cs 436 636 736 february 27 2006 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Cryptography/Cryptanalysis, II PowerPoint Presentation
Download Presentation
Cryptography/Cryptanalysis, II

Loading in 2 Seconds...

play fullscreen
1 / 23

Cryptography/Cryptanalysis, II - PowerPoint PPT Presentation

  • Uploaded on

CS 436/636/736 February 27, 2006 Cryptography/Cryptanalysis, II Main References (this lecture) Applied Cryptography, 2/e, Schneier, Wiley Material from several chapters adapted for this set of lectures GNU Privacy Guard manual and web pages (more info on this provided later)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Cryptography/Cryptanalysis, II' - Mercy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
main references this lecture
Main References (this lecture)
  • Applied Cryptography, 2/e, Schneier, Wiley
    • Material from several chapters adapted for this set of lectures
  • GNU Privacy Guard manual and web pages (more info on this provided later)
  • Wikipedia (several, mentioned as lecture progresses)
  • Material from the course text (Chapter 8)
  • Wikipedia
topical notes qc qip qe
Topical Notes - QC/QIP/QE
  • Quantum Computing / Quantum Information Processing
    • http://www.magiqtech.com/products/whatisqip.php
    • Many articles and scholarly papers are in the literature
  • Quantum Encryption
    • http://www.magiqtech.com/products/whatisqip.php#cryptography
    • http://www.cookiecentral.com/quantum-encryption.htm
    • http://www.eetimes.com/story/OEG20031125S0047
    • http://www.securitydocs.com/library/3230
  • See also Scientific American, http://www.sciam.com/
topical notes ii efforts to break enigma further
Topical Notes, II -Efforts to Break Enigma (further)
  • Recent efforts to break Enigma (courtesy of M. Curry) [ciphertext only]
    • http://www.bytereef.org/m4_project.html (M4 project)
  • Original attacks were known plaintext attacks (Polish mathematicians, Bletchley Park [UK]), and relied partially on errors/limitations of how Enigma was used
  • Clever, extremely innovative cryptanalysis and mechanical systems (bomby/bombe) to find keys and help partially decrypt messages
  • Huge potential size of space to search, but careful and dogged analysis, plus limits on how deployed help both original and current means to break
  • Mathematics and technology of breaking Enigma is interesting and on-going discussion area in Cryptanalysis, despite passage of 60 years since World War II ended.
  • Lots of writeups and literature on this subject (e.g., http://math.usask.ca/encryption/lessons/lesson00/page8.html,http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma )
  • Crypto Hashes and Collisions
  • DES
  • IDEA
  • DAS
  • RSA
  • PGP
  • Gnu Privacy Guard
  • Web of Trust (Intro)
  • Summary
cryptographic hashes
Cryptographic Hashes
  • Related to one-way functions, but have slightly different properties
    • I. Preimage resistant; given a hash h=f(x), it should be hard to find x.
    • II. Given h1=f(x1), it should be hard to find x2, such thatf(x2)=h1.
    • III. Collision resistant: It should be difficult to find any two messages x1 and x2 that have the same hash
  • “Birthday attack” means that collision resistance makes a cryptographic hash at least 2x as long to be collision resistant as to satisfy II.
  • Ref: http://en.wikipedia.org/wiki/Cryptographic_hash_function
    • http://en.wikipedia.org/wiki/Birthday_attack
birthday attack cf wikipedia
Birthday attack (cf, Wikipedia)
  • Alice prepares a valid contract (m), and a set of similar ones, all valid, that differ by cosmetic differences only. She can also create a set of fraudulent contracts (m') and cosmetic variants of these. Then she computes the hash functions to all these, till she finds any pair where f(valid contract[m clone]) = f(fraudulent contract[m' clone]).
  • The valid contract is signed, but the fraudulent one can be substituted. Bob is cheated, since the hashes match.
  • If Bob changes the contract on receipt cosmetically before signing, to prevent the attack, Alice may suspect Bob of the same attack.
  • This means that collisions have to be relatively expensive to find, a long cryptographic hash being needed, as the probabilistic model for finding collisions is proportional to sqrt(n).
  • Message Digest Algorithm #5
  • Replaced MD4, when issues were found with it
  • Ronald Rivest, 1991 (cf, RSA)
  • Flaws found in 1996 and 2004 etc
  • Now can only safely use to make sure files download correctly, very fast algorithms for breaking now exist
  • Example digests (e.g., md5sum, Wikipedia has code too):
    • MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6
    • MD5("The quick brown fox jumps over the lazy cog") = 1055d3e698d289f2af8663725127bd4b
    • Ref: http://en.wikipedia.org/wiki/MD5
sha 1
  • Secure Hash Standard
  • SHA-1 replaced SHA-0, NIST standard 1993
  • Some attacks have been shown, but still extremely difficult in practice
  • SHA-1 will be phased out by NIST by 2010
  • Other SHA's have longer keys
collision attacks on cryptographic hashes
Collision Attacks on Cryptographic Hashes
  • Main points:
    • Collision attacks are possible
    • MD5 has flaws, SHA-1 has flaws
    • “Trust who you communicate with” remains a key aspect of security
  • Collisions/weaknesses in MD5 vs. SHA-1
    • http://en.wikipedia.org/wiki/MD5
