Untitled

Selecting IDPS products that best fit an organization’s needs is a challenging and com-
plex process. A wide array of products and vendors are available, each with its own
approach and capabilities.
■ Deploying and implementing IDPS technology is a complex undertaking that
requires knowledge and experience. After deployment, each organization should
measure the effectiveness of its IDPS and then continue with periodic assessments
over time.
■ Honeypots are decoy systems designed to lure potential attackers away from critical
systems. In the security industry, these systems are also known as decoys, lures, or fly-
traps. Two variations on this technology are known as honeynets and padded cell
systems.
■ Trap-and-trace applications are designed to react to an intrusion event by tracing it
back to its source. This process is fraught with professional and ethical issues—some
people in the security field believe that the back hack in the trace process is as signifi-
cant a violation as the initial attack.
410 Chapter 7
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
7
■ Active intrusion prevention seeks to limit the damage that attackers can perpetrate by
making the local network resistant to inappropriate use.
■ Scanning and analysis tools are used to pinpoint vulnerabilities in systems, holes in
security components, and unsecured aspects of the network. Although these tools
are used by attackers, they can also be used by administrators to learn more about
their own systems and to identify and repair system weaknesses before they result
in losses.
Review Questions
1. What common security system is an IDPS most like? In what ways are these systems
similar?
2. How does a false positive alarm differ from a false negative alarm? From a security
perspective, which is less desirable?
3. How does a network-based IDPS differ from a host-based IDPS?
4. How does a signature-based IDPS differ from a behavior-based IDPS?
5. What is a monitoring (or SPAN) port? What is it used for?
6. List and describe the three control strategies proposed for IDPSs.
7. What is a honeypot? How is it different from a honeynet?
8. How does a padded cell system differ from a honeypot?
9. What is network footprinting?
10. What is network fingerprinting?
11. How are network footprinting and network fingerprinting related?
12. Why do many organizations ban port scanning activities on their internal networks?
13. Why would ISPs ban outbound port scanning by their customers?
14. What is an open port? Why is it important to limit the number of open ports to those
that are absolutely essential?
15. What is a system’s attack surface? Why should it be minimized when possible?
16. What is a vulnerability scanner? How is it used to improve security?
17. What is the difference between active and passive vulnerability scanners?
18. What is Metasploit Framework? Why is it considered riskier to use than other vulner-
ability scanning tools?
Review Questions 411
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
19. What kind of data and information can be found using a packet sniffer?
20. What capabilities should a wireless security toolkit include?
Exercises
1. A key feature of hybrid IDPS systems is event correlation. After researching event cor-
relation online, define the following terms as they are used in this process: compres-
sion, suppression, and generalization.
2. ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at
www.zonelabs.com and find the product specification for the IDPS features of ZoneA-
larm. Which ZoneAlarm products offer these features?
3. Using the Internet, search for commercial IDPS systems. What classification systems
and descriptions are used, and how can they be used to compare the features and com-
ponents of each IDPS? Create a comparison spreadsheet to identify the classification
systems you find.
4. Use the Internet to search for “live DVD security toolkit.” Read a few Web sites to
learn about this class of tools and their capabilities. Write a brief description of a live
DVD security toolkit.
5. Several online passphrase generators are available. Locate at least two on the Internet
and try them. What did you observe?
Case Exercises
Miller Harrison was still working his way through his attack protocol.
Nmap started out as it usually did, by giving the program identification and version num-
ber. Then it started reporting back on the first host in the SLS network. It reported all of
the open ports on this server. The program moved on to a second host and began report-
ing back the open ports on that system, too. Once it reached the third host, however, it
suddenly stopped.
Miller restarted Nmap, using the last host IP as the starting point for the next scan. No
response. He opened another command window and tried to ping the first host he had just
port-scanned. No luck. He tried to ping the SLS firewall. Nothing. He happened to know the
IP address for the SLS edge router. He pinged that and got the same result. He had been
blackholed, meaning his IP address had been put on a list of addresses from which the SLS
edge router would no longer accept packets. Ironically, the list was his own doing. The IDPS
he had been helping SLS configure seemed to be working just fine at the moment. His attempt
to hack the SLS network was shut down cold.
412 Chapter 7
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
7
Discussion Questions
1. Do you think Miller is out of options as he pursues his vendetta? If you think he could
take additional actions in his effort to damage the SLS network, what are they?
2. Suppose a system administrator at SLS read the details of this case. What steps should
he or she take to improve the company’s information security program?
Ethical Decision Making
It seems obvious that Miller is breaking at least a few laws in his attempt at revenge.
Suppose that when his scanning efforts had been detected, SLS not only added his IP
address to the list of sites banned from connecting to the SLS network, the system also
triggered a response to seek out his computer and delete key files on it to disable his
operating system.
Would such an action by SLS be ethical? Do you think that action would be legal?
Suppose instead that Miller had written a routine to constantly change his assigned IP
address to other addresses used by his ISP. If the SLS intrusion system determined what
Miller was doing and then added the entire range of ISP addresses to the banned list, thus
stopping any user of the ISP from connecting to the SLS network, would SLS’s action be
ethical?
What if SLS were part of an industry consortium that shared IP addresses flagged by its
IDPS, and all companies in the group blocked all of the ISP’s users for 10 minutes? These
users would be blocked from accessing perhaps hundreds of company networks. Would that
be an ethical response by members of the consortium? What if these users were blocked for
24 hours?
Endnotes
1. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1. (DRAFT)
2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications /PubsSPs.
html.
2. Ibid.
3. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
4. Ibid.
5. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
(DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
/PubsSPs.html.
6. Ibid.
Endnotes 413
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
7. Ibid.
8. Ibid.
9. Ibid.
10. Ibid.
11. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
12. Ibid.
13. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
(DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
/PubsSPs.html.
14. Ibid.
15. Ibid.
16. Ibid.
17. Ibid.
18. Ranum, Marcus J. “False Positives: A User’s Guide to Making Sense of IDS Alarms.”
ICSA Labs IDSC. February 2003. Accessed 15 February 2014 from www.
bandwidthco.com/whitepapers/compforensics/ids/False%20Positives%20A%20Users%
20Guide%20To%20IDS%20Alarms.pdf.
19. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
(DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
/PubsSPs.html.
20. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
21. Ibid.
22. Ibid.
23. Ibid.
24. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
(DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
/PubsSPs.html.
25. Ibid.
26. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
27. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
(DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
/PubsSPs.html.
414 Chapter 7
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
7
28. “Acquiring and Deploying Intrusion Detection Systems.” National Institute of Stan-
dards and Technology. Accessed 16 February 2014 from http://csrc.nist.gov/publica-
tions/nistbul/11-99.pdf.
29. “Pen Registers” and “Trap-and-Trace Devices.” Accessed 15 February 2014 from
https://ssd.eff.org/wire/govt/pen-registers.
30. 18 U.S. Code Chapter 206. “Pen Registers and Trap-and-Trace Devices.” Accessed 15
February 2014 from http://uscode.house.gov/view.xhtml?req=(title:18%20chapter:206%
20edition:prelim.
31. SecTools.Org: Top 125 Network Security Tools. Accessed 15 February 2014 from
http://sectools.org/tag/vuln-scanners/.
Endnotes 415
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
chapter 8
Cryptography
Yet it may roundly be asserted that human ingenuity cannot concoct a
cipher which human ingenuity cannot resolve.
EDGAR ALLAN POE, THE GOLD BUG
Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an
e-mail from the manager of the accounting department. The e-mail had an attachment—
probably a spreadsheet or a report of some kind—and from the file icon he could tell it
was encrypted. He saved the file to his computer’s hard drive and then double-clicked the
icon to open it.
His computer operating system recognized that the file was encrypted and started the
decryption program, which prompted Peter for his passphrase. Peter’s mind went blank. He
couldn’t remember the passphrase. “Oh, good grief!” he said to himself, reaching for his
phone.
“Charlie, good, you’re still here. I’m having trouble with a file in my e-mail program. My
computer is prompting me for my passphrase, and I think I forgot it.”
“Uh-oh,” said Charlie.
“What do you mean ‘Uh-oh’?”
“I mean you’re S.O.L.” Charlie replied. “Simply outta luck.”
“Out of luck?” said Peter. “Why? Can’t you do something? I have quite a few files that are
encrypted with this PGP program. I need my files.”
