CRYPTOGRAPHIC TOOLS

1
CONTENT

1. Symmetric Encryption
2. Message Authentication and Hash Functions
3. Public-Key Encryption
4. Digital Signatures and Key Management
5. Random and Pseudorandom Numbers
6. Practical Application: Encryption of Stored Data
7. Symmetric vs Asymmetric

2
2.1 Symmetric Encryption

• universal technique for providing confidentiality

• also referred to as single-key encryption

• two requirements for secure use:

– need a strong encryption algorithm
– sender and receiver must have obtained copies of the
secret key in a secure fashion
• and must keep the key secure

3
Symmetric Encryption

4
2.1.1 Attacking Symmetric
Encryption
Cryptanalytic Attacks Brute-Force Attack
• rely on: • try all possible keys on some
– nature of the algorithm ciphertext until an intelligible
– plus some knowledge of the general translation into plaintext is
characteristics of the plaintext obtained
– even some sample plaintext- – on average half of all possible
ciphertext pairs keys must be tried to achieve
• exploits the characteristics of the success
algorithm to attempt to deduce a
specific plaintext or the key
being used
– if successful all future and past
messages encrypted with that key
are compromised

5
2.1.2 Symmetric Encryption
Algorithms

6
Block Cipher
Encryption

Stream
Encryption

7
Block & Stream Ciphers
Block Cipher

• processes the input one block of elements at a time

• produces an output block for each input block
• can reuse keys
• more common

Stream Cipher
• processes the input elements continuously
• produces output one element at a time
• primary advantage is that they are almost always
faster
and use far less code
• encrypts plaintext one byte at a time
• pseudorandom stream is one that is unpredictable
without knowledge of the input key
8
2.2 Message
Authentication
protects against
active attacks

altered
message is • from authentic source
authentic • timely and in correct
sequence
can use
conventional
• only sender &
receiver
s
h
a
r 9
e
2.2.1 Message Authentication
Codes

10
Secure Hash
Functions

11
 Message
Authentication
Using a
One-Way
Hash Function

12
2.2.3 Hash Function
Requirements
• can be applied to a block of data of any size
• produces a fixed-length output
• H(x) is relatively easy to compute for any given x
• one-way or pre-image resistant
– infeasible to find x such that H(x) = h
• second pre-image or weak collision resistant
– infeasible to find y ≠ x such that H(y) = H(x)
• collision resistant or strong collision resistance
– infeasible to find any pair (x, y) such that H(x) = H(y)

13
2.2.4 Security of Hash
Functions
• approaches to attack a secure hash function
– cryptanalysis
• exploit logical weaknesses in the algorithm
– brute-force attack
• strength of hash function depends solely on the length of the
hash code produced by the algorithm

• additional secure hash function applications:

– Passwords: hash of a password is stored by an operating
system
– intrusion detection: store H(F) for each file on a system
and secure the hash values
14
2.3 Public-Key Encryption Structure

asymmetric
• uses two
publicly separate keys
• public key and some form of
proposed by based on
private key protocol is
Diffie and mathematical • public key is needed for
Hellman in functions made public for distribution
1976 others to use

15
2.3.1 Public-Key Encryption

Confidentiality
16
Private-Key Encryption

Authentication
17
2.3.2 Requirements for Public-Key Crypto.
computationall
y easy to create
key pairs
computationally easy for
useful if either key can sender knowing public
be used for each role key to encrypt messages

computationally computationally easy for

infeasible for opponent receiver knowing
to otherwise recover private key to decrypt
original message ciphertext
computationally
infeasible for opponent
to determine private key
from public key
18
2.3.3 Asymmetric Encryption
Algorithms
RSA (Rivest, most adopted block cipher in
developed in approach to which the plaintext
Shamir, 1977 public-key and ciphertext are
Adleman) encryption between 0 and n-1

enables two
Diffie-Hellman users to securely limited to the
key exchange reach exchange of the
agreement keys
algorithm about a shared
secret

Digital provides only a

cannot be used
digital signature
Signature function with
for encryption or
Standard (DSS) key exchange
SHA-1

Elliptic curve security like RSA,

cryptograph but with much
y (ECC) smaller keys

19
2.3.4 Applications for Public-Key Cryptosystems

20
2.4 Digital Signatures

• used for authenticating both source and data integrity

• created by encrypting hash code with private key
• does not provide confidentiality
– even in the case of complete encryption
– message is safe from alteration but not eavesdropping

21
2.4.1 Digital Envelopes
• protects a message
without needing to
first arrange for
sender and receiver to
have the same secret
key

• equates to the same

thing as a sealed
envelope containing
an unsigned letter

22
2.4.1 Public Key Certificates

23
2.5 Random Numbers

1. Uses include generation of:

• keys for public-key algorithms
• stream key for symmetric stream cipher
• symmetric key for use as a temporary session key or
in creating a digital envelope
• handshaking to prevent replay attacks
• session key

24
2.5.2 Random Number Requirements

1. Randomness 2. Unpredictability
• criteria: • each number is statistically
– uniform distribution independent of other
• frequency of occurrence numbers in the sequence
of each of the numbers • opponent should not be
should be approximately able to predict future
the same elements of the sequence
– independence on the basis of earlier
• no one value in the elements
sequence can be inferred
from the others

25
2.5.3 Random versus Pseudorandom
• cryptographic applications typically use algorithms for
random number generation
– algorithms are deterministic and therefore produce sequences of numbers
that are not statistically random

• pseudorandom numbers are:

– sequences produced that satisfy statistical randomness tests
– likely to be predictable

• true random number generator (TRNG):

– uses a nondeterministic source to produce randomness
– most operate by measuring unpredictable natural processes
• e.g. radiation, gas discharge, leaky capacitors
– increasingly provided on modern processors
26
2.6 Application: Encryption of Stored Data

Common to encrypt transmitted data

there is often little

protection beyond
Much less common for stored data
domain authentication
and operating system
access controls

data are archived for Approaches to encrypt stored data:

indefinite periods
use a
commercially background
even though erased, back-end library based
available laptop/PC data
until disk sectors are tape encryption
encryption encryption
reused data are appliance
package
recoverable

27
2.7 Symmetric vs
Asymmetric
Secret Key (Symmetric) Public Key (Asymmetric)
Number of keys 1 per pair 2 per person
Protection of key Must be kept secret One key must be kept secret; the
other can be freely exposed
Best uses Cryptographic workhorse; secrecy Key exchange, authentication
and integrity of datasingle
characters to blocks of data,
messages, files
Key distribution Must be out-of-band Public key can be used to
distribute other keys
Speed Fast Slow; typically, 1,000 times
slower than secret key

28