ñòð. 3 |

Compare and contrast Symmetric and Asymmetric Key Cryptography

CISSP Seminar:

SYMMETRIC KEY:

Also known as private key, single key, secret key

Key shared by originator and receiver

Computational efficiency advantage

1-100 million bits/sec.

Data Encryption Standard (DES)

ASYMMETRIC KEY:

Also known as public key

Uses 2 asymmetric keys

One to encrypt and one to decrypt

Computationnally slow

Few thousand bits/sec. (early versions)

Rivest-Shamir-Adleman (RSA) algorithm

Related to known mathematical problem

Difficulty factoring product of 2 large prime numbers

RSA Crypto FAQ:

There are two types of cryptosystems: secret-key and public-key.

In secret-key cryptography, also referred to as symmetric cryptography, the same key is used for both encryption and decryption. The most popular secret-key cryptosystem in use today is known as DES, the Data Encryption Standard. IBM developed DES in the middle 1970's and it has been a Federal Standard ever since 1976.

In public-key cryptography, each user has a public key and a private key. The public key is made public while the private key remains secret. Encryption is performed with the public key while decryption is done with the private key.

The RSA public-key cryptosystem is the most popular form of public-key cryptography. RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem.

The Digital Signature Algorithm (DSA) is also a popular public-key technique, though it can only be used only for signatures, not encryption.

The primary advantage of public-key cryptography is increased security and convenience: private keys never need to be transmitted or revealed to anyone. In a secret-key system, by contrast, the secret keys must be transmitted (either manually or through a communication channel) since the same key is used for encryption and decryption. A serious concern is that there may be a chance that an enemy can discover the secret key during transmission.

Another major advantage of public-key systems is they can provide digital signatures that cannot be repudiated. Authentication via secret-key systems requires the sharing of some secret and sometimes requires trust of a third party as well. As a result, a sender can repudiate a previously authenticated message by claiming the shared secret was somehow compromised by one of the parties sharing the secret. For example, the Kerberos secret-key authentication system involves a central database that keeps copies of the secret keys of all users; an attack on the database would allow widespread forgery. Public-key authentication, on the other hand, prevents this type of repudiation; each user has sole responsibility for protecting his or her private-key. This property of public-key authentication is often called non-repudiation.

A disadvantage of using public-key cryptography for encryption is speed. There are many secret-key encryption methods that are significantly faster than any currently available public-key encryption method. Nevertheless, public-key cryptography can be used with secret-key cryptography to get the best of both worlds. For encryption, the best solution is to combine public and secret-key systems in order to get both the security advantages of public-key systems and the speed advantages of secret-key systems. Such a protocol is called a digital envelope.

Public-key cryptography may be vulnerable to impersonation, even if users' private-keys are not available. A successful attack on a certification authority will allow an adversary to impersonate whomever he or she chooses by using a public-key certificate from the compromised authority to bind a key of the adversary's choice to the name of another user.

In some situations, public-key cryptography is not necessary and secret-key cryptography alone is sufficient. These include environments where secure secret key distribution can take place, for example, by users meeting in private. It also includes environments where a single authority knows and manages all the keys, e.g., a closed banking system. Since the authority knows everyone's keys already, there is not much advantage for some to be "public" and others "private." Also, public-key cryptography is usually not necessary in a single-user environment. For example, if you want to keep your personal files encrypted, you can do so with any secret-key encryption algorithm using, say, your personal password as the secret key. In general, public-key cryptography is best suited for an open multi-user environment.

Public-key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure. The first use of public-key techniques was for secure key establishment in a secret-key system [DH76]; this is still one of its primary functions. Secret-key cryptography remains extremely important and is the subject of much ongoing study and research.

Identify Types of Encryption Systems

CISSP Seminar:

Classical substitution ciphers

Transposition (permutation) ciphers

Polyalphabetic Ciphers

Running key ciphers

Concealment

Digital System

Codes

Machines

One-Time pad

DES/Clipper

Double/Triple DES

Public Key

RSA

Elliptic curve

PGP

El Gamal

Diffie-Hellman

Compare and contrast Substitution ciphers and Transposition Ciphers

CISSP Seminar:

An example of substitution cipher would be the ‘’Ceasar cipher’’. In which each plaintext character is replaced by the character three to the right of modulo 26 (‘’A’’ is replaced by ‘’D’’, ‘’B’’ is replaced by ‘’E’’, and so on…

Shift alphabet Example:

A B C D E F….. BAD

D E F G H I…… EDG

Scramble Alphabet Example:

A B C D E F….. BAD

Q E Y R T M…. EQR

An example of transposition cipher would be as follows:

Position of letters permuted.

