CPS221 Lecture: Encryption last revised 6/28/11 Objectives1.To introduce secret key, public key, and non reversible encryption2.To introduce authentication based on certificates Materials: 1.Projectable of binary code for “This is a test”2.PublicKeyPrivateKeyDemo program3.Projectable of Figure 2.3 from Stallings4.Projectable of Figure 29.3 from Forouzan5.Projectable of Figure 2.2 from Stallings6.Encryption methods demo program7.Projectable of Figure 29.12 from Forouzan8.Projectable of Figure 29.9 from Forouzan9.Projectable of Figure 29.14 from Forouzan10.Projectable of Figure 29.16 from Forouzan11.Projectable of Figure 29.19 from ForouzanI.IntroductionA.Encryption is concerned with replacing information (called plaintext) with an encrypted form (called ciphertext)1.Examples of encryption strategies often use text as an example, so that what is being encrypted is a sequence of characters.In practice, though, most encryption strategies are designed to work with binary data, and so can handle any type of information.2.Of course, textual information can be represented as a sequence of numeric codes for individual characters; and each of these codes can be represented as a sequence of bits. The binary representation of a text is then the result of concatenating the codes for each individual character.1a)The examples in the Forouzan book represent characters by numbers in the range 0 .. 25 (plus space = 26)b)More commonly, characters are represented using an encoding scheme such as ASCII or Unicode.Example: The message “This is a test” could be represented by the sequence of (binary) ASCII codesPROJECT01010100 01101000 01101001 01110011 00100000 01101001 01110011 00100000 01100001 00100000 01110100 01100101 01110011 011101003.However, for the sake of clarity, some of our examples will involve encryption of individual characters (or their numeric codes)B.Most types of encryption are reversible - there is an inverse operation that (decryption) converts ciphertext back into plaintext. 1.A very, very simple example: replace each letter with its alphabetic successor (Z with A). So “MEET ME AT NOON” encrypts to “NFFU NF BU OPPO”This can be reversed by replacing each encrypted letter with its alphabetic predecessor (A with Z)2.Reversible encryption (using a much stronger strategy, of course) is often used to protect information confidentiality.a)Sensitive information can be stored in encrypted form. This is a defense against snooping (unless the snooper can obtain access to the plaintext form of the information before it is encrypted or after it is decrypted by a legitimate user, or can somehow discover the key)2b)An attacker who masquerades as someone having legitimate access to information cannot learn anything from it without also knowing how to decrypt itc)Sensitive information can be transmitted in encrypted form. This is a defense against interception.3.Reversible encryption can also be used to protect information integrity, since generally one cannot meaningfully modify information one cannot read.a)This can be used to protect against unauthorized modification or masquerading.b)It is, however, not necessarily a defense against replaying - since an attacker can replay an encrypted message even if he cannot understand it!c)We will see that reversible encryption can also be used in strategies used for authentication and to protect against repudiation.C.Irreversible encryption is a process that does not have an inverse.1.A very, very simple example: form the sum of the ASCII codes of all the letters in a message (ignore spaces and punctuation)So “MEET ME AT NOON” encrypts to 77 + 69 + 69 + 84 + 77 + 69 + 65 + 84 + 78 + 79 + 79 + 78 = 9082.Irreversible encryption (using a much stronger strategy, of course) can be used to ensure that the contents of a message have not been altered in transit, by separately transmitting both the message and the result of encrypting it. If encrypting the message as received in the same way produces the same result as the encrypted version, then it is less likely that the message has been altered in transit.(This is what the MD5 checksum you used in lab earlier in the course was for)3II.Reversible EncryptionA.Reversible encryption strategies have two components - an algorithm, and a key.1.The encryption algorithm is generally not regarded as a secret. Indeed, efforts to protect information by hiding the method used to protect it (security by obscurity) are generally not strong.2.Instead, encryption depends upon a key - whose exact form depends on the algorithm being used.B.Reversible encryption algorithms fall into two broad categories.1.Symmetric key strategies, in which the same key that is used to encrypt a message is also used to decrypt ita)In this case, if encryption is used for a message, then both the sender of the message and the receiver must know the key - it is a “shared secret”. For this reason, strategies like this are sometimes called “shared key” or “secret key” strategiesb)Of course, if encryption is used to protect stored information, only the owner of the information may need to know the key.2.Asymmetric key strategies, in which different (but related) keys are used for encryption and decryption.a)In particular, if a messages is encrypted with one key, it can only be decrypted using the other key. (The key used to encrypt is of no use for decrypting.)b)Such strategies are sometimes called “public key” strategies because one of the keys (the one used for encryption) can be made totally public, while the other (known as the private key) is known only to one individual.c)To send a message using such a strategy, the sender can encrypt it using the recipient’s public key. But only the recipient can decrypt it, using the private key.4DEMO: PublicKeyPrivateKeyDemo program (use 11 as the public key and 59 as the private key)NOTE: This example is meant simply to illustrate the idea - it is far from secure!3.Some comparisons of the two approaches:a)Shared key strategies suffer from several problems:(1)If it is desired to minimize the number of people knowing a given key, then it becomes necessary for each pair of users to share a unique key. For example, in a group of 10 people:(a)There are 45 different pairs. (Order doesn’t matter). Hence, 45 secret keys are needed.(b)Each person needs to know 9 secret keys - one for each person being communicated with.(2)Such strategies also suffer from what is