Cryptography secretsecret-key and and publicpublic-key technologies

September 2, 2016

Administrative – platform, per lab Cryptography

CentOS-6.4

Authentication

kali linux

Authorization

CentOS-6.4

Application security stack overflow heartbleed c sign extension

CentOS 4.3 min-gdb kali linux CentOS-6.4

Packet sniffing

CentOS-6.4

Firewalls (DETER)

n/a

Intrusion detection

CentOS 4.3 min-gdb

Arp spoofing (DETER)

n/a

Tunnels and vpns (DETER)

n/a

Computer forensics (DETER)

n/a

1

Administrative – lab schedule


four meetings weekly Wed 12:00-1:20 Thu 12:00-1:20 Fri 1:30-14:50 Fri 15:00-16:20




your individual assigned time is at website link entitled “Student lab times”




aonomalies - scheduling problems for certain students: bokka, jha, ma, mohammed, narasimha, ramaswamy, rohela, sidhwani or students who registered late

Please contact me so we can try to resolve

Administrative – submittal deadlines


by labtime each week, for lab exercise performed previous week




example, current topic of cryptography – attend lecture – perform exercise – submit by

Sep 4 Sep 7, 8, or 9; Sep 14, 15, 16;

4:30pm or DEN/remote or 16 4:30pm

2

Administrative - DEN email forthcoming with download link to VMs
weekly due dates for DEN


– same as for last on-campus students: Fri 4:30pm

Administrative – upcoming lab


you’ll need to take a file from the lab – ftp it to somewhere you have access – local usb flash drive determine drive’s name (dmesg, tail /var/log/messages) mount it, eg, “mount /dev/sdb1 /mnt/”
graders or fellow students will help






read instructions before labtime – in general, advance examination a good idea – in particular, first part of RSA instructions this week

3

Administrative – submittal instructions








answer the lab assignment’s questions in written report form, as a text, pdf, or Word document file (no obscure formats please) r email to [email protected] filte Our ks you ! n a h exact subject title must be “cryptolab” t deadline is start of your lab session the following week reports not accepted (zero for lab) if – late – you did not attend – email subject title deviates

This lab exercise uses…


GPG (GNU Privacy Guard) – implements OpenPGP "GnuPG is the GNU project's...implementation of the OpenPGP standard..."




OpenPGP – a cryptography standard RFC4880 “OpenPGP … provide[s]…confidentiality, key management, authentication, and digital signatures”




bc – an arbitrary precision calculator able to perform the arithmetic necessary to operate the RSA algorithm

4

Crypto covered in this lecture or lab? cryptographic technology secret-key

o !! N

e !! h tim o ug t en

public-key

…

historical instances elemental* data transformation method(s) used Japanese Naval carryless addition Code 25 (JN-25) & half-borrow subtraction Data Encryption serial substitutions Standard (DES) & permutations Rivest-ShamirAdelman algorithm (RSA) Digital Signature Algorithm (DSA)

lab exercises

none

simplified-des (omitted)

modular arithmetic manual RSA operation with the bc calculator modular arithmetic keys, encryption, signing with GPG

*Ultimately all ciphers are substitution ciphers in that, ultimately, they substitute ciphertext for plaintext! But this characterizes what the cipher does to each “element” of the plaintext (e.g., byte or block), as it processes elements.

JN-25

5

First code group for a word




drawn from the “codebook” amounts to a dictionary entries are fixed English demo example code book: Code group

Word

39318 95280 80514 72084 41712 64479

apples bananas eat I like you

A codebook

Japanese codebook from 1933 on display at Bletchley Park Museum http://www.mkheritage.co.uk/bpt/JapCDSCH1.html

6

An example the Zimmerman note A message enciphered through a word-to-number codebook “dictionary.” The numbers map to German words.

(The note, from Germany proposing that Mexico go to war with the US, was intercepted, decoded, and publicized. It catalyzed US entry into World War I soon after.)

