CryptographyA Brief History
Prasenjeet DuttaProgram Manager
Cybernet Software Systems Inc.
In Today’s Session
Part I The Ciphers
Part II The Politics
Part III Security and Privacy
Part IV Questions
Basic Definitions
Cryptography: The Science of creating coded messages
Cryptanalysis: The Art of breaking coded messages
Cleartext: the original message Ciphertext: the encoded message Key: Input to the cryptographic algorithm Passphrase: User input from which the key
is usually derived
Early History: Caesar Cipher
Classically attributed to Julius Caesar Simple “Shift By Three to the Right” Rule
– “ATTACK” would become “DWWDFN”
Easily Breakable if you knew the Rule Today, easily breakable otherwise as well Demo
Transposition Ciphers
Message Written in a Rectangular Block Letters transposed in Pre-arranged order ATTACK CORSICA AT DAWN becomes
A T T A C AKID TCCA TOAW ARAN CSTX
K C O R S
I C A A T
D A W N X
Demo
Vigenère Cipher
Attributed to French mathematician Blaise de Vigenère, 1585
Generalization of the Caesar Cipher Bidirectional n-Shift cipher Considered secure until 1863
– The Kasiski/Kerchoff method of Frequency Analysis and the “Index of Coincidence”
Demo
One Time Pad (“Vernam Ciphers”)
Special Case of the Vigenère Cipher Plaintext length == Key length Key is assumed to be random Proven to be mathematically secure against all
attacks Randomness not easy to generate Non-randomness of key makes algorithm breakable Has been used for ultra-sensitive telephonic hotlines
WWII: The Enigma
Mechanical Device: Gears/Plugs Essentially a complex polyalphabetic cipher Key Transport major issue GCHQ cracked it
– Turning point in the war
Demo
A Taxonomy of Ciphers
Substitution Ciphers: The Ciphertext is formed by mathematically transforming the Plaintext
– Most commonly Used
Transposition Ciphers: The Ciphertext is formed by re-arranging the Plaintext
– Considered Primitive
Concealment Ciphers: The Plaintext is “hidden” away from ordinary view
Substitution Ciphers
Monoalphabetic: only one sort of substitution is used, e.g. Caesar
Polyalphabetic: more than one substitution, e.g. Vigenère, Enigma
Block Cipher: Operates on discrete blocks of plaintext, outputs discrete blocks of ciphertext, e.g. DES, Blowfish, Rijndael– Ideal for offline encryption of large blocks of data
at a time
Substitution Ciphers, contd.
Stream Cipher: generates a keystream and combines with plaintext to form ciphertext, e.g. RSA’s RC4– Suitable for online encryption of smaller chunks of
data, e.g. Encrypting Voice Comms– Approximates a One Time Pad when used this
way– Much faster than block ciphers for online work– Block ciphers can also emulate stream ciphers,
though slowly
Symmetric Ciphers
Used for most heavy-duty encryption today DES, Blowfish, Twofish, Rijndael… One Common Key for Encryption and
Decryption Decryption is the mathematical inverse of
encryption, i.e.:– F(plaintext, key) = ciphertext – F(ciphertext, key) = plaintext
The Key Distribution Problem
Throughout history, ciphers were symmetric Symmetric Ciphers share encryption and
decryption keys Key Dist presents practical problems Prone to Man-in-the-middle attacks This situation lasted until 1976
Enter Public Key Cryptography
Known to British and American Intelligence since the 1960s as “non-secret encryption”
Non-classified invention would take 15 more years
Practical only with large scale computer resources
Concept and Key-Exchange technique proposed by Diffie/Hellman, 1976– No Cryptosystem implementation
R, S and A
First Practical of a Diffie/Hellman Cryptosystem
Rivest, Shamir, Adelman 1978 System allowed Encryption/Decryption, Key
Exchange and Message Signing Other PK algorithms today:
– Diffie/Hellman, ElGamal, DSA
Even today, RSA probably most versatile
The RSA Algorithm
Choose two primes p and q. Compute n = pq and s = (p-1)(q-1). Choose e such that e is relatively prime to s and e <
s. Find d such that de = 1 mod s and d < s. The private key KR = {d, n}. The public key KU = {e, n}. Encryption is: C = me (mod n). Decryption is: M = Cd (mod n).
RSA for Encryption
Let p=7 and q=17. Thus n = pq = 119. Thus s = (p-1)(q-1) = 96. We choose e = 5. We determine ‘d’ to be 77, since 77x5 = 385 = 4x96 + 1, that is,
de=1 mod s and d < s
Encryption (for a plaintext M = 19). (19^5) % 119 = 66
Decryption (for a ciphertext M = 19). (66^77) % 119 = 19
RSA For Signing
Using the same parameters as before, we will encrypt our plaintext (19) using our private key. This is equivalent to “signing”
Signing (for a plaintext M = 19) (19^77) % 119 = 66.
