1 CHAPTER 6 CRYPTOGRAPHY. 2 An Overview of Cryptography and Some of its Algorithms Crypto, origins in Greek word ‘kruptos’ means hidden Crypto, origins.

1

CHAPTER 6CHAPTER 6

CRYPTOGRAPHYCRYPTOGRAPHY

2

An Overview of Cryptography An Overview of Cryptography and Some of its Algorithmsand Some of its Algorithms

Crypto, origins in Greek word ‘kruptos’ means Crypto, origins in Greek word ‘kruptos’ means hiddenhidden

Objective of cryptography to hide information & Objective of cryptography to hide information & only intended recipient(s) can unhide itonly intended recipient(s) can unhide it

Encryption Encryption hide, decryption hide, decryption unhide unhide Cipher is used to accomplish the encryption & Cipher is used to accomplish the encryption &

decryptiondecryption Merriam Webster’s Collegiate Dictionary defines Merriam Webster’s Collegiate Dictionary defines

cipher as a method of transforming text in order to cipher as a method of transforming text in order to conceal its meaningconceal its meaning

3

Cryptography ProcessCryptography Process

Sender

Plaintext

Encryption Ciphertext Decryption

Plaintext

Receiver

4

HistoryHistory

Julius Caesar has his own cryptography Julius Caesar has his own cryptography called Caesar’s Cipher, where rotated the called Caesar’s Cipher, where rotated the letters of the alphabet to the right by threeletters of the alphabet to the right by three

ROT13 (rotate 13) similar to Caesar’s ROT13 (rotate 13) similar to Caesar’s Cipher and still in use todayCipher and still in use today

V GUVAX JVAQBJF FHPXFV GUVAX JVAQBJF FHPXF

5

Encryption Key TypesEncryption Key Types

Symmetric and AsymmetricSymmetric and Asymmetric SymmetricSymmetric

– The longest and single key that used for both The longest and single key that used for both encryption and decryption of the ciphertext, also called encryption and decryption of the ciphertext, also called as secret keyas secret key

– Using a key because the algorithms are well knownUsing a key because the algorithms are well known

– Problems:Problems:» How to confirm sender & receiver have the same keyHow to confirm sender & receiver have the same key

» Have to used another protected transportation mechanismHave to used another protected transportation mechanism

6

Encryption Key TypesEncryption Key Types

AsymmetricAsymmetric– Use two different keys, encryption & Use two different keys, encryption &

decryption, also known as public key & private decryption, also known as public key & private keykey

– Public key cryptography was first publicly Public key cryptography was first publicly released in 1976 as a method of exchanging released in 1976 as a method of exchanging keys in a secret systemkeys in a secret system

7

Symmetric AlgorithmsSymmetric Algorithms

DES (Data Encryption Standard)DES (Data Encryption Standard)– Encryption standard for US government since 1976Encryption standard for US government since 1976– IBM first developed it with name Lucifer in 1974IBM first developed it with name Lucifer in 1974– Block cipher, works on block of dataBlock cipher, works on block of data– 64 bits length, but use only 56 bits called active key64 bits length, but use only 56 bits called active key– The other 8 bits used for parityThe other 8 bits used for parity– Use two different techniques; substitution (confusion) and Use two different techniques; substitution (confusion) and

transposition (diffusion), for 16 rounds in order to create the transposition (diffusion), for 16 rounds in order to create the cipher textcipher text

– During each round data is XOR’ed (Exclusive OR’ed) with a During each round data is XOR’ed (Exclusive OR’ed) with a subkey & then result is run through eight S-Boxes subkey & then result is run through eight S-Boxes (substitution boxes, for security) and then through a P-Box (substitution boxes, for security) and then through a P-Box (permutation box)(permutation box)

8

Symmetric AlgorithmsSymmetric Algorithms

DES (Data Encryption Standard)DES (Data Encryption Standard)– Has reaffirmed as the encryption standard for Has reaffirmed as the encryption standard for

the U.S Government every five years since the U.S Government every five years since 19761976

– Over 20 years oldOver 20 years old– Several variations, 3DES and DESXSeveral variations, 3DES and DESX– 3DES, uses multiple keys and DESX uses 64 3DES, uses multiple keys and DESX uses 64

bits additional keybits additional key– Replace with AES (Advance Encryption Replace with AES (Advance Encryption

Standard)Standard)

