Transcript encryption - Boston University

Encryption
Monica Stoica,
[email protected]
Books and papers used:
http://www.sun.com/software/white-papers/wp-security-devsecpolicy/
http://people.cs.uchicago.edu/~cbarnard/pgptalk/digsig.html
A method for Obtaining Digital Signatures and Public Key Cryptosystems, ACM
Intro
Even before the modern electronic age, militaries
and individuals encoded sensitive messages.
For example, in World War II, the Nazis used an
encryption machine called Enigma that manipulated
text through a series of alphabetic transformations to
make the encoded text, called ciphertext,
unreadable to the casual observer (Sale).
Decoder rings are a popular item to put into a box of
cereal, and they allow children to send and receive
secret messages and pretend they are an
international spy like James Bond or Ethan Hunt.
Introduction to Encryption
The benefits of this technology are many and varied,
ranging from E-commerce to personal privacy issues.
However, as with most good things, this technology
can be used for evil purposes as well. Just as a
person interested in maintaining their personal
privacy could use this technology to protect their
credit card information for example, a terrorist
could encrypt messages sent to worldwide
operatives and prevent law enforcement from
understanding their movements.
The American people have already decided that the
benefits of encryption outweigh the potential risks
and policy intended to limit this technology is
doomed to failure.
Why Use Encryption?
When you send a piece of first class mail, you
probably seal the envelope. With that action,
you are moderately comfortable that your
message will be delivered at the receiving end
without anyone in between reading it, or if it has
been intercepted your recipient can tell. If
someone wanted to watch all of the surface
mail traveling through a certain point, he or she
would have to open each envelope, read the
information, and then reseal the envelope and
have the message continue on its way. Very
time consuming.
E-mail
In the electronic world, however,
everything is different. Your email
message travels in the clear through
numerous computers between you and
its destination, and at any one of those
points the message could be read
without your knowledge.
.
.
Use Encryption
Everyone seals the envelope when they send
a first class letter. It therefore doesn't draw any
attention. In the electronic world, though, it is
still a minority of people who use encryption.
This is unfortunate, because it draws attention
to yourself. People think to themselves "I
wonder what this person has to hide" when in
fact the encrypter is simply exercising his or
her rights to privacy. That’s why its imperative
to get many people using encryption.
Once "all of your friends are doing it" it will no
longer be considered unusual to be
exercising your right to privacy.
Conventional Cryptography
With conventional cryptography, you
encrypt your message with a key. This key is
needed to both encrypt and decrypt. You and
your recipient both have that key, and only
those with that key can decrypt the message.
Problem: How do you get that key to your
recipient? If you're a rich government, you can
send couriers around with deciphering pads. It
was this problem that kept good cryptography
from ordinary folks for a long time.
PGP Intro
With public key cryptography, there are two keys
involved. One key is needed to encrypt (the recipient's
public key) and another key is needed to decrypt (the
recipient's private key). Both keys are needed: once
you've encrypted your message with one of these
keys, you can only decrypt it with the other.
So when you use PGP, you create a keypair. One of
those, the public key, you publicize as widely as
possible. The other one, the private key, you keep
safe. Anyone who wants to send you private email
encrypts the message with your public key. Once that
message is encrypted, only you -- the owner of the
corresponding private key -- can decypher the
message.
PGP Intro
Public key cryptography is computationally
very expensive. It takes a lot of computing
power to decrypt and encrypt a message.
Therefore, PGP can be done by encrypting your
message with a conventional algorithm (the
IDEA algorithm), and then use the recipient's
public key to encrypt just the IDEA key needed
to decrypt the message.
Public Key Distribution
There are two ways that keys could be
distributed. One way is to have a central
clearinghouse that will be responsible for the
authenticity of all keys that it has. When you
create a key, you give it to this clearinghouse,
convince them that it is genuine, and then
they distribute it to whomever wants it. This is
how other encryption algorithms work.
PGP doesn't do this. Its that Cental Authority
part that PGP users don't like. Instead, there
is something called a Web of Trust.
Example of how PGP Works
John creates his key pair and wants to
distribute his public key so that anyone can
send him email.
The first thing he does after he's made the key
available is walk down the hall to Sue's office to
get her to sign it.
She adds the key to her public keyring, verifies
with John that it really is his key, and she signs
it. The easiest way to verify the key is to
compare its fingerprint.
Example
John then takes a copy of his key with her
signature and makes that version of his
public key available.
Now anyone who gets his public key will
find Sue's signature attached to it. So if Bill
gets the key and doesn't know John but
does know Sue, he can use the key
confidently because he can verify Sue's
signature. Sue is guaranteeing John's key.
