Professional Documents
Culture Documents
NS - 05 Cryptography Basic - 2
NS - 05 Cryptography Basic - 2
SECURITY
05 CRYPTOGRAPHY BASIC
Contents
5.1 5.2 5. 5.$ Definition Cryptography and Security Cryptographic !"gorith#s Cryptography on %i"es
05 CRYPTOGRAPHY BASIC
05 CRYPTOGRAPHY BASIC
05 CRYPTOGRAPHY BASIC
& 7ut+ Not a"" types of cryptography pro-ide a"" fi-e protections.
05 CRYPTOGRAPHY BASIC
05 CRYPTOGRAPHY BASIC
5. Cryptographic !"gorith#s
& There are three categories of cryptographic a"gorith#s. & These are 5no,n as 1
2 hashing a"gorith#s+ 2 sy##etric encryption a"gorith#s+ and 2 asy##etric encryption a"gorith#s.
05 CRYPTOGRAPHY BASIC
10
5. Cryptographic !"gorith#s
5.3.1 Ha hing !lgorithm
2 The #ost )asic type of cryptographic a"gorith# is a hashing a"gorith#. 2 The co##on hashing a"gorith#s are1
& 8essage Digest+ & Secure 9ash !"gorith#
05 CRYPTOGRAPHY BASIC
11
5. Cryptographic !"gorith#s
2 Ha hing" a"so ca""ed a one#$ay ha h+ is a process for creating a unique signature for a set of data. 2 This signature+ ca""ed a ha h or dige t+ that represents the contents. 2 9ashing is used to deter#ine the integrity of a #essage or contents of a fi"e. 2 ! hash that is created fro# a set of data cannot )e re-ersed.
05 CRYPTOGRAPHY BASIC 12
5. Cryptographic !"gorith#s
2 ! practica" e(a#p"e of a hash a"gorith# is used ,ith auto#atic te""er #achine 4!T86 cards.
& ! )an5 custo#er has a persona" identification nu#)er 4*:N6. & This nu#)er is hashed and the resu"ting cipherte(t is stored on a #agnetic strip on the )ac5 of the !T8 card.
05 CRYPTOGRAPHY BASIC
13
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
14
5. Cryptographic !"gorith#s
2 ! hashing a"gorith# is considered secure if it has these characteristics1
& The cipherte(t hash is a %ixed i&e. ! hash of a short set of data ,i"" produce the sa#e si3e as a hash of a "ong set of data. & T,o different sets of data cannot produce the sa#e hash+ ,hich is 5no,n as a colli ion. & :t shou"d )e i#possi)"e to produce a data set that has a desired or predefined hash. & The resu"ting hash cipherte(t cannot )e re-ersed in order to deter#ine the origina" p"ainte(t.
05 CRYPTOGRAPHY BASIC 15
5. Cryptographic !"gorith#s
2 9ash can )e used to defeat #an in the #idd"e attac5.
& 7oth the #essage and the hash are trans#itted. & ;pon recei-ing the #essage+ the sa#e hash is generated again on the #essage. & :f the origina" 4trans#itted6 hash e<ua"s the ne, hash+ then the #essage has not )een a"tered.
2 9ash -a"ues are often posted on :nternet sites in order to -erify the fi"e integrity of fi"es that can )e do,n"oaded.
05 CRYPTOGRAPHY BASIC 16
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
17
5. Cryptographic !"gorith#s
'e age (ige t
2 One co##on hash a"gorith# is the 'e age (ige t )'(* a"gorith#+ ,hich has three -ersions. 2 'e age (ige t + )'(+* ta5es p"ainte(t of any "ength and creates a hash 12= )its "ong. 2 8D2 )egins )y di-iding the #essage into 12=')it sections. :f the #essage is "ess than 12= )its+ data 5no,n as padding is added.
05 CRYPTOGRAPHY BASIC 18
5. Cryptographic !"gorith#s
2 !fter padding+ a 1>')yte chec5su# is appended to the #essage. Then the entire string is processed to create a 12=')it hash. 2 8D2 is considered too s"o, today and is rare"y used.
05 CRYPTOGRAPHY BASIC
19
5. Cryptographic !"gorith#s
2 'e age (ige t , )'(,* ,as de-e"oped in 1??@ for co#puters that processed 2 )its at a ti#e. 2 Ai5e 8D2+ 8D$ ta5es p"ainte(t and creates a hash of 12= )its. 2 The p"ainte(t #essage itse"f is padded to a "ength of 512 )its. 2 %"a,s in the 8D$ hash a"gorith# ha-e pre-ented this 8D fro# )eing ,ide"y accepted.
