ss chapter 2

Cryptographic Techniques

CHAPTER 2

Faculty of Information & Communication Technology

BIC3263 • Systems Security

LESOTHO

Systems Security BIC3263 2

Cryptography• Cryptology: This is the study of techniques for ensuring the

secrecy and/or authenticity of information. The two main branches of cryptology areo Cryptography: which is the study of the design of such

techniques; ando Cryptanalysis: which deals with the defeating such

techniques, to recover information, or forging information that will be accepted as authentic.

Security services• Security services: The assurance that the communicating

entity is the one that it claims to be.• The primary security services are divided into five categories,

although some of these services are interrelated. -Confidentiality-Integrity-Non-repudiation-Authentication-Authorization /Access control

• Privacy/Confidentiality: When a message is sent electronically, the sender and receiver may desire that the message remain confidential, and thus not be read by any other parties.


Security services• Integrity: The assurance that data received are exactly as sent

by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).

• Nonrepudiation: Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message.

• Authentication: When an electronic message is received by a user or a system, the identity of the sender need to be verified (authenticated) in order to determine if the sender is who they claim to be.

• Access control: Limiting access to data and system only to authorized users is the objective of access controls in order to gain entry into the desired part of the system.Systems Security BIC3263 4


Security services• The five security services:

Security Issue

Security objective Security Techniques

Confidentiality Privacy of message Encryption

Message Integrity Deleting messageTampering

Hashing (Digest)

Authentication Origin verification Digital signaturesChallenger responsePasswordsBiometric devices

Non-repudiation Proof of origin, receipt and contents (sender cannot falsely deny sending or receiving the message)

Bi-directional hashingDigital signaturesTransaction certificatesTime stampsConfirmation services

Access controls/Authorization

Limiting entry to authorized users

FirewallsPasswordsBiometric devices

Encryption and decryption


Encryption and decryption• A message in human readable form is referred to in

cryptographic terms as plaintext or cleartext. • The process of disguising a message in such a way as to hide

its substance is called encryption/enciphering and the resulting message is referred to as ciphertext .

• The reverse process – decryption/deciphering ,takes ciphertext as input and restores the original plaintext.


Encryption and decryption• Plaintext is denoted by P, whereas ciphertext is denoted by C.

The encryption function E operates on P to produce C:

• In the reverse process, the decryption function D operates on C to produce P:

• A cryptographic algorithm, also called a cipher , is a mathematical function used for encryption and decryption.

• A restricted cryptosystem requires the encryption and decryption algorithms to be kept secret. This method is called security by obscurity and should be used only in very specific cases.



Encryption and decryption• The many schemes used for encryption constitute the area of study

known ascryptography. Such a scheme is known as a cryptographic system or a

cipher. • Techniques used for deciphering a message without any knowledge

of the enciphering details fall into the area of cryptanalysis.• Cryptanalysis is what the layperson calls "breaking the code." • The areas of cryptography and cryptanalysis together are called

cryptology.• All modern encryption algorithms use a key, denoted by K. The

value of this key affects the encryption and decryption functions, so that they can now be written as:

E ( K, P ) = CD ( K, C ) = P

Symmetric encryption


• Symmetric encryption implies that both parties to a communication must first possess a copy of a single secret key, as shown below. The most widely used algorithm in this category was, until recently, the Data Encryption Standard (DES).

Data Encryption Standard (DES)

• In January 1977, a standard encryption method called the Data Encryption Standard was adopted by the U.S. government.

• Though the algorithm used is complex, it is easily implemented in hardware, and software implementations are widely available.

• The American National Standards Institute (ANSI) approved DES as an industry standard, calling it the Data Encryption Algorithm (DEA).

The DES algorithm• DES is a block cipher . This means that it operates on a single

chunk of data at a time, encrypting 64 bits (8 bytes) of plaintext to produce 64 bits of ciphertext.

• The key length is 56 bits, often expressed as an eight-character string with the extra bits used as a parity check.

• The algorithm has 19 distinct stages.



• The first stage reorders the bits of the 64-bit input block by applying a fixed permutation.

• The last stage is the exact inverse of this permutation. • The stage penultimate to the last one exchanges the leftmost

32 bits with the rightmost 32 bits. • The remaining 16 stages (called rounds ) are functionally

identical but take as an input a quantity computed from the key Ki and the old right half Ri , where i is the current round number.

• Ki is derived from the original 56-bit key passed as input to the algorithm. Figure below shows the overall process.

• At each iteration, the algorithm takes in two 32-bit inputs and produces two 32-bit outputs.



• The left output is simply a copy of the right input. The right output is an exclusive OR (XOR) of the left input and a function of the right input and the key for the stage Ki

• All the complexity lies in the function f, which does a number of substitutions and permutations using simple hardware elements called S-boxes (for substitution) and P-boxes (for permutation).

• Decryption in the DES algorithm uses the same sequence of steps, but the keys used at each of the 16 stages (K1 to K16) are applied in reverse order.




The DES algorithm.



Cracking DES•All encryption algorithms can theoretically be broken using the so-called“brute-force” attack. •Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. •On average, half of all possible keys must be tried to achieve success.•If either type of attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised.

Triple DES• Triple DES is a more secure alternative to DES and is appealing in

that it requires no new algorithms or hardware over and above conventional

DES. • Figure below shows three 56-bit DES keys being used as input

to anarray of three DES chips (or software blocks). • The pattern used for the encryption step is encrypt-decrypt-

encrypt (EDE) with a DED pattern being used to reverse the process. Using these combinations allows us to be backwardly compatible with the single version of the DES algorithm.

• In one variation of Triple DES, K1 is set to be equal to K3, giving a 112-bit key length. The latter mode is sometimes referred to as 2 key Triple DES ,as opposed to 3 key Triple DES when K1, K2, and K3 are distinct, yielding a total key length of 168 bits.