417
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Charlie let him finish, then said, “Peter, remember how I told you it was important to remem-
ber your passphrase?” Charlie heard a sigh on the other end of the line, but decided to ignore
it. “And do you remember I said that PGP is only free for individuals and that you weren’t to
use it for company files since we didn’t buy a license for the company? I only set that program
up on your personal laptop for your home e-mail—for when your sister wanted to send you
some financial records. When did you start using it on SLS systems for company business?”
“Well,” Peter answered, “one of my staff had some financials that were going to be ready a few
weeks ago while I was traveling. I swapped public keys with him before I left, and then he sent
the files to me securely by e-mail while I was in Dubai. It worked out great. So the next week I
encrypted quite a few files. Now I can’t get to any of them because I can’t seem to remember
my passphrase.” There was a long pause, and then he asked, “Can you hack it for me?”
Charlie chuckled and then said, “Sure, Peter, no problem. Send me the files and I’ll put the
biggest server we have to work on it. Since we set you up in PGP with 256-bit AES, I should
be able to apply a little brute force and crack the key to get the plaintext in a hundred tril-
lion years or so.”
LEARNING OBJECTIVES:
Upon completion of this material, you should be able to:
• Chronicle the most significant events and discoveries in the history of cryptology
• Explain the basic principles of cryptography
• Describe the operating principles of the most popular cryptographic tools
• List and explain the major protocols used for secure communications
Introduction
Key Terms
cryptanalysis The process of obtaining the plaintext message from a ciphertext message
without knowing the keys used to perform the encryption.
cryptography The process of making and using codes to secure the transmission of information.
cryptology The science of encryption, which encompasses cryptography and cryptanalysis.
The science of cryptography is not as enigmatic as you might think. A variety of crypto-
graphic techniques are used regularly in everyday life. For example, open your newspaper to
the entertainment section and you’ll find the daily cryptogram, a word puzzle that involves
unscrambling letters to find a hidden message. Also, although it is a dying art, many secretar-
ies still use shorthand, or stenography, an abbreviated, symbolic writing method, to take rapid
dictation. A form of cryptography is used even in knitting patterns, where directions are writ-
ten in a coded form in patterns such as K1P1 (knit 1, purl 1) that only an initiate can under-
stand. These examples illustrate one important application of cryptography—the efficient and
rapid transmittal of information—but cryptography also protects and verifies data transmitted
via information systems.
418 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
The science of encryption, known as cryptology, encompasses cryptography and cryptanaly-
sis. Cryptography comes from the Greek words kryptos, meaning “hidden,” and graphein,
meaning “to write,” and involves making and using codes to secure messages. Cryptanalysis
involves cracking or breaking encrypted messages back into their unencrypted origins.
Cryptography uses mathematical algorithms that are usually known to all. After all, it’s not
the knowledge of the algorithm that protects the encrypted message, it’s the knowledge of the
key—a series of characters or bits injected into the algorithm along with the original message
to create the encrypted message. An individual or system usually encrypts a plaintext message
into ciphertext, making it unreadable to unauthorized people—those without the key needed
to decrypt the message back into plaintext, where it can be read and understood.
The field of cryptology is so vast that it can fill many volumes. This textbook provides only a
general overview of cryptology and some specific information about cryptographic tools. In
the early sections of this chapter, you learn the background of cryptology as well as key con-
cepts in cryptography and common cryptographic tools. In later sections, you will learn about
common cryptographic protocols and some of the attack methods used against cryptosystems.
Foundations of Cryptology
Cryptology has an extensive, multicultural history. Table 8-1 provides a brief overview of the
history of cryptosystems.
Date Event
1900 B.C. Egyptian scribes used nonstandard hieroglyphs while inscribing clay tablets; this is the first
documented use of written cryptography.
1500 B.C. Mesopotamian cryptography surpassed that of the Egyptians, as demonstrated by a tablet that was
discovered to contain an encrypted formula for pottery glazes; the tablet used symbols that have
differentmeanings depending on the context.
500 B.C. Hebrew scribes writing the book of Jeremiah used a reversed alphabet substitution cipher known as
ATBASH.
487 B.C. The Spartans of Greece developed the skytale, a system consisting of a strip of papyrus wrapped
around a wooden staff. Messages were written down the length of the staff, and the papyrus was
unwrapped. The decryption process involved wrapping the papyrus around a shaft of similar
diameter.
50 B.C. Julius Caesar used a simple substitution cipher to secure military and government communications.
To form an encrypted text, Caesar shifted the letters of the alphabet three places. In addition to
this monoalphabetic substitution cipher, Caesar strengthened his encryption by substituting Greek
letters for Latin letters.
Fourth
to sixth
centuries
The Kama Sutra of Vatsayana listed cryptography as the 44th and 45th of the 64 arts (yogas) that
men and women should practice: (44) The art of understanding writing in cipher, and the writing of
words in a peculiar way; (45) The art of speaking by changing the forms of the word.
725 Abu ‘Abd al-Rahman al-Khalil ibn Ahmad ibn ‘Amr ibn Tammam al Farahidi al-Zadi al Yahmadi
wrote a book (now lost) on cryptography; he also solved a Greek cryptogram by guessing the
plaintext introduction.
Table 8-1 History of Cryptology (continues)
Foundations of Cryptology 419
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Date Event
855 Abu Wahshiyyaan-Nabati, a scholar, published several cipher alphabets that were used to encrypt
magic formulas.
1250 Roger Bacon, an English monk, wrote Epistle of Roger Bacon on the Secret Works of Art and of
Nature and Also on the Nullity of Magic, in which he described several simple ciphers.
1392 The Equatorie of the Planetis, an early text possibly written by Geoffrey Chaucer, contained a
passage in a simple substitution cipher.
1412 Subhalasha, a 14-volume Arabic encyclopedia, contained a section on cryptography, including both
substitution and transposition ciphers, as well as ciphers with multiple substitutions, a technique that
had never been used before.
1466 Leon Battista Alberti, the father of Western cryptography, worked with polyalphabetic substitution
and designed a cipher disk.
1518 Johannes Trithemius wrote the first printed book on cryptography and invented a steganographic
cipher, in which each letter was represented as a word taken from a succession of columns. He also
described a polyalphabetic encryption method using a rectangular substitution format that is now
commonly used. He is credited with introducing the method of changing substitution alphabets with
each letter as it is deciphered.
1553 Giovan Batista Bellaso introduced the idea of the passphrase (password) as a key for encryption. His
polyalphabetic encryption method is misnamed for another person who later used the technique; it
is called the Vigenère Cipher today.
1563 Giovanni Battista Porta wrote a classification text on encryption methods, categorizing them as
transposition, substitution, and symbol substitution.
1623 Sir Francis Bacon described an encryption method that employed one of the first uses of
steganography; he encrypted his messages by slightly changing the typeface of a random text so
that each letter of the cipher was hidden within the text.
1790s Thomas Jefferson created a 26-letter wheel cipher, which he used for official communications while
ambassador to France; the concept of the wheel cipher would be reinvented in 1854 and again in
1913.
1854 Charles Babbage reinvented Thomas Jefferson’s wheel cipher.
1861–5 During the U.S. Civil War, Union forces used a substitution encryption method based on specific
words, and the Confederacy used a polyalphabetic cipher whose solution had been published before
the start of the war.
1914–17 Throughout World War I, the Germans, British, and French used a series of transposition and
substitution ciphers in radio communications. All sides expended considerable effort to try to
intercept and decode communications, and thereby created the science of cryptanalysis. British
cryptographers broke the Zimmerman Telegram, in which the Germans offered Mexico U.S.
territory in return for Mexico’s support. This decryption helped to bring the United States into
the war.
1917 William Frederick Friedman, the father of U.S. cryptanalysis, and his wife, Elizabeth, were employed
as civilian cryptanalysts by the U.S. government. Friedman later founded a school for cryptanalysis in
Riverbank, Illinois.
1917 Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a
nonrepeating random key.
1919 Hugo Alexander Koch filed a patent in the Netherlands for a rotor-based cipher machine; in 1927,
Koch assigned the patent rights to Arthur Scherbius, the inventor of the Enigma machine.
Table 8-1 History of Cryptology (continues)
420 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
Today, many common IT tools use embedded encryption technologies to protect sensitive
information within applications. For example, all the popular Web browsers use built-in
encryption features to enable secure e-commerce, such as online banking and Web
shopping.
