CEG 499/699:
Internet Security


College of Engineering & CS
Wright State University
Dayton, Ohio 45435-0001

Cryptography in Internet Security
 

Prabhaker Mateti
 
Abstract: This lecture is a quick overview of cryptography as relevant in Internet security and passwords.
 
This work is supported in part by NSF DUE-9951380.
  03/29/01

Table of Contents

  1. Educational Objectives
  2. Lab Experiment
  3. Acknowledgements
  4. References

Educational Objectives

  1. Introduce the student to cryptography as it applies to net security.
  2. Describe the authentication technology.

Cryptography in Internet Security

A cryptographic algorithm, also known as cipher, transforms a "plain" (e.g., human readable) text pt and outputs cipher text ct as the output so that it is possible to re-generate the pt from the ct through a companion decryption algorithm.  Ciphers use keys together with plain text as the input to produce cipher text.  It is the key that provides the security of a modern cipher, not the details of the algorithm.

Note that we said "for example, human readable" and not "that is, human readable" as an explanation for the word "plain" in plain text.

What does "Computationally Infeasible" mean?

The phrase "computationally infeasible" is used frequently in cryptography but is rarely defined.  The general consensus on its meaning is as follows.  As you know, the time complexity, TC, of an algorithm is a function of its "input length", n.  For example, the time complexity of the bubble sort algorithm is O(n^2).  If the time complexity of an algorithm A is a function that grows faster than any polynomial, we consider A to be computationally infeasible.  A similar meaning with respect to memory (and other) resources required is included in the meaning of the phrase.  It is important to note the following.  Just because no one has yet discovered an algorithm to compute something does not make it infeasible.  On the other hand if it is mathematically proven that a certain computation is (Turing-) impossible to compute, it is infeasible.

On a practical level, we should understand the phrase to imply any computation that requires extremely long time even on the fastest (parallel, cluster, etc) computer systems.  Extremely long here is in the class of several (zillion?) years.

One way hash function

A one-way hash function takes a variable-length input sequence of bytes and computes a fixed-length sequence. The fixed length is considerably shorter than the typical length of the input. The phrase "one way" means that the function is designed to be computationally hard to reverse the process, that is, to find a string that hashes to a given value. 

The nature of all hash functions is that there must exist multiple input sequences that map to same fixed-length hash.  The inverse is a mathematical relation, not a mathematical function. But, a good hash functions have the following properties: It is hard to find two strings that would produce the same hash value.  A slight change in an input string causes the hash value to change drastically. E.g., if one bit is flipped in the input string, half of the bits in the hash value will flip as a result.

One-way hash functions are also known as message digests (MD), fingerprints, or compression functions. The most popular one-way hash algorithms are MD4 and MD5 (both producing a 128-bit hash value), and SHA, also known as SHA1 (producing a 160-bit hash value). 

Symmetric-key cryptography

Symmetric-key cryptography is an encryption system in which the sender and receiver of a message share a single, common key to encrypt and decrypt the message.  Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. Symmetric-key cryptography is sometimes called secret-key cryptography.

DES

The most popular symmetric-key system is the DES, short for Data Encryption Standard (ANSI X.3.92). DES encrypts data in 64-bit blocks using a 56-bit key.  The algorithm transforms the input in a series of steps into a 64-bit output.  Being a symmetric key algorithm, the same key, and the same steps are used to decrypt.

The IDEA Encryption Algorithm

IDEA (International Data Encryption Algorithm) is a block cipher which uses a 128-bit length key to encrypt successive 64-bit blocks of plain text. The procedure is quite complicated using subkeys generated from the key to carry out a series of modular arithmetic and XOR operations on segments of the 64-bit plaintext block. The encryption scheme uses a total of fifty-two 16-bit subkeys.

The Blowfish Encryption Algorithm

Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use.  Blowfish is unpatented and license-free, and is available free for all uses.

Public-key encryption

Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometime called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key.   The two keys are: a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.  The two keys are mathematically related, yet it is computationally infeasible to deduce one from the other. Anyone with the public key can encrypt a message but not decrypt it. Only the person with the private key can decrypt the message.  Unfortunately, public-key cryptography is very slow, about 1000 times slower than symmetric key  cryptography.

Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use.  You of course need to know the recipient's public key to encrypt a message. A global registry of public keys is needed, which is one of the promises of the new LDAP technology.

