Transcript Document

IS 302: Information Security and Trust
Week 2: Encryption Basics
2012
Treasure Hunter’s Parchment
•
“53‡‡†305))6*;4826)4‡);806*;48†8
¶60))85;I‡(;:‡*8†83(88)5*†;46(;88*96
*?;8)*‡(;485);5*†2:*‡(;4956*2(5*-4)8
¶8*;4069285);)6†8)4‡‡;I(‡9;48081;8:8‡
I;48†85;4)485†528806*81(‡9;48;(88;4
(‡?34;48)4‡;161;:188;‡?;”
© Yingjiu Li 2007
2
Confidentiality
• How to protect message from adversary?
Mallory
The secret is…
Bob
© Yingjiu Li 2007
plaintext
Alice
3
Cryptography
• Use a language that only Alice and Bob can
understand
Mallory
Nz dsfejr dbse ovncds jt…
Bob
© Yingjiu Li 2007
ciphertext
Alice
4
Concepts
• Cryptography – hidden writing
• Encryption – encode or encipher
• Decryption – decode or decipher
• Cryptosystem – a system for encryption and decryption
• Cryptographer – anyone who invents encryption
algorithms
• Cryptanalyst – anyone who attempts to break encryption
algorithms
• Cryptology – research of encryption and decryption,
including both cryptography and cryptanalysis
© Yingjiu Li 2007
5
Cryptosystem
Plaintext
P
Encryption
Algorithm E
Ciphertext
C
Decryption
Algorithm D
Plaintext
P
• Algorithms with a parameter – key K
© Yingjiu Li 2007
6
© Yingjiu Li 2007
Jeff Moser: http://www.moserware.com/2009/09/stick-figureguide-to-advanced.html
7
Encryption
• Encryption
– Input: plaintext and
key
– Output: ciphertext
Plaintext
Encryption
Function
© Yingjiu Li 2007
8
Decryption
• Decryption
– Input: ciphertext and
a key
– Output: original
plaintext
Decryption
Function
Plaintext
© Yingjiu Li 2007
9
Symmetric Cryptosystem
Plaintext
P
Encryption
Algorithm E
K
Ciphertext
C
Secret channel
Decryption
Algorithm D
Plaintext
P
K
• C=E(P,K)
• P=D(C,K)
© Yingjiu Li 2007
10
Cryptanalysis (Attacks)
• Cryptanalyst (Mallory)
– E and D are public
– Given ciphertext, find plaintext
– What else Mallory knows?
Ciphertext only Mallory knows ciphertext only
Known
plaintext
Mallory happens to know some plaintextciphertext pairs
Chosen
plaintext
Mallory knows some plaintext-ciphertext pairs for
selected plaintext
Chosen
ciphertext
Mallory knows some plaintext-ciphertext pairs for
selected ciphertext
© Yingjiu Li 2007
11
Classical Ciphers
•
•
•
•
Caesar cipher
Vigenére cipher
Zimmerman cipher
Vernam cipher
© Yingjiu Li 2007
12
Caesar Cipher
– Shifting alphabet
– How many possible keys?
© Yingjiu Li 2007
13
Discussion
• Follow me with CrypTool
• Observation:
– The break between two words is preserved
– Repeated letters are mapped to repeated letters
• Decrypt the following Caesar cipher
– Wklv phvvdjh lv qrw wrr kdug wr euhdn
– Hints: Observe the following patterns
• Wrr, wr
• Wklv, lv
© Yingjiu Li 2007
14
“Unbreakable” cipher: Vigenére
Tableau
– Same letters are not mapped to the same letters
– Encrypt
• Keyword: hothot (repeat: row)
• Plaintext: attack (column)
• ciphertext: hhmhqd
– Decrypt
• Keyword: hothot (repeat: column)
• Ciphertext: hhmhqd (from that column find c letter)
• Plaintext: attack (the index of row)
© Yingjiu Li 2007
15
© Yingjiu Li 2007
16
Discussion
– Follow me with CrypTool
– How “unbreakable” is Vigenére cipher?
© Yingjiu Li 2007
17
Codebook/Zimmermann Cipher
• A codebook is literally a dictionary-like book containing
words and their corresponding codewords.
• Zimmerman Telegram
Februar
fest
finanzielle
folgender
Frieden
Friedenschluss
13605
13732
13850
13918
17142
17149
• What is the key?
• Compare it with Vigenére cipher w.r.t key size
•© Yingjiu
How
secure is Zimmermann cipher?
