8246_Encryption_S24.pdf

Full Transcript

Cryptographic Methods
AN OVERVIEW
Security model
The CIA Triad, a model
Confidentiality
◦ refers to: data confidentiality, personal privacy
◦ protect against unauthorized disclosure of information
◦ counter measure: authentication, cryptography: encryption
Integrity
◦ refers to: data integrity, system integrity, source integrity (authenticity, non-repudiation)
◦ protect against data alteration (modification, destruction), unexpected system behaviour &
repudiation
◦ counter measure: authentication, AV SW, cryptography: message authentication code
Availability
◦ refers to: timely access to services
◦ protect against denial of service attacks
◦ counter measure: access control, service-based cryptography
Cryptographic components
Cryptographic components
◦ Plaintext: data to be encrypted
◦ Cipher: algorithm (public domain) to encrypt/decrypt
Note: Cipher also includes lookup tables or one-time pads that are not algorithms.
◦ Key: secret ingredient
◦ Ciphertext: encrypted data
◦ Data confidentiality: encrypted message
◦ Data integrity: message authentication code
◦ Source integrity: digital signature
Cryptographic methods
Result Cryptographic method Main security Keyed Reversible
objective(s)
Encryption, symmetric Encrypted message Confidentiality; Yes yes
NOT integrity (one)

Message authentication code Cryptographic keyed Integrity; Yes no
MAC algorithm NOT confidentiality (one)
HMAC (hash-based MAC) Hash function, keyed
Encryption, public or Encrypted message Source integrity; Yes yes
asymmetric Digital signature confidentiality (costly); (pair)
Secret key NOT data integrity
distribution
Cryptographic components
Characteristics of cryptographic components
Algorithm is public domain knowledge
◦ Mapping:
◦ one-to-one: variable-length input => variable-length output
◦ many-to-one:
◦ variable-length input => short fixed-length output
◦ Note: susceptible to collision: multiple inputs can generate same output
◦ Reversibility:
◦ Reversible: plain text can be recreated from cipher text
◦ One-way: plain text canNOT be recreated from cipher text
◦ Strength: metrics used to determine the ease of deciphering
◦ Key, the secret ingredient: length, randomness, number of keys
Note: Knowledge of the key is “key” to deciphering.
Confidentiality methods
Symmetric encryption
◦ AKA shared encryption AKA secret key encryption AKA single-key encryption
◦ Characteristics
◦ Algorithm: one-to-one mapping, reversible
◦ Key: uses the same key (“secret” key, “shared” key, “symmetric” key) to encrypt/decrypt
◦ Cipher text: encrypted message
◦ Security objective: data confidentiality
◦ Common uses: data encryption
Note: Exists since dawn of time (Egypt1900 BC ?; Roman empire)
◦ Common algorithm(s): AES (Advanced Encryption Standard)
Example: Trivial algorithm
Trivial encryption algorithm example (symmetric)
◦ Plaintext: hello
◦ Encryption algorithm (“Caesar code”): each letter is replaced by a letter in a different
(shifted) position of the alphabet
Note: “Caesar code”, named after Julius Caesar, is a substitution cipher that Caesar used it in
his private correspondence.
◦ Key: number of shifts + shift direction
Example: 2 shifts + forward direction
◦ Cipher text: jgnnq
Cryptographic methods - review
Result Cryptographic method Main security Keyed Reversible
objective(s)
Encryption, symmetric Encrypted message Confidentiality; Yes yes
NOT integrity (one)

Message authentication code Cryptographic keyed Integrity; Yes no
MAC algorithm NOT confidentiality (one)
HMAC (hash-based MAC) Hash function, keyed
Encryption, public or Encrypted message Source integrity; Yes yes
asymmetric Digital signature confidentiality (costly); (pair)
Secret key NOT data integrity
distribution
Data integrity methods
Data integrity process
Sender
◦ Creates short code of message
◦ Appends code to message
Recipient
◦ Creates short code of received message
◦ Compares created code with code appended to received message
If both codes are the same, the message has not been altered.
Note: A message code can be cryptographically secure if the code-producing algorithm is keyed.
Data integrity methods
Message digest, non-cryptographic
Input/Output:
◦ variable-length plain text => small, fixed-length cipher text, aka message digest
◦ Digest is appended to plain text.
Note: Checksums are functions designed to detect data-transmission errors.
Algorithm: hash function
◦ Output: Optimized for creating fixed-length output
◦ Mapping: Many-to-one, non-reversible,
◦ Keyed: Non-keyed
Common uses: To verify data integrity of data in transit or at rest
Note: Not meant to prevent an attacker from changing message
Example: Trivial algorithm
Trivial (non-cryptographic) hash function example
◦ Plaintext (input data): A – B – C – D – E – F
◦ Hash function: drop every second letter with a fixed-length of 3 characters
◦ Cipher text (output data: result of hash function): A – C - E
◦ Sample input data sets producing collisions:
◦ ABCDEFG: A – B – C – D – E – F – G
◦ AACCEE: A – A – C – C - E – E
Data integrity methods
Message Authentication Code: MAC, HMAC
◦ Input: variable-length message and shared key
◦ Output: small, fixed-length code, called MAC or HMAC, appended to message
◦ Security objective: integrity
◦ Algorithm
◦ MAC: cryptographic algorithm, such as symmetric algorithm
Note: resource intensive, NOT optimized for creating fixed-length output
◦ HMAC: keyed cryptographic hash function
Note: Optimized for creating fixed-length output
◦ Mapping: many-to-one, non-reversible
◦ Keyed: shared key
Data integrity methods
Application of data integrity methods
Sender
◦ Creates H/MAC of message with hash function & shared key
◦ Appends H/MAC to message
Recipient
◦ Creates H/MAC of received message with hash function & shared key
◦ Compares created H/MAC with H/MAC appended to received message
=> If both H/MACs are the same, the message has not been altered.
Data integrity methods

