Week9 CS-P

mary29

easttom_ppt_08_final.ppt

Home >Computer Science homework help >Week9 CS-P

Computer Security Fundamentals

by Chuck Easttom

Chapter 8 Encryption

Chapter 8 Objectives

Explain the basics of encryption
Discuss modern cryptography methods
Select appropriate cryptography for your organization
Understand the function and protocols of VPNs

Introduction

Encryption
Scrambling information.
One critical part to the security puzzle.
Without it, all security measures are inadequate.
Cryptography
An art form

Encryption

The process to scramble a message or other information so that it cannot be easily read.

One of the most critical parts to the security puzzle.

Without it, all firewalls, IDSs, antivirus and antispyware software, policies, and so forth are inadequate.

Cryptography

The art of writing or deciphering secret code

Basic overview

This is a complex topic.

You get some idea of how it works and how to make intelligent decisions about it.

Cryptography Basics

Decryption
Reversal of the scrambling protocol
Encryption
Algorithm scrambles plain
Sender and receiver agree on algorithm
Message difficult to re-create without protocol

Decryption

Reversal of the scrambling protocol to make the message comprehensible.

Encryption

Plain text is scrambled according to a particular algorithm, agreed upon beforehand by sender and receiver.

Without the correct protocol, the message is difficult to re-create.

Plain text – key – cipher text – key – plain text.

Cryptography Basics (cont.)

Two basic types
Single/symmetric key encryption
Stream
Block
Substitution and transposition
Public/asymmetric key encryption

Two basic types

Transposition

Rearranging the letters

Substitution

Replaces each letter with a different letter

Two types of substitution

Single/symmetric key encryption

Public/asymmetric key encryption

Focus on Substitution ciphers.

History of Encryption

Old as written communication and war
Caesar Cipher
Shift cipher
A DOG
Shift 1 – B EPH
Shift 2 – C FQI
Shift negative 1 – Z CNF

As old as written communication and war

Caesar Cipher

Shift cipher – You decide the number of letters you shift over.

A DOG

Shift 1 – B EPH

Shift 2 – C FQI

Shift negative 1 – Z CNF

The history of encryption and code is fascinating to read, but it is beyond the scope of this text. Check out the sites in the text or others on the web.

History of Encryption (cont.)

Caesar Cipher
Frequency distribution cracks this simple cipher.
Substitution alphabet.
Substitutes one letter in the alphabet for another.
Caesar is a mono-alphabetic cipher.

Caesar Cipher

Frequency distribution will crack this simple cipher.

Most common letter in English is E and the most common three-letter word is THE.

Substitution alphabet

Substitutes one letter in the alphabet for another.

Caesar is a mono-alphabetic cipher, using only one alphabet.

ASIDE: Caesar needed to send messages to the far-flung posts at the ends of the Roman Empire. He would need security. He would write a message and then encrypt it with the now-famous Caesar 3 cipher. He would send for messengers. They would be extremely well paid, as they did not expect to return alive. Their heads would be shaved and the encrypted message tattooed on their heads. By the time they got to their destination, their hair had grown back and the message hidden. This is the first example we have of stenography. Also, they never saw the message and did not know what it was. After a successful mission and their heads were shaved, the message was decrypted. Because Caesar did not want the enemy to know how he used stenography or if they fell into enemy hands, we have the expression, “Kill the messenger.”

History of Encryption (cont.)

ATBASH
Rail Fence
Vigenere
Enigma

Caesar Cipher

Frequency distribution will crack this simple cipher.

Most common letter in English is E and the most common three-letter word is THE.

Substitution alphabet

Substitutes one letter in the alphabet for another.

Caesar is a mono-alphabetic cipher, using only one alphabet.

History of Encryption (cont.)

Multi-alphabetic
Select multiple shifts
Shift 1, 2, –1
Rotate through the shifts
A DOG becomes B FNH
Old cipher considered weak today

Uses the same English alphabet but changes the shift.

Binary Operations

Binary Operations
AND, OR, XOR

Example of AND operation

1	1	1
1	0	1
1	0	1

Binary Operations

3 operations not found in decimal or base 10 math

In comparing binary numbers in the AND operation, compare them one place at a time. If both places have a 1 in them, the result is a 1. If one or both of them are a 0, the result is a 0.

1	1	1
1	0	1
1	0	1

Binary Operations

Example of OR operation

1	1	1
1	0	1
1	1	1

Binary Operations

In comparing binary numbers in the OR operation, compare them one place at a time. If one or both of them are a 1, the result is a 1. If not, the result is a 0.

Binary Operations

Example of XOR operation

1	1	1
1	0	1
0	1	0

Binary Operations

In comparing binary numbers in the XOR operation, compare them one place at a time. If one of them, but NOT both of them, is a 1, the result is a 1. If not, the result is a 0.

