Dr. Bhavani Thuraisingham

Cyber Security

Lecture for July 9, 2010

Cryptography

13-204/19/23 12:28

Outline

0 Definition of Cryptography

0 Important concepts

- Symmetric and Asymmetric, Hash, Digital Signature etc.

0 Steganography and Digital watermarking

0 Algorithms

0 Attacks

13-304/19/23 12:28

Definitions

0 Cryptography

- Mathematical manipulation of information that prevents the information being disclosed or altered

0 Cryptanalysis

- Defeating the protected mechanisms of cryptography

0 Cryptology

- Study of Cryptography and Cryptanalysis

13-404/19/23 12:28

Goals of Cryptography

0 Confidentiality

0 Integrity

0 Authenticity

0 Non-repudiation

0 Access Control

0 Make compromise difficult

13-504/19/23 12:28

Process

0 Input (also called Plaintext or Clear Text)

0 Cryptosystem (device that performs encryption/decryption)

0 Cryptographic Algorithms (Mathematical functions)

0 Output (Cipher text or Cryptogram)

0 Key (Crypto variable)

13-604/19/23 12:28

Key Clustering

0 In cryptography, key clustering is said to occur when two different keys generate the same ciphertextfrom the same plaintext, using the same cipher algorithm. A good cipher algorithm, using different keys on the same plaintext, should generate a different ciphertext, irrespective of the key length.

0 If an 'attacker' tries to break a cipher by brute-force (trying all possible keys until it finds the correct key) then key clustering will result in an easier attack on a particular cipher text. If there are N possible keys with out any key clustering then the attacker will on average need to try N/2 keys to decrypt it and a worst case of trying all N keys. If there are two keys that are clustered then the average number of keys to try is reduced to N/4 (worst case is N-1 keys). If three keys cluster than average attempt is only N/6 attempts.

13-704/19/23 12:28

Symmetric Key Cryptography

0 Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption.

0 The encryption key is trivially related to the decryption key, in that they may be identical or there is a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link.

0 The disadvantage of symmetric cryptography is that it presumes two parties have agreed on a key and been able to exchange that key in a secure manner prior to communication. This is a significant challenge. Symmetric algorithms are usually mixed with public key algorithms to obtain a blend of security and speed.

13-804/19/23 12:28

Public Key Cryptography

0 Public-key cryptography is a cryptographic approach which involves the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms.

0 Unlike symmetric key algorithms, it does not require a secure initial exchange of one or more secret keys to both sender and receiver.

0 The asymmetric key algorithms are used to create a mathematically related key pair: a secret private key and a published public key. Use of these keys allows protection of the authenticity of a message by creating a digital signature of a message using the private key, which can be verified using the public key.

0 It also allows protection of the confidentiality and integrity of a message, by public key encryption, encrypting the message using the public key, which can only be decrypted using the private key.

13-904/19/23 12:28

Public Key Cryptography

0 Public key cryptography is a fundamental and widely used technology around the world. It is the approach which is employed by many cryptographic algorithms and cryptosystems. It underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP, and GPG.

0 Uses asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly derived from the public key.

13-1004/19/23 12:28

Initialization Vector

0 In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher to be executed in any of several modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to go through a (usually lengthy) re-keying process.

0 The size of the IV depends on the encryption algorithm and on the cryptographic protocol in use and is normally as large as the block size of the cipher or as large as the encryption key.

0 The IV must be known to the recipient of the encrypted information to be able to decrypt it.

13-1104/19/23 12:28

Initialization Vector

0 This can be ensured in a number of ways: by transmitting the IV along with the cipher text, by agreeing on it beforehand during the key exchange or the handshake, by calculating it (usually incrementally), or by measuring such parameters as current time (used in hardware authentication tokens such as RSA SecurID) IDs such as sender's and/or recipient's address or ID, file ID, the packet, sector or cluster number, etc.

0 A number of variables can be combined or hashed together, depending on the protocol. If the IV is chosen at random, the cryptographer must take into consideration the probability of collisions, and if an incremental IV is used as a nonce, the algorithm's resistance to related-IV attacks must also be considered.

0 Nonce – number used once

13-1204/19/23 12:28

Block Cipher

0 In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext. The exact transformation is controlled using a second input — the secret key. Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of ciphertext together with the secret key, and yields the original 128-bit block of plaintext.

