers to a public or private key

Symmetric

|Algorithm |Developer |Provides |Key Size (bits) |Characteristics |

|DES |IBM under US government |Confidentiality. |56 bits |Defacto industry standard. |

| |contract (devised in 1972 |It can be used in | |64 bit block size. It begins with a 64-bit key and |

|64 bit block |as a derivative of Lucifer |many applications | |strips off 8 parity (1 odd in each byte) bits. |

|size |algorithm by |including during | |8 bit parity can be used for error detection |

| |Horst Feistal at IBM. |data transmission | |16 rounds of transposition and substitution |

| | |and file security. | |Uses techniques of confusion and diffusion. |

| |Modified by NSA to come |Implemented in | |Adopted as US federal standard in 1976 |

| |up with US DES |electronic devices | |Increasing concern over resistance to brute-force attack (though with |

| | |including VLSI, RAM,| |56 bit key , one has to try 256 or 70 quadrillion keys, can be broken |

| | |PROM, EEPROM and ROM| |using large computers in a network |

| | | | |U.S. Government no longer uses it |

| | | | |Patented in 1974 - Block Cipher Cryptographic System |

| | | | |Commercial and non-classified systems |

| | | | |DES describes the Data Encryption Algorithm DEA |

| | | | |Federal Information Processing Standard FIPS adopted DES in 1977 |

| | | | |Re-certified in 1993 by National Institute of Standards and Technology |

| | | | |but will be replaced by AES Advanced Encryption Standard by Rijndael. |

| | | | |DES Operates in four modes |

| | | | |Cipher Block Chaining (CBC) |

| | | | |Electronic Code Book (ECB) |

| | | | |Cipher Feedback (CFB) |

| | | | |Output Feedback (OFB) |

| | | | |13) Never adopted for national security applications. |

| | | | |14) single chip installation (hardware) now software. |

| | | | |Commercial and non-classified systems |

| | | | |DES uses confusion and diffusion as suggested by Claude Shannon |

| | | | |Confusion conceals statistical connection |

| | | | |Accomplished through non-linear S-boxes in DES. |

| | | | |Diffusion spread the influence of plaintext character over many |

| | | | |ciphertext characters: Accomplished through p-boxes |

| | | | |Distributed systems can break it. U.S. Government no longer uses it |

| | | | |DES is considered vulnerable by brute force (exhaustive) search of the |

| | | | |key – replaced by triple DES and AES. If the attack is only the brute |

| | | | |force, then counter it by longer keys. Hence 128 key is better. |

| | | | |Knowledge of expected plain text and automatically distinguishing |

| | | | |plaintext from garble is needed for breaking the key. |

| | | | |Triple DES – three encryptions using DEA are now being used until AES |

| | | | |is adopted |

|3DES |3 sequential applications of DES. | |112 (using 2 keys) |1) Slow |

| | | | |2) Double encryption is subject to meet in the middle attack |

| | | |168 (using 3 keys) |Encrypt on one end decrypt on the other and compare the values |

| |Algorithm is too sluggish in | | |Work factor of DES and Double DES is the same. |

| |software, hence very slow and 64 | |7 modes of operation|So Triple DES is used |

| |bit block size can be higher. | |of TDEA |Can be done several different ways |

| | | | |a) DES – EDE2 (encrypt key 1, decrypt key 2, encrypt key 1) |

| | | | |b) DES – EE2 (encrypt key 1, encrypt key 2, encrypt key 1) |

| | | | |c) DES –EE3 (encrypt key 1, encrypt key 2, encrypt key 3) - most secure|

| | | | |however Triple DES with two keys will prevent the brute force and meet |

| | | | |in the middle with a less payload. |

| | | | |3 keys are also known as key bundle. |

| | | | |TDEA is a formidable algorithm. Same resistence as to DEA. Stronger 168|

| | | | |bit key, brute force is not possible. |

| | | | |If security is only concern, then TDEA is best for the years to come. |

|IDEA (- |Developed in Switzerland by Xuejia| |128 bit key |64 bit block, 8 rounds |

|International |Lai and James Massey. | | |Used in PGP |

|Data | | | |Much more difficult than DES |

|Encryption | | | |Differs in round function and subkey generation function. |

|Algorithm) | | | |Uses both confusion and diffusion but confusion is not achieved through|

| | | | |use of S-boxes |

| | | | |Instead XOR, binary addition and binary multiplication of 16 bit |

| | | | |integers. |

| | | | |Highly resistant to cryptanalysis. |

|Blowfish |Bruce Schneier | |Key length Up to 448|Upto 16 rounds of data blocks |

| | | | |Published in 1993. |

| | | | |Fast, compact and flexible. |

| | | | |Uses S-boxes, X0r and binary addition |

| | | | |Variable S-boxes |

| | | | |Suitable: |

| | | | |Due to its high execution speed and easy implementation and compact |

| | | | |algorithm, < than 5 k of memory, its is used in number of commercial |

| | | | |applications. |

| | | | | |

| | | | |Since sub keys and S-boxes are generated by repeated application, it |

| | | | |is not suitable for applications in which secret key changes |

| | | | |frequently. |

|Twofish |Developed by Counterpane based on | |up to 256 bit |128 bit blocks in 16 rounds |

| |Blowfish (also by Counterpane) - | | |Employs whitening before first round and after last round |

| |Bruce Schnier, John Kelsey, Doug | | |Need to break whitening keys in addition to Twofish key prewhitening” |

| |Whiting, David Wagner, Chris Hall | | |Employs prewhitening” and “post whitening” where additional subkeys |

| |and Niels Ferguson, U.S.A. | | |are XORed with the plaintext before the first round and after the |

| | | | |sixteenth round. |

| | | | |In twofish algorithm, the MDS matrix, the PHT, and key additions |

| | | | |provide diffusion |

|RC5 – Family |Developed by Ronald Rivest in 1994| |0 to 2048 bit keys |1) 32,64 or 128 bit blocks, up to 0 to 255 rounds |

|of algorithms | | | |2) RSA patented in 1997 |

| | | | |Suitablity |

| | | | | |

| | | | |It is suitable for hardware or software – uses primitive computational |

| | | | |operations commonly found on microprocessors |

| | | | |Fast, with a simple algorithm |

| | | | |Variable number of rounds & variable key length |

| | | | |Easy to implement |

| | | | |Low memory requirement makes it suitable for smart cards other devices |

| | | | |with restricted memory; higher security with suitable parameters. |

| | | | |Number of RSA products uses this. |

|AES | | | |1) Block Cipher that will replace DES |

| | | | |Anticipated that Triple DES will remain approved for Government Use |

| | | | |AES announced by NIST in January 1997 to find replacement for DES |

| | | | |Five finalist |

| | | | |MARS IBM Corp. (represented by Nevenko Zunic), U.S.A. |

| | | | |RC6 RSA Laboratories (represented by Matthew Robshaw), U.S.A. |

| | | | |Rijndael Joan Daemen and Vincent Rijmen, Belgium |

| | | | |SERPENT Ross Anderson, Eli Biham and Lars Knudsen, U.K., israel and |

| | | | |Norway |

| | | | |TWOFISH- Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris|

| | | | |Hall and Niels Ferguson, U.S.A. |

| | | | | |

| | | | |3) October 2, 2000 NIST Selected Rijndael |

| | | | |2 Belgian Cryptographers Dr. Daeman and Dr. Rijmen |

| | | | |Will be used by government for sensitive but unclassified documents |

|Rijndael Block|Joan Daemen and Vincent Rijmen | |variable block |Iterative block cipher |

|Cipher | | |length and key |Resistance to all known attacks |

|(AES) |Weakness: | |lengths that can be |Design Simplicity |

| |One issue was with then underlying| |independently chosen|Code compactness and speed on wide variety of platforms |

| |architecture: some opined that its| |as 128, 192 or 256 |Intermediate cipher result is called “state” |