Binary Operations

XOR only reversible binary operation
Convert plain text to ASCII

A DOG = 065 032 068 079 071

Then, convert ASCII to binary

0100 0001, 0100 0100, 0100 1111, 0100 0111

XOR

The only reversible binary operation

First, convert plain text to ASCII

A DOG = 065 032 068 079 071

Then, convert ASCII to binary

0100 0001, 0100 0100, 0100 1111, 0100 0111

Binary Operations

XOR the ASCII

0100 0001, 0100 0100, 0100 1111, 0100 0111

1111 0111, 1111 0111, 1111 0111, 1111 0111

1011 0110, 1011 0011, 1011 1000, 1011 0000

Result is cipher text.

Then, using any random, previously agreed upon string as the key, XOR the ASCII

0100 0001, 0100 0100, 0100 1111, 0100 0111

1111 0111, 1111 0111, 1111 0111, 1111 0111

1011 0110, 1011 0011, 1011 1000, 1011 0000

The result is the cipher text, which can be decrypted using the agreed upon key and the XOR operation, then converted back to ASCII

Uses single-key encryption

Both sender and receiver use the same key – weak

Uses mono-alphabetic substitution

Subject to frequency distribution attack – weak

Excellent introduction to contemporary encryption

Cryptography Terms

Key: The bits that are combined with the plain text to encrypt it. In some cases this is random numbers; in other cases it is the result of some mathematical operation.
Plain text: The unencrypted text.
Cipher text: The encrypted text.
Algorithm: A mathematical process for doing something.

Then, using any random, previously agreed upon string as the key, XOR the ASCII

0100 0001, 0100 0100, 0100 1111, 0100 0111

1111 0111, 1111 0111, 1111 0111, 1111 0111

1011 0110, 1011 0011, 1011 1000, 1011 0000

The result is the cipher text, which can be decrypted using the agreed upon key and the XOR operation, then converted back to ASCII.

Uses single-key encryption

Both sender and receiver use the same key – weak

Uses mono-alphabetic substitution

Subject to frequency distribution attack – weak

Excellent introduction to contemporary encryption

Modern Methods

Single key (symmetric) encryption
Same key to encrypt and decrypt
Blowfish
Symmetric block cipher
Works on “blocks” of letters
Uses variable length key (32–448 bits)
Freeware

Single (symmetric) encryption

Uses the same key to encrypt and decrypt

Blowfish

Symmetric block cipher

Works on “blocks” of letters

Uses variable length key (32–448 bits)

Bruce Schneier – 1993

Freeware

Modern Methods (cont.)

Data Encryption Standard (DES)

Divided into 64-bit blocks; then transposed

2. Manipulated by 16 steps of encryption, using 56-bit key

3. Scrambled by a swapping algorithm

4. Transposed one final time

Modern Methods (cont.)

Advanced Encryption Standard (AES).
Advanced Encryption Standard was the algorithm eventually chosen to replace DES. It is a block cipher that works on 128-bit blocks. It can have one of three key sizes of 128, 192, or 256 bits. This was selected by the United States government to be the replacement for DES and is now the most widely used symmetric key algorithm.

Modern Methods (cont.)

One major problem with symmetric key encryption

How do you transmit the symmetric key?

The answer: public key encryption

Modern Methods (cont.)

Public key (asymmetric) encryption
Opposite of single key encryption.
One key (public key) used to encrypt .
One key (private key) used to decrypt.
Only holder of a private key can decrypt messages.

Public key (asymmetric) encryption

The opposite of single-key encryption.

One key (public key) is used to encrypt a message.

One key (private key) is used to decrypt a message.

Distribute public key, but only holder of private key can decrypt those messages.

Modern Methods (cont.)

Public key (asymmetric) encryption
Depends on large prime numbers, factoring, and number theory.
Public key encryption is most widely used.
Pretty Good Privacy (PGP):
Freeware
Quite secure

Public key (asymmetric) encryption

Public key algorithms depend on large prime numbers, factoring, and number theory.

The major issue with symmetric encryption is the distribution of keys, so public key encryption is the most widely used.

Loss of a key with symmetric encryption is a major problem because someone else could decrypt all the messages.

Not so with asymmetric encryption.

Modern Methods (cont.)

Public key (asymmetric) encryption
Pretty Good Privacy (PGP)
Freeware
Phil Zimmerman – 2004
Quite secure

http://web.mit.edu/network/pgp.html

Modern Methods (cont.)

The MIT Distribution Center for PGP home page (http://web.mit.edu/network/pgp.html)

Modern Methods (cont.)

Public key (asymmetric) encryption
RSA
You start by generating two large random primes, p and q, of approximately equal size. Now you need to pick two numbers so that when multiplied together the product will be the size you want (that is, 128 bits, 256 bits, and so on).
Now multiply p and q to get n.
Let n = pq
Let m = (p - 1)(q – 1)

Modern Methods (cont.)

