Loading in 2 Seconds...

GS: Chapter 3 Encryption, Authentication and Java Cryptography

Loading in 2 Seconds...

- 241 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'GS: Chapter 3 Encryption, Authentication and Java Cryptography' - athalia

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### GS: Chapter 3Encryption, Authentication and Java Cryptography

csci5931 Web Security

Encryption

- Encryption Basics:
- An algorithm (or cipher) and a key are required in order to encrypt or decrypt messages.
- Example: the Caesar cipher (p.34)
- A symmetric, stream cipher
- Exercise: Encrypt “DDAY” using Caesar cipher (5).
- Answer: “IIFD”.
- Q: What is the algorithm?
- Q: What is the key?
- Q: How would the cipher be decrypted?

csci5931 Web Security

Encryption

- Symmetric Encryptions:
- Both the encrypter and the decrypter share the same key.
- Key space: The set of possible keys that work with a cipher; determined by the number of bits used in the cipher.
- The larger the key space is, the more secure the encryption will be.
- Each additional bit added to the key length doubles its security.

csci5931 Web Security

Encryption

- Symmetric Encryptions:
- Two types of symmetric ciphers: block ciphers and stream ciphers.
- Examples of symmetric encryptions:
- DES (Data Encryption Standard) & TripleDES: block ciphers
- Blowfish: a faster and more secure replacement of DES
- RC4 (Rivest’s Code 4): a stream cipher
- AES (Advanced Encryption Standard): a block cipher

csci5931 Web Security

Encryption

- Limitations of Symmetric Encryptions:
- Key distribution can be a vulnerability.
- If the key is exposed, the encrypted message and all future communication using the same key will suffer the eavesdropping attack.
- Key management problems: distribution, update, revoking

csci5931 Web Security

Encryption

- Asymmetric Encryptions:
- Also known as ‘public key encryption’
- Messages encrypted with the public key can only be decrypted by the corresponding private key.
- The public key can be made known to the public, but the private key is kept as secret and only known to the owner of the key.
- Examples of asymmetric encryption algorithms:
- Merkel Hellman Knapsacks
- RSA: Rivest, Shamir, Adleman
- El Gamal

csci5931 Web Security

Encryption

- Limitations of asymmetric Encryptions:
- Asymmetric encryption requires much larger keys than symmetric encryption.
- A 1024-bit asymmetric key ~= a 128-bit symmetric key
- Why?
- Asymmetric encryption is much slower (~ 1000 times slower) than symmetric encryption.
- It is subject to man-in-the-middle attack.

Solution? Digital certificates (Ch. 6)

csci5931 Web Security

Encryption

- Session-key Encryption
- A session-key is a symmetric key that is used to encrypt the plaintext message. The session key itself is encrypted using a public key.
- Sender:

C = Spub ( S ) + Sencrypt (message) Recipient

- Recipient:

Spriv ( Spub (S) ) S

Sdecrypt (Sencrypt (message)) message

- Alternatively, the session key may be assigned an expiration time and be used over several sessions.

csci5931 Web Security

Encryption

- Examples of Session-key Encryption
- PGP (Pretty Good Privacy):

Originally (1991) used to encrypt e-mail using session-key encryption

Supports RSA, TripleDES, etc.

http://www.pgp.com/

- S/MIME (Secure/MIME):

Invented by RSA to secure e-mail

Backed by Microsoft, RSA, and AOL

- SSL/TLS (Secure Socket Layer/Transport Layer Security): Ch. 9

Originally an attempt to secure TCP/IP traffic using encryptions

csci5931 Web Security

Encryption

- Key Agreement Algorithm
- A key agreement algorithm takes the private and the public keys of two distinct parties (Apriv + Bpub or Apub + Bpriv) and generates a common shared secret key, which is then used to generate a session key. See the diagram on p.41.
- Diffie-Hellman Key Agreement Algorithm: The first ever public key encryption
- Allows two parties to independently generate the shared key; The session key is never transmitted.
- References:

See http://www.apocalypse.org/pub/u/seven/diffie.html

IETF RFC2631: http://www.ietf.org/rfc/rfc2631.txt

csci5931 Web Security

Encryption

- Strength of Encryption Algorithms
- Two factors:

The algorithm used +

The size of the key space

- See the tables comparing symmetric ciphers (p.42) and asymmetric ciphers (p.43)

csci5931 Web Security

Alternative Data-hiding Methods

- Steganography: hiding messages inside another message or in a picture.

See “Steganography: Hidden Data”. By Deborah Radcliff. ComputerWorld. June 10, 2002.

