Cryptography secretsecret-key and and publicpublic-key technologies
September 2, 2016
Administrative – platform, per lab Cryptography
CentOS-6.4
Authentication
kali linux
Authorization
CentOS-6.4
Application security stack overflow heartbleed c sign extension
CentOS 4.3 min-gdb kali linux CentOS-6.4
Packet sniffing
CentOS-6.4
Firewalls (DETER)
n/a
Intrusion detection
CentOS 4.3 min-gdb
Arp spoofing (DETER)
n/a
Tunnels and vpns (DETER)
n/a
Computer forensics (DETER)
n/a
1
Administrative – lab schedule
four meetings weekly Wed 12:00-1:20 Thu 12:00-1:20 Fri 1:30-14:50 Fri 15:00-16:20
your individual assigned time is at website link entitled “Student lab times”
aonomalies - scheduling problems for certain students: bokka, jha, ma, mohammed, narasimha, ramaswamy, rohela, sidhwani or students who registered late
Please contact me so we can try to resolve
Administrative – submittal deadlines
by labtime each week, for lab exercise performed previous week
example, current topic of cryptography – attend lecture – perform exercise – submit by
Sep 4 Sep 7, 8, or 9; Sep 14, 15, 16;
4:30pm or DEN/remote or 16 4:30pm
2
Administrative - DEN email forthcoming with download link to VMs weekly due dates for DEN
– same as for last on-campus students: Fri 4:30pm
Administrative – upcoming lab
you’ll need to take a file from the lab – ftp it to somewhere you have access – local usb flash drive determine drive’s name (dmesg, tail /var/log/messages) mount it, eg, “mount /dev/sdb1 /mnt/” graders or fellow students will help
read instructions before labtime – in general, advance examination a good idea – in particular, first part of RSA instructions this week
3
Administrative – submittal instructions
answer the lab assignment’s questions in written report form, as a text, pdf, or Word document file (no obscure formats please) r email to
[email protected] filte Our ks you ! n a h exact subject title must be “cryptolab” t deadline is start of your lab session the following week reports not accepted (zero for lab) if – late – you did not attend – email subject title deviates
This lab exercise uses…
GPG (GNU Privacy Guard) – implements OpenPGP "GnuPG is the GNU project's...implementation of the OpenPGP standard..."
OpenPGP – a cryptography standard RFC4880 “OpenPGP … provide[s]…confidentiality, key management, authentication, and digital signatures”
bc – an arbitrary precision calculator able to perform the arithmetic necessary to operate the RSA algorithm
4
Crypto covered in this lecture or lab? cryptographic technology secret-key
o !! N
e !! h tim o ug t en
public-key
…
historical instances elemental* data transformation method(s) used Japanese Naval carryless addition Code 25 (JN-25) & half-borrow subtraction Data Encryption serial substitutions Standard (DES) & permutations Rivest-ShamirAdelman algorithm (RSA) Digital Signature Algorithm (DSA)
lab exercises
none
simplified-des (omitted)
modular arithmetic manual RSA operation with the bc calculator modular arithmetic keys, encryption, signing with GPG
*Ultimately all ciphers are substitution ciphers in that, ultimately, they substitute ciphertext for plaintext! But this characterizes what the cipher does to each “element” of the plaintext (e.g., byte or block), as it processes elements.
JN-25
5
First code group for a word
drawn from the “codebook” amounts to a dictionary entries are fixed English demo example code book: Code group
Word
39318 95280 80514 72084 41712 64479
apples bananas eat I like you
A codebook
Japanese codebook from 1933 on display at Bletchley Park Museum http://www.mkheritage.co.uk/bpt/JapCDSCH1.html
6
An example the Zimmerman note A message enciphered through a word-to-number codebook “dictionary.” The numbers map to German words.
(The note, from Germany proposing that Mexico go to war with the US, was intercepted, decoded, and publicized. It catalyzed US entry into World War I soon after.)
Footnote: WWI
7
DES simplified academic version S-DES a conventional (i.e., 11-key) substitution cipher represented by the following procedural example
S-DES* process flow *simplified version of the DES algorithm for tutorial purposes, by Edward Schaefer, Santa Clara University
Credit to Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, 1999 for figure and precision of explanation.
8
S-DES encryption component process flow
Credit to Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, 1999 for figures and precision of explanation.
Time does not allow…
discussion of DES procedural details here
nor manual exercise performing a simplified version in lab or as homework
9
GPG and publicpublic-key cryptography generally, of which it is an implementation
Functional purposes of cryptograhy
Confidentiality – ensuring illegibility to outsiders
Authentication – ensuring ostensible and actual sender are one and the same
Data integrity – ensuring non-alteration in transit
10
Cryptographic processing Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
2 broad technologies
Secret-key cryptography versus
Public-key cryptography w! e )
n ( 1970
11
Known synonymously as:
One technology – – – – – –
single-key private-key symmetric secret-key shared-key conventional
Versus the other – dual-key – public-key – asymmetric
What a pity! this one
Which key encrypts?
