BCA (Bachelor of Computer Application)
Recent Trends in IT
Unit 4:Network Security
INTRODUCTION
Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people with bad intention could modify or forge your data, either for amusement or for their own benefit.
STEGANOGRAPHY
A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of
cryptography render the message unintelligible to outsiders by various transformations of the text.
A simple form of steganography, but one that is time consuming to construct is one in
which an arrangement of words or letters within an apparently innocuous text spells out the
real message.
e.g., (i) the sequence of first letters of each word of the overall message spells out the real
(Hidden) message.
(ii) Subset of the words of the overall message is used to convey the hidden
message.
Various other techniques have been used historically, some of them are
Character marking – selected letters of printed or typewritten text are overwritten in pencil. The
marks are ordinarily not visible unless the paper is held to an angle to bright light.
Invisible ink – a number of substances can be used for writing but leave no visible trace until heat
or some chemical is applied to the paper.
Pin punctures – small pin punctures on selected letters are ordinarily not visible unless the
paper is held in front of the light. Typewritten correction ribbon – used between the lines typed
with a black ribbon, the results of typing with the correction tape are visible only under a strong
light.
Drawbacks of steganography
Requires a lot of overhead to hide a relatively few bits of information
Cryptography comes from the Greek words for ‘‘secret writing.’’ However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. It has a long and colorful history going back thousands of years. Network security is mostly achieved through the use of cryptography, a science based on abstract algebra.
Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people with bad intention could modify or forge your data, either for amusement or for their own benefit.
A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of
cryptography render the message unintelligible to outsiders by various transformations of the text.
A simple form of steganography, but one that is time consuming to construct is one in
which an arrangement of words or letters within an apparently innocuous text spells out the
real message.
e.g., (i) the sequence of first letters of each word of the overall message spells out the real
(Hidden) message.
(ii) Subset of the words of the overall message is used to convey the hidden
message.
Various other techniques have been used historically, some of them are
Character marking – selected letters of printed or typewritten text are overwritten in pencil. The
marks are ordinarily not visible unless the paper is held to an angle to bright light.
Invisible ink – a number of substances can be used for writing but leave no visible trace until heat
or some chemical is applied to the paper.
Pin punctures – small pin punctures on selected letters are ordinarily not visible unless the
paper is held in front of the light. Typewritten correction ribbon – used between the lines typed
with a black ribbon, the results of typing with the correction tape are visible only under a strong
light.
Drawbacks of steganography
Requires a lot of overhead to hide a relatively few bits of information
Cryptography comes from the Greek words for ‘‘secret writing.’’ However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. It has a long and colorful history going back thousands of years. Network security is mostly achieved through the use of cryptography, a science based on abstract algebra.
A) Introduction to Cryptography:
These conflicting requirements have given rise to the model of figure given below:
These conflicting requirements have given rise to the model of figure given below:
Introduction to Cryptography:
-
-
Plaintext:
The messages to be encrypted, known as the plaintext, are transformed by a function that is
parameterized by a key.
- Plaintext:
The messages to be encrypted, known as the plaintext, are transformed by a function that is
parameterized by a key.
Ciphertext:
-
The output of the encryption process, known as the ciphertext, is then transmitted, often by messenger or radio. We assume that the enemy or intruder, hears and accurately copies down the complete ciphertext. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder).
The output of the encryption process, known as the ciphertext, is then transmitted, often by messenger or radio. We assume that the enemy or intruder, hears and accurately copies down the complete ciphertext. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder).
Cryptanalysis and Cryptology:
-
The art of breaking ciphers, known as cryptanalysis and the art of devising them (cryptography) are collectively known as cryptology.
The art of breaking ciphers, known as cryptanalysis and the art of devising them (cryptography) are collectively known as cryptology.
