Cryptography Yiwei Wu. Outline Why have cryptography History Modern cryptography – Private key – Public key Pretty Good Privacy Conclusion Reference.

Cryptography

Yiwei Wu

Outline

• Why have cryptography• History• Modern cryptography– Private key– Public key

• Pretty Good Privacy• Conclusion• Reference

Why Have Cryptography [1]

• In the most abstract sense, we can describe a distributed system as a collection of clients and servers communicating by exchange of messages.

• Authentication of principals and messages is the major issue in secure distributed systems.

Why Have Cryptography [3,4]• Security Requirements– Confidentiality

• Protection from disclosure to unauthorised persons– Integrity

• Maintaining data consistency– Authentication

• Assurance of identity of person or originator of data– Availability

• Legitimate users have access when they need it– Access control

• Unauthorised users are kept out

History [2, 3,4]• Earliest recorded us around 1900BC in Egypt• Atbash cipher (Old Testament, reversed Hebrew alphabet,• 600BC)• Around 100BC Julius Caesar used substitution cipher

– letter = letter + 3 => ‘fish’ -> ‘ilvk’• Cipher Machines

– most notable Enigma machine in WWII• Block Ciphers

– Originated with early 1970’s IBM effort to develop banking security systems

– 1970’s - Dr. Horst Feistal invented DES• RSA 1977

– Rivest-Shamir-Adelman

Modern cryptography [4]

• Private key cryptography– Problem of communicating a large message in

secret is reduced to communicating a small key in secret

Private key cryptography [1]

• Encryption algorithm E turns plain text message M into a cipher text C– C = E(M)

• Decrypt C by using decryption algorithm D which is an inverse function of E– M = D(C)

Private key cryptography [1]

• Confidentiality kept by keeping algorithms secret.

• Not practical over distributed systems – too many algorithms.

• Solution is to decompose algorithm– Function - public– Key – private

Private key cryptography [1]

• Encryption algorithm with secret key Ke• Decryption key Kd– M=Dkd(Eke(M))

• The function must have the properties that different messages with the same key and a same message with different keys will result in distinct cipher text.

• It is easy to compute the cipher text from the plaintext but difficult the other way.

Private key cryptography [4]

• DES – developed by IBM, 1977– Key size = 56 bits– Brute force = 255 attempts– The plaintext is broken down into 64 bit blocks

• DES was designed for efficiency in early-70’s hardware. • Made it easy to build pipelined brute-force breakers in

late-90’s hardware• EFF (US non-profit organization) broke DES in 2½ days• AES– Advanced Encryption Standard, replacement for DES

Private key cryptography [4]

• Hash Functions– Creates a unique “fingerprint” for a message– Hash has to be protected in some way

Private key cryptography [4]

• Message authentication codes (MACs) – secret key is used to authenticate the hash value

Public key cryptography [4]

• A significant disadvantage of symmetric ciphers is the key management necessary to use them securely.

• Uses matched public/private key pairs• Anyone can encrypt with the public key, only one

person can decrypt with the private key

Public key cryptography [1, 2]• Each principal keeps a set of encryption keys (Ke

& Kd)• Encryption algorithm E is public and so is the key

Ke• Decryption algorithm D and decryption key Kd is

kept private• Data sent to a principal is encrypted using that

corresponding Ke• E and D can be made public if Ke and Kd are

chosen such that it is impossible to infer Kd from Ke.

Public key cryptography [1, 2]

• RSA (Rivest-Shamir-Adelman), 1977– The algorithms E and D are inverses– Plain text messages are limited to a size is limited

to k bits• Integer k is chosen such that 2k < N

– N =p * q where p & q are LARGE prime numbers– Kp (public encyrption key) and Ks (private

decryption key) are derived from p & q– Relies on computational complexity in factoring

large numbers upon which keys are placed.

Public key cryptography [4]

• public-key cryptography can be used to implement digital signature schemes

digital signature [4]• Signature checking:

Public key cryptography [4]

• DH (Diffie-Hellman), 1976– Key exchange algorithm– the discrete logarithm problem

• Elgamal– DH variant, one algorithm for encryption, one for

signatures– Attractive as a non-patented alternative to RSA

(before the RSA patent expired)

Pretty Good Privacy (PGP) [7]

• PGP encryption uses public-key cryptography and includes a system which binds the public keys to a user name and/or an e-mail address.

Pretty Good Privacy (PGP) [5,6,8]

• Early history– Phil Zimmermann created the first version of PGP

encryption in 1991.– PGP very rapidly acquired a considerable following around

the world.– RSA complains to Phil that PGP violates their PK patents .– USG decides that they don't like PRZ because the NSA

can't tap all those internet mail messages anymore.– Zimmermann was criminally investigated by the Customs

Service and the FBI for several years.– Investigation was dropped in January 1996 with no

charges laid.

PGP [8]

• How PGP encryption works

PGP [8]

• How PGP decryption works

Conclusion

• Private Key DES is computationally efficient• Public Key RSA is computationally expensive• Possible best use is RSA for short/important

data and DES for long or less critical• One or more security mechanisms are

combined to provide a security service

Reference1. Chow, Randy; Johnson, Theodore; “Distributed Operating

Systems & Algorithms”, 19982. Aiden A. Bruen and Mario A. Forcinito, “Cryptography,

Information Theory, and Error-Correction a Handbook for the 21st Century”, John Wiley & Sons, Inc. (2005) ISBN 0-471-65317-9.

3. Coron, J.-S., “What is cryptography?” Security & Privacy, IEEEVolume 4, Issue 1, Jan.-Feb. 2006 Page(s):70 - 73

4. http://www.cs.auckland.ac.nz/~pgut001/tutorial/, Oct. 20085. http://en.wikipedia.org/wiki/Cryptography, Oct. 20086. http://www.cypherspace.org/adam/timeline, Oct. 20087. http://en.wikipedia.org/wiki/Pretty_Good_Privacy, Oct. 20088. http://www.pgpi.org/doc/pgpintro/, Oct. 2008

Q & A