Cryptography in Internet Security

Prabhaker Mateti

Abstract: Data integrity and privacy on the Internet primarily rests on using cryptography well. Unfortunately, it is easily compromised by errors in (operating) system configuration. This lecture is a quick overview of cryptography as relevant in Internet security and passwords.

Table of Contents

  1. Educational Objectives
  2. Cryptography in Internet Security
  3. What does "Computationally Infeasible" mean?
  4. One way hash function
  5. Symmetric-key cryptography
    1. DES
    2. IDEA
    3. Blowfish
  6. Public-key encryption
    1. RSA
    2. Secure Communication Using Public Keys
  7. Digital Signatures
  8. Man-in-the-Middle Attack
  9. Digital Certificates
  10. Acknowledgements
  11. References

Educational Objectives

  1. Introduce the student to cryptography as it applies to net security.
  2. Describe the authentication technology.

Cryptography in Internet Security

"Whoever thinks his problem can be solved using cryptography, doesn't understand his problem and doesn't understand cryptography." -- Roger Needham/Butler Lampson

Data integrity and privacy on the Internet primarily rests on using cryptography well. The design and implementation of cryptography requires deep understanding of discrete mathematics and number theory. Unfortunately, when cryptography is deployed carelessly, it is easily compromised by errors in (operating) system configuration. This lecture is a quick overview of cryptography as relevant in Internet security and passwords.

A cryptographic encryption algorithm, also known as cipher, transforms a "plain text" (e.g., human readable) pt and outputs cipher text ct as the output,

ct = cipher(pt, key)

so that it is possible to re-generate the pt from the ct through a companion decryption algorithm. Note that we said "for example, human readable" and not "that is, human readable" as an explanation for the phrase "plain text". Often, the so-called "plain text" is human un-readable binary data that is ready-to-be-used by a computer.

Ciphers use keys together with plain text as the input to produce cipher text. It is in the key that the security of a modern cipher lies, not in the details of the algorithm.

1. What does "Computationally Infeasible" mean?

Roughly speaking, computationally infeasible means that a certain computation that we are talking about takes way too long (hundreds of years) to compute using the fastest of (super) computers.

Suppose our key is a 128-bit number. There are

340,282,366,920,938,463,463,374,607,431,768,211,456

128-bit numbers starting from zero (i.e., 128 bits of 0). To recover a particular key by brute force, one must, on average, search half the key space:

170,141,183,460,469,231,731,687,303715,884,105,728.

If we use 1,000,000,000 machines that could try 1,000,000,000 keys/sec, it would take all these machines longer than the universe as we know it has existed to find the key.

This is not the same thing as saying that computational infeasibility is the same idea as Turing-incomputable. Nor is it the same thing as saying that you cannot make a lucky guess, or heuristically arrive at a possible answer, and then systematically verify that the guessed answer is indeed the correct answer, all done within a matter of seconds on a lowly PC. Here is an example: Microsoft Windows NT uses the DES encryption algorithm in storing the passwords. Brute-forcing such a scrambled password to compute the plain text password can take, according to Microsoft, "about a billion years." But the L0pht team ( www.l0pht.com) claims that L0phtCrack breaks Windows passwords in about one week, running in the background on an old Pentium PC.

In the context of cryptography, the factorization of an arbitrarily large number N, into its constituent primes, determining the powers n2, n3, n5, n7, etc. of the primes, is computationally infeasible -- as far as we know.

N = 2n2 * 3 n3* 5 n5 * 7 n7* ...

Based on this, the decryption is computationally infeasible. Note that this is assuming that we are using known methods, including brute force.

Is it possible that some one or some country has actually discovered fast algorithms, but chose to keep them secret, for these tasks that we believe to be computationally infeasible?

2. One Way Hash Function

A hash function maps input sequences of bytes into a fixed-length sequence. The fixed length is considerably shorter than the typical length (thousands of bytes) of the input, and hence the function is a hash function.

The nature of all hash functions is that there must exist multiple input sequences that map to the same hash. The inverse is a mathematical relation, not a mathematical function. But, good hash functions have the following properties: It is hard to find two strings, from the expected set of typically used strings, that would produce the same hash value. A slight change in an input string causes the hash value to change drastically.

A "one way" hash function is designed to be computationally infeasible to reverse the process, that is, to algorithmically discover a string that hashes to a given value.