Notations:
-
It will often be useful to have a notation for relating plaintext, ciphertext, and keys. We will use C = EK (P) to mean that the encryption of the plaintext P using key K gives the ciphertext
C. Similarly, P = DK(C) represents the decryption of C to get the plaintext again.
It will often be useful to have a notation for relating plaintext, ciphertext, and keys. We will use C = EK (P) to mean that the encryption of the plaintext P using key K gives the ciphertext
C. Similarly, P = DK(C) represents the decryption of C to get the plaintext again.
Introduction to Cryptography:
-
-
A Fundamental Rule of Cryptography:
A fundamental rule of cryptography is that one must assume that the cryptanalyst knows the methods used for encryption and decryption. In other words, the cryptanalyst knows how the encryption method, E, and decryption, D, of figure work in detail. The amount of effort necessary to invent, test, and install a new algorithm every time the old method is compromised (or thought to be compromised) has always made it impractical to keep the encryption algorithm secret. Thinking it is secret when it is not does more harm than good.
- A Fundamental Rule of Cryptography:
A fundamental rule of cryptography is that one must assume that the cryptanalyst knows the methods used for encryption and decryption. In other words, the cryptanalyst knows how the encryption method, E, and decryption, D, of figure work in detail. The amount of effort necessary to invent, test, and install a new algorithm every time the old method is compromised (or thought to be compromised) has always made it impractical to keep the encryption algorithm secret. Thinking it is secret when it is not does more harm than good.
Kerckhoff’s Principle:
-
This is where the key enters. The key consists of a (relatively) short string that selects one of many potential encryptions. In contrast to the general method, which may only be changed every few years, the key can be changed as often as required. Thus, our basic model is a stable and publicly known general method parameterized by a secret and easily changed key. The idea that the cryptanalyst knows the algorithms and that the secrecy lies exclusively in the keys is called Kerckhoff’s principle, named after the Flemish military cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883). Thus, we have Kerckhoff’s principle: All algorithms must be public; only the keys are secret.
This is where the key enters. The key consists of a (relatively) short string that selects one of many potential encryptions. In contrast to the general method, which may only be changed every few years, the key can be changed as often as required. Thus, our basic model is a stable and publicly known general method parameterized by a secret and easily changed key. The idea that the cryptanalyst knows the algorithms and that the secrecy lies exclusively in the keys is called Kerckhoff’s principle, named after the Flemish military cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883). Thus, we have Kerckhoff’s principle: All algorithms must be public; only the keys are secret.
Types / Categories of Encryption Methods:
-
Encryption methods have historically been divided into two categories: substitution ciphers and transposition ciphers. We will now deal with each of these briefly as background information for modern cryptography.
Encryption methods have historically been divided into two categories: substitution ciphers and transposition ciphers. We will now deal with each of these briefly as background information for modern cryptography.
Substitution Ciphers:
-
In a substitution cipher, each letter or group of letters is replaced by another letter or group of letters to disguise it. One of the oldest known ciphers is the Caesar cipher, attributed to Julius Caesar. With this method, a becomes D, b becomes E, c becomes F, . . . , and z becomes C.
In a substitution cipher, each letter or group of letters is replaced by another letter or group of letters to disguise it. One of the oldest known ciphers is the Caesar cipher, attributed to Julius Caesar. With this method, a becomes D, b becomes E, c becomes F, . . . , and z becomes C.
Transposition Ciphers:
-
Substitution ciphers preserve the order of the plaintext symbols but disguise them. Transposition ciphers, in contrast, reorder the letters but do not disguise them. Figure given below depicts a common transposition cipher, the columnar transposition. The cipher is keyed by a word or phrase not containing any repeated letters.
Substitution ciphers preserve the order of the plaintext symbols but disguise them. Transposition ciphers, in contrast, reorder the letters but do not disguise them. Figure given below depicts a common transposition cipher, the columnar transposition. The cipher is keyed by a word or phrase not containing any repeated letters.
One Time Pad:
-
Constructing an unbreakable cipher is actually quite easy; the technique has been known for decades. First, choose a random bit string as the key. Then convert the plaintext into a bit string, for example, by using its ASCII representation. Finally, compute the XOR (eXclusive OR) of these two strings, bit by bit. The resulting ciphertext cannot be broken because in a sufficiently large sample of ciphertext, each letter will occur equally often, as will every diagram, every trigram, and so on. This method, known as the one-time pad, is immune to all present and future attacks, no matter how much computational power the intruder has. The reason derives from information theory: there is simply no information in the message because all possible plaintexts of the given length are equally likely.
