Cryptographic

methods:
Three important
Three important

components of
components of

cryptographic
cryptographic

systems
systems

Recommended reading:
"Applied Cryptography", Bruce Schneier
 Why use
cryptography?
l Can offer genuinely secure solutions
to important security problems
l Some governments forbid it
l Confidentiality
l Can I be sure no-one else can see my
data? (e.g. sniffing)
l Integrity
l Has my data been modified?
l Authentication
l Are you who you claim to be?
l Access controls (Authorisation)
 1. "Private key" or
"symmetric" ciphers

cipher
text
clear clear
text
k k text

he same key is used to encrypt the document

before sending and decrypt it at the far end
 We assume an
eavesdropper is able to
l intercept
How the
can they recover the ciphertext
cleartext?
 Examples of symmetric
ciphers
l DES - 56 bit key length, designed by
US security service
l 3DES - effective key length 112 bits
l AES (Advanced Encryption Standard) -
128 to 256 bit key length
l Blowfish - 128 bits, optimised for fast
operation on 32-bit microprocessors
l IDEA - 128 bits, patented (requires a
licence for commercial use)
 Features of symmetric
ciphers
l Fast to encrypt and decrypt, suitable for
large volumes of data
l A well-designed cipher is only subject to
brute-force attack; the strength is
therefore directly related to the key length
l Current recommendation is a key length of
at least 90 bits
l i.e. to be fairly sure that your data will be safe
for at least 20 years
l Problem - how do you distribute the keys?
 2. "Hashing" - one-
way encryption

hashing Fixed length "hash"

clear function or "message digest"
text

Munging the document gives a short

message digest" (checksum). Not possible to go
back from the digest to the original document.
 Example
s
l Unix crypt() function, based on DES
l MD5 (Message Digest 5) - 128 bit hash
l SHA1 (Secure Hash Algorithm) - 160 bits
l No two documents have yet been
discovered which have the same MD5
digest!
l No feasible method to create any
document which has a given MD5 digest
 So what use is
that?
l a. Integrity
You can run many megabytes of data
through MD5 andchecks
still get only 128 bits to
check
l An attacker cannot feasibly modify your file
and leave it with the same MD5 checksum
l Gives your document a unique "fingerprint"
 Exercis
e
l Exercise: on your machine type
l cat /etc/aliases
l Look at your neighbour's machine. Is
their file exactly the same as yours?
Can you be sure?
l md5sum /etc/aliases
l Compare the result with your neighbour
l Now change ONE character in
/etc/aliases and repeat the md5sum test
l Under FreeBSD the command is "md5"
 Software announcements
often contain an MD5
l checksum
It's trivial to check
l Protects you against hacked FTP
servers and download errors
$ md5sum exim-4.30.tar.bz2
be53ba6801a019452f06b68c112a2ec1 exim-4.30.tar.bz2
$

Could the attacker have modified

the announcement E-mail as well?
 So what use is that?
b. Encrypted password
l storage
We don't want to keep cleartext
passwords if possible; the password file
would be far too attractive a target
l Store hash(passwd) in /etc/shadow
l When user logs in, calculate the hash of
the password they have given, and
compare it to the hash in the password file
l If the two hashes match, the user must
have entered the correct password
l Can an attacker still recover the
password?
 So what use is that?
c. Shared secret
l authentication
Using hashing, a user can prove that they
possess a password, without actually
sending it over the wire
l Usually called a "shared secret" in this case

Challenge
Client Server
hash(Challenge + Secret)

Server recalculates the hash using the

challenge it sent and its local copy of the
secret. OK if both hashes match.
 Notes on shared
secret
l Examples:authentication
APOP, CRAM-MD5
l Sniffer cannot see the secret - but they
can see the challenge and hash of
(challenge + secret). This will allow
them to try dictionary and brute-force
attacks to recover the secret.
l The secret must be stored in PLAIN TEXT
on the server for this method to work.
 So what use is that?
d. Generating encryption
l keys
Users cannot remember 128 bit binary
encryption keys
l However they can remember "passphrases"
l A hash can be used to convert a passphrase
into a fixed-length encryption key
l The longer the passphrase, the more
"randomness" it contains and the harder to
guess. English text is typically only 1.3 bits
of randomness per character.

p://www.cranfield.ac.uk/docs/email/pgp/pgp-attack-faq.txt
p://www.schneier.com/paper-personal-entropy.html
Generating encryption
keys
for symmetric ciphers

Passphrase
entered by 128-bit
user MD5
key
hash

Every passphrase generates a

different 128-bit key
 Example:
GPG with symmetric
# vi foobar.txt cipher
# gpg -c foobar.txt
Enter passphrase: ding/dong 479 fruitbat
Repeat passphrase: ding/dong 479 fruitbat
# ls foobar.txt*
foobar.txt foobar.txt.gpg
# rm foobar.txt
rm: remove regular file `foobar.txt'? y
# gpg foobar.txt.gpg
gpg: CAST5 encrypted data
Enter passphrase: ding/dong 479 fruitbat
# cat foobar.txt

"gpg --version" shows the ciphers available)

 So what use is
that?
l S/Key (OPIE) e. one-time
passwords
l Generates sequence of passwords without
storing any secret information on the server!
l Cryptocard
l Physical token for challenge-response
 So what use is
that?
l f. Registering
By giving someone the MD5 digest of a
copyright
document, I can prove that I possessed
the document at that time, without
having to reveal its contents until later
l Lots of other uses
 3. "Public key"
ciphers

cipher
text
clear clear
text
k1 k2 text

(public key) (private key)

One key is used to encrypt the document,

a different key is used to decrypt it
 Public key and Private
key
l The Public key and Private key are
mathematically related (generated as a
pair)
l It is easy to convert the Private key into the
Public key. It is not easy to do the reverse.
l Key distribution problem is solved: you can
post your public key anywhere. People can
use it to encrypt messages to you, but only
the holder of the private key can decrypt
them.
l Examples: RSA, Elgamal (DSA)
Use for authentication:
reverse the roles of the
keys