Since World War II, there have been restrictions on the export of cryptosystems, and they
continue today, as you saw in Figure 3-4. In 1992, encryption tools were officially listed
as Auxiliary Military Technology under the Code of Federal Regulations: International
Traffic in Arms Regulations. 1 These restrictions are due in part to the role cryptography
played in World War II, and the belief of the American and British governments that the
cryptographic tools they developed were far superior to those in lesser developed coun-
tries. As a result, both governments believe such countries should be prevented from
using cryptosystems to communicate potential terroristic activities or gain an economic
advantage.
For more information on the history of cryptology, visit the National Security Agency’s National
Cryptologic Museum (see www.nsa.gov/about/cryptologic_heritage/museum) or visit the online
Crypto Museum at www.cryptomuseum.com.
Date Event
1927–33 During Prohibition, criminals in the United States began using cryptography to protect the privacy of
messages used in illegal activities.
1937 The Japanese developed the Purple machine, which was based on principles similar to those of
Enigma, and used mechanical relays from telephone systems to encrypt diplomatic messages. By
1940, a team headed by William Friedman had broken the code generated by this machine and
constructed a machine that could quickly decode Purple’s ciphers.
1939–42 The Allies secretly broke the Enigma cipher, undoubtedly shortening World War II.
1942 Navajo code talkers entered World War II; in addition to speaking a language that was unknown
outside a relatively small group within the United States, the Navajos developed code words for
subjects and ideas that did not exist in their native tongue.
1948 Claude Shannon suggested using frequency and statistical analysis in the solution of substitution
ciphers.
1970 Dr. Horst Feistel led an IBM research team in the development of the Lucifer cipher.
1976 A design based on Lucifer was chosen by the U.S. National Security Agency as the Data Encryption
Standard, which found worldwide acceptance.
1976 Whitfield Diffie and Martin Hellman introduced the idea of public-key cryptography.
1977 Ronald Rivest, Adi Shamir, and Leonard Adleman developed a practical public-key cipher both for
confidentiality and digital signatures; the RSA family of computer encryption algorithms was born.
1978 The initial RSA algorithm was published in Communications of the ACM.
1991 Phil Zimmermann released the first version of PGP (Pretty Good Privacy); PGP was released as
freeware and became the worldwide standard for public cryptosystems.
2000 Rijndael’s cipher was selected as the Advanced Encryption Standard.
Table 8-1 History of Cryptology
© Cengage Learning 2015
Foundations of Cryptology 421
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
 Terminology
To understand the fundamentals of cryptography, you must know the meanings of the fol-
lowing terms:
●
Algorithm: The steps used to convert an unencrypted message into an encrypted
sequence of bits that represent the message; sometimes refers to the programs that
enable the cryptographic processes.
●
Bit stream cipher: An encryption method that involves converting plaintext to cipher-
text one bit at a time.
●
Block cipher: An encryption method that involves dividing the plaintext into blocks or
sets of bits and then converting the plaintext to ciphertext one block at a time.
●
Cipher or cryptosystem: An encryption method or process encompassing the algorithm,
key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.
●
Ciphertext or cryptogram: The encoded message resulting from an encryption.
●
Code: The process of converting components (words or phrases) of an unencrypted
message into encrypted components.
●
Decipher: To decrypt, decode, or convert ciphertext into the equivalent plaintext.
●
Decrypt: See Decipher.
●
Encipher: To encrypt, encode, or convert plaintext into the equivalent ciphertext.
●
Encrypt: See Encipher.
●
Key or cryptovariable: The information used in conjunction with an algorithm to cre-
ate the ciphertext from the plaintext or derive the plaintext from the ciphertext. The
key can be a series of bits used by a computer program, or it can be a passphrase used
by people that is then converted into a series of bits used by a computer program.
●
Keyspace: The entire range of values that can be used to construct an individual key.
●
Link encryption: A series of encryptions and decryptions between a number of systems,
wherein each system in a network decrypts the message sent to it and then reencrypts
the message using different keys and sends it to the next neighbor. This process con-
tinues until the message reaches the final destination.
●
Plaintext or cleartext: The original unencrypted message, or a message that has been
successfully decrypted.
●
Steganography: The hiding of messages—for example, within the digital encoding of a
picture or graphic.
●
Work factor: The amount of effort (usually in hours) required to perform cryptanalysis
to decode an encrypted message when the key, the algorithm, or both are unknown.
Cipher Methods
There are two methods of encrypting plaintext: the bit stream method or the block cipher
method, as defined in the previous section. In the bit stream method, each bit in the plaintext
is transformed into a cipher bit one bit at a time. In the block cipher method, the message is
divided into blocks—for example, sets of 8-, 16-, 32-, or 64-bit blocks—and then each block
422 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
of plaintext bits is transformed into an encrypted block of cipher bits using an algorithm and
a key. Bit stream methods commonly use algorithm functions like the exclusive OR operation
(XOR), whereas block methods can use substitution, transposition, XOR, or some combina-
tion of these operations, as described in the following sections. Note that most computer-
based encryption methods operate on data at the level of its binary digits (bits), while others
operate at the byte or character level.
 Substitution Cipher
Key Terms
monoalphabetic substitution A substitution cipher that only incorporates a single alphabet in
the encryption process.
polyalphabetic substitution A substitution cipher that incorporates two or more alphabets in
the encryption process.
substitution cipher An encryption method in which one value is substituted for another.
Vigenère cipher An advanced type of substitution cipher that uses a simple polyalphabetic code.
A substitution cipher exchanges one value for another—for example, it might exchange a let-
ter in the alphabet with the letter three values to the right, or it might substitute one bit for
another bit four places to its left. A three-character substitution to the right results in the fol-
lowing transformation of the standard English alphabet.
Initial alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ yields
Encryption alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC
Within this substitution scheme, the plaintext MOM would be encrypted into the ciphertext PRP.
This is a simple enough method by itself, but it becomes very powerful if combined with
other operations. The previous example of substitution is based on a single alphabet and
thus is known as a monoalphabetic substitution. More advanced substitution ciphers use
two or more alphabets, and are referred to as polyalphabetic substitutions.
To extend the previous example, consider the following block of text:
Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Substitution cipher 1: DEFGHIJKLMNOPQRSTUVWXYZABC
Substitution cipher 2: GHIJKLMNOPQRSTUVWXYZABCDEF
Substitution cipher 3: JKLMNOPQRSTUVWXYZABCDEFGHI
Substitution cipher 4: MNOPQRSTUVWXYZABCDEFGHIJKL
The first row here is the plaintext, and the next four rows are four sets of substitution ciphers,
which taken together constitute a single polyalphabetic substitution cipher. To encode the word
TEXT with this cipher, you substitute a letter from the second row for the first letter in TEXT,
a letter from the third row for the second letter, and so on—a process that yields the ciphertext
WKGF. Note how the plaintext letter T is transformed into a W or an F, depending on its
order of appearance in the plaintext. Complexities like these make this type of encryption sub-
stantially more difficult to decipher when one doesn’t have the algorithm (in this case, the rows
of ciphers) and the key, which is the substitution method. A logical extension to this process is
to randomize the cipher rows completely in order to create a more complex operation.
Cipher Methods 423
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
One example of a monoalphabetic substitution cipher is the cryptogram in the daily newspa-
per (see Figure 8-1). Another example is the once famous Radio Orphan Annie decoder pin
(shown in Figure 8-2), which consisted of two alphabetic rings that could be rotated to a pre-
determined pairing to form a simple substitution cipher. The device was made to be worn as
A P N U P A T A U M :
:
M A J X T U E Q
M J F P A U A T - O T X J A
-
'
' M A J X T U E Q U M D P V E
H T V R X J E
'
H T V J A M M ' D O X E
E F A Z D P E T D V X D P Q N V V R
Figure 8-1 Daily cryptogram
Figure 8-2 Radio Orphan Annie’s decoder pin
Source: www.RadioArchives.com
© Cengage Learning 2015
424 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
a pin so one could always be at the ready. As mentioned in Table 8-1, Julius Caesar report-
edly used a three-position shift to the right to encrypt his messages (A became D, B became
E, and so on), so this substitution cipher was given his name—the Caesar Cipher.
An advanced type of substitution cipher that uses a simple polyalphabetic code is the
Vigenère cipher. The cipher is implemented using the Vigenère square (or table), also known
as a tabula recta—a term invented by Johannes Trithemius in the 1500s. Table 8-2 illustrates
the setup of the Vigenère square, which is made up of 26 distinct cipher alphabets. In the
header row and column, the alphabet is written in its normal order. In each subsequent
row, the alphabet is shifted one letter to the right until a 26 ? 26 block of letters is formed.