Constructing an unbreakable cipher is actually quite easy; the technique has been known for decades. First, choose a random bit string as the key. Then convert the plaintext into a bit string, for example, by using its ASCII representation. Finally, compute the XOR (eXclusive OR) of these two strings, bit by bit. The resulting ciphertext cannot be broken because in a sufficiently large sample of ciphertext, each letter will occur equally often, as will every diagram, every trigram, and so on. This method, known as the one-time pad, is immune to all present and future attacks, no matter how much computational power the intruder has. The reason derives from information theory: there is simply no information in the message because all possible plaintexts of the given length are equally likely.
Example:
Quantum Cryptography:
-
Interestingly, there may be a solution to the problem of how to transmit the one-time pad over the network, and it comes from a very unlikely source: quantum mechanics. This area is still experimental, but initial tests are promising. If it can be perfected and be made efficient, virtually all cryptography will eventually be done using one-time pads since they are provably secure.
Interestingly, there may be a solution to the problem of how to transmit the one-time pad over the network, and it comes from a very unlikely source: quantum mechanics. This area is still experimental, but initial tests are promising. If it can be perfected and be made efficient, virtually all cryptography will eventually be done using one-time pads since they are provably secure.
Example::
Fig. (a):
She might choose bases of diagonal, rectilinear, rectilinear, diagonal, rectilinear, etc. To send her one‐time pad of 1001110010100110 with these bases, she would send the photons shown in figure (a). Given the one‐time pad and the sequence of bases, the polarization to use for each bit is uniquely determined. Bits sent one photon at a time are called qubits.
Fig. (a):
She might choose bases of diagonal, rectilinear, rectilinear, diagonal, rectilinear, etc. To send her one‐time pad of 1001110010100110 with these bases, she would send the photons shown in figure (a). Given the one‐time pad and the sequence of bases, the polarization to use for each bit is uniquely determined. Bits sent one photon at a time are called qubits.
Fig. (b):
Bob does not know which bases to use, so he picks one at random for each arriving photon
and just uses it, as shown in figure (b).
Bob does not know which bases to use, so he picks one at random for each arriving photon
and just uses it, as shown in figure (b).
Fig. (c):
If he picks the correct basis, he gets the correct bit. If he picks the incorrect basis, he gets a random bit because if a photon hits a filter polarized at 45 degrees to its own polarization, it randomly jumps to the polarization of the filter or to a polarization perpendicular to the filter, with equal probability. This property of photons is fundamental to quantum mechanics. Thus, some of the bits are correct and some are random, but Bob does not know which are which. Bob’s results are depicted in figure (c).
If he picks the correct basis, he gets the correct bit. If he picks the incorrect basis, he gets a random bit because if a photon hits a filter polarized at 45 degrees to its own polarization, it randomly jumps to the polarization of the filter or to a polarization perpendicular to the filter, with equal probability. This property of photons is fundamental to quantum mechanics. Thus, some of the bits are correct and some are random, but Bob does not know which are which. Bob’s results are depicted in figure (c).
Fig. (d):
How does Bob find out which bases he got right and which he got wrong? He simply tells Alice which basis he used for each bit in plaintext and she tells him which are right and which
Example
How does Bob find out which bases he got right and which he got wrong? He simply tells Alice which basis he used for each bit in plaintext and she tells him which are right and which
Example
:
-
Fig. (e):
From above information, both of them can build a bit string from the correct guesses, as shown in figure (e). On the average, this bit string will be half the length of the original bit string, but since both parties know it, they can use it as a one-time pad.
Fig. (e):
From above information, both of them can build a bit string from the correct guesses, as shown in figure (e). On the average, this bit string will be half the length of the original bit string, but since both parties know it, they can use it as a one-time pad.
Fig. (f):
All Alice has to do is transmit a bit string slightly more than twice the desired length, and she and Bob will have a one-time pad of the desired length. Done. But wait a minute. We forgot Trudy. Suppose that she is curious about what Alice has to say and cuts the fiber, inserting her own detector and transmitter. Unfortunately for her, she does not know which basis to use for each photon either. The best she can do is pick one at random for each photon, just as Bob does.
