Information Security Lesson 8 - Cryptography - Eric Vanderburg

791 views

Published on

Information Security Lesson 8 - Cryptography - Eric Vanderburg

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
791
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Information Security Lesson 8 - Cryptography - Eric Vanderburg

  1. 1. Information Security Chapter 8 Cryptography Information Security © 2006 Eric Vanderburg
  2. 2. Terminology • Cryptography – transforming information so that it is secure when stored or transmitted. • Steganography – Hiding data inside another file • Encryption – changing data so that it cannot be read • Decryption – changing a message back so it can be read • Algorithm – the mathematical formula used for encryption • Key – value used by an algorithm to encrypt and decrypt Information Security © 2006 Eric Vanderburg
  3. 3. Terminology • Weak key – A key that can easily be determined • Plaintext (cleartext) – Unencrypted data • Cypher – algorithm tool used for encryption and decryption • Cyphertext – encrypted data Information Security © 2006 Eric Vanderburg
  4. 4. Cryptography Uses • Non-repudiation – someone cannot deny that they did an action (sending an email) • Confidentiality - encryption • Authentication – verify individuals • Integrity – hashes • Access Control – limited to those who possess the key or token Information Security © 2006 Eric Vanderburg
  5. 5. Hashing • One-way hash – create cyphertext from plaintext. It cannot be decrypted. It is used for integrity. • Passwords stored on machines and devices are usually hashed – Windows: Store passwords using reversible encryption • Checksum – looks at 1’s and 0’s in a byte and adds a 1 or 0 to the end. – Even parity – if the number of 1’s is odd, add a 1, if not add a 0 – Odd parity – if the number of 1’s is odd, add a 0, if not add a 1 Information Security © 2006 Eric Vanderburg
  6. 6. Secure Hashes • Collision - hashing algorithms should not be able to produce two identical hashes from different messages • You cannot predict what the hash will be for a message • The hash cannot be reversed • Hashing algorithms can be public but still produce secure hashes • Hashes are all the same size no matter what size the message is Information Security © 2006 Eric Vanderburg
  7. 7. Message Digest (MD) • Hashing algorithm • MD2 – turns plaintext into a 128 bit hash – Padding is used to make the plaintext it 128 if it is less than 128. – 16 byte checksum is attached – Created in 1989 for Intel processors that processed 16 bits at a time • MD4 - turns plaintext into a 128 bit hash – Pads plaintext to 512 bits instead of 128 – Many collisions – not secure. Less than a minute for a collision to occur Information Security © 2006 Eric Vanderburg
  8. 8. Message Digest (MD) • MD5 - turns plaintext into a 128 bit hash. Also pads to 512 bits – Splits the data into 4 32 bit sections and compresses the result. – The compression is considered slightly weak Information Security © 2006 Eric Vanderburg
  9. 9. SHA (Secure Hash Algorithm) • Creates a 160 bit hash of messages padded to 512 bits • Invented in 1993 by the NSA (National Security Agency) • Best hash to use Information Security © 2006 Eric Vanderburg
  10. 10. Symmetric Encryption • Single key used for encryption and decryption • Private Key Cryptography • Stream cipher – one character is processed at a time – Fast on short messages – Easier to exploit because they are more predictable – Substitution – one letter is replaced by something else • Monoalphabetic – one to one • Homoalphabetic – one character is mapped to many ciphertext characters Information Security © 2006 Eric Vanderburg
  11. 11. Symmetric Encryption • Transposition Cipher – rearranges characters • All symmetric ciphers combine the plaintext and cipher stream together in the end to form the ciphertext. The process uses a binary XOR (different = 1, same = 0) • 0011011 • 0101001 • 0110010 Information Security © 2006 Eric Vanderburg
  12. 12. Symmetric Encryption • Block cipher – works on 8-16 bytes (a block) at a time – Better for encrypting longer messages – Harder to break because an 8-16 byte block is more unique than a single character Information Security © 2006 Eric Vanderburg
  13. 13. Symmetric Algorithms • Iteration – running data through an algorithm – each iteration is called a round • DES (Data Encryption Standard) – Developed by IBM called Lucifer in 128 bit length. – NSA adopted it in the early 70’s but shortened the length to 56 bits – Block cipher – 56 bit because the 64 bit parity is not used so 1 bit per byte is lost. – 64 bits of plaintext is iterated 16 times – Uses weak keys, can be broken in about 3 hours Information Security © 2006 Eric Vanderburg
