Escolar Documentos
Profissional Documentos
Cultura Documentos
Objectives:
Basic cryptography concepts, including the importance of key length Encryption for confidentiality, including symmetric key encryption and public key encryption
Concepts
Many times two parties simply wish to communicate securely. The figure below shows that secure communication often takes place under the protection of a cryptographic system, in which software processes used by two communicating parties implement security automatically without the awareness of the communicating party. Cryptographic systems provide four types of protection to a conversations messages Confidentiality: Protection against eavesdroppers understanding intercepted messages Authentication: Assurance that senders are who they claim to be Message Integrity: Assurance that the messages has not been changed en route Anti-replay protection: Assurance that if an attacker captures a message and transmit it again later, the receiver will not accept the message.
Secure Communication
Provided Automatically
As seen in the second figure, the original message to be sent is called the plaintext. This name may seem to imply that only text message can be protected but a plaintext message can be graphics, voice or anything else. The text in its name exists for historical reasons early cryptography actually was limited to text message. Encryption and Ciphertext Also in the diagram shows applying encryption to the plaintext creates something else called ciphertext. Encryption is a mathematical process and there are a lot of popular encryption algorithms available. The ciphertext that encryption produce looks like a random stream of ones and zeros to anyone intercepting the message. Decryption When the ciphertext message reaches the authorized receiver, the receiver is able to decrypt the message that is, apply a mathematical process that regenerates the original plaintext. Although unauthorized parties cannot read the ciphertext message en route, the authorized receiver can read the deciphered plaintext Keys Encryption Methods and Keys The figure shows that encryption processes have two parts. One is a mathematical algorithm (the encryption method), which is used in the same way on all messages. The other key is a key, which is a string of bits. Different keys produce different ciphertexts from the same plaintext even when the same method is used. Only few encryption methods have been developed, so it is impossible in practice to keep the encryption method secret. Consequently, communicating partners must keep their encryption keys secret.
Encryption Key
Plaintext Hello
Ciphertext 11011101
Interceptor
Network
Decryption Key Note: Interceptor cannot read ciphertext without the decryption key Decryption Method And Key
Ciphertext 11011101
Plaintext Hello
Encryption for confidentiality with Symmetric Key Encryption In general, two types of encryption methods exists: symmetric key encryption methods and public key encryption methods Symmetric Key Encryption: A Single Key The figure shows both sides use the same key. A method that uses a single key for both encryption and decryption in both directions is a symmetric key encryption method. Each side encrypts with this single key when it sends a message and each side decrypts with this single key when it receives a message. In other words, the encryption key is the same as the decryption key in both directions. Methods Data Encryption Standard (DES) In 1977, the U.S. National Bureau of Standards which is now the National Institute of Standards and Technology (NIST), created the Data Encryption Standard (DES). DES quickly became the most widely used symmetric key encryption method a position it is slowly beginning to lose to newer methods.
Symmetric Key
Plaintext Hello
Ciphertext 11011101
Interceptor
Network
Same Symmetric Key Decryption Method And Key
Ciphertext 11011101
Plaintext Hello
DES-CBC (DES-Cipher Block Chaining) One problem with simple DES is that the same input plaintext always gives the same output ciphertext. This provides opportunities for skilled cryptanalysis to break the DES key
Triple DES (3DES) Where stronger security than DES is needed, many firms turn to triple DES which extends the effective key size of DES. Advanced Encryption Standard (AES) In response to the obsolescence of DES and the processing burdens of 3DES, NIST has released a new Advanced Encryption Standard (AES) which is efficient enough in terms of processing power and RAM requirements to use on a wide variety of devices.
The Basic Process Sending Whenever one party sends, it encrypts the plaintext with the public key of the receiver. When A sends to B, A encrypts with Bs public key. When B sends to A, B encrypts with As public key. Receiving Each receiver decrypts with its own private key. When A sends to B, B decrypts with Bs private key. In turn, when B sends to A, A decrypts with As private key. Once a message is encrypted with the receivers public key, nobody can decrypt it except the receiver. Even the sender cannot decrypt the message after encrypting it.