Message Digests

One-way hash functions are also known as message digests (MD), fingerprints, or compression functions. The most popular one-way hash algorithms are MD4 and MD5 (both producing a 128-bit hash value), and SHA, also known as SHA1 (producing a 160-bit hash value).

As of 2006, both MD5 and SHA1 are considered separately broken. That is, given plain text p, it is possible to modify p to a desired p' so that md5(p) == md5(p'); similarly, for SHA1. What is not known is if we can modify p to a p' so that md5(p) == md5(p') and sha1(p) == sha1(p').

3. Symmetric-Key Cryptography

Symmetric-key cryptography is an encryption system in which the sender and receiver of a message share a single, common key to encrypt and decrypt the message. Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. Symmetric-key cryptography is sometimes also called secret-key cryptography.

If ct = encryption (pt, key), then pt = decryption (ct, key).

3.1 DES

The most popular symmetric-key system is the DES, short for Data Encryption Standard. DES was developed in 1975 and standardized by ANSI in 1981 as ANSI X.3.92. DES encrypts data in 64-bit blocks using a 56-bit key. The algorithm transforms the input in a series of steps into a 64-bit output.

3.2 IDEA

IDEA (International Data Encryption Algorithm) is a block cipher which uses a 128-bit length key to encrypt successive 64-bit blocks of plain text. The procedure is quite complicated using subkeys generated from the key to carry out a series of modular arithmetic and XOR operations on segments of the 64-bit plaintext block. The encryption scheme uses a total of fifty-two 16-bit subkeys.

3.3 Blowfish

Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish is unpatented and license-free, and is available free for all uses.

4. Public-Key Encryption

Public key cryptography uses two keys -- a public key known to everyone, and a private or secret key that is safe guarded. Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometimes also called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key. The two keys are mathematically related, yet it is computationally infeasible to deduce one from the other.

Unfortunately, public-key cryptography is about 1000 times slower than symmetric key cryptography.

4.1 RSA

The most well-known of the public-key encryption algorithms is RSA, named after its designers Rivest, Shamir, and Adelman. The un-breakability of the algorithm is based on the fact that there is no efficient way to factor very large numbers into their primes.

  1. Find two primes, p and q.
  2. Compute the product, n = p*q (called, the public modulus).
  3. Choose e (the public exponent), such that (i) e < n, and (ii) e is relatively prime to (p-1)*(q-1).
  4. Compute d (the private exponent) such that (e*d) mod (p-1)*(q-1) = 1.
  5. Public-key is (n, e), and the private key is (n, d).

An example of the above numbers: rsa.txt. Look up the man page: openssl(1).

The e and d are symmetric in that using either ((n,e) or (n,d)) as the encryption key, the other can be used as the decryption key.

The only way known to find d is to know p and q. If the number n is small, p and q are easy to discover by prime factorization. Thus, p and q are chosen to be as large as possible, say, a few hundred digits long. Obviously, p and q should never be revealed, preferably destroyed.

Encryption is done as follows. Consider the entire message to be encrypted as a sequence of bits. Suppose the length of n in bits is b. Split the message into blocks of length b or b-1. A block viewed as a b-bit number should be less than n; if it is not, choose it to be b-1 bits long. Each block is separately encrypted, and the encryption of the entire message is the catenation of the encryption of the blocks. Let m stand for a block viewed as a number. Multiply m with itself e times, and take the modulo n result as c, which is the encryption of m. That is, c = m^e mod n.

Decryption is the "inverse" operation: m = c^d mod n.

4.2 DSA

The Digital Signature Algorithm (DSA) is a United States Federal Government standard for digital signatures.

  1. Choose a prime q. Choose a prime modulus p such that p - 1 is a multiple of q.
  2. Choose g, a number whose multiplicative order modulo p is q. (This may be done by setting g = h^((p - 1)/q) mod p for some arbitrary h (1 < h < p-1), and trying again with a different h if the result comes out as 1. Most choices of h will lead to a usable g; commonly h=2 is used. )
  3. Choose x by some random method, where 0 < x < q.
  4. Calculate y = g^x mod p.
  5. Public key is (p, q, g, y), and the private key is x.

An example of the above numbers: dsa.txt. Look up the man page: openssl(1).

4.3 Secure Communication Using Public Keys

Public-key systems, such as Pretty Good Privacy (PGP), are popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. You need to retrieve the recipient's public key from one of several world-wide registries of public keys that now exist to encrypt a message.

When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.

