“it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.” Bruce Schneier.

“it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.”

Bruce Schneier

CryptologyCryptology

Jason SamsonRyan BranderShawn Greencorn

November 9,2000CS 465 Presentation

Outline

• What is cyrptology?• History behind cryptology.• Security Threats.• Define convention and public key encryption and compare the uses of both methods.• Discuss encryption management.• Indicate approaches to incorporating encryption in a network.• Discuss applications of encryption to network security.• Digital Signatures.

What is Cryptology?• the discipline of cryptography and cryptanalysis combined.

Cryptography: encoding of messages into an unintelligible form that can be reversed by mathematical computation.

• concerned with 2 aspects: 1. privacy of communication2. authenticity of communication

• based on problems that are difficult to solve.

• ENCRYPTION: fundamental tool at the heart of virtually all secure mechanisms.

What is Cryptology? (2)

Cryptanalysis: the art of breaking or solving code without the key.a.k.a. HACKER

• requires study, experience, perseverance, imagination, and LUCK!

History• Ancient Greeks 1. Spartans (wound belt around stick)

2. Caesar (replaced letters with letters 3 places over)

• Gabriel Lavinde (1379) - published first manual on cryptography

• Cardinal Richelieu (1600’s) - invented the “grille”

• Sir Charles Wheatson (1867) - British Scientist - invented the Wheatson Cipher Device

• Etienne Bazaries (1891) - French Cryptologist - invented the Cylindrical Cipher Device

Security Threats

• Active Attack:- modification of data- eg. unauthorized access of computer systems

• Passive Attack:- eavesdropping, monitoring transmissions- eg. e-mail, file transfers, client/server exchange

Methods of Encryption

1. Symmetric (Conventional Encryption)- cryptosystem where encryption/decryption is performed using the same key

2. Assymmetric (Public Key)- cryptosystem where encryption/decryption is performed using 2 keys (public key and private key)

Conventional Encryption

5 step scheme

1. Plaintext: original message2. Encryption Algorithm: substitutions/transformation3. Secret Key: shared by sender/recipient4. Ciphertext:scrambled text5. Decryption Algorithm: #2 reversed, produces #1

** see F3.pdf

Conventional Encryption (2)

Approaches for Attacking:

• Cryptanalysis: - exploits characteristics of algorithm attempting to deduce plaintext or key used. - EFFECT: all past/future messages using same key are jeopardized.

• Brute Force: - trial & error - try all possible keys until ciphertext is decrypted. - avg of 1/2 keys must be tried.

Conventional Encryption (3)

Average Time Required for Exhaustive Key SearchKey Size Number of Time Required at Time Required at

(bits) Alternative Keys 1 Decryption per us 10^6 Decryption per us32 2 3̂2 35.8 mins 2.15 milliseconds56 2 5̂6 1142 years 10 hours

128 2 1̂28 5.4*10 2̂4 years 5.4*10 1̂8 years168 2 1̂68 5.9*10 3̂6 years 5.9*10 3̂0 years

Conventional Encryption (4)DES (Data Encryption Standard) - 1977

- algorithm is referred to as DEA

Data Encryption Algorithm - 2 inputs1. Plaintext (64 bits)2. Key (56 bits)

downfall: potentially vulnerable to brute force attack

- July 1998 - EEF (Electronic Frontier Foundation) broke DES using special “DES Cracker” machine - < $250k - 3 days (attack)

- decreasing cost of hardware & inc speed made DES worthless

Conventional Encryption (5)Alternative to DEA: TDEA (Triple Data Encryption Algorithm)

attractions - 1. 3 distinct keys (168 bits) 2. Algorithm is the same as DEA

downfall - sluggish - won’t last long term

Alternative to TDEA:AES (Advanced Encryption Standard)

- began search in 1997- must have >= of TDEA

more effiecient than TDEA support 128,192,256 bit keys

- finalized by Summer 2001

Public Key• First proposed in 1976.

• First revolutionary advance in encryption in literally 1000’s of years.

• Based on mathematic functions rather than simple ops on bit patterns.

• Involves 2 separate keys: Public - for others to use Private - known only to owner

• Advantages in areas of:- confidentiality- key distribution- authentication

Public Key (2)

5 step scheme

1. Plaintext: original message2. Encryption Algorithm: transformation3. Public/Private Keys: if one key is used for encryption, the other

key is used for decryption4. Ciphertext:scrambled text5. Decryption Algorithm: accepts ciphertext & matching key to

produce plaintext

** see F5.pdf

Encryption Management•Looks at two issues

1. Where in the communication process encryption Should be carried out.2. The issues of Key Distribution.

• A information network has many locations where security Threats may occur.

•Encryption is one way to counter these threats

• Need to decide what to encrypt• Where encryption should be located

Two Alternative’s

•Link encryption• each vulnerable communication link is equipped with an encryption device.•This makes communication links secure.

•End To End Encryption

•The process is carried out at both the sender and the receiver ends.

Advantages & Disadvantages Link Encryption:

Advantage• Number of Encryption devices is much smaller than the number of sender-reciever pairs that use such a network.

Disadvantage• Part of the message must be decripted each time it enters the packet switch.• Vunerable at each switch.

Advantages/Disadvantages

End-To-End Encrption:

Advantage• Unultered Across The Network To The Destination Terminal or Host.

Disadvantage• User’s data is secure but the traffic pattern is not.

Key Distribution• For conventional encryption to work, two parties must have thethe same key and that key must be protected• There are four ways to accomplish this:

1. Physical delivery2. Third party selection and physical delivery3. If a party has a current key, transmit the new key encrypted with the old key4. Third party selects a key, encrypts it, then transmits it to the party

Option four leads to KDC (Key Distribution Center)

Key Distribution Center

• Two approaches:• One time session key - Used only for the duration of theof that session. At the conclusion of the session the key is destroyed• Permanent key - A permanent key is a key used between entities for the purpose of distributing session keys

Show figure

Digital Signatures

What is Digital Signature?

•An authentication mechanism that enables the creator of a message to attach a code that acts as a signature.

• The recipient of the message knows the message is from the sender.

How Does Digital Signature Work?

There are two process:

Digital Signature Creation: • The singner uses a “hash result” derived from, and unique to, both the signed message and a given private key.

Digital Signature Verification:• The Reciever references the original message and a given public Key.

Advantages/Disadvantages of Digital Signatures

Advantages:• More reliable authentication of messages.• Decreases the risk of Hackers.• Decreases the risk of tampering and forgery.

Disadvantages:• Institutional Overhead - High cost to get started.• Subscriber and Relying party costs.