- By
**Mercy** - Follow User

- 406 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'Cryptography/Cryptanalysis, II' - Mercy

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Main References (this lecture)

- Applied Cryptography, 2/e, Schneier, Wiley
- Material from several chapters adapted for this set of lectures
- GNU Privacy Guard manual and web pages (more info on this provided later)
- Wikipedia (several, mentioned as lecture progresses)
- Material from the course text (Chapter 8)
- Wikipedia

Topical Notes - QC/QIP/QE

- Quantum Computing / Quantum Information Processing
- http://www.magiqtech.com/products/whatisqip.php
- Many articles and scholarly papers are in the literature
- Quantum Encryption
- http://www.magiqtech.com/products/whatisqip.php#cryptography
- http://www.cookiecentral.com/quantum-encryption.htm
- http://www.eetimes.com/story/OEG20031125S0047
- http://www.securitydocs.com/library/3230
- See also Scientific American, http://www.sciam.com/

Topical Notes, II -Efforts to Break Enigma (further)

- Recent efforts to break Enigma (courtesy of M. Curry) [ciphertext only]
- http://www.bytereef.org/m4_project.html (M4 project)
- Original attacks were known plaintext attacks (Polish mathematicians, Bletchley Park [UK]), and relied partially on errors/limitations of how Enigma was used
- Clever, extremely innovative cryptanalysis and mechanical systems (bomby/bombe) to find keys and help partially decrypt messages
- Huge potential size of space to search, but careful and dogged analysis, plus limits on how deployed help both original and current means to break
- Mathematics and technology of breaking Enigma is interesting and on-going discussion area in Cryptanalysis, despite passage of 60 years since World War II ended.
- Lots of writeups and literature on this subject (e.g., http://math.usask.ca/encryption/lessons/lesson00/page8.html,http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma )

Outline

- Crypto Hashes and Collisions
- DES
- IDEA
- DAS
- RSA
- PGP
- Gnu Privacy Guard
- Web of Trust (Intro)
- Summary

Cryptographic Hashes

- Related to one-way functions, but have slightly different properties
- I. Preimage resistant; given a hash h=f(x), it should be hard to find x.
- II. Given h1=f(x1), it should be hard to find x2, such thatf(x2)=h1.
- III. Collision resistant: It should be difficult to find any two messages x1 and x2 that have the same hash
- “Birthday attack” means that collision resistance makes a cryptographic hash at least 2x as long to be collision resistant as to satisfy II.
- Ref: http://en.wikipedia.org/wiki/Cryptographic_hash_function
- http://en.wikipedia.org/wiki/Birthday_attack

Birthday attack (cf, Wikipedia)

- Alice prepares a valid contract (m), and a set of similar ones, all valid, that differ by cosmetic differences only. She can also create a set of fraudulent contracts (m') and cosmetic variants of these. Then she computes the hash functions to all these, till she finds any pair where f(valid contract[m clone]) = f(fraudulent contract[m' clone]).
- The valid contract is signed, but the fraudulent one can be substituted. Bob is cheated, since the hashes match.
- If Bob changes the contract on receipt cosmetically before signing, to prevent the attack, Alice may suspect Bob of the same attack.
- This means that collisions have to be relatively expensive to find, a long cryptographic hash being needed, as the probabilistic model for finding collisions is proportional to sqrt(n).

MD5

- Message Digest Algorithm #5
- Replaced MD4, when issues were found with it
- Ronald Rivest, 1991 (cf, RSA)
- Flaws found in 1996 and 2004 etc
- Now can only safely use to make sure files download correctly, very fast algorithms for breaking now exist
- Example digests (e.g., md5sum, Wikipedia has code too):
- MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6
- MD5("The quick brown fox jumps over the lazy cog") = 1055d3e698d289f2af8663725127bd4b
- Ref: http://en.wikipedia.org/wiki/MD5

SHA-1

- Secure Hash Standard
- SHA-1 replaced SHA-0, NIST standard 1993
- Some attacks have been shown, but still extremely difficult in practice
- SHA-1 will be phased out by NIST by 2010
- Other SHA's have longer keys

Collision Attacks on Cryptographic Hashes

- Main points:
- Collision attacks are possible
- MD5 has flaws, SHA-1 has flaws
- “Trust who you communicate with” remains a key aspect of security
- Collisions/weaknesses in MD5 vs. SHA-1
- http://en.wikipedia.org/wiki/MD5
- http://www.venge.net/monotone/docs/Hash-Integrity.html
- http://www.cryptography.com/cnews/hash.html

DES/DEA

- DES is Data Encryption Standard, 1976
- Based on Data Encryption Algorithm (DEA)
- 56-bit key, 64-bit block
- Block cipher – symmetric key cipher, works on fixed-length group of bits
- Triple DES is a common strategy; keeps algorithm, increases key space (2 keys, 112 bits); triple encrypts w/ two keys.
- AES is replacement for DES, Advanced Encryption System
- Ref: http://en.wikipedia.org/wiki/Block_cipher

AES – Advanced Encryption System

- Block cipher
- Fixed block size of 128-bits
- Key size of 128, 192, or 256 bits
- Used by OpenSSL
- Attacks exist against implementations that leak information
- Rjindael algorithm is a superset/close relative
- Ref: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

IDEA – Int. Data Encryption Alg.

