BASIC CRYPTOGRAPHY

BY FULLGENCE MWAKONDO

8: Network Security

8-1

Reference
Notes on cryptography :By Peter J. Cameron,

School of Mathematical Sciences, Queen Mary, University of London, Mile End Road London E1 4NS,UK An introduction to cryptography and cryptanalysis: By Edward Schaefer, Santa Clara University
Computer

Networking: A Top Down Approach Featuring the Internet, 3rd edition.

Jim Kurose, Keith Ross Addison-Wesley, July 2004.

8: Network Security

8-2

roadmap
1.

2.
3. 4. 5. 6.

Introduction to cryptography Principles of cryptography Types of cryptography Authentication Integrity Key Distribution and certification

8: Network Security

8-3

Cryptography
Refers to the art of protecting transmitted

information from unauthorized interception or tampering. cryptanalysis, is the art of breaking such secret ciphers and reading the information, or perhaps replacing it with different information. cryptology , is the study of encryption and decryption and cryptography is the application of them.

8: Network Security

8-4

Cryptography and coding theory

Coding involves translating information of any

kind (text, scientific data, pictures, sound, and so on) into a standard form for transmission, and protecting this information against distortion by random noise. Cryptography involves protecting information against purposeful interference by enemy They both protect information but use different techniques

8: Network Security

8-5

Steganography and cryptography

Steganography involves concealing the message

and hope that the enemy cant find it. Cryptography involves scrambling the message, and hope that (assuming that it is intercepted) the enemy is unable to unscramble it They both keep a message out of the enemys hands

8: Network Security

8-6

Cryptography: what is it good for?

Authentication determine origin of message sender, receiver want to confirm identity of each other Integrity verify that message has not been modified sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Nonrepudiation sender should not be able to falsely deny that a message was sent Confidentiality others cannot read contents of the message only sender, intended receiver should understand message contents

roadmap
1.

2.
3. 4. 5. 6.

Introduction to cryptography Principles of cryptography Types of cryptography Authentication Integrity Key Distribution and certification

8: Network Security

8-8

Cryptography Terms
plaintext: the message to be communicated
ciphertext: disguised message actually transmitted encryption: process of creating a ciphertext from a

plaintext decryption: process of turning a ciphertext back into a plaintext Key: extra information needed to do encryption and decryption Cipher: cryptographic(encrypt ,decrypt) algorithm Stream cipher:Encrypt message character at a time Block cipher: Encrypt message a chunk8:at a Security 8-9 Network time

General scheme of cryptography

Traditionally, the two parties(friends) who want

to communicate are called Alice and Bob, and the eavesdropper(enemy) who is trying to read their message is Eve/Trudy. Alice and Bob both have access to the key, but Eve doesnt. The black boxes input plaintext and key and output ciphertext (in Alices case), or input ciphertext and key and output plaintext (in Bobs).
8: Network Security

8-10

Scheme of Cryptography :more

8: Network Security

8-11

Friends and enemies: Alice, Bob, Trudy

well-known in network security world Bob, Alice (lovers!) want to communicate securely Trudy (intruder) may intercept, delete, add messages

Alice secure sender

channel

data, control messages

Bob

data

secure receiver
Trudy

data

8: Network Security

8-12

Who might Bob, Alice be?

well,

Web browser/server for electronic

real-life Bobs and Alices!

transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?

8: Network Security

8-13

There are bad guys (and girls) out there!

Q: What can a bad guy do? A: a lot!

eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address

in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)

more on this later

8: Network Security 8-14

main types of encryption method

Transposition: order of the letters in the plaintext is rearranged in some systematic way. The key is the permutation applied to the positions.
Substitution: Individual letters are replaced by different letters in a systematic way e.g. mapping to the nth letter. Key is n. Codebook: Complete words in the message are replaced by other words with quite different meanings. The key is the codebook, the list of words and their replacements. 8: Network Security 8-15

Transposition encryption/cipher
Pig-Latin cipher

For words which begin with a single consonant take the consonant off the front of the word and add it to the end of the word. Then add ay after the consonant E.g. cat = atcay For words which begin with double or multiple consonants take the group ofconsonants off the front of the word and add them to the end, adding ay at the very end of the word. E.g. scratch = atchscray For words that begin with a vowel, just add yay at the end E.g. apple = appleyay 8: Network Security 8-16

Substitution encryption/cipher
Caesar cipher
Each

letter is shifted a fixed number of places to the right. (Caesar normally used a shift of three places). We regard the alphabet as a cycle, so that the letter following Z is A. Thus, for example, the table below shows a right shift of 5 places. A B C D E F G H I J K L M N OP Q R S T U V W X Y Z F G H I J K L M N O P Q R S T U V W X YZ AB C D E
Monoalphabetic cipher

How does it work?

8: Network Security 8-17

Code Book Encryption

Your homework?

8: Network Security

8-18

roadmap
1.

2.
3. 4. 5. 6.