Table 8-2 The Vigenère Square
© Cengage Learning 2015
Cipher Methods 425
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
You can use the Vigenère square in several ways. For example, you could perform an encryp-
tion by simply starting in the first row, finding a substitute for the first letter of plaintext, and
then moving down the rows for each subsequent letter of plaintext. With this method, the
word SECURITY in plaintext becomes TGFYWOAG in ciphertext.
A much more sophisticated way to use the Vigenère square is to use a keyword to represent
the shift. To accomplish this, you begin by writing a keyword above the plaintext message.
For example, suppose the plaintext message is “SACK GAUL SPARE NO ONE” and the
keyword is ITALY. We thus end up with the following:
ITALYITALYITALYITA
SACKGAULSPARENOONE
Now you use the keyword letter and the message (plaintext) letter below it in combination.
Returning to the Vigenère square, notice how the first column of text, like the first row,
forms the normal alphabet. To perform the substitution, start with the first combination
of keyword and message letters, IS. Use the keyword letter to locate the column and the
message letter to find the row, and then look for the letter at their intersection. Thus, for
column “I” and row “S,” you will find the ciphertext letter “A.” After you follow this
procedure for each letter in the message, you will produce the encrypted ciphertext
ATCVEINLDNIKEYMWGE. One weakness of this method is that any keyword-message
letter combination containing an “A” row or column reproduces the plaintext message letter.
For example, the third letter in the plaintext message, the C (of SACK), has a combination of
AC, and thus is unchanged in the ciphertext. To minimize the effects of this weakness, you
should avoid choosing a keyword that contains the letter “A.”
 Transposition Cipher
Key Terms
permutation cipher See transposition cipher.
transposition cipher Also known as a permutation cipher, an encryption method that involves
simply rearranging the values within a block based on an established pattern to create the
ciphertext.
Like the substitution operation, the transposition cipher is simple to understand, but if prop-
erly used, it can produce ciphertext that is difficult to decipher. In contrast to the substitution
cipher, however, the transposition cipher or permutation cipher simply rearranges the bits or
bytes (characters) within a block to create the ciphertext. For an example, consider the fol-
lowing transposition key pattern.
Key pattern: 8 ! 3, 7 ! 6, 6 ! 2, 5 ! 7, 4 ! 5, 3 ! 1, 2 ! 8, 1 ! 4
In this key, the bit or byte (character) in position 1 moves to position 4. When operating on
binary data, position 1 is at the far right of the data string, and counting proceeds from right
to left. Next, the bit or byte in position 2 moves to position 8, and so on. This cipher is simi-
lar to another newspaper puzzle favorite: the word jumble, as illustrated in Figure 8-3. In the
jumble, words are scrambled, albeit with no defined pattern. Upon unscrambling, the words
provide key characters used to decode a separate message.
426 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
The following rows show the numbering of bit locations for this key; the plaintext message
00100101011010111001010101010100, which is broken into 8-bit blocks for clarity; and
the ciphertext that is produced when the transposition key depicted above is applied to the
plaintext.
Bit locations: 87654321 87654321 87654321 87654321
Plaintext 8-bit blocks: 00100101|01101011|10010101|01010100
Ciphertext: 00001011|10111010|01001101|01100001
Reading from right to left in this example, the first bit of plaintext (position 1 of the first byte)
becomes the fourth bit (in position 4) of the first byte of the ciphertext. Similarly, the second bit
of the plaintext (position 2) becomes the eighth bit (position 8) of the ciphertext, and so on.
To examine further how this transposition key works, look at its effects on a plaintext mes-
sage comprised of letters instead of bits. Replacing the 8-bit block of plaintext with the exam-
ple plaintext message presented earlier, “SACK GAUL SPARE NO ONE,” yields the
following.
Letter locations: 87654321|87654321|87654321
Plaintext: __ENO_ON|_ERAPS_L|UAG_KCAS
Key: Same key as above, but characters transposed, not bits.
Ciphertext: ON_ON_E_|_AEPL_RS|A_AKSUGC
Here, you read from right to left to match the order in which characters would be transmit-
ted from a sender on the left to a receiver on the right. The letter in position 1 of the first
block of plaintext, “S,” moves to position 4 in the ciphertext. The process is continued until
the letter “U,” the eighth letter of the first block of plaintext, moves to the third position of
the ciphertext. This process continues with subsequent blocks using the same specified pat-
tern. Obviously, the use of different-sized blocks or multiple transposition patterns would
enhance the strength of the cipher.
In addition to being credited with inventing a substitution cipher, Julius Caesar was associ-
ated with an early version of the transposition cipher. In the Caesar block cipher, the recipi-
ent of the coded message knows to fit the text to a prime number square. In practice, this
“Ben Franklin’s Airport Woes”
“Those who desire to give up freedom in
order to gain will not have, nor do
they deserve, either one.”
R S T U T
H P R I E C
E D N O E C
D I N E H D
B I E S S C R
v I Y p A R C
ANSWER:
Figure 8-3 Word jumble
© Cengage Learning 2015
Cipher Methods 427
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
means that if there are fewer than 25 characters, the recipient uses a 5 × 5 square. For exam-
ple, if you received the Caesar ciphertext shown below, you would make a square of five col-
umns and five rows, and then write the letters of the message into the square, filling the slots
from left to right and top to bottom. Then you would read the message from the opposite
direction—that is, from top to bottom, left to right.
Ciphertext: SGS_NAAPNECUAO_KLR _ _ _ EO
S G S _ N
A A P N E
C U A O _
K L R _ _
_ _ E O _
Reading from top to bottom, left to right reveals the plaintext “SACK GAUL SPARE NO
ONE.”
When mechanical and electronic cryptosystems became more widely used, transposition
ciphers and substitution ciphers were combined to produce highly secure encryption pro-
cesses. To make the encryption even stronger and more difficult to cryptanalyze, the keys
and block sizes can be increased to 128 bits or more, which produces substantially more
complex substitutions or transpositions. These systems use a block padding method to fill
the last block of the plaintext with random characters to facilitate the algorithm.
 Exclusive OR
Key Term
exclusive OR operation (XOR) A function within Boolean algebra used as an encryption
function in which two bits are compared. If the two bits are identical, the result is a binary 0;
otherwise, the result is a binary 1.
The exclusive OR operation (XOR) is a function of Boolean algebra in which two bits are
compared and a binary result is generated. XOR encryption is a very simple symmetric cipher
that is used in many applications where security is not a defined requirement. Table 8-3 shows
an XOR table with the results of all possible combinations of two bits.
To see how XOR works, consider an example in which the plaintext is the word “CAT.”
The ASCII binary representation of the plaintext is 01000011 01000001 01010100.
First bit Second bit Result
0 0 0
0 1 1
1 0 1
1 1 0
Table 8-3 XOR Table
© Cengage Learning 2015
428 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
In order to encrypt the plaintext, a key value should be selected. In this case, the bit pattern
for the letter “V” (01010110) is used, and is repeated for each character to be encrypted,
written from left to right. Performing the XOR operation on the two bit streams (the plain-
text and the key) produces the result shown in Table 8-4.
The bottom row of Table 8-4, “Cipher,” is read from left to right and contains the bit stream
that will be transmitted. When this cipher is received, it can be decrypted using the key value
“V.” Note that the XOR encryption method is very simple to implement and equally simple
to break. The XOR encryption method should not be used by itself when an organization is
transmitting or storing sensitive data. Actual encryption algorithms used to protect data typi-
cally use the XOR operator as part of a more complex encryption process.
You can combine XOR with a block cipher to produce a simple but powerful operation.
In the example that follows (again read from left to right), the first row shows a character
message “5E5þ•” requiring encryption. The second row shows this message in binary
notation. In order to apply an 8-bit block cipher method, the binary message is broken
into 8-bit blocks in the row labeled “Message blocks.” The fourth row shows the 8-bit
key (01010101) chosen for the encryption. To encrypt the message, you must perform the
XOR operation on each 8-bit block by using the XOR function onthe message bit and the
key bit to determine the bits of the ciphertext. The result is shown in the row labeled
“Ciphertext.” This ciphertext can now be sent to a receiver, who will be able to decipher
the message simply by knowing the algorithm (XOR) and the key (01010101).
