MatetiMateti 11

Cryptography in Cryptography in Internet SecurityInternet Security

Prabhaker MatetiPrabhaker Mateti

MatetiMateti 22

Computationally Computationally InfeasibleInfeasible certain computation that we are talking certain computation that we are talking

about takes way too long (hundreds of about takes way too long (hundreds of years)  to compute using the fastest of years)  to compute using the fastest of (super) computers.  (super) computers. 

128-bit numbers 128-bit numbers 340,282,366,920,938,463,463,374,607,340,282,366,920,938,463,463,374,607,431,768,211,456431,768,211,456

using 1,000,000,000 machines that using 1,000,000,000 machines that could try 1,000,000,000 keys/sec, it could try 1,000,000,000 keys/sec, it would take all these machines longer would take all these machines longer than the universe as we know it has than the universe as we know it has existed to find the key. existed to find the key.

MatetiMateti 33

Average time required Average time required for exhaustivefor exhaustive key key search search Key Size Key Size (bits)(bits)

Number of Number of Alternate KeysAlternate Keys

Time required at Time required at 101066 decryption/ decryption/ µsµs

3232 223232 = 4.3 x 10 = 4.3 x 1099 2.15 2.15 millisecondsmilliseconds

5656 225656 = 7.2 x = 7.2 x 10101616

10 hours10 hours

128128 22128 128 = 3.4 x = 3.4 x 10103838

5.4 x 105.4 x 101818 yearsyears

168168 22168 168 = 3.7 x = 3.7 x 10105050

5.9 5.9 xx 10 103030 yearsyears

MatetiMateti 44

Time to break a code (10Time to break a code (1066 decryptions/µs)decryptions/µs)

MatetiMateti 55

Turing-incomputable Turing-incomputable

Mathematical idea of impossible Mathematical idea of impossible computation based on Turing computation based on Turing machines.machines.

Not a paradox: Not a paradox: “This sentence is False.”“This sentence is False.”

MatetiMateti 66

Prime Factorization Prime Factorization

N = 2N = 2n2n2 * 3 * 3n3 n3 * 5* 5n5n5 * 7 * 7n7 n7 * ... * ... Any number can be written as a Any number can be written as a

product of factors, each of which product of factors, each of which is a power of a prime number.is a power of a prime number.

Given an N, how easy is it to find Given an N, how easy is it to find its prime factors (i.e., finding its its prime factors (i.e., finding its n2, n3, n5, n7, …)?n2, n3, n5, n7, …)?

MatetiMateti 77

The Three The Three Cryptography Cryptography DimensionsDimensions

1.1. The type of operations used for The type of operations used for transforming plaintext to transforming plaintext to ciphertextciphertext

2.2. The number of keys usedThe number of keys used1.1. symmetric (single key)symmetric (single key)

2.2. asymmetric (two-keys, or public-key asymmetric (two-keys, or public-key encryption)encryption)

3.3. The way in which the plaintext is The way in which the plaintext is processedprocessed

MatetiMateti 88

SymmetricKey SymmetricKey EncryptionEncryption Five ingredients:Five ingredients:

– Encryption algorithm, EAEncryption algorithm, EA– Decryption algorithm, DADecryption algorithm, DA– Secret Key, SKSecret Key, SK– Ciphertext = EA(SK, plaintext)Ciphertext = EA(SK, plaintext)– Plaintext = DA(SK, ciphertext)Plaintext = DA(SK, ciphertext)

Security depends on the secrecy Security depends on the secrecy of the key, not the secrecy of the of the key, not the secrecy of the algorithmalgorithm

MatetiMateti 99

Data Encryption Data Encryption Standard (DES)Standard (DES)

The key is 56-bits in lengthThe key is 56-bits in length Transforms the input into a 64-bit Transforms the input into a 64-bit

output output The most widely used The most widely used symmetric-key symmetric-key

encryption schemeencryption scheme The algorithm is called Data Encryption The algorithm is called Data Encryption

Algorithm (DEA)Algorithm (DEA) DES is a block cipher: The plaintext is DES is a block cipher: The plaintext is

processed in 64-bit blocksprocessed in 64-bit blocks Developed in 1975, ANSI X.3.92 in 1981Developed in 1975, ANSI X.3.92 in 1981