Verifying Public Keys
If you receive a public key from someone,
either out of their plan, or in the mail, or
wherever, you want some way to verify that it
is correct. If you were masochistic you could
try to read it, character by character, on the
phone back and forth to make sure that its
right, but I think you'll agree that reading the
following page over the phone is just more
painful than you care to consider.
Too Long…
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2
mQB9Ai5SBjIAAAEDgMEH/SL1oVXTCojeQFs+LtIbMKTyDOakGe6PVNofoIYBzJOC
efPBJuPjAhsy1wdN+drKTzUmc5jttQjAOz/8GdTyDd/Dn2KbdK1nUkhL0uVjQcQK
t0I1SwLTNRglqUIk2vgxEn9yusgRKueJy+Gcla0ABRG0KENocmlzdG9waGVyIEwu
IEJhcm5hcmQgPGNiYXI0NEBjYm90LmNvbT60MUNocmlzdG9waGVyIEwuIEJhcm5h
cmQgPGNiYXJuYXJkQGNzLnVjaGljYWdvLmVkdT6JARUDBRAw9wFk6Ua5BDQ4WtEB
AWc/CACKDihbhCb3hxNGDGnphk6wC43v/iX3xsIherTivzpPFzNhbJn7GdWy36Zi
H21sS927QvxurE3C8TLPqTIH3vLP6z+5kgHnXKw6uxJQIRvhKfawlIqBssELozyB
SjaMxqt16694cdyx9F6D/XgZPwGT0ndQjD1wjrLCuhGk8rvTHiOA5kIzp2k2+0JH
pcXuQ5Hm+pIAdUkDOTBG3DX9xrRxz7TayLEWODJ0XRw6xRn0v/Vyu3bmNAUyUf6V
qwAnXqS40mkEXyh8ZlH70XPXhK2zNHgplld/ogwh/RSLUnr+Z/aIwb/Suj9vRMmP
z3ojbk8yYJOOXiy88OtkO6aiyCgmiQCVAwUQL7qaL+WsBFE8FmB5AQH/9wP+NKQB
Eh0IeQm10KTdL95+ZSKioGzqCpG591KXbPTHyRpbuYgteDoDoAGCiZ7taE7dU2Pl
3vuzk5NRyl0yq1VTL6/3crT5CYTgbzBf9BoxIwlLP5kKHShjiYAqrpKMFF/aDNjg
PouUcRa27nDDBDC8XK8CydqjV69HFJTouyFQEHmJAJUDBRAv3hJO+0dzfX9RB5kB
AV7uA/9h622/Ko0Vz8WsB0EkT/kT5MQvZggqJ5AdaFNhv7u8201wWUrSWc+jNiR4
kVPWu4GqiCbtVcynj7EnzUouJ1r1XQm7qFIM9JC/mkZRjsw6UU/h2AxmVcU2XO4N
QKcplHEjEX3KzBqgpdHy2zl0uQKCUGjOKz96xfx8P3HieFAlFIkAlQMFEC/l0hlz
4iuXPmYitQEBCdgD/iJn1C+t34sCk5HWfHG7EYZRaJUn/prXUJFiR7LvOXGLWJni
EMa4xalYHqQxnyiOOpoGxwOAUzUhiltLVKPfQvW7X3psaH4P30z3ynT73EKU4aOE
prjz7JhkERbiEqQmO0oQTs42FUgdHQkAmDgXr8uu7R770rso5WgqL7ShKPFfiQCV
AwUQLylvCa80BYcJwzvpAQF2mwP9FshepD176YuNiBttZuWUv9S++Z7Nj/T9b4sF
P4RMUKh7lh7hCAXMujJU+Gyu8zt28lfVf59IlLrQ+zHcLLISlcS0KrO92FZBi/Ys
EPlvjKIFCdO92vqKyPssrl4gHoQ7HdqgqUfjHSxcGDD72L3qeQXncIpG80v2k5fH
4ZNYGueJAJUDBRAvOkOg1H1Y19E3Ei0BASAwBADlJ96kDH9e0KTEWioWJwvx2q9K
n3hLzFGakxhsDWu69SbS6c24wX5SiW94gZSVIa3+Y2c5JJzMN/TWUeIfNZ/k2lpv
xxmARlT4Y42UWANgdJzeG2CEn8Ckxd/deNuTuwPImhy9EwgBNDkPiAGUV/3grUw0
pI81CcZv9MruJM6fpYkAVQIFEC5T2iM62cajbWLdNQEBlKgCALQ8UqtOdapPPZso
Uqrb59W5iNWU0HWm2CCRpsea1IriqFN1v2Cgod4AFuuXHxdxjl4+75uPqrb/4Rza
+3+vNH+JAIUDBRAuh0MtKueJy+Gcla0BATfTA3wKlwaR5cxNEJjbhWsUPEiynd5G
FRAKkGs2PhOj/83WgTbNBV88xOjok0Dm6voBdeFJd9xRMKd41J63hI8PRVIciyK+
EJJK3vf1SbW+AwwQMi38I+R/49q1KR1OaLbvHGnq81Z4OjojS9LV9DTxM6tF =4uim -----END PGP PUBLIC KEY
BLOCK-----
Fingerprints
A fingerprint is an MD5 checksum of the public
key, and is much easier to read.
