Transcript Document

Encryption
Dana Scherm
Velma DeFee
Encryption and Security:
Definitions

Encryption is a mechanism for hiding information by
turning readable text into a stream of gibberish in
such a way that someone with the proper key can
make it readable again.
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
Why is it important?

Encryption used to be a word that people
linked with government and secret
operations, however with the use of
computers becoming more and more
common, it is necessary for data to be
disguised to help protect the user.
 It keeps outsiders from viewing important
company documents
 It keeps information from being shared
between users on the same server or network
 It can be used to make “keys” to where only
certain people can view or access a
document
History





About 1900 BC: Egyptian scribe used non-standard hieroglyphs in an
inscription.
 First documented example of written cryptograph
1500 BC: ancient Assyrian merchants used intaglio, a piece of flat stone
carved into a collage of images and some writing to identify themselves in
trading transactions.
100-44 BC: Julius Caesar used a simple substitution with the normal alphabet
(just shifting the letters a fixed amount) in government communications.
1790 Thomas Jefferson invented his wheel cipher.
1917 William Frederick Friedman was employed as a civilian cryptanalyst at
Riverbank Laboratories and performed cryptanalysis for the US Government,
which had no cryptanalytic expertise of its own. WFF went on to start a school
for military cryptanalysts at Riverbank – later taking that work to Washington
and leaving Riverbank
http://www.sans.org/reading_room/whitepapers/vpns/history_of_encryption_730?show=730.php&cat=vpns
History



Continued
1933-1945: The Enigma machine was taken over and improved upon
to become the cryptographic workhorse of Nazi Germany.
1976: A design by IBM based on the Lucifer cipher and with changes
by the US NSA, was chosen to be the U.S. Data Encryption Standard.
It has since found worldwide acceptance, largely because it has shown
itself strong against 20 years of attacks. Even some who believe it is
past its useful life use it as a component -- e.g., of 3-key triple-DES.
1991 Phil Zimmermann released his first version of PGP (Pretty Good
Privacy) in response to the threat by the FBI to demand access to the
cleartext of the communications of citizens. PGP offered high security
to the general citizen and as such could have been seen as a competitor
to commercial products like Mailsafe from RSADSI.
Cryptography
 The
study of encryption-the hiding of
information, converting it from its
“normal, comprehensible form into an
obscured guise, unreadable without
special knowledge.”
www.wikipedia.com
The Enigma machine

The first Enigma was
invented by German
engineer Arthur Scherbius
at the end of World War I.
This model and its
variants were used most
notably by Nazi Germany
before and during World
War II. A range of Enigma
models was produced, but
the German military
model, the Wehrmacht
Enigma, is the version
most commonly
discussed.
The Enigma Machine

How it works:
http://russells.freeshell.org/enigma/
When a key is pressed, an electrical current is sent
through the machine. The current first passes
through the plug board, then through the three rotors,
through the reflector which reverses the current, back
through the three rotors, back through the plug board
and then the encrypted letter is lit on the display.
After the display is lit up, the rotors rotate. The rotors
rotate similar to an odometer where the right most
rotor must complete one revolution before the middle
rotor rotated one position and so on.


Continued
History of the Enigma Machine






1918: Albert Scherbius used his idea of “rotating rotors” to try to
come up with a cipher machine. He took his ideas to the German
military, but they weren’t interested. He then took his idea to a
German Company called Gewerkschaft Securitas, where his
patents were bought.
1920s: First enigma machine was produced. The rotating rotors
made it a better enciphering machine than any other because of its
rotating rotors.
1925: modifications began, and eventually the German Army made
modifications too.
1928: The Poles confiscated an Enigma machine in customs. It was
on its way to the German Embassy in Warsaw.
December 31, 1932: The Poles decrypted the german Enigma
signals
July 25, 1939: Poles gave the French and the British replicas of the
Polish made Enigmas together with the drawings and information
on the Enigma, the Bomba (the Polish version of the Enigma), and
the decryption information.
Morse Code
 http://www.scoutnet.nl/~inter/morse/mor
seform.html
•A type of character encoding that transmits telegraphic information using rhythm.
•Uses standardized sequence of short and long elements to represent the letters, numerals,
punctuation, and special characters of a given message.
•The short and long elements can be formed by sounds, marks, or pulses in on/off keying.
•Measured in Words Per Minute
•Originally created for Samuel F. B. Morse’s electric telegraph in the early 1840s
•Also extensively used for early radio communication beginning in the 1890s.
•For the first half of the 20th century, the majority of high-speed international communication
was conducted in Morse code, using telegraph lines, undersea cables, and radio circuits.
However the variable length of the Morst characters made it hard to adapt to automated
circuits.
•Morse code is designed to be read by humans without a decoding device, making it useful for
sending automated digital data in voice channels.
• For emergency signaling, Morse code can be sent by way of improvised sources that can be
easily "keyed" on and off, making Morse code one of the most versatile methods of
Telecommunication in existence.
www.wikipedia.com
Types of Encryption:
3 Basic Types
Manual encryption

