Outline Yet More On Cryptography Symmetric cryptosystems CS 239 - PDF document

Outline Yet More On Cryptography • Symmetric cryptosystems CS 239 • Asymmetric cryptosystems Computer Security • Digital signatures January 30, 2006 • Digital hashes • Key recovery cryptosystems Lecture 4 Lecture 4 Page 1 Page 2 CS 239, Winter 2006 CS 239, Winter 2006 Symmetric and Asymmetric Description of Symmetric Cryptosystems Systems • Symmetric - the encrypter and • C = E(K,P) decrypter share a secret key • P = D(K,C) –Used for both encrypting and • E() and D() are not necessarily the decrypting same operations • Asymmetric – encrypter has different key than decrypter Lecture 4 Lecture 4 Page 3 Page 4 CS 239, Winter 2006 CS 239, Winter 2006 Advantages of Symmetric Key Disadvantage of Symmetric Key Systems Systems + Encryption and authentication performed in – Encryption and authentication a single operation performed in a single operation + Well-known (and trusted) ones perform • Makes signature more difficult faster than asymmetric key systems – Non-repudiation hard without servers + Doesn’t require any centralized authority – Key distribution can be a problem • Though key servers help a lot – Scaling Lecture 4 Lecture 4 Page 5 Page 6 CS 239, Winter 2006 CS 239, Winter 2006 1

Scaling Problems of Symmetric Sample Symmetric Key Ciphers Cryptography K 5 K 4 K 1 • The Data Encryption Standard K 4 K 6 How many keys am I K 2 • The Advanced Encryption Standard going to need to handle • There are many others the entire Internet???? K 5 K 3 K 3 K 2 K 6 K 1 Lecture 4 Lecture 4 Page 7 Page 8 CS 239, Winter 2006 CS 239, Winter 2006 The Data Encryption Standard History of DES • Developed in response to National Bureau • Probably the best known symmetric of Standards studies key cryptosystem • Developed by IBM • Developed in 1977 • Analyzed , altered, and approved by the • Still much used National Security Agency –Which implies breaking it isn’t • Adopted as a federal standard trivial • One of the most widely used encryption algorithms • But showing its age Lecture 4 Lecture 4 Page 9 Page 10 CS 239, Winter 2006 CS 239, Winter 2006 Overview of DES Algorithm More On DES Algorithm • Uses substitutions to provide confusion • A block encryption algorithm – To hide the set of characters sent – 64 bit blocks • Uses transpositions to provide diffusion • Uses substitution and permutation – To spread the effects of one plaintext bit into other bits – Repeated applications • Uses only standard arithmetic and logic functions • 16 cycles worth and table lookup • Performs 16 rounds of substitutions and • 64 bit key permutations – Only 56 bits really used, though – Involving the key in each round Lecture 4 Lecture 4 Page 11 Page 12 CS 239, Winter 2006 CS 239, Winter 2006 2

Decrypting DES Is DES Secure? • Apparently, reasonably • For DES, D() is the same as E() • No evidence NSA put a trapdoor in • You decrypt with exactly the same – Alterations believed to have increased algorithm security against differential cryptanalysis • If you feed ciphertext and the same key • Some keys are known to be weak with DES into DES, the original plaintext pops – So good implementations reject them out • To date, only brute force attacks have publicly cracked DES Lecture 4 Lecture 4 Page 13 Page 14 CS 239, Winter 2006 CS 239, Winter 2006 Key Length and DES Does This Mean DES is Unsafe? • Easiest brute force attack is to try all keys • Depends on what you use it for – Looking for a meaningful output • Takes lots of compute power to crack • Cost of attack proportional to number of possible keys • On the other hand, computers will • Is 2 56 enough keys? continue to get faster • Not if you seriously care • And motivated opponents can harness – Cracked via brute force in 1998 – Took lots of computers and time vast resources – But computers keep getting faster . . . • Increasingly being replaced by AES Lecture 4 Lecture 4 Page 15 Page 16 CS 239, Winter 2006 CS 239, Winter 2006 The Advanced Encryption Increased Popularity of AES Standard • A relatively new cryptographic algorithm • Gradually replacing DES • Intended to be the replacement for DES – As was intended • Chosen by NIST • Various RFCs describe using AES in IPSEC – Through an open competition • FreeS/WAN IPSEC (for Linux) includes • Chosen cipher was originally called AES Rijndael • Some commercial VPNs use AES – Developed by Dutch researchers • Various Windows AES products available – Uses combination of permutation and substitution Lecture 4 Lecture 4 Page 17 Page 18 CS 239, Winter 2006 CS 239, Winter 2006 3