| |internal mathematics is simple. | |bits. |that transformations operate on |

| |The Rijndael team defended its | | |Does not use Feistel transposition structure from DES |

| |design pointing that simpler | |To break 128 bit AES|Uses round transformation of 3 layers |

| |mathematics made Rijndael easier | |key, it is estimated|Non-linear layer – S-boxes |

| |to implement in embedded | |to take 140 trillion|Linear mixing layer – shifting of rows and mixing of columns |

| |hardware.They argued that | |years. |Key addition layer – An exclusive OR of the round key to the |

| |obfuscation was not needed. | | |intermediate. |

| | | | |Suitable for High Speed Chips and compact co-processor on smart cards |

| | | | |Key taken from cipher key through key schedule which consists of key |

| | | | |expansion and round key selection: total number of round key bit is |

| | | | |equal to block length multiplied by the number of rounds plus 1. |

| | | | |High speed chip; no area restriction. |

| | | | |It is a substitution-linear transformation network (non Fiestal) |

| | | | |NIST selected Rijndael for the following reasons: |

| | | | |Good performance in both hardware and software across wide range of |

| | | | |computing environments |

| | | | |Good Performance in both feedback and non-feedback modes |

| | | | |Key setup time is excellent. |

| | | | |Key agility is good |

| | | | |Very low memory requirements |

| | | | |Easy to defend against power and timing attacks, without significantly |

| | | | |impacting performance. |

|SERPENT |Ross Anderson, Eli Biham and Lars | | | |

| |Knudsen, U.K., israel and Norway | | | |

|RC6 |RSA Laboratories (represented by | | | |

| |Matthew Robshaw), U.S.A | | | |

|RC4 | | | | |

|MARS |IBM Corp. (represented by Nevenko | | | |

| |Zunic), U.S.A. | | | |

There are 4 primary modes of operation on which the block ciphers can be based:

|Type |Character |Problem |

|Electronic Code Book |Native mode of DES (natural mode – direct application) |Replay & Substitution |

|The weakness in ECB is that identical input |Block Cipher |attack. |

|blocks will produce identical cipher results |ECB is applied to 64 bits of plain text and produces | |

|of the same length. |corresponding 64 bit blocks of ciphertext |Interestingly, this is a |

| |64 input vector is broken in to two block (right block and|fundamental encryption |

|Suitable for short messages and non repeating |left block) |flaw that affected the |

|patterns ECB is best with small amounts of |Each 32 bit block is copied into a 48 bit block |Enigma. |

|data ( like challenge response operations and |Each 48 bit block is XORed with a 48 bit encryption key | |

|key management, encrypting PIN etc., |Exists pairs of plain text an corresponding code | |

| | | |

|Can be used for IV encryption in the case of | | |

|CBC because along with the key the IV also | | |

|should be sent. | | |

|Cipher Block Chaining (CBC) |Plaintext block of 64 bits |Errors are propagated |

| |Randomly generated 64 bit Initialization Vector is XORed |using this method |

|Widely used in security applications |with the first block | |

| |Then encrypted with DES | |

| |First ciphertext will then be XORed with the next | |

| |plaintext 64 bit block | |

| |Enhanced mode of ECB which chains together block of cipher| |

| |text. | |

|Cipher Feedback (CFB) – Errors will propogate |Stream cipher where cipher text is used as feedback into |Errors will propogate |

| |the key generation source to develop the next key stream | |

| |Ie. Input to the DES to generate pseudorandom number which| |

| |are combined with plain text to produce the cipher | |

|Output Feedback (OFB) - Errors will not |Feedback is used to generate the key stream | |

|propogate |Therefore the key stream varies | |

| |Errors do not propagate | |

| |Functioning like a stream cipher by generating random | |

| |binary bits to be combined with plaintext to create | |

| |ciphertext. | |

| |Previous output of DES is used as input | |

| |OFB does not chain the cipher | |

A block cipher is a type of symmetric key encryption algorithm that accepts a fixed block of plaintext to produce cipher text of the same length – a linear relationship.

Block Ciphers are more suited to implementation in software to execute on a general purpose computer. This guideline is not absolute, and there are variety of operational reasons to choose one method over the other. Types of block ciphers DES, 3DES, Idea, RC5, Rijndeal, Twofish, DES CBC, DES ECB,

The secret to the secret sauce is the key. It is the key that provides the randomness of the encryption process.

Stream Cipher

Tend to be implemented more in hardware devices. This guideline is not absolute, and there are variety of operational reasons to choose one method over the other. It is symmetric encryption algorithm and it is extremely faster.

▪ Rotor machines

▪ RC4

▪ DES Cipher Feed Back (CFB)

▪ Link encryption

▪ Onetime pad (vernam cipher) -- it is possible to generate ciphertext that is random and therefore unbreakable even by brute-force attacks.

▪ Output feedback mode

Linear feedback shift register (LFSR) : this is one of the simplest finite state machines. This is used for generation of key stream from the key generation. Shifts in a block of 4 last by one but 3rd and 4th bit before shift Xord and assigned as last.

Some of the features that a cryptographer will design in to the algorithm for a stream cipher include:

1) Long periods without a repetition.

2) Functional complexity – each keystreambit should depend on most or all of the cryptovariable bits.

3) Statistically unpredictable – given n successive bits from the keystream it is not possible to predict the n+1st bit with a probability different from ½.

4) The keystream should be statistically unbiased – there should be as many 0s as 1s, as many 00s as 10s, 01s and 11s etc.,

5) The keystream should not be linearly related to the cryptovariable.

The first condition is trivial to satisfy. The second condition, ensuring that the two machines have the same crypto variable is an administrative problem (key management). We can ensure that the two machines start in the same state by several means. One way is to include initial state as part of the crypto variable. Another way is to send the initial state to the receiver at the beginning of each message. (This is sometimes called a message indicator or initial vector)

Common Asymmetric Algorithms:

RSA and other public key systems is as key distribution systems:

|Algorithm |Developed by |Provides |Characteristic |

|RSA |Rivest, Shamir and Addleman . |Provide |Based on difficulty of factoring a number which is|

| |Introduced in 1976. |confidentiality, |the product of two large prime numbers, may be 200|

| | |authentication and |digits each. Is insecure, 768 moderately secure, |

| |Suitable for High Speed Chips |non-repudiation. |and |

| |and compact co-processor on | |1024 bits is good. |

| |smart cards |Encryption, |Suitable for High Speed Chips |

| | |key exchange, |and compact co-processor on |

| | |and digital |smart cards |

| | |signatures |Two possible approach of defeating RSA: |

| | | |brute force approach: try all possible private |

| | | |keys. |

| | | |finding out the large prime numbers. |

|Diffie-Hellman |Whitfield Diffie & Martin |For key |Invented in 1976-first public key algorithm |

| |Hellman |distribution |Key agreement protocol |

| | |only |Security stems from difficulty of calculating |

| |“came up with whole public | |discrete logarithms in a finite field. While it is|

| |key/private key concept”. | |relatively easy to calculate exponentials modulo a|

| | | |prime, it is very difficult to calculate discrete |

| | | |logarithms. For large primes, the latter task is |

| | | |considered infeasible. |

| | | |Used for key distribution of a shared key but not |

| | | |for message encryption/decryption |

| | | |Vulnerable to ‘man in the middle’ attacks ( since|

| | | |peers are not authenticated) – result : station to|

| | | |station protocol. |

| | | | |

| | | |Patent expired in 1997 |

|El Gamal |Dr. T.E. El Gamal |For digital |Extended Diffie-Hellman to include signatures and |

