Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...
TM112 Meeting12-Cryptography.pptx
1. Meeting #12
Block 3 (Part 3)
Cryptography:The Secret of Keeping Secrets
TM112: Introduction to Computing and
InformationTechnology
1
OU Materials, PPT prepared by Dr.Ahmad Mikati
2. Contents
2
• Introduction
• Hashing
• Ciphers and Keys: An Introduction to Encryption
• Symmetric Encryption
• TurningThe World Upside Down: Asymmetric Cryptography
• Summary
3. 3
Introduction
• Computer security technologies are a double-edged sword: they
not only protect legitimate users from attack, but they can also hide
criminals from law enforcement. The history of computer security
has always been a balance between those who see these
technologies as a benefit to society and those who consider it a
great threat.
• As we move through this part, you should notice that we place
increased emphasis on the conflict between what is technologically
possible and what is socially acceptable.
Can we trust people with data? Should governments dictate how we
use data? Can we trust governments? And can we trust the computers
themselves?
4. 4
Hashing
• We used hashing earlier to obscure passwords stored on computers. In
this context, hashing is used to hide the actual value of the password
from prying eyes, but hashing has many more uses and is crucial to a
wide range of computer technologies.
• Hashing is useful because of two related characteristics:
1. It is a ‘one-way’ operation.
2. A variation of a single bit of data between two otherwise
identical files will result in vastly different hash values
• Many different hashing algorithms have been developed, of which
several have been widely adopted (seeTable 3.1).
5. 5
Hashing
Algorithm Hash size (bits) Published
Message Digest algorithm 5 (MD5) 128 1992
Secure Hash Algorithm 1 (SHA-1) 160 1995
Secure Hash Algorithm 2 (SHA-2) Up to 512 2001
Secure Hash Algorithm 3 (SHA-3) Up to 512 2015
Table 3.1 A comparison of four widely used hashing standards
• Whilst hashes are described in terms of the number of bits making up the
hash, they are usually stored and displayed as hexadecimal values, with
every four bits represented by a single hexadecimal value (0–f). So the 128-
bit MD5 hash
1100 0111 1111 0100 0101 0101 1110 0010 0111 0111 0000 0100 0011 0110
0100 0110 1111 0111 1101 1101 0110 0111 1000 0001 1001 1100 0110 1000
0000 0101 0011 1111
• is stored as the 32 character hexadecimal value
c7f455e2 77043646 f7dd6781 9c68053f.
6. 6
Collisions
• Hashes are widely used in so-called digital certificates, which are used to
authenticate the origins of software.
• Ideally, a hashing algorithm should produce a unique hash for every
different piece of data. However, hashing algorithms can produce
identical hashes (so-called non-unique hashing) for different pieces of
data – known as a collision.
• Collisions are extremely rare – the first MD5 collision was only found after
hashing 250 different pieces of data – but that they exist at all means it is
impossible to completely guarantee the integrity of data hashed using
MD5. It is safe to say that if a malicious party processes enough MD5
hashes, they will find collisions that can be exploited.
7. 7
Collisions
• The possibility of collisions means the MD5 algorithm cannot guarantee data is
authentic. Nor is it the only hashing algorithm under threat.
• The possibility that SHA-1 collisions could be used to falsify data has
encouraged software developers to redesign their applications, replacing MD5
and SHA-1 with more secure hashing algorithms such as SHA-2.
• Whilst SHA-2 is still considered secure, the US government has approved an
even more secure algorithm – unimaginatively called SHA-3. There is a much
smaller possibility that collisions will be found between SHA-3 hashes than
those for SHA-2.
8. 8
Protecting Hashed Passwords
• Block 2 Part 7 showed how hashes can obscure computer
passwords, but cannot guarantee their safety, since hashed
passwords can still be compromised by a dictionary attack using a
dictionary of hashed words.
• Dictionary attacks are relatively simple to mount and can be
devastatingly effective. Therefore, security designers have
attempted to further strengthen defenses for those people who
choose to use easily guessed passwords. Salting is a process in
which a computer adds a small amount of additional data to a
password before it is hashed.
9. 9
Protecting Hashed Passwords
• For instance:
1. A new user might choose the (terrible) password passw0rd, which is
almost certainly in any attacker’s dictionary and therefore
vulnerable.
2. The computer generates a random number, called the salt, e.g.
73950.
3. The two are joined together, creating a new password; depending
on the implementation of salting, the user’s password is
transformed into either passw0rd73950 or 73950passw0rd.