- Block cipher
- 128-bit block, 64-bit key
- Used in PGP ; non-commercial uses OK
- Optional in OpenPGP; not used in GPG
- Patented in some countries to 2010-2011
- Replacement: IDEA NXT = FOX
- Ref:http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://en.wikipedia.org/wiki/FOX_%28cipher%29

RSA

- Algorithm for Public Key encryption (patented), 1977
- Invented by Rivest, Shamir, and Adlemen at MIT (R, S, & A)
- Cocks (British mathematician), developed similar version in secret in 1973, revealed in 1997
- Can be used with one key for signing, another key for encryption
- Develops shared secret via prime numbers and modulo arithmetic approaches,
- Minimum of 1,024-bit keys recommended, given brute force attack potential (My IE6 has 128-bit encryption, by comparison)
- Padding an essential aspect of security
- Ref: http://en.wikipedia.org/wiki/RSA
- RSA: http://www.rsasecurity.com/
- RSAlabs: http://www.rsasecurity.com/rsalabs/

DSA – Digital Signature Algorithm

- US Government standard for digital signatures
- Patented, but royalty free
- Builds on SHA-1 building block
- Builds public/private key just for signature
- Related to Elgamal signature scheme
- Ref: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm

ElGamal Signature

- Asymmetric key encryption algorithm for PKE
- Uses Diffie-Hellman key agreement algorithm
- A single plaintext can be encrypted with several ciphertexts (probabilistic methods)
- Used with GnuPG, Related to DSA
- Chosen ciphertext attack vulnerable
- Ref: http://en.wikipedia.org/wiki/ElGamal

PGP – Pretty Good Privacy

- Zimmerman created, lots of legal wrangling ensued with RSA
- Built in response to “lack of privacy” concerns
- Windows/Unix clients (used flaky IDEA originally)
- Spawned OpenPGP effort, now IETF supported RFCs
- Original had international and US “legal” versions after wrangling
- Original Merged/demerged from NAI (now McAfee)
- PGP is now a standalone company again, commercial
- OpenPGP is a standard (RFC)
- Ref:http://en.wikipedia.org/wiki/Pretty_Good_Privacy

GnuPG – Gnu Privacy Guard

- Free tool used to replace original PGP 2.6
- Implements OpenPGP (RFC 2440)
- Does not use IDEA algorithm
- Uses DSA/Elgamal
- Open source, ported widely
- http://www.gnupg.org/
- Often bundled with Linux, Windows client easy to install
- We will use this extensively in this class

Web of Trust

- Used by PGP, GnuPG(PGP), and OpenPGP to establish authenticity of user <-> key purportedly of that user.
- Alternative to having a single authority (central trust) – Trent / CA
- Identity certificates in OpenPGP – owner info and public key
- Three partially trusted endorsers endorse of a certificate, or one fully trusted endorser endorses, then that certificate is trusted
- Parametrically settable (can require more partial trust or not accept at all)
- You can have up to four steps removed in a web of trust, and still use that to endorse someone, but beyond four, it won't work
- Using keyservers is helpful for central storing info, even though no CA.
- Ref: http://en.wikipedia.org/wiki/Web_of_trust
- See also: Gossamer web of trust - http://www.gswot.org/siteframe/

Key Server

- Holds public keys and signings of those keys
- Corresponds with ASCII-armored PGP key exports, as produced by GnuPG and OpenPGP compliant systems
- Try: http://pgp.mit.edu/
- Look at my public key at:
- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2EF66A1D Or by searching for me by name, and then selecting my UAB key.