05 CRYPTOGRAPHY BASIC 20
5. Cryptographic !"gorith#s
2 The 'e age (ige t 5 )'(5*+ a re-ision of 8D$+ ,as created in 1??1 )y Ron Ri-est and designed to address 8D$Bs ,ea5nesses. 2 Ai5e 8D$+ the "ength of a #essage is padded to 512 )its. 2 The hash a"gorith# then uses four -aria)"es of 2 )its each in a round'ro)in fashion to create a -a"ue that is co#pressed to generate the hash. 2 7ut+ it is sti"" "eading to co""ision.
05 CRYPTOGRAPHY BASIC 21
5. Cryptographic !"gorith#s
Sec-re Ha h !lgorithm SH!
2 ! #ore secure hash than 8D is the Sec-re Ha h !lgorithm )SH!*. 2 The first is SH!#1. S9!'1 is patterned after 8D$+ )ut creates a hash that is 1>@ )its and pads the #essages of "ess then 512 )its ,ith 3eros and an integer that descri)es the origina" "ength of the #essage.
05 CRYPTOGRAPHY BASIC
22
5. Cryptographic !"gorith#s
2 The other hashes are 5no,n as SH!#+. 2 S9!'2 actua""y is co#prised of four -ariations+ 5no,n as S9!'22$+ S9!'25>+ S9!' =$+ and S9!'512. 2 The nu#)er fo""o,ing SH indicates the "ength in )its of the digest. 2 To date there ha-e )een no ,ea5nesses identified ,ith it. 8ost security e(perts reco##end that S9!'2 )e su)stituted in p"ace of 8D5.
05 CRYPTOGRAPHY BASIC 23
5. Cryptographic !"gorith#s
.hirlpool
2 Na#ed after the first ga"a(y recogni3ed to ha-e a spira" structure+ it creates a hash of 512 )its. 2 !ccording to its creators+ Whir"poo" ,i"" not )e patented and can )e free"y used for any purpose. 2 :t ta5es a #essage of any "ength "ess than 225> )its and returns a 512')it #essage digest.
05 CRYPTOGRAPHY BASIC 24
5. Cryptographic !"gorith#s
5.3.+ Symmetric Cryptographic
2 The origina" cryptographic a"gorith#s for encrypting and decrypting docu#ents are sy##etric cryptographic a"gorith#s. 2 These inc"ude the Data Encryption Standard DES+ Trip"e Data Encryption Standard DES+ !d-anced Encryption Standard !ES+ and se-era" other a"gorith#s.
05 CRYPTOGRAPHY BASIC 25
5. Cryptographic !"gorith#s
2 Symmetric cryptographic algorithm use the sa#e sing"e 5ey to encrypt and decrypt a #essage. 2 :t is therefore essentia" that the 5ey )e 5ept confidentia"+ )ecause if an attac5er secured the 5ey he cou"d decrypt a"" encrypted #essages. 2 %or this reason+ sy##etric encryption is a"so ca""ed pri/ate key cryptography.
05 CRYPTOGRAPHY BASIC
26
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
27
5. Cryptographic !"gorith#s
2 Sy##etric a"gorith#s can )e c"assified into t,o categories )ased on the a#ount of data that is processed at a ti#e.
Stream Cipher
2 The first category is 5no,n as a tream cipher. ! strea# cipher ta5es one character and rep"aces it ,ith one character.
05 CRYPTOGRAPHY BASIC
28
5. Cryptographic !"gorith#s
2 The si#p"est type of strea# cipher is a -0 tit-tion cipher. Su)stitution ciphers si#p"y su)stitute one "etter or character for another.
05 CRYPTOGRAPHY BASIC
29
5. Cryptographic !"gorith#s
2 ! #ore co#p"icated strea# cipher is a tran po ition cipher+ ,hich rearranges "etters ,ithout changing the#. 2 ! Sing"e Co"u#n Transposition Cipher )egins )y deter#ining a 5ey 4Step 16 and assigning a nu#)er to each "etter of the 5ey 4Step 26. 2 The p"ainte(t is ,ritten in ro,s )eneath the 5ey and its nu#)ers 4Step 6. 2 :n Step $+ each co"u#n is e(tracted )ased upon the nu#eric -a"ue.
05 CRYPTOGRAPHY BASIC 30
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
31
5. Cryptographic !"gorith#s
2 With #ost sy##etric ciphers+ the fina" step is to co#)ine the cipher strea# ,ith the p"ainte(t to create the cipherte(t. 2 The process is acco#p"ished through the e(c"usi-e OR 4COR6 )inary "ogic operation )ecause a"" encryption occurs in )inary.
