34
Encryption 2 Tom Chothia Computer Security: Lecture 3
Encryption 2
Tom Chothia Computer Security: Lecture 3
This Lecture
• Counter Mode (CTR) enryption
• Diffie Helleman key exchange
• Public Key Encryption – RSA – Signing – Combining public and symmetric key
encryption
Tutorial Groups
• Please sign up for a tutorial group now.
• Your tutor will contact you to arrange a time and place to meet on Thursday or Friday.
• Don’t understand something? E-mail your tutor, he will discuss it in tutorials.
WorkSheet 1
• Worksheets are small exercise. – You get a few token marks.
• We will use virtual machines, for some exercises. – The first worksheet is just to get a VM
working and install Truecrypt.
• It will be “marked” in the first tutorial on Thursday or Friday.
Lab Session
• Lab session Wednesday 10-12 in LG04 – Bring your laptop, or use a school machine.
• Myself and/or tutors will be present to give you individual help with your programs, tools, exercises.
• Come along on Wednesday, with your laptop, and we will help get a VM installed.
Last Lecture:
• Symmetric Key Encryption Ciphers – Frequency Analysis – One time pads – AES, DES and 3-DES
• Block cipher modes
• Truecrypt
Xor 0 xor 0 = 0 1 xor 0 = 1 0 xor 1 = 1 1 xor 1 = 0
⊕ Hello Alice 01011001 01100101 01110011
Key 11001011 01001101 11110001
10010010 00101000 10000010
⊕ ascii
(M k) k = M ⊕ ⊕
Xor 0 xor 0 = 0 1 xor 0 = 1 0 xor 1 = 1 1 xor 1 = 0
⊕ Hello Alice 01011001 01100101 01110011
Key 11001011 01001101 11110001
10010010 00101000 10000010
⊕ ascii
(M k) k = M ⊕ ⊕
Cipher Block Chaining mode (CBC)
• Plain text = B1,B2, B3,… • IV = random number (sent in clear) • Cipher text = C1,C2, C3,… where
C1 = encryptK(B1 xor IV), C2 = encryptK(B2 xor C1).
….. Ci = encryptK(Bi xor Ci-1).
CBC encrypt
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
CBC decrypt
• Receive IV • Receive cipher text = C1,C2, C3,… • Plain text = B1,B2, B3,… where:
B1 = decryptK(C1) xor IV, B2 = decryptK(C2) xor C1,
….. Bi = decryptK(Bi) xor Ci-1.
CBC decrypt
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Block Cipher Modes
Original ECB CBC http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Sony PlayStation
Sony needs to stop games being copied.
CD & full disk encryption
User can read and write particular areas of the hard disk.
Sony PlayStation
• With CBC, you need to encrypt, or decrypt, the whole file to get to the end.
• The Sony PlayStation uses ECB full disk encryption, to stop people copying games.
• User can access files they made themselves (notes, music, video …)
• Hardware controls user access to data.
Sony PlayStation Disk Encryption Attack
1. Remove disk and make a copy.
2. Write a user accessible file to the disk.
3. Find the bit of disk that changed (that’s your encrypted file).
4. Over write this with what you want to decrypt.
5. Restart the PlayStation and ask for your file back.
6. PlayStation decrypts the file and gives you the plain text.
Counter Mode (CTR)
• Plain text = B1,B2, B3,… • IV = random number (sent in clear) • Cipher text = C1,C2, C3,… where
C1 = B1 xor encryptK(IV), C2 = B2 xor encryptK(IV+1), C3 = B3 xor encryptK(IV+2),
….. Ci = Bi xor encryptK(IV+ i-1 ),
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
This Lecture
• Counter Mode (CTR) enryption
• Diffie Helleman key exchange
• Public Key Encryption – RSA – Signing – Combining public and symmetric key
encryption
Some History Before cheap powerful
computers, unbreakable encryption was almost impossible.
Governments wanted to read the codes of others.
They could control the export of these machines.
When IBM designed DES they could get it weakened.
• Cipher machines looked like this:
Some History During 1970-1990 all that
changed.
Personal computers could do anything a cipher machine could do.
University academics worked on encryption with the aim of making it available to everyone.
Public Key Encryption
• Public key encryption helps (but doesn’t solve) this problem.
• The idea of public key encryption is that you have two keys: – one for encryption – and another for decryption.
• The encryption key is made public, the decryption key is always secret.
Diffie-Hellman
• Diffie-Hellman is a widely used key agreement protocol.
• It relies on some number theory: – a mod b = n where for some “m” : a = m.b + n
• The protocol uses two public parameters – generator “g” (often 160 bits long) – prime “p” (often 1024 bits long)
Diffie-Hellman • Alice and Bob pick random numbers rA and rB and find “tA = grA mod p” and “tB = grB mod p”
• The protocol just exchanges these numbers: 1. A → B : tA 2. B → A : tB
• “Alice” calculates “tArA mod p” and “Bob” “tA rB mod p” this is the key:
– K = grArB mod p
Diffie-Hellman • An observer cannot work out rA and rB from tA and tB
therefore the attacker cannot calculate the key
• So we have a “Good Key” but know nothing about the participants.
• We did not need to share any keys at the start, therefore this is a very powerful protocol.
• In practice: use DH to set up a secure channel, then use something else to authenticate the person at the other end.
Elgamal
• Elgamal, is Diffie-Hellmen turned into a public key scheme. It uses a fix g & p
• “Alice” picks rA as her private key & “tA = grA mod p” is the public key.
• To encrypt message “M”, Bob picks rA finds and sends (grB mod p, M. tArB)
RSA
• RSA is the most popular public key cipher. – More efficient that Elgamal, and allows for signing.
• It uses two large primes p & q. We set n = p.q and o(n) = (p-1)(q-1)
• Pick random – e such that 1 ≤ e ≤ o(n) and e and o(n) are co-prime. – d such that d.e mod o(n) = 1
The public key is (e,n) and the private key is (d,n)
RSA
• To encrypt a message, turn it into numbers “m” that are less than “n”
• The encrypt as cipher text c do: c = me mod n
• To decrypt a cipher text c as a message m do: m = cd mod n
Some More History • These ciphers make encryption pretty much unbreakable.
• They made encryption available to everyone and the Internet, as we know it, possible
• But Diffie, Rivset, etc. weren’t the first. At the British intelligent service GCHQ:"– James Ellis invented the concept of public keys in the 1960’s"– Malcolm J. Williamson invented DH in 1974"– Clifford Cocks invented RSA in 1973"
• But GCHQ distributed their keys via embassies, so never used it."
Signatures • Using RSA Epub(Dpriv(M)) = M
• This can be used to sign messages.
• Sign a message with the private key and this can be verified with the public key.
• Any real crypto suite will not just encrypt with a public key, as this can be used to trick people into decrypting.
• Usually sign just the hash of the message.
Elliptic curve crypto
• Public key encryption based on elliptic curves.
• Functionally very like RSA, but more efficient.
• No full security proof, by recommended by NSA.
• Becoming the most popular web public key encryption system.
This Lecture
• Counter Mode (CTR) enryption
• Diffie Helleman key exchange
• Public Key Encryption – RSA – Signing – Combining public and symmetric key
encryption
Further Reading
• See links on the website.
• Eike’s Cryptology module • Coursera Cryptology module
– www.coursera.org/course/crypto • Bruce Schneier: Applied Cryptography • The Code Book, by Simon Singh.
Next Lecture
• Practical encryption.
• How to do encryption in Java.
• How to use a “keystore” to look after your keys.