0 To encrypt messages longer than the block size (128 bits in the above example), a mode of operation is used.

13-1304/19/23 12:28

Block Cipher

0 Block ciphers can be contrasted with stream ciphers; a stream cipher operates on individual digits one at a time, and the transformation varies during the encryption.

0 The distinction between the two types is not always clear-cut: a block cipher, when used in certain modes of operation, acts effectively as a stream cipher.

0 An early and highly influential block cipher design was the Data Encryption Standard (DES), developed at IBM and published as a standard in 1977. A successor to DES, the Advanced Encryption Standard (AES), was adopted in 2001.

13-1404/19/23 12:28

Stream Cipher

0 In cryptography, a stream cipher is a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream (, (keystreams) typically by an exclusive-or (XOR) operation.

0 In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption. An alternative name is a state cipher, as the encryption of each digit is dependent on the current state.

0 In practice, the digits are typically single bits or bytes.

13-1504/19/23 12:28

Stream Cipher

0 Stream ciphers represent a different approach to symmetric encryption from block ciphers.

0 Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut: in some modes of operation, a block cipher primitive is used in such a way that it acts effectively as a stream cipher.

0 Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly: see stream cipher attacks — in particular, the same starting state must never be used twice.

13-1604/19/23 12:28

Digital Signature

0 A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.

0 Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures.[In some countries, including the United States, India, and members of the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here, leaving the legal definition, and so their importance, somewhat confused.

13-1704/19/23 12:28

Digital Signature

0 Digital signatures employ a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective.

0 Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol.

13-1804/19/23 12:28

Work Factor

0 Work Factor is defined as the amount of effort (usually measured in units of time) needed to break a cryptosystem.

0 The Work Factor of a cryptosystem is related to its key-length and the working mechanism used (encryption and decryption algorithms). For example, if the brute force attack method is used to break the system (trying all possible combinations of the key), then the work factor is directly proportional to the length of the key. For every addition of one bit to the key length, the time needed (work factor) is doubled.

13-1904/19/23 12:28

Hash Function

0 A hash function is any well-defined procedure or mathematical function that converts a large, possibly variable-sized amount of data into a small datum, usually a single integer that may serve as an index to an array. The values returned by a hash function are called hash values, hash codes, hash sums, checksums or simply hashes.

0 A hash function may map two or more keys to the same hash value. In many applications, it is desirable to minimize the occurrence of such collisions, which means that the hash function must map the keys to the hash values as evenly as possible.

13-2004/19/23 12:28

Checksum

0 A checksum or hash sum is a fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage.

0 The integrity of the data can be checked at any later time by recomputing the checksum and comparing it with the stored one. If the checksums do not match, the data was almost certainly altered (either intentionally or unintentionally).

0 The procedure that yields the checksum from the data is called a checksum function or checksum algorithm. A good checksum algorithm will yield a different result with high probability when the data is accidentally corrupted; if the checksums match, the data is very likely to be free of accidental errors.

13-2104/19/23 12:28

Substitution Ciphers

0 In cryptography, a substitution cipher is a method of encryption by which units of plaintext are replaced with cipher text according to a regular system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution.

0 Substitution ciphers can be compared with transposition ciphers. In a transposition cipher, the units of the plaintext are rearranged in a different and usually quite complex order, but the units themselves are left unchanged. By contrast, in a substitution cipher, the units of the plaintext are retained in the same sequence in the ciphertext, but the units themselves are altered.

13-2204/19/23 12:28

Substitution Ciphers

0 There are a number of different types of substitution cipher. If the cipher operates on single letters, it is termed a simple substitution cipher; a cipher that operates on larger groups of letters is termed polygraphic. A monoalphabetic cipher uses fixed substitution over the entire message, whereas a polyalphabetic cipher uses a number of substitutions at different times in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice-versa.

0 Substitution over a single letter—simple substitution—can be demonstrated by writing out the alphabet in some order to represent the substitution. This is termed a substitution alphabet. The cipher alphabet may be shifted or reversed (e.g., Caesar ) or scrambled in a more complex fashion, in which case it is called a mixed alphabet.

13-2304/19/23 12:28

Message Authentication Codes

0 In cryptography, a message authentication code (often MAC) is a short piece of information used to authenticate a message.

0 A MAC algorithm, sometimes called a keyed (cryptographic) hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.

13-2404/19/23 12:28

Key Management

0 Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

0 Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling; key scheduling typically refers to the internal handling of key material within the operation of a cipher.

