1 / 23

Cryptography/Cryptanalysis, II

CS 436/636/736 February 27, 2006 Cryptography/Cryptanalysis, II Main References (this lecture) Applied Cryptography, 2/e, Schneier, Wiley Material from several chapters adapted for this set of lectures GNU Privacy Guard manual and web pages (more info on this provided later)

Mercy
Télécharger la présentation

Cryptography/Cryptanalysis, II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 436/636/736 February 27, 2006 Cryptography/Cryptanalysis, II

  2. Main References (this lecture) • Applied Cryptography, 2/e, Schneier, Wiley • Material from several chapters adapted for this set of lectures • GNU Privacy Guard manual and web pages (more info on this provided later) • Wikipedia (several, mentioned as lecture progresses) • Material from the course text (Chapter 8) • Wikipedia

  3. Topical Notes - QC/QIP/QE • Quantum Computing / Quantum Information Processing • http://www.magiqtech.com/products/whatisqip.php • Many articles and scholarly papers are in the literature • Quantum Encryption • http://www.magiqtech.com/products/whatisqip.php#cryptography • http://www.cookiecentral.com/quantum-encryption.htm • http://www.eetimes.com/story/OEG20031125S0047 • http://www.securitydocs.com/library/3230 • See also Scientific American, http://www.sciam.com/

  4. Topical Notes, II -Efforts to Break Enigma (further) • Recent efforts to break Enigma (courtesy of M. Curry) [ciphertext only] • http://www.bytereef.org/m4_project.html (M4 project) • Original attacks were known plaintext attacks (Polish mathematicians, Bletchley Park [UK]), and relied partially on errors/limitations of how Enigma was used • Clever, extremely innovative cryptanalysis and mechanical systems (bomby/bombe) to find keys and help partially decrypt messages • Huge potential size of space to search, but careful and dogged analysis, plus limits on how deployed help both original and current means to break • Mathematics and technology of breaking Enigma is interesting and on-going discussion area in Cryptanalysis, despite passage of 60 years since World War II ended. • Lots of writeups and literature on this subject (e.g., http://math.usask.ca/encryption/lessons/lesson00/page8.html,http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma )

  5. Enigma Machine(from Wikipedia commons)

  6. Outline • Crypto Hashes and Collisions • DES • IDEA • DAS • RSA • PGP • Gnu Privacy Guard • Web of Trust (Intro) • Summary

  7. Cryptographic Hashes • Related to one-way functions, but have slightly different properties • I. Preimage resistant; given a hash h=f(x), it should be hard to find x. • II. Given h1=f(x1), it should be hard to find x2, such thatf(x2)=h1. • III. Collision resistant: It should be difficult to find any two messages x1 and x2 that have the same hash • “Birthday attack” means that collision resistance makes a cryptographic hash at least 2x as long to be collision resistant as to satisfy II. • Ref: http://en.wikipedia.org/wiki/Cryptographic_hash_function • http://en.wikipedia.org/wiki/Birthday_attack

  8. Birthday attack (cf, Wikipedia) • Alice prepares a valid contract (m), and a set of similar ones, all valid, that differ by cosmetic differences only. She can also create a set of fraudulent contracts (m') and cosmetic variants of these. Then she computes the hash functions to all these, till she finds any pair where f(valid contract[m clone]) = f(fraudulent contract[m' clone]). • The valid contract is signed, but the fraudulent one can be substituted. Bob is cheated, since the hashes match. • If Bob changes the contract on receipt cosmetically before signing, to prevent the attack, Alice may suspect Bob of the same attack. • This means that collisions have to be relatively expensive to find, a long cryptographic hash being needed, as the probabilistic model for finding collisions is proportional to sqrt(n).

  9. MD5 • Message Digest Algorithm #5 • Replaced MD4, when issues were found with it • Ronald Rivest, 1991 (cf, RSA) • Flaws found in 1996 and 2004 etc • Now can only safely use to make sure files download correctly, very fast algorithms for breaking now exist • Example digests (e.g., md5sum, Wikipedia has code too): • MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 • MD5("The quick brown fox jumps over the lazy cog") = 1055d3e698d289f2af8663725127bd4b • Ref: http://en.wikipedia.org/wiki/MD5

  10. SHA-1 • Secure Hash Standard • SHA-1 replaced SHA-0, NIST standard 1993 • Some attacks have been shown, but still extremely difficult in practice • SHA-1 will be phased out by NIST by 2010 • Other SHA's have longer keys

  11. Collision Attacks on Cryptographic Hashes • Main points: • Collision attacks are possible • MD5 has flaws, SHA-1 has flaws • “Trust who you communicate with” remains a key aspect of security • Collisions/weaknesses in MD5 vs. SHA-1 • http://en.wikipedia.org/wiki/MD5 • http://www.venge.net/monotone/docs/Hash-Integrity.html • http://www.cryptography.com/cnews/hash.html

