Here comes my favorite chapter in the whole book. It's probably the final chapter since biometrics isn't important. Let's begin!
Oh did I mention, it's CRYPTOGRAPHY TIME!
Cryptography is the conversion of information into an form incomprehensible by people who do not have secret knowledge. In other words, creating the encryption/decryption system is the essence of cryptography.
Cryptanalysis is the opposite. Cryptanalysis is the breaking of the cryptography system by obtaining the secret through various means to break a code.
Plaintext (or less technically cleartext) is the original data. It is directly readable, or in case of data, useful.
Ciphertext is the plaintext that has gone through a cipher to make it unreadable.
Cipher is the encryption algorithm.
Key is the secret (typically a series of bits or a String which is later converted into bits) used by the cipher to encrypt/decrypt the plaintext into the ciphertext and vice versa.
Encryption is the conversion of plaintext into ciphertext using a cipher and key.
Decryption is the conversion of ciphertext into plaintext using a cipher and key.
cipherEncrypt(plainText,key) = cipherText;
cipherDecrypt(plaintext,key) = plainText;
In other words, the input of encryption is plaintext, and the output is ciphertext. The input of decryption is ciphertext, and the output is plaintext.
The goals of cryptography are slightly different, it now is:
C - Confidentiality
I - Integrity
A - Authentication
N - Non-Repudiation
Repudiation occurs when a user denies that he has sent something after he did. Non-repudiation ensures that he cannot do that, which we will see later in Asymmetric Encryption. It makes sure that NOBODY CAN PROVE that a transaction didn't take place if it did.
Private key encryption is known as symmetric cryptography, secret key, or single key.
Public key encryption is known as asymmetric cryptography.
The common symmetric key algorithms (ciphers) are:
-DES - Data Encryption Standard
-3DES - Triple DES
-AES - Advanced Encryption Standard
-IDEA - International Data Encryption Algorithm)
-RC[2,4,5] - Ron's Code, or Rivest Cipher
-Symmetric encryption is faster than asymmetric cryptography as the algorithm is computationally less complex
-Both side uses the same keys, therefore it must be private
-Shorter key length can be used to achieve the same level of security provided by an asymmetric system using longer key length
Both sides need to have the key before communication can take place. This is sent to the other side through various secure and insecure means (can be in-band and out-of-band).
The main disadvantage of symmetric encryption is the difficulty of sending the keys across securely. Keys may be lost/stolen/modified as it transits an insecure medium.
Assuming that 5 parties need to communicate, and they are NOT to be able to decipher each other's communication, then the number of keys required would be exponential according to the formula:
n(n-1)/2
2 parties would need 1 key, 3 parties would need 3 keys, 4 parties would need 6 keys, 5 parties would need 10 keys, and so on. 50 parties would need 1225 keys which is really impractical.
The problem with key distribution is solved through asymmetric encryption. Whitfield Diffie and Martin Hellman introduced the Diffie Hellman scheme in 1976. Another scheme, known as RSA (Rivest, Shamir and Adelman) was introduced later on.
Asymmetric encryption involves two mathematically related keys known as the public and private key. Either key can be public or private, as long as the private key is only owned by the owner.
Let k be the keys, p be the plaintext, c be the ciphertext, and f(x,y) be the encryption and g(x,y) be the decryption functions of the cipher. An asymmetric encryption would satisfy:
f(p1,k1) = c1;
g(c1,k2) = p1;
f(p2,k2) = c2;
g(c2,k1) = p2;
f'(c1,k1) = p1; DOES NOT EXIST
f'(c2,k1) = p2; DOES NOT EXIST
h(k1) = k2; DOES NOT EXIST
You may not encrypt and decrypt using the same key. You cannot derive the other key using the first key (you may only use bruteforce). The public key would be public and should be available for everyone. These are usually stored into key servers such as http://pgp.mit.edu/. You may also send public keys through email and websites. The private key, however, MUST be kept only to the owner.
Private keys are typically kept secure using a passphrase. The passphrase is used to encrypt/decrypt the private key, which is used to decrypt anything encrypted with the public key. (I love this chapter).
An example of asymmetric encryption would be:
I want to send YOU a mail
I obtain YOUR public key somehow (through online directories or otherwise)
I encrypt my mail with YOUR public key and send it to you
YOU decrypt the mail with YOUR private key
Two advantages of symmetric over asymmetric is:
-Less computationally complex, so symmetric is faster
-Symmetric key needs a shorter key length to have the same key strength
Two advantages of symmetric key over asymmetric are:
-It is difficult to transmit the key
-Difficult to manage keys (keys increase exponentially to the number of parties)
The number of keys required is simply: 2*n;
Remember, when referring to decryption and encryption, always use the keyword "corresponding". For example, use the "corresponding" public key to decrypt something encrypted with a private key.