Message broken into 5-character groups

Letters rearranged

don’t give up the ship (Message)

1234512345123451234512345 (Groups of 5)

3512435124351243512435124 (The key)

n’dtoiv egp tu shhe i p (Ciphertext)

RSA Crypto FAQ:

A substitution cipher is one in which each character of the plaintext is substituted for another character of ciphertext. The receiver inverts the substitution on the ciphertext to recover the plaintext.

In a Transposition cipher the plaintext remains the same, but the order of characters is shuffled around.

Describe the concept of Polyalphabetic Ciphers

CISSP Seminar:

Uses different alphabets to defeat frequency analysis.

See example with 5 alphabets below

Example:

a b c d e f g h i (normal alphabet)

q w e r t……………. (1st alphabet)

d m s i k ………… (2nd Alphabet)

o h g x f…………… (3rd Alphabet)

z b n l a ……… (4th Alphabet)

y c v u p …… (5th Alphabet)

abcde (Plaintext)

qdozy (ciphertext)

Applied Cryptography bood, Page 10:

A polyalphabetic cipher is made up of multiple simple substitution cipher. For example, there might be five different simple substitution cipher used; the particular one used changes with the position of each character of the plaintext.

Describe the concept of Concealment Ciphers

CISSP Seminar:

The true letters of plaintext are hidden/disguised

By device or algorithm

Example: divide message

Use 1 word at a time

Have it appear as every 5th word in a sentence

Message in clear text: ‘’Buy gold’’

Message in concealment:

‘’Product is a good BUY, it has ten percent GOLD content’’

Define and describe Steganography

CISSP Seminar:

Stenography is the art of hiding communications

Deny message exists

Data hidden in picture files, sound files, slack space on floppies

I:e Least significant bits of Bitmap image can be used to hide messages, usually without material change to original file.

Applied Cryptography, Page 9:

Steganography serves to hide secret messages in other messages, such that the secret’s very existence is concealed. Generally the sender writes an innocuous message and then conceals a secret message on the same piece of paper. Historical tricks includes invisible inks, tiny pin puncture on selected characters, minute differences between handwritten characters, pencil marks on typewritten characters, grilles which cover most of the message except for a few characters, and so on. More recently people are hiding secrets in graphic image.

Describe Digital System Encryption

CISSP Seminar:

The key and message both streams of bits

Each text character = 8 bits

Each key bit XORed (exclusived-or’ed) with corresponding message bit

XOR operation yields 0 if both bits the same and 1 is different

Example:

MESSAGE STREAM 01001000

KEY STREAM 11010001

CIPHERTEXT STREAM 10011001

Define the word "Codes" as it pertains to Cryptography

CISSP Seminar:

List of words/phrases/ (codes) with corresponding random groups of numbers/letters (code groups)

Applied Cryptography, Page 9:

Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases, sentences, and so forth. For example, the word ‘’OCELOT’’ might be the ciphertext of the entire phrase ‘’Turn left 90 degrees’’, the word ‘’LOLLIPOP’’ might be the ciphertext for ‘’Turn right 90 degrees’’, and the words ‘’BENT EAR’’ might be the ciphertext for ‘’HOWITZER’’. Codes are only useful for specialized circumstances. Ciphers are useful for any circumstance. Codes are limited, if your code does not have an entry for a specific word then you can’t say it, you can say anything you wish using cipher.

