Sie sind auf Seite 1von 33

Encryption and Security

Outline
Overview of encryption
Terminology
History
Common issues

Secret-key encryption
Block and stream ciphers
DES
RC5

Overview
Intro, history and terminology
Symmetric-key encryption
Techniques
DES, RC5

Public-key encryption
RSA, hash functions, digital signatures

Key exchange, certificates, PKI

Overview
Types of attacks and countermeasures
Application layers
S-HTTP, SSL

Steganography and digital watermarking


Security and trust

Terminology
Code
Replacement based on words or semantic
structures

Cipher
Replacement based on symbols

Terminology
Cryptography
The science of encrypting or hiding secrets.

Cryptanalysis
The science of decrypting messages or breaking
codes and ciphers.

Cryptology
The combination of the two.

Terminology
Plaintext an unencrypted message
Cyphertext an encrypted message
Security: a combination of
Authentication
Access control

Three eras of cryptology


Pre-WWII
Cryptography as a craft
Widely used, but few provable techniques

1940s-1970
Secret key encryption introduced
Information theory used to characterize security

1970-present
Public key systems introduced

Early cryptography
Caesar cipher
Replace each letter l with l +3 mod 26
Attack at dawn becomes
Dwwdfn dw gdzq

Two components:
Algorithm: Shift characters by a fixed amount
Key: the fixed amount.

Note: Knowing the algorithm (but not the key)


makes this cipher much easier to crack
26 possibilities vs 26!

Weaknesses of the Caesar Cipher


Word structure is preserved.
Break message into equal-length blocks.
dww dfn dwg dzq

Letter frequency is a big clue


e,t,a,o most common English letters.
Using a single key preserves frequency.

Solution: use multiple keys


E.g. shift by (3,5,7)
Attack at dawn becomes dya dhr dyk dbu
Better, but frequency information still present.
An attacker that knows the block size can separate out characters
encoded with different keys.

Caesar Cipher
The Caesar cipher is still useful as a way to
prevent people from unintentionally reading
something.
ROT-13
By decrypting, the user agrees that they want to
view the content.

Fundamental problem: key length is shorter


than the message.

Vernam Cipher
1920s: introduction of the one-time pad.
Randomly generated key
Same length as message
XORed with message

Theoretically unbreakable
Attacker can do no better than guessing
Ciphertext gives no information about
plaintext.

Vernam Cipher
Example: winning lottery number is 117
1110101 (7 bits)
Randomly generated key: 0110101
XOR: 1000000

No two bits are encoded with the same mapping


an attacker has no frequency information to help
guess the key.
Problem: keys are very large.
How to distribute this key?
Shared source of randomness?

Symmetric Key Encryption


The Caesar Cipher and the one-time pad are
examples of symmetric-key (secret-key)
encryption.
Single key shared by all users.
Fast
How to distribute keys?

Keyspace
The keyspace is the set of all possible keys.
Caesar cipher: keyspace = {0,1,2,,25}
Vernam cipher: |keyspace| = 2n 1

Size of the keyspace helps us estimate


security.
Assumption: exhaustive search is the only way
to find a key.

Substitution Ciphers
Symbols are replaced by other symbols according to a key.
Caesar cipher is a substitution cipher.

To escape frequency analysis, we can use a homophonic


substitution cipher

Map symbols to multiple symbols.


e.g 0 -> {01, 10}, 1->{00,11}
011010010 becomes: 011100101101011110
Advantage: frequencies hidden
Disadvantage: message and key are longer
Substitution is said to add confusion
Measure of the relationship between plaintext and ciphertext

Transposition Ciphers
A transposition cipher is one that permutes
the symbols of the message according to a
preset pattern.
Attack at dawn becomes cda tka wan tat
Helps avoid detection of symbols based on
correspondence.
q followed by u.

Said to increase diffusion


Reduce redundancies in plaintext.

Product ciphers
By themselves, substitution and
transposition ciphers are relatively insecure.
By combining these operations, we can
produce a secure cipher.
This is how DES works.

M -> Sub(M) -> Trans(Sub(M)).


Might go through multiple rounds.

