Ch 20 + 21 - Symmetric/Public Key Encryption & Message Confidentiality

= Basically a review of the Encryption lecture =

Intro to Encryption

• symmetric encryption is a conventional public key encryption

  • public key encryption - two keys public + private

  • shared secret key to encrypt + decrypt

• encryption ingredients

  • encryption + decryption algorithms

  • input plaintext + output cypher text

  • secret key w/ cyphertext to decrypt

• cryptography 3 classifications

  • type of operation

    • substitution - mapping; prone to brute force

    • transposition - rearranging

  • # of keys

    • symmetric - using the same key

    • asymmetric - public/private keys

  • plaintext processing

    • block cipher - one block of elements at a time

    • stream cipher - elements continuously

• secure encryption should:

  • cost of decrypting exceeds value of information

    • EG: It would take $10 to decrypt info worth $5

  • time of decrypting exceeds lifetime/topicality of information

    • EG: It would take 7 days to decrypt info relevant only for a day

• baseline estimate using brute force

• Electronic Code Book (ECB) - encode blocks w/ same key

  • Used for encrypting single values

• Cipher Block Chaining (CBC) uses XOR to encode blocks of plaintext + ciphertext

• Cipher Feedback (CFB) encodes with ciphertext then uses XOR with plaintext to produce anther ciphertext

  • Used for General Purpose/Authentication

• Output Feedback (CFB) similar to CFB but encodes with DES

  • Used for noisy channels

• Counter (CTR) encode via XOR with a counter that increments every block

  • Useful for high speed requirements

Symmetric Key Encryption

• Biggest challenge with symmetric encryption: key distribution

• Methods:

  • A directly gives key to B

  • A 3rd party gives a key to both A and B (no connection)

  • Use an old, recent key to encrypt a new key

  • A known third part C passes the keys between A and B

Hashing + Public Key Encryption

• Hash Function - mathematical function to transform data w/o a key into a hash

  • THINK: “Summary”-esque data

• If any form of data is tampered with, the hash will be very different

• Secure Hash Algorithm (SHA) - seeks to create high bit hash values

• Higher hash value → more effort to break encryption

• HMAC - Encryption algorithm key + SHA hashing

• adds authenticates

• seeks to maintain hashing while adding authentication + maintain easy keys

• security depends on (equal to) strength of underlying hash function

• RSA Foundation to public key encryption

• Subject to:

  • Brute force

  • Mathematical attack - factoring two primes

  • Timing attack - derive private key from time to decrypt

    • cipher-only attack + unexpected direction

• Timing attack countermeasures

  • Constant time operations - all operations constant but degrades runtime

  • Random delays in operation - can be countered with more analysis

  • Blinding - multiplying cyphertext before exponentiation

• Diffie-Hellman Key Exchange: first public key algorithm

• secure secret key exchange

  • subject to man-in-the-middle attack (impersonating both parties)

  • needs authentication

Summary

• Encryption

  • Anatomy

  • Secure Encryption

• Symmetric Encryption

  • Methods of Distribution

• Hashing + HMAC

  • SHA evolution

  • Timing Attack

  • Algortihms