Top Banner
Encryption & Cryptography Encryption & Cryptography (Chapter 11) Practicum: Dell Computer Corporation (Planning Materiality and Tolerable Misstatement)
42
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Lecture Notes (9 - Nov)

Encryption & Cryptography

Encryption & Cryptography (Chapter 11)

Practicum: Dell Computer Corporation(Planning Materiality and Tolerable Misstatement)

Page 2: Lecture Notes (9 - Nov)

Goal of Encryption

To reasonable ensure the Confidentiality Integrity and Authenticity

Of electronic storage and transmission of data System components:

Encryption Hashing Digital Signatures

Page 3: Lecture Notes (9 - Nov)

Uses of Encryption The most obvious application of a public key encryption system is

confidentiality a message which a sender encrypts using the recipient's public key can only be decrypted by the recipient's paired private key

Public-key digital signature algorithms can be used for sender authentication

For instance, a user can encrypt a message with his own private key and send it

If another user can successfully decrypt it using the corresponding public key, this provides assurance that the first user (and no other) sent it

These characteristics are useful for many other applications digital cash, password-authenticated key agreement, multi-party key agreement

Page 4: Lecture Notes (9 - Nov)

Types of Encryption Public key cryptography is a form of cryptography which generally allows users to

communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically.

The term asymmetric key cryptography is a synonym for public key cryptography. In public key cryptography, the private key is generally kept secret, while the public key

may be widely distributed. In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key.

There are many forms of public key cryptography, including: public key encryption — keeping a message secret from anyone that does not possess a

specific private key. public key digital signature — allowing anyone to verify that a message was created

with a specific private key. key agreement — generally, allowing two parties that may not initially share a secret key

to agree on one. Typically, public key techniques are much more computationally intensive than purely

symmetric algorithms, but the judicious use of these techniques enables a wide variety of applications.

Page 5: Lecture Notes (9 - Nov)

Applying the Keys

Page 6: Lecture Notes (9 - Nov)

Public Key Encryption

Page 7: Lecture Notes (9 - Nov)

Technical Character of Encryption

Page 8: Lecture Notes (9 - Nov)

Privacy: Single Key Encryption

Encryption: scramble a message rendering it readable only to the intended recipient

Single-key encryption: Sender supplies a "key" to encrypt the message Receiver uses the same key to decrypt it. At least

that's how it works e.g., Federal Data Encryption Standard (DES) Not usable over insecure channels (if you have a

secure channel for exchanging keys, why do you need cryptography in the first place?)

Page 9: Lecture Notes (9 - Nov)

Public Key Encryption

Two related complementary keys a publicly revealed key and a secret key (called a private key) Each key unlocks the code that the other key

makes.

Anyone can use a recipient's public key to encrypt a message to that person

That recipient uses her own corresponding secret key to decrypt that message

Page 10: Lecture Notes (9 - Nov)

Digital Signature

Sender's secret key can be used to encrypt a message, thereby "signing" it.

This creates a digital signature which the recipient can check by using the sender's

public key to decrypt it. Proving that the sender was the true originator of the

message Proving that the message has not been subsequently

altered by anyone else Forgery of a signed message is infeasible The sender cannot later disavow his signature.

These two processes can be combined

Page 11: Lecture Notes (9 - Nov)

Asymmetric or Public Key Encryption

Page 12: Lecture Notes (9 - Nov)

A postal analogy, symmetric key system

Imagine two people, Alice and Bob, sending a secret message through the public mail. In this example, Alice has the secret message and wants to send it to Bob, after which Bob sends a secret reply.

With a symmetric key system, Alice first puts the secret message in a box, and then locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice's key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and reads the message. Bob can then use the same padlock to send his secret reply.

Page 13: Lecture Notes (9 - Nov)

A postal analogy, asymmetric key system

In an asymmetric key system, Bob and Alice have separate padlocks. First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alice's open padlock to lock the box before sending it back to her.

The critical advantage in an asymmetric key system is that Bob and Alice never need send a copy of their keys to each other. This substantially reduces the chance that a third party (perhaps, in the example, a corrupt postal worker) will copy a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob.