Footnote: WWI

7

DES simplified academic version S-DES a conventional (i.e., 11-key) substitution cipher represented by the following procedural example

S-DES* process flow *simplified version of the DES algorithm for tutorial purposes, by Edward Schaefer, Santa Clara University

Credit to Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, 1999 for figure and precision of explanation.

8

S-DES encryption component process flow

Credit to Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, 1999 for figures and precision of explanation.

Time does not allow…


discussion of DES procedural details here

nor manual exercise performing a simplified version in lab or as homework


9

GPG and publicpublic-key cryptography generally, of which it is an implementation

Functional purposes of cryptograhy


Confidentiality – ensuring illegibility to outsiders




Authentication – ensuring ostensible and actual sender are one and the same




Data integrity – ensuring non-alteration in transit

10

Cryptographic processing Encryption

Decryption

(data sender)

(data receiver)

plaintext

cryptogram

cipher

inverse cipher

cryptogram

plaintext

2 broad technologies


Secret-key cryptography versus




Public-key cryptography w! e )

n ( 1970

11

Known synonymously as:


One technology – – – – – –

single-key private-key symmetric secret-key shared-key conventional




Versus the other – dual-key – public-key – asymmetric

What a pity! this one

Which key encrypts?

Which key decrypts?

the only key!

the only key!

the public key

the private key

public

secret

Key usage, per technology

!!-OR-!! the private key

the public key

12

Keys: secret-key crypto Encryption

Decryption

(data sender)

(data receiver)

plaintext

cryptogram

cipher

inverse cipher

cryptogram

plaintext

(same key)

Keys: public-key crypto Encryption

Decryption

plaintext

cryptogram

cipher

inverse cipher

cryptogram

plaintext

(different key)

13

Wait a minute…


If there are 2 guys, there are 2 key pairs (4 keys)




Who sends the key?




What key does he send?




What does that accomplish?

Well…


Only public keys can be sent!




So either guy could be the key sender




And he would send his public key (only! ever!)




Depending who sends, accomplishes


confidentiality, or




authentication

14

Data receiver as key sender Encryption

Decryption

(data sender)

(data receiver)

plaintext

cryptogram

cipher

inverse cipher

cryptogram

plaintext

Key sender

(data receiver’s private key)

Key sent (data receiver’s public key)

Functional achievement checklist Data receiver as key sender


Confidentiality




Authentication




Data integrity

15

Data sender as key sender Key sender

(data sender’s private key)

Encryption

Decryption

(data sender)

(data receiver)

plaintext

cryptogram

cipher

inverse cipher

cryptogram

plaintext Key sent (data sender’s public key)

Functional achievement checklist Data sender as key sender


Confidentiality




Authentication




Data integrity

16

But can’t we have both together?


Confidentiality




Authentication




Data integrity

Certainly! if you just encrypt and decrypt twice

Encrypting the whole message twice is too expensive!! Make a little token1 from a big message with a hash function2







Encrypt the token instead of the message

1also

called a message digest or hash called a digest function, like MD5 or SHA1 or RIPEMD-160 (note: MD5 and SHA1, used for illustration in following screenshots, are deprecated due to weaknesses found in recent years) 2also

17

What is a message digest (a.k.a. hash) a value (digest) derived from a body of data (message)
by application of an algorithmic function
applied on all of the data (all bits)


digest = f ( message )

Digest function characteristics digest length constant (per particular function)
digest characteristic of (if not unique to) message
big digest variation for slight message variation
irreversible, one-way, inverseless


18

digest length constant (per function)

Familiar short text Familiar long text

32-byte MD5 digest length, for both

40-byte SHA1 digest length, for both

Digest is characteristic of message; Slight input change -> big output change

“Authorized” occurs only once

change only one bit in the whole file

A=01000001 C=01000011

digest changes radically revert file to its original identically

digest reverts to its original identically

19

irreversible, one-way, inverseless few-byte digest for unbounded message
impossible sufficient information could reside in scant input to reconstruct input


Confidential and authentic* Encryption

Decryption

(data sender)

(data receiver)

*gpg

encrypt and sign

H sender’s private

plaintext

cryptogram

S inverse cipher

receiver’s public

cipher plaintext

S sender’s public

cryptogram H - hash S - signature

receiver’s private

H

H

OK if same

20

…buys data integrity to boot!