MatetiMateti 1010

Triple DEATriple DEA

C = EK3[DK2[EK1[P]]] Use three keys and three executions of Use three keys and three executions of

the DES algorithm (encrypt-decrypt-the DES algorithm (encrypt-decrypt-encrypt)encrypt)– C = ciphertextC = ciphertext– P = PlaintextP = Plaintext– EK[X] = encryption of X using key KEK[X] = encryption of X using key K– DK[Y] = decryption of Y using key KDK[Y] = decryption of Y using key K

Effective key length of 3*56 bitsEffective key length of 3*56 bits

MatetiMateti 1111

Triple DEATriple DEA

MatetiMateti 1212

IDEAIDEA

International Data Encryption International Data Encryption AlgorithmAlgorithm

128-bit key128-bit key Used in PGPUsed in PGP

MatetiMateti 1313

BlowfishBlowfish

symmetric block cipher symmetric block cipher drop-in replacement for DES or drop-in replacement for DES or

IDEA IDEA variable-length key, 32 to 448 bits variable-length key, 32 to 448 bits Easy to implementEasy to implement High execution speed High execution speed Run in less than 5K of memoryRun in less than 5K of memory

MatetiMateti 1414

RC5RC5

Suitable for hardware and softwareSuitable for hardware and software Fast, simpleFast, simple Adaptable to CPU of different word Adaptable to CPU of different word

lengthslengths Variable number of roundsVariable number of rounds Variable-length keyVariable-length key Low memory requirementLow memory requirement High securityHigh security Data-dependent rotationsData-dependent rotations

MatetiMateti 1515

Public-Key Public-Key CryptographyCryptography Public key, KUPublic key, KU Private (secret) key, KRPrivate (secret) key, KR KU and KR are mathematically KU and KR are mathematically

coupledcoupled x = encrypt(KU, y)x = encrypt(KU, y) y = decrypt(KR, x)y = decrypt(KR, x)

MatetiMateti 1616

Bob sends msg to AliceBob sends msg to Alice

MatetiMateti 1717

Bob Authenticates to Bob Authenticates to AliceAlice

MatetiMateti 1818

Applications for Public-Applications for Public-Key CryptosystemsKey Cryptosystems Encryption/decryption: The sender Encryption/decryption: The sender

encrypts a message with the encrypts a message with the recipient’s public key.recipient’s public key.

Digital signature: The sender ”signs” Digital signature: The sender ”signs” a message with its private key.a message with its private key.

Key exchange: Two sides cooperate Key exchange: Two sides cooperate two exchange a session key.two exchange a session key.

MatetiMateti 1919

Requirements for Requirements for Public-Key Public-Key CryptographyCryptography1.1. Computationally easy for a party Computationally easy for a party

B to generate a pair (public key B to generate a pair (public key KKUUbb, private key KR, private key KRbb))

2.2. Easy for sender to generate Easy for sender to generate ciphertext = encrypt(KUb, MSG) ciphertext = encrypt(KUb, MSG)

3.3. Easy for the receiver to decrypt:Easy for the receiver to decrypt:MSG = decrypt(KRb, ciphertext)MSG = decrypt(KRb, ciphertext)

MatetiMateti 2020

Requirements for Requirements for Public-Key Public-Key CryptographyCryptography4.4. Computationally infeasible to determineComputationally infeasible to determine

private key (KRprivate key (KRbb) knowing public key (KU) knowing public key (KUbb))

5.5. Computationally infeasible to recover Computationally infeasible to recover message M, knowing KUmessage M, knowing KUb b and ciphertext Cand ciphertext C

6.6. Either of the two keys can be used for Either of the two keys can be used for encryption, with the other used for encryption, with the other used for decryption:decryption:

MatetiMateti 2121

Public-Key Public-Key Cryptographic Cryptographic AlgorithmsAlgorithms RSARSA 1977 1977

– Ron Rives, Adi Shamir and Len AdlemanRon Rives, Adi Shamir and Len Adleman– RSA is a block cipherRSA is a block cipher– The most widely implementedThe most widely implemented

Diffie-HellmanDiffie-Hellman 1976 1976– Exchange a secret key securelyExchange a secret key securely– Compute discrete logarithmsCompute discrete logarithms

Public-key crypto is about 1000 times Public-key crypto is about 1000 times slower than symmetric key  cryptoslower than symmetric key  crypto..