In addition, if Bob were to be careless and allow someone else to copy his key, Alice's messages to Bob will be compromised, but Alice's messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.

Page 14: Lecture Notes (9 - Nov)

An Example: Alice and BobThe Postal Analogy

Page 15: Lecture Notes (9 - Nov)

Alice & Others

Page 16: Lecture Notes (9 - Nov)

Diffie-Hellman EncryptionHow it Works

I explain the Diffie-Hellman key exchange because it is the simplest symmetric key cipher protocol that uses the multiplicative group of integers modulo p, where p is prime and g is primitive mod p

Modulo (or mod) simply means that the integers between 1 and p − 1 are used with normal multiplication, exponentiation and division, except that after each operation the result keeps only the remainder after dividing by p

Here is an example of the protocol: Alice and Bob agree to use a prime number p=23 and base g=5. Alice chooses a secret integer a=6, then sends Bob (ga mod p)

56 mod 23 = 8. Bob chooses a secret integer b=15, then sends Alice (gb mod p)

515 mod 23 = 19. Alice computes (gb mod p)a mod p

196 mod 23 = 2. Bob computes (ga mod p)b mod p

815 mod 23 = 2

Both Alice and Bob have arrived at the same value, because gab and gba are equal. Note that only a, b, gab and gba are kept secret

Page 17: Lecture Notes (9 - Nov)

PGP (Pretty Good Privacy)

What is PGP? Pretty Good Privacy (PGP) is strong encryption software that

enables you to protect your email and files by scrambling them so others cannot read them.

It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.

PGP was first released in 1991 as a DOS program that earned a reputation for being difficult.

In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.

http://www.pgp.com/

Page 18: Lecture Notes (9 - Nov)

PGP Flowchart

Page 19: Lecture Notes (9 - Nov)

How Does PGP Work?

When you install PGP, you will generate a pair of keys for yourself; a "public key" and a "private key". The private key is like a regular key. You will use it to unlock your messages. The public key is like a set of keyed-alike locks. You publish your public key (your lock) by sending it to a PGP key server on the Internet (PGP can do this for you). People who wish to send you private email use a copy of your lock to lock the message. You keep the (private) key to yourself, so that only you can open and read the messages.

Page 20: Lecture Notes (9 - Nov)

Digital Signatures

PGP also allows you to sign a message or a file, with or without locking (encrypting) it. Each digital signature is uniquely generated by PGP based on the contents of the message and the signer's private key.

The signature can be checked by anyone using the signer's public key. Since the signature is based partly on the contents of the message, if even one character of the message is changed, PGP will report that the signature is invalid. The signature is also based on the signer's private key, and the private key is held only by the signer, so recipients can be sure of exactly who signed the message.

The important thing to remember is that while handwritten signatures are supposedly unique per signer, digital signatures are unique per document and signer. Written signatures can be photocopied from document to document and still appear valid. Digital signatures fail verification when applied to another document.

Page 21: Lecture Notes (9 - Nov)

Auxiliary Techniques

Page 22: Lecture Notes (9 - Nov)

Hashing

Uses one way ‘hash-function’ (i.e., you can’t determine the original message from the MAC)

And a block of data called the ‘message digest’ When both

Electronic message, and Cryptographic key

Are processed through a one-way hash function The resulting block of data is called

a message authentication code (MAC) If it doesn’t match the message, discard the transmission

Two common one-way hash functions are: Message Digest 5 (MD-5) Secure Hash Algorithm 1 (SHA-1)

Page 23: Lecture Notes (9 - Nov)

Digital Signatures and Certificates

These provide verification to the receiver of a message That the message is authentic

With Public Key (Asymmetric) encryption, this is accomplished by applying keys in reverse.

