GS: Chapter 3 Encryption, Authentication and Java CryptographyCryptography & JavaEncryptionSlide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Alternative Data-hiding MethodsAuthenticationAuthentication MethodsSlide 16Slide 17Slide 18CryptanalysisKey Management (storage)Cryptographical ProtocolsJCA/JCESlide 23JCAJCESlide 26Nextcsci5931 Web Security 1GS: Chapter 3Encryption, Authentication and Java Cryptographycsci5931 Web Security 2Cryptography & JavaA. EncryptionB. AuthenticationC. Java Cryptographycsci5931 Web Security 3EncryptionEncryption Basics:An algorithm (or cipher) and a key are required in order to encrypt or decrypt messages.Example: the Caesar cipher (p.34)oA symmetric, stream cipheroExercise: Encrypt “DDAY” using Caesar cipher (5).oAnswer: “IIFD”.oQ: What is the algorithm?oQ: What is the key?oQ: How would the cipher be decrypted?csci5931 Web Security 4EncryptionSymmetric Encryptions:Both the encrypter and the decrypter share the same key.Key space: The set of possible keys that work with a cipher; determined by the number of bits used in the cipher.The larger the key space is, the more secure the encryption will be.Each additional bit added to the key length doubles its security.csci5931 Web Security 5EncryptionSymmetric Encryptions:Two types of symmetric ciphers: block ciphers and stream ciphers.Examples of symmetric encryptions:oDES (Data Encryption Standard) & TripleDES: block ciphersoBlowfish: a faster and more secure replacement of DESoRC4 (Rivest’s Code 4): a stream cipheroAES (Advanced Encryption Standard): a block ciphercsci5931 Web Security 6EncryptionLimitations of Symmetric Encryptions:Key distribution can be a vulnerability.If the key is exposed, the encrypted message and all future communication using the same key will suffer the eavesdropping attack.Key management problems: distribution, update, revokingcsci5931 Web Security 7EncryptionAsymmetric Encryptions:Also known as ‘public key encryption’Messages encrypted with the public key can only be decrypted by the corresponding private key.The public key can be made known to the public, but the private key is kept as secret and only known to the owner of the key.Examples of asymmetric encryption algorithms:oMerkel Hellman KnapsacksoRSA: Rivest, Shamir, AdlemanoEl Gamalcsci5931 Web Security 8EncryptionLimitations of asymmetric Encryptions:Asymmetric encryption requires much larger keys than symmetric encryption.oA 1024-bit asymmetric key ~= a 128-bit symmetric keyoWhy?Asymmetric encryption is much slower (~ 1000 times slower) than symmetric encryption.It is subject to man-in-the-middle attack. Solution? Digital certificates (Ch. 6)csci5931 Web Security 9EncryptionSession-key EncryptionA session-key is a symmetric key that is used to encrypt the plaintext message. The session key itself is encrypted using a public key.Sender: C = Spub ( S ) + Sencrypt (message)  RecipientRecipient: Spriv ( Spub (S) ) SSdecrypt (Sencrypt (message))  messageAlternatively, the session key may be assigned an expiration time and be used over several sessions.csci5931 Web Security 10EncryptionExamples of Session-key EncryptionPGP (Pretty Good Privacy): Originally (1991) used to encrypt e-mail using session-key encryptionSupports RSA, TripleDES, etc.http://www.pgp.com/S/MIME (Secure/MIME):Invented by RSA to secure e-mailBacked by Microsoft, RSA, and AOLSSL/TLS (Secure Socket Layer/Transport Layer Security): Ch. 9Originally an attempt to secure TCP/IP traffic using encryptionscsci5931 Web Security 11EncryptionKey Agreement AlgorithmA key agreement algorithm takes the private and the public keys of two distinct parties (Apriv + Bpub or Apub + Bpriv) and generates a common shared secret key, which is then used to generate a session key. See the diagram on p.41.Diffie-Hellman Key Agreement Algorithm: The first ever public key encryptionAllows two parties to independently generate the shared key; The session key is never transmitted.References: See http://www.apocalypse.org/pub/u/seven/diffie.html IETF RFC2631: http://www.ietf.org/rfc/rfc2631.txtcsci5931 Web Security 12EncryptionStrength of Encryption AlgorithmsTwo factors:The algorithm used + The size of the key spaceSee the tables comparing symmetric ciphers (p.42) and asymmetric ciphers (p.43)csci5931 Web Security 13Alternative Data-hiding MethodsSteganography: hiding messages inside another message or in a picture. See “Steganography: Hidden Data”. By Deborah Radcliff. ComputerWorld. June 10, 2002.Elliptic Curve Cryptography (ECC): based on the elliptic curve logarithm problem; a more efficient public key encryption (faster, smaller key size)An intro: http://world.std.com/~dpj/elliptic.html Codes, one-time pads, etc.csci5931 Web Security 14AuthenticationThe process of determining the authenticity of a message or user.Methods:A. Message Digesta check value generated from a document, usually generated by a hash functionto prove that the data in the document has not been tampered with.Commonly used for password authentication (i.e., one-way authentication)Examples: MD4, MD5, SHA (secure hash algorithm)Any problem? Man-in-the-middle attack Why?csci5931 Web Security 15Authentication MethodsB. MAC (Message Authentication Codes)A message digest created with a keyTypically used for data verification in a context where a secure connection is already available.Example: SSL uses MACs to verify the data received, using a secret key that is exchanged at the beginning of the session.Example MACs:oHmacMD5 (Hashing MAC using MD5)oHmacSHA1 (Hashing MAC using SHA-1)csci5931 Web Security 16Authentication MethodsC. Digital SignaturesBased on public key encryptionComputed with a person’s private key and verified with the person’s public keyAn example of creating a digital signature: p.481. The sender applies a message digest algorithm to get a message digest (md) out of the message to be sent.2. The message digest is then encrypted by the person’s private key. The ciphertext is the digital signature (ds).To check the digital signature:1. The recipient applies the digest algorithm to get a message digest (md-2).2. The recipient decrypts the ds using the sender’s public key. 3. The output from step 2 is verified against md-2.csci5931 Web Security 17Authentication