Transcript Cryptography Taxonomy and Evolution

Cryptography
A Brief History
Prasenjeet Dutta
Program Manager
Cybernet Software Systems Inc.
[email protected]
In Today’s Session
Part I
Part II
Part III
Part IV
The Ciphers
The Politics
Security and Privacy
Questions
Basic Definitions






Cryptography: The Science of creating
coded messages
Cryptanalysis: The Art of breaking coded
messages
Cleartext: the original message
Ciphertext: the encoded message
Key: Input to the cryptographic algorithm
Passphrase: User input from which the key
is usually derived
Part I
The Ciphers
◄ contents
Early History: Caesar Cipher


Classically attributed to Julius Caesar
Simple “Shift By Three to the Right” Rule
–



“ATTACK” would become “DWWDFN”
Easily Breakable if you knew the Rule
Today, easily breakable otherwise as well
Demo
Transposition Ciphers


Message Written in a Rectangular Block
Letters transposed in Pre-arranged order
ATTACK CORSICA AT DAWN becomes
A
K
I
D

T
C
C
A
T
O
A
W
Demo
A
R
A
N
C
S
T
X
AKID TCCA TOAW ARAN CSTX
Vigenère Cipher




Attributed to French mathematician Blaise de
Vigenère, 1585
Generalization of the Caesar Cipher
Bidirectional n-Shift cipher
Considered secure until 1863
–

The Kasiski/Kerchoff method of Frequency
Analysis and the “Index of Coincidence”
Demo
One Time Pad (“Vernam Ciphers”)







Special Case of the Vigenère Cipher
Plaintext length == Key length
Key is assumed to be random
Proven to be mathematically secure against all
attacks
Randomness not easy to generate
Non-randomness of key makes algorithm breakable
Has been used for ultra-sensitive telephonic hotlines
WWII: The Enigma




Mechanical Device: Gears/Plugs
Essentially a complex polyalphabetic cipher
Key Transport major issue
GCHQ cracked it
–

Turning point in the war
Demo
A Taxonomy of Ciphers

Substitution Ciphers: The Ciphertext is formed by
mathematically transforming the Plaintext
–

Transposition Ciphers: The Ciphertext is formed by
re-arranging the Plaintext
–

Most commonly Used
Considered Primitive
Concealment Ciphers: The Plaintext is “hidden”
away from ordinary view
Substitution Ciphers



Monoalphabetic: only one sort of
substitution is used, e.g. Caesar
Polyalphabetic: more than one substitution,
e.g. Vigenère, Enigma
Block Cipher: Operates on discrete blocks
of plaintext, outputs discrete blocks of
ciphertext, e.g. DES, Blowfish, Rijndael
–
Ideal for offline encryption of large blocks of data
at a time
Substitution Ciphers, contd.

Stream Cipher: generates a keystream and
combines with plaintext to form ciphertext,
e.g. RSA’s RC4
–
–
–
–
Suitable for online encryption of smaller chunks of
data, e.g. Encrypting Voice Comms
Approximates a One Time Pad when used this
way
Much faster than block ciphers for online work
Block ciphers can also emulate stream ciphers,
though slowly
Symmetric Ciphers




Used for most heavy-duty encryption today
DES, Blowfish, Twofish, Rijndael…
One Common Key for Encryption and
Decryption
Decryption is the mathematical inverse of
encryption, i.e.:
–
–
F(plaintext, key) = ciphertext
F(ciphertext, key) = plaintext
The Key Distribution Problem





Throughout history, ciphers were symmetric
Symmetric Ciphers share encryption and
decryption keys
Key Dist presents practical problems
Prone to Man-in-the-middle attacks
This situation lasted until 1976
Enter Public Key Cryptography




Known to British and American Intelligence
since the 1960s as “non-secret encryption”
Non-classified invention would take 15 more
years
Practical only with large scale computer
resources
Concept and Key-Exchange technique
proposed by Diffie/Hellman, 1976
–
No Cryptosystem implementation
R, S and A




First Practical of a Diffie/Hellman
Cryptosystem
Rivest, Shamir, Adelman 1978
System allowed Encryption/Decryption, Key
Exchange and Message Signing
Other PK algorithms today:
–

Diffie/Hellman, ElGamal, DSA
Even today, RSA probably most versatile
The RSA Algorithm







Choose two primes p and q.
Compute n = pq and s = (p-1)(q-1).
Choose e such that e is relatively prime to s and e <
s. Find d such that de = 1 mod s and d < s.
The private key KR = {d, n}.
The public key KU = {e, n}.
Encryption is: C = me (mod n).
Decryption is: M = Cd (mod n).
RSA for Encryption





Let p=7 and q=17.
Thus n = pq = 119.
Thus s = (p-1)(q-1) = 96.
We choose e = 5.
We determine ‘d’ to be 77, since 77x5 = 385 = 4x96 + 1, that is,
de=1 mod s and d < s
Encryption (for a plaintext M = 19).
(19^5) % 119 = 66
Decryption (for a ciphertext M = 19).
(66^77) % 119 = 19
RSA For Signing
Using the same parameters as before, we will
encrypt our plaintext (19) using our private key. This
is equivalent to “signing”
Signing (for a plaintext M = 19)
(19^77) % 119 = 66.
 The corresponding decryption using our public key is
called “verification.”
Decryption (for a signed text S = 66)
(66^5) % 119 = 19.