If I want to send you something, and I encrypt with my public key instead, then you must have my private key to decrypt. Since only I have my private key, you will never be able to read that message unless you stole it from me.
Encryption with my private key is only done so that you can verify that I indeed AM the one that sent that message. This is not for confidentiality because anyone can get the public key for decryption. It's more for non-repudiation (i.e. If the message can be decrypted with the public key, then the owner of the public key definitely sent it, unless the private key was compromised).
The advantages of asymmetric keys are:
-Keys can be exchange easily without any special arrangement.
-Can be used to implement non-repudiation
The disadvantages are:
-Slow compared to symmetric key cryptography
-Computationally very complex, and programming is very difficult
As a review:
To send a confidential message - Use the receiver's public key to encrypt
To receive a confidential message - Decrypt with your own private key
To sign a message - Encrypt the message with your own private key
To verify a signature - Decrypt the message with signer's public key
If you use the wrong public key to sign, then the intended recipient would not be able to see the message. Certificates are used to store the public key for identification. We'll cover this later.
Let's now talk about hash functions. Hash functions are one way message-digest functions used to find the fingerprint of a particular object. It performs one-way transformation in a way where:
f(x) = y; Exists
f'(y) = x; Does not exist
Hash is not an encryption. The original document cannot be derived from the hash.
Hashes are typically used to check the integrity of the message. Message X has fingerprint x, but Modified Message X will have a fingerprint of y.
Properties of Hashes are:
A small change in input results in a big change in output - The Avalanche Effect
-As an example, if "An apple" gives abc1298fe, "An Apple" would give 1029defef
Input of different lengths always produce same length outputs
-If "Apple" gives abc1298fe, "An Apple" would give 1029defef
Two different inputs will not produce the same input (Anti-collision)
-By definition, since the hash output is 128-bits, then out of every 2^(128) input, only two would give the same output. That is a huge number.
It would take 128 bits * 2^(128) bits of space to store rainbow tables to defeat MD5. It is even more impractical to defeat SHA-1.
Same input always same output
-If "Apple" gives abc1298fe now, it will ALWAYS be abc1298fe.
These are the tested MD5 algorithms:
-MD4/MD5 (128-bits)
-SHA-1 (160-bits)
-SHA-2 (comprises of SHA-224, SHA-256, SHA-384, SHA-512)
Verification of the message Integrity through hash is as such:
I send you a message, and a hash of that message
You hash the received message, and compare it with the attached hash
A Digital Certificate is used to identify the owner. It is used in a Public Key Infrastructure and issued by Certificate Authorities. The Public Key is stored in the Digital Certificate, and the hash of a portion of the Digital Certificate is signed using the Certificate Authority's private key. This lets you:
-Verify and communicate with the owner
-Verify that the Digital Certificate came from a real CA
Digital certificates typically have a common name used in proving the identity of e-commerce sites (SSL/TLS). The most common digital certificate standard is the X.509. (There is a mistake in seminar, it's not a signature, it's a certificate).
A benefit of Asymmetric encryption is the use of Digital Signatures to implement non-repudiation and origin authenticity. It can also be used to verify that information is not lost in transit.
A digital signature is "a type of asymmetric cryptography used to simulate the security properties of a signature in digital form". It provides:
-Authentication - The signer is really who he is
-Non-repudiation - The signer cannot deny that he did not sign it
-Integrity - The data was sent and received without alteration
Signing is done in two simple steps:
-Hash the message
-Sign the has, then attach it with the message
The message sent is...
Plaintext+Sign(MD5(Plaintext))
The receiver then takes the hash, and decrypts it with the public key of the sender (If it can be decrypted, it verifies the sender and provides non-repudiation).
Now he hashes the message, and compares it with the decrypted hash (Verifies the Integrity of the message if it matches).
PGP is a software that makes use of asymmetric encryption to provide services such as signing and encryption for mainly email. In this case, event the sent message is encrypted, so a message to you looks like:
cipherEncrypt(plainText,yourPublic)+cipherEncrypt(md5(plainText),myPrivate)
Don't have funny ideas about "myPrivate" here. It's a key not a part.