| | |signature |encryption. |

| | |And encryption |First key for digital signature |

| | | |un-patented public key crypto system that involves|

| | | |discrete logrithm problem. |

|Merkle-Hellman Knapsack | | |Having set of items with fixed weights |

| | | |Determining which items can be added in order to |

| | | |obtain a given total weight |

| | | |Illustrated using Super increasing weights (all |

| | | |weights greater than sum of previous) |

|ECC |Neil Koblitz |160 bit key |Elliptic curve discrete logarithm are hard to |

| | |Digital signatures, |compute than general discrete logarithm |

| |Suitable for High Speed Chips |encryption and |Smaller key size same level of security like RSA :|

| |and compact co-processor on |key management |higher strength per key. |

| |smart cards First proposed by | |No other advantage than speed over RSA |

| |Victor Miller (IBM/CRD) 1985 & |Suited to smart |Computational power limited |

| |Neal koblitz ( Washington univ) |cards and wireless |Integrated circuit space limited |

| | |devices (less memory|High speed required |

| | |and processing) |Intensive signing, verifying, authenticating |

| | | |required |

| | | |Signed messages stored or transmitted |

| | | |Bandwidth limited |

| | | |Wireless communications/some networks |

Asymmetric and Symmetric Key Comparisons

|Asymmetric Key |Symmetric Key |

|512 bits |64 bits |

|1024 bits |80 bits |

|1729 bits |112 bits |

|2304 bits |128 bits |

Like symmetric algorithms, public key encryption implementations do not rely on the obscurity of their algorithm, but use key lengths that are so long that a brute-force attack is impossible. Asymmetric encryption keys are based on prime numbers, which limits the population of numbers that can be used as keys.

Comparison of DES and RSA:

|CHARACTERISTIC |DES |RSA |

|Relative Speed |Fast |Slow |

|Functions Used |Transportation and Substitution |Multiplication |

|Key Length |56 bits |400-800 bits |

|Least Cost Attack |Exhaustion |Factoring |

|Cost of Attack |Centuries |Centuries |

|Time to generate a key |Microseconds |Tens of Seconds |

|Key Type |Symmetric |Assymmetric |

Note: Most products use symmetric key cryptography to encrypt files, messages, sessions and objects, but use asymmetric key cryptography to exchange and protect keys.

Preferred Crypto algorithms should have the following properties:

n No reliance on algorithm secrecy

n Explicitly designed for encryption

n Available for analysis

n Subject to analysis

n No practical weaknesses

PKC systems are based on problems that are difficult to solve (Hard problems):

Factoring large prime integers

RSA

Discrete logarithm problem (difficulty of taking  logarithms in finite fields)

Diffie-Hellman

El Gamal encryption schemes & signature algorithms

Schnorr's signature algorithm

Nybergrueppel's signature algorithm

Station-to-station protocol for key agreement (STS)

Digital Signature Algorithm (DSA)

Elliptic Curve Crypto (ECC) ( only speed is a factor) – higher key strength compared to the RSA.

DSS (Digital Signature Standard) - NIST & NSA proposed in 1991

LUC

Mathematical Problems

Factoring

Given P, Q, easy to compute P*Q

Given product N = P*Q, not easy to compute P and Q

Pick E (encrypt number)

Compute D so that D*E=1, MOD(P-1)*(Q-1)

But there are better than exhaustion attacks against factoring

This is why parameters have to be large (512, 1024, 2048)

Discrete Logs

Based on two facts

Exponentiation is easy: if you have G and X, it is easy to compute S=G to the power of X

Logarithms are hard: if you have S and G, it is hard to find X such that G to the power of X=S

Usage of public key cryptography

1) For encryption and decryption: encrypts the message with receiver’s public key

2) For digital signatures: encrypting the message digest or MAC value

3) Two sides co-operate to exchange session keys.

Algorithm Encryption/Decryption Digital signature key exchange

RSA Yes Yes Yes

ECC Yes Yes Yes

Diffie - - Yes

DSS - Yes -

Hash algorithms:

A hash algorithm is a one-way cryptographic function. When applied to a data object, it outputs a fixed-size output, often called a message digest (fingerprint). It is conceptually similar to a checksum, but is much more difficult to corrupt.

|One way hash function |Reversible by trap door |

| |Provide confidentiality and Authentication |

|One way hash algorithm |Irreversible |

| |Provides only integrity. |

Purpose of Digital Signatures

n To Detect unauthorized modifications and to authenticate identity and non-repudiation.

n Generates block of data smaller than the original data

n One way hash functions

n One way has produces fixed size output (digest)

n Has the following good hash function characteristics

After message digest is calculated it is encrypted with senders private key.

Receiver decrypts using senders public key, if it opens then it is from the sender.

Then receiver computes message digest of sent file if hash is the same it has not been modified.

Hash functions are much faster than encryption processes and can be utilized to enhance performance while maintaining integrity.

Good hash function characteristics

1. hash should be computed on the entire message

2. hash should be a one way hash function so that messages are not disclosed by their signatures. (original message should not be found out). – one way property.

3. It should be impossible given a message and its hash value to compute another message with the same hash value. Collision resistance.

4. It should be resistant to birthday attacks meaning an attacker should not be able to find two messages with the same hash value. – larger output is stronger and less vulnerable to brute force attacks like birthday attack.

One way Hash with or without encryption can be used. Encryption is discouraged some times due to higher hardware cost, export regulations, slow in software and not suitable for small data values such as hash.

|Hash |Blocks and hash size |Other characteristics |

|MD2 |128 bit hash value |Slower than MD5 & MD4 |

| |Ron Rivest |MD2 is a hash function that has collision |

| | |vulnerability. |

|MD4 |Ron Rivest |Used for high speed computation in software|

| |128 bit hash value |implementations and is optimized for |

| | |microprocessors. |

| | |Problem: |

| | |Hash function’s poor one-way property. |

|Haval |Variable length one way hash |Modification of MD5 |

| |Blocks of 1024 bits. | |

|MD 5 |Developed by Ronald Rivest in 1991 |Message Digest (MD) is the most common hash|

| |Produces 128 bit message digest from |function today. |

| |arbitrary length of data |Developed by Ron Rivest |

| |512 blocks of in four distinct rounds |Commonly used as a data integrity checking |

| | |tool, such as in Tripwire and other |

| |64 (4 of 16) rounds |products |

| | | |

| |infinite input size. | |

| | | |

| |4 primitive logical function and 64 | |

| |additive constants used. | |

|SHA - 1 |160 bit hash if < 2(64) bit as input. |Developed by NSA |

| | |It is relatively easy to computer Hash for |

| |Integrity of the message. |a given value given hardware and software |

| |512 blocks of data. |implementations practical. |

| | |Algorithm is used to input the message and |

| |80 (4 rounds of 20) |get the hash ( called as cryptographic |

| | |hash) |

| |4 primitive logical function and 4 additive|Used in PGP |

| |constants used. |Used for generating digest for digital |

| | |signatures |

| |Applying the process of computing the SHA1 |It is computationally infeasible to find a |

| |and then processed by the DSA to either |message that corresponds to a given message|

| |generate or verify the signature for a |digest |

| |shorter message is more efficient than |It is computationally infeasible to find |

| |applying it to the longer message. |two different messages that produce the |

| | |same message digest. |

| | |It is computationally impractical to find |

| | |any pair which will have same pair of hash.|

| | | |

| | |Padding bits are added to message to make |

| | |it a multiple of 512. |

| | |The length of the message is the number of |

| | |bits in a message |

| | |Equivalent to factoring (RSA) |

| | |Input into DSA to get digital signture |

| | |Resistant to “birthday” attack and brute |

| | |force attacks |

| | | |

| | | |

| | | |

| | |. |

|Message Authentication Code |Last 16 bit or 32 bit code from the cipher |Combination of encryption and hashing; key |

|(MAC) |text generated by DES algorithm on the |depended one way hash – requires symmetric |

| |message. |key in the process – hash encrypted with |

| | |symmetric key. DES is recommended for the |

| |Provides authentication but not |encryption of the message and the last 16 |

| |confidentiality ; has proper sequence |bit or 32 bit cyper text code is taken / |