All Alice has to do is transmit a bit string slightly more than twice the desired length, and she and Bob will have a one-time pad of the desired length. Done. But wait a minute. We forgot Trudy. Suppose that she is curious about what Alice has to say and cuts the fiber, inserting her own detector and transmitter. Unfortunately for her, she does not know which basis to use for each photon either. The best she can do is pick one at random for each photon, just as Bob does.
Fig. (g):
Trudy now knows when she got it right and when she got it wrong. In figure, she got it right for bits 0, 1, 2, 3, 4, 6, 8, 12, and 13. But she knows from Alice’s reply in figure (d) that only
bits 1, 3, 7, 8, 10, 11, 12, and 14 are part of the one-time pad. For four of these bits (1, 3, 8, and 12), she guessed right and captured the correct bit. For the other four (7, 10, 11, and 14), she guessed wrong and does not know the bit transmitted. Thus, Bob knows the one-time pad starts with 01011001, from figure (e) but all Trudy has is 01?1??0?, from figure (g).
Trudy now knows when she got it right and when she got it wrong. In figure, she got it right for bits 0, 1, 2, 3, 4, 6, 8, 12, and 13. But she knows from Alice’s reply in figure (d) that only
bits 1, 3, 7, 8, 10, 11, 12, and 14 are part of the one-time pad. For four of these bits (1, 3, 8, and 12), she guessed right and captured the correct bit. For the other four (7, 10, 11, and 14), she guessed wrong and does not know the bit transmitted. Thus, Bob knows the one-time pad starts with 01011001, from figure (e) but all Trudy has is 01?1??0?, from figure (g).
Two Fundamental Cryptographic Principles:
-
Although we will study many different cryptographic systems in the pages ahead, two principles underlying all of them are important to understand. Pay attention. You violate them at the peril.
Although we will study many different cryptographic systems in the pages ahead, two principles underlying all of them are important to understand. Pay attention. You violate them at the peril.
Redundancy:
-
The first principle is that all encrypted messages must contain some redundancy, that is, information not needed to understand the message. An example may make it clear why this is needed. Consider a mail-order company, The Couch Potato (TCP), with 60,000 products. Thinking they are being very efficient, TCP’s programmers decide that ordering messages should consist of a 16- byte customer name followed by a 3-byte data field (1 byte for the quantity and 2 bytes for the product number). The last 3 bytes are to be encrypted using a very long key known only by the customer and TCP.
The first principle is that all encrypted messages must contain some redundancy, that is, information not needed to understand the message. An example may make it clear why this is needed. Consider a mail-order company, The Couch Potato (TCP), with 60,000 products. Thinking they are being very efficient, TCP’s programmers decide that ordering messages should consist of a 16- byte customer name followed by a 3-byte data field (1 byte for the quantity and 2 bytes for the product number). The last 3 bytes are to be encrypted using a very long key known only by the customer and TCP.
Freshness:
-
The second cryptographic principle is that measures must be taken to ensure that each message received can be verified as being fresh, that is, sent very recently. This measure is needed to prevent active intruders from playing back old messages. If no such measures were taken, our ex-employee could tap TCP’s phone line and just keep repeating previously
Modern cryptography uses the same basic ideas as traditional cryptography (transposition and substitution), but its emphasis is different. Traditionally, cryptographers have used simple algorithms. Nowadays, the reverse is true: the object is to make the encryption algorithm so complex and involutes that even if the cryptanalyst acquires vast mounds of enciphered text of his own choosing, he will not be able to make any sense of it at all without the key.
The second cryptographic principle is that measures must be taken to ensure that each message received can be verified as being fresh, that is, sent very recently. This measure is needed to prevent active intruders from playing back old messages. If no such measures were taken, our ex-employee could tap TCP’s phone line and just keep repeating previously
Modern cryptography uses the same basic ideas as traditional cryptography (transposition and substitution), but its emphasis is different. Traditionally, cryptographers have used simple algorithms. Nowadays, the reverse is true: the object is to make the encryption algorithm so complex and involutes that even if the cryptanalyst acquires vast mounds of enciphered text of his own choosing, he will not be able to make any sense of it at all without the key.