The MD5 (Message Digest number 5) value for
a file is a 128-bit value similar to a checksum.
Its additional length (conventional checksums
are usually either 16 or 32 bits) means that the
possibility of a different or corrupted file
having the same MD5 value as the file of
interest is drastically reduced.
Because every different file has an effectively
unique MD5 value, these values can also be
used to track different versions of a file.
Generating Fingerprints
You should generate the fingerprint of your
public key as soon as you create it, and write it
down somewhere.
Getting PGP
ITAR regulations restrict access to PGP to United
States and Canadian citizens. So if you are a citizen of
the US or Canada, you should get the latest version of
PGP (currently 2.6.2) from the official MIT distribution
site at http://bs.mit.edu:8001/pgp-form.html
If you are outside of the United States or Canada, you
should get the program from a European or Asian
mirror site. This site in England has a fairly complete
list of sites around the world where you can obtain
PGP for Unix, Mac, or PC platforms. If you are a
commercial company, you should get version 2.7, the
commercial version, from ViaCrypt.
If you have problems compiling PGP, a FAQ is
available from the same site that distributes PGP.
How to Encrypt a Message
A message is encrypted by representing it as a
number M, raising M to a publicly specified
power e, and then taking the remainder when
the result is divided by the publicly specified
product, n, of two large secret prime numbers p
and q.
Decryption is similar; only a different, secret,
power d is used, where e * d = 1 (mod (p - 1) *
(q - 1)).
The security of the system rests in part on the
difficulty of factoring the published divisor, n.
Signatures
If electronic mail systems are to replace the existing
paper mail system for business transactions, "signing"
an electronic message must be possible.
The recipient of a signed message has proof that the
message originated from the sender. This quality is
stronger than mere authentication (where the recipient
can verify that the message came from the sender);
the recipient can convince a "judge" that the signer
sent the message.
To do so, he must convince the judge that he did not
forge the signed message himself! In an
authentication problem the recipient does not worry
about this possibility, since he only wants to satisfy
himself that the message came from the sender.
Electronic Signatures
An electronic signature must be messagedependent, as well as signer-dependent.
Otherwise the recipient could modify the
message before showing the messagesignature pair to a judge.
Or he could attach the signature to any
message whatsoever, since it is impossible
to detect electronic "cutting and pasting."
Using signatures in every day
life
An electronic checking system could be based
on a signature system. It is easy to imagine an
encryption device in your home computer
terminal allowing you to sign checks that get
sent by electronic mail to the payee.
It would only be necessary to include a unique
check number in each check so that even if the
payee copies the check the bank will only honor
the first version it sees.
Signatures
Another possibility arises if encryption devices can be
made fast enough: it will be possible to have a
telephone conversation in which every word spoken is
signed by the encryption device before transmission.
When encryption is used for signatures as above, it is
important that the encryption device not be "wired in"
between the terminal (or computer) and the
communications channel, since a message may have
to be successively enciphered with several keys. It is
perhaps more natural to view the encryption device as
a "hardware subroutine" that can be executed as
needed.
Sending checks to the bank
How can user Bob send the bank a "signed"
message M in a public-key cryptosystem?
He first computes his "signature" S for the
message M using DB :
S = DB (M).
He then encrypts S using EA (for privacy) and
sends the result EA (S) to the bank. He need
not send M as well since it can be computed
from S.
The Bank
The bank first decrypts the cyphertext with DA to
obtain S. The bank knows who is the presumed
sender of the signature.
The bank then extracts the message with the
encryption procedure of the sender, in this case EB
available on the public file:
M = EB (S)
The bank now posses a message-signature pair
(M,S) with properties similar to those of a signed
document. Bob cannot later deny having sent to the
bank this message since no one else could have
created S = DB (M). The bank can convince a judge
that EB (S) = M, so the bank has proof that Bob
signed the document