MatetiMateti 2222

The RSA Key The RSA Key GenerationGeneration

1.1. Select Select p,qp,q pp and and qq both prime both prime

2.2. Calculate Calculate nn = = p p x x qq

3.3. Calculate Calculate

4.4. Select integer Select integer ee

5.5. Calculate Calculate dd

6.6. Public KeyPublic Key KU = {e,n}KU = {e,n}

7.7. Private keyPrivate key KR = {d,n}KR = {d,n}

)1)(1()( qpn)(1;1)),(gcd( neen

)(mod1 ned

MatetiMateti 2323

RSA Key GenerationRSA Key Generation

1.1. Find two primes, p and q. Find two primes, p and q. 2.2. Compute the product, Compute the product, n = p*qn = p*q

(called, the public modulus). (called, the public modulus). 3.3. Choose e (the public exponent), such Choose e (the public exponent), such

that (i) that (i) e < n,e < n, and (ii) e is relatively and (ii) e is relatively prime to prime to (p-1)*(q-1)(p-1)*(q-1). .

4.4. Compute d (the private exponent) Compute d (the private exponent) such that such that (e*d)  mod (p-1)*(q-1) = 1(e*d)  mod (p-1)*(q-1) = 1. .

5.5. Public key = (n, e)Public key = (n, e)6.6. Private key = (n, d)Private key = (n, d)

MatetiMateti 2424

RSA AlgorithmRSA Algorithm

The un-breakability of the algorithm The un-breakability of the algorithm is based on the fact that there isis based on the fact that there isno efficient way to factor very large no efficient way to factor very large numbers into their primesnumbers into their primes.  . 

If n is small, easy to compute e, d.If n is small, easy to compute e, d. Choose p and q to be as large as Choose p and q to be as large as

possible (more than a hundred digits possible (more than a hundred digits long)long)

Never reveal p and q.Never reveal p and q.

MatetiMateti 2525

Example of RSA Example of RSA AlgorithmAlgorithm

MatetiMateti 2626

The RSA EncryptionThe RSA Encryption

Consider the entire plaintext message as a sequence Consider the entire plaintext message as a sequence of bits.  of bits. 

Let b = length of p*q in bits.Let b = length of p*q in bits. Split the message into blocks of length b or b-1.  A Split the message into blocks of length b or b-1.  A

block viewed as a b-bit number should be less than n; block viewed as a b-bit number should be less than n; if it is not, choose it to be b-1 bits long.  if it is not, choose it to be b-1 bits long. 

Each block is separately encrypted, and the Each block is separately encrypted, and the encryption of the entire message is the catenation of encryption of the entire message is the catenation of the encryption of the blocks.  the encryption of the blocks. 

Let m stand for a block viewed as a number.  Multiply Let m stand for a block viewed as a number.  Multiply m with itself e times, and take the modulo n result as m with itself e times, and take the modulo n result as c, which is the encryption of m.  That is,   c, which is the encryption of m.  That is,  

c = m^e mod nc = m^e mod n.. Decryption is the "inverse" operation:  Decryption is the "inverse" operation: 

m = c^d mod n.m = c^d mod n.

MatetiMateti 2727

Diffie-Hellman Key Diffie-Hellman Key ExchangeExchange

MatetiMateti 2828

Other Public-Key Other Public-Key Cryptographic Cryptographic AlgorithmsAlgorithms

Digital Signature Standard (DSS)Digital Signature Standard (DSS)– Makes use of the SHA-1Makes use of the SHA-1– Not for encryption or key echangeNot for encryption or key echange

Elliptic-Curve Cryptography (ECC)Elliptic-Curve Cryptography (ECC)– Good for smaller bit sizeGood for smaller bit size– Low confidence level, compared with Low confidence level, compared with

RSARSA– Very complexVery complex

MatetiMateti 2929

Key DistributionKey Distribution

Session keySession key: Data encrypted with : Data encrypted with a one-time session key.At the a one-time session key.At the conclusion of the session the key conclusion of the session the key is destroyed.is destroyed.