9

Symmetric AlgorithmsSymmetric Algorithms

IDEA (International Data Encryption IDEA (International Data Encryption Algorithm)Algorithm)– It operates on a 64 bits plaintext block and uses It operates on a 64 bits plaintext block and uses

a 128 bits keya 128 bits key– It uses a total of eight rounds in which it It uses a total of eight rounds in which it

XOR’s, adds and multiplies four sub-blocks XOR’s, adds and multiplies four sub-blocks with each other, as well as six 16-bit sub-blocks with each other, as well as six 16-bit sub-blocks of key materialof key material

10

Asymmetric AlgorithmAsymmetric Algorithm

Diffie-HellmanDiffie-Hellman– It uses a key pair that is mathematically related so that It uses a key pair that is mathematically related so that

one key (public) is used to encode a message and the one key (public) is used to encode a message and the other key (private) is used to decode the messageother key (private) is used to decode the message

– The public key is very difficult to derive the The public key is very difficult to derive the corresponding private key, if the keys are of sufficient corresponding private key, if the keys are of sufficient length. The strength is based on the discrete logarithm length. The strength is based on the discrete logarithm problem (easy to perform forwards, very difficult to problem (easy to perform forwards, very difficult to perform backwards)perform backwards)

– DH is commonly called a key exchanged mechanism as DH is commonly called a key exchanged mechanism as it is used to exchange a secret key over an insecure it is used to exchange a secret key over an insecure medium, such as the Internetmedium, such as the Internet

11

Asymmetric AlgorithmAsymmetric Algorithm

RSARSA– The algorithm is used for both encryption and The algorithm is used for both encryption and

authentication and is widely used authentication and is widely used – It is used in a variety of system including TLS It is used in a variety of system including TLS

(Transport Layer Security) and IPSec (IP (Transport Layer Security) and IPSec (IP Security)Security)

12

Problem With CryptographyProblem With Cryptography

Secret StorageSecret Storage– Secret storage consists of storing the secret somewhere Secret storage consists of storing the secret somewhere

that can easily be attackedthat can easily be attacked – In this case, it doesn’t matter if 3DES is used, as long In this case, it doesn’t matter if 3DES is used, as long

as the key is stored somewhere where it can be attackedas the key is stored somewhere where it can be attacked Universal SecretUniversal Secret

– A universal secret is where products containing A universal secret is where products containing cryptography are allowed to talk to each other without cryptography are allowed to talk to each other without to exchange authenticated session keysto exchange authenticated session keys

– When this occurs, then it is only a matter of time until When this occurs, then it is only a matter of time until the crypto in the product gets brokenthe crypto in the product gets broken

– For example, the cryptography in DVDFor example, the cryptography in DVD

13

Problem With CryptographyProblem With Cryptography

Entropy And CryptographyEntropy And Cryptography– Entropy is defined as a process of degradation Entropy is defined as a process of degradation

or running down or a trend to disorderor running down or a trend to disorder – Both of these applications use strong Both of these applications use strong

cryptographic algorithms, but rely on cryptographic algorithms, but rely on passwords or passphrases of the end userpasswords or passphrases of the end user

– The password/passphrase selected can be The password/passphrase selected can be directly related to the strength of the bits used directly related to the strength of the bits used in a crypto keyin a crypto key

14

Brute ForceBrute Force

Brute force is a description of a primitive Brute force is a description of a primitive programming style, one in which programmer programming style, one in which programmer relies on the computer’s processing power instead relies on the computer’s processing power instead of using his or her own intelligence to simplify the of using his or her own intelligence to simplify the problem, often ignoring problems of scale an problem, often ignoring problems of scale an applying naïve methods suited to small problems applying naïve methods suited to small problems directly to large onesdirectly to large ones

Brute force programs are written in a Brute force programs are written in a heavyhanded, tedious way, and full of repetition heavyhanded, tedious way, and full of repetition and devoid of any elegance or useful abstractionand devoid of any elegance or useful abstraction

15

Brute ForceBrute Force

The canonical example of a brute force The canonical example of a brute force algorithm is associated with the ‘traveling algorithm is associated with the ‘traveling salesman problem’ (TSP), a classical NP-salesman problem’ (TSP), a classical NP-hard problemhard problem

The brute force method is to simply The brute force method is to simply generate all possible routes and compare generate all possible routes and compare distancesdistances