Page 24: Lecture Notes (9 - Nov)

Administrative Character of Encryption

Page 25: Lecture Notes (9 - Nov)

Key Management

The ‘Lock’ is the encryption algorithm The key is its password Physical Keys used to be worn visibly around the neck

As a sign of authority (similar to employee badges today)

Newer Technology Badges and electronic keys Biometrics (M-28 fingerprint lock at right) Remote controls (Lexus keys)

These are part of the collection of investments and procedures that: Protect information stored on computers Protect Hardware and Software assets From theft or vandalism by 3rd parties

Page 26: Lecture Notes (9 - Nov)

History

The oldest known lock was found by archeologists in the Khorsabad palace ruins near Nineveh (Egypt) The lock estimated to be 4,000 years old, was a forerunner to a pin tumbler type of lock

used a large wooden bolt to secure a door, which had a slot with several holes in its upper surface.

The oldest forms of encryption involved letter replacement or Invisible ink Modern methods invoke mathematical algorithms that are

simple to state, but hard to compute

Page 27: Lecture Notes (9 - Nov)

Lock-picking became an art in the 18th century Code-breaking became an art in the 20th century

Locksmiths met the challenge of the burglar with increasingly complicated locking mechanisms

keys with changeable bits, "curtain closed-out" around keyholes to prevent tampering, alarm bells combined with the action of the bolt, and "puzzle" or ring padlocks

A similar ‘arms race’ was fomented by WWI and WWII As methods were created to break simple encryption codesWhere powerful computers like Colossus were invented and

dedicated to code-breaking

Page 28: Lecture Notes (9 - Nov)

‘Keys’ are just another Security Policy

A security policy establishes what must be done to protect information stored

on computers

Keys are physical manifestations of “Authorization” Issuance and control of keys are just part of the

authorization scheme.

Page 29: Lecture Notes (9 - Nov)

Effective security policy

An effective security policy also protects people. Anyone who makes decisions or takes action in a situation where

information is a risk incurs personal risk as well. A security policy allows people to take necessary actions without

fear of reprisal. Security policy compels the safeguarding of information,

while it eliminates, or at least reduces, personal liability for employees.

Page 30: Lecture Notes (9 - Nov)

Effective security policy

Security policy defines the organization’s attitude to Assets, and announces internally and externally which assets are mission

criticalWhich is to be protected from unauthorized access, vandalism and

destruction by 3rd parties Effective information security policies

Will turn staff into participants in the company’s security The process of developing these policies will help to define a

company’s assets

Page 31: Lecture Notes (9 - Nov)

Why Do You Need Security Policy?

A security policy should Protect people and information Set the rules for expected behavior by users, system

administrators, management, and security personnel Authorize security personnel to monitor, probe, and investigate Define and authorize the consequences of violation

Page 32: Lecture Notes (9 - Nov)

Who Will Use Your Policies? Count Your Audiences Your audience is of course all your company employees

This group can be divided into sub-categories: Management Technical Custodians End-Users

All users will fall into at least one category (end-user) and some will fall into two or even all three

The audience for the policy will determine what is included in each policy document.

Page 33: Lecture Notes (9 - Nov)

W h at?

How?

When?

Where?

Who

?

W h y ?

Policies will Answer Questions

Rudyard Kipling’s ‘six honest serving men’What, who, when, where, how & why?

What is the problem? Who is responsible for authorization? Where is the money? How will you apply the policy? Why did you have this security failure, and what will you do to

prevent it in the future?

Page 34: Lecture Notes (9 - Nov)

Linked keys Not all asymmetric key algorithms operate in precisely this fashion The most common have the property that Alice and Bob each own

two keys, one for encryption and one for decryption. In a secure asymmetric key encryption scheme,

the decryption key should not be deducible from the encryption key This is known as public-key encryption,

since the encryption key can be published without compromising the security of encrypted messages

Bob might publish instructions on how to make a lock ("public key"), But the lock is such that it is impossible (so far as is known) to deduce

from these instructions how to make a key which will open that lock ("private key")

Those wishing to send messages to Bob use the public key to encrypt the message; Bob uses his private key to decrypt it.

Page 35: Lecture Notes (9 - Nov)

Weaknesses

Of course, there is the possibility that someone could "pick" Bob's or Alice's lock.