Confidentiality




Authentication




Data integrity

Inclusion of hash buys data integrity because it is “genetically unique” to the data sent.

authentic but not confidential* Encryption

Decryption

(data sender)

(data receiver)

H

plaintext

*gpg

S

sender’s private

plaintext

S

sign only,

also useful

sender’s public

H

H

OK if same

H - hash S - signature

21

Example: believing in fedora 2) signature on digests’ file makes it believable

1) this file’s digests, for the other files, make them believable

Fedora hashed the blue content of file SHA1SUM, encrypted the hash with their private key, got this red signature and appended it to the file

You decrypt red with their public key, hash blue, compare for equality. If so, from them authentic.

22

Get fedora project’s public key

Add fedora’s key to your keyring

23

Use it: file really from fedora?

…if the key is really fedora’s, … the file is really from them we believe so

ostensible

per fedora and we believe it!

Do downloads check out?

OK, except actual

what’s up with disc2 ??

24

What does this have to do with the lab?


this theory is GPG’s practice (what GPG does)




RSA is the engine for doing the encrypting

Enigmail – integrates GPG+email

Others: http://www.gnupg.org/related_software/frontends.html

25

SecureZIP – compression with neartransparent PKI, integration in MS Office

Good product for experimenting/learning PKI independent technical review: http://media.grc.com/sn/SN-201-lq.mp3

gpa – GUI frontend to gpg

26

RSA

Several algorithms with “public-key properties” RSA
ElGamal
DSA


Rivest, Shamir, Adelman; MIT Taher ElGamal, Netscape NSA, NIST

27

RSA key generation steps choose 2 primes multiply them multiply their “predecessors” pick some integer

1. 2. 3. 4.

– –

call them p, q call product n (p-1,q-1)

–

call it e

between 1 and φ (exclusive) sharing no prime factor with φ

find the integer (there’s only one) that

5.

call product φ

call it d

times e divided by φ leaves 1

then your keys are: – –

public: e together with n private: d together with n

(e is for “encryption”) (d is for “decryption”)

Encrypting with public key {e,n} ( c = me mod n ) 1.

choose a cleartext message

call it m

– in the form of a number less than n 2. 3.

raise it to power e divide that by n

call remainder c

then your ciphertext result is c

28

Decrypting with private key {d,n} ( m = cd mod n ) take ciphertext c raise it to power d divide that by n

1. 2. 3.

call remainder r

then your recovered result is r – r is identically the original cleartext message m

How will we do keygen step 4? choose 2 primes multiply them multiply their “predecessors” pick some integer e

1. 2. 3. 4.

– –

easy easy (p-1,q-1)

–

not easy

between 1 and φ (exclusive) sharing no prime factor with φ

find the integer d (there’s only one) that

5.

easy

not easy

times e divided by φ leaves 1

then your keys are: – –

public: e together with n private: d together with n

(e is for “encryption”) (d is for “decryption”)

29

Numbers sans common prime factor numbers whose gcd* is 1 will do
find x such that gcd(x, φ)=1
how do we find gcd of 2 numbers


– Euclid’s algorithm

*greatest

common divisor

How will we do keygen step 5? choose 2 primes multiply them multiply their “predecessors” pick some integer e

1. 2. 3. 4.

