 | Cryptography is thousands of years old. |
| Most cryptographic systems are based on two techniques:
- Substitution: replace each letter with a different letter.
- Transposition: scrambling the letters (e.g., use a row column
distribution, send the column-row letters).
|
| Two main uses of cryptography: military (secure communications,
etc.); and civilian (privacy, business/commerce, financial
transactions). |
| Cryptography works by:
 | Starting with source material (plaintext). |
| Applying an algorithm key (i.e., substitution or transposition)
to create encrypted "ciphertext". |
| Transmitting the encrypted message. |
| Applying the algorithm to decrypt the message. |
|
| Two basic types of cryptographic algorithms:
- Symmetric key algorithm: the same key is used to encrypt and
decrypt; also called "secret-key" or "private-key".
- Asymmetric key algorithm: one key is used to encrypt, another
key is used to decrypt. The encryption key is often called a
"public key" as it is shared. The decryption key
is called a "private key".
|
| Symmetric keys are fast and easy to use but subject to problems:
secure exchange of the key (what if one side is compromised); both parties
must keep a copy of the key (and not compromise it); and the vast number of
keys required (determined by (n2-n)/2, e.g., 100 users requires
4950 keys). |
| Asymmetric or public key systems are easy to manage:
| Download the recipients public key. |
| Encrypt the message. |
| Send it. |
| The recipient uses the private key to decrypt. |
|
| Digital signatures can be implemented via asymmetric systems by
"signing" with a private key that can be decrypted by the public
key. |
| Strength of symmetric keys is based on:
| Secrecy of the key. |
| Difficulty of guessing the key. |
| Difficulty of inverting the encryption (i.e., breaking the algorithm). |
| Backdoors to the algorithm. |
| Mistakes in plaintext formatting (e.g., commonly repeated parts of
messages such as headers or access to plaintext versions). |
|
| Key length is an important consideration:
| Key length is based on number of bits: 2(number of bits) |
| The goal is to use enough bits to prevent brute-force decryption. |
| To crack 56 bit encryption (at 1 million keys searched per second)
would require over 2000 years to crack on a desktop computer. |
| to crack 128 bit encryption (at billion keys searched per second)
would require 1022 years on a corporate computer network. |
|
| Common Symmetric Key algorithms include:
| DES: Date Encryption Standard, 56 bit standard (U.S. Government
and ANSI). |
| Triple DES (3DES): combines 3 keys for 168 bit encryption, used
by financial companies. |
| Blowfish: invented by Bruce Schneier, variable key up to 448
bits, optimized fro 32- and 64-bit processors. |
| IDEA (International Data Encryption Algorithm): by Massey and
Lai, 128 bit encryption used in email and PGP software program. |
| RC2: developed by R. Rivest, under trade secret by RSA Data
Security, uses 1 to 2048 bits. |
| RC4: see RC2, uses 1 to 2048, usually limited to 40 bits for
open export. |
| RC5: see RC2 allows user-defined key length. |
|
| Breaking Symmetric Algorithms:
| Brute-force key search: not very efficient, checks every possible
key. Depends on users short keys. |
| Cryptanalysis: depends on access to plaintext and ciphertext and
applying various scientific techniques. |
| Systems-based attacks: go after the computer, operating system, or
software to break the algorithm. |
|
| Public Key Algorithms:
| Most are based on number theory to develop algorithms. |
| Most common uses: encrypted messages and digital signatures. |
| Common public key systems include:
 | Diffie-Hellman key excahnge: focuses on exchanging the
shared private key over public communication systems. Each
parties agrees to common numerical values and creates a key;
mathematical transformations are exchanged and each party can create
a third key. |
| DSA/DSS (Digital Signature Standard) : uses 512 to 1024 bit
keys; approved by NAS and NIST. |
| RSA: uses variable key lengths to create keys. |
|
| Breaking public keys:
| Key search and analytic attacks as previously described. |
| Applying information from published sources to break the key. |
|
|