| |number hence sequence of the message is |used as the code. |

| |ensured. | |

| | |Similar to encryption, however the |

| | |authentication algorithm need not be |

| | |reversible. Smaller fixed length that is |

| | |not designed for decryption hence need not |

| | |be reversible |

|HMAC |Uses key to generate a Message |HMAC can be used with any iterative |

| |Authentication Code which is used as a |cryptographic hash function (MD5, SHA1) in |

|Available hash function must be used |checksum. |combination with a secret shared key. |

|Allow replaceability of the hash function | |The cryptographic strength of HMAC depends |

|Preserve performance of the hash function |The hash function is either MD5 or SHA1 |on the properties of underlying hash |

|Use and handle keys in a simple way |which is incorporated with a secret key in |function. |

|Have well understood cryptographic analysis|to existing hash algorithm | |

|of the strength of the authentication | |It is now mandatory to use HMAC in IP |

|mechanism based on reasonable assumptions | |security. And is used in TLS & SET. |

|on the embedded hash function. | | |

|Digital Signature Standard (DSS) |Condenses message to 160 bits |NIST proposed in 1991 |

|& Secure Hash Standard |Key size 512-1024 bits |Uses secure hash algorithm (SHA 1) – 160 |

| |Enables use of RSA digital signature |bit. |

| |algorithm or DSA –Digital Signature |Modular arithmetic exponentiations of large|

| |Algorithm (based on El Gamal) |numbers |

| |Both use The Secure Hash Algorithm to |Difficult to invert exponentiations |

| |compute message digest then processed by |(security) |

| |DSA to verify the signature. Message |Equivalent to factoring (RSA) |

| |digest is used instead of the longer |Digital Signature Algorithm |

| |message because faster. |Integrity |

|Digital Signature Algorithm |Generate and verify signatures. |FIPS 186: |

| |Provides authentication and integrity i.e |This Standard specifies a Digital Signature|

|Others signature algorithm include: |identify the signatory and integrity of |Algorithm (DSA) appropriate for |

| |data. |applications requiring a digital rather |

|•Nyberg-Rueppel | |than written signature. The DSA digital |

|•Schnorr |Only for digital signature and not for |signature is a pair of large numbers |

| |encryption (unlike RSA which does both), |represented in a computer as strings of |

| | |binary digits. |

| | |Provides authentication, integrity and |

| | |non-repudiation. |

|Ripemd –160 |160 bits | |

| |512 block of size | |

| |160 ( 5 paired rounds of 16) | |

| |5 primitive logical function and 9 additive| |

| |constants used. | |

| |Infinite input length. | |

Public Key Certification Systems

A source could post a public key under the name of another individual

Digital certificates counter this attack, a certificate can bind individuals to their key

A Certificate Authority (CA) acts as a notary to bind the key to the person

CA must be cross-certified by another CA

Public Key Infrastructure - (PKI)

Integration of digital signatures and certificates.

n Digital Certificates

n Certificate Authorities (CA)

n Registrations Authorities

n Policies and procedures

n Certificate Revocation

n Non-repudiation support

n Time stamping

n Lightweight Directory Access Protocol

n Security Enabled Applications

n Cross Certification

n Provides Access control, authentication, confidentiality, integrity, non-repudiation

n Assumes, that receiver’s public identity can be positively ensured through certificates and that the DH exchange will automatically negotiate the process of key exchange.

n Identifies users, create and distribute certificates, maintain and revoke certificates, distribute and maintain encryption keys, and enable all technologies to communicate and work together for the purpose of encrypted communication.

n Digital Certificate binds that certificate to its particular owner with a unique serial number within the CA. Popular certificate is the x.509 v3 certificate.

n Separate keys can be used for digital signature and encryption. Layers of necessary protection.

Cryptographic Attacks

|Cipher text only attacks |Encryption algorithm |

| |Ciphertext to be decoded |

|Known plaintext |Encryption algorithm |

| |Ciphertext to be decoded |

| |One or more pair of plain text cipher text pairs formed with the secret key. |

|Chosen Plaintext |Encryption algorithm |

| |Ciphertext to be decoded |

| |Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with |

| |the secret key |

|Chosen Ciphertext |Encryption algorithm |

| |Ciphertext to be decoded |

| |Purported cipher text chosen by cryptanalyst, together with its corresponding decrypted plaintext |

| |generated with the secret key. |

| |Portions of the cipher text are selected for trial decryption while having access to plain text; |

| |goal is to figure out the key. Attacker has some plain text, can capture an encrypted message and |

| |therefore capture the cipher text. Once few pieces of puzzle discovered, rest is accomplished by |

| |reverse-engineering and trial-and-error attempts. |

|Chosen text |Encryption algorithm |

| |Ciphertext to be decoded |

| |Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with |

| |the secret key |

| |Purported cipher text chosen by cryptanalyst, together with its corresponding decrypted plaintext |

| |generated with the secret key. |

Birthday Attack

n You in a room with better than 50/50 chance of another person having your birthday? Need 253 people

n You in a room with better than 50/50 chance of two people having the same birthday? Need 23 people

Two different messages having same message digest or finding two different messages that have the same message diges

Brute Force - Attack try every possible combination

Adaptive Chosen Plain Text – selection of plain text is altered based on previous results

Adaptive Chosen Ciphertext - Chosen cipher text are selected for trial decryption where selection is based on previous results

Meet in the Middle – For attacking double encryption from each end and comparing in the middle

Differential Cryptanalysis – Private key cryptography looking at text pairs after encryption looking for differences

Linear Cryptanalysis – using plain text and cipher text to generate a linear approximation of a portion of the key

Differential Linear Cryptanalysis – using both linear and differential approaches; S-boxes are used to minimize the danger from an attack called differential cryptanalysis.

Factoring – using mathematics to determine the prime factors of large numbers

Statistical – exploiting the lack of randomness in key generation

Dictionary attack – with a database of one-way function password, dictionary program and a captured password file, this attack can be accomplished.

Replay attack – attacker able to intercept an encrypted secret message but not able to readily decrypt the message… OS flaws, memory residue, temporary files, differential power analysis, distributed computing…

Time stamping and sequence numbering are two measures to counter this.

Active attacks include:

Replay – countered by timestamping & block chaining

Substitution – countered by block chaining

Modification of messages

Denial of service

Statistical attacks: in the design based on statistical weakness – more1s than 0s in the key stream.

Analytic attacks: Use algorithm and algebraic manipulation to reduce complexity

- RSA factoring and

Double DES are examples.

Implementaion attacks: weak implementation

Even when an algorithm is correctly implemented, the overall system security posture may be weakened by some other factor. Key generation is a weak spot. If an attacker discovers a pattern in key generation, it effectively reduces the total population of possible keys and greatly reduces the strength of implementation.

A recent example was the failure of one of the original implementations of Netscape’s SSL, which used a predictable time-based technique for random number generation. When subjected to statistical analysis, few man-made devices can provide sufficiently random output.

Man in the middle: changing the public key of B by C as his key…. Prevented by PKI/digital certificates: Intercepting messages and forwarding on modified versions by replacing the public key that are kept on public server and acts as a middle man

Clear text attack & cipher text only attack – can’t work on key encrypting key.

Passive attacks involve the listening-in, eavesdropping, or monitoring of information, which may lead to interception of unintended information or traffic analysis where information is inferred.

Traffic analysis - inference of information from analysis of traffic (presence, absence, frequency, etc.): Traffic padding - generation of spurious data units

& padding are the counters.

Dictionary attacks has proved immensely successful in attacking and compromising UNIX systems and Windows NT systems. UNIX systems generally use the crypt () function to generate theoretically irreversible encrypted password hashes. The problem is some users choose weak passwords based on real words. It is possible to use dictionary of words and to use this well known function until there is a match with the encoded password. In Windows NT, it is possible by obtaining a copy of the NT SAM file, which contains the encrypted passwords.