Source: Wikipedia
Data integrity methods
Message code summary
Message digest
◦ Hash function, non-keyed, that produces a message digest.
◦ Benefits/drawbacks: fast, not secure
Message authentication code: MAC
◦ Cryptographic keyed algorithm that produces a MAC.
◦ Benefits/drawbacks: resource-intensive, secure
Hash-based MAC: HMAC
◦ Cryptographic keyed hash function that produces an HMAC.
◦ Benefits/drawbacks: fast, secure
Common algorithms: SHA-xxx
Cryptographic methods - review
Result Cryptographic method Main security Keyed Reversible
objective(s)
Encryption, symmetric Encrypted message Confidentiality; Yes yes
NOT integrity (one)

Message authentication Cryptographic keyed Integrity; Yes no
code algorithm NOT confidentiality (one)
MAC Hash function, keyed
HMAC (hash-based MAC)
Encryption, public or Encrypted message Source integrity; Yes yes
asymmetric Digital signature confidentiality (costly); (pair)
Secret key NOT data integrity
distribution
Non-repudiation methods
Asymmetric encryption, characteristics
◦ AKA public key encryption (late 1970’s)
◦ Key: uses key pair: private (kept by owner), public (made available)
◦ Algorithm
◦ Mapping: one-to-one using encryption with one key, decryption with other key
Note: Which keys are used for encryption and decryption depends on security objective.
◦ Benefits: facilitates key management
◦ Drawbacks: costly, public key infrastructure (for secure distribution of public keys)
◦ Security objective: source integrity (main use), confidentiality (possible but costly)
◦ Common uses: digital signature (non-repudiation), key distribution (distribution of shared
key)
◦ Common algorithms: RSA
Encryption, public
How it works
To provide confidentiality (with recipient’s key pair)
◦ The public key is used to encrypt and the private key to decrypt.
Example:
◦ Alice uses Bob’s public key to encrypt the message:
plaintext + algorithm(recipient public key) => ciphertext
◦ Bob decrypts the message with his corresponding private key:
ciphertext + algorithm(recipient private key) => plaintext
To provide source integrity with digital signature (with sender’s key pair)
◦ The private key is used to encrypt and the public key to decrypt:
◦ The sender encrypts the hash of the document (H/MAC) with the sender’s private key: this
is known as a digital signature.
◦ The recipient decrypts the “signature” with the (sender’s) public key to retrieve the
document’s hash. The retrieved hash is compared with the computed hash of the message
to verify message integrity.
Encryption, public

Document +

Compute:
Document + Decrypt:

Source: Internet, adapted
Cryptographic methods - review
Result Cryptographic method Main security Keyed Reversible
objective(s)
Encryption, symmetric Encrypted message Confidentiality; Yes yes
NOT integrity (one)

Message authentication code Cryptographic keyed Integrity; Yes no
MAC algorithm NOT confidentiality (one)
HMAC (hash-based MAC) Hash function, keyed
Encryption, public or Encrypted message Source integrity; Yes yes
asymmetric Digital signature confidentiality (costly); (pair)
Secret key NOT data integrity
distribution
Key management
Key distribution
◦ Main administrative task of a keyed cryptographic system is the management of key
distribution.
◦ Symmetric encryption: exchange of shared key
◦ Secure key exchange has to take place before data exchange. (example: KDC)
◦ Asymmetric encryption: distribution of public key
◦ Problem: Validate that posted key is public key of owner
◦ Solution: Based on “chain of trust”
◦ System: A Certificate Authority, CA, is a trusted third party that issues a digital certificate,
AKA public key certificate.
◦ CA validates owner’s public key, creates digital certificate and signs it with CA’s private key.
◦ Note: A certificate contains: owner information, public key, validity period, CA’s digital
signature.
Key management
Creation/use of certificates for authenticity
Bob is certified by CA.
1. CA validates Bob and creates certificate of Bob’s public key.
2. CA digitally signs Bob’s certificate with CA’s private key and returns it to Bob.
Alice uses Bob’s public key after verifying Bob’s certificate.
1. Alice receives a signed message, encrypted with Bob’s private key, and Bob’s certificate.
2. Alice decrypts Bob’s certificate with CA’s public key to obtain Bob’s public key.
Note: CA keys are part of SSL/TLS implementation & browsers.
3. Alice decrypts Bob’s message using Bob’s public key.
=> If decryption is successful, message authenticity has been verified.
Cryptographic methods
Result Cryptographic method Main security Keyed Reversible
objective(s)
Encryption, symmetric Encrypted message Confidentiality; Yes yes
NOT integrity (one)

Message authentication code Cryptographic keyed Integrity; Yes no
MAC algorithm NOT confidentiality (one)
HMAC (hash-based MAC) Hash function, keyed
Encryption, public or Encrypted message Source integrity; Yes yes
asymmetric Digital signature confidentiality (pair)
Secret key distribution (costly);
NOT data integrity
Cryptographic application
Cryptographic method Common use Cryptographic
algorithm
Encryption, symmetric Message confidentiality AES
Hash function, keyed Data & source integrity for data in transit or at rest SHA-xxx
Password storage (previously: MD5)
Encryption, asymmetric Digital signatures RSA
Shared key distribution