- Elliptic Curve Cryptography (ECC): based on the elliptic curve logarithm problem; a more efficient public key encryption (faster, smaller key size)

An intro: http://world.std.com/~dpj/elliptic.html

- Codes, one-time pads, etc.

csci5931 Web Security

Authentication

- The process of determining the authenticity of a message or user.
- Methods:
- Message Digest
- a check value generated from a document, usually generated by a hash function
- to prove that the data in the document has not been tampered with.
- Commonly used for password authentication (i.e., one-way authentication)
- Examples: MD4, MD5, SHA (secure hash algorithm)
- Any problem? Man-in-the-middle attack Why?

csci5931 Web Security

Authentication Methods

- MAC (Message Authentication Codes)
- A message digest created with a key
- Typically used for data verification in a context where a secure connection is already available.
- Example: SSL uses MACs to verify the data received, using a secret key that is exchanged at the beginning of the session.
- Example MACs:
- HmacMD5 (Hashing MAC using MD5)
- HmacSHA1 (Hashing MAC using SHA-1)

csci5931 Web Security

Authentication Methods

- Digital Signatures
- Based on public key encryption
- Computed with a person’s private key and verified with the person’s public key
- An example of creating a digital signature: p.48
- The sender applies a message digest algorithm to get a message digest (md) out of the message to be sent.
- The message digest is then encrypted by the person’s private key. The ciphertext is the digital signature (ds).
- To check the digital signature:
- The recipient applies the digest algorithm to get a message digest (md-2).
- The recipient decrypts the ds using the sender’s public key.
- The output from step 2 is verified against md-2.

csci5931 Web Security

Authentication Methods

- Digital Certificates
- Purpose: To authenticate a person’s public key
- “Vouching”: one party certifies that another party’s identity is authentic. e.g., passport, id cards
- A digital certificate for A is A’s public key plus some identifying information, signed by the private key of a certification authority (CA) verifying A’s identity.
- Other example usage of certificates:
- To authenticate a host/server (e.g., SSL certificates)
- To sign and encrypt e-mail

csci5931 Web Security

Authentication Methods

- Digital Certificates (Cont.)
- Certificates are often chained. That is, a CA may be authenticated by a root CA.
- The top CA of a certificate chain must be self-signed.
- Verisign has been accepted as the top CA.
- Example of certificate chaining: Both Internet Explorer and Netscape Communicator include certificates from Verisign in their install. So when the browser makes an SSL connection to a server, if the server presents a certificate that is signed by Verisign, the server’s certificate will be automatically accepted.

csci5931 Web Security

Cryptanalysis

- The practice of analyzing and breaking cryptography
- Mehtods:
- Brute force attack versus the key space
- Common cryptanalytic tools: Frequency distribution, Digram/trigram study, IC, Repeated patterns, Probable letters
- 4 cryptanalytic cases:
- Ciphertext only Ciphertext-only attack
- Full or partial plaintext
- Known plaintext attack
- Probable plaintext analysis
- Ciphertext of any plaintext Chosen plaintext attack
- Algorithm + Ciphertext Chosen ciphertext attack

csci5931 Web Security

Key Management (storage)

- A dilemma: Keys must be securely stored while allowing users easy access when necessary.
- A typical solution is to encrypt the stored keys with passwords and then protect the storage with the OS access control.
- A key storage is an attractive target for attack.
- The smart card solution: A smart card stores a private key and a certificate, which can be used to encrypt and/or decrypt information.
- An example of smart card solution: See Protection of Keys (RSA vs nCipher)

csci5931 Web Security

Cryptographical Protocols

- Cryptographical protocols determine the exact order and way in which each algorithm must be used in order to maximize security.
- Examples of protocols:
- Distribution of keys,
- Certificates, Digital signatures,
- Key escrow,
- Mental poker,
- Electronic voting,
- oblivious transfer, contract signing,
- certified mail

csci5931 Web Security

JCA/JCE

- Java Cryptography Architecture (JCA) is part of the Java 2 run-time environment. java.security.*
- JCE (Java Cryptography Extension), on the other hand, is an extension to the JCA. JCE adds encryption and decryption APIs to the JCA. java.crypto.*
- Major classes defined in JCA:

MessageDigest, Signature, KeyPairGenerator, KeyFactory, CertificateFactory, KeyStore, AlgorithmParameters, AlgorithmParameterGenerator, SecureRandom, …

csci5931 Web Security

JCA/JCE

- A cryptographic service provider implements various cryptographic algorithms.
- See page 54 for a list of algorithms implemented in the SUN provider (sun.security.provider.Sun), Java 2 (v1.2).
- A second provider, the RSAJCA provider (com.sun.rsajca.Provider) is shipped with JDK v1.3, to provide RSA-specific cryptos.

csci5931 Web Security

JCA

- An example of using MessageDigest in the JCA:
- Get an instance of a message digest.

MessageDigest myMessageDigest =

MessageDigest.getInstance (“MD5”);

Or MessageDigest myMessageDigest =

MessageDigest.getInstance (“MD5”,”Sun”);

- Add data to be digested.

myMessageDigest.update (myData);

- Get the digest.

byte [ ] signatureBytes =

myMessageDigest.digest ( );

csci5931 Web Security

JCE

- Major JCE classes:

Cipher, KeyAgreement, KeyGenerator, MAC, SecretKey, SecretKeyFactory

- JCE needs to be separately downloaded and installed if you have JDK older than v1.4. For JDK1.4 or higher, JCE is an integrated component.
- See http://java.sun.com/products/jce/index-14.html for more details.

csci5931 Web Security

JCE

- Installation of JCE security provider
- Sample programs: http://nas.cl.uh.edu/yang/teaching/csci5931webSecurity/JCE%20provider.htm
- Visit http://sce.cl.uh.edu/yang/teaching/proJavaSecurityCode.html and download all the sample programs from the book.

csci5931 Web Security

Download Presentation

Connecting to Server..