History of Public Key Public Key Encryption Systems Cryptography • Invented by Diffie and Hellman in 1976 • The encrypter and decrypter have • Merkle and Hellman developed Knapsack different keys algorithm in 1978 C = E(K E ,P) • Rivest-Shamir-Adelmandeveloped RSA in 1978 P = D(K D ,C) – Most popular public key algorithm • Often, works the other way, too • Many public key cryptography advances ?? C E K ( , P ) secretly developed by British and US D government cryptographers earlier ? ? P D K ( , C ) E Lecture 4 Lecture 4 Page 19 Page 20 CS 239, Winter 2006 CS 239, Winter 2006 Practical Use of Public Key Authentication With Shared Keys Cryptography • Keys are created in pairs • If only two people know the key, and I didn’t create a properly encrypted • One key is kept secret by the owner message - • The other is made public to the world –The other guy must have • If you want to send an encrypted • But what if he claims he didn’t? message to someone, encrypt with his public key • Or what if there are more than two? –Only he has private key to decrypt • Requires authentication servers Lecture 4 Lecture 4 Page 21 Page 22 CS 239, Winter 2006 CS 239, Winter 2006 Scaling of Public Key Authentication With Public Keys Cryptography K e K e K e K e K d K e K d • If I want to “sign” a message, encrypt K d K d K d it with my private key Nice scaling properties K e K e • Only I know private key, so no one K d K d else could create that message K e • Everyone knows my public key, so K d K e everyone can check my claim directly K e K e K d K e K d K e K d K d K d Lecture 4 Lecture 4 Page 23 Page 24 CS 239, Winter 2006 CS 239, Winter 2006 4

Key Management Issues Issues of Key Publication • Security of public key cryptography • To communicate via shared key depends on using the right public key cryptography, key must be distributed • If I am fooled into using the wrong one, that –In trusted fashion key’s owner reads my message • To communicate via public key • Need high assurance that a given key cryptography, need to find out each belongs to a particular person other’s public key • Which requires a key distribution –“Simply publish public keys” infrastructure Lecture 4 Lecture 4 Page 25 Page 26 CS 239, Winter 2006 CS 239, Winter 2006 RSA Algorithm RSA Keys • Keys are functions of a pair of 100-200 • Most popular public key cryptographic digit prime numbers algorithm • Relationship between public and • In wide use private key is complex • Has withstood much cryptanalysis • Recovering plaintext without private key (even knowing public key) is • Based on hard problem of factoring supposedly equivalent to factoring large numbers product of the prime numbers Lecture 4 Lecture 4 Page 27 Page 28 CS 239, Winter 2006 CS 239, Winter 2006 Comparison of DES and RSA Security of RSA • DES is much more complex • Conjectured that security depends on • However, DES uses only simple arithmetic, factoring large numbers logic, and table lookup • RSA uses exponentiation to large powers –But never proven – Computationally 1000 times more –Some variants proven equivalent to expensive in hardware, 100 times in factoring problem software • Key selection also more expensive • Probably the conjecture is correct Lecture 4 Lecture 4 Page 29 Page 30 CS 239, Winter 2006 CS 239, Winter 2006 5