Which key decrypts?
the only key!
the only key!
the public key
the private key
public
secret
Key usage, per technology
!!-OR-!! the private key
the public key
12
Keys: secret-key crypto Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
(same key)
Keys: public-key crypto Encryption
Decryption
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
(different key)
13
Wait a minute…
If there are 2 guys, there are 2 key pairs (4 keys)
Who sends the key?
What key does he send?
What does that accomplish?
Well…
Only public keys can be sent!
So either guy could be the key sender
And he would send his public key (only! ever!)
Depending who sends, accomplishes
confidentiality, or
authentication
14
Data receiver as key sender Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
Key sender
(data receiver’s private key)
Key sent (data receiver’s public key)
Functional achievement checklist Data receiver as key sender
Confidentiality
Authentication
Data integrity
15
Data sender as key sender Key sender
(data sender’s private key)
Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext Key sent (data sender’s public key)
Functional achievement checklist Data sender as key sender
Confidentiality
Authentication
Data integrity
16
But can’t we have both together?
Confidentiality
Authentication
Data integrity
Certainly! if you just encrypt and decrypt twice
Encrypting the whole message twice is too expensive!! Make a little token1 from a big message with a hash function2
Encrypt the token instead of the message
1also
called a message digest or hash called a digest function, like MD5 or SHA1 or RIPEMD-160 (note: MD5 and SHA1, used for illustration in following screenshots, are deprecated due to weaknesses found in recent years) 2also
17
What is a message digest (a.k.a. hash) a value (digest) derived from a body of data (message) by application of an algorithmic function applied on all of the data (all bits)
digest = f ( message )
Digest function characteristics digest length constant (per particular function) digest characteristic of (if not unique to) message big digest variation for slight message variation irreversible, one-way, inverseless
18
digest length constant (per function)
Familiar short text Familiar long text
32-byte MD5 digest length, for both
40-byte SHA1 digest length, for both
Digest is characteristic of message; Slight input change -> big output change
“Authorized” occurs only once
change only one bit in the whole file
A=01000001 C=01000011
digest changes radically revert file to its original identically
digest reverts to its original identically
19
irreversible, one-way, inverseless few-byte digest for unbounded message impossible sufficient information could reside in scant input to reconstruct input
Confidential and authentic* Encryption
Decryption
(data sender)
(data receiver)
*gpg
encrypt and sign
H sender’s private
plaintext
cryptogram
S inverse cipher
receiver’s public
cipher plaintext
S sender’s public
cryptogram H - hash S - signature
receiver’s private
H
H
OK if same
20
…buys data integrity to boot!
Confidentiality
Authentication
Data integrity
Inclusion of hash buys data integrity because it is “genetically unique” to the data sent.
authentic but not confidential* Encryption
Decryption
(data sender)
(data receiver)
H
plaintext
*gpg
S
sender’s private
plaintext
S
sign only,
also useful
sender’s public
H
H
OK if same
H - hash S - signature
21
Example: believing in fedora 2) signature on digests’ file makes it believable
1) this file’s digests, for the other files, make them believable
Fedora hashed the blue content of file SHA1SUM, encrypted the hash with their private key, got this red signature and appended it to the file
You decrypt red with their public key, hash blue, compare for equality. If so, from them authentic.
22
Get fedora project’s public key
Add fedora’s key to your keyring
23
Use it: file really from fedora?
…if the key is really fedora’s, … the file is really from them we believe so
ostensible
per fedora and we believe it!
Do downloads check out?
OK, except actual
what’s up with disc2 ??
24
What does this have to do with the lab?
this theory is GPG’s practice (what GPG does)
RSA is the engine for doing the encrypting
Enigmail – integrates GPG+email
Others: http://www.gnupg.org/related_software/frontends.html
25
SecureZIP – compression with neartransparent PKI, integration in MS Office
Good product for experimenting/learning PKI independent technical review: http://media.grc.com/sn/SN-201-lq.mp3
gpa – GUI frontend to gpg
26
RSA
Several algorithms with “public-key properties” RSA ElGamal DSA
Rivest, Shamir, Adelman; MIT Taher ElGamal, Netscape NSA, NIST
27
RSA key generation steps choose 2 primes multiply them multiply their “predecessors” pick some integer
1. 2. 3. 4.
– –
call them p, q call product n (p-1,q-1)
–
call it e
between 1 and φ (exclusive) sharing no prime factor with φ
find the integer (there’s only one) that
5.
call product φ
call it d
times e divided by φ leaves 1
then your keys are: – –
public: e together with n private: d together with n
(e is for “encryption”) (d is for “decryption”)
Encrypting with public key {e,n} ( c = me mod n ) 1.
choose a cleartext message
call it m
– in the form of a number less than n 2. 3.
raise it to power e divide that by n
call remainder c
then your ciphertext result is c
28
Decrypting with private key {d,n} ( m = cd mod n ) take ciphertext c raise it to power d divide that by n
1. 2. 3.
call remainder r
then your recovered result is r – r is identically the original cleartext message m
How will we do keygen step 4? choose 2 primes multiply them multiply their “predecessors” pick some integer e
1. 2. 3. 4.