05 CRYPTOGRAPHY BASIC
32
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
33
5. Cryptographic !"gorith#s
2 :nstead of co#)ining the cipher strea# ,ith the p"ainte(t+ a -ariation is to create a tru"y rando# 5ey 4ca""ed a pad6 to )e co#)ined ,ith the p"ainte(t. 2 This is 5no,n as a one#time pad )1T2*. 2 :f the pad is a rando# string of nu#)ers that is 5ept secret and not reused then an OT* can )e considered secure.
05 CRYPTOGRAPHY BASIC
34
5. Cryptographic !"gorith#s
3lock Cipher
2 The second category of sy##etric a"gorith#s is 5no,n as a 0lock cipher. 2 a )"oc5 cipher #anipu"ates an entire )"oc5 of p"ainte(t at one ti#e. 2 The p"ainte(t #essage is di-ided into separate )"oc5s of = to 1> )ytes+ and then each )"oc5 is encrypted independent"y. 2 %or additiona" security+ the )"oc5s can )e rando#i3ed.
05 CRYPTOGRAPHY BASIC 35
5. Cryptographic !"gorith#s
2 Data Encryption Standard DES
& One of the first ,ide"y popu"ar sy##etric cryptography a"gorith#s is the (ata Encryption Standard )(ES*. & DES is a )"oc5 cipher and encrypts data in >$')it )"oc5s. 9o,e-er+ the =')it parity )it is ignored so the effecti-e 5ey "ength is on"y 5> )its. & DES encrypts >$')it p"ainte(t )y e(ecuting the a"gorith# 1> ti#es+ ,ith each ti#e or iteration ca""ed a round.
05 CRYPTOGRAPHY BASIC
36
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
37
5. Cryptographic !"gorith#s
& DES is said to ha-e catapu"ted the study of cryptography into the pu)"ic arena. & ;nti" the dep"oy#ent of DES+ cryptography ,as studied a"#ost e(c"usi-e"y )y #i"itary personne". & DES he"ped #o-e cryptography i#p"e#entation and research to acade#ic and co##ercia" organi3ations. & !"though DES ,as ,ide"y i#p"e#ented+ its 5>')it 5ey is no "onger considered secure and has )een )ro5en se-era" ti#es.
05 CRYPTOGRAPHY BASIC
38
5. Cryptographic !"gorith#s
2 Triple (ata Encryption Standard )3(ES*
& Trip"e Data Encryption Standard 4 DES6 ,as designed to rep"ace DES. & !s its na#e i#p"ies+ DES uses three rounds of encryption instead of Dust one. The cipherte(t of one round )eco#es the entire input for the second iteration. & DES e#p"oys a tota" of $= iterations in its encryption 4three iterations ti#es 1> rounds6.
05 CRYPTOGRAPHY BASIC
39
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
40
5. Cryptographic !"gorith#s
& :n so#e -ersions of DES+ on"y t,o 5eys are used+ )ut the first 5ey is repeated for the third round of encryption. & The -ersion of DES that uses three 5eys is esti#ated to )e 2 to the po,er of 5> ti#es stronger than DES. & !"though DES addresses se-era" of the 5ey ,ea5nesses of DES+ it is no "onger considered the #ost secure sy##etric cryptographic a"gorith#.
05 CRYPTOGRAPHY BASIC
41
5. Cryptographic !"gorith#s
2 !d/anced Encryption Standard )!ES*
& Ne, a"gorith# that ,as fast enough and function on o"der co#puters ,ith =')it processors as ,e"" as on current 2')it and future >$')it processors. & !ES perfor#s three steps on e-ery )"oc5 412= )its6 of p"ainte(t. & Within Step 2+ #u"tip"e rounds are perfor#ed depending upon the 5ey si3e1 a 12=')it 5ey perfor#s nine rounds+ a 1?2')it 5ey perfor#s 11 rounds+ and a 25>')it 5ey+ 5no,n as !ES'25>+ uses 1 rounds.
05 CRYPTOGRAPHY BASIC 42
5. Cryptographic !"gorith#s
& Within each round+ )ytes are su)stituted and rearranged+ and then specia" #u"tip"ication is perfor#ed )ased on the ne, arrange#ent.
05 CRYPTOGRAPHY BASIC
43
5. Cryptographic !"gorith#s
2 Other !"gorith#s
& Se-era" other sy##etric cryptographic a"gorith#s are a"so used. Ri/e t Cipher )RC* is a fa#i"y of cipher a"gorith#s designed )y Ron Ri-est. & RC+ is a )"oc5 cipher that processes )"oc5s of >$ )its. & RC, is a strea# cipher that accepts 5eys up to 12= )its in "ength. :t is used as part of the Wired E<ui-a"ent *ri-acy 4WE*6 encryption standard.
05 CRYPTOGRAPHY BASIC
44
5. Cryptographic !"gorith#s
5.3.3 ! ymmetric Cryptographic
2 The ne,est type of cryptographic a"gorith# for encrypting and decrypting docu#ents is asy##etric cryptographic a"gorith#s. 2 These inc"ude RS!+ Diffie'9e""#an+ and e""iptic cur-e cryptography.