4. The new value is hashed.
5. The computer securely stores the salt alongside the hash.
• When the user next logs in, they enter their password (passw0rd);
the computer recovers their salt, recombines it with the password
and generates a hash which is compared to the stored hash.
10. 10
Why SaltWorks
• Salt greatly increases the number of possible hashes any attacker
must test in a dictionary attack. Rather than the attacker having to
generate and test a single hash value for each entry in the
dictionary, they would have to generate and test hashes for every
word combined with every possible salt value.
• For example, the MD5 hash for passw0rd is:
bed128365216c019988915ed3add75fb
• Without salting, an attacker only needs to test this hash to see if an
account’s password is passw0rd. If we add just a three-bit salt –
which has eight possible values, 000, 001, 010, 011, 100, 101, 110 or
111 – we must now generate and test hashes for:
11. 11
Why SaltWorks
passw0rd000, passw0rd001, passw0rd010, passw0rd011,
passw0rd100, passw0rd101, passw0rd110, passw0rd111,
000passw0rd, 001passw0rd, 010passw0rd, 011passw0rd,
100passw0rd, 101passw0rd, 110passw0rd, 111passw0rd
• Rather than testing one hash for each word in the dictionary, we
now need to test sixteen different hashes. Salting has made a
brute-force attack sixteen times more difficult than without using
salt.
• Real-world salts are much longer than three bits; typically, salting
schemes use equal-length salts and hashes.
12. 12
More password protection-Key stretching
• Key stretching increases the amount of time required for even the
fastest CPUs to create a hash. It has little or no effect on most
legitimate users; if a hash takes half a second to generate.
• However, if verifying a single password takes half a second, it is
impossible to perform a brute-force attack on that computer in a
reasonable amount of time.
• Key stretching may be problematic for online shopping sites or social
media services where very large numbers of users are constantly
logging in and out.
13. 13
More password protection-Encrypting Hashes
• We can further protect the password file using encryption, obscuring
its contents to anyone not possessing a piece of data known as the
key. Even if the password file is stolen, it is useless so long as the
encryption key is not also stolen.
• In the most secure systems, passwords are stored, encrypted and
decrypted by hardware security modules (HSM) plugged into a USB
or Ethernet port on the host computer (Figure 3.2). HSMs are designed
in such a manner that there is no way to export keys from the HSM in a
usable format. In fact, the only way to steal the keys is to steal the
HSM itself from a highly secure location.
Figure 3.2 The YubiHSM, a hardware security module designed to
plug into a USB port on almost any type of computer.
14. 14
The Benefits and Limitations of
Hashing
• Hashing can:
confirm data has not been changed since the hash was generated
obscure passwords from casual inspection.
• Hashing cannot:
confirm that data has never been changed
guarantee the confidentiality of data
authenticate the creator or sender of data.
15. 15
Ciphers and Keys: An Introduction
to Encryption
• Encryption is a field of mathematics concerned with obscuring
information from unwanted viewers in such a way that the original
information can be recovered later. Machine encryption systems
originated during the early twentieth century, including the famous
Enigma codes of the Second World War. For most of history, encryption
was time-consuming, expensive and largely restricted to governments
and businesses.
• The development of the computer, in part to break sophisticated wartime
German and Japanese codes, spurred the development of yet more
complex means of encryption. Computers could perform:
the mathematical operations that underpin all cryptography
much more complex mathematics than could be reasonably
expected of a human
much faster than a human …
… on much more data than a human could handle.
16. 16
Ciphers and Keys: An Introduction
to Encryption
• Computer encryption algorithms work on binary data, so any data that
can be represented in binary can be encrypted. It is not an exaggeration to
say that encryption makes much of the modern world possible.
• Some commonplace applications for cryptography include:
secure banking and payments systems – cryptography safeguards
your money, whether it is sitting in an account, being transferred
between accounts, issued at an ATM or used to shop online
protecting conversations made over mobile phones and online
telecoms applications such as Skype andWhatsApp
safeguarding wireless networks
authenticating data (as seen in Section 3.1)
securing files stored on hard disks and memory sticks
authenticating electronic documents
electronic voting
preventing piracy of media files, including games, music and movies
and so on.
17. 17
SomeTerminology
Before going further, it is necessary to introduce some specialized
terminology relevant to cryptography that we will use for the
remainder of this module.
Plaintext is information that can be directly read by humans or
a machine.
Ciphertext is the encrypted data.