Introduction to cryptography Principles of cryptography Types of cryptography Authentication Integrity Key Distribution and certification

8: Network Security

8-19

Types of cryptography
Symmetric key cryptography(classical

cryptography Public key cryptography

8: Network Security

8-20

The language of cryptography

Alices K encryption A key plaintext encryption algorithm ciphertext Bobs K decryption B key decryption plaintext algorithm

symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private)
8: Network Security 8-21

Symmetric key cryptography

substitution cipher: substituting one thing for another

monoalphabetic cipher: substitute one letter for another

plaintext: ciphertext:
E.g.:

abcdefghijklmnopqrstuvwxyz mnbvcxzasdfghjklpoiuytrewq

Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc

Q: How hard to break this simple cipher?: brute force (how hard?) other?
8: Network Security 8-22

Symmetric key cryptography

KA-B
plaintext message, m encryption ciphertext algorithm K (m)
A-B

KA-B
decryption plaintext algorithm m = K ( KA-B(m) )
A-B

symmetric key crypto: Bob and Alice know and share same (symmetric) key: K A-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value?
8: Network Security 8-23

Symmetric key crypto: DES

DES: Data Encryption Standard
US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input

How secure is DES?

DES Challenge: 56-bit-key-encrypted phrase (Strong cryptography makes the world a safer place) decrypted (brute force) in 4 months no known backdoor decryption approach making DES more secure: use three keys sequentially (3-DES) on each datum use cipher-block chaining

8: Network Security 8-24

Public Key Cryptography

symmetric key crypto
requires sender,

public key cryptography

radically different

receiver know shared secret key Q: how to agree on key in first place (particularly if never met)?

approach [DiffieHellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver Q:how to choose keys?
8: Network Security 8-25

Public key cryptography

K
+ Bobs public B key

- Bobs private B key

plaintext message, m

encryption ciphertext algorithm + K (m)

B

decryption plaintext algorithm message + m = K B(K (m))

B

8: Network Security

8-26

Public key encryption algorithms

Requirements:
+ need K ( ) and K - ( ) such that B B - + K (K (m)) = m B B

+ given public key KB , it should be

impossible to compute private key KB

Q:how to choose keys? Soln: RSA (Rivest, Shamir, Adelson algorithm) 8: Network Security

8-27

PAUSE

8: Network Security

8-28

roadmap
1.

2.
3. 4. 5. 6.

Introduction to cryptography Principles of cryptography Types of cryptography Authentication Integrity Key Distribution and certification

8: Network Security

8-29

Authentication
Goal: Bob wants Alice to prove her identity to him
Protocol ap1.0: Alice says I am Alice I am Alice

Failure scenario??

8: Network Security

8-30

Authentication
Goal: Bob wants Alice to prove her identity to him
Protocol ap1.0: Alice says I am Alice in a network, Bob can not see Alice, so Trudy simply declares herself to be Alice
8: Network Security 8-31

I am Alice

Authentication: another try

Protocol ap2.0: Alice says I am Alice in an IP packet containing her source IP address

Alices I am Alice IP address

Failure scenario??

8: Network Security

8-32

Authentication: another try

Protocol ap2.0: Alice says I am Alice in an IP packet containing her source IP address

Alices IP address

Trudy can create a packet spoofing I am Alice Alices address

8: Network Security

8-33

Authentication: another try

Protocol ap3.0: Alice says I am Alice and sends her secret password to prove it.

Alices Alices Im Alice IP addr password Alices IP addr

OK

Failure scenario??

8: Network Security

8-34

Authentication: another try

Protocol ap3.0: Alice says I am Alice and sends her secret password to prove it.

Alices Alices Im Alice IP addr password Alices IP addr

playback attack: Trudy

records Alices packet and later plays it back to Bob

OK

Alices Alices Im Alice IP addr password

8: Network Security

8-35

Authentication: yet another try

Protocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it.

Alices encrypted Im Alice IP addr password Alices IP addr

OK

Failure scenario??

8: Network Security

8-36

Authentication: another try

Protocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it.

Alices encrypted Im Alice IP addr password Alices IP addr

OK

record and playback still works!

Alices encrypted Im Alice IP addr password

8: Network Security

8-37

Authentication: yet another try

Goal: avoid playback attack Nonce: number (R) used only once in-a-lifetime

ap4.0: to prove Alice live, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key I am Alice R
KA-B(R) Failures, drawbacks?
Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!
8: Network Security 8-38

Authentication: ap5.0
ap4.0 requires shared symmetric key can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography
I am Alice R K A (R) KA
+ -

send me your public key

and knows only Alice could have the private key, that encrypted R such that + K (K (R)) = R A A
8: Network Security 8-39

KA(KA (R)) = R

Bob computes + -

ap5.0: security hole

Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)
I am Alice I am Alice R K (R) T

Send me your public key

K (R) A

Send me your public key

+ K A

+ K T

- + m = K (K (m)) A A

+ K (m) A

encrypted with Alices public key

8: Network Security 8-40

Trudy gets - + m = K (K (m)) sends T to Alice m T

+ K (m) T

ap5.0: security hole

Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)

Difficult to detect: Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) problem is that Trudy receives all messages as well!

8: Network Security

8-41

roadmap
1.