05 CRYPTOGRAPHY BASIC
45
5. Cryptographic !"gorith#s
2 The pri#ary ,ea5ness of sy##etric encryption a"gorith#s is 5eeping the sing"e 5ey secure. 2 8aintaining a sing"e 5ey a#ong #u"tip"e users+ often scattered geographica""y+ poses a nu#)er of significant cha""enges. 2 Key can NOT )e sent -ia :nternet+ nor can )e encrypted as the recei-er need a ,ay to decrypted.
05 CRYPTOGRAPHY BASIC
46
5. Cryptographic !"gorith#s
2 ! co#p"ete"y different approach to sy##etric cryptography is a ymmetric cryptographic algorithm + a"so 5no,n as p-0lic key cryptography. 2 !sy##etric encryption uses t,o 5eys instead of one. These 5eys are #athe#atica""y re"ated and are 5no,n as the pu)"ic 5ey and the pri-ate 5ey.
05 CRYPTOGRAPHY BASIC
47
5. Cryptographic !"gorith#s
2 The p-0lic key is 5no,n to e-eryone and can )e free"y distri)uted+ ,hi"e the pri/ate key is 5no,n on"y to the recipient of the #essage. 2 !sy##etric encryption ,as de-e"oped )y Whitfie"d Diffie and 8artin 9e""#an of the 8assachusetts :nstitute of Techno"ogy 48:T6 in 1?E5.
05 CRYPTOGRAPHY BASIC
48
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
49
5. Cryptographic !"gorith#s
2 *u)"ic and pri-ate 5eys can often resu"t in confusion regarding ,hose 5ey to use and ,hich 5ey shou"d )e used. 2 Ne(t ta)"e+ "ists the practices to )e fo""o,ed ,hen using asy##etric cryptography.
05 CRYPTOGRAPHY BASIC
50
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
51
5. Cryptographic !"gorith#s
05 CRYPTOGRAPHY BASIC
52
5. Cryptographic !"gorith#s
RS!
2 RS! stands for the "ast na#es of its three de-e"opers+ Ron Ri-est+ !di Sha#ir+ and Aeonard !d"e#an. 2 The RS! a"gorith# #u"tip"ies t,o "arge pri#e nu#)ers p and q+ to co#pute their product 4n=pq6. 2 Ne(t+ a nu#)er e is chosen that is "ess than n and a pri#e factor to !p"#$!q"#$.
05 CRYPTOGRAPHY BASIC 53
5. Cryptographic !"gorith#s
2 !nother nu#)er d is deter#ined+ so that !ed" #$ is di-isi)"e )y !p"#$!q"#$. 2 The -a"ues of e and d are the pu)"ic and pri-ate e(ponents. 2 The pu)"ic 5ey is the pair 4n%e6 ,hi"e the pri-ate 5ey is 4n%d6. 2 The nu#)ers p and q can )e discarded. 2 RS! is s"o,er than other a"gorith#s.
05 CRYPTOGRAPHY BASIC 54
5. Cryptographic !"gorith#s
(i%%ie#Hellman
2 ;n"i5e RS!+ the Diffie'9e""#an a"gorith# does not encrypt and decrypt te(t. 2 Rather+ the strength of Diffie'9e""#an is that it a""o,s t,o users to share a secret 5ey secure"y o-er a pu)"ic net,or5. 2 Once the 5ey has )een shared+ then )oth parties can use it to encrypt and decrypt #essages using sy##etric cryptography.
05 CRYPTOGRAPHY BASIC 55
5. Cryptographic !"gorith#s
Elliptic C-r/e
2 E""iptic Cur-e Cryptography ,as first proposed in the #id'1?=@s. 2 :nstead of using pri#e nu#)ers as ,ith RS!+ e""iptic cur-e cryptography uses e""iptic cur-es. 2 7y adding the -a"ues of t,o points on the cur-e+ you can arri-e at a third point on the cur-e.
05 CRYPTOGRAPHY BASIC 56
5. Cryptographic !"gorith#s
2 E""iptic cur-e cryptography has not )een fu""y scrutini3ed as other types of asy##etric a"gorith#s )ecause the concept is sti"" ne,. 2 The studies that ha-e )een perfor#ed so far ha-e indicated that e""iptic cur-e cryptography #ay )e a pro#ising techno"ogy.
05 CRYPTOGRAPHY BASIC
57
05 CRYPTOGRAPHY BASIC
58
05 CRYPTOGRAPHY BASIC
60
05 CRYPTOGRAPHY BASIC
62
05 CRYPTOGRAPHY BASIC
63