Encrypted Message
Party B
Encrypted Message
Disadvantage and Advantage Complexity, Processing Intensiveness and Short Messages Public key encryption probably strikes you as complex. In fact, it is. It requires many computer processing cycles to do public key encryption and decryption about 100 times as many cycles to do public key encryption requires. The efficiency of this processing burden is so large that public key encryption can be used to encrypt small messages. The Simplicity of Exchange Keys A major benefit of public key encryption is that public keys are not secret, so there is no need to exchange them securely. Many people post their public key online for everyone to read. In contrast with symmetric key encryption, each pair of communication partners needs to have a symmetric key that must be exchanged securely.
RSA The most widely used public key encryption method is RSA which is named for its creators, Rivest, Shamir and Adleman. RSA was patented but its patent expired in 2000. Now that RSA is in the public domain, its domination if public key encryption may grow. Unfortunately, most commercial implementation use a key of only 512 bits. This is now considered too small for safety. Companies are now advised to use 1024 bit keys for normal encryption and 2048 bit keys for highly sensitive applications. Elliptic Curve Cryptosystem (ECC) A newer form of public key encryption, the elliptic curve cryptosystem (ECC) promises to provide equal protection with smaller keys and therefore less processing burden.
You can then make your key available to other so that they may encrypt e-mail messages sent to you or verify your signed messages. Adding - -armor option produces ASCII output, which may be preferable if you intend to email the public key. You can make the file accessible on your website , transfer it as an email attachment or distribute it in other ways. To encrypt email you send to others, you must obtain their public keys. Ask your correspondents how to obtain them. Once youve done so, you can add their keys to your keyring (set of keys GPG maintains). gpg - -import filename This command adds filename to your set of public keys belonging to other people. Once youve created your own key and perhaps imported keys from others, you can see what keys are available by using the --list-keys option to gpg. gpg --list-keys /home/gel/.gnupg/pubring.gpg ------------------------------------------pub 1024/190EDB2E 2012-03-12 uid Ana Banana <ana@localhost.com> sub 2048g/0D657AC8 2012-03-12 pub 1024/A8B2061A uid sub 2048g/4F33EF6B 2012-03-12 Apple Mansanas <apol@localhost.com > 2012-03-12
The uid lines contains identifiers youll use when encrypting or decrypting data, so you should pay particular attention to that information. Encrypting and Decrypting Data To encrypt data, you use gpg with its --out and --encrypt options and optionally, --recipient and --armor: gpg --out encrypted-file --recipient uid --armor --encrypt original-file You can use the UID from a gpg list-keys output or just email address portion as the uid in this command. If you havent signed the recipients key, youll have to verify that you want to use that key. The result is the new file, encrypted-file which holds an encrypted version of original-file. If you omit the --armor option, the resulting file is a binary file, if you send it as email, youll need to send it as an attachment or otherwise encode it for transmission over the text-based email system. If you include the --armor option, the output is ASCII, so you can cut and paste the encrypted message into an email or send it as an attachment. If you receive a message or file that was created with your public key, you can reverse the encryption by using --decrypt option.
gpg --out decrypted-file --decrypt encrypted-file Youll be asked to enter your passphrase. The result should be the decrypted version of the original file. Signing Messages and Verifying Signatures As noted earlier, GPG can be used to sign messages so that recipients know they can from you. To do so, use the --sign or --clearsign option to gpg. gpg --clearsign original-file The --sign option creates a new file with the same name as the original but with .gpg appended to the filename. This file is encrypted using your private key, so that it may only be decrypted with your public key. This means that anybody with your public key may read the message, but anybody who can read it knows its from you. The --clearsign option works similarly but it leaves the message text unencrypted and only adds an encrypted signature that can only be verified using your public key. The --clearsign option creates a file with a name that ends in .asc If you received a signed message, you can verify the signature using the verify option to gpg gpg --verify received-file If any of the keys in your key ring can decode the message or verify the signature, gpg displays a Good signature message. To read a message that was encrypted with the --sign option, you must decrypt the message via the decrypt option.