Public key (asymmetric) encryption
RSA
Now select another number; call this number e. Pick e so that it is co-prime to m.
Choose a small number e, co-prime to m.
Youare almost done generating a key. Now you just find a number d that when multiplied by e and modulo m would yield a 1. (Note: Modulo means to divide two numbers and return the remainder. For example 8 modulo 3 would be 2.).
Find d, such that de % m = 1.
Now publish e and n as the public key. Keep d and n as the secret key. To encrypt, simply take your message raised to the e power and modulo n.

Modern Methods (cont.)

The RSA Security home page

(http://www.rsasecurity.com)

http://www.rsasecurity.com

Modern Methods (cont.)

Legitimate versus fraudulent encryption
Warning signs of frauds
Unbreakable
Certified
Inexperienced people

Legitimate versus fraudulent encryption methods

Warning signs of frauds

Unbreakable – No such thing.

Certified – No recognized certification for encryption methods.

Inexperienced people – Inventors of the previously discussed methods had years of experience.

www.interhack.net/people/cmcurtin/snake-oil-faq.html

Avoid ‘bad’ crypto

Unbreakable
Unhackable
Secret algorithm
Kerhoff’s principle

This can be formally expressed as Kerckhoff’s principle. Auguste Kerckhoff first articulated this in the 1800s, stating that the security of a cipher depends only on the secrecy of the key, not the secrecy of the algorithm. Claude Shannon rephrased this stating that, “One ought to design systems under the assumption that the enemy will ultimately gain full familiarity with them.” This is referred to as Shannon's maxim and states essentially the same thing Kerckhoff’s principle states.

Digital Signatures

A digital signature is not used to ensure the confidentiality of a message, but rather to guarantee who sent the message. This is referred to as nonrepudiation. Essentially, it proves who the sender is. Digital signatures are actually rather simple, but clever. They simply reverse the asymmetric encryption process. Recall that in asymmetric encryption the public key (which anyone can have access to) is used to encrypt a message to the recipient, and the private key (which is kept secure and private) can decrypt it. With a digital signature, the sender encrypts something with his private key. If the recipient can decrypt that with the sender's public key, then it must have been sent by the person purported to have sent the message.

Hash

Hashing is a type of cryptographic algorithm that has some specific characteristics. First and foremost it is one way. That means you cannot "unhash" something. The second characteristic is that you get a fixed-length output no matter what input is given. Finally, it should have few or no collisions. A collision is when two different inputs provide the same output.

Hash – cont.

MD5
SHA1
SHA2
SHA3

VERY Simple Illustration of Rainbow Tables

Password	MD5 Hash (in Hex)
aaaa	74b87337454200d4d33f80c4663dc5e5
aaab	4c189b020ceb022e0ecc42482802e2b8
aaac	3963a2ba65ac8eb1c6e2140460031925
aaa1	39dc4f1ee693e5adabddd872247e451f
aaa2	0ad346c93c16e85e2cb117ff1fcfada3
aaa4	ee93fca7c150d9c548aff721c87d0986

Password	MD5 Hash (in Hex)
aaaaa	594f803b380a41396ed63dca39503542
aaabb	120858a7016efcfab66967b834e9153c
aaacc	ee43671d755ac457cfe6e32d1894788e
aaa1a	5bbac29650eb36b4de16885c190a9fa3
aaa2a	597f0ce6d11567cc691b3f5df35594cb
aaa4a	4305dc076b3ba2bf8d55524cddf5a72d

Hash - Salt

Random bits added to further secure encryption or hashing. Most often encountered with hashing, to prevent Rainbow Table attacks.

Essentially the salt is intermixed with the message that is to be hashed. Consider this example. You have a password that is
pass001
in binary that is
01110000 01100001 01110011 01110011 00110000 00110000 00110001
A salt algorithm would insert bits periodically, lets assume for our example that we insert bits every 4th bit giving us
0111100001 0110100011 0111100111 0111100111 0011100001 0011100001 0011100011
If you convert that to text you would get
xZ7��#

The ancient Chinese wrapped notes in wax and swallowed them for transport.
In ancient Greece a messenger’s head might be shaved, a message written on his head, then his hair was allowed to grow back.
In 1518 Johannes Trithmeus wrote a book on cryptography and described a technique where a message was hidden by having each letter taken as a word from a specific column.

Historical Steganography

During WW II the French Resistance sent messages written on the backs of couriers using invisible ink
Microdots are images/undeveloped film the size of a typewriter period, embedded on an innocuous documents. These were said to be used by spy's during the Cold War.

Historical Steganography - Continued

Payload is the data to be covertly communicated.
The carrier is the signal, stream, or data file into which the payload is hidden. This is also sometimes called the cover object.
The channel is the type of medium used.

Steganography Terms

Cryptanalysis

Ciphertext Only Attack
Known plain text
Chosen plain text
Related Key

Summary

Encryption is a basic element of security.
Encrypting data when transmitting is an integral part of any security plan.