Cryptographically secure digital timestamps (CSDTs) have been used for a variety of purposes, including variety of document archiving, digital notary services, etc. By adding a CSDT to every digital certificate issued within a PKI, one now has a method for ensuring not only that the certificate is valid, but also at what point in time that validity was declared.

Time stamps: Primary component of a CSDT is the timestamp itself and a time source is required.

To allow high volume transactions, a 16-bit sequence no is appended to the timestamp to ensure that there can be no 2 CSDTs with the identical time

If the time resolution is 0.0001 sec, it is possible to issue 65,536 CSDT’s that all happen within that same 0.0001 sec.

Hash of the certificate: For a CSDT to be bound to a particular certificate, some data must be included to tie it to the certificate in question. A hash generated by a known and trusted algorithm, such as SHA-1 or MD5, is used to provide this connection. This is the same hash that is calculated and encrypted during the Certificate Authority signing process.

To resist cipher-text only attacks, good practice requires that all such patterns as format, e.g., file or e-mail message, language (e.g English) alphabet (e.g Roman), and public code (e.g., ASCII or EBCDIC) in the clear text object must be disguised before the object is encrypted. (pg 376 vol 1)

In a brute force attack, one tries keys one after another until one finds the key in use. here are 2 ways- clear-and cipher-text attacks, and cipher-text-only attacks. Neither of these attacks will work on a key-encrypting key, if principles of key management are adhered to.

Note: On average, the correct key will be found once half of the total key space has been tried in a brute force attack.

It is not always practical to provide a digital certificate with every signed object, and high –assurance CA’s need a CRL server. Directory service is a distributed database optimized for reading that can make both CRL’s and certificates available on a wide area network (WAN) or the Internet. Most directory services are based on the X.500 standard and use the extensible format X.509 to store digital certificates.

Point: Encryption rarely improves availability, but if mission-critical encryption services fail, then availability requirements probably will not meet. Use of cryptographically based strong authentication system to prevent denial-of-service attacks would be an example of using encryption to increase availability.

Boomerang Attack:

Recently, a means of improving the flexibility of differential cryptanalysis was discovered by David A. Wagner. Called the boomerang attack, it allows the use of two unrelated characteristics for attacking two halves of a block cipher.

A technique called the boomerang amplifier attack works like this: instead of considering the pairs of inputs, differing by the XOR required for the characteristic of the first few rounds, as completely independent, one could note that it would be quite likely that somehow, taking two such pairs at a time, one could obtain any desired XOR difference between two such pairs by the birthday paradox. This allows a boomerang attack to be mounted with only chosen plaintext, instead of adaptive chosen ciphertext as well.

Email Security

n Non-repudiation

n Confidentiality of messages

n Authentication of Source

n Verification of delivery

n Labeling of sensitive material

n Control Access

|E-mail Security |Characterics/ features |Provides what |

| | |In which layer |

|PEM (Privacy Enhanced Mail) |Internet Standard to provide secure email |Confidentiality, |

| |over the internet. |Authentication, message integrity, key |

| |A standard proposed by IETF to be |management |

| |compliant with the Public Key Cryptography|Non-repudiation |

| |Standards | |

| |DES in CBC mode |application level protocol. |

| |Compliant with Public Key Cryptography | |

| |Standards (PKCS) | |

| |Developed by consortium of Microsoft, Sun,| |

| |and Novell | |

| |Triple DES-EDE – Symmetric Encryption | |

| |MD2 and MD5 Message Digest | |

| |RSA Public Key – signatures and key | |

| |distribution | |

| |X.509 Certificates and formal CA | |

|RIPEM |Is a public domain implementation of PEM | |

| |protocol although not in its entirely. | |

| | | |

|Message Security Protocol |Military PEM |application level protocol. |

| |x.400 compatible | |

|PGP (Pretty Good Privacy) – |Phil Zimmerman |Confidentiality through IDEA ( with 128 |

| |No CA uses “web of trust” |bit) - Block cipher key |

| |Users can certify each other |Integrity through MD5 hashing; |

| |Uses passphrases |(or) SHA to generate digital signatures.|

| |User keeps collection signed public keys |Authentication by using PKC |

| |he has received from other users in a file|Non-repudiation by use of |

| |referred to as a Key ring. |cryptographically signed messages |

| |It provides a number of mechanisms for | |

| |ensuring that one is using the correct and| |

| |intended public key for a correspondent. | |

| |One of these is called the “key | |

| |fingerprint”. | |

| |Public domain software | |

| |Not endorsed by the NSA. | |

| |Bound by federal export laws due to its | |

| |usage of the RSA, IDEA, Diffie-Hellman, | |

| |3DES and CAST algorithms. | |

|Internet Security | | |

|HTTP |Stateless protocol | |

| |For development of web pages | |

| |HTTP is a stateless protocol because each | |

| |command is executed independently without | |

| |any knowledge of the commands that came | |

| |before it. The shortcoming of HTTP to | |

| |implement Web sites that react | |

| |intelligently to user input is being | |

| |addressed in a number of new technologies | |

| |including ActiveX, Java, Javascript and | |

| |cookies. | |

|Secure Telnet |Secure RPC: Uses Diffie-Hellman public key|Encryption (confidentiality) |

|Remote terminal access |to deter the shared key for encryption |Application layer |

|Secure Telnet |with 192 bit key. Even if the packet is | |

|Secure RPC authentication (SRA) |sniffed and captured, it cannot be | |

| |necessarily decrypted. | |

|S-HTTP |Designed to send individual messages |Data integrity and sender authentication|

| |securely. |capability |

| |Stateful protocol | |

| |Does not get disconnected like HTTP. |Application Layer |

| |Can be used to secure individual WWW | |

| |Documents | |

| |SSL is session based | |

| |Computes hash value of the message and the| |

| |value can be digitally signed. | |

| |Can use public key technology, symmetric, | |

| |PEM etc., - shows flexibility | |

|SSL /TLS |Designed to establish a secure connection |SSL lies beneath the application layer |

| |between two computers. |and above the transport layer. |

|Developed by Netscape in 1994 |Requires SSL enabled web-browser. |(precisely transport layer) |

|Uses public key to authenticate server to|SSL is both an API and a protocol intended| |

|the client |for end-to-end encryption to client-server|Man in the middle attack possible. |

|Also provides option client to sever |application across an arbitrary network. | |

|authentication |This protocol was developed by Netscape. |Using digital signature during session |

|Supports RSA public Key Algorithms, IDEA,|Navigator browser is its reference |key exchange can circumvent this attack.|

|DES, and 3DES |implementation | |

|Supports MD5 Hashing |It uses public key certificates to | |

|HTTPS header |authenticate the server to the client and |Heavily used for internet transaction. |

|Resides between the application and TCP |optionally the client to the server. | |

|layer |It uses the server’s public key to |Provides authentication, compression, |

|Can be used by telnet, FTP, HTTP and |negotiate a session key to be used for the|confidentiality, and integrity |

|e-mail protocols. |session. | |

|Based on X.509 |It manifests this key by setting a | |

| |solid key icon in the lower | |

| |lefthand corner of the | |

| |screen. | |

| |Refer below for connectivity. | |

|Transaction Layer Security |Successor to SSL: |Can use with Kerberos and with PPP for |

| | |authentication |

|SKIP - Simple Key Management for Internet|Similar to SSL – however no prior |Uses Diffie-Hellman to generate a shared|

|Protocol |communication required Requires no prior |secret, which in turn provides IP |