There is no currently known asymmetric key algorithm which has been proven to be secure against a mathematical attack.

That is, it is not known to be impossible that some relation between the keys in a key pair, or a weakness in an algorithm's operation, might be found which would allow decryption without either key, or using only the encryption key.

The security of asymmetric key algorithms is based on estimates of how difficult the underlying mathematical problem is to solve. Such estimates have changed both with the decreasing cost of computer power, and with new mathematical discoveries.

Page 36: Lecture Notes (9 - Nov)

Weaknesses

Attacks based on careful measurements of the exact amount of time it takes known hardware to encrypt plain text have been used to simplify the search for likely decryption

keys

Thus, use of asymmetric key algorithms does not ensure security; it is an area of active research to discover and protect

against new and unexpected attacks.

Page 37: Lecture Notes (9 - Nov)

Weaknesses: 'Man in the middle' attack Another potential weakness in the process of using asymmetric keys is the

possibility of a 'Man in the middle' attack whereby the communication of public keys is intercepted by a third party and modified

to provide the third party's own public keys instead The encrypted response also must be intercepted, decrypted and re-encrypted using

the correct public key in all instances however to avoid suspicion, making this attack difficult to implement in practice

This form of attack is being addressed by the development of key distribution methods that can ensure sender authenticity and message integrity, even over insecure channels.

This attack is especially interesting when the attacker is the government: They potentially have the power to persuade a Certificate Authority to sign a bogus

public key Then the government can plug off the cable at Bob's ISP and insert their bogus web

server The function of this server is to present itself as Alice (validated by the certificate

obtained by coercion), log all messages and forward them to the "real" Alice web server

Page 38: Lecture Notes (9 - Nov)

Real time security

A public key is known to a large and possibly unknown set of users All security-related events requiring a public key to be

revoked or replaced can take a long time to complete

For this reason, systems that must be able to react to events in real time (safety-critical systems) should not apply public-key encryption without taking great

care

Page 39: Lecture Notes (9 - Nov)

Who can revoke a key?

Obviously, a malicious (or erroneously) revocation of some (or all!) of the keys in the system will most likely be a system-wide failure

It is impossible to arrange things so that this can not happen (if keys can be revoked at all)

Because the principal having authority to revoke keys is very powerful, the mechanisms used to control it should involve as many

participants as possible to guard against malicious attacks, while at the same time as few as possible to ensure that a key

can be revoked without delay

Page 40: Lecture Notes (9 - Nov)

How to distribute a new key

After a key has been revoked, a new key must be distributed in some pre-determined manner.

Assume that Carol's key has been revoked. Until a new key has been disseminated, Carol is effectively silenced. No one will be able to send her data without violating system security,

and data coming from her will be discarded for the same reason. Or, in other words, the part of the system controlled by Carol is

disconnected and so unavailable. The need for security was deemed higher than the need for availability in

this design. One could lump together the authority to create new keys (and

certify them) with the authority to revoke keys, but there is no need to do so. In fact, for reasons of security, this likely a bad idea.

Page 41: Lecture Notes (9 - Nov)

How to spread the revocation

The notification that a key has been revoked and should not be used again must be spread to all those that potentially hold the key, and as rapidly as possible.

There are two means of spreading information (e.g., a key revocation here) in a distributed system: either the information is pushed to users from a central point(s), or it is pulled from a central point(s) to end users.

Pushing the information is the simplest solution in that a message is sent to all participants. However, there is no way of knowing that all participants actually receive the message, and, pushing is not very securable nor very reliable.

The alternative to pushing is pulling. In this setup, all keys are included within a certificate that requires the one using them to verify that the key is valid.

Page 42: Lecture Notes (9 - Nov)

Recovery from a leaked key

If loss of secrecy and/or authenticity is a system-wide failure, a strategy for recovery must be in place.

This strategy will determine who has authority to revoke the key, how to spread the revocation, also how to deal with all messages encrypted with the key

since the leak is recognized This recovery procedure can be extremely

complicated, and while it is in progress the system might be very vulnerable to Denial of Service attacks