A key is a piece of data that determines the value of the
ciphertext when plaintext is encrypted (and vice versa).
A cipher is the algorithm responsible for turning plaintext into
ciphertext, and for restoring ciphertext to plaintext, using one
or more keys.
Encryption is the process of converting plaintext to ciphertext.
Decryption is the process of reverting ciphertext to plaintext
(occasionally ‘decipherment’).
18. 18
Computer Encryption Keys
• An encryption key is a string of bits. The longer the string (the key
length), the greater the number of possible keys. For a key length
of 𝑛, there are 2𝑛
possible keys (seeTable 3.2).
Key Length Number of keys Key values
1 21 (2) 0, 1
2 22 (4) 00, 01, 10, 11
3 23 (8) 000, 001, 010, 011, 100, 101, 110, 111
…
10 210 (1024) 0000000000, 0000000001, 0000000010, …
Table 3.2 The number of possible keys available with differing key lengths
• Keys are the second input to an encryption algorithm alongside
the plaintext itself. (For decryption, the key and the ciphertext are
inputs and the plaintext is the output.)
• Different keys allow a single encryption algorithm to produce an
almost limitless number of different outputs.
19. 19
The ProblemWith Short Keys
• Short keys are vulnerable to brute-force attacks, where one or
more computers attempt to decrypt ciphertext by testing every
possible key until they produce recognizable plaintext.
• Testing a million keys per second may sound fast, but this can
easily be achieved by a modest PC. Therefore, keys must be
sufficiently long that they offer a very large number of possible
values. Keys often have lengths of 2128, 21024 or 22048 bits, producing
unimaginably large numbers of possible key values, rendering
brute-force attacks useless.
• Encryption that is resistant to brute-force attacks and whose
algorithm has no known weaknesses is known as strong
encryption.
20. 20
Session Keys
• The final type of key listed above is called a session key (or
sometimes a content encryption key or traffic encryption key).
Session keys can offer greater levels of protection than other
forms of encryption:
New keys are generated for each exchange of data. In the unlikely
event that a session key is broken by an attacker, later exchanges are
protected by different keys.
Issuing new keys prevents attackers recovering plaintext by
exploiting any similarities between ciphertexts when a single key is
reused on multiple pieces of plaintext.
Keys are deleted at the end of a session; they cannot be stolen by
hacking or theft of the computer.
• We will revisit session keys later when we see how data is
encrypted on the internet.
21. 21
Symmetric Encryption
• Highly secure symmetric encryption can be performed at very high
speeds even on modest computer equipment. For this reason,
most encrypted data sent over networks uses one of a relatively
small number of symmetric algorithms.
22. 22
The Data Encryption Standard
(DES)
• Data Encryption Standard – 56 bit keys was originally 64bits as
proposed by IBM, and then reduced to 56 bits.
• DES breaks plaintext into 64-bit blocks, each of which are divided
into two halves. One half is scrambled using an algorithm (the F-
function) which stretches, mixes and substitutes bits within the 32-
bits. The two halves are recombined, then swapped and the
process repeated. This is repeated sixteen times to produce the
final DES ciphertext. Decryption of DES ciphertext is performed by
reversing the process using the same key.
23. 23
The Stopgap:Triple DES
• From 1999 onwards, the US government recommended users of
DES moved to so-called Triple DES (3DES) encryption. Rather than
a new form of encryption, 3DES applies the DES algorithm three
times to each of the plaintext blocks. 3DES is more secure than
DES because it uses a key-bundle usually containing two –
occasionally three – DES keys, giving a key size of either 112 or 168
bits.
• Most implementations of 3DES use two keys to perform three
passes of encryption:
1. the first pass uses the first key in the bundle
2. the second pass re-encrypts the output of the first pass using the
second key
3. the third pass re-encrypts the output of the second pass reusing the
first key.
24. 24
The Stopgap:Triple DES
• (Less frequently, a third key is used for the third pass.)
• 3DES proved to be a relatively simple way of increasing data
security. It increased key size without requiring developers to
create a new algorithm and prove its security. 3DES quickly
became a global standard and is still found in applications as
diverse as smart cards for public transport and utilities, ‘chip and
PIN’ bank cards and protecting user data in Microsoft Outlook.
Research suggests that 3DES using a three-key bundle will remain
secure against brute force until 2030, by which time advances in
computer processing power will finally make it vulnerable.