| |communication in order to establish or |packet-based encryption and |

| |exchange keys on a session-by-session |authentication |

| |basis | |

| |Enables TCP/IP host to send encrypted IP |High availability |

| |packet to another host without requiring a| |

| |prior message | |

| |Well suited for Internet, since both are | |

| |stateless protocols | |

| |SKIP does not continually generate new key| |

| |values as SSH does | |

|MIME (Multipurpose Internet Mail |was standardized with RFC 822 and RFC | |

|Extensions) |1521. | |

| |defines the mail header and type of mail | |

| |content | |

| |designed to provide facilities to include | |

| |multiple objects in a single message, to | |

| |represent body text in character sets | |

| |other than US-ASCII, to represent | |

| |formatted multi-font text messages, to | |

| |represent non-textual material such as | |

| |images and audio fragments and generally | |

| |to facilitate later extensions defining | |

| |new types of internet mail for use by | |

| |cooperating mail agents. | |

|MOSS (MIME Object Security Services) |Provides flexibility by supporting |Uses MD5, RSA Public Key and DES |

| |different trust models |Encryption and hashing |

| | | |

| |Permits identification outside of the | |

| |X.509 Standard | |

|S/MIME (Secure Multipurpose Internet Mail|Adds secure services to messages in MIME |Provides authentication through digital |

|Extensions) |format |signatures |

| |Follows Public Key Cryptography Standards |Application layer protocol |

| |(PKCS) | |

| |Uses X.509 Signatures | |

|MONDEX system |Smart cash card application | |

| |Proprietary encryption algorithm | |

| |Card is same as cash | |

|IOTP is Internet open trading protocol. |Aimed at consumer to business transaction | |

| |Flexible and future focused | |

|SET |Visa and Mastercard developed in 1997 |Internet transaction and Authentication |

| |Encrypts the payment information |of sender and receiver |

| |DES – Symmetric Encryption |Application layer protocol |

| |RSA Public Key – signatures and key | |

| |distribution | |

| |Taken over by SSL | |

|SSH 2 |Remote access via encrypted tunnel |Host and user authentication, data |

| |Client to server authentication |compression, data confidentiality and |

| |Comprised of: |integrity |

| |Transport Layer protocol |Key exchange and encryption |

| |User Authentication protocol |RSA & Triple DES accordingly. |

| |Connection Protocol | |

| | |Heavily used for internet transaction. |

| | | |

| | |Operates in Transport layer. |

|IPSEC |IPSec adds per-packet authentication, |Provides encryption, access control, and|

| |payload verification, and encryption |non-repudiation over IP. |

|S/WAN – Secure WAN – defines IPSec based |mechanisms to traditional IP. |Operates in Network Layer |

|widespread use of VPNs on the internet |Two Main Protocols are | |

| |Authentication Header |ESP: provides authenticity, integrity |

| |Encapsulating Security Payload |and confidentiality. |

| |Can operate with single protocol ( with or|Authentication Header – integrity, |

| |without encryption – confidentiality) |authentication and non-repudiation |

| |Security Association is required between | |

| |two parties – one way connection - | |

| |Comprised of Security Parameter Index – | |

| |(SPI) – 32 bit identifier | |

| |Bi-directional communication requires two | |

| |Security Associations | |

| |In VPN implementation IPSec can operate in| |

| |transport or tunnel mode | |

| |Transport mode – data encrypted, header | |

| |not | |

| |Tunnel mode – data and original IP header | |

| |encrypted, new header is added | |

| |New header has address of VPN gateway | |

| |MD5 and SHA are used for integrity | |

| |Security Associations can be combined into| |

| |bundles using either | |

| |Transport Adjacency | |

| |Iterated Tunneling | |

| |IKE – Internet Key Exchange is used for | |

| |key management with IPSEC | |

| |IKE is set of three protocols | |

| |Internet Security and Key Management | |

| |Protocol (ISAKMP) –phases for establishing| |

| |relationship | |

| |Secure Key Exchange Mechanism – SKEME – | |

| |secure exchange mechanism | |

| |Oakley – modes of operation needed to | |

| |establish secure connection | |

Kerberos

Authentication Server: Knows all the passwords of the user and stores in a centralized database. It also shares a unique secret key with each server, which is pre-distributed in some manner.

Minimize the number of time the user has to enter a password & requirement multiple tickets for every different service:

Plaintext transmission of the password: TGS is introduced. TGS issues tickets to users who have been authenticated to AS. Hence user requires TGT from AS, then using that TGS grants a service granting ticket. Ticket can be used b the client to request multiple service-granting ticket. TGT is reusable. To counter the replay attack, timestamp is included as to till when the ticket is valid. : this satisfies both the problem above.

Capturing the TGT and the service granting ticket and using it before it expires within the time frame:

AS to provide a secret piece of information in a secure manner for both the user and the client. : referred as session key in kerberos.

Service / server needing to authenticate to the client so that the user is sure of the correct server / service he is looking for: for mutual authentication is required the server can reply as shown in message. The server returns the value of the timestamp from the authenticator incremented by 1, and encrypted in the session key.

Set of servers with a kerberos are reffered to realm and there needs to certification with cross realms.

Kerberos 5 came up with avoiding environmental short comings and technical deficiencies

1. encryption system dependence: allowing same key to be used in different algorithm and different variation on a given algorithm

2. IP dependence is not there.

3. ticket life time is flexible

4. authentication forwarding: client to access a server and have that service access another server on behalf of the client

5. interrealm authentication reduced relationships;

Double encryption is removed; explicit integrity and not PCBC , standard CBC

Session key; sub session key to prevent replay

Password attack: cant prevent but system of pre-authentication thus making password attacks ore difficult.

Includes nonce – random value to be repeated in message to assure that the response is fresh and has not been replayed by an opponent.

1. The basic Kerberos 5 protocol defines the syntax and semantics for authentication, secure messaging, limited syntax and semantics for authorization, and the application of various cryptographic algorithms within those elements.

2. Kerberos is often described as an “application-layer” protocol.

3. Kerberos is used very effectively at all layers of the network, as well as in middleware. Kerberos is used for authentication and key management in a virtual Private network (VPN).

4. Organizational models:

Autocracy : All control flows from a central authority.

Anarchy : All authority flows from individuals.

5. In Kerberos, the entities that authenticate with one another are referred to as ‘Principals’, as in ‘principals to a transaction”.

6. Kerberos credentials are refered to as ‘tickets’ (pg 401 vol 1). A ticket is a part of a cryptographically sealed credential issued by the KDC to a client. (Pg 410 vol1)

7. The KDC logically consists of a set of services and a database that contains information about principals. In Kerberos that collective is referred to as a “realm”. Principals in different realms can interact using ‘cross-realm’ (sometimes referred to as ‘inter-realm’)

8. In Kerberos, the trusted third party is known as the Key Distribution Center (KDC). In public key systems, the trusted third party is referred to as a Certificate Authority (CA)

9. In typical operation, a cryptovariable is inserted prior to encrypting a message and the same key is used for some period of time. This period of time is known as ‘cryptoperiod’. For reasons having to do with cryptanalysis, the key should be changed on a regular basis.

10. The AS generates a random key, referred to as the ‘session key’

11. While we can formulate solutions to authentication, confidentiality, integrity and access control that are useful and that are independent of a broad range of applications, the same cannot be said of delegation and authorization.

12. The combined ability to provide both efficient and secure access to services, and the ability to serve as the basis for a collective security mechanism is one of Kerberos’s major strengths.

13. Replay Protection : Time-Stamps: Replay protection using timestamps is most suited to datagram ot transaction otrientd protocols and requires loosely synchronized clocks based on a secure time service and the use of a replay ‘cache’ by the receiver. A replay cache is simply a cache of messages previously seen by the receiver, or more likely, a hash of each of those messages. The receiver must check each received message against the replay cache to determine if the message is a replay. Time-stamps help to limit the size of the replay cache.

14. Challenge-Response: Replay protection using a challenge-response exchange is most suited to session-oriented protocols, such as TCP/IP. (Please refer Pg 422 Vol 1 there is a lot about it, that I didn’t understand. Read it and delete this)

15. Multiple security functions including authentication, authorization, access control, and key management – can be provided by or built from Kerberos. While the concept of aggregate enterprise security service is not native to Kerberos, the union of the two is very natural.