Li 2007
18
Zimmerman Telegram Decrypted
© Yingjiu Li 2007
19
Perfect Cipher
© Yingjiu Li 2007
20
Vernam Cipher
• The only unbreakable stream cipher
1 0 =1; 0 1=1
0 0 =0; 1 1=0
Plaintext
Exclusive OR
P
Ciphertext
Exclusive OR
C
K
Secret channel
Plaintext
P
K
– K: a long, non-repeating sequence of random numbers
© Yingjiu Li 2007
21
Vernam Cipher
• An example of Vernam Cipher
– Alice:
1 0 =1; 0 1=1
0 0 =0; 1 1=0
P: 100 010 111 011 110 001…
K: 010 011 101 101 010 111…
C: 110 001 010 110 100 110…
– Bob:
C: 110 001 010 110 100 110…
K: 010 011 101 101 010 111…
P: 100 010 111 011 110 001…
© Yingjiu Li 2007
22
Discussion
• Follow me with CrypTool
• Why is Vernam cipher perfectly secure?
© Yingjiu Li 2007
23
Modern Ciphers
• Basic ideas: confusion and diffusion
• Combinations
• Evaluation
© Yingjiu Li 2007
24
© Yingjiu Li 2007
25
Confusion
•
Permutation operations
1. First remove spaces
•
A legitimate receiver can
breakmostmessagesintowordsfairlyeasily
2. Then break messages arbitrarily into blocks of
a uniform size (e.g., every five letters)
3. Map each plaintext letter to a unique
ciphertext letter (usually in the same alphabet)
•
© Yingjiu Li 2007
How many keys for permuting 26 English letters?
26
Caveat
• All permutation ciphers are subject to
– ciphertext only attack
– not to mention known plaintext attack, chosen plaintext
and chosen ciphertext attacks
© Yingjiu Li 2007
27
Frequency Attack
© Yingjiu Li 2007 source:
28
http://knight.cis.temple.edu/~jfiore/2006/fall/386/handouts/ch2/ch2_part2_4ups.pdf
Diffusion
– Spread out the message by re-arranging letters
© Yingjiu Li 2007
29
Product Cipher
Combinations of confusion and diffusion
operations in many rounds
– DES (56 bits) 16 rounds
– AES (128, 192, 256) 9, 11, 13 rounds
• Deterministic vs non-deterministic
© Yingjiu Li 2007
30
Evaluation
• Shannon’s characteristics of good ciphers
– Amount of secrecy (key size) determines
amount of labor
– Set of keys and enciphering algorithm are
simple
– Implementation is simple
– Errors do not propagate
– Size of ciphertext is no larger than original
message
© Yingjiu Li 2007
31
How Secure is Secure
Computational
security
It takes your computer
at least 1000 years to
break my cipher!!
No matter how powerful
your computer is, you
don’t have enough
information to defeat the
system !!
© Yingjiu Li 2007
Unconditional
security
32
However…
© Yingjiu Li 2007
33
Hands-On Exercise
• Installation:
– Download LabPrep.doc and follow its
instructions to install
• OpenSSL (Win32openSSL-0_9_8d.exe)
• HHD HexEditor (http://www.asciitable.com/)
• JCE (jdk-1_5_0_08-windows-i586-p.exe)
– Mac computers have already these tools preinstalled
© Yingjiu Li 2007
34
Hands-On Exercise
• Testing:
– Download LabTest.doc
– Follow its instructions in section 2.1 to test
openSSL
– Follow its instructions in section 2.2 to test JCE
© Yingjiu Li 2007
35
Introduction to OpenSSL
• OpenSSL is an open source toolkit to ensure
secure communication.
–
–
–
–
Symmetric key (secret key) encryption
Asymmetric key (public key) encryption
Message Digests and digital signatures
Certificates
© Yingjiu Li 2007
36
Example 1: Keys Generation
openssl genrsa -des3 -out privkey.pem 2048
• genrsa – Generates RSA Key
• des3 – Password protects the key using triple DES
encryption
• out <filename>– Save the key in a file. In this
example, its privkey.pem
• <key size> -Size of the key generated. In this
example, its 2048 bits
© Yingjiu Li 2007
37
Example 2: Certificate Request
openssl req -new -key privkey.pem -out cert.csr
• req - Generate certificate request.
• new –New certificate request.