Block Ciphers
The ciphers we have seen so far are known
as block ciphers.
Plaintext is broken into blocks of size k.
Each block is encrypted separately.
Advantages: random access, potentially
high security
Disadvantages: larger block size needed,
patterns retained throughout messages.

Stream Ciphers
A stream cipher encodes a symbol based on both
the key and the encoding of previous symbols.
Ci = Mi XOR Ki XOR Mi-1

Advantages:
can work on smaller block sizes little
memory/processing/buffering needed.

Disadvantages:
Random access difficult, hard to use large keys.
Sender and receiver must be synchronized
Inserted bits can lead to errors.

Combinations
Many ciphers combine stream and block
properties.
Work on multiple symbols, but contain a
feedback loop.

Electronic Code Book (ECB)


Pure block cipher, no feedback
plaintext

E
key

ciphertext

E-1
key

plaintext

Cipher-block Chaining
XOR previous block
Chaining dependency order matters.
Some error propagation
plaintext
key

XOR
E

key

plaintext

ciphertext

E-1

XOR

Cipher-Block Chaining
Also incorporated into block ciphers.
Makes tampering easier to detect.
Helps prevent substitution and impersonation
attacks.

Secret key can also be used to construct a


running-key generator.
Longer sequence of pseudo-random numbers.
Can be used to build a one-time pad.

Modifications to CBC
Cipher feedback
Shift register is used to store data.
r-bit are shifted into mask of size m.
Allows a small number of bits to be
immediately sent.

Output feedback
Like cipher feedback, but uses output of
encryption function.
Eliminates error propagation.

DES
Data Encryption Standard
DEA is actually the algorithm.

First commercial-grade algorithm with open


implementation details.
Uses a 64-bit key with 8 parity bits, for an
effective key of 56 bits.
Keyspace = 256 = 1017

DES
Is a combination of a product cipher and a
Feistel cipher.
Product cipher: transposition and substitution.
Feistel cipher: Iterates through a number of
rounds of a product cipher mapping (L,R) to
(R, L)

16 rounds
Block size=48
In each round, a different 48-bit subkey is
selected from the 56-bit key.

Security of DES
Keyspace is approximately 1017
Thought to be secure in 70s.
Recently, 56-bit DES broken in under 1 day.
Combination of distributed.net & EFFs
DeepCrack.

Able to search several billion keys per


second.

Extensions to DES
3DES
Message is run through DES 3 times
C = k3 (k2 (k1(M)))
Backwards-compatible with DES if all three
keys are the same.
Keyspace is 1042
Drawback: bit-oriented operations are slow to
implement in software

RC5
Symmetric encryption algorithm
Word-oriented block cipher.
Can vary word length, number of rounds,
and key length.
Goals: fast, easy to understand and
implement, flexible, low memory
requirements, secure.
Uses stream techniques to modify data

RC5
Uses three mathematical operations:
Twos complement addition
XOR
Left cyclic rotation by variable amounts.

These are all fast operations that are directly


supported by most modern processors.

RC5 Algorithm
Parameters: K (key), w (word length), r (number of
rounds)
Input: a 2w length plaintext in registers A and B.
Output: a 2w length ciphertext.
1. Expand K into a table S[2(r+1)] keys.
To encrypt:
A =A + S[0]; B = B + S[1]
For i = 1 to r do
A = ((A xor B) << B) + S[2 * i]
B = ((B xor A) << A) + S[2*i + 1]

Decryption is the same thing in reverse.

RC5
Simple algorithm key is the data-dependent
rotations.
Keys are accessed sequentially, allowing for small
caches.
Security still unclear, but looks good.
56-bit key: 250 days by distributed.net
64-bit key: 1747 days by distributed.net
1.02x10^11 keys/sec, 1.5 x10^19 keyspace

72-bit key in progress.


4.8x10^10 keys/sec, 4x10^21 keyspace
100% in 788,747 days = 2160 years

Summary
Secret-key algorithms (DES, RC5) have been widely
studied.

Fast
Potentially highly secure
Well-understood.
Excellent for repeated communication.
Hard to use in open environments, one-shot communications
Works for hiding secrets; what about signing things?

Public-key encryption evolved as an answer to this


problem.