0 Successful key management is critical to the security of a cryptosystem. In practice it is arguably the most difficult aspect of cryptography because it involves system policy, user training, organizational and departmental interactions, and coordination between all of these elements.

13-2504/19/23 12:28

Certificate Authority

0 In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.

0 Commercial CAs charge to issue certificates that will automatically be trusted by most web browsers (Mozilla maintains a list of at least 36 trusted root CAs, though multiple commercial CAs or their resellers may share the same trusted root ).

0 The number of web browsers and other devices and applications that trust a particular certificate authority is referred to as ubiquity.

0 Aside from commercial CAs, some providers issue digital certificates to the public at no cost. Large institutions or government entities may have their own CAs.

13-2604/19/23 12:28

Certificate Authority

0 Certificate-based encryption is a system in which a certificate authority uses ID-based cryptography to produce a certificate. This system gives the users both implicit and explicit certification, the certificate can be used as a conventional certificate (for signatures, etc.), but also implicitly for the purpose of encryption.

0 A user Alice can doubly encrypt a message using another user's (Bob) public key and his (Bob's) identity.

0 This means that the user (Bob) cannot decrypt it without a currently valid certificate and also that the certificate authority cannot decrypt the message as they don't have the user's private key (i.e., there is no implicit escrow as with ID-based cryptography, as the double encryption means they cannot decrypt it solely with the information they have).

13-2704/19/23 12:28

Public Key Infrastructure

0 Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates]. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.

0 The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA

13-2804/19/23 12:28

Web of Trust

0 An alternative approach to the problem of public authentication of public key information is the web of trust scheme, which uses self-signed certificates and third party attestations of those certificates. The singular term Web of Trust does not imply the existence of a single web of trust, or common point of trust, but rather any number of potentially disjoint "webs of trust". Examples of implementations of this approach are PGP (Pretty Good Privacy)

0 Because PGP and implementations allow the use of e-mail digital signatures for self-publication of public key information, it is relatively easy to implement one's own Web of Trust. One of the benefits of the Web of Trust, such as in PGP, is that it can interoperate with a PKI CA fully-trusted by all parties in a domain (such as an internal CA in a company) that is willing to guarantee certificates, as a trusted introducer.

13-2904/19/23 12:28

Steganography

0 Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

0 Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter.

0 The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves.

0 Cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.

13-3004/19/23 12:28

Steganography

0 Steganography includes the concealment of information within computer files.

0 In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol.

0 Media files are ideal for steganographic transmission because of their large size.

0 As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.

13-3104/19/23 12:28

Digital Watermarking

0 Digital watermarking is the process of embedding information into a digital signal in a way that is difficult to remove. The signal may be audio, pictures or video, for example. If the signal is copied, then the information is also carried in the copy. A signal may carry several different watermarks at the same time.

0 In visible watermarking, the information is visible in the picture or video. Typically, the information is text or a logo which identifies the owner of the media. The image on the right has a visible watermark. When a television broadcaster adds its logo to the corner of transmitted video, this is also a visible watermark.

0 In invisible watermarking, information is added as digital data to audio, picture or video, but it cannot be perceived as such (although it may be possible to detect that some amount of information is hidden).

13-3204/19/23 12:28

Digital Watermarking

0 The watermark may be intended for widespread use and is thus made easy to retrieve or it may be a form of Steganography, where a party communicates a secret message embedded in the digital signal. In either case, as in visible watermarking, the objective is to attach ownership or other descriptive information to the signal in a way that is difficult to remove. It is also possible to use hidden embedded information as a means of covert communication between individuals.

0 One application of watermarking is in copyright protection systems, which are intended to prevent or deter unauthorized copying of digital media. In this use a copy device retrieves the watermark from the signal before making a copy; the device makes a decision to copy or not depending on the contents of the watermark. Another application is in source tracing. A watermark is embedded into a digital signal at each point of distribution. If a copy of the work is found later, then the watermark can be retrieved from the copy and

13-3304/19/23 12:28

Algorithms

0 Block Modes

- Electronic Code Block

- Cipher Block Chaining

0 Stream Modes

- Cipher Feed Back

- Output Feed Back

- Counter

13-3404/19/23 12:28

Attacks

0 Brute Force

0 Birthday

0 Dictionary

0 Known Plaintext

0 Chosen Plaintext

0 Cipher text Only

0 Chosen Cipher text