Message (text): “5E5þ•”
Message (binary): 00110101 01000101 00110101 00101011 10010101
Message blocks: 00110101 01000101 00110101 00101011 10010101
Key: 01010101 01010101 01010101 01010101 01010101
Ciphertext: 01100000 00010000 01100000 01111110 11000000
If the receiver cannot apply the key to the ciphertext and derive the original message, either
the cipher was applied with an incorrect key or the cryptosystem was not used correctly.
 Vernam Cipher
Key Term
Vernam cipher An encryption process that generates a random substitution matrix between
letters and numbers that is used only one time. Also called a one-time pad.
Text value Binary value
CAT as bits 0 1 0 0 0 0 1 1 0 1 0 0 0 0 0 1 0 1 0 1 0 1 0 0
VVV as key 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0
Cipher 0 0 0 1 0 1 0 1 0 0 0 1 0 1 1 1 0 0 0 0 0 0 1 0
Table 8-4 Example XOR Encryption
© Cengage Learning 2015
Cipher Methods 429
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Also known as the one-time pad, the Vernam cipher, developed by Gilbert Vernam in 1917
while working at AT&T Bell Labs, uses a set of characters only one time for each encryption
process (hence the name one-time pad). The pad in the name comes from the days of manual
encryption and decryption when the key values for each ciphering session were prepared by
hand and bound into an easy-to-use form—a pad of paper. To perform the Vernam cipher
encryption, the pad values are added to numeric values representing the plaintext that needs
to be encrypted. Each character of the plaintext is turned into a number and a pad value for
that position is added to it. The resulting sum for that character is then converted back to a
ciphertext letter for transmission. If the sum of the two values exceeds 26, then 26 is sub-
tracted from the total. The process of keeping a computed number within a specific range is
called a modulo; thus, requiring that all numbers be in the range of 1–26 is referred to as
modulo 26. In this process, a number larger than 26 has 26 sequentially subtracted from it
until the number is in the proper range.
To examine the Vernam cipher and its use of modulo, consider the following example, which
uses “SACK GAUL SPARE NO ONE” as plaintext. In the first step of this encryption pro-
cess, the letter “S” is converted into the number 19 because it is the nineteenth letter of the
alphabet. The same conversion is applied to the rest of the letters of the plaintext message,
as shown below.
Plaintext: S A C K G A U L S P A R E N O O N E
Plaintext value: 19 01 03 11 07 01 21 12 19 16 01 18 05 14 15 15 14 05
One-time pad text: F P Q R N S B I E H T Z L A C D G J
One-time pad value: 06 16 17 18 14 19 02 09 05 08 20 26 12 01 03 04 07 10
Sum of plaintext & pad: 25 17 20 29 21 20 23 21 24 24 21 44 17 15 18 19 21 15
After modulo subtraction: 03 18
Ciphertext: Y Q T C U T W U X X U R Q O R S U O
Rows three and four in this example show the one-time pad text that was chosen for this
encryption and the one-time pad value, respectively. As you can see, the pad value, like
the plaintext value, is derived from the position of each pad text letter in the alphabet.
Thus, the pad text letter “F” is assigned the position number 06. This conversion process
is repeated for the entire one-time pad text. Next, the plaintext value and the one-time
pad value are added together—the first sum is 25. Because 25 is in the range of 1 to 26,
no modulo 26 subtraction is required. The sum remains 25, and yields the ciphertext
“Y,” as shown above. Skipping ahead to the fourth character of the plaintext, “K,” you
find that its plaintext value is 11. The pad text is “R” and the pad value is 18. The sum
of 11 and 18 is 29. Because 29 is larger than 26, 26 is subtracted from it, which yields
the value 3. The ciphertext for this plaintext character is then the third letter of the
alphabet, “C.”
Decryption of any ciphertext generated from a one-time pad requires either knowledge of the
pad values or the use of elaborate and very difficult cryptanalysis (or so the encrypting party
hopes). Using the pad values and the ciphertext, the decryption process works as follows:
“Y” becomes the number 25, from which you subtract the pad value for the first letter of
the message, 06. This yields a value of 19, or the letter “S.” This pattern continues until the
fourth letter of the ciphertext, where the ciphertext letter is “C” and the pad value is 18. Sub-
tracting 18 from 3 yields negative 15. Because of modulo 26, which requires that all numbers
are in the range of 1–26, you must add 26 to the negative 15. This operation yields a sum of
11, which means the fourth letter of the message is “K.”
430 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
For more information about Gilbert Vernam and his cryptography work, view the video
“Encryption, Episode 2: The Vernam Cipher” by visiting http://techchannel.att.com/ and using
the search box.
 Book-Based Ciphers
Two related encryption methods made popular by spy movies involve using the text in a book
as the key to decrypt a message. These methods are the book cipher and the running key cipher.
A third method, the template cipher, is not really a cipher but is related to this discussion.
Book Cipher In a book cipher, the ciphertext consists of a list of codes representing the
page number, line number, and word number of the plaintext word. The algorithm is the
mechanical process of looking up the references from the ciphertext and converting each ref-
erence to a word by using the ciphertext’s value and the key (the book). For example, from
a copy of a particular popular novel, one may send the message 259,19,8; 22,3,8; 375,7,4;
394,17,2. Although almost any book can be used, dictionaries and thesauruses are typically
the most popular sources, as they are likely to contain almost any word that might be
needed. The recipient of a running key cipher must first know which book is used—in this
case, suppose it is the science fiction novel A Fire Upon the Deep, the 1992 TOR edition.
To decrypt the ciphertext, the receiver acquires the book, turns to page 259, finds line 19,
and selects the eighth word in that line (which is “sack”). Then the receiver turns to page
22, line 3, selects the eighth word again, and so forth. In this example, the resulting message
is “SACK ISLAND SHARP PATH.” If a dictionary is used, the message consists only of the
page number and the number of the word on the page. An even more sophisticated version
might use multiple books, perhaps even in a particular sequence for each word or phrase.
Running Key Cipher Similar in concept to the book cipher is the running key cipher,
which uses a book for passing the key to a cipher that is similar to the Vigenère cipher. The
sender provides an encrypted message with a short sequence of numbers that indicate the
page, line, and word number from a predetermined book to be used as the key or indicator
block. Unlike the Vigenère cipher, if the key needs to be extended in a running key cipher,
you don’t repeat the key. Instead, you continue the text from the indicator block. From this
point, you follow the same basic method as the Vigenère cipher, using the tabula recta to
find the column based on the plaintext, and the row based on the key-indicator block letter.
Reversing the processes deciphers the ciphertext, using the ciphertext letter and key. You sim-
ply use the row or column corresponding to the key letter, find the ciphertext in the row or
column of text, and then identify the letter on the opposing axis. The mirrored layout of the
table simplifies the selection of rows or columns during encryption and decryption.
Template Cipher The template cipher or perforated page cipher is not strictly an
encryption cipher, but more of an example of steganography. The template cipher involves
the use of a hidden message in a book, letter, or other message. The receiver must use a
page with a specific number of holes cut into it and place it over the book page or letter to
extract the hidden message. Commonly shown in movies where an inmate sends coded mes-
sages from prison, this cipher is both difficult to execute and easy to detect, provided either
party is physically searched. The presence of the perforated page is a clear indicator that
some form of hidden message communication is occurring. A much simpler method would
Cipher Methods 431
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
be to employ a variation of acrostics, where the first letter of each line of a message (or
every nth letter) would spell out a hidden message.
 Hash Functions
Key Terms
hash algorithms Public functions that create a hash value, also known as a message digest, by
converting variable-length messages into a single fixed-length value.
hash functions Mathematical algorithms that generate a message summary or digest
(sometimes called a fingerprint) to confirm message identity and integrity.
hash value See message digest.
message authentication code (MAC) A key-dependent, one-way hash function that allows
only specific recipients (symmetric key holders) to access the message digest.
message digest A value representing the application of a hash algorithm on a message that is
transmitted with the message so it can be compared with the recipient’s locally calculated hash
of the same message. If both hashes are identical after transmission, the message has arrived
without modification. Also known as a hash value.
Secure Hash Standard (SHS) A standard issued by the National Institute of Standards and
Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed
representation of a message or data file.
In addition to ciphers, another important encryption technique that is often incorporated into
cryptosystems is the hash function. Hash functions are mathematical algorithms used to con-
firm the identity of a specific message and confirm that the content has not been changed.
While they do not create ciphertext, hash functions confirm message identity and integrity,
both of which are critical functions in e-commerce.
