Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D - PowerPoint PPT Presentation

Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D

WHY USE THE INTERNET for Secure Communications? The Internet offers: ■ Virtually universal worldwide coverage. ■ Access to anywhere from anywhere, stationary or mobile. ■ Ease of use, ease of training. ■ Cheap access! 2

In order to use the Internet for secure communications, we must ensure the: CONFIDENTIALITY - of the data: All communications must be private - no unauthorized persons or equipment should be allowed to view any information passed over the Internet. INTEGRITY - of the data: All information must be validated - it must be what it claims to be, what was originally sent. AUTHENTICATION - of the message source: Message recipients must know the true source of that message. AUTHENTICATION - of the network users: All persons and machines with which users or machines interact must be identified - they must be who or what they claim to be. 3

SECURE COMMUNICATIONS Over the Internet ■ To ensure the CONFIDENTIALIY of data, we use: ■ CRYPTOGRAPHY ■ To ensure the INTEGRITY of data, we use: ■ MESSAGE DIGESTS ■ To AUTHENTICATE the source of data, we use: ■ DIGITAL SIGNATURES ■ To AUTHENTICATE the identity of network users, we use: ■ DIGITAL CERTIFICATES 4

We Use All This to Implement E-Commerce, VPNs, and Secure Personal Communications Today, all browsers (Netscape, IE) come equipped with SSL (Secure Sockets Layer), which establishes encrypted E-Com- channels for passing private information, such as credit merce card numbers, to E-commerce Web sites, such as Amazon.com. A Virtual Private Networks is a network in which computers at remote locations connect via the Internet – not via private Virtual leased lines (the way Wide Area Networks Private Network – WANs - have been implemented since 1960). VPNs encrypt their traffic to ensure that their communications remain secret. The encryption schemes covered in this talk allow Secure Internet users to send encrypted email to each other. Email PGP (Pretty Good Privacy) is an example. 5

A Little History In the 5th Century BC, the Greeks used a military cryptographic device called a "scytale." The scytale consisted of a wooden staff around which was wound a strip of leather or parchment. The message was written on the strip in columns. The strip was then removed from the staff and the two carried to the message recipient. This technique used character TRANSPOSITION. 6

A Little History ■ In the 1st Century BC, Julius Caesar used an encryption method, later called the "Caesar Cipher," in which every letter was replaced by the letter that followed 3 places later in the alphabet. This technique uses character SUBSTITUTION, rather than TRANSPOSITION. ■ In the 15th century, Italian Leon Battista Alberti, invented the cipher disk , which allowed the Caesar Cipher to have a KEY. The black disk rotates They were used during the US within the white disk. Civil War and (to a lesser extent) WWI and WWII. 7

ALittle History Here is an example, using the NSA disk in the position shown: Original message: MEETMEATTHEZOO Encrypted message OWWHOWAHHWBMM The black disk rotates within the white disk. 8

Symmetric (1-Key) Cryptography How It Works Modern 1-key cryptographic schemes rely on 3 main concepts: TRANSPOSITION (shuffling) of characters, SUBSTITUTION (replacement) of characters with other characters, and a KEY that is used to select one of many transposition/ substitution variations. Applying the same algorithm and key to the encrypted result yields the original plaintext message. 9

Symmetric (1-Key) Cryptography How It Works Good schemes use a 128-bit key, giving: 340,000,000,000,000,000,000,000,000,000,000,000,000 = 3 x 10 38 possible keys If you had 1 billion computers trying 1 billion keys per second, it would take 10 13 years to try them all. Th at’s at least 1,000 times longer than the age of the universe (which is 10 10 years) The most popular encryption scheme today is DES … 10

DES – Data Encryption Standard ■ Private key ■ Encrypts using a series of substitutions and transpositions, with a 56-bit key ■ Worldwide standard for more than 20 years ■ Has a history of controversy ■ Designed by IBM (Lucipher) with later help (interference?) from NSA ■ No longer considered secure for highly sensitive applications ■ Federal government has proposed AES (Algorithmic Encryption Standard) as a replacement 11

DES - Overview

DES – Each iteration. 13

Other Popular Symmetric Encryption Schemes ■ 3DES ■ IDEA ■ Twofish ■ Blowfish ■ RC4, RC5, RC6 ■ IPSec ■ AES 14

