BASICS IN CRYPTOGRAPHY AND SECURITY
Definitions:
Cryptography: Cryptography is the art or science encompassing
the principles and methods of transforming message into one that is unintelligible,
and retransforming that to its original
form.
plaintext: The original
intelligible message.
ciphertext: The transformed message.
cipher:
An algorithm for transforming and intelligible message into one that
is unintelligible by transposition and/or substitution methods.
Encryption: The process of converting
plaintext to ciphertext using a cipher and a key.
Decryption: The process of converting
ciphertext back to plaintext using a cipher and a key.
Cryptanalysis: Cryptoanlysis is the practice of analyzing
and breaking cryptography. It is important that the cryptographic
algorithms
one uses be resistant to cryptoanalysis. Also called codebreaking.
Cryptography: The study of both cryptography and
cryptanalysis.
Authentication: The assurance of identity of originator of data.
Common security threats:
- Identity interception - Somebody might steal your identity and
use it as their own.
- Masquerading - If you send
your username and password in cleartext, somebody might grab it from the
network.
- Replay attack - Capturing
a request and replaying it.
- Data interception and manipulation
- Repudiation
- Denial of service
Approaches to security:
- Link encryption: Each vulnerable communication
link is equipped on both ends with an encryption device. It has the
following
disadvantages:
- It is only effective only if all potential
weak links from source to destination are secured.
- It violates end-to-end argument.
- End-to-end encryption: Data is encrypted only at the source
node and decrypted at the destination node.
- We cannot encrypt the header, so data is secure
but the traffic pattern is not secure. Here traffic pattern refers to
- Identities of partners
- How frequently do two partners communicate.
- Message patterns. Eg: length, time.
Solution:
Use a combination of both procedures.
Other layers at which security
can be implemented:
- Network layer encryption: Examples: IPSEC,VPN,SKIP
- Transport layer security: Examples: SSL,PCT(Private
communication technology).
- Application layer security: Examples: Privacy enhanced
mail, Pretty good privacy, SHTTP
Taxonomy of ciphers:
- Monoalphabetic cipher: letters of the plaintext are mapped
into unique letters.
- Polyalphabetic cipher: Letters of the plaintext are
mapped into ciphertext space depending on their position on the text.
- Stream cipher: A key stream
is generated and is used to encrypt data. Encryption/Decryption is done one
symbol at a time.
- Block cipher: Encryption/Decryption
is done on fixed size blocks.
Cryptanalysis:
The art of breaking ciphers is known as cryptanalysis.
Methods of cryptanalysis:
- Ciphertext-Only : The opponent possesses
a string of cipher text y.
- Known plaintext: The opponent
possesses a string of plaintext x, and the corresponding ciphertext string
y.
- Chosen plaintext: The opponent
can choose a plaintext string x and construct corresponding ciphertext string
y : he has
obtained access to encryption
machinery.
- Chosen ciphertext: The opponent
has obtained access to decryption machinery. He can chose ciphertext string
y and construct
the corresponding plaintext string x.
Types of security:
There are two fundamentally different ways ciphers may be secure.
- Undonditional security:
- No matter how much computing power is available, the cipher
cannot be broken.
- Computational security:
- It may one one of the following:
- Given limited computing resources (e.g., time needed for calculations
is greater than time of universe), the cipher cannot be broken.
- Provide evidence of computational security by reducing the
security of cryptosystem to some well-studied problem thought to be
difficult (e.g, factoring). Such systems are called Provably secure.
To enhance privacy i.e to increase data confidentiality we use encryption
techniques.
There are two types of modern cryptographic algorithms: public-key algorithm
and secret-key algorithm.
- Secret-key algorithms:
In secret-key algorithm, a k-bit ``secret key'' is shared by
two users, who use it to transform plaintext inputs to an encoded cipher.By
carefully designing transformation algorithms, each bit of output can be made
to depend on every bit of the input. With such an arrangement, a key of 128
bits used for encoding results in a key space of two to the 128th (or about
ten to the 38th power).
Example
algorithms: DES,TripleDES,AES.
- Public-key algorithms:
- In public-key algorithm, we use a pair of keys : one public the otherone
private. Only private key need to be kept secret.
- The pair of keys is produced by a mathematical algorithm.
- One key is used for encryption and the other is used for decryption.
These algorithms solve the problem of secure key exchange.
Example algorithms:
RSA,Galois Field system.
Problems with secret-key algorithm:
- The algorithm is symmetric i.e the same key is
used encrypt and decrypt messages. So analysis of the secret key encryption
algorithm might make
it more vulnerable, leading to increase in the size of the key can be used
to offset this. Also the algorithm is no more
a secret so the security of system resides on secrecy of the algorithm, so
once key is known this algorithm is no longer useful.
- The main problem with secret-key encryption establishing
a secret key between the two parties in communication. Any two users
who wished to communicate could agree on a key in advance, but
in practice for many users this would require secure storage and
organization of a awkwardly large database of agreed-on keys. A possible
solution is to agree on a key at the time of
communication.
But this has the problem that anybody can eavesdrop on the transmission
line before the two parties establish
the key. In the cryptography literature this is referred to as
the key distribution problem.
Approaches to solving key distribution problem:
One method for solving the key distribution
problem is appointing a central key distribution center. Every potential
communicating party must register with the server and establish a shared
secret key. If party A wishes to establish a secret key with party B this
request is sent to the central server. The server can then inform B that
A wishes to communicate, and re-encrypt and re-transmit a
key B has sent. ``The problem with this approach is that key distribution
center should be a trusted party agreeable to everyone``.
A secret key can be agreed upon even without a central
server. For example, the Diffie-Hellman key exchange is a protocol for
agreeing on a secret key based on publicly-discussed very large prime numbers.
Its security is based on the assumed difficulty of
taking discrete logarithms modulo very large prime numbers.
Problems with public-key encryption:
- In general public key systems are slower compared
to private key algorithms.
- Public key algorithms have the problem of key
validation. If A wishes to send encrypted data to a person , B and has obtained
what is known as B's public key. How does A know it really is B's public
key? What if a third party, C were to publish a public key in B's
name? If C knew B's public key, he can reencrypt A's message to B using the
real public key and deliver it to B as if it had come directly from A. B
would then decrypt it with his private key and read a message as if it had
come directly from A.
Secret key Vs Public key algorithms
- Key management and distribution
- Public key is easier to distribute than the secret key.
- Performance
- Secret key scheme is much faster
- Security Services possible
- Digital signing is only possible with public key
- Suitability to intranet and internet
- Public key is better suited to both.
- Encryption algorithms used are different.
- Key length may vary.