  12. DES/DEA • DES is Data Encryption Standard, 1976 • Based on Data Encryption Algorithm (DEA) • 56-bit key, 64-bit block • Block cipher – symmetric key cipher, works on fixed-length group of bits • Triple DES is a common strategy; keeps algorithm, increases key space (2 keys, 112 bits); triple encrypts w/ two keys. • AES is replacement for DES, Advanced Encryption System • Ref: http://en.wikipedia.org/wiki/Block_cipher

  13. AES – Advanced Encryption System • Block cipher • Fixed block size of 128-bits • Key size of 128, 192, or 256 bits • Used by OpenSSL • Attacks exist against implementations that leak information • Rjindael algorithm is a superset/close relative • Ref: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

  14. IDEA – Int. Data Encryption Alg. • Block cipher • 128-bit block, 64-bit key • Used in PGP ; non-commercial uses OK • Optional in OpenPGP; not used in GPG • Patented in some countries to 2010-2011 • Replacement: IDEA NXT = FOX • Ref:http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://en.wikipedia.org/wiki/FOX_%28cipher%29

  15. RSA • Algorithm for Public Key encryption (patented), 1977 • Invented by Rivest, Shamir, and Adlemen at MIT (R, S, & A) • Cocks (British mathematician), developed similar version in secret in 1973, revealed in 1997 • Can be used with one key for signing, another key for encryption • Develops shared secret via prime numbers and modulo arithmetic approaches, • Minimum of 1,024-bit keys recommended, given brute force attack potential (My IE6 has 128-bit encryption, by comparison) • Padding an essential aspect of security • Ref: http://en.wikipedia.org/wiki/RSA • RSA: http://www.rsasecurity.com/ • RSAlabs: http://www.rsasecurity.com/rsalabs/

  16. DSA – Digital Signature Algorithm • US Government standard for digital signatures • Patented, but royalty free • Builds on SHA-1 building block • Builds public/private key just for signature • Related to Elgamal signature scheme • Ref: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm

  17. ElGamal Signature • Asymmetric key encryption algorithm for PKE • Uses Diffie-Hellman key agreement algorithm • A single plaintext can be encrypted with several ciphertexts (probabilistic methods) • Used with GnuPG, Related to DSA • Chosen ciphertext attack vulnerable • Ref: http://en.wikipedia.org/wiki/ElGamal

  18. PGP – Pretty Good Privacy • Zimmerman created, lots of legal wrangling ensued with RSA • Built in response to “lack of privacy” concerns • Windows/Unix clients (used flaky IDEA originally) • Spawned OpenPGP effort, now IETF supported RFCs • Original had international and US “legal” versions after wrangling • Original Merged/demerged from NAI (now McAfee) • PGP is now a standalone company again, commercial • OpenPGP is a standard (RFC) • Ref:http://en.wikipedia.org/wiki/Pretty_Good_Privacy

  19. GnuPG – Gnu Privacy Guard • Free tool used to replace original PGP 2.6 • Implements OpenPGP (RFC 2440) • Does not use IDEA algorithm • Uses DSA/Elgamal • Open source, ported widely • http://www.gnupg.org/ • Often bundled with Linux, Windows client easy to install • We will use this extensively in this class

  20. Web of Trust • Used by PGP, GnuPG(PGP), and OpenPGP to establish authenticity of user <-> key purportedly of that user. • Alternative to having a single authority (central trust) – Trent / CA • Identity certificates in OpenPGP – owner info and public key • Three partially trusted endorsers endorse of a certificate, or one fully trusted endorser endorses, then that certificate is trusted • Parametrically settable (can require more partial trust or not accept at all) • You can have up to four steps removed in a web of trust, and still use that to endorse someone, but beyond four, it won't work • Using keyservers is helpful for central storing info, even though no CA. • Ref: http://en.wikipedia.org/wiki/Web_of_trust • See also: Gossamer web of trust - http://www.gswot.org/siteframe/

  21. Key Server • Holds public keys and signings of those keys • Corresponds with ASCII-armored PGP key exports, as produced by GnuPG and OpenPGP compliant systems • Try: http://pgp.mit.edu/ • Look at my public key at: • http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2EF66A1D Or by searching for me by name, and then selecting my UAB key.