DES -The Data Encryption Standard:
-
In January 1977, the U.S. Government adopted a product cipher developed by IBM as its official standard for unclassified information. This cipher, DES (Data Encryption Standard), was widely adopted by the industry for use in security products. It is no longer secure in its original form, but in a modified form it is still useful. We will now explain how DES works.
In January 1977, the U.S. Government adopted a product cipher developed by IBM as its official standard for unclassified information. This cipher, DES (Data Encryption Standard), was widely adopted by the industry for use in security products. It is no longer secure in its original form, but in a modified form it is still useful. We will now explain how DES works.
AES -The Advanced Encryption Standard:
-
As DES began approaching the end of its useful life, even with triple DES, NIST (National Institute of Standards and Technology), the agency of the U.S. Dept. of Commerce charged with approving standards for the U.S. Federal Government, decided that the government needed a new cryptographic standard for unclassified use. NIST was keenly aware of all the controversy surrounding DES and well knew that if it just announced a new standard, everyone knowing anything about cryptography would automatically assume that NSA had built a back door into it so NSA could read everything encrypted with it. Under these conditions, probably no one would use the standard and it would have died quietly. So, NIST took a surprisingly different approach for a government bureaucracy: it sponsored a cryptographic bake‐off (contest). In January 1997, researchers from all over the world were invited to submit proposals for a new standard, to be called AES (Advanced Encryption Standard). The bake‐off rules were:
-
The algorithm must be a symmetric block cipher.
-
The full design must be public.
-
Key lengths of 128, 192, and 256 bits must be supported.
-
Both software and hardware implementations must be possible.
-
The algorithm must be public or licensed on nondiscriminatory terms.
B) AES -The Avanced Encryption Standard:
As DES began approaching the end of its useful life, even with triple DES, NIST (National Institute of Standards and Technology), the agency of the U.S. Dept. of Commerce charged with approving standards for the U.S. Federal Government, decided that the government needed a new cryptographic standard for unclassified use. NIST was keenly aware of all the controversy surrounding DES and well knew that if it just announced a new standard, everyone knowing anything about cryptography would automatically assume that NSA had built a back door into it so NSA could read everything encrypted with it. Under these conditions, probably no one would use the standard and it would have died quietly. So, NIST took a surprisingly different approach for a government bureaucracy: it sponsored a cryptographic bake‐off (contest). In January 1997, researchers from all over the world were invited to submit proposals for a new standard, to be called AES (Advanced Encryption Standard). The bake‐off rules were:
- The algorithm must be a symmetric block cipher.
- The full design must be public.
- Key lengths of 128, 192, and 256 bits must be supported.
- Both software and hardware implementations must be possible.
- The algorithm must be public or licensed on nondiscriminatory terms.
B) AES -The Avanced Encryption Standard:
Rijndael:
From a mathematical perspective, Rijndael is based on Galois field theory, which gives it some provable security properties. However, it can also be viewed as C code, without getting into the mathematics.
Historically, distributing the keys has always been the weakest link in most cryptosystems. No matter how strong a cryptosystem was, if an intruder could steal the key, the system was worthless. Cryptologists always took for granted that the encryption key and decryption key were the same (or easily derived from one another). But the key had to be distributed to all users of the system. Thus, it seemed as if there was an inherent problem. Keys had to be protected from theft, but they also had to be distributed, so they could not be locked in a bank vault.
There are a radically new kind of cryptosystem, one in which the encryption and
decryption keys were so different that the decryption key could not feasibly be derived from the encryption key. In their proposal, the (keyed) encryption algorithm, E, and the (keyed) decryption algorithm, D, had to meet three requirements. These requirements can be stated simply as follows:
-
D (E (P)) = P.
-
It is exceedingly difficult to deduce D from E.
-
E cannot be broken by a chosen plaintext attack.
From a mathematical perspective, Rijndael is based on Galois field theory, which gives it some provable security properties. However, it can also be viewed as C code, without getting into the mathematics.
Historically, distributing the keys has always been the weakest link in most cryptosystems. No matter how strong a cryptosystem was, if an intruder could steal the key, the system was worthless. Cryptologists always took for granted that the encryption key and decryption key were the same (or easily derived from one another). But the key had to be distributed to all users of the system. Thus, it seemed as if there was an inherent problem. Keys had to be protected from theft, but they also had to be distributed, so they could not be locked in a bank vault.