Hash algorithms are used to create a hash value, also known as a message digest, by convert-
ing variable-length messages into a single fixed-length value. The message digest is a finger-
print of the author’s message that is compared with the recipient’s locally calculated hash of
the same message. If both hashes are identical after transmission, the message has arrived
without modification. Hash functions are considered one-way operations in that the same
message always provides the same hash value, but the hash value itself cannot be used to
determine the contents of the message.
Hashing functions do not require the use of keys, but it is possible to attach a message authen-
tication code (MAC) to allow only specific recipients to access the message digest. Because
hash functions are one-way, they are used in password verification systems to confirm the iden-
tity of the user. In such systems, the hash value, or message digest, is calculated based on the
originally issued password, and this message digest is stored for later comparison. When the
user logs on for the next session, the system calculates a hash value based on the user’s pass-
word input, and this value is compared against the stored value to confirm identity.
The Secure Hash Standard (SHS) is issued by the National Institute of Standards and
Technology (NIST). Standard document FIPS 180-4 specifies SHA-1 (Secure Hash Algorithm 1)
as a secure algorithm for computing a condensed representation of a message or data file.
SHA-1 produces a 160-bit message digest, which can be used as an input to a digital signature
algorithm. SHA-1 is based on principles modeled after MD4, which is part of the MDx family
432 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
of hash algorithms created by Ronald Rivest. New hash algorithms, SHA-256, SHA-384, and
SHA-512, have been proposed by NIST as standards for 128, 192, and 256 bits, respectively.
The number of bits used in the hash algorithm is a measurement of the algorithm’s strength
against collision attacks. SHA-256 is essentially a 256-bit block cipher algorithm that creates
a key by encrypting the intermediate hash value, with the message block functioning as the
key. The compression function operates on each 512-bit message block and a 256-bit interme-
diate message digest. 2 As shown in Figure 8-4, free tools are available that can calculate hash
values using a number of popular algorithms.
For more information on the Secure Hash Standard, read FIPS 180-4 at http://csrc.nist.gov
/publications/PubsFIPS.html.
A recently developed attack method called rainbow cracking has generated concern about the
strength of the processes used for password hashing. In general, if attackers gain access to a
file of hashed passwords, they can use a combination of brute force and dictionary attacks to
reveal user passwords. Passwords that are dictionary words or poorly constructed can be eas-
ily cracked. Well-constructed passwords take a long time to crack even using the fastest com-
puters, but by using a rainbow table—a database of precomputed hashes from sequentially
calculated passwords, as described in Chapter 2—the rainbow cracker simply looks up the
hashed password and reads out the text version. No brute force is required. This type of
attack is more properly classified as a time-memory trade-off attack.
To defend against such an attack, you must first protect the file of hashed passwords and
implement strict limits on the number of attempts allowed per login session. You can also
use an approach called password hash salting. Salting is the process of providing a random
piece of data to the hashing function when the hash is first calculated. The use of the salt
Figure 8-4 Various hash values
Source: SlavaSoft HashCalc.
Cipher Methods 433
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
value creates a different hash; when a large set of salt values are used, rainbow cracking fails
because the time-memory trade-off is no longer in the attacker’s favor. The salt value is not
kept a secret: It is stored along with the account identifier so that the hash value can be rec-
reated during authentication. 3 Additional techniques include key stretching and key strength-
ening. Key stretching involves repeating the hashing algorithm up to several thousand times
to continuously inject the password, salt value, and interim hash results back into the pro-
cess. Key strengthening extends the key with the salt value, but then deletes the salt value.
Cryptographic Algorithms
In general, cryptographic algorithms are often grouped into two broad categories—symmetric
and asymmetric—but in practice, today’s popular cryptosystems use a combination of both
algorithms. Symmetric and asymmetric algorithms are distinguished by the types of keys they
use for encryption and decryption operations.
Cryptographic Notation
The notation used to represent the encryption process varies, depending on its
source. The notation in this text uses the letter M to represent the original mes-
sage, C to represent the ending ciphertext, E to represent the enciphering or
encryption process, D to represent the decryption or deciphering process, and K to
represent the key. This notation can be used as follows:
●
E(M) ¼ C: encryption (E) is applied to a message (M) to create ciphertext (C).
●
D[C] ¼ D[E(M)] ¼ M: by decrypting (D) an encrypted message [E(M)], you get
the original message (M).
●
E(M,K) ¼ C: encrypting (E) the message (M) with the key (K) results in the
ciphertext (C). If more than one key (K) is used in a multiple-round encryp-
tion, the keys are numbered K1, K2, and so on.
●
D(C,K) ¼ D[E(M,K),K] ¼ M; that is, decrypting the ciphertext with key K results
in the original plaintext message.
To encrypt a plaintext set of data, you can use one of two methods: bit stream
and block cipher. In the bit stream method, each bit is transformed into a cipher bit,
one after the other. In the block cipher method, the message is divided into blocks—
for example, 8-, 16-, 32-, or 64-bit blocks—and then each is transformed using the
algorithm and key. Bit stream methods most commonly use algorithm functions like
XOR, whereas block methods can use XOR, transposition, or substitution.
TECHNICAL DETAILS
434 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
 Symmetric Encryption
Key Terms
Advanced Encryption Standard (AES) The current federal standard for the encryption of data,
as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent
Rijmen and Joan Daemen.
private-key encryption or symmetric encryption An encryption method that incorporates
mathematical operations involving the same secret key both to encipher and decipher the message.
secret key A key that can be used in symmetric encryption both to encipher and decipher the
message.
Encryption methodologies that require the same secret key to encipher and decipher the mes-
sage are performing private-key encryption or symmetric encryption. Symmetric encryption
methods use mathematical operations that can be programmed into extremely fast computing
algorithms so that encryption and decryption are executed quickly, even by small computers.
As you can see in Figure 8-5, one of the challenges is that both the sender and the recipient
must have the secret key. Also, if either copy of the key falls into the wrong hands, messages
can be decrypted by others and the sender and intended receiver may not know a message
was intercepted. The primary challenge of symmetric key encryption is getting the key to the
receiver, a process that must be conducted out of band to avoid interception. In other words,
the process must use a channel or band other than the one carrying the ciphertext.
There are a number of popular symmetric encryption cryptosystems. One of the most widely
known is the Data Encryption Standard (DES); it was developed by IBM and is based on the
company’s Lucifer algorithm, which uses a key length of 128 bits. As implemented, DES uses
a 64-bit block size and a 56-bit key. DES was adopted by NIST in 1976 as a federal standard
Rachel at ABC Corp. generates a secret key. She must somehow
get it to Alex at XYZ Corp. out of band. Once Alex has it, Rachel can
use it to encrypt messages, and Alex can use it to decrypt and read them.
Private
courier
The deal
is a “go.”
2LW0^M
$AC6>1!
The deal
is a “go.”
Secret key A
encrypts message
The corresponding
ciphertext is transmitted
Secret key A
decrypts message
Figure 8-5 Example of symmetric encryption
© Cengage Learning 2015
Cryptographic Algorithms 435
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
for encryption of nonclassified information, after which it became widely employed in com-
mercial applications. DES enjoyed increasing popularity for almost 20 years until 1997,
when users realized that a 56-bit key size did not provide acceptable levels of security. In
1998, a group called the Electronic Frontier Foundation (www.eff.org) used a specially
designed computer to break a DES key in just over 56 hours. Since then, it has been theo-
rized that a dedicated attack supported by the proper hardware (not necessarily a specialized
computer) could break a DES key in less than a day.
Triple DES (3DES) was created to provide a level of security far beyond that of DES. 3DES was
an advanced application of DES, and while it did deliver on its promise of encryption strength
beyond DES, it soon proved too weak to survive indefinitely—especially as computing power
continued to double every 18 months. Within just a few years, 3DES needed to be replaced.
The successor to 3DES is the Advanced Encryption Standard (AES). AES is a federal informa-
tion processing standard (FIPS) that specifies a cryptographic algorithm used within the U.S.
government to protect information in federal agencies that are not part of the national defense
Triple DES (3DES)
3DES was designed to surpass the security provided by standard DES. (In between,
there was a 2DES; however, it was statistically shown not to provide significantly
stronger security than DES.) 3DES uses three 64-bit keys for an overall key length
of 192 bits. 3DES encryption is the same as that of standard DES, repeated three
times. 3DES can be employed using two or three keys and a combination of
encryption or decryption for additional security. The most common implementa-
tions involve encrypting and/or decrypting with two or three different keys, as
described in the following steps. 3DES employs 48 rounds in its encryption compu-
tation, generating ciphers that are approximately 256 times stronger than stan-
dard DES ciphers but that require only three times longer to process. One example
of 3DES encryption is as follows:
1. In the first operation, 3DES encrypts the message with key 1, decrypts it with
key 2, and then encrypts it again with key 1. In cryptographic notation, this is
[E{D[E(M,K1)],K2},K1]. Decrypting with a different key is essentially another encryp-
tion, but it reverses the application of the traditional encryption operations.