Permanent keyPermanent key: Used between : Used between entities for the purpose of entities for the purpose of distributing session keys.distributing session keys.

MatetiMateti 3030

Key DistributionKey Distribution

A key could be selected by A and A key could be selected by A and physically delivered to B.physically delivered to B.

A third party could select the key A third party could select the key and physically deliver it to A and B.and physically deliver it to A and B.

If A and B have previously used a If A and B have previously used a key, one party could transmit the key, one party could transmit the new key to the other, encrypted new key to the other, encrypted using the old key.using the old key.

MatetiMateti 3131

Key DistributionKey Distribution

If A and B each have an If A and B each have an encrypted connection to a third encrypted connection to a third party C, C could deliver a key on party C, C could deliver a key on the encrypted links to A and B.the encrypted links to A and B.

MatetiMateti 3232

Secure Communication Secure Communication Using Public KeysUsing Public Keys public keys are rarely used to encrypt actual public keys are rarely used to encrypt actual

messages because public-key cryptography is messages because public-key cryptography is slow. slow.

public-key cryptography is used to distribute public-key cryptography is used to distribute symmetric keyssymmetric keys

Bob sends Alice his public key. Bob sends Alice his public key. Alice generates a random symmetric key (usually Alice generates a random symmetric key (usually

called a session key), encrypts it with Bob's public called a session key), encrypts it with Bob's public key, and sends it to Bob. key, and sends it to Bob.

Bob decrypts the session key with his private key. Bob decrypts the session key with his private key. Alice and Bob exchange messages using session Alice and Bob exchange messages using session

key as the symmetric key.key as the symmetric key.

MatetiMateti 3333

Key ManagementKey ManagementPublic-Key Certificate Public-Key Certificate UseUse

MatetiMateti 3434

One way hash One way hash functionsfunctions X is a block of data of any sizeX is a block of data of any size H produces a fixed length outputH produces a fixed length output The output length k considerably The output length k considerably

shorter than input.shorter than input. Obviously, there exist x, y, x != y, Obviously, there exist x, y, x != y,

such that H(x) = H(y).such that H(x) = H(y).

MatetiMateti 3535

A Good Hash function A Good Hash function H(x)H(x) H(x) is easy to compute for any H(x) is easy to compute for any

given x.given x. It is computationally infeasible to It is computationally infeasible to

find a pair (x, y) such that H(x) = find a pair (x, y) such that H(x) = H(y)H(y)

For a given h, it is For a given h, it is computationally infeasible to find computationally infeasible to find x such that H(x) = hx such that H(x) = h

MatetiMateti 3636

Simple Hash FunctionSimple Hash Function

One-bit circular shift on the hash value One-bit circular shift on the hash value after each block is processed would after each block is processed would improveimprove

MatetiMateti 3737

A Few Secure HASH A Few Secure HASH functionsfunctions

SHA-1SHA-1 MD5MD5 RIPEMD-160RIPEMD-160

Digest lengthDigest length 160 bits160 bits 128 bits128 bits 160 bits160 bits

Basic unit of Basic unit of processingprocessing

512 bits512 bits 512 bits512 bits 512 bits512 bits

Number of Number of stepssteps

80 (4 rounds 80 (4 rounds of 20)of 20)

64 (4 64 (4 rounds of rounds of 16)16)

160 (5 160 (5 paired paired rounds of rounds of 16)16)

Maximum Maximum message sizemessage size

226464-1 bits-1 bits InfiniteInfinite infiniteinfinite

MatetiMateti 3838

Digital SignaturesDigital Signatures

A digital signature is a way to authenticate to a A digital signature is a way to authenticate to a recipient that a received object is indeed that of the recipient that a received object is indeed that of the sender.sender.