Compare and contrast Hagelin and Rotor Cryptography Machines

CISSP Seminar:

Hagelin Machine

Combines plain text (character by character) with:

Keystream (long pseudo-random sequence)

To produce cipher text

Rotor Machines

Rotor implements cipher alphabet

Rotor connected in banks

Signal entering one end permuted by each of rotors before leaving at other end

Keyed by changing rotor variables

Rotors/order of rotors

Number of stopping pieces per wheel

Pattern of motion

Describe the use and characteristics of "One-Time-Pad" Encryption

CISSP Seminar:

Unbreakable by exhaustive search (brute force)

Random key same length as message

Only used once

Digital system key and message both bit streams

8 bits per character

Each key bit XORed with corresponding message bit

Produces ciphertext bit

Key bits XORed with ciphertext to decrypt

Describe the history of the DES Encryption

CISSP Seminar:

IBM cryptographic research (late 1960’s)

Modification of Lucifer developed by IBM

Non-linear block ciphers

IBM developed (about 1972)

NBS solucited (about 1973 and 1974)

Adopted (1977)

ANSI approved (1978)

NSA threatened decertification (1987)

NIST recertified for 5 years (1988, 1993)

Network Computing:

The most common private key encryption standard that is used is the Data Encryption Standard (DES) developed by IBM in the early 1970s. It is the de facto industry standard for cryptography systems and is the world’s most commonly used encryption mechanism. This private key system is widely deployed in financial networks including automated teller machines and point-of-sale networks. It was adopted as a Federal Information Processing Standard (FIPS PUB 46) in 1977 and as an American National Standard (ANSI X3.92) in 1981. Further clarification on the modes of use of the algorithm is contained in ANSI standard X3.106.

Describe the DES Algorithm

CISSP Seminar:

64 bit plain and cipher text block size

56 bit true key plus 8 parity bits

Seventy quadrillion possible keys

Single-Chip LSI implentation

About 50$ per unit

16 rounds of simple operations to encrypt

Transposition and substitution

Reverse to decrypt

RSA Crypto FAQ:

The DEA, also called DES, has been extensively studied since its publication and is the best known and widely used symmetric algorithm in the world.

The DEA has a 64-bit block size and uses a 56-bit key during execution (8 parity bits are stripped off from the full 64-bit key). The DEA is a symmetric cryptosystem, specifically a 16-round Feistel cipher and was originally designed for implementation in hardware. When used for communication, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to generate and verify a message authentication code (MAC). The DEA can also be used for single-user encryption, such as to store files on a hard disk in encrypted form. In a multi-user environment, secure key distribution may be difficult; public-key cryptography provides an ideal solution to this problem.

NIST has recertified DES (FIPS 46-1) every five years; DES was last recertified in 1993, by default. NIST has indicated, however, it will not recertify DES again. The development of AES, the Advanced Encryption Standard is underway. AES will replace DES.

Compare and contrast the Modes of the DES Algorithm

CISSP Seminar:

Electronic code book

64 bits data blocks entered directly into device

64 bits cipher blocks generated under key

Restricted to protection of encrypting keys and initializing vectors

Output Feedback

DES generated keystream XORed with message stream

Simulates one-time-pad

Keystream generated by DES encrypting 64 bits

initialization vector with secret key

DES output bits fed back as input to generate next segment key bits

Cipher Feedback

Device generates stream of random binary bits

Combined with plain text

Generated cipher with same number of bits as text

Cipher text fed back to form a portion of next input

Cipher Block Chaining

64 bit plain text blocks loaded sequentially

XORed with 64 bits initializing vector

Combination processed into cipher under key

First ciphertext XORed with next text block

Process continues until end of plaintext chain

RSA Crypto FAQ:

ECB - Electronic Code Book

Each block of ciphertext is encrypted independently of any other block. Therefore each ciphertext block corresponds to one plaintext block just like in a code book.

CBC - Chain Block Cipher

ECB does not protect against insertion of repeated blocks because blocks are treated independently. Another weakness is that identical plaintext blocks generate identical ciphertext blocks. To improve DES for communication streams each 64 bit block is EXORed with the previous 64 bit ciphertext before entered into the DES chip. In addition to a common secret key the sender and receiver need to agree on an initial vector to be EXORed with the first block of a messages stream.

CFM - Cipher Feedback Mode

CFM is an alternate mode for DES on 8 bit characters. The input character is EXORed with the least significant byte of the DES output and then transmitted over the

communication link. In order to collect enough bits for the 64 bit encryption block the output characters are collected in a character based shift register. Each output character advances the shift register by 8 bits and triggers a new DES encryption. Thereby the next input character will be EXORed with a new DES output. CFM is suitable for use on serial lines.