• key <file name> - Specify the file to read the private
key from. In this example, its privkey.pem
• out <file name> - Save the request in a file. In this
example, its cert.csr
© Yingjiu Li 2007
38
Example 3: Encryption
openssl des3 -salt -in file.txt -out file.des3
•
•
•
•
des3 – Encrypt using the TripleDES algorithm
salt - Use a salt in the key derivation routines
in <file name> - Input file with the clear message
out <file name> - Output file with the encrypted
message
– Users will be prompted to enter a password to
complete the encryption
© Yingjiu Li 2007
39
Example 4: Decryption
openssl des3 -d -salt -in file.des3 -out file.txt
•
•
•
•
des3 – Use the TripleDES algorithm
d – decrypt the file
salt - Use a salt in the key derivation routines
in <file name> - Input file with the encrypted
message
• out <file name> - Output file with the decrypted
message
– Users will be prompted to enter a password to
complete the decryption
© Yingjiu Li 2007
40
Introduction to JCA and JCE
• Java Cryptography Architecture (JCA) is part of Java
2 run-time environment.
 java.security.*
•
Java Cryptography Extension (JCE) is an extension to
JCA and is integrated into Java 2 SDK since the 1.4
release.
 javax.crypto.*
© Yingjiu Li 2007
41
JCE Core Classes
– Cipher Class
• Provide the functionality of encryption and decryption
– KeyGenerator Class
• Generate secret keys for encryption and decryption
– The SealedObject Class
• Create an object and protect its confidentiality
– The Mac Class
• Provide integrity protection with Message Authentication
Code (MAC).
Reference:
© Yingjiu
Li 2007 http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
42
Class: java.crypto.KeyGenerator
Methods:
– getInstance(String algorithm)
• Creates an instance of KeyGenerator for a specific algorithm such as
• “AES”,“DES”,”HMACSHA1”
– generateKey()
• Generate a key for the algorithm specified in the KeyGenerator
instance
© Yingjiu Li 2007
43
Example: Key Generation
• The following example generate a SecretKey
object using AES.
//Create an instance of KeyGenerator with algorithm AES
KeyGenerator kg = KeyGenerator.getInstance(“AES");
//Generate the secret key
SecretKey mykey = kg.generateKey();
© Yingjiu Li 2007
44
Secure Key Storage
• JCA provides an extensible architecture to
manage keys through KeyStore.
• A KeyStore object maintains an in-memory table
of key and certificate entries, indexed by alias
strings, allowing retrieval, insertion and deletion
of entries.
• Keystore files are usually password protected.
© Yingjiu Li 2007
45
Class: java.security.KeyStore
Methods:
– getInstance (String type)
• Create an instance of KeyStore of the specified type.
– load(InputStream stream, char[] password))
• Open keystore with password and load keys from keystore file to
memory
– getKey(String alias, char[] password)
–
• Access the keystore with password and get the key based on a given
key alias
setEntry(String alias, KeyStore.Entry entry,
KeyStore.ProtectionParameter protParam)
• Set a new key entry in the keystore
– store(OutputStream stream, char[] password)
• Store this keystore to the given output stream, and protect its integrity
with the given password.
© Yingjiu Li 2007
46
Example:Create a null KeyStore object
• The following sample creates null KeyStore
object with password protection.
//Create an instance of KeyStore of type “JCEKS”.
//JCEKS refers the KeyStore implementation from SunJCE provider
ks = KeyStore.getInstance("JCEKS");
//Load the null Keystore and set the password to “changeme”
ks.load(null, "changeme".toCharArray());
© Yingjiu Li 2007
47
Example:Set Key Entry
• The following sample sets the generated key “mykey” in
the KeyStore.
//Create an instance of KeyStore.SecretKeyEntry using “mykey”
KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mykey);
//Get key alias name from user input.
String alias=args[0];
//Create KeyStore Password
KeyStore.PasswordProtection password;
password = new KeyStore.PasswordProtection("changeme".toCharArray());
//Set the key entry in the key store with an alias.
ks.setEntry(alias, skEntry, password);
© Yingjiu Li 2007
48
Example:Store KeyStore object in file
• The following sample writes the KeyStore object
into a file for storage.
//Create a new file to store the KeyStore object
java.io.FileOutputStream fos = new java.io.FileOutputStream("keystorefile.jce");
//Write the KeyStore into the file
ks.store(fos, "changeme".toCharArray());
//Close the file stream
fos.close();
© Yingjiu Li 2007
49
Example:Retrieving Keys from KeyStore
• The following sample retrieves keys from a KeyStore
file.
//Open the KeyStore file
FileInputStream fis = new FileInputStream("keystorefile.jce");
//Create an instance of KeyStore of type “JCEKS”
ks = KeyStore.getInstance("JCEKS");
//Load the key entries from the file into the KeyStore object.
ks.load(fis, "changeme".toCharArray());
fis.close();
//Get the key with the given alias.
String alias=args[0];
Key k = ks.getKey(alias, "changeme".toCharArray());
© Yingjiu Li 2007
50
A Quick Review
•
Which of the following is subject to
frequency attack?
1. Caesar cipher 2. Vigenére
•
3. Vernam
A perfect cipher is?
1. Combination of confusion and diffusion
2. Combination of substitution and transposition
3. Unconditionally secure
© Yingjiu Li 2007
51