There are a radically new kind of cryptosystem, one in which the encryption and
decryption keys were so different that the decryption key could not feasibly be derived from the encryption key. In their proposal, the (keyed) encryption algorithm, E, and the (keyed) decryption algorithm, D, had to meet three requirements. These requirements can be stated simply as follows:
- D (E (P)) = P.
- It is exceedingly difficult to deduce D from E.
- E cannot be broken by a chosen plaintext attack.
RSA:
-
The only catch is that we need to find algorithms that indeed satisfy all three requirements. Due to the potential advantages of public-key cryptography, many researchers are hard at work, and some algorithms have already been published.
The only catch is that we need to find algorithms that indeed satisfy all three requirements. Due to the potential advantages of public-key cryptography, many researchers are hard at work, and some algorithms have already been published.
Example:
The figure shows the encryption of the plaintext ‘‘SUZANNE’’ as an example.
The figure shows the encryption of the plaintext ‘‘SUZANNE’’ as an example.
Other Public-Key Algorithms:
-
Although RSA is widely used, it is by no means the only public-key algorithm known. The first public-key algorithm was the knapsack algorithm. The idea here is that someone owns a large number of objects, each with a different weight. The owner encodes the message by secretly selecting a subset of the objects and placing them in the knapsack. The total weight of the objects in the knapsack is made public, as is the list of all possible objects and their corresponding weights. The list of objects in the knapsack is kept secret. With certain additional restrictions, the problem of figuring out a possible list of objects with the given weight was thought to be computationally infeasible and formed the basis of the public-key algorithm.
The algorithm’s inventor, Ralph Merkle, was quite sure that this algorithm could not be broken, so he offered a $100 reward to anyone who could break it. Adi Shamir (the ‘‘S’’ in RSA) promptly broke it and collected the reward. Undeterred, Merkle strengthened the algorithm and offered a $1000 reward to anyone who could break the new one. Ronald Rivest (the ‘‘R’’ in RSA) promptly broke the new one and collected the reward. Merkle did not dare offer $10,000 for the next version, so ‘‘A’’ (Leonard Adleman) was out of luck. Nevertheless, the knapsack algorithm is not considered secure and is not used in practice any more.
The authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature. And photocopies do not count. For computerized message systems to replace the physical transport of paper‐and‐ink documents, a method must be found to allow documents to be signed in an unforgeable way. The problem of devising a replacement for handwritten signatures is a difficult one.
Basically, what is needed is a system by which one party can send a signed message to another party in such a way that the following conditions hold:
-
The receiver can verify the claimed identity of the sender.
-
The sender cannot later repudiate the contents of the message.
-
The receiver cannot possibly have concocted the message himself.
The first requirement is needed, for example, in financial systems. When a customer’s computer orders a bank’s computer to buy a ton of gold, the bank’s computer needs to be able to make sure that the computer giving the order really belongs to the customer whose account is to be debited. In other words, the bank has to authenticate the customer (and the customer has to authenticate the bank).
Although RSA is widely used, it is by no means the only public-key algorithm known. The first public-key algorithm was the knapsack algorithm. The idea here is that someone owns a large number of objects, each with a different weight. The owner encodes the message by secretly selecting a subset of the objects and placing them in the knapsack. The total weight of the objects in the knapsack is made public, as is the list of all possible objects and their corresponding weights. The list of objects in the knapsack is kept secret. With certain additional restrictions, the problem of figuring out a possible list of objects with the given weight was thought to be computationally infeasible and formed the basis of the public-key algorithm.
The algorithm’s inventor, Ralph Merkle, was quite sure that this algorithm could not be broken, so he offered a $100 reward to anyone who could break it. Adi Shamir (the ‘‘S’’ in RSA) promptly broke it and collected the reward. Undeterred, Merkle strengthened the algorithm and offered a $1000 reward to anyone who could break the new one. Ronald Rivest (the ‘‘R’’ in RSA) promptly broke the new one and collected the reward. Merkle did not dare offer $10,000 for the next version, so ‘‘A’’ (Leonard Adleman) was out of luck. Nevertheless, the knapsack algorithm is not considered secure and is not used in practice any more.
The authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature. And photocopies do not count. For computerized message systems to replace the physical transport of paper‐and‐ink documents, a method must be found to allow documents to be signed in an unforgeable way. The problem of devising a replacement for handwritten signatures is a difficult one.
Basically, what is needed is a system by which one party can send a signed message to another party in such a way that the following conditions hold:
- The receiver can verify the claimed identity of the sender.
- The sender cannot later repudiate the contents of the message.
- The receiver cannot possibly have concocted the message himself.
The first requirement is needed, for example, in financial systems. When a customer’s computer orders a bank’s computer to buy a ton of gold, the bank’s computer needs to be able to make sure that the computer giving the order really belongs to the customer whose account is to be debited. In other words, the bank has to authenticate the customer (and the customer has to authenticate the bank).
Symmetric-Key Signatures:
-
One approach to digital signatures is to have a central authority that knows everything and whom everyone trusts, say, Big Brother (BB). Each user then chooses a secret key and carries it by hand to BB’s office. Thus, only Alice and BB know Alice’s secret key, KA, and so on.
When Alice wants to send a signed plaintext message, P, to her banker, Bob, she
generates KA(B, RA, t, P), where B is Bob’s identity, RA is a random number chosen by Alice, t is a timestamp to ensure freshness, and KA(B, RA, t, P) is the message encrypted with her key, KA. Then she sends it as depicted in figure given below.
BB sees that the message is from Alice, decrypts it, and sends a message to Bob as shown. The message to Bob contains the plaintext of Alice’s message and also the signed message KBB (A, t, P). Bob now carries out Alice’s request.
One approach to digital signatures is to have a central authority that knows everything and whom everyone trusts, say, Big Brother (BB). Each user then chooses a secret key and carries it by hand to BB’s office. Thus, only Alice and BB know Alice’s secret key, KA, and so on.
When Alice wants to send a signed plaintext message, P, to her banker, Bob, she
generates KA(B, RA, t, P), where B is Bob’s identity, RA is a random number chosen by Alice, t is a timestamp to ensure freshness, and KA(B, RA, t, P) is the message encrypted with her key, KA. Then she sends it as depicted in figure given below.
BB sees that the message is from Alice, decrypts it, and sends a message to Bob as shown. The message to Bob contains the plaintext of Alice’s message and also the signed message KBB (A, t, P). Bob now carries out Alice’s request.
Public-Key Signatures:
-
A structural problem with using symmetric-key cryptography for digital signatures is that everyone has to agree to trust Big Brother. Furthermore, Big Brother gets to read all signed messages. The most logical candidates for running the Big Brother server are the government, the banks, the accountants, and the lawyers. Unfortunately, none of these inspire total confidence in all citizens. Hence, it would be nice if signing documents did not require a trusted authority.
When Bob receives the message, he transforms it using his private key, as usual, yielding DA(P), as shown in figure given below. He stores this text in a safe place and then applies EA to get the original plaintext.
A structural problem with using symmetric-key cryptography for digital signatures is that everyone has to agree to trust Big Brother. Furthermore, Big Brother gets to read all signed messages. The most logical candidates for running the Big Brother server are the government, the banks, the accountants, and the lawyers. Unfortunately, none of these inspire total confidence in all citizens. Hence, it would be nice if signing documents did not require a trusted authority.
When Bob receives the message, he transforms it using his private key, as usual, yielding DA(P), as shown in figure given below. He stores this text in a safe place and then applies EA to get the original plaintext.
Message Digests:
-
One criticism of signature methods is that they often couple two distinct functions: authentication and secrecy. Often, authentication is needed but secrecy is not always needed. Also, getting an export license is often easier if the system in question provides only authentication but not secrecy. Below we will describe an authentication scheme that does not require encrypting the entire message.
Message digests work in public‐key cryptosystems, too, as shown in figure given below. Here, Alice first computes the message digest of her plaintext. She then signs the message digest and sends both the signed digest and the plaintext to Bob. If Trudy replaces P along the way, Bob will see this when he computes MD (P).