The corresponding decryption using our public key is called “verification.”
Decryption (for a signed text S = 66) (66^5) % 119 = 19.
PK vs. Symmetric Ciphers
Symmetric Algorithms not obsolete PK Ciphers far too slow PK ciphers better suited to transporting symmetrical keys or
message digests than general purpose encryption. PK Ciphers require very large keys to attain decent security
– a 128 bit RSA key is very weak compared to a 128 bit Blowfish key.
PK Algorithms tend to be simple mathematically, depending on the NP-hardness of their algorithms for security
Symmetric algorithms tend to be convoluted because of multiple steps, many of them non-linear.
Hashes and Steganography
Hashes Verify Message Integrity– Creates a fixed size output from variable-length input
using a one-way series of transforms– MD5 and SHA-1 are the most used algorithms
Steganography attempts to hide “real” messages within a larger, “innocent” message– Often used to disguise the fact that any message is
being transmitted at all– Demo
The Politics of Crypto
Cryptography doesn’t occur in a vacuum Crypto exists because bad guys exist Crypto products are munitions according to
the US BXA– Illegal Export is a federal felony– After 9/11, can be a terrorist-abetment offence
If you work on crypto, know your laws!
Indian Law
Import not restricted– License may be required
The IT Act 1999 requires mandatory key surrender if required for national security
US Cryptographic Law
US prohibits export of certain “grades” of cryptographic products– Though they are very easily downloadable over
the Net Most cryptographic functions in US software
used to be crippled badly before export– MSIE 4, 5 with “56 bit” security– Lotus Notes with “64-24 bit” security
Today, general export (except to the Terrorist “T-7” nations) is permitted
US Laws, contd.
Allowed (2002 Rules):– Nearly all Symmetric Algorithms
Lengths above 64 bits require mandatory notification
– PK Ciphers up to 512 bits– Elliptic Curve Ciphers up to 112 bits
Why is US Law so Important?– Largest exporter of Software– Most European Countries have a problem with
this– Germany currently funding GPG
The Crypto Wars
Daniel Bernstein waged a legal battle to declare the US Crypto Export Regulations illegal
Philip Zimmerman wrote PGP to take crypto to the masses
The hope was that good, ubiquitous crypto would make computing secure for everyone
Eventually, the Crypto Regulations crumbled Is secure computing there yet?
The Bigger Picture
Cryptography is one step towards achieving a secure system, or our privacy
By itself, it guarantees nothing Security is a Process
– No silver bullets– Not even cryptography– All crypto is breakable, given enough time and
computer resources
The Black Hats Strike Back
BonziBuddy, Kazaa and Nimda– Threats for a new generation
Crypto too hard to use for common users– Despite S/MIME, secure email has not taken off
Palladium (MS) and TCPA (Intel) now aim to take crypto into hardware– But not all the security infrastructure in the world
will help protect non-security-minded users
Pretty Bad Privacy
“In God we trust. All others we monitor.”– Tongue-in-cheek NSA motto
28 dishes 100k simultaneous calls 2 million messages/hr 17.5 billion messages/yr And that’s just one station: Menwith Hill, UK Plus satellite interceptors, undersea taps, etc
And it gets worse
With strong crypto proliferating, NSA stated policy is to now go “beyond crypto”
– Keystroke Logging to capture keystrokes– Van Eck Phreaking to read characters from Electromagnetic
Radiation from monitors– Spy Satellites can now spot 10cm2 objects from orbit– Mandated ISP taps (Carnivore)– Social Engineering
9/11 has added urgency– Intelligence agencies must combine/pool databases– The goal is “Total Information Awareness”
That Said…
…crypto is not totally useless
Good crypto is good enough to stop industrial espionage, network snoopers and casual crackers/script kiddies
Crypto-enabled protocols are much more secure than vanilla FTP, Telnet or HTTP
Improving Computer Security
Become Security Aware– Security is a Process
No Magic Bullets– Windows, Linux, Trusted Solaris: all need work
Encrypt Network Traffic: SSH, HTTPS, SFTP Use IPSec and DNSSec if you can Avoid Single Points of Failure Audit !
Further Exploration
Light Reading– The Code Book, Simon Singh
Introduction– Cryptography and Network Security, William
Stallings
Graduate Level – Handbook of Applied Cryptography
http://www.cacr.math.uwaterloo.ca/hac/
On the Internet
sci.crypt FAQ– http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html
Crypto Link Farm– http://www.cs.auckland.ac.nz/~pgut001/links.html
Crypto-Gram– http://www.counterpane.com/crypto-gram.html