2. In the second operation, 3DES encrypts the message with key 1, encrypts
it again with key 2, and then encrypts it a third time with key 1 again, or
[E{E[E(M,K1)],K2},K1].
3. In the third operation, 3DES encrypts the message three times with three different
keys: [E{E[E(M,K1)],K2},K3]. This is the most secure level of encryption possible with
3DES.
TECHNICAL DETAILS
436 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
infrastructure. (Agencies that are considered a part of national defense use more secure methods
of encryption, which are provided by the National Security Agency.) The requirements for AES
stipulate that the algorithm should be unclassified, publicly disclosed, and available royalty-free
worldwide. AES was developed to replace both DES and 3DES. While 3DES remains an
approved algorithm for some uses, its expected useful life is limited. Historically, crypto-
graphic standards approved by FIPS have been adopted on a voluntary basis by organizations
outside government entities. The AES selection process involved cooperation between the U.S.
government, private industry, and academia from around the world. AES was approved by
the Secretary of Commerce as the official federal governmental standard on May 26, 2002.
AES implements a block cipher called the Rijndael Block Cipher with a variable block length
and a key length of 128, 192, or 256 bits. Experts estimate that the special computer used by
the Electronic Frontier Foundation to crack DES within a couple of days would require
approximately 4,698,864 quintillion years (4,698,864,000,000,000,000,000) to crack AES.
To learn more about AES, see the nearby Technical Details feature.
For more information on the Advanced Encryption Standard, read FIPS 197 at http://csrc.nist.gov
/publications/PubsFIPS.html.
 Asymmetric Encryption
Key Terms
asymmetric encryption An encryption method that incorporates mathematical operations
involving both a public key and a private key to encipher or decipher a message. Either key
can be used to encrypt a message, but then the other key is required to decrypt it.
public-key encryption See asymmetric encryption.
While symmetric encryption systems use a single key both to encrypt and decrypt a message,
asymmetric encryption uses two different but related keys. Either key can be used to encrypt or
decrypt the message. However, if key A is used to encrypt the message, only key B can decrypt it;
if key B is used to encrypt a message, only key A can decrypt it. Asymmetric encryption can be
used to provide elegant solutions to problems of secrecy and verification. This technique has its
greatest value when one key is used as a private key, which means it is kept secret (much like
the key in symmetric encryption) and is known only to the owner of the key pair. The other
key serves as a public key, which means it is stored in a public location where anyone can use
it. For this reason, the more common name for asymmetric encryption is public-key encryption.
Consider the following example, as illustrated in Figure 8-6. Alex at XYZ Corporation wants
to send an encrypted message to Rachel at ABC Corporation. Alex goes to a public-key regis-
try and obtains Rachel’s public key. Remember that the foundation of asymmetric encryption
is that the same key cannot be used both to encrypt and decrypt the same message. So, when
Rachel’s public key is used to encrypt the message, only her private key can be used to decrypt
the message; that private key is held by Rachel alone. Similarly, if Rachel wants to respond to
Alex’s message, she goes to the registry where Alex’s public key is held and uses it to encrypt
her message, which of course can only be read by Alex’s private key. This approach, which
keeps private keys secret and encourages the sharing of public keys in reliable directories, is an
elegant solution to the key management problems of symmetric key applications.
Cryptographic Algorithms 437
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Advanced Encryption Standard (AES)
Of the many ciphers that were submitted from around the world for consideration
in the AES selection process, five finalists were chosen: MARS, RC6, Rijndael,
Serpent, and Twofish. On October 2, 2000, NIST announced the selection of
Rijndael; it was approved as the official U.S. standard 18 months later. The AES ver-
sion of Rijndael can use a multiple round-based system. Depending on the key size,
the number of rounds varies from 9 to 13: for a 128-bit key, nine rounds plus one
end round are used; for a 192-bit key, 11 rounds plus one end round are used; and
for a 256-bit key, 13 rounds plus one end round are used. Once Rijndael was
adopted for the AES, the ability to use variable-sized blocks was standardized to a
single 128-bit block for simplicity. The four steps within each Rijndael round are
described as follows:
1. “The Byte Sub step. Each byte of the block is replaced by its substitute in an
S-box (substitution box). [Author’s note: The calculation of the S-box values is
beyond the scope of this text.]
2. The Shift Row step. Considering the block to be made up of bytes 1 to 16,
these bytes are arranged in a rectangle and shifted as follows:
from to
1 5 9 13 1 5 9 13
2 6 10 14 6 10 14 2
3 7 11 15 11 15 3 7
4 8 12 16 16 4 8 12
Other shift tables are used for larger blocks.
3. The Mix Column step. Matrix multiplication is performed; each column is
multiplied by the matrix:
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2
4. The Add Round Key step. This simply XORs in the subkey for the current round.
The extra final round omits the Mix Column step, but is otherwise the same as a
regular round.” 4
TECHNICAL DETAILS
438 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
Asymmetric algorithms are one-way functions, meaning they are simple to compute in one
direction, but complex to compute in the opposite direction. This is the foundation of
public-key encryption. It is based on a hash value, which is calculated from an input number
using a hashing algorithm, as you learned earlier in this chapter. This hash value is essentially
a summary of the original input values. It is virtually impossible to derive the original values
without knowing how they were used to create the hash value. For example, if you multiply
45 by 235, you get 10,575. This is simple enough. But if you are simply given the number
10,575, can you determine which two numbers were multiplied to produce it?
Now assume that each multiplier is 200 digits long and prime. The resulting multiplicative prod-
uct would be up to 400 digits long. Imagine the time you’d need to factor out those numbers.
There is a shortcut, however. In mathematics, it is known as a trapdoor (which is different
from the software trapdoor). A mathematical trapdoor is a “secret mechanism that enables you
to easily accomplish the reverse function in a one-way function.” 5 With a trapdoor, you can use
a key to encrypt or decrypt the ciphertext, but not both, thus requiring two keys. The public key
becomes the true key, and the private key is derived from the public key using the trapdoor.
One of the most popular public-key cryptosystems is RSA, whose name is derived from
Rivest-Shamir-Adleman, the algorithm’s developers. The RSA algorithm was the first public-
key encryption algorithm developed (in 1977) and published for commercial use. It is very
popular and has been embedded in both Microsoft and Netscape Web browsers to provide
security for e-commerce applications. The patented RSA algorithm has become the de facto
standard for public-use encryption applications.
For more information on how the RSA algorithm works, read RFC 3447, “Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications,” Version 2.1, which is available from www
.rfc-editor.org/rfc/rfc3447.txt.
Public ke
repository
y
Alex at XYZ Corp. wants to send a message to Rachel at ABC Corp. Rachel
stores her public key where it can be accessed by anyone. Alex retrieves Rachel’s
key and uses it to create ciphertext that can be decrypted only by Rachel’s private key,
which only she has. To respond, Rachel gets Alex’s public key to encrypt her message.
Sounds
great!
Thanks.
LLQ03&
M1MQY
>_WU#
Sounds
great!
Thanks.
Private key B
decrypts message
Corresponding
ciphertext is transmitted
Public key B
encrypts message
Figure 8-6 Example of asymmetric encryption
© Cengage Learning 2015
Cryptographic Algorithms 439
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
The problem with asymmetric encryption, as shown earlier in Figure 8-6, is that holding a
single conversation between two parties requires four keys. Moreover, if four organizations
want to exchange communications, each party must manage its private key and four public
keys. In such scenarios, determining which public key is needed to encrypt a particular mes-
sage can become a rather confusing problem, and with more organizations in the loop, the
problem expands. This is why asymmetric encryption is sometimes regarded by experts as
inefficient. Compared with symmetric encryption, asymmetric encryption is also not as effi-
cient in terms of CPU computations. Consequently, hybrid systems, such as those described
later in this chapter in the “public key infrastructure (PKI)” section, are more commonly
used than pure asymmetric systems.
