Security in

Computing,
Fifth Edition
Topic 3: Asymmetric
Cryptography
Chapter 12: Details of
Cryptography

Digital Signature Lab

1
Introduction to Computer Security November Slide
©2004 Matt Bishop 1, 2004 #8-2
 Chapter 12 Objectives

 Learn basic terms and primitives of

cryptography
 How encryption algorithms work
 Study the RSA asymmetric encryption
algorithm
 Compare message digest algorithms
 Explain the math behind digital signatures
 Learn the concepts behind quantum
cryptography

3
Methods of Cryptanalysis

 Break (decrypt) a single message

 Recognize patterns in encrypted messages
 Infer some meaning without even breaking the
encryption, such as from the length or frequency of
messages
 Easily deduce the key to break one message and
perhaps subsequent ones
 Find weaknesses in the implementation or environment
of use of encryption by the sender
 Find general weaknesses in an
encryption algorithm
4
 Cryptanalysis Inputs

 Ciphertext only
 Lookfor patterns, similarities, and discontinuities
among many messages that are encrypted alike
 Plaintext
and ciphertext, so the cryptanalyst
can see what transformations occurred
 Known plaintext
 Probable plaintext
 Chosen plaintext

5
 History

 Cryptanalysis of Polyalphabetic Cipher

 Charles Babbage: 1st Cryptanalyst
 1854 – He found that the critical weakness in a
polyalphabetic was the short and repetitive nature
of the key.
 Freidrich Kasiski
 1863 – published Die Geheimschriften und die
Dechiffrierkunst that was first published account of
deciphering polyalphabetic ciphers, especially the
Vigenère cipher. 6
 History (continue)

 Babbage/Kasiski Test
Ciphertext:

DYDUXRMHTVDVNQDQNWDYDUXRMHARTJGWNQD
Look for repeated groups of letters and count the number of
letters between the beginning of each group.
 Factor the numbers. If there are similarities, that is the length
of the key.
 If the keyword is N letters long, then every Nth letter must be
enciphered using the same letter of the keytext. Grouping
every Nth letter together, it is possible to use frequency
analysis to decipher message.

7
 History (continue)
One-Time Pads
 Developed in 1917 by Gilbert Vernam, an AT&T Bell Labs engineer.
 OTP is an encryption algorithm where the plaintext is combined with a
random key that is as long as the plaintext so that it’s used only once.
 OTP proven unbreakable by Claude Shannon, a fellow engineer at Bell
Labs who provided a proof in his information theory.

8
One-Time Pads

This is a diagram of the Vernam

cipher, a type of one-time pad.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN:

9
9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
History (continue)
 WWII Innovations
 Electromechanical
rotor machines that
worked with any
combination rotors
 Enigma famous for
its messages that
were decrypted by
Allied forces –
intel known as ULTRA.
10
 Attacks

 Topic 1 Video: Anatomy of an attack-

Be sure to view
 Opponent whose goal is to break
cryptosystem is the adversary
 Assume adversary knows algorithm used,
but not key
 Three types of attacks:
 ciphertext only: adversary has only
ciphertext; goal is to find plaintext, possibly
key
 known plaintext: adversary has ciphertext,
corresponding plaintext; goal is to find key
 chosen plaintext: adversary may supply
plaintexts and obtain corresponding
ciphertext; goal is to find key
Midway Example: WWII

Introduction to Computer Security November Slide

©2004 Matt Bishop 1, 2004 #8-12
 Basis for Attacks

 A good cryptosystem protects against all three types of

attacks.
 Attacks use both mathematics and statistics
 Mathematical attacks: Attack Algorithm
 Based on analysis of underlying mathematics
 Statistical attacks: Attack the process
 Make assumptions about the distribution of letters,
pairs of letters (digrams), triplets of letters (trigrams),
etc.
 Called models of the language
 Examine ciphertext, correlate properties with the
assumptions.
Cryptography/
Cryptology

 Theprocess of
concealing the
contents of a
message from all
except those who
know the KEY
 UsesCodes
and Cyphers

November Slide
1, 2004 #8-14
 Cryptographic Primitives:
Basic Techniques
 Substitution: Topic 2
 One set of bits is exchanged for another
 Transposition: Topic 2
 Rearranging the order of the ciphertext to break any
repeating patterns in the underlying plaintext
 Confusion
 An algorithm providing good confusion has a complex
functional relationship between the plaintext/key pair and
the ciphertext, so that changing one character in the
plaintext causes unpredictable changes to the resulting
ciphertext
 Diffusion
 Distributes the information from single plaintext characters
over the entire ciphertext output, so that even small
changes to the plaintext result in broad changes to the
ciphertext
Public Key & Private Key

 https://www.youtube.com/watch?v=ERp8420ucGs

Introduction to Computer Security November Slide

©2004 Matt Bishop 1, 2004 #8-16
 Requirements

1. It must be computationally easy to encipher or

decipher a message given the appropriate key
2. It must be computationally infeasible to derive
the private key from the public key
3. It must be computationally infeasible to
determine the private key from a chosen
plaintext attack

