Download
cs 436 636 736 february 27 2006 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Cryptography/Cryptanalysis, II PowerPoint Presentation
Download Presentation
Cryptography/Cryptanalysis, II

Cryptography/Cryptanalysis, II

423 Views Download Presentation
Download Presentation

Cryptography/Cryptanalysis, II

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CS 436/636/736 February 27, 2006 Cryptography/Cryptanalysis, II

  2. Main References (this lecture) • Applied Cryptography, 2/e, Schneier, Wiley • Material from several chapters adapted for this set of lectures • GNU Privacy Guard manual and web pages (more info on this provided later) • Wikipedia (several, mentioned as lecture progresses) • Material from the course text (Chapter 8) • Wikipedia

  3. Topical Notes - QC/QIP/QE • Quantum Computing / Quantum Information Processing • http://www.magiqtech.com/products/whatisqip.php • Many articles and scholarly papers are in the literature • Quantum Encryption • http://www.magiqtech.com/products/whatisqip.php#cryptography • http://www.cookiecentral.com/quantum-encryption.htm • http://www.eetimes.com/story/OEG20031125S0047 • http://www.securitydocs.com/library/3230 • See also Scientific American, http://www.sciam.com/

  4. Topical Notes, II -Efforts to Break Enigma (further) • Recent efforts to break Enigma (courtesy of M. Curry) [ciphertext only] • http://www.bytereef.org/m4_project.html (M4 project) • Original attacks were known plaintext attacks (Polish mathematicians, Bletchley Park [UK]), and relied partially on errors/limitations of how Enigma was used • Clever, extremely innovative cryptanalysis and mechanical systems (bomby/bombe) to find keys and help partially decrypt messages • Huge potential size of space to search, but careful and dogged analysis, plus limits on how deployed help both original and current means to break • Mathematics and technology of breaking Enigma is interesting and on-going discussion area in Cryptanalysis, despite passage of 60 years since World War II ended. • Lots of writeups and literature on this subject (e.g., http://math.usask.ca/encryption/lessons/lesson00/page8.html,http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma )

  5. Enigma Machine(from Wikipedia commons)

  6. Outline • Crypto Hashes and Collisions • DES • IDEA • DAS • RSA • PGP • Gnu Privacy Guard • Web of Trust (Intro) • Summary

  7. Cryptographic Hashes • Related to one-way functions, but have slightly different properties • I. Preimage resistant; given a hash h=f(x), it should be hard to find x. • II. Given h1=f(x1), it should be hard to find x2, such thatf(x2)=h1. • III. Collision resistant: It should be difficult to find any two messages x1 and x2 that have the same hash • “Birthday attack” means that collision resistance makes a cryptographic hash at least 2x as long to be collision resistant as to satisfy II. • Ref: http://en.wikipedia.org/wiki/Cryptographic_hash_function • http://en.wikipedia.org/wiki/Birthday_attack

  8. Birthday attack (cf, Wikipedia) • Alice prepares a valid contract (m), and a set of similar ones, all valid, that differ by cosmetic differences only. She can also create a set of fraudulent contracts (m') and cosmetic variants of these. Then she computes the hash functions to all these, till she finds any pair where f(valid contract[m clone]) = f(fraudulent contract[m' clone]). • The valid contract is signed, but the fraudulent one can be substituted. Bob is cheated, since the hashes match. • If Bob changes the contract on receipt cosmetically before signing, to prevent the attack, Alice may suspect Bob of the same attack. • This means that collisions have to be relatively expensive to find, a long cryptographic hash being needed, as the probabilistic model for finding collisions is proportional to sqrt(n).

  9. MD5 • Message Digest Algorithm #5 • Replaced MD4, when issues were found with it • Ronald Rivest, 1991 (cf, RSA) • Flaws found in 1996 and 2004 etc • Now can only safely use to make sure files download correctly, very fast algorithms for breaking now exist • Example digests (e.g., md5sum, Wikipedia has code too): • MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 • MD5("The quick brown fox jumps over the lazy cog") = 1055d3e698d289f2af8663725127bd4b • Ref: http://en.wikipedia.org/wiki/MD5

  10. SHA-1 • Secure Hash Standard • SHA-1 replaced SHA-0, NIST standard 1993 • Some attacks have been shown, but still extremely difficult in practice • SHA-1 will be phased out by NIST by 2010 • Other SHA's have longer keys

  11. Collision Attacks on Cryptographic Hashes • Main points: • Collision attacks are possible • MD5 has flaws, SHA-1 has flaws • “Trust who you communicate with” remains a key aspect of security • Collisions/weaknesses in MD5 vs. SHA-1 • http://en.wikipedia.org/wiki/MD5 • http://www.venge.net/monotone/docs/Hash-Integrity.html • http://www.cryptography.com/cnews/hash.html