2.
3. 4. 5. 6.

Introduction to cryptography Principles of cryptography Types of cryptography Authentication Integrity Key Distribution and certification

8: Network Security

8-42

Digital Signatures
Cryptographic technique analogous to handwritten signatures.
sender (Bob) digitally signs document,

establishing he is document owner/creator. verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

8: Network Security

8-43

Digital Signatures
Simple digital signature for message m:
Bob signs m by encrypting with his private key -

KB, creating signed message, KB(m)

K B Bobs private

Bobs message, m
Dear Alice
Oh, how I have missed you. I think of you all the time! (blah blah blah)

key

K B(m)
Bobs message, m, signed (encrypted) with his private key

Bob

Public key encryption algorithm

8: Network Security

8-44

Digital Signatures (more)

Suppose Alice receives msg m, digital signature KB(m)
-

Alice verifies m signed by Bob by applying Bobs

+ + +

public key KB to KB(m) then checks KB(KB(m) ) = m.

-

If KB(KB(m) ) = m, whoever signed m must have used

Bobs private key.

Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m. Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m.
8: Network Security 8-45

Message Digests
Computationally expensive to public-key-encrypt long messages Goal: fixed-length, easyto-compute digital fingerprint apply hash function H to m, get fixed size message digest, H(m).

large message m

H: Hash Function

H(m)

Hash function properties: many-to-1 produces fixed-size msg digest (fingerprint) given message digest x, computationally infeasible to find m such that x = H(m)
8: Network Security 8-46

Internet checksum: poor crypto hash function

Internet checksum has some properties of hash function: produces fixed length digest (16-bit sum) of message is many-to-one But given message with given hash value, it is easy to find another message with same hash value:
message IOU1 00.9 9BOB ASCII format 49 4F 55 31 30 30 2E 39 39 42 4F 42 B2 C1 D2 AC message IOU9 00.1 9BOB ASCII format 49 4F 55 39 30 30 2E 31 39 42 4F 42

B2 C1 D2 AC different messages but identical checksums!

8: Network Security 8-47

Digital signature = signed message digest

Bob sends digitally signed message: large message m
H: Hash function

Alice verifies signature and integrity of digitally signed message:

H(m)
digital signature (encrypt) encrypted msg digest

encrypted msg digest

Bobs private key

KB

large message m
H: Hash function

KB(H(m))

Bobs public key

KB

digital signature (decrypt)

KB(H(m))

H(m)

H(m)

equal ?
8: Network Security 8-48

Hash Function Algorithms

MD5 hash function widely used (RFC 1321)

computes 128-bit message digest in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x. SHA-1 is also used. US standard [NIST, FIPS PUB 180-1] 160-bit message digest

8: Network Security

8-49

roadmap
1.

2.
3. 4. 5. 6.

Introduction to cryptography Principles of cryptography Types of cryptography Authentication Integrity Key Distribution and certification

8: Network Security

8-50

Trusted Intermediaries
Symmetric key problem:
How do two entities

Public key problem:

When Alice obtains

establish shared secret key over network?

Solution:
trusted key distribution

center (KDC) acting as intermediary between entities

Bobs public key (from web site, e-mail, diskette), how does she know it is Bobs public key, not Trudys?

Solution:
trusted certification

authority (CA)

8: Network Security

8-51

Key Distribution Center (KDC)

Alice, Bob need shared symmetric key.
KDC: server shares different secret key with

registered user (many users) Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC. KDC
KP-KDC KB-KDC KA-KDC KP-KDC KX-KDC KY-KDC KB-KDC KZ-KDC

each

KA-KDC

8: Network Security

8-52

Key Distribution Center (KDC)

Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
KDC generates R1 Bob knows to use R1 to communicate with Alice

KA-KDC(A,B)
Alice knows R1

KA-KDC(R1, KB-KDC(A,R1) ) KB-KDC(A,R1)

Alice and Bob communicate: using R1 as session key for shared symmetric encryption
8: Network Security 8-53

Certification Authorities
Certification authority (CA): binds public key to

particular entity, E. E (person, router) registers its public key with CA.

E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing Es public key digitally signed by CA CA says this is Es public key
Bobs public key

KB

digital signature (encrypt)

CA private key

KB certificate for Bobs public key, signed by CA

8: Network Security 8-54

Bobs identifying information

K-

CA

Certification Authorities
When Alice wants Bobs public key:

gets Bobs certificate (Bob or elsewhere). apply CAs public key to Bobs certificate, get Bobs public key

+ KB

digital signature (decrypt)

CA public key

Bobs public + key KB

+ K CA

8: Network Security

8-55

A certificate contains:
Serial number (unique to issuer) info about certificate owner, including algorithm

and key value itself (not shown)

info about

certificate issuer valid dates digital signature by issuer

8: Network Security

8-56

Network Security (summary)

Basic techniques...
cryptography (symmetric and public) authentication message integrity key distribution

. used in many different security scenarios

secure email secure transport (SSL) IP sec 802.11

8: Network Security 8-57

END OF PRESENTATION

8: Network Security

8-58