November Slide
1, 2004 #8-17
Public Key Cryptography

 Two keys
 Private key known only to individual
 Public key available to anyone
Public key, private key inverses
 Idea
 Confidentiality: encipher using public
key, decipher using private key
 Integrity/authentication: encipher
using private key, decipher using
public one
 Asymmetric
Cryptography

First proposed in 1976

 "New Directions in Cryptography" Witfield Diffie &
Martin Hellman, researchers at Stanford University,
first publicly proposed asymmetric encryption
• Proposed Public Key encryption
• Did not produce an algorithm
• Discussed Digital Signatures
• Outlined a method of sharing encrypted keys
20

over a public network

Asymmetric-Key
Encryption
 Uses a key pair in the encryption process rather
than the single key used in symmetric-key
encryption
 A key pair is a mathematically matched key set in
which one half of the pair encrypts and the other
half decrypts
 What A encrypts, B decrypts; what B encrypts, A
decrypts
 The two keys in the pair are, in effect, two sides of
the same coin
 Examples of Asymmetric-
Key Encryption: PGP
 Although the key pair is related, it is difficult (if not impossible) to derive the value of
the private key from the public key- similar to going up through a trap door
 Asymmetric Cryptography

 https://www.youtube.com/watch?v=3QnD2c4Xovk

Introduction to Computer Security November Slide

©2004 Matt Bishop 1, 2004 #8-23
Secret Key vs. Public Key
Encryption

24
 Sending Messages:
Encrypting Email
 When using asymmetric-key
encryption to send a secret to X,
encrypt the secret with X's public
key, then send the encrypted text
 When X receives the encrypted text,
X will decrypt it with a private key
 Anyone who intercepts the
encrypted text cannot decrypt it
without X's private key—this is true
even if they have X’s public key
 Encrypting Internet Traffic

 Whenever a Web browser uses SSL/TLS, it is using

asymmetric-key encryption
 SSL/TLS, IPsec and LDAP
 SSL: Secure Socket Layer (older); TLS: Transport
Layer Security-newer and preferred for web
 IPsec: works at network layer so it encrypts for
transport AND encapsulates IP Packets
 LDAP: used to connect to, search, and modify
Internet directories
 Asymmetric-key encryption is good for data
confidentiality, data integrity, and non-repudiation
 Encrypting Files and
Folders
 You can hide files on any operating system, but hidden files
can be accessed by anyone with access to your PC or its
storage.
 Encryption actually protects your files, preventing people
from accessing them without your encryption key.
 The Encrypting File System (EFS) on Microsoft Windows is a
feature that provides filesystem-level encryption.
 The technology enables files to be transparently encrypted
to protect data from attackers with physical access to the
computer.
 Ubuntu includes built-in support for encryption, and so do
many other Linux distributions.
 A Recovery Agent can be installed on the network to
decrypt data and messages if the user’s private key is no
longer available.
Air Force Friday: Cyber
Range
Elements Used in Asymmetric-Key
Encryption
 Elements that can be used in asymmetric-key encryption
 Diffie-Hellman
 RSA
 El Gamal
 DSA
 Elliptic Curve Cryptography (ECC)
 Benefits
 Secure key exchange
 Data can be encrypted strongly
 Drawbacks
 Slow, processor-intensive encryption
 Usually, asymmetric-key encryption is used to encrypt small amounts
of data, such as symmetric keys (which are in turn used to encrypt
large amounts of data, such as e-mail messages and attachments)
 Asymmetric
Cryptography

 The RSA Algorithm

 “AMethod for Obtaining Digital Signatures and
Public-Key Cryptosystems” published in 1978
• Proposed by Rivest, Shamir, and Adleman
• Called RSA after the authors
• Used a computationally difficult problem
• C = Me( mod N ) 30

• Breaking requires factoring of large

RSA

 Exponentiation cipher
 Relies on the difficulty of determining
the number of numbers relatively
prime to a large integer n
 256

Slide
#8-31
 Asymmetric Cryptography
 The Elgamal Algorithm
 "A public key cryptosystem and a signature
scheme based on discrete logarithms" -- 1985
• Proposed by Taher Elgamal

ElGamal encryption
consists of three
components: the key
generator, the encryption
algorithm, and the
decryption algorithm.
32
 Asymmetric
Cryptography
 RSA being first...
 Was used for all public key applications
• Secure Socket Layer (SSL)
• Pretty Good Privacy (PGP)
 Elgamal later...
 Replaced RSA in PGP
• Better implementation of Diffie-Hellman
• Key exchange
• Signatures