One criticism of signature methods is that they often couple two distinct functions: authentication and secrecy. Often, authentication is needed but secrecy is not always needed. Also, getting an export license is often easier if the system in question provides only authentication but not secrecy. Below we will describe an authentication scheme that does not require encrypting the entire message.
Message digests work in public‐key cryptosystems, too, as shown in figure given below. Here, Alice first computes the message digest of her plaintext. She then signs the message digest and sends both the signed digest and the plaintext to Bob. If Trudy replaces P along the way, Bob will see this when he computes MD (P).
Message Digests:
-
-
SHA-1 and SHA-2:
A variety of message digest functions have been proposed. One of the most widely used functions is SHA‐1 (Secure Hash Algorithm 1) (NIST, 1993). Like all message digests, it operates by mangling bits in a sufficiently complicated way that every output bit is affected by every input bit. SHA‐1 was developed by NSA and blessed by NIST in FIPS 180‐1. It processes input data in 512‐bit blocks, and it generates a 160‐bit message digest. A typical way for Alice to send a nonsecret but signed message to Bob is illustrated in figure given below. Here, her plaintext message is fed into the SHA‐1 algorithm to get a 160‐bit SHA‐1 hash. Alice then signs the hash with her RSA private key and sends both the plaintext message and the signed hash to Bob.
- SHA-1 and SHA-2:
A variety of message digest functions have been proposed. One of the most widely used functions is SHA‐1 (Secure Hash Algorithm 1) (NIST, 1993). Like all message digests, it operates by mangling bits in a sufficiently complicated way that every output bit is affected by every input bit. SHA‐1 was developed by NSA and blessed by NIST in FIPS 180‐1. It processes input data in 512‐bit blocks, and it generates a 160‐bit message digest. A typical way for Alice to send a nonsecret but signed message to Bob is illustrated in figure given below. Here, her plaintext message is fed into the SHA‐1 algorithm to get a 160‐bit SHA‐1 hash. Alice then signs the hash with her RSA private key and sends both the plaintext message and the signed hash to Bob.
C) Message Digests:
-
MD5:
For completeness, we will mention another digest that is popular. MD5 (Rivest, 1992) is the fifth in a series of message digests designed by Ronald Rivest. Very briefly, the message is padded to a length of 448 bits (modulo 512). Then the original length of the message is appended as a 64‐bit integer to give a total input whose length is a multiple of 512 bits. Each round of the computation takes a 512‐bit block of input and mixes it thoroughly with a running 128‐bit buffer. For good measure, the mixing uses a table constructed from the sine function.
The point of using a known function is to avoid any suspicion that the designer built in a clever back door through which only he can enter. This process continues until all the input blocks have been consumed. The contents of the 128‐bit buffer form the message digest.
After more than a decade of solid use and study, weaknesses in MD5 have led to the ability to find collisions, or different messages with the same hash. This is the death knell for a digest function because it means that the digest cannot safely be used to represent a message. Thus, the security community considers MD5 to be broken; it should be replaced where possible and no new systems should use it as part of their design. Nevertheless, you may still see MD5 used in existing systems.
- MD5:
For completeness, we will mention another digest that is popular. MD5 (Rivest, 1992) is the fifth in a series of message digests designed by Ronald Rivest. Very briefly, the message is padded to a length of 448 bits (modulo 512). Then the original length of the message is appended as a 64‐bit integer to give a total input whose length is a multiple of 512 bits. Each round of the computation takes a 512‐bit block of input and mixes it thoroughly with a running 128‐bit buffer. For good measure, the mixing uses a table constructed from the sine function.
The point of using a known function is to avoid any suspicion that the designer built in a clever back door through which only he can enter. This process continues until all the input blocks have been consumed. The contents of the 128‐bit buffer form the message digest.
After more than a decade of solid use and study, weaknesses in MD5 have led to the ability to find collisions, or different messages with the same hash. This is the death knell for a digest function because it means that the digest cannot safely be used to represent a message. Thus, the security community considers MD5 to be broken; it should be replaced where possible and no new systems should use it as part of their design. Nevertheless, you may still see MD5 used in existing systems.
No comments:
Post a Comment