In real-world implementations, public keys are rarely used to encrypt actual messages because public-key cryptography is slow. Instead, public-key cryptography is used to distribute symmetric keys, which are then used to encrypt and decrypt actual messages, as follows:

  1. Bob sends Alice his public key. (Or, Alice retrieves Bob's public key from a registry.)
  2. Alice generates a (random) symmetric key (called a session key), encrypts it with Bob's public key, and sends it to Bob.
  3. Bob decrypts the session key with his private key.
  4. Alice and Bob exchange messages using the session key.

4.4 Digital Signatures

A digital signature is a way to authenticate to a recipient that a received object is indeed that of the sender.

  1. Alice computes a one-way hash of a document.
  2. Alice encrypts the hash with her private key. The encrypted hash becomes the document's signature.
  3. Alice sends the document along with the signature to Bob..
  4. Bob produces the one-way hash of the document received from Alice, decrypts the signature with Alice's public key, and compares the two values. If they match, Bob knows that: (i) the document really came from Alice and (ii) the document was not tampered with during transmission.

4.5. Man-in-the-Middle (MiTM) Attack

The public key-based communication between Alice and Bob described above is vulnerable to a man-in-the-middle attack.

Let us assume that Mallory, a cracker, not only can listen to the traffic between Alice and Bob, but also can modify, delete, and substitute Alice's and Bob's messages, as well as introduce new ones. Mallory can impersonate Alice when talking to Bob and impersonate Bob when talking to Alice. Here is how the attack works.

  1. Bob sends Alice his public key. Mallory intercepts the key and sends her own public key to Alice.
  2. Alice generates a random session key, encrypts it with "Bob’s" public key (which is really Mallory's), and sends it to Bob.
  3. Mallory intercepts the message. He decrypts the session key with his private key, encrypts it with Bob's public key, and sends it to Bob.
  4. Bob receives the message thinking it came from Alice. He decrypts it with his private key and obtains the session key.
  5. Alice and Bob start exchanging messages using the session key. Mallory, who also has that key, can now decipher the entire conversation.

A man-in-the-middle attack works because Alice and Bob have no way to verify they are talking to each other. An independent third party that everyone trusts is needed to foil the attack. This third party could bundle the name "Bob" with Bob's public key and sign the package with its own private key. When Alice receives the signed public key from Bob, she can verify the third party's signature. This way she knows that the public key really belongs to Bob, and not Mallory.

6. Digital Certificates

A package containing a person's name (and possibly some other information such as an E-mail address and company name) and his public key and signed by a trusted third party is called a digital certificate (or digital ID). An independent third party that everyone trusts, whose responsibility is to issue certificates, is called a Certification Authority (CA). A digital certificate serves two purposes. First, it provides a cryptographic key that allows another party to encrypt information for the certificate's owner. Second, it provides a measure of proof that the holder of the certificate is who they claim to be - because otherwise, they will not be able to decrypt any information that was encrypted using the key in the certificate.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

The most widely used standard for digital certificates is X.509, which defines the following structure for public-key certificates:

  1. Version field identifies the certificate format.
  2. Serial Number unique within the CA.
  3. Signature Algorithm identifies the algorithm used to sign the certificate.
  4. Issuer Name is the name of the CA.
  5. Period of Validity is a pair of Not Before, and Not After Dates
  6. Subject Name is the name of the user to whom the certificate is issued
  7. Subject's Public Key field includes algorithm name and the public key of the subject.
  8. Extensions
  9. Signature of CA.

You can obtain a personal certificate from companies like verisign.com or comodo.com.

Acknowledgements

The Web.

References

[Many URLs are omitted as they are changing and are easy enough to discover by web search.]
  1. North American Cryptography Archives, cryptography.org Recommended visit.
  2. Microsoft, "Introduction to Code Signing," Required reading.
  3. Bruce Schneier, "Applied Cryptography: Protocols, Algorithms, and Source Code in C", Wiley, 2e, 1996. Reference.
  4. Simson Garfinkel, and Gene Spafford, Practical Unix and Internet Security, 3rd edition (2003), O'Reilly & Associates; ISBN: 0596003234; Chapter on Cryptography. Required reading.
  5. Bert-Jaap Koops, Crypto Law Survey, 2013. This is a survey of "existing and proposed laws and regulations in various countries on cryptography. Governments of advanced countries have long restricted export of cryptography for fear that their intelligence activities are hampered by the crypto use of foreign states and scoundrels". www.cryptolaw.org. Recommended visit.

Copyright © 2013 pmateti@wright.edu