ASCII armored public key(tony@cis.uab.edu)

Public Key Server -- Get ``0x2EF66A1D ''

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGP Key Server 0.9.6

mQGiBEQAua4RBADOLOLzXgKXdrqkZ2aVowqi3uoBwZJek1d25VhasVz1YTdIehXd

kptQGhOHj3nh0DpXUqHA+F5ZIqzMfr1iZ4kdf8bwC7mHAxH9wgYIGDCLUlG/Fk2H

KpfugGbi84J4q/a5L0n1LAWTr3gIeISLrL3XJjAEcqLW5GR9mT87k9T8dwCgn6km

/91elZeJA1+oRaYrX7Lhm78EAM2F2f4zrNDwDTEsNeNkoCNzmDG8slcHx5WKHXSq

aunID/bM3Rc00VZ2FFbbKvDV2t0F4PfYR9BgSrEUXhiwjBBs3cGaCsC0pb/GoobN

wGuKbFrn9px3wgM7YINNjZT4oFK/8RCGDnQv+yjWoQQcOq24tTCX1LbShtkyiaiB

5mMkBAC/e1tHIMrIOE8Z4ezjSCLMhw8Jio9Kefmh1gYe6Bi1b8uAbifMuBF/mfCo

eXGUTH4zVVUiVwrV4v/I2LKVxYxr4vb2KTu2KzEefX4QgB8D8vNw7dt4vvcbYoiW

f0YwxrR1wkA4kxii36A4X1MJk74kt6Db1wE3fLO8yM+Y/q61hbQtQW50aG9ueSBT

a2plbGx1bSAoVUFCL0NJUykgPHRvbnlAY2lzLnVhYi5lZHU+iEYEEBECAAYFAkQB

wNsACgkQTSfXwOvDtRVwZwCdHI9gD12i+N2k1phhjPI7VFMw1T4AnRNCKLcERpKk

U1EQmlsS+Hlu48ILiEYEEBECAAYFAkQBxo8ACgkQUKLjtPbEz8b6TQCgiQOGDgtu

Zeeg7H5X1rv4PCUYr6QAoLapfFdQw7fpI1P1OuuL5PJtTtS9iEYEEBECAAYFAkQB

xrMACgkQkZRIGmZv2vDwDgCgs9BJv2zWBagRMw4CZBT2U/sHUi0AoIlucoHCoTmZ

47gnwewl7Tz4zPLciGAEExECACAFAkQAua4CGwMGCwkIBwMCBBUCCAMEFgIDAQIe

AQIXgAAKCRB/l0XaLvZqHSoYAJwIDsd8Ch4F4+PogI4fSN4tmVtsQwCffTdP75zC

Xb4RWVfHx2MQy0wTyAS5Ag0ERAC5xhAIANIAr2Eqd7r2NLla+Z58bpOVmM51ZwKe

FaC8kq01g3y7nPh209oPjMqUYNFB1CgRjhKGEX8obRi8jCtcRDdPpMb7YbIUW309

f1wHOrvdLwryZHHf+qWPZSRy0hQI7iwa1sttrefA6O00NLOsn0LLZxxxFK0a6N+a

5F4VaSeLLQ7cfsBYVvHtZ5oxnxYxriAIbiNhW2240QY1a5YmmO79BLb2YUy73LR6

qT6qOXD0swUUyn4qPvW5RZPU1xz/BoIZ71nAaIavsUeXQP6ff3UAUlVKDiSrroiV

EOwLGqsW5VlPUGqinZ3aRuOjN4Uloqw5mqGsu15taHs4mrWKaX9LLTMAAwUIAMzQ

TO06Rw40mKJFEoVj2M+y21TF977ALIkTFj7P6cAncklh94nIfhUyB7S3BfeuIPwX

hlobU84UtV/4mnF5w6SpoP+NDKkgW97qL1bxjngOTk74CbF4woTBMPsg/Qc0jQ2W

3mPhwVgYupDhx4jX3R+PkhirY5n2kqXHa7zRHGH3GSIgNCRdeO6b9GnAh7nciPQS

FZOYcCz9W6fOdxnNAXwOoB55gbf+0+oT8gzd99sBAEm9YhpAnY3b1UTNHLZZ/TsY

ezt073cQhjRs1ZTT/jLOvSK2j7u3fV4UCxz/mVry9sU9nAULieaJ+SbPnhlRit75

W2i+4kW9/jolgi+iGFaISQQYEQIACQUCRAC5xgIbDAAKCRB/l0XaLvZqHaFFAJ9Z

51jpfuolAulKd8nsMrDKJLlOMwCfXFOWNhWkmPbTEV+iYo7tSqjXaOw=

=UhkR

-----END PGP PUBLIC KEY BLOCK-----

Summary

- Culture Topics: Enigma, QIP
- Hashes, MD5, SHA-1, open issues
- Several PK systems, notably RSA
- PGP, GnuPG import historical and current systems
- Keep using longer keys, and longer hashes, to keep up with smart computer/mathematical attacks
- Patents ending, so era of restriction for some legal reasons ending, other legal issues remain
- Web of Trust, Keyservers important, alternatives to CA's. No perfect solution
- There is no substitute for trust, despite all the efforts with encryption and signing

Download Presentation

Connecting to Server..