T U T U N J U H A N A

T E L E C O M M U N I C A T I O N E N G I N E E R I N G

S C H O O L O F E L E C T R I C A L E N G I N E E R I N G & I N F O R M A T I C S

I N S T I T U T T E K N O L O G I B A N D U N G

ET4045Telecommunication Network Security

CryptographyPart 2

2

Symmetric key cryptography

3

symmetric key crypto: Bob and Alice share known same (symmetric) key: KAB

e.g., key is knowing substitution pattern in mono alphabetic substitution cipher

DES: Data Encryption Standard4

US encryption standard [NIST 1993]

56-bit symmetric key, 64-bit plaintext input

Block cipher with cipher block chaining

How secure is DES? “Weakest link” is size of key brute force attack

1993: Weiner: $1M machine, 3.5 hours

1998: EFF’s Deep Crack: $250,000

92 billion keys per second; 4 days on average

5

making DES more secure:

3DES: encrypt 3 times with 3 different keys (actually encrypt, decrypt, encrypt)

AES: Advanced Encryption Standard6

New (Nov. 2001) symmetric-key NIST standard, replacing DES

processes data in 128 bit blocks

128, 192, or 256 bit keys

brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES

Issues in Symmetric Keys Cryptography7

The key must be agreed upon by sender and receiver in a secure way

Then along came Diffie & Hellman…

Diffie–Hellman Key Exchange8

How Alice and Bob want to come up with the same key by talking on the phone without giving it away to a third party listening to the conversation? They agree on a large prime number p and a small integer g

These numbers are not secret Alice picks a large random integer a, and calculates A = ga mod p

Alice tells Bob what A is. Bob picks a large random integer b, and calculates B = gb mod p

Bob tells Alice what B is. Alice computes Ka = Ba mod p. Bob computes Kb = Ab mod p.

Ka = Kb = gab mod p

Someone spying on the phone can not get the key without knowing a and b, which were never spoken. Figuring out a and b from A, B, g, and p is as hard as it is to factor numbers the same size as p, hence p should be big (hundreds of digits)

Source: www.hep.uiuc.edu/home/mats/crypto/crypto.ppt

9

Public Key Cryptography(Asymmetric Cryptography)

10

symmetric key crypto

requires sender, receiver know shared secret key

Q: how to agree on key in first place (particularly if never “met”)?

public key cryptography

radically different approach [Diffie-Hellman76, RSA78]

sender, receiver do not share secret key

public encryption key known to all

private decryption key known only to receiver

11

Public key encryption algorithms12

RSA: Choosing keys13

RSA: Encryption, decryption14

RSA example15

RSA: another important property16

RSA is slow17

Exponentiation is computationally intensive

DES is at least 100 times faster than RSA

Solution

At first Bob and Alice use RSA to exchange a symmetric key, KS

Once both have KS, they use symmetric crypto

18

http://sy0201.blogspot.com/2010/06/https-process.html

RSA(asymmetric)

Symmetric

Exercise19

Download and install openssl (https://www.openssl.org/ or http://gnuwin32.sourceforge.net/packages/openssl.htm)

Read http://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL for how to generate keypair (private and public key)

Write a small file using notepad containing your NIM number. Name your file yourNIM.txt

Encrypt your file using my public key (download in https://www.dropbox.com/s/jo77l5mo7hyw0fd/pubkey-tutun.pem?dl=0)

To encrypt the file c:>openssl rsautl -encrypt -pubin -inkey pubkey-tutun.pem -in yourNIM.txt -out yourNIM.encrypted

Send your yourNIM.encrypted file to tutun@stei.itb.ac.id with the Subject: ET4045#1

Please generate your own keypair

Send me your public key I will send you next assignment using your public key encrypted file

To decrypt the file, please play with rsautl command

Due in one week