Describe the caracteristics and usage of Double/Triple DES

CISSP Seminar:

Double DES

Effective key length 112 bits

Work factor about the same as single DES

No more secure

Triple DES

Encrypt with first key

Decrypt with second key

Encrypt with first key

No successfull attack reported

RSA Crypto FAQ:

For some time it has been common practice to protect and transport a key for DES encryption with triple-DES. This means that the input data (in this case the single-DES key) is, in effect encrypted three times. There are of course a variety of ways of doing this; we will explore these ways below.

A number of modes of triple-encryption have been proposed:

DES-EEE3: Three DES encryptions with three different keys.

DES-EDE3:

Three DES operations in the sequence encrypt-decrypt-encrypt with three different keys.

DES-EEE2 and DES-EDE2:

Same as the previous formats except that the first and third operations use the same key.

Attacks on two-key triple-DES have been proposed by Merkle and Hellman [MH81] and Van Oorschot and Wiener [VW91], but the data requirements of these attacks make them impractical. Further information on triple-DES can be obtained from various sources [Bih95][KR96].

The use of double and triple encryption does not always provide the additional security that might be expected. Preneel [Pre94] provides the following comparisons in the security of various versions of multiple-DES and it can be seen that the most secure form of multiple encryption is triple-DES with three distinct keys.

# Encryptions #Keys Computation Storage Type of attack

single 1 2^56 - known plaintext

single 1 2^38 2^38 chosen plaintext

single 1 - 2^56 chosen plaintext

double 2 2^112 - known plaintext

double 2 2^56 2^56 known plaintext

double 2 - 2^112 known plaintext

triple 2 2^56 2^56 2^56 known plaintext

triple 2 2^120-t 2t 2t known plaintext

triple 2 - 2^56 chosen plaintext

triple 3 2^112 2^56 known plaintext

triple 3 2^56 2^112 chosen plaintext

Table 1: Comparison of different forms of DES multiple encryption

Like all block ciphers, triple-DES can be used in a variety of modes. The ANSI X9.52 standard (see Question 5.3.1) details the different ways in which triple-DES might be used and is expected to be completed during 1998.

Compare and Contrast the Relative Benefits of Escrowed Encryption

CISSP Seminar:

To be completed????

Personal comments:

Key escrow is a real can of worm depending on who you are talking to.

There is two side of this, a group that claim it is madatory and another group that claim it would be against their freedom of speech and civil liberties.

Here are some of the degates:

Criminal encryption use exists. Encryption has already been used by criminals to keep their activities secret from the FBI and law enforcement. From 1995 to 1996, the number of cases in which the FBI was foiled by encryption more than doubled (5 to 12).

Encryption is not regulatable outside the US. Non-escrowed strong encryption is already available in over 200 other countries, and it will still be available in these countries, even if the US Government decides to institute an escrowed encryption policy.

Key recovery is expensive. A mandatory key recovery policy, if instituted by the government, would be very costly not only for the government itself (operational costs), but also for software companies that have developed the 800 encryption products currently on the market. These companies will have to completely re-engineer their products in order to comply with the government's new policy.

Escrow has not been thoroughly tested. There are millions of encryption users and thousands of agents and law enforcement agencies. Key escrow has never been tested in a wide-scale environment.

Mandatory escrow can be circumvented. There is no way to "scan" the Internet to detect use of non-escrowed encryption. Key recovery leaves a "back door" in the software. Our nation's critical systems (air traffic control, defense systems, the power grid, etc.) would likely be protected by key recovery. There is no way to ensure that the system will be safe from hackers and terrorists.

Escrow involves humans. As with any type of security system involving humans, there are vulnerabilities.

The government would hold the key to everyone's personal data. Under current proposed legislation, keys would be released by a court subpoena, not a judicial order.

Define "Clipper" and the "Shipjack" Algorithm

CISSP Seminar:

Clipper

Tamper-resistant hardware chip

NSA-designed single-key encryption algorithm (shipjack)

Decrypted by special chip, unique key and special law enforcement access field (LEAF) transmitted with encrypted communication.

ñòð. 3 |