  12. DES/DEA • DES is Data Encryption Standard, 1976 • Based on Data Encryption Algorithm (DEA) • 56-bit key, 64-bit block • Block cipher – symmetric key cipher, works on fixed-length group of bits • Triple DES is a common strategy; keeps algorithm, increases key space (2 keys, 112 bits); triple encrypts w/ two keys. • AES is replacement for DES, Advanced Encryption System • Ref: http://en.wikipedia.org/wiki/Block_cipher

  13. AES – Advanced Encryption System • Block cipher • Fixed block size of 128-bits • Key size of 128, 192, or 256 bits • Used by OpenSSL • Attacks exist against implementations that leak information • Rjindael algorithm is a superset/close relative • Ref: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

  14. IDEA – Int. Data Encryption Alg. • Block cipher • 128-bit block, 64-bit key • Used in PGP ; non-commercial uses OK • Optional in OpenPGP; not used in GPG • Patented in some countries to 2010-2011 • Replacement: IDEA NXT = FOX • Ref:http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://en.wikipedia.org/wiki/FOX_%28cipher%29

  15. RSA • Algorithm for Public Key encryption (patented), 1977 • Invented by Rivest, Shamir, and Adlemen at MIT (R, S, & A) • Cocks (British mathematician), developed similar version in secret in 1973, revealed in 1997 • Can be used with one key for signing, another key for encryption • Develops shared secret via prime numbers and modulo arithmetic approaches, • Minimum of 1,024-bit keys recommended, given brute force attack potential (My IE6 has 128-bit encryption, by comparison) • Padding an essential aspect of security • Ref: http://en.wikipedia.org/wiki/RSA • RSA: http://www.rsasecurity.com/ • RSAlabs: http://www.rsasecurity.com/rsalabs/

  16. DSA – Digital Signature Algorithm • US Government standard for digital signatures • Patented, but royalty free • Builds on SHA-1 building block • Builds public/private key just for signature • Related to Elgamal signature scheme • Ref: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm

  17. ElGamal Signature • Asymmetric key encryption algorithm for PKE • Uses Diffie-Hellman key agreement algorithm • A single plaintext can be encrypted with several ciphertexts (probabilistic methods) • Used with GnuPG, Related to DSA • Chosen ciphertext attack vulnerable • Ref: http://en.wikipedia.org/wiki/ElGamal

  18. PGP – Pretty Good Privacy • Zimmerman created, lots of legal wrangling ensued with RSA • Built in response to “lack of privacy” concerns • Windows/Unix clients (used flaky IDEA originally) • Spawned OpenPGP effort, now IETF supported RFCs • Original had international and US “legal” versions after wrangling • Original Merged/demerged from NAI (now McAfee) • PGP is now a standalone company again, commercial • OpenPGP is a standard (RFC) • Ref:http://en.wikipedia.org/wiki/Pretty_Good_Privacy

  19. GnuPG – Gnu Privacy Guard • Free tool used to replace original PGP 2.6 • Implements OpenPGP (RFC 2440) • Does not use IDEA algorithm • Uses DSA/Elgamal • Open source, ported widely • http://www.gnupg.org/ • Often bundled with Linux, Windows client easy to install • We will use this extensively in this class

  20. Web of Trust • Used by PGP, GnuPG(PGP), and OpenPGP to establish authenticity of user <-> key purportedly of that user. • Alternative to having a single authority (central trust) – Trent / CA • Identity certificates in OpenPGP – owner info and public key • Three partially trusted endorsers endorse of a certificate, or one fully trusted endorser endorses, then that certificate is trusted • Parametrically settable (can require more partial trust or not accept at all) • You can have up to four steps removed in a web of trust, and still use that to endorse someone, but beyond four, it won't work • Using keyservers is helpful for central storing info, even though no CA. • Ref: http://en.wikipedia.org/wiki/Web_of_trust • See also: Gossamer web of trust - http://www.gswot.org/siteframe/

  21. Key Server • Holds public keys and signings of those keys • Corresponds with ASCII-armored PGP key exports, as produced by GnuPG and OpenPGP compliant systems • Try: http://pgp.mit.edu/ • Look at my public key at: • http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2EF66A1D Or by searching for me by name, and then selecting my UAB key.