Completely provided by the user
 Demands user’s active participation
 Risky, but reliable
Transparent encryption

Performed at low-level during ALL operations permanently
 Difficult to implement correctly
 Generally doesn’t work well with networking
 Easy to use, most secure
Semi-Transparent (“On the Fly encryption”)

Operates not permanently, but before/after access
 May cause degradation of computer’s efficiency
 If data to be encrypted is too great, can cause loss of data

http://services.devadvisers.net/cryprite/042ETYPE.HTM
Authentication and Encryption

Authentication and encryption are two intertwined
technologies that help to insure that your data remains secure.
 Authentication is the process of insuring that both ends of the
connection are in fact who they say they are. This applies not
only to the entity trying to access a service (such as an end
user) but to the entity providing the service, as well (such as a
file server or Web site).

Encryption helps to insure that the information within a
session is not compromised. This includes not only reading the
information within a data stream, but altering it, as well.
 While authentication and encryption each has its own
responsibilities in securing a communication session,
maximum protection can only be achieved when the two are
combined. For this reason, many security protocols contain
both authentication and encryption specifications.
http://technet.microsoft.com/en-us/library/cc750036.aspx
Authentication: Three Types
• · Single factor authentication
•
Password
•
Easy to remember
•
Easy to crack
•
People are predictable…passwords are usually a pets name,
•
a birth date, etc.
• · Two factor
•
Password + token (security device for users to keep in possession)
•
Safer and more complex than single factor
• · Three factor
• Password + token + biometric authentication (fingerprint, retinal scan)
• Safer and more complex than single or double factor types; used for high
•
security purposes (ex. Government documents)
• A token is a security device for authorized users to keep in
possession. Some examples include:
• SecurID Card, Challenge/response method, and USB token
Symmetric key
(private key and public key)

Private Key Encryption: Each party has the
same key, only this key can decrypt the
message. They must keep this key private in
order for others to be unable to decrypt the
message.
 Public Key Encryption: Each party has a
different key, the first party encrypts the
message, and the second party’s key is the
only one that can decrypt the message. If the
second party encrypts a message only the first
party’s key can decrypt the message.
Therefore, the keys may be put into the public
because the ones that are owned by either
party are the only copies.
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_pubki.html
SSL
Secure Sockets Layer

SSLs are “cryptographic protocols that
provide security and data integrity for
communications” over web sites.
(www.wikipedia.com)

A person running a web site may buy an SSL
certificate in order to ensure that visitors to
their website can trust them.
 It encrypts information that is given to a
website and keeps others from viewing the
personal information.

You may have seen a verisign logo at the bottom
of pages where you are entering personal
information. They are a company that sells SSL
certificates.
http vs. https


HTTP (Hypertext Transfer Protocol) is an application-level
protocol for distributed, collaborative, hypermedia information
systems.
 It operates “at the highest layer of the TCP/IP Internet
reference model and network security protocol,” meaning
that it works with the highest capability to meet all protocol
standards when it comes to transferring information over
the internet, as well as working to keep information secure
from other users. Its security is not the highest because it
works to “encrypt an HTTP message prior to transmission
and decrypt a message upon arrival.” This allows anyone to
see it.
HTTPS (Hypertext Transfer Protocol Secure) is a combination
of http and a network security protocol.
 This means that it strengthens security to keep others from
accessing your information. These connections are most
likely going to be used during an online transaction and for
“sensitive transactions in corporate information systems.”
digital signature algorithm
 An
algorithm for creating digital
signatures
Hash value and hash
functions
Definition: any well-known procedure for
reproducing data into some smaller integer
 Ideal hash function has four elements





Easy to compute for any given message
Difficult to find a hash function that has a given hash
Difficult to modify
Very rare to find two messages with the same hash
Visual of Hash Function
Government Standards
 Advanced
Encryption Standard (AEP)
 Is
an encryption standard adopted by the
U.S. government. It comprises three block
ciphers:

AES-128, AES-192, and AES-256
 Each
AES cipher has a 128-bit block size
 Key sizes of 128, 192, and 256 bits