16. Security Services – Kerberos

Authentication : The Kerberos authentication protocol implicitly provides the cryptogphic material or session keys needed fir establishing a secure channel that continues to protect he principal’s conversation after authentication that occurred.

Secure Channels: A secure channel provides integrity and confidentiality services to communicating principals. Kerberos provides these services either directly through the use of Kerberos protocol messages, or indirectly by providing the cryptographic material needed by other protocols or applications to implement their own form of secure channel.

Integrity: Kerberos provides message integrity through the use of signed message checksums or one-way hashes using a choice of algorithms.

Confidentiality: Kerberos provides message confidentiality by encrypting messages using a choice of encryption algorithm.

Access Control: Kerberos does not directly provide access control for persistent data, such as disk files. However, the Kerberos protocol provides for the inclusion and protection of authorization information needed by applications and operating systems in making access control decisions

Authorization: An authorization service provides information that is used to make access control decisions. Common mechanisms used to represent authorization information include access control lists (ACLs) and capabilities. An ACL based system uses access control lists to make access decisions. Capability based systems require the encapsulation of authorization information in a tamper-proof package that is bound to an identity.

17. Non-repudiation: Kerberos does not offer the arbitration services that are requited for the complete implementation of such a service (non-repudiation).

18. Availability: Distributed security systems generally do not offer availability services.

So Kerberos can give Authentication, Secure Channel, Integrity, Confidentiality, Access Control and Authorization, but does not provide non-repudiation and availability.

19. Additional layer is built in now namely ticket granting service. Ie. Now AS gives ticket to TGS which is called as TGT and TGS gives out sessions tickets to the users.

Kerberos related technologies

n OSF DCE – open software foundation, distributed computing environment uses kerberos 5 as the underlying security mechanism.

n GSS-API- generic security service applications programming interface (GSS-API).

n Sengo : simple and protected GSS-API negotiation mechanism

n SSPI Microsoft Security service provider interface

n SSL – Secure socket layer.

n SASL – simple authentication and security layer (SASL)

n IPSEC – key management by kerberos

n Radius- to surrogate radius clients – integrated with kerberos

n Common data security architecture, token cards etc., where kerberos can be implemented.

Wireless Security

WAP – Wireless Application Protocol

Designed for mobile devices (PDA, Phones)

Set of protocols covering layers 7 to 3 of the OSI model

Less overhead than TCP/IP

n Wireless Markup language (WML)

n Wireless Application Environment (WAE)

n Wireless Session Protocol (WSP)

n Wireless Transport Security Protocol (WTLS)

n Wireless Datagram Protocol (WDP)

For security WAP uses Wireless Transport Security Protocol (WTLS)

Three classes of security

n Class 1 – Anonymous Authentication

n Class 2- Sever Authentication

n Class 3 – Two way client and server authentication

Authentication and Authorisation can be performed through smart cards/tokens

Security vulnerability of WAP

n WAP GAP – where WTLS is decrypted and re-encrypted to SSL at the WAP gateway

C-HTML is competing with WML from Japan

C-HTML is stripped down HTML, C-HTML can be displayed on standard browser

Mobile PKI – relates to the possible time lapse between the expiration of a public key and the reissue of the certificates to them.

IEEE – 802.11 Standards

Active mode (can transmit and receive) and power save mode (does not enable the user to transmit or receive)

n Interface between clients and base station

n 802.11 Layers

n The physical layer PHY can use:

DSSS - Direct Sequence Spread Spectrum

FH – Frequency Hoping Spread Spectrum

IR – Infrared pulse modulation : more secure for data capturing since it requires line of sight path

n MAC Layer – Medium Access Control

Specifies CSMA/CA Carrier Sense Multiple Access Collision Avoidance

n Provides:

Data Transfer

Association

Re-association

Authentication - WEP

Privacy – WEP

Power Management

Notes to remember

Private key is 1000 or more times faster than public key

Time stamps can be used to prevent replay attacks.

One time pad is usually implemented as a stream cipher using XOR function

Security of cryptosystem should only depend on security of keys, not the algorithm.

Unix systems use a substitution cipher called ROT 13

Lightweight Directory Access Protocol (LDAP) appears to be the chosen method for distributing keys. Keep in mind that the server storing the certificates and the delivery of the certificates containing the keys do not have to be secure. The signature from the CA with the certificate vouches for the authenticity of the key pair. Availability and integrity are the main concerns of the LDAP server and if attacked by DOS, then CRL cannot be processed and thus permit the use of the revoked certificate for transactions.

Protecting the Private key of the CA & the software used for signing and the private key of users will be important. Users secure – by encrypted passphrase and / or smart cards with CPU and RAM and unlocked by the PIN when inserted in a card reader.

The Data Criticality Matrix is helpful in comprehending and prioritizing an organization’s information asset security categories. This matrix includes 5 security requirements. The widely used CIA requirements of Confidentiality, Integrity and Availability are supplemented with the two additional requirements: Non-repudiation and Time.

RSA Secure PC

This is just a hint. The object of encryption is always the individual file rather than the drive or the directory. When a file is initially encrypted, the system generates a 64-bit block cipher key to be used to encrypt the file. This file key is then encrypted using the public key of the system and is stored with the file.

Cryptography requirements

Secrecy requirements

▪ If ciphertext and plaintext are known, it should be computationally infeasible to determine the deciphering algorithm

▪ It should be computationally infeasible to systematically determine plaintext from intercepted ciphertext (Even if you decrypt ciphertext once, it should require the same amount of work to do it again.)

Note: “systematically” allows for a lucky guess

Note: “Computationally infeasible” means great effort, doesn’t account for advances in computing, mathematics

Authentication requirements

▪ If ciphertext and plaintext are known, it should be computationally infeasible to determine the enciphering algorithm

▪ It should be computationally infeasible to find valid ciphertext (Even if you encrypt plaintext so that it can be decrypted once, it should require the same amount of work to do it again.)

Identify applications of cryptography

▪ Data Storage

Prevent disclosure

▪ Password files

▪ Backup tapes

▪ Bulk

▪ Telecommunications

Prevent disclosure

Data transmission

▪ STU

▪ Message authentication

Detect fraudulent insertion

Detect fraudulent deletion

Detect fraudulent modification

Detect replay

▪ Digital Signature

Source Verification

▪ Non-Repudiation

Uses

EFT systems

Protecting stored data

E-mail

Communication links

VPNs

E-Commerce (Secure WWW Connections)

SSL, S-HTTP

Digital Signatures

MD5, SHA

Encryption laws:

The Electronic Data Security Act states it’s goals as:

To enable the development of a key management infrastructure for public-key-based encryption and attendant encryption products that will assure that individuals and businesses can transmit and receive information electronically with confidence in the information's confidentiality, integrity, availability, and authenticity, and that will promote timely lawful government access.

IEEE P1363a, will cover additional public-key techniques

Standards Activities Involving ECC

IEEE, P1363 (public-key crypto)

Covers main public key techniques

RSA, ECC, El Gamal, Diffie-Hellman

ANSI X9

Elliptic Curve Digital Signature Algorithm (ECDSA) proposed work item

ANSI ASC X9

Elliptic curve key agreement & key management proposed work item

ISO/IEC CD 148883 “digital signatures with appendix”

Variety of digital signature mechanisms

ISO/IEC (International Electrotechnical Commission) is the joint technical committee developing the standards for information technology.