25. 25
The replacement: the Advanced
Encryption Standard (AES)
• The US Department of Commerce began replacing DES in 1997 by
soliciting expressions of interests from cryptographers to work
alongside the government in developing a new encryption
standard, unimaginatively called the Advanced Encryption
Standard (AES).
26. 26
Meet Alice and Bob
• From now on, we are going to follow a pair of fictional characters
known as Alice and Bob: two people struggling to have a secret
conversation. Alice and Bob, occasionally joined by further
characters, were created by the cryptographer Ron Rivest in 1976
to explain cryptographic principles. A third character in this story is
the eavesdropper Eve, who desperately wants to know what Alice
and Bob are saying.
• Until relatively recently, symmetric encryption was thought to be
the only way of encrypting data. Before encrypted data could be
exchanged, a shared symmetric key had to be generated and
shared between Alice and Bob.This creates two related problems:
27. 27
Meet Alice and Bob
Alice and Bob could meet, generate the key and each leave with a
copy. This might be inconvenient or even dangerous if Eve became
aware of the meeting.Alternatively;
Either Alice or Bob would generate two copies of the symmetric key.
They would keep one key and send the copy to the other person. Not
only must Alice and Bob trust one another, but one copy of the key
could be lost; or stolen or copied by Eve when it is in transit.
• Together, these shortcomings are known as the apparently insoluble
key distribution problem.
• However, between 1969 and 1976, at least three groups of
mathematicians independently discovered how to make the key
distribution problem irrelevant.
• They named their algorithm ‘non-secret encryption’, but it is now called
asymmetric cryptography or public-key cryptography.
28. 28
How Asymmetric Cryptography
Works?
• Asymmetric cryptography sidesteps the key distribution problem
by having each user create two keys:
1. the private key that the key owner must keep safe and never
distribute.
2. the public key which can be sent to anyone with whom they
want to exchange encrypted information.
• Together, the keys are known as a key pair. Unlike symmetric
encryption, where a single key performs both encryption and
decryption, each asymmetric key has a different purpose:
The private key is the only key that can decrypt files encrypted
with the corresponding public key.
The public key is the only key that can decrypt ciphertext
encrypted using the corresponding private key.
29. 29
How Asymmetric Cryptography
Works?
• The value of one key in a pair cannot easily be determined from
the other. Even if Alice’s public key falls into Eve’s hands, Eve can’t
recreate Alice’s private key. Therefore, the public key can be just
that – public. Public keys can be distributed by insecure methods,
such as email or by posting them to internet public key chain
servers.
• Anyone wanting to send an encrypted message to Alice uses a
copy of her public key to secure the message. The encrypted
message can only be decrypted using Alice’s private key, which she
never shares.
30. 30
Exchanging Secrets Using
Asymmetric Cryptography
• Let’s have the below scenario:
1. Alice will encrypt a message to Bob using public-key
cryptography. She first needs a copy of Bob’s public key. Alice
can either ask Bob to attach his key to an email, or she can
request a copy of Bob’s public key from a public key chain
server located on the internet.
2. After composing the message, Alice encrypts the plaintext
using her copy of Bob’s public key and sends him the
ciphertext.
3. When Bob receives the ciphertext, he uses his private key,
which has remained safe in his care, to decrypt the ciphertext
and recover the original plaintext.
31. 31
Asymmetric Key Strength
• Unlike symmetric keys, which are rarely longer than 256 bits,
asymmetric keys are typically very large – usually 1,024, 2,048 or
4,096 bits long. Despite their greater length, differences in the
underlying mathematics mean asymmetric keys are not
appreciably more secure than much shorter symmetric keys.
Whilst we can say a 4,096-bit asymmetric key is more secure than
a 1,024-bit asymmetric key, it is much harder to judge its security
relative to symmetric keys.
32. 32
AsymmetricVersus Symmetric Encryption
It is tempting to think that asymmetric encryption’s ability to avoid the key
distribution problem means it can entirely replace symmetric encryption.
In fact, almost all encryption is performed using symmetric encryption
for the following reasons:
1. Symmetric encryption is fast.
Most modern CPUs can perform one or more forms of symmetric
ncryption in hardware. Symmetric encryption can also be performed
in software at very high speed, even on modest computers.
2. It uses small keys.
Generating and using symmetric keys is relatively quick compared to
creating and using the much larger asymmetric keys.
3. It is well-suited to encrypting any amount of data.
Unlike asymmetric encryption, symmetric encryption can encrypt data even
if the final file size is unknown – such as encrypting an internet telephone call
whose length is not necessarily known at the outset.
• Rather than treating asymmetric encryption as ‘better’ than symmetric
encryption, the two forms of encryption complement one another.
33. 33
Using AsymmetricCryptography to
Authenticate Data
• Asymmetric cryptography not only protects data, but it can also be
used to uniquely identify the author of a piece of data. Asymmetric
cryptography allows creators to ‘sign’ their data using the unique
properties of asymmetric keys.
• A public key can only decrypt ciphertext encrypted with the
corresponding private key, so whoever created the ciphertext must
hold the private key. The data has been ‘signed’ by the holder of
the private key.
• In practice, because asymmetric cryptography is computationally
expensive and time-consuming, it is normal to encrypt the
relatively small hash of a document, rather than the document
itself.The encrypted hash is called a digital signature.
34. 34
A Simple Digital Signature
• Imagine Alice wants to send a confidential business document to Bob. Both
Alice and Bob need to be confident Eve has not tampered with the document
in route:
1. Alice hashes the document and encrypts the hash using her private key
to produce a digital signature.
2. Alice attaches the digital signature and the document to her email to
Bob.
3. Bob decrypts the digital signature using Alice’s corresponding public key,
revealing the hash.
4. Bob uses the same hashing algorithm as Alice to hash his copy of the
document. He then compares his hash with that from the signature.
5. If the two hashes are identical, then both Bob and Alice can be confident
that the document has not changed in transit.
35. 35
Alice Bob
M
M
H(M)
KB : : KA
𝑲𝑩
𝑲𝑨
{𝑴}𝑲𝑩
{𝑯(𝑴)}𝑲𝑨
{𝑯(𝑴)}𝑲𝑨
, {𝑴}𝑲𝑩
{𝑴}𝑲𝑩
{𝑯(𝑴)}𝑲𝑨
M
H(M)
H(M)
=?
Alice sent the message
Yes
A Simple Digital Signature
36. 36
Bob
KB : : KA
𝑲𝑩
{𝑯(𝑴)}𝑲𝑨
, {𝑴′}𝑲𝑩
{𝑴′}𝑲𝑩
{𝑯(𝑴)}𝑲𝑨
M’
H(M)
H(M’)
H(M) ≠ H(M’)
𝑲𝑨
{𝑯(𝑴)}𝑲𝑨
, {𝑴}𝑲𝑩
But, why Eve has not simply replaced
{𝑯(𝑴)}𝑲𝑨
by {𝑯(𝑴′)}𝑲𝑨
?
M’ is not originated
from Alice!
A Simple Digital Signature
37. 37
Digital Certificates (public-key
Certificates)
• Eve’s deception succeeded because there was no way for Alice to
determine if the key came from Bob, or, as it turned out, was fake.
Eve’s scheme would fail if genuine keys were authenticated by a
trusted third party, the Certification Authority.
• A Certification Authority (CA) acts as a trusted third party with
the role of issuing digital certificates that bind individuals’
identities to their public keys.
38. 38
Digital Certificates (public-key
Certificates)
A digital certificate will typically include:
• A copy of the public key
• Information about the owner of the key: the owner’s name,
etc.
• Information about the digital certificate: a serial number,
expiry date, etc.
• Information about the CA itself: CA name, its own digital
signature, etc.
39. 39
SecureWeb Connections
• Web traffic is not encrypted by default; instead, web pages are
transmitted as plaintext and can be intercepted. Obviously, this
lack of security was a problem to the pioneering online shopping
companies. Some of the first online shops allowed customers to
browse online catalogues but only accepted telephone payments –
which were probably just as insecure.
TLS/SSL:Transport Layer Security/Secure Sockets Layer
TLS/SSL is used in the majority of web browsers and forms the basis
of the HTTPS protocol.
The servicesTLS/SSL provides are:
Data encryption,
Client authentication using username and password or username
and token, or digital certificate,
Server authentication,
Data integrity.
40. 40
Summary
• This part concentrated on the principal technologies that allow us
to securely exchange information over an insecure network. We
began by revisiting hashing, a technology first introduced as a way
of protecting passwords from attackers. However, even hashing
cannot guarantee password security, so we discussed improving
password security through the concept of salting and by
encrypting password data.
• Following on from hashing, we studied encryption concepts and
several different encryption algorithms which can be broadly
divided into symmetric and asymmetric technologies. Important
ideas, such as the requirement to have sufficiently long keys to
defeat brute-force attacks and the key distribution problem, were
all discussed.