The most well-known of the public-key encryption algorithms is RSA, named after its designers Rivest, Shamir, and Adelman. The algorithm is based on the fact that there is no efficient way to factor very large numbers into their primes.  RSA allows both the public and private key to be used for encryption. If a message is encrypted with someone's private key, it can only be decrypted with the corresponding public key. This feature can be used to generate digital signatures, as follows:

  1. Alice computes a one-way hash of a document.
  2. Alice encrypts the hash with her private key. The encrypted hash becomes the document's signature.
  3. Alice sends the document along with the signature to Bob..
  4. Bob produces a one-way hash function of the document received from Alice, decrypts the signature with Alice's public key, and compares the two values. If they match, Bob knows that: (1) the document really came from Alice and (2) the document was not tampered with during transmission.

In real-world implementations, public keys are rarely used to encrypt actual messages because public-key cryptography is very slow, about 1000 times slower that conventional cryptography. Instead, public-key cryptography is used to distribute symmetric keys, which are then used to encrypt and decrypt actual messages, as follows:

  1. Bob sends Alice his public key.
  2. Alice generates a random symmetric key (usually called a session key), encrypts it with Bob's public key, and sends it to Bob.
  3. Bob decrypts the session key with his private key.
  4. Alice and Bob exchange messages using the session key.

Man-in-the-Middle Attack


The public key-based secure communication protocol between Alice and Bob described above is vulnerable to a man-in-the-middle attack. Let's assume that Mallory, a cracker, not only can listen to the traffic between Alice and Bob, but also can modify, delete, and substitute Alice's and Bob's messages, as well as introduce new ones.

Mallory can impersonate Alice when talking to Bob and impersonate Bob when talking to Alice. Here is how the attack goes:

  1. Bob sends Alice his public key. Mallory intercepts the key and sends his own public key to Alice.
  2. Alice generates a random session key, encrypts it with "Bob’s" public key (which is really Mallory's), and sends it to Bob.
  3. Mallory intercepts the message. He decrypts the session key with his private key, encrypts it with Bob's public key, and sends it to Bob.
  4. Bob receives the message thinking it came from Alice. He decrypts it with his private key and obtains the session key.
  5. Alice and Bob start exchanging messages using the session key. Mallory, who also has that key, can now decipher the entire conversation.
A man-in-the-middle attack works because Alice and Bob have no way to verify they are talking to each other. An independent third party that everyone trusts is needed to foil the attack. This third party could bundle the name "Bob" with Bob's public key and sign the package with its own private key. When Alice receives the signed public key from Bob, she can verify the third party's signature. This way she knows that the public key really belongs to Bob, and not Mallory.

Digital Certificates

A package containing a person's name (and possibly some other information such as an E-mail address and company name) and his public key and signed by a trusted party is called a digital certificate (or digital ID). An independent third party that everyone trusts, whose responsibility is to issue certificates, is called a Certification Authority (CA).  A digital certificate is a means of binding the details about an individual or organization to a public key. A digital certificate serves two purposes. First, it provides a cryptographic key that allows another party to encrypt information for the certificate's owner. Second, it provides a measure of proof that the holder of the certificate is who they claim to be - because otherwise, they will not be able to decrypt any information that was encrypted using the key in the certificate.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

The most widely used standard for digital certificates is X.509, which defines the following structure for public-key certificates:

  1. Version field identifies the certificate format.
  2. Serial Number unique within the CA.
  3. Signature Algorithm identifies the algorithm used to sign the certificate.
  4. Issuer Name is the name of the CA.
  5. Period of Validity is a pair of Not Before Date, and Not After Dates
  6. Subject Name Subject is the name of the user to whom the certificate is issued
  7. Subject's Public Key field includes Algorithm name and the Public Key of the subject.
  8. Extensions
  9. Signature of CA.

You can obtain a personal certificate from companies like VeriSign www.verisign.com or Thawte www.thawte.com.

Lab Experiment

None.

Acknowledgements

References

  1. North American Cryptography Archives, http://cryptography.org/  Recommended visit.
  2. The Feasibility of Breaking PGP, http://axion.physics.ubc.ca/pgp-attack.html  Recommended visit.
  3. Microsoft, Introduction to Code Signing, http://msdn.microsoft.com/workshop/security/ authcode/intro_authenticode.asp  1996. Recommended visit.
03/29/01 01:58:52 PM
Open Content Copyright © 2000 pmateti@cs.wright.edu