Triple DES• The Triple DES algorithm.

• Its greatest appeal will be for the very large number of financial institutions that have an installed base of equipment with DES hardware.

• However, software implementations of Triple DES are slow in comparison, as we have to compute three DES functions. Also, Triple DES uses the same 64-bit block size as DES, which is considered to be weak.



Advanced Encryption Standard (AES)

• DES has weaknesses:

-slow (by modern standards)

-weak (can be broken by fast computers)

• AES will be a new FIPS-Federal Information Processing Standard that will specify a cryptographic algorithm for use by U.S. government organizations to protect sensitive (unclassified) information

• NIST(National Institute of Standards and Technology) ran a competition to replace DES.

• NIST selected five algorithms from the original 15 submissions. The candidate algorithms were MARS,RC6, Rijndael, Serpent, and Twofish.


Rijndael• Rijndael, had been selected as the proposed AES invented by

Vincent Rijmen and Joan Daeman

• No patenting allowed

• Round block cipher of similar structure to DES but faster, more secure

• Rijndael is a symmetric block cipher with variable key and block sizes of 128, 192, and 256 bits.

• However, since most of the cryptanalytic study during the standards process focused on the 128-bit block size, this will be the preferred block size included in the standard.

• Rijndael has considerable speed improvements over DES in both hardware and software implementations.

Rijndael• The cipher consists of between 10 or 14 rounds (Nr),

depending on the key length (Nk) and the block length (Nb). A plaintext block X undergoes n rounds of operations to produce an output block Y.

• Each operation is based on the value of the nth round key. • The round keys are derived from the cipher key by first

expanding the key and then selecting parts of the expanded key for each round.

• Figure below shows an overview of the process.


Rijndael

Overall structure of Rijndael cipher.


RC2, RC4, and RC5• In anticipation of the demise of DES, Ron Rivest, a noted cryptographer,has been developing a family of ciphers for RSA Data Security, Inc., thatmight be used to replace it.• RC (Rivest Cipher).• It appears as though RC1 never got beyond the design stage, and RC3

was broken before it was released. • RC2 was released and is used in a number of commercial products. It is

a 64-bit block cipher with a variable-length key.• RC4 can also use a variable-length key, but operates as a stream cipher.

Acommodity export license was obtained for 40-bit versions of RC2 andRC4, and the latter was used as the stream cipher in the first secure Webbrowsers that became available in 1995. • No patents have been applied for, and the details of the algorithms are

only available subject to a non-disclosure agreement with RSA Data Security, Inc. In September 1994.


RC5,RC6• The penultimate algorithm in the series is RC5 , which is a totally

parameterized system. • Among the items that may be changed are the block size, the key

length, and the number of rounds. • The basic algorithm is a block cipher, but stream versions are also

defined.• RC6 is the most recent block cipher designed by Ronald Rivest and

was among the five finalist candidate algorithms for the AES. • The main goal for the inventors was to meet the requirements for the

AES.• RC6 is based on RC5 and, like RC5, it is a parameterized algorithm in

which the block size, key size, and number of rounds are variable. • The upper limit to the key size for RC6 is 2,040 bits.



Message digesting or hashing• One way to provide integrity without confidentiality is to use a technique

known as a message digest. This involves applying a digesting or one-way hash function to the (long) message to produce a (short) message

digest. • The secret key can be applied to this hash and the result sent withthe message across the network. • The hash is then encrypted to become a message authentication code

(MAC), which is appended to the message before transmission.• Since the encryption is only being applied to a very small quantity, and

message digesting is faster than, encryption, this process can be considerably faster than encrypting the entire message.

• When the message arrives, the receiver computes a hash of themessage using the same algorithm. If this matches the decrypted MACthat came with the message, then the message has not been tampered

with.

Message digesting or hashing



Computing a message authentication code (MAC).


Message digesting or hashing• For any string s, H(s), the hash of s, is of fixed length (shorter

than s), sometimes called a message digest• A good one-way hash function will have two properties.

-Difficult to invert-”one way”. This means that attempting to produce a message that would yield a given hash should be completely unfeasible.- It should also be resistant to collision, which means that there should be a low probability of finding two messages with the same hash.

Two well-known hash functions that have found a place in payment

protocols are MD5 and SHA.


MD5 Algorithm• The MD5 algorithm is one of a series (including MD2 and

MD4) ofmessage digest algorithms developed by Ron Rivest. • It involves appending a length field to a message and padding it

up to a multiple of 512-bit blocks. • Each of these 512-bit blocks is then fed through a four-roundprocess involving rotation and a range of Boolean operations

producing achaining value that is input into the processing of the next 512-bit

block.• The hashed output is the 128-bit chaining value produced in

processingthe last block of the message.


The Secure Hash Algorithm (SHA)

• The secure hash algorithm is based quite heavily on the work of Ron Rivest in the MD series of algorithms.

• The message is first padded as with MD5, and then fed through four rounds, which are more complex than those used in MD5.

• The chaining value passed from one round to the next is 160 bits in length, which means that the resulting message digest is also 160 bits.


Kerberos

• Kerberos protocol, which provides message authentication and confidentiality facilities for communicating parties and is used as the basis for a number of payment systems.

• It is based on the trusted third-party model presented by Needham and Schroeder .

• The Kerberos authentication service was developed at the Massachusetts Institute of Technology (MIT) for Project Athena and the following discussion is based on version 5 of the protocol.

• Kerberos allows a client to prove its identity to a third-party server without sending any sensitive information across the network and also encrypts the channel between the two.


ss chapter 2

Documents

security servicesthe

decryptiona message

resulting message

electronic message

transmitted message

primary security services

alleged sender

contents sender