The RSA organization is now a division of EMC Corporation. For information about the annual
RSA security conference, see www.rsaconference.com. You can also visit the home pages of
RSA’s developers. For example, Ronald L. Rivest’s home page is at http://people.csail.mit.edu
/rivest/. Adi Shamir’s home page is at www.wisdom.weizmann.ac.il/math/profile/scientists
/shamir-profile.html. Len Adleman’s home page is at www.usc.edu/dept/molecular-science/fm
-adleman.htm.
 Encryption Key Size
When deploying ciphers, it is important for users to decide on the size of the cryptovariable
or key, because the strength of many encryption applications and cryptosystems is measured
by key size. How exactly does key size affect the strength of an algorithm? Typically, the
length of the key increases the number of random guesses that have to be made in order to
break the code. Creating a larger universe of possibilities increases the time required to
make guesses, and thus a longer key directly influences the strength of the encryption.
It may surprise you to learn that when it comes to cryptosystems, the security of encrypted
data is not dependent on keeping the encrypting algorithm secret. In fact, algorithms should
be published and often are, to enable research to uncover their weaknesses. The security of
any cryptosystem depends on keeping some or all elements of the cryptovariable(s) or key(s)
secret, and effective security is maintained by manipulating the size (bit length) of the keys
and following proper procedures and policies for key management.
For a simple example of how key size is related to encryption strength, suppose you have an
algorithm that uses a three-bit key. You may recall from earlier in the chapter that keyspace is
the range from which the key can be drawn. Also, you may recall that in binary notation, three
bits can be used to represent values from 000 to 111, which correspond to the numbers 0 to 7
in decimal notation and thus provide a keyspace of eight keys. This means an algorithm that
uses a three-bit key has eight possible keys; the numbers 0 to 7 in binary are 000, 001, 010,
011, 100, 101, 110, and 111. If you know how many keys you have to choose from, you can
program a computer to try all the keys in an attempt to crack the encrypted message.
The preceding statement makes a few assumptions:(1) you know the algorithm, (2) you have the
encrypted message, and (3) you have time on your hands. It is easy to satisfy the first criterion.
The encryption tools that use DES can be purchased over the counter. Many of these tools are
based on encryption algorithms that are standards, as is DES itself, and therefore it is relatively
easy to get a cryptosystem based on DES that enables you to decrypt an encrypted message if
you possess the key. The second criterion requires the interception of an encrypted message,
which is illegal but not impossible. As for the third criterion, the task required is a brute force
440 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
attack, in which a computer randomly or sequentially selects possible keys of the known size and
applies them to the encrypted text or a piece of the encrypted text. If the result is plaintext—
bingo! But, as indicated earlier in this chapter, it can take quite a long time to exert brute force
on more advanced cryptosystems. In fact, the strength of an algorithm is determined by how
long it takes to guess the key.
When it comes to keys, how big is big? At the beginning of this section, you learned that a
three-bit system has eight possible keys. An eight-bit system has 256 possible keys. If you
use a 24-bit key, which is puny by modern standards, you have almost 16.8 million possible
keys. Even so, a modern PC, such as the one described in Table 8-5, could discover this key
in mere seconds. But, as the table shows, the amount of time needed to crack a cipher by
guessing its key grows exponentially with each additional bit.
One thing to keep in mind is that even though the estimated time to crack grows rapidly with
respect to the number of bits in the encryption key and the odds of cracking seem
It is estimated that to crack an encryption key using a brute force attack, a computer needs to
perform a maximum of 2^k operations (2 k guesses), where k is the number of bits in the key.
In reality, the average estimated time to crack is half that time.
Using an average 2013-era Intel i7 PC (3770K) chip performing 109,924 Dhrystone MIPS
(million instructions per second) at 3.9 GHz:
Key length
(bits)
Maximum number of
operations (guesses) Maximum time to crack
Estimated average
time to crack
16 65,636 0.00000061 seconds 0.00000031 seconds
24 16,777,216 0.00016 seconds 0.00008 seconds
32 4,294,967,296 0.04 seconds 0.02 seconds
56 72,057,594,037,927,900 7.8 days 3.9 days
64 18,446,744,073,709,600,000 5.48 years 2.74 years
128 3.40Eþ38 101,123,123,702,077,
000,000 years
50,561,561,851,038,
500,000 years
256 1.16Eþ77 34,410,426,468,960,
700,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000 years
17,205,213,234,480,300,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000 years
512 1.34Eþ154 3,984,515,321,402,380,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000 years
1,992,257,660,701,190,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000,000,000,000,000,
000 years
Table 8-5 Encryption Key Power
© Cengage Learning 2015
Cryptographic Algorithms 441
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
insurmountable at first glance, Table 8-5 doesn’t account for the fact that high-end computing
power has increased and continues to be more accessible. Therefore, even the once-standard
56-bit encryption can’t stand up anymore to brute force attacks by personal computers, espe-
cially if multiple computers are used together to crack these keys. Each additional computer
reduces the amount of time needed. Two computers can divide the keyspace—the entire set
of possible combinations of bits that can be the cryptovariable or key—and crack the key in
approximately half the time, and so on. Thus, 285 computers can crack a 56-bit key in one
year; 10 times as many computers would do it in just over a month. This means people who
have access to multiple systems or grid computing environments can radically speed up brute
force key-breaking efforts. However, an even greater concern is the ease with which you can
crack what appear to be uncrackable algorithms if you have the key. Key management (and
password management) is the most critical aspect of any cryptosystem in protecting encrypted
information, and is even more important in many cases than key strength.
Why, then, do encryption systems such as DES incorporate multiple elements or operations? Con-
sider this: If you use the same operation (XOR, substitution, or transposition) multiple times, you
gain no additional benefit. For example, if you use a substitution cipher and substitute B for A,
then R for B, and then Q for R, it has the same effect as substituting Q for A. Similarly, if you
transpose a character in position 1, then position 4, then position 3, you could more easily have
transposed the character from position 1 to position 3. There is no net advantage for sequential
operations unless each subsequent operation is different. Therefore, if you substitute, then trans-
pose, then XOR, then substitute again, you have dramatically scrambled, substituted, and recoded
the original plaintext with ciphertext, which you hope is unbreakable without the key.
Cryptographic Tools
The ability to conceal the contents of sensitive messages and verify the contents of messages
and the identities of their senders can be important in all areas of business. To be useful,
these cryptographic capabilities must be embodied in tools that allow IT and information
security practitioners to apply the elements of cryptography in the everyday world of comput-
ing. This section covers some of the widely used tools that bring the functions of cryptography
to the world of information systems.
 Public Key Infrastructure (PKI)
Key Terms
certificate authority (CA) In PKI, a third party that manages users’ digital certificates.
certificate revocation list (CRL) In PKI, a published list of revoked or terminated digital
certificates.
digital certificates Public-key container files that allow PKI system components and end users
to validate a public key and identify its owner.
public key infrastructure (PKI) An integrated system of software, encryption methodologies,
protocols, legal agreements, and third-party services that enables users to communicate securely
through the use of digital certificates.
registration authority (RA) In PKI, a third party that operates under the trusted collaboration
of the certificate authority and handles day-to-day certification functions.
442 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
Public key infrastructure (PKI) systems are based on public-key cryptosystems and include
digital certificates and certificate authorities (CAs). Digital certificates allow the PKI compo-
nents and their users to validate keys and identify key owners. (Digital certificates
are explained in more detail later in this chapter.) PKI systems and their digital certificate reg-
istries enable the protection of information assets by making verifiable digital certificates
readily available to business applications. This, in turn, allows the applications to implement
several key characteristics of information security and integrate these characteristics into the
following business processes across an organization:
●
Authentication: Individuals, organizations, and Web servers can validate the identity of
each party in an Internet transaction.
●
Integrity: Content signed by the certificate is known not to have been altered while in
transit from host to host or server to client.
●
Privacy: Information is protected from being intercepted during transmission.
●
Authorization: The validated identity of users and programs can enable authorization
rules that remain in place for the duration of a transaction; this reduces overhead and
allows for more control of access privileges for specific transactions.
●
Nonrepudiation: Customers or partners can be held accountable for transactions, such
as online purchases, which they cannot later dispute.
A typical PKI solution protects the transmission and reception of secure information by inte-
grating the following components:
●
A certificate authority (CA), which issues, manages, authenticates, signs, and revokes
users’ digital certificates. These certificates typically contain the user name, public key,
and other identifying information.
●
A registration authority (RA), which handles certification functions such as verifying
registration information, generating end-user keys, revoking certificates, and validating
user certificates, in collaboration with the CA.
●
Certificate directories, which are central locