Security

Md. Ferdouse Ahmed Foysal

CSE334 Daffodil International University
Security

• Security issues are critical for the success of Pervasive Computing. Because
Pervasive Computing and mobile e-business may provide millions of
people with the power to move trillions of dollars in goods or money by a
few mouse clicks, the security of e-business transactions is a top priority.
• The new challenges that appear when business is moved from traditional
stores to mobile devices connected to the Internet.
The Importance of Security

Authentication:
• A merchant must know the identity of the customer and the recipient of a
message, a command, or an order should know the identity of the sender.
• Imagine you can control heating at home over the Internet, in this case you
better make sure that only you, or other authorized persons, can turn on or
off the heat and not anybody else surfing around in the Internet.
• This challenge is met using cryptographic methods to authenticate persons
or messages.
The Importance of Security

Integrity:
• The recipient of a document should be able to recognize if a document or
message was altered during transmission. It wouldn’t be good if anybody
could increase or decrease the number of shares in a stock order sent to an
e-broker by changing the message content. At least the e-broker should be
able to check if the message was altered or not.
The Importance of Security

Privacy:
• The exchange of data between two individuals, for example the merchant
and the customer, should in most cases be kept secret. No unauthorized
party should be able to read or copy such a communication. This challenge
is met using encryption.
Solution???

• Cryptography can help to address all these challenges. It can be used to

authenticate persons and transactions, to get secure access to data or
services, and to protect the privacy of communication.
What is Cryptography?

• Cryptography, or cryptology, is the practice and study of techniques for secure

communication in the presence of adversarial behavior.
• Cryptographic algorithms are used to encrypt information in a form that cannot be read or
altered by third parties.
• The sender of the information encrypts the data using a key, the recipient of the data
decrypts the data back into a usable form by applying a second cryptographic operation
also using a key.
Cryptographic Patterns and Methods

Cryptographic algorithms can be divided into two groups:

• Symmetric Algorithms.
• Asymmetric Algorithms.
Symmetric Cryptographic Algorithms

• Symmetric cryptographic algorithms, also known as secret key algorithms,

are characterized by the fact that the sender and the receiver use the same
key to encrypt and decrypt the data.
Symmetric Cryptographic Algorithms

• Compared to asymmetric algorithms, symmetric cryptography is fast and

it can be used to encrypt and decrypt a large amount of data. To keep the
communication secret, only the sender and the receiver of the information
should know the key that was used to encrypt the data.
Symmetric Cryptographic Algorithms

Symmetric cryptographic algorithms can be divided into two groups, based

on the way the data is processed:
• Block-cipher algorithms
• Stream-cipher algorithms
• Cipher is another word for encrypt. Block-cipher algorithms split the data
into blocks with fixed length. The last block is padded, if necessary. Today, a
block length of 64 bit is usually used. Systems based on stream-cipher
algorithms encrypt each byte separately.
• Today, only block-cipher algorithms are standardized in the industry; thus
they are the ones that are used in most situations.
Asymmetric Cryptographic Algorithms

• Asymmetric cryptographic algorithms, also know as public key algorithms, were

developed to solve the key distribution problem that every user of symmetric
cryptography has.
• In 1976, Whitfield Diffie and Martin Hellman developed the Diffie-Hellman
algorithm, the base for today‘s public key systems.
Asymmetric Cryptographic Algorithms

The main areas of use for asymmetric cryptography are

• The distribution of keys,
• The generation of digital signatures, and of course
• The encryption and decryption of information.
Asymmetric Cryptographic Algorithms

• According to the concept of Diffie-Hellman, everybody has two keys, a

public and a private one. The public key is accessible by the public and can
be requested from a Trusted Third Party. This Trusted Third Party
guarantees that a specific public key really belongs to that specific person.
The private key stays with the owner of the key and should be kept in
secret.
• A smart card is for example an ideal device for securely storing private
keys. It can generate the signatures or the encrypted data on the card in a
way that the private key never has to leave the card.
How Secure Is an Algorithm?

• The security of a cryptographic algorithm of course depends on the algorithm

itself, but generally the security of an algorithm increases with the length of the
key used.
• A brute-force attack can always be used to break an encryption. To break DES with
a key length of 56 bit, somebody would have to test up to 256 possible keys
before the right one is found. In 1998, it took for example 56 hours before a DES
cracking machine found the key used [http://www.rsa.com/raslabs/ des2/].
• The key length used to encrypt data should be increased regularly to keep up with
increasing computing power. DES, with only 56 bit is in the meantime considered
as too weak to protect important data. The US government for example has been
using TripIe DES, instead of DES, since November 1998 and will switch to AES, as
soon as it is available. For symmetric crypto systems, a key length of 128 bit
should be used today.
Cryptographic Tools

• There are several ways cryptography is used to secure operations and data.
The following section highlights the most important ones.
Hash

• A hash function is a one-way function that generates a fixed-length string. the hash, out of
a given input. A one-way function is a function that is hard to invert. Due to this
characteristic. the hash of a document is also sometimes called the message digest or
digital fingerprint. A hash is often attached to a document which is transferred to the
recipient. The recipient then uses the same hash function to generate a hash himself. If this
hash and the received hash are not identical, then the data was changed during
transmission.
Message Authentication Code (MAC)

• A MAC is an authentication tag or checksum computed by applying a secret

key to a message. The MAC is always verified using the same key. The
generation of a MAC can be based on a hash function, on a stream-cipher or
on a block-cipher algorithm. In the Internet, MACs are often generated using
the MD5 algorithm.
Digital Signature

• The signature on a contract or a letter shows and guarantees to the

recipient the identity of the sender. Today. more and more data. orders. or
emails are transmitted electronically. but most of the recipients today just
have to trust that the data is coming from the person listed as the sender. It
is quite simple to fake an email by attaching a wrong sender address.
Digital Signature

• Digital Signatures enable the recipient to verify the identity of the sender
and the origin as well as the integrity of the document.
• Digital Signatures are based on asymmetric cryptographic algorithms. The
documents are signed with the private key of the sender. The recipient can
take the sender’s public key, which is provided to him by a Trusted Third
Party, and validate the integrity of the document he received.
Symmetric Algorithms

• Data Encryption Standard (DES)

• Triple DES
• Advanced Encryption Standard (AES)
• RC2, RC4, RC5
Data Encryption Standard (DES)
• The Data Encryption Standard (DES) defines the Data Encryption Algorithm (DEA).
Usually, DES and DEA are used interchangeable.
• DEA is a symmetric block-cipher algorithm developed by IBM in 1974. The US
government declared DEA an official standard in 1977 and it is also defined in the
ANSI standard X9.32. A lot of experts have studied DES extensively in searching for
ways to break it, but no practical and fast way was found so far.
• Brute-force attacks or exhaustive key searches can be used to attacks break
almost every cryptographic algorithm, by simply trying each key until the correct
one is found. On the average half of the possible keys have to be tested to have
success. At the time DES was developed, it was considered secure against brute-
force attacks. Building systems that could find the correct key using this technique
in a reasonable time was too expensive at that time. Computing power has
tremendously increased since the mid-seventies and therefore DES protects the
data today no longer than for a few hours.
Data Encryption Standard (DES)

• DES uses a key length of 64 bits containing 8 parity bits; therefore the
actual key size is only 56 bits. The DES block length is 64 bits. It operates in
two modes: electronic codebook mode (ECB) and cipher block chaining
mode (CBC).
ECB

• Electronic Codebook
• ECB encrypts each block separately. Therefore the blocks can be encrypted
or decrypted in parallel, which leads to a better performance.
CBC

• Cipher Block Chaining

• In the CBC mode, each block is combined
with the encrypted previous block using
an XOR operation, before this block is
encrypted. This has the advantage that the
same plain text block results in another
encrypted block, depending on the text
that was encrypted before. To start the
encryption, the first block is combined
with the Initial Chaining Vector.
Triple DES

• Triple DES makes encryption with DES more secure by applying three DES
operations to the same plain text. The following four variations have been
used in practice:
• DES-EEE3: The input data is encrypted three times using the same key each
time.
• DES-EEE2: It is similar to DES-EEE3, but during the second encryption
operation, a different key is used.
• DES-EDE3: The data is first encrypted, then decrypted, and finally
encrypted again, using a different key each time.
• DES-EDE2: It is similar to DES-EDE3, but now the key for the first and the
third encryption operation is the same.
Advanced Encryption Standard (AES)

• Because DES is getting closer to the end of its secure lifetime, the National
Institute of Standards and Technology (NIST) started looking for a
successor of DES in January of 1997. Currently, the NIST is still evaluating
the proposed algorithms, and it is unlikely that AES will be announced
before 2001.
RC2, RC4, RC5

• These algorithms were developed by Dr. Ronald L. Rivest for RSA Data Security and RC
stands for “Rivest’s Cipher”.
• RC2 is a block-cipher algorithm, which works with a variable key length. Therefore the
strength of the encryption and the performance of the encryption operation can be varied
by the key length used. With a shorter key, the performance is better, but the encryption is
less strong. RC2 has a better performance compared to DES, but the algorithm is the
property of the company RSA Data Security and was not published. This has the
consequence that it wasn’t possible to analyze and test the algorithm as thoroughly as it
was done for DES. Therefore the risks and problems of the algorithm are not known.
• RC4 is a stream-cipher algorithm with variable key length that needs about 8 to 16
operations for each output bit. RC5 is, as RC2, a block-cipher algorithm with variable key
and block length.
Asymmetric Algorithms

• Rivest Shamir Adleman (RSA)

• Digital Signature Algorithm (DSA)
• Elliptic Curve Cryptography (ECC)
• MD2, MD4, and MD5
• Secure Hash Algorithms (SHA & SHA- 1)
Rivest Shamir Adleman (RSA)

• The RSA algorithm is the most widely used asymmetric cryptographic

algorithm today. Ron Rivest, Adi Shamir, and Leonard Adleman developed it
in 1977. RSA Data Security acquired the patent, which protects the
implementation of RSA till September 20th 2000.
• RSA is this popular because the algorithm is quite easy to understand and
to implement. The only disadvantage is the slow performance compared to
symmetric algorithms, as we mentioned before. In practice, most systems
use RSA for the generation of digital signature and for the distribution of
symmetric keys.
• Today, a key length of 1024 bit is used in most systems. RSA is also
referenced as one of the possible cryptographic algorithms in several
standards, like SMIME, IPSec, TLS (the successor of SSL), and PKCS.
Digital Signature Algorithm (DSA)

• The National Institute for Standards and Technology (NIST) published the
Digital Signature Algorithm (DSA) with a variable key length of 512 to 1024
bits, as part of the Digital Signature Standard (DSS). The US Government is
using DSS for digital authentication.
• One of the characteristics of DSA is that the generation of a signature is
faster than its validation. In contrast, RSA can validate signatures faster
than generating them.
Elliptic Curve Cryptography (ECC)

• Vietor Miller (Mi186) and Neal Koblitz (Kob87) were the first to propose the
elliptic curve algorithm in the mid-80s. ECC provides the same security as
other public key algorithm with a shorter key length. In pervasive devices
with limited memory and computing power, ECC could be an alternative to
other public key systems, like e.g. RSA. Some of the most effective
implementations of ECC are paten ted by a company called Certieom. That
makes the widespread adoption of ECC somewhat more difficult. With the
fast growing number of pervasive devices, ECC will also be more widely
used. ANSI is currently working on standardizing ECC as part of ANSI X9.62
for digital signatures and ANSI X9.63 for key agreement.
MD2, MD4, and MD5

• Rivest developed MD2, MD2, and MD5 for RSA Data Security. MD2 is
optimized for 8-bit computing platforms, MD4 and MD5 for 32-bit
processors. MD5 is a more secure version of MD4, which makes it on the
other hand a little bit slower.
• MD5 first splits the message into 512 bit blocks and generates in three steps
a 128 bit hash.
Secure Hash Algorithms (SHA & SHA- 1)

• The Secure Hash Algorithm (SHA) was standardized in the Secure Hash
Standard (SHS) and published by the US government as a “federal
information processing standard”. SHA-1 is an improved version of SHA.
• The algorithm is used to generate a 160-bit Message Authentication Code
(MAC) from a message that should not be longer than 264 bit. Compared to
MD-5, the algorithm is a little bit slower, but due to its longer MAC, it is
more secure against brute-force attacks.
Acknowledgements

These slides contain material developed and copyright by:

• Pervasive Computing Handbook - Uwe Hansmann