Alice computes a one-way hash DH of a document D. Alice computes a one-way hash DH of a document D. Alice encrypts DH with her private key. The encrypted Alice encrypts DH with her private key. The encrypted

hash DS becomes the document's signature. hash DS becomes the document's signature. Alice sends D along with the DS to Bob.Alice sends D along with the DS to Bob. Bob receives D’, DS’. Bob receives D’, DS’. Hopefully, D’ = D, DS’ = DS.Hopefully, D’ = D, DS’ = DS. Bob computes one-way hash BH of the D’Bob computes one-way hash BH of the D’ Bob decrypts the signature DS’ with Alice's public key; Bob decrypts the signature DS’ with Alice's public key;

call the decrypted value DG.call the decrypted value DG. If DG = BH, Bob knows that: If DG = BH, Bob knows that:

– the document really came from Alice and the document really came from Alice and – the document was not tampered with during the document was not tampered with during

transmission. transmission.

MatetiMateti 3939

Man-in-the-Middle Man-in-the-Middle AttackAttack

1.1. Assume: No trusted repositories of public keysAssume: No trusted repositories of public keys2.2. Bob sends Alice his public key. Mallory intercepts the key Bob sends Alice his public key. Mallory intercepts the key

and sends her own public key to Alice. and sends her own public key to Alice. 3.3. Alice generates a random session key, encrypts it with Alice generates a random session key, encrypts it with

"Bob’s" public key (which is really Mallory's), and sends it "Bob’s" public key (which is really Mallory's), and sends it to Bob. to Bob.

4.4. Mallory intercepts the message. He decrypts the session Mallory intercepts the message. He decrypts the session key with his private key, encrypts it with Bob's public key, key with his private key, encrypts it with Bob's public key, and sends it to Bob. and sends it to Bob.

5.5. Bob receives the message thinking it came from Alice. He Bob receives the message thinking it came from Alice. He decrypts it with his private key and obtains the session decrypts it with his private key and obtains the session key. key.

6.6. Alice and Bob start exchanging messages using the Alice and Bob start exchanging messages using the session key. Mallory, who also has that key, can now session key. Mallory, who also has that key, can now decipher the entire conversation. decipher the entire conversation.

MatetiMateti 4040

MiTM Attack MiTM Attack PreventionPrevention MiTM attack works because Alice and Bob MiTM attack works because Alice and Bob

have no way to verify they are talking to have no way to verify they are talking to each other. each other.

An independent third party that everyone An independent third party that everyone trusts is needed to foil the attack. trusts is needed to foil the attack.

This third party could bundle the name "Bob" This third party could bundle the name "Bob" with Bob's public key and sign the package with Bob's public key and sign the package with its own private key. with its own private key.

When Alice receives the signed public key When Alice receives the signed public key from Bob, she can verify with the third party. from Bob, she can verify with the third party. This way she knows that the public key really This way she knows that the public key really belongs to Bob, and not Mallory. belongs to Bob, and not Mallory.

MatetiMateti 4141

Unix crypt()Unix crypt()

1.1. Unix crypt() function (not the crypt(1) program) is based on Unix crypt() function (not the crypt(1) program) is based on the Data Encryption Standard (DES).  the Data Encryption Standard (DES). 

2.2. Takes the first 8 characters of the passwordTakes the first 8 characters of the password3.3. Assembles a 56-bit key == low 7-bits * 8Assembles a 56-bit key == low 7-bits * 84.4. Using this key, 000…0, a block of 64-zero-bits, is encrypted Using this key, 000…0, a block of 64-zero-bits, is encrypted 5.5. This is repeated 25 times. This is repeated 25 times. 6.6. Append two zero bits; we now have 66-bits.Append two zero bits; we now have 66-bits.7.7. Split into 11 six-bit numbers.  Split into 11 six-bit numbers.  8.8. Each  six-bit number i is stored as a char q[i] from the Each  six-bit number i is stored as a char q[i] from the

sequence q == [., /, 0-9, A-Z, a-z] of 64 characters. sequence q == [., /, 0-9, A-Z, a-z] of 64 characters. 9.9. This computation is perturbed with a randomly generated This computation is perturbed with a randomly generated

value called the value called the salt, salt, a two-character string chosen from the a two-character string chosen from the q. q.

10.10. The salt value is prepended resulting in a sequence of 13 The salt value is prepended resulting in a sequence of 13 characters. characters.