16

Brute ForceBrute Force

L0phtCrackL0phtCrack – L0phtcrack is a Windows NT password auditing tool L0phtcrack is a Windows NT password auditing tool

from the L0pht that came onto the scene in 1997from the L0pht that came onto the scene in 1997– It provides several different mechanisms for retrieving It provides several different mechanisms for retrieving

the passwords from the hashesthe passwords from the hashes CrackCrack

– Crack is a password-guessing program for UNIX Crack is a password-guessing program for UNIX systemssystems

– It runs only on UNIX systems and is for the most part, It runs only on UNIX systems and is for the most part, a dictionary-based programa dictionary-based program

– Crack7 is a brute force password cracker that can be Crack7 is a brute force password cracker that can be used if your dictionary-based attack failsused if your dictionary-based attack fails

17

Brute ForceBrute Force

CrackCrack– The most interesting of this combination is that crack can The most interesting of this combination is that crack can

test for common variants that people use, which think they test for common variants that people use, which think they are picking more secure passwordsare picking more secure passwords

John The RipperJohn The Ripper– John the Ripper is also primarily a UNIX password-John the Ripper is also primarily a UNIX password-

cracking program, but it differs from crack because it can cracking program, but it differs from crack because it can be run on not only UNIX systems, but also DOS and be run on not only UNIX systems, but also DOS and Windows NT/9xWindows NT/9x

– It also does an option to break Windows NT LM (LanMan) It also does an option to break Windows NT LM (LanMan) hasheshashes

– It supports brute force attacks, but it calls it It supports brute force attacks, but it calls it incremental incremental modemode

18

Brute ForceBrute Force

Distributed.netDistributed.net– Distributed.net is dedicated to the advancement of Distributed.net is dedicated to the advancement of

distributed computingdistributed computing– Distributed computing is harnessing the unused CPU Distributed computing is harnessing the unused CPU

cycles of computers all over the world in order to work on cycles of computers all over the world in order to work on a specific task problema specific task problem

– Distributed.net has concentrated their efforts on breaking Distributed.net has concentrated their efforts on breaking cryptographic algorithms by using computers around the cryptographic algorithms by using computers around the world to tackle a portion of the problemworld to tackle a portion of the problem

– Currently, distributed.net is working on the RC5-64 Currently, distributed.net is working on the RC5-64 projectproject

– This effort has been underway, at the time of this writing This effort has been underway, at the time of this writing for, 988 daysfor, 988 days

19

Brute ForceBrute Force

Deep CrackDeep Crack– Deep crack consists of six cabinets that house Deep crack consists of six cabinets that house

29 circuit boards29 circuit boards– Each circuit board contains 64 custom search Each circuit board contains 64 custom search

microchips that were develop by AWTmicrochips that were develop by AWT

20

Real CryptanalysisReal Cryptanalysis

Differential CryptanalysisDifferential Cryptanalysis– Eli Biham and Adi Shamir wrote a paper titled “Differential Eli Biham and Adi Shamir wrote a paper titled “Differential

Cryptanalysis of DES-like CryptosystemsCryptanalysis of DES-like Cryptosystems””– With DES, sometimes that the difference between two With DES, sometimes that the difference between two

plaintext strings sometimes appears as a similar difference plaintext strings sometimes appears as a similar difference in the two ciphertextsin the two ciphertexts

– The goal of any cryptographic attack: from the ciphertext is The goal of any cryptographic attack: from the ciphertext is to get the keyto get the key

– The problem is, with most decent crypto systems there are a The problem is, with most decent crypto systems there are a lot of keys to try. It is depend on the length of the key and lot of keys to try. It is depend on the length of the key and how well it was chosenhow well it was chosen

– Differential cryptanalysis wasn’t significantly better than Differential cryptanalysis wasn’t significantly better than brute force for regular DESbrute force for regular DES

21

Real CryptanalysisReal Cryptanalysis

Side-Channel AttacksSide-Channel Attacks– A side-channel attack is an attack against a particular A side-channel attack is an attack against a particular

implementation of the crypto algorithm, not the implementation of the crypto algorithm, not the algorithmalgorithm

– Bruce Schneier describes an attack against some sort of Bruce Schneier describes an attack against some sort of password authentication systempassword authentication system

– Normally, all one gets back is go or no goNormally, all one gets back is go or no go– Another powerful type of side-channel attacks is fault Another powerful type of side-channel attacks is fault

analysis. This is the practice of intentionally causing analysis. This is the practice of intentionally causing faults to occur in a device in order to see what effect it faults to occur in a device in order to see what effect it has on the processing and analyzing outputhas on the processing and analyzing output

22

End Of Chapter 6End Of Chapter 6