33
Asymmetric
Cryptograp
hy

The present
 RSA still used for SSL
• SSL Requires few key generations
 Elgamal
• Selected as the Digital Signature Standard
(DSS)
• Replaced RSA as default in PGP
 Implementation of PKI
• Public Key Infrastructures (PKI)
• Generally uses RSA
34
• Provides secure communications across
networks
 Applied Encryption:
Digital Signature Lab
 Digital signature: a unique identifier that authenticates a message,
 A digital signature combines a private key generated by an
asymmetric-key algorithm (e.g., RSA or DSA) and hash encryption
(e.g., SHA-1, MD5, or HMAC) for integrity
 In cryptography, a keyed-hash message authentication code
(HMAC) is a specific type of message authentication code
(MAC) involving a cryptographic hash function (hence the 'H')
in combination with a secret cryptographic key.
 Hash encryption is used to verify data has not changed
 The MD5 algorithm is a widely used hash function producing a
128-bit hash value.
 Services provided by digital signatures
 Authentication, Non-repudiation, Data integrity
 Digital signatures do not provide data confidentiality
 Certificate Authority &
Digital Certificates

A certificate is a public key and an identity

bound together and signed by a certificate
authority (CA).
 AnRSA-based private key is generated first,
and then a matching public key is created
from it by the CA
 CA also manages the Certificate Revocation
List (CRL) and is used to validate certificates
 OCSP (Online Certificate Status Protocol) is
an alternative to using CRLs to validate trust
37
Asymmetric Cryptography Future
 Continued deployment of PKI
 Development of Elliptic Curve algorithms
 Note key strengths in chart
 RISE of Quantum Cryptography

40
 Elliptic
Curve
Cryptograph
y
 Elliptic curve cryptography (ECC) is an approach
to public-key cryptography based on the algebraic
structure of elliptic curves over finite fields.
 One of the main benefits in comparison with non-
ECC cryptography (with plain Galois fields as a
basis) is the same level of security provided by
keys of smaller size.
 for example, a 256-bit ECC public key should
provide comparable security to a 3072-bit RSA
public key.
 Used in small wireless devices
 ECDHE: Elliptic Curve Diffie Helman Ephemeral-
used to generate encryption keys
 NIST & NSA

 The U.S. National Institute of Standards and Technology

(NIST) has endorsed ECC in its Suite B set of recommended
algorithms, specifically Elliptic Curve Diffie–Hellman (ECDH)
for key exchange and Elliptic Curve Digital Signature
Algorithm (ECDSA) for digital signature.
 The U.S. National Security Agency (NSA) allows their use for
protecting information classified up to top secret with 384-
bit keys, which is equivalent to 7680-bit RSA key.
 However in August 2015, the NSA announced it plans to
replace Suite B with a new cipher suite due to concerns
about quantum computing attacks on ECC
Asymmetric Cryptography
 The Problems
 Not provably secure
• Considered computationally secure
 Will require larger and larger keys
• Increasing computational power
 Theoretical attacks possible
• RSA bad key generation
 Quantum computing
• Will probably obsolesce public key 44

technology
 Quantum Computing

 Will we ever have the amount of computing power we

need or want? If, as Moore's Law states, the number of
transistors on a microprocessor continues to double every
18 months, the year 2020 or 2030 will find the circuits on
a microprocessor measured on an atomic scale.
 And the logical next step will be to create quantum
computers, which will harness the power of atoms and
molecules to perform memory and processing tasks.
Quantum computers have the potential to perform certain
calculations significantly faster than any silicon-based
computer.
 Quantum Computing

 2013: Google introduces the Quantum AI

Lab
 2015: Google gets a major upgrade to its
D-Wave brand quantum computer
 Sept 2015: Google, NASA using quantum
computing to push A.I., machine learning
 D-Wave Systems, a quantum computing
company based in Burnaby, British
Columbia, announced that it had signed a
deal to install a succession of D-Wave
systems at NASA’s Ames Research Center
in Moffett Field, California. NASA and
Google on Wednesday also confirmed the
deal.
 Quantum Cryptography

 Based on Quantum Physics and Photons (the smallest measure

of light)
 Transmits an encryption key as a series of photons
 Quantum cryptography is the use of quantum mechanical
properties to perform cryptographic tasks.
 The best known example of quantum cryptography is quantum
key distribution which provides a solution to the breaking of
various popular public-key encryption and signature schemes
(e.g., RSA and ElGamal).
 Summary

 Substitution, transposition, confusion, and diffusion are the basic

primitives of cryptography
 DES is a relatively simple symmetric algorithm that, although no
longer practical, is useful for studying technique
 AES remains the modern standard for symmetric encryption
almost 20 years after its introduction
 RSA is a popular and deceptively simple algorithm for
asymmetric cryptography
 Message digests use one-way cryptographic hash functions to
detect message modification
 Digital signatures use asymmetric encryption to detect forged
messages
 While not yet ready for mainstream use, quantum cryptography49
will likely be a significant improvement over modern encrypted
communication
Topic 3 Quiz Goes Live at 3 PM!