PK vs. Symmetric Ciphers




Symmetric Algorithms not obsolete
PK Ciphers far too slow
PK ciphers better suited to transporting symmetrical keys or
message digests than general purpose encryption.
PK Ciphers require very large keys to attain decent security
–


a 128 bit RSA key is very weak compared to a 128 bit Blowfish
key.
PK Algorithms tend to be simple mathematically, depending on
the NP-hardness of their algorithms for security
Symmetric algorithms tend to be convoluted because of
multiple steps, many of them non-linear.
Hashes and Steganography

Hashes Verify Message Integrity
–
–

Creates a fixed size output from variable-length input
using a one-way series of transforms
MD5 and SHA-1 are the most used algorithms
Steganography attempts to hide “real” messages
within a larger, “innocent” message
–
–
Often used to disguise the fact that any message is
being transmitted at all
Demo
Part II
The Politics
◄ contents
The Politics of Crypto



Cryptography doesn’t occur in a vacuum
Crypto exists because bad guys exist
Crypto products are munitions according to
the US BXA
–
–

Illegal Export is a federal felony
After 9/11, can be a terrorist-abetment offence
If you work on crypto, know your laws!
Indian Law

Import not restricted
–

License may be required
The IT Act 1999 requires mandatory key
surrender if required for national security
US Cryptographic Law

US prohibits export of certain “grades” of
cryptographic products
–

Most cryptographic functions in US software
used to be crippled badly before export
–
–

Though they are very easily downloadable over
the Net
MSIE 4, 5 with “56 bit” security
Lotus Notes with “64-24 bit” security
Today, general export (except to the Terrorist
“T-7” nations) is permitted
US Laws, contd.

Allowed (2002 Rules):
–
Nearly all Symmetric Algorithms

–
–

Lengths above 64 bits require mandatory notification
PK Ciphers up to 512 bits
Elliptic Curve Ciphers up to 112 bits
Why is US Law so Important?
–
–
–
Largest exporter of Software
Most European Countries have a problem with
this
Germany currently funding GPG
Part III
Security and Privacy
◄ contents
The Crypto Wars





Daniel Bernstein waged a legal battle to
declare the US Crypto Export Regulations
illegal
Philip Zimmerman wrote PGP to take crypto
to the masses
The hope was that good, ubiquitous crypto
would make computing secure for everyone
Eventually, the Crypto Regulations crumbled
Is secure computing there yet?
The Bigger Picture



Cryptography is one step towards achieving
a secure system, or our privacy
By itself, it guarantees nothing
Security is a Process
–
–
–
No silver bullets
Not even cryptography
All crypto is breakable, given enough time and
computer resources
The Black Hats Strike Back

BonziBuddy, Kazaa and Nimda
–

Crypto too hard to use for common users
–

Threats for a new generation
Despite S/MIME, secure email has not taken off
Palladium (MS) and TCPA (Intel) now aim to
take crypto into hardware
–
But not all the security infrastructure in the world
will help protect non-security-minded users
Pretty Bad Privacy

“In God we trust. All others we monitor.”
–






Tongue-in-cheek NSA motto
28 dishes
100k simultaneous calls
2 million messages/hr
17.5 billion messages/yr
And that’s just one station: Menwith Hill, UK
Plus satellite interceptors, undersea taps, etc
And it gets worse

With strong crypto proliferating, NSA stated policy is
to now go “beyond crypto”
–
–
–
–
–

Keystroke Logging to capture keystrokes
Van Eck Phreaking to read characters from Electromagnetic
Radiation from monitors
Spy Satellites can now spot 10cm2 objects from orbit
Mandated ISP taps (Carnivore)
Social Engineering
9/11 has added urgency
–
–
Intelligence agencies must combine/pool databases
The goal is “Total Information Awareness”
That Said…

…crypto is not totally useless

Good crypto is good enough to stop
industrial espionage, network snoopers and
casual crackers/script kiddies

Crypto-enabled protocols are much more
secure than vanilla FTP, Telnet or HTTP
Improving Computer Security

Become Security Aware
–

No Magic Bullets
–




Security is a Process
Windows, Linux, Trusted Solaris: all need work
Encrypt Network Traffic: SSH, HTTPS, SFTP
Use IPSec and DNSSec if you can
Avoid Single Points of Failure
Audit !
Thanks for Listening!
Questions?
◄ contents
Further Exploration

Light Reading
– The Code Book, Simon Singh

Introduction
– Cryptography and Network Security, William
Stallings

Graduate Level
– Handbook of Applied Cryptography

http://www.cacr.math.uwaterloo.ca/hac/
On the Internet

sci.crypt FAQ
–

Crypto Link Farm
–

http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html
http://www.cs.auckland.ac.nz/~pgut001/links.html
Crypto-Gram
–
http://www.counterpane.com/crypto-gram.html
The End