Cryptography CSPrinciples II February 12, 2013. Needs for Privacy What are some specific needs for privacy when using the internet?

Cryptography

CSPrinciples IIFebruary 12, 2013

Needs for Privacy

What are some specific needs for privacy when using the internet?

Information Security for… Defending against external/internal hackers Defending against industrial espionage Securing E-commerce Securing bank accounts/electronic transfers Securing intellectual property Avoiding liability Pervasiveness of email/networks Online storage of sensitive information Insecure technologies (e.g. wireless) Trend towards paperless society Weak legal protection of email privacy

Sharing secrets activity

Find out the average age of each person in your group without anyone telling their age

History 50 B.C. Julius Caesar uses cryptographic

technique 400 A.D. Kama Sutra in India mentions

cryptographic techniques 1250 British monk Roger Bacon

describes simple ciphers 1466 Leon Alberti develops a cipher

disk 1861 Union forces use a cipher during

Civil War

5

History 1914 World War I – British, French, and

German forces use encryptiontechnology

1917 William Friedman, Father of U.S. encryption efforts starts a school for teaching cryptanalysis in Illinois

1917 AT&T employee Gilbert Vernaminvents polyalphabetic cipher

1919 Germans develop the Engima machinefor encryption

6

History 1937 Japanese design the Purple

machine for encryption 1942 Navajo windtalkers help with secure

communication during World War II 1948 Claude Shannon develops statistical

methods for encryption/decryption 1976 IBM develops DES 1976 Diffie – Hellman develop public key /

private key cryptography 1977 Rivest – Shamir – Adleman develop the

RSA algorithm for public key / private key

7

Enigma

Enigma video

Enigma simulator

Basic Terminologies

Cryptography deals with creating documents that can be shared secretly over public communication channels

Cryptographic documents are decrypted with the key associated with encryption, with the knowledge of the encryptor

The word cryptography comes from the Greek words: Krypto (secret) and graphein (write)

Cryptanalysis deals with finding the encryption key without the knowledge of the encryptor

Cryptology deals with cryptography and cryptanalysis Cryptosystems are computer systems used to

encrypt data for secure transmission and storage

9

Basic Terminologies

Plaintext is text that is in readable form Ciphertext results from plaintext by applying

the encryption key Notations:

M message, C ciphertext, E encryption, D decryption, k key

E(M) = C E(M, k) = C

Fact: D(C) = M, D(C, k) = M

10

Types of Secret Writing

Secret writing

Steganography Cryptography

Substitution Transposition

Code

Cipher

Basic Terminologies

Steganography is the method of hiding secret messages in an ordinary document

Steganography does not use encryption Steganography does not increase file size for

hidden messages Example: select the bit patterns in pixel

colors to hide the message

12

Steganography

Steganography – covered writing – is an art of hiding information

Popular contemporary steganographic technologies hide information in images

New York Times, August 3rd, 2001http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg

Hiding information in pictures

Image in which to hide another image

Image to hide within the other image

http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading/

Basic Terminologies

Keys are rules used in algorithms to convert a document into a secret document

Keys are of two types: Symmetric Asymmetric

A key is symmetric if the same key is used both for encryption and decryption

A key is asymmetric if different keys are used for encryption and decryption

15

Substitution Cipher

What does this mean? MOGGD YOIRN LIOU

Is this easier? JCRRA OCTFK ITCU

HAPPY MARDI GRAS

Caesar Cipher

A substitution cipher where each plaintext letters is replaced by some letter a fixed number spaces down in the alphabet

ROT13

Network data encryption / decryption using ROT13 algorithm Rotates characters by 13 places

‘A’ ‘N’, ‘M’ ‘Z’, ‘a’ ‘n’, ‘m’ ‘z’ Encryption Example:

‘Hello World’ encrypts to ‘Uryyb Jbeyq’ Decryption Example:

‘Uryyb Jbeyq’ decrypts to ‘Hello World’

Implementing ROT13

Consider the following four cases IF (ch >= ‘A’) && (ch <= ‘M’)

Rotate “Right” ch by 13 characters IF (ch >= ‘N’) && (ch <= ‘Z’)

Rotate “Left” ch by 13 characters IF (ch >= ‘a’) && (ch <= ‘m’)

Rotate “Right” ch by 13 characters IF (ch >= ‘n’) && (ch <= ‘z’)

Rotate “Left” ch by 13 characters

Public Key Cryptography

Simon Singh videos

Public Key Cryptography

Private (symmetric, secret) key – the same key used for encryption/decryption

Problem of key distribution Public (asymmetric) key cryptography – a

public key used for encryption and private key for decryption

Key distribution problem solved Very popular technique:

Large Prime Numbers

Transmitting over an insecure channelAlice wants to send Bob a private message.

Apublic is Alice’s public key.

Aprivate is Alice’s private key.

Bpublic is Bob’s public key.

Bprivate is Bob’s private key.

Netprog: Cryptgraphy 22

Netprog: Cryptgraphy 23

Hello Bob,Wanna get together?

AliceAlice BobBob

encrypt using Bpublic decrypt using Bprivate

OK Alice,where do we meet?

Netprog: Cryptgraphy 24

AliceAlice BobBob

decrypt using Aprivate encrypt using Apublic

Bob’s Dilemma

• Nobody can read the message from Alice, but anyone could produce it.

• How does Bob know that the message was really sent from Alice?

• Bob may be comforted to know that only Alice can read his reply.

Netprog: Cryptgraphy 25

Alice can sign her message!

• Alice can create a digital signature and prove she sent the message (or someone with knowledge of her private key).

• The signature can be a message digest encrypted with Aprivate.

Netprog: Cryptgraphy 26

Digital Certificates Issued by trusted third parties known as

Certificate Authorities (CAs) Verisign is a trusted third party Used to authenticate an individual or an

organization Digital Certificates are usually given for a

period of one year They can be revoked It is given at various security levels. Higher

the security level, the CA verifies the authenticity of the certificate seeker more.

27

Digital Certificates

Digital Certificates are part of the authentication mechanism. The other part is Digital Signature.

When a user uses the digital signature, the user starts with their private key and encrypts the message and sends it. The receiver uses the sender’s public key and decrypts the message

In traditional encryption, the sender uses the public key of the receiver and encrypts the message and sends it and the receiver decrypts the message with their private key

28

Authentication and Digital Signatures

• Preventing impostor attacks• Preventing content tampering• Preventing timing modification• Preventing repudiation

By:• Encryption itself• Cryptographic checksum and hash

functions

Potential Problems with Cryptographic Technologies?

False sense of security if badly implemented

Government regulation of cryptographic technologies/export restrictions

Encryption prohibited in some countries