  22. ASCII armored public key(tony@cis.uab.edu) Public Key Server -- Get ``0x2EF66A1D '' -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP Key Server 0.9.6 mQGiBEQAua4RBADOLOLzXgKXdrqkZ2aVowqi3uoBwZJek1d25VhasVz1YTdIehXd kptQGhOHj3nh0DpXUqHA+F5ZIqzMfr1iZ4kdf8bwC7mHAxH9wgYIGDCLUlG/Fk2H KpfugGbi84J4q/a5L0n1LAWTr3gIeISLrL3XJjAEcqLW5GR9mT87k9T8dwCgn6km /91elZeJA1+oRaYrX7Lhm78EAM2F2f4zrNDwDTEsNeNkoCNzmDG8slcHx5WKHXSq aunID/bM3Rc00VZ2FFbbKvDV2t0F4PfYR9BgSrEUXhiwjBBs3cGaCsC0pb/GoobN wGuKbFrn9px3wgM7YINNjZT4oFK/8RCGDnQv+yjWoQQcOq24tTCX1LbShtkyiaiB 5mMkBAC/e1tHIMrIOE8Z4ezjSCLMhw8Jio9Kefmh1gYe6Bi1b8uAbifMuBF/mfCo eXGUTH4zVVUiVwrV4v/I2LKVxYxr4vb2KTu2KzEefX4QgB8D8vNw7dt4vvcbYoiW f0YwxrR1wkA4kxii36A4X1MJk74kt6Db1wE3fLO8yM+Y/q61hbQtQW50aG9ueSBT a2plbGx1bSAoVUFCL0NJUykgPHRvbnlAY2lzLnVhYi5lZHU+iEYEEBECAAYFAkQB wNsACgkQTSfXwOvDtRVwZwCdHI9gD12i+N2k1phhjPI7VFMw1T4AnRNCKLcERpKk U1EQmlsS+Hlu48ILiEYEEBECAAYFAkQBxo8ACgkQUKLjtPbEz8b6TQCgiQOGDgtu Zeeg7H5X1rv4PCUYr6QAoLapfFdQw7fpI1P1OuuL5PJtTtS9iEYEEBECAAYFAkQB xrMACgkQkZRIGmZv2vDwDgCgs9BJv2zWBagRMw4CZBT2U/sHUi0AoIlucoHCoTmZ 47gnwewl7Tz4zPLciGAEExECACAFAkQAua4CGwMGCwkIBwMCBBUCCAMEFgIDAQIe AQIXgAAKCRB/l0XaLvZqHSoYAJwIDsd8Ch4F4+PogI4fSN4tmVtsQwCffTdP75zC Xb4RWVfHx2MQy0wTyAS5Ag0ERAC5xhAIANIAr2Eqd7r2NLla+Z58bpOVmM51ZwKe FaC8kq01g3y7nPh209oPjMqUYNFB1CgRjhKGEX8obRi8jCtcRDdPpMb7YbIUW309 f1wHOrvdLwryZHHf+qWPZSRy0hQI7iwa1sttrefA6O00NLOsn0LLZxxxFK0a6N+a 5F4VaSeLLQ7cfsBYVvHtZ5oxnxYxriAIbiNhW2240QY1a5YmmO79BLb2YUy73LR6 qT6qOXD0swUUyn4qPvW5RZPU1xz/BoIZ71nAaIavsUeXQP6ff3UAUlVKDiSrroiV EOwLGqsW5VlPUGqinZ3aRuOjN4Uloqw5mqGsu15taHs4mrWKaX9LLTMAAwUIAMzQ TO06Rw40mKJFEoVj2M+y21TF977ALIkTFj7P6cAncklh94nIfhUyB7S3BfeuIPwX hlobU84UtV/4mnF5w6SpoP+NDKkgW97qL1bxjngOTk74CbF4woTBMPsg/Qc0jQ2W 3mPhwVgYupDhx4jX3R+PkhirY5n2kqXHa7zRHGH3GSIgNCRdeO6b9GnAh7nciPQS FZOYcCz9W6fOdxnNAXwOoB55gbf+0+oT8gzd99sBAEm9YhpAnY3b1UTNHLZZ/TsY ezt073cQhjRs1ZTT/jLOvSK2j7u3fV4UCxz/mVry9sU9nAULieaJ+SbPnhlRit75 W2i+4kW9/jolgi+iGFaISQQYEQIACQUCRAC5xgIbDAAKCRB/l0XaLvZqHaFFAJ9Z 51jpfuolAulKd8nsMrDKJLlOMwCfXFOWNhWkmPbTEV+iYo7tSqjXaOw= =UhkR -----END PGP PUBLIC KEY BLOCK-----

  23. Summary • Culture Topics: Enigma, QIP • Hashes, MD5, SHA-1, open issues • Several PK systems, notably RSA • PGP, GnuPG import historical and current systems • Keep using longer keys, and longer hashes, to keep up with smart computer/mathematical attacks • Patents ending, so era of restriction for some legal reasons ending, other legal issues remain • Web of Trust, Keyservers important, alternatives to CA's. No perfect solution • There is no substitute for trust, despite all the efforts with encryption and signing