  22. ASCII armored public key(tony@cis.uab.edu) Public Key Server -- Get ``0x2EF66A1D '' -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP Key Server 0.9.6 mQGiBEQAua4RBADOLOLzXgKXdrqkZ2aVowqi3uoBwZJek1d25VhasVz1YTdIehXd kptQGhOHj3nh0DpXUqHA+F5ZIqzMfr1iZ4kdf8bwC7mHAxH9wgYIGDCLUlG/Fk2H KpfugGbi84J4q/a5L0n1LAWTr3gIeISLrL3XJjAEcqLW5GR9mT87k9T8dwCgn6km /91elZeJA1+oRaYrX7Lhm78EAM2F2f4zrNDwDTEsNeNkoCNzmDG8slcHx5WKHXSq aunID/bM3Rc00VZ2FFbbKvDV2t0F4PfYR9BgSrEUXhiwjBBs3cGaCsC0pb/GoobN wGuKbFrn9px3wgM7YINNjZT4oFK/8RCGDnQv+yjWoQQcOq24tTCX1LbShtkyiaiB 5mMkBAC/e1tHIMrIOE8Z4ezjSCLMhw8Jio9Kefmh1gYe6Bi1b8uAbifMuBF/mfCo eXGUTH4zVVUiVwrV4v/I2LKVxYxr4vb2KTu2KzEefX4QgB8D8vNw7dt4vvcbYoiW f0YwxrR1wkA4kxii36A4X1MJk74kt6Db1wE3fLO8yM+Y/q61hbQtQW50aG9ueSBT a2plbGx1bSAoVUFCL0NJUykgPHRvbnlAY2lzLnVhYi5lZHU+iEYEEBECAAYFAkQB wNsACgkQTSfXwOvDtRVwZwCdHI9gD12i+N2k1phhjPI7VFMw1T4AnRNCKLcERpKk U1EQmlsS+Hlu48ILiEYEEBECAAYFAkQBxo8ACgkQUKLjtPbEz8b6TQCgiQOGDgtu Zeeg7H5X1rv4PCUYr6QAoLapfFdQw7fpI1P1OuuL5PJtTtS9iEYEEBECAAYFAkQB xrMACgkQkZRIGmZv2vDwDgCgs9BJv2zWBagRMw4CZBT2U/sHUi0AoIlucoHCoTmZ 47gnwewl7Tz4zPLciGAEExECACAFAkQAua4CGwMGCwkIBwMCBBUCCAMEFgIDAQIe AQIXgAAKCRB/l0XaLvZqHSoYAJwIDsd8Ch4F4+PogI4fSN4tmVtsQwCffTdP75zC Xb4RWVfHx2MQy0wTyAS5Ag0ERAC5xhAIANIAr2Eqd7r2NLla+Z58bpOVmM51ZwKe FaC8kq01g3y7nPh209oPjMqUYNFB1CgRjhKGEX8obRi8jCtcRDdPpMb7YbIUW309 f1wHOrvdLwryZHHf+qWPZSRy0hQI7iwa1sttrefA6O00NLOsn0LLZxxxFK0a6N+a 5F4VaSeLLQ7cfsBYVvHtZ5oxnxYxriAIbiNhW2240QY1a5YmmO79BLb2YUy73LR6 qT6qOXD0swUUyn4qPvW5RZPU1xz/BoIZ71nAaIavsUeXQP6ff3UAUlVKDiSrroiV EOwLGqsW5VlPUGqinZ3aRuOjN4Uloqw5mqGsu15taHs4mrWKaX9LLTMAAwUIAMzQ TO06Rw40mKJFEoVj2M+y21TF977ALIkTFj7P6cAncklh94nIfhUyB7S3BfeuIPwX hlobU84UtV/4mnF5w6SpoP+NDKkgW97qL1bxjngOTk74CbF4woTBMPsg/Qc0jQ2W 3mPhwVgYupDhx4jX3R+PkhirY5n2kqXHa7zRHGH3GSIgNCRdeO6b9GnAh7nciPQS FZOYcCz9W6fOdxnNAXwOoB55gbf+0+oT8gzd99sBAEm9YhpAnY3b1UTNHLZZ/TsY ezt073cQhjRs1ZTT/jLOvSK2j7u3fV4UCxz/mVry9sU9nAULieaJ+SbPnhlRit75 W2i+4kW9/jolgi+iGFaISQQYEQIACQUCRAC5xgIbDAAKCRB/l0XaLvZqHaFFAJ9Z 51jpfuolAulKd8nsMrDKJLlOMwCfXFOWNhWkmPbTEV+iYo7tSqjXaOw= =UhkR -----END PGP PUBLIC KEY BLOCK-----

  23. Summary • Culture Topics: Enigma, QIP • Hashes, MD5, SHA-1, open issues • Several PK systems, notably RSA • PGP, GnuPG import historical and current systems • Keep using longer keys, and longer hashes, to keep up with smart computer/mathematical attacks • Patents ending, so era of restriction for some legal reasons ending, other legal issues remain • Web of Trust, Keyservers important, alternatives to CA's. No perfect solution • There is no substitute for trust, despite all the efforts with encryption and signing

More Related