Symmetric (1-key) Encryption THE ONE-TIME PAD The one perfect encryption scheme! In the so-called "one-time pad" (1-key) encryption scheme, the secret key is a string of random bits. that is the same size as is the message. To encrypt the plaintext message, we merely XOR it with the key. To decrypt the ciphertext, we merely XOR it again with the key. XOR in1 in2 out 0 0 0 0 1 1 1 0 1 1 1 0 15

Symmetric (1-key) Encryption THE ONE-TIME PAD As an example, say we want to identify a spy - Joe . Using 8- bit ASCII text, the message-length is 24 bits, so we use a random 24-bit key: 16

THE ONE-TIME PAD Note that there is NO WAY anyone can decrypt the ciphertext without the key. If a "bad guy" tries an exhaustive search for the key, trying all 2^24 (15,777,216) possibilities, he will get every possible 3-letter name there is, from AAA to ZZZ (Abe, Ann, Bob, Cal, Don, Ken, Kim, Ron, Sid, Tim, Tom, etc.). If a bad guy knows that "Joe" is a possible name, and is the only 3-letter possible name, then he has us at the start by just checking the length of the message. So, of course, we would make the message the same length as that of the longest possible name by padding it with, say, space characters. 17

Public-Key (2-key) Cryptography How It Works 1. BOB's computer generates a public-key pair. When one key (it doesn't matter which one) is used to encrypt a message, ONLY the other key can decrypt the message. 2. BOB gives a copy of one of his keys - called the public key - to ALICE. BOB keeps 4 . ALICE sends (e.g. emails) private key – a SECRET!! her ciphertext to BOB. 3. ALICE encrypts her plaintext 5. BOB decrypts the ciphertext with BOB's public key. € A using BOB ’s private key. € A LOCK! KEY! 18

Public-Key (2-key) Cryptography Popular Public-Key Encryption Algorithms • RSA (Rivest-Shamir- Adleman) is the most popular public-key encryption algorithm. • D-H (Diffie-Hellman) alllows two communicators to agree upon a session key. • DSA (Digital Signature Algorithm) is the U.S. government standard public key algorithm. 19

Public-Key (2-key) Cryptography The PROBLEM The problem with 2-key cryptography is the necessary mathematical relationship between the public key and private key. This relationship prevents us from using just any old random key, which we can do with symmetric (private) cryptography. Therefore, to get the level of security provided by a 128- bit 1-key (secret) key size, we must use a 1024-bit key (about 10 times longer) when using 2-key (public) cryptography. So, even though there are 2 1024 possible keys, the cryptanalyst need try only about 2 128 of them. 20

Public-Key (2-key) Cryptography The PROBLEM OK, there are 2 1024 possible keys, but the cryptanalyst need try only about 2 128 of them. So, then, as with 1-key cryptography, he is still left with: 340,000,000,000,000,000,000,000,000,000,000,000,000 possible keys However, use of such a large key (1024 bits), slows the requisite number-crunching and makes 2-key cryptography SLOW, SLOW, SLOW. Therefore public key cryptography is generally used only to send the secret (session) key in 1-key (private) key cryptography. 21

Pretty Good Privacy – PGP gives you secure pseudo- anonymous message service via your usual email service Alice creates a public key pair and gives Bob her public key. 1. Bob creates a random session key and 1-key-encrypts his email with it. 2. Bob 2-key-encrypts the session key with Alic e’s public key. 3. Bob sends to Alice both the encrypted email and the encrypted session key. Alice receives Bob ’s e mail 4. and reverses the process, retrieving the original text.

Real-World Use of 1-Key/2-Key Cryptography Again, 2-key cryptography is used primarily to distribute secret (session) keys that are then used with standard, old fashioned symmetric cryptography – it could be a military venue. This is the way E-commerce and VPNs work – but they also deal with the issue of authentication , which we have ignored here. 23

Real-World Use of 1-Key/2-Key Cryptography A Military Application Assume Admiral Nimitz in Hawaii wants to send the USS Halibut (SSN-587) a message: 1. Nimitz radios the Halibut, "Send me a public key." 2. The Halibut generates and radios Nimitz a 1024-bit public key. 3. Nimitz radios the Halibut a 56-bit DES key, which he has encrypted with the Halibut's public key. 4. The Halibut decrypts Nimitz's DES key using its private key. 5. Both Nimitz and the Halibut now share the same secret key as though a courier had hand-carried it across thousands of mile of ocean. They can communicative in secret! And note that they can use all new keys every time they "talk." 24