There is four type of modules: inline, offline, enbedded, stand-alone

Inline

• Front end configuration

• Module capable of accepting plaintext from source

o Performing crypto processing

o Passing processed data directly to communications equipment

o Without passing back to source

• May also decrypt reverse process

• Data cannot leave host without passing through module

• Comm equip in module or external to host

Offline

• Back end configuration

• Module capable of accepting data from source

o Performing crypto processing

o Passing processed data back to source

• Source responsible for storage and further transmission

o Maintaining separation between protected and unprotected data

• Ideal for local file encryption

• Comm boards may be internal to host

Embedded

• Module physically enclosed within and interfaces with computer

• Either inline or offline

• Less expensive

• Physical security (temper protection and detection) questionable

Standalone

• Module contained in own physical enclosure

• Outside host computer

• Either inline or offline

Describe the principle of key management

▪ Must be fully automated

▪ Key length should be long enough to provide the necessary level of protection

▪ Should be stored and transmitted by secure for key discipline and secrecy

▪ No key in clear outside of crypto device for secrecy and known plaintext attack resistance

▪ Choose keys randomly from entire key space to prevent pattern can be

exploited by attacker to reduce work

▪ Key encrypting keys must be separate from data keys : Nothing appearing in clear is encrypted with key-encrypting-key

▪ Keep KEK invulnerable to brute force attack

▪ Disguise all pattern in cleartext object before encryption Format, language, alphabet, public code to resist ciphertext only attacks

▪ Infrequently use keys with long life

▪ More key is used, more likely a successful attack and greater the consequences – shorter should be life time.

▪ Backed by escrow in case of emergencies.

▪ Lifetime should correspond with the sensitivity of data it is processing

▪ Emergency key recovery can be possible by multiparty control. Member from management, individual from auditing, IT department to require collusion for fraudulent activities to take place-key escrow.

Key Management Activities

n Key control

n Key recovery

n Key storage

n Key retirement/destruction

n Key Change

n Key Generation

n Key theft

n Frequency of key use

n Describe Bitstream Authentication

• Generate new MAC

• Compare with original

• Mac Algorithm qualities

• Sensitive to bit changes

• Creates MAC unable to be duplicated

In the mid-80's, NSA introduced a program called the Commercial COMSEC Endorsement Program, or CCEP: Commercial communications security endorsement program (

• NSA and industry relationship

• Combine government crypto knowledge with industry product-development expertise

• Type 1 or type 2 high-grade crypto products.

• Type 1 encrypt classified and SUI

o STU Secure telephone unit

• Type 2 encrypts SUI

o Authentication devices, transmission security devices, secure LAN’s

Cryptography is export-controlled for several reasons. Strong cryptography can be used for criminal purposes or even as a weapon of war. During wartime, the ability to intercept and decipher enemy communications is crucial. Hence protected.

Cryptography is just one of many technologies which is covered by the ITAR (International Traffic in Arms Regulations).

In the United States, government agencies consider strong encryption to be systems that use RSA with key sizes over 512-bits or symmetric algorithms (like DES, IDEA, or RC5) with key sizes over 40-bits. Since government encryption policy is heavily influenced by the agencies responsible for gathering domestic and international intelligence (the FBI and NSA, respectively) the government is compelled to balance the conflicting requirements of making strong cryptography available for commercial purposes while still making it possible for those agencies to break those codes, if need be. The US government does, however, allow 56-bit block ciphers to be exported for financial cryptography.

Cryptographic Protocols & Standards

Domain Name Server Security (DNSSEC)

1 Secure Distributed Name Services

Generic Security Services API (GSSAPI)

1 Provides generic authentication, key exchange & encryption interface for different systems & authentication methods

Secure Socket Layer (SSL)

1 Secure WWW connections

Secure Hypertext Transfer Protocol (SHTTP)

1 Secure WWW connections

2 More flexible than SSL, but not as widely used

E-mail security and related service

4 S/MIME (Secure MIME)

5 Secure Multipurpose Internet Mail Extensions

6 Specs for secure electronic messaging

7 Developed to fix interception & forgery of e-mail

8 Easily integrated into e-mail & messaging products

9 Provides privacy, data integrity, authentication

MSP (Message Security Protocol)

Offers confidentiality, authentication, non-repudiation, return-receipt, signature

Public Key Cryptography Standards (PKCS)

Provides an agreed upon format for Public Key Cryptography

Extension to PEM

SSH2 Protocol

Used to secure terminal sessions, developed by IETF

Provides 3 components

Transport Layer Protocol

server authentication, confidentiality, and integrity

User Authentication Protocol

authenticates the client to the server

Connection Protocol: multiplexes encrypted tunnel into several logical channels

multiplexes encrypted tunnel into several logical channels

X.509

1) Framework for the provision of authentication services by the X.500 directory to its users.

2) Directory is a repository of public key certificates

3) Certificate contains the public key of user and is signed by private key of trusted certification authority

4) X.509 defines alternative authentication protocols as well.

5) Certificate structure and authentication protocols defined hence very important and used in variety of content Ex; SSL, SET., SMIME etc.,

6) Based on public key cryptography and digital signatures and the recommended algorithm is RSA.

7) Certificate issues is associated with each user. Certificate contains, version, serial number, signature algorithm identifier, issue name, period of validity, subject name, subject’s public key information, issuer unique identifier, subject unique identifier, extensions & signature.

8) Cross certificate between CAs

9) Suggest that Cas be arranged in a hierarchy so that navigation is straightforward.

10) Forward certificates: certificates of X generated by other CAs

11) Reverse certificates: certificates generated by X that are the certificates of other Cas

12) Revocation of certificates and that must be maintained as CRL

Authentication

One way authentication: initiating entity is authenticated, message is from A, and is for B & integrity and originality is assured.

Two way authentication: all three plus the reverse is also done.

Three way authentication: Final message from A to B is included, which contains the signed copy of the Nonce.

X.509 version 3: all that are needed for recent design and implementation is not available which were added up to include key and policy information, certificate and issuer identification and certificate path constraints.

Cracking of Symmetric and Asymmetric – History

DES Cracker

▪ In 1998, the DES message was cracked in 39 days.

▪ In July 1998 EFF(Electronic Freedom Foundation) announced that it had easily won the RSA

Security ‘DES challenge II’, taking less than 3 days to recover the original message.

▪ In January 1999, EFF announced in collaboration with , it had won the RSA

Security ‘DES Challenge III’), taking 22 hours to recover the plain-text.

▪ In 1977, Whitfield Diffie and Martin Hellman proposed the construction of DES-cracking

machine that could crack 56-bit DES keys in 20 hours.

▪ In 1994, Micheal Weiner proposed a design built from existing technology which could crack 56-

bit DES in under 4 hours for a cost of US $1 million

▪ Contests held in 1997 and 1998 to crack DES-encrypted messages, were won by distributed

computing efforts.

RSA-155 (512bit) factorization:

n In August 1999 factorization of 155-digit (512 bit) RSA Challenge Number was completed in around five to seven months without dedicating hardware.

n RSA-140 was solved in 9 weeks.

n In summer 1999, Adi Shamir presented a design for the Weizmann Institute Key Locating Engine (TWINKLE) cost: US $5000, provides processing equivalent to 100 to 1000 PCs. This device is targeted at 512-bit RSA keys.

n In January 1997, it was announced that a Berkeley student using the idle time on a network of 250 computers was able to break the RSA challenge message, encrypted using a 40-bit key, in three and one-half hours.

Data/Session: This is often negotiated using standard protocols or sent in a protected manner using secret public and private keys.

Key Encrypting Split keys

Strength Comparison:

Moore’s law: Processing speeds seem to double (or costs halved) every 18 months.

MIPS year (M.Y) is the number of instructions a million-instruction-per-second can execute in one year. One M.Y is approximately

10 13.5 instructions. Based on exhaustive key search, a triple-DES (112-bit) key is approximately equal to a 1792-bit RSA key (i.e., key modulus) and a 1024-bit RSA key is approximately equal to a 160-bit ECC key.

|EC Key Size |RSA Key Size |MIPs Year |

|160 |1,024 |1012 |

|320 |5,120 |1036 |

|600 |21,000 |1079 |

|1,200 |120,000 |10168 |

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download