  14. 14. Symmetric Algorithms • DES Modes – ECB (Electronic Code Book) – block cipher that encrypts 64 bit portions of plaintext individually – CBC (Cipher Block Chaining) – links the blocks together to vary the output – more secure than ECB – CFB (Cipher Feedback) – The output of the first round is used as the pattern for the next. Most secure DES mode but very slow. – OFB (Output feedback) – adds the results of rounds together with the plaintext in each iteration • 3DES (Triple DES) – 3 DES iterations (3x16 = 48) – Uses same weak keys as DES – Must use different keys for the iterations for it to be better than DES at all. – Takes much longer than DES Information Security © 2006 Eric Vanderburg
  15. 15. Symmetric Algorithms • AES (Advanced Encryption Standard) – – – – Replaced DES in 2000 Rinjdael algorithm Block cipher Can work with different key sizes • 128 bit – 9 rounds • 192 bit – 11 rounds • 256 bit – 13 rounds – Each round performs substitution, transposition, and then multiplication – So far, AES is secure • Blowfish – Block cipher, 64 bit blocks – Key length from 32-448 bits – So far, blowfish is secure Information Security © 2006 Eric Vanderburg
  16. 16. Symmetric Algorithms • IDEA (International Data Encryption Algorithm) – – – – – Created in early 90’s in Europe 8 rounds 128 bit key Block cipher that works with 64 bit data slices Used in PGP • RC (Rivest Cipher) – RC1 and 3 not released – RC2 – block cipher, 40 bit key, works with 64 bit data slices, created first for lotus, 18 rounds – RC4 – steam cipher, 128 bit key, used in WEP & SSL, weak keys – RC5 – block cipher, works with different key lengths, 12 rounds – RC6 – block cipher, 128, 192, and 256 bit keys, 20 rounds (finalist for AES) Information Security © 2006 Eric Vanderburg
  17. 17. Asymmetric Encryption • Public Key Cryptography • Solves the problem of key management • Public Key – everyone knows, use for encryption • Private Key – you know, use for decryption and signing • Small key sizes can be broken • A good key size is 1,536 bits Information Security © 2006 Eric Vanderburg
  18. 18. Asymmetric Algorithms • RSA (Rivest Shamir Adleman) – – – – Most common algorithm Uses prime numbers Slower Used by S/MIME & SSL • Diffie Hellman – Used in IPSec and SSH • Elliptic Curve Cryptography – Uses a mathematical curve where two points intersect the curve and then a third point on the curve – A new algorithm so it has not been tested much Information Security © 2006 Eric Vanderburg
  19. 19. Algorithm Overview Hashing Symmetric Asymmetric MD 2, 4, 5 DES RSA SHA 3DES Diffie-Hellman AES Elliptic Curve Blowfish RC 2,4,5,6 IDEA Information Security © 2006 Eric Vanderburg
  20. 20. Digital Signature • • 1. 2. 3. 4. Proves identity and integrity Non-repudiation Create a hash of a message Encrypt hash with private key Receiver receives the message Receiver decrypts the hash with the sender’s public key knowing the message came from them. 5. Receiver hashes the message and compares the hash with the hash contained in the message. If they match, the message was not changed or corrupted in transit. Information Security © 2006 Eric Vanderburg
  21. 21. Implementations • PGP (Pretty Good Privacy) – – – – Encrypts email messages Uses asymmetric cryptography GPG (GNU Privacy Guard) – free PGP program PGP Desktop 9.0 (works with many other programs and also AOL Instant Messenger, Apple iChat and Trillian. • EFS (Encrypting File System) – Encrypt documents or folders on an NTFS volume. – Uses a private key associated with a user and the recovery agent • PAM (Pluggable Authentication Modules) – Modules written for PAM will work with many different authentication methods that PAM supports. – Used on UNIX machines • CFS (Cryptographic File System) – Linux file encryption method using DES and 3DES Information Security © 2006 Eric Vanderburg
  22. 22. Acronyms • • • • • • • • • • • • • AES, Advanced Encryption Standard CFS, Crypographic File System DES, Data Encryption Standard EFS, Encrypting File System GPG, GNU Privacy Guard IDEA, International Data Encryption Algorithm MD, Message Digest PAM, Pluggable Authentication Module PGP, Pretty Good Privacy RC, Rivest Cipher RSA, Rivest Shamir Adleman SHA, Secure Hash Algorithm 3DES, Triple Data Encryption Standard Information Security © 2006 Eric Vanderburg

×