– –

easy easy (p-1,q-1)

–

not easy

between 1 and φ (exclusive) sharing no prime factor with φ

find the integer d (there’s only one) that

5.

easy

not easy

times e divided by φ leaves 1

then your keys are: – –

public: e together with n private: d together with n

(e is for “encryption”) (d is for “decryption”)

30

Successively test candidates multiply each integer, from 1, by e
divide by φ
check if remainder is 1
keep going till you find the one that is


RSA key generation example choose 2 primes multiply them multiply their “predecessors” pick some integer

1. 2. 3. 4.

– –

(p-1,q-1)

between 1 and φ (exclusive) sharing no prime factor with φ

find the integer (there’s only one) that

5.

–

p=5 q=11 n=55 φ=40 e=3

d=27

times e divided by φ leaves 1

then your keys are: –

public: e together with n

–

private: d together with n

3, 55 27, 55

31

Encrypting with public key {e,n} ( c = me mod n )

e= 3 n = 55

choose a cleartext message

1.

m=7

– in the form of a number less than n

raise it to power e divide that by n

2. 3.

73=343 343 = 55x6+13

then your ciphertext result is c

c=13

Decrypting with private key {d,n} ( m = cd mod n ) 1. 2.

take ciphertext c raise it to power d

13 1327

3.

d = 27 n = 55

=1192533292512492016559195008117

divide that by n 1192533292512492016559195008117 =

55 x 2497646399408352339319763167 + 7

then your recovered result is r

r=7

– r is identically the original cleartext message m

32

How to encrypt messages? RSA doesn’t encrypt “messages”
only individual numbers
but all digital data is numeric
so split arbitrary data into “small-enough” bit blocks, then treat them individually
how?


– any way it can be done, doesn’t matter in theory – up to you

Blocking data - possibility 1






RED APPLE = 826968326580807669 use 3-decimal-digit blocks separately encrypt: 826 968 326 580 807 669 be prepared for maximum ~ 999 minimum φ 1000, eg p=31 q=37

33

Blocking data - possibility 2






ABC = 01000001 01000010 01000011 use 12-bit blocksize separately encrypt: 010000010100 001001000011 be prepared for maximum – 4096 minimum φ 4097, eg p=67 q=71

Some considerations RSA “key size” – refers to n
p and q should be about equal length
but not extremely close (eg avoid successive primes)
larger key, slower operation


– double n  pubkey ops 2x slower, privkey 4x – e can stay fixed while n rises, but d up proportionately

practical keylengths, 1024 or 2048 bits
RSA and DES per-keylength security comparisons apples and oranges


http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/how-large-a-key-should-be-used.htm

34

Some considerations RSA “key size” – refers to n
p and q should be about equal length
but not extremely close (eg avoid successive primes)
larger key, slower operation


– double n  pubkey ops 2x slower, privkey 4x – e can stay fixed while n rises, but d up proportionately

practical keylengths, 1024 or 2048 bits
RSA and DES per-keylength security comparisons apples and oranges


http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/how-large-a-key-should-be-used.htm

Info sources - RSA


RSA and “A Miniature RSA Example” http://www.informit.com/articles/article.aspx?p=102212&seqNum=4




“Exploring RSA Encryption, ” Linux Journal http://www.linuxjournal.com/article/6695

35

Info sources - GPG


GPG official page – http://www.gnupg.org




GPG Mini HowTo – good, quick bare essentials




– http://www.gnupg.org/documentation/howtos.en .html GNU Privacy Handbook – more thorough and explanatory – http://www.gnupg.org/gph/en/manual.html




RFC4880 (OpenPGP message format)




Enigmail - http://enigmail.mozdev.org/

Info sources – JN-25






The Emporer's Codes, Breaking Japan's Secret Ciphers, Michael Smith, 2000, Arcade Publishing Double-Edged Secrets: U.S. Naval Intelligence Operations in the Pacific During World War II, W.J. Holmes Japanese JN-25 naval code http://www.vectorsite.net/ttcode_07.html#m1

36