– –
easy easy (p-1,q-1)
–
not easy
between 1 and φ (exclusive) sharing no prime factor with φ
find the integer d (there’s only one) that
5.
easy
not easy
times e divided by φ leaves 1
then your keys are: – –
public: e together with n private: d together with n
(e is for “encryption”) (d is for “decryption”)
29
Numbers sans common prime factor numbers whose gcd* is 1 will do find x such that gcd(x, φ)=1 how do we find gcd of 2 numbers
– Euclid’s algorithm
*greatest
common divisor
How will we do keygen step 5? choose 2 primes multiply them multiply their “predecessors” pick some integer e
1. 2. 3. 4.
– –
easy easy (p-1,q-1)
–
not easy
between 1 and φ (exclusive) sharing no prime factor with φ
find the integer d (there’s only one) that
5.
easy
not easy
times e divided by φ leaves 1
then your keys are: – –
public: e together with n private: d together with n
(e is for “encryption”) (d is for “decryption”)
30
Successively test candidates multiply each integer, from 1, by e divide by φ check if remainder is 1 keep going till you find the one that is
RSA key generation example choose 2 primes multiply them multiply their “predecessors” pick some integer
1. 2. 3. 4.
– –
(p-1,q-1)
between 1 and φ (exclusive) sharing no prime factor with φ
find the integer (there’s only one) that
5.
–
p=5 q=11 n=55 φ=40 e=3
d=27
times e divided by φ leaves 1
then your keys are: –
public: e together with n
–
private: d together with n
3, 55 27, 55
31
Encrypting with public key {e,n} ( c = me mod n )
e= 3 n = 55
choose a cleartext message
1.
m=7
– in the form of a number less than n
raise it to power e divide that by n
2. 3.
73=343 343 = 55x6+13
then your ciphertext result is c
c=13
Decrypting with private key {d,n} ( m = cd mod n ) 1. 2.
take ciphertext c raise it to power d
13 1327
3.
d = 27 n = 55
=1192533292512492016559195008117
divide that by n 1192533292512492016559195008117 =
55 x 2497646399408352339319763167 + 7
then your recovered result is r
r=7
– r is identically the original cleartext message m
32
How to encrypt messages? RSA doesn’t encrypt “messages” only individual numbers but all digital data is numeric so split arbitrary data into “small-enough” bit blocks, then treat them individually how?
– any way it can be done, doesn’t matter in theory – up to you
Blocking data - possibility 1
RED APPLE = 826968326580807669 use 3-decimal-digit blocks separately encrypt: 826 968 326 580 807 669 be prepared for maximum ~ 999 minimum φ 1000, eg p=31 q=37
33
Blocking data - possibility 2
ABC = 01000001 01000010 01000011 use 12-bit blocksize separately encrypt: 010000010100 001001000011 be prepared for maximum – 4096 minimum φ 4097, eg p=67 q=71
Some considerations RSA “key size” – refers to n p and q should be about equal length but not extremely close (eg avoid successive primes) larger key, slower operation
– double n pubkey ops 2x slower, privkey 4x – e can stay fixed while n rises, but d up proportionately
practical keylengths, 1024 or 2048 bits RSA and DES per-keylength security comparisons apples and oranges
http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/how-large-a-key-should-be-used.htm
34
Some considerations RSA “key size” – refers to n p and q should be about equal length but not extremely close (eg avoid successive primes) larger key, slower operation
– double n pubkey ops 2x slower, privkey 4x – e can stay fixed while n rises, but d up proportionately
practical keylengths, 1024 or 2048 bits RSA and DES per-keylength security comparisons apples and oranges
http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/how-large-a-key-should-be-used.htm
Info sources - RSA
RSA and “A Miniature RSA Example” http://www.informit.com/articles/article.aspx?p=102212&seqNum=4
“Exploring RSA Encryption, ” Linux Journal http://www.linuxjournal.com/article/6695
35
Info sources - GPG
GPG official page – http://www.gnupg.org
GPG Mini HowTo – good, quick bare essentials
– http://www.gnupg.org/documentation/howtos.en .html GNU Privacy Handbook – more thorough and explanatory – http://www.gnupg.org/gph/en/manual.html
RFC4880 (OpenPGP message format)
Enigmail - http://enigmail.mozdev.org/
Info sources – JN-25
The Emporer's Codes, Breaking Japan's Secret Ciphers, Michael Smith, 2000, Arcade Publishing Double-Edged Secrets: U.S. Naval Intelligence Operations in the Pacific During World War II, W.J. Holmes Japanese JN-25 naval code http://www.vectorsite.net/ttcode_07.html#m1
36