    • http://www.venge.net/monotone/docs/Hash-Integrity.html
    • http://www.cryptography.com/cnews/hash.html
des dea
  • DES is Data Encryption Standard, 1976
  • Based on Data Encryption Algorithm (DEA)
  • 56-bit key, 64-bit block
  • Block cipher – symmetric key cipher, works on fixed-length group of bits
  • Triple DES is a common strategy; keeps algorithm, increases key space (2 keys, 112 bits); triple encrypts w/ two keys.
  • AES is replacement for DES, Advanced Encryption System
  • Ref: http://en.wikipedia.org/wiki/Block_cipher
aes advanced encryption system
AES – Advanced Encryption System
  • Block cipher
  • Fixed block size of 128-bits
  • Key size of 128, 192, or 256 bits
  • Used by OpenSSL
  • Attacks exist against implementations that leak information
  • Rjindael algorithm is a superset/close relative
  • Ref: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
idea int data encryption alg
IDEA – Int. Data Encryption Alg.
  • Block cipher
  • 128-bit block, 64-bit key
  • Used in PGP ; non-commercial uses OK
  • Optional in OpenPGP; not used in GPG
  • Patented in some countries to 2010-2011
  • Replacement: IDEA NXT = FOX
  • Ref:http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://en.wikipedia.org/wiki/FOX_%28cipher%29
  • Algorithm for Public Key encryption (patented), 1977
  • Invented by Rivest, Shamir, and Adlemen at MIT (R, S, & A)
  • Cocks (British mathematician), developed similar version in secret in 1973, revealed in 1997
  • Can be used with one key for signing, another key for encryption
  • Develops shared secret via prime numbers and modulo arithmetic approaches,
  • Minimum of 1,024-bit keys recommended, given brute force attack potential (My IE6 has 128-bit encryption, by comparison)
  • Padding an essential aspect of security
  • Ref: http://en.wikipedia.org/wiki/RSA
    • RSA: http://www.rsasecurity.com/
    • RSAlabs: http://www.rsasecurity.com/rsalabs/
dsa digital signature algorithm
DSA – Digital Signature Algorithm
  • US Government standard for digital signatures
  • Patented, but royalty free
  • Builds on SHA-1 building block
  • Builds public/private key just for signature
  • Related to Elgamal signature scheme
  • Ref: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
elgamal signature
ElGamal Signature
  • Asymmetric key encryption algorithm for PKE
  • Uses Diffie-Hellman key agreement algorithm
  • A single plaintext can be encrypted with several ciphertexts (probabilistic methods)
  • Used with GnuPG, Related to DSA
  • Chosen ciphertext attack vulnerable
  • Ref: http://en.wikipedia.org/wiki/ElGamal
pgp pretty good privacy
PGP – Pretty Good Privacy
  • Zimmerman created, lots of legal wrangling ensued with RSA
  • Built in response to “lack of privacy” concerns
  • Windows/Unix clients (used flaky IDEA originally)
  • Spawned OpenPGP effort, now IETF supported RFCs
  • Original had international and US “legal” versions after wrangling
  • Original Merged/demerged from NAI (now McAfee)
  • PGP is now a standalone company again, commercial
  • OpenPGP is a standard (RFC)
  • Ref:http://en.wikipedia.org/wiki/Pretty_Good_Privacy
gnupg gnu privacy guard
GnuPG – Gnu Privacy Guard
  • Free tool used to replace original PGP 2.6
  • Implements OpenPGP (RFC 2440)
  • Does not use IDEA algorithm
  • Uses DSA/Elgamal
  • Open source, ported widely
  • http://www.gnupg.org/
  • Often bundled with Linux, Windows client easy to install
  • We will use this extensively in this class
web of trust
Web of Trust
  • Used by PGP, GnuPG(PGP), and OpenPGP to establish authenticity of user <-> key purportedly of that user.
  • Alternative to having a single authority (central trust) – Trent / CA
  • Identity certificates in OpenPGP – owner info and public key
  • Three partially trusted endorsers endorse of a certificate, or one fully trusted endorser endorses, then that certificate is trusted
  • Parametrically settable (can require more partial trust or not accept at all)
  • You can have up to four steps removed in a web of trust, and still use that to endorse someone, but beyond four, it won't work
  • Using keyservers is helpful for central storing info, even though no CA.
  • Ref: http://en.wikipedia.org/wiki/Web_of_trust
  • See also: Gossamer web of trust - http://www.gswot.org/siteframe/
key server
Key Server
  • Holds public keys and signings of those keys
  • Corresponds with ASCII-armored PGP key exports, as produced by GnuPG and OpenPGP compliant systems
  • Try: http://pgp.mit.edu/
  • Look at my public key at:
    • http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2EF66A1D Or by searching for me by name, and then selecting my UAB key.
ascii armored public key tony@cis uab edu
ASCII armored public key(tony@cis.uab.edu)

Public Key Server -- Get ``0x2EF66A1D ''


Version: PGP Key Server 0.9.6
































  • Culture Topics: Enigma, QIP
  • Hashes, MD5, SHA-1, open issues
  • Several PK systems, notably RSA
  • PGP, GnuPG import historical and current systems
  • Keep using longer keys, and longer hashes, to keep up with smart computer/mathematical attacks
  • Patents ending, so era of restriction for some legal reasons ending, other legal issues remain
  • Web of Trust, Keyservers important, alternatives to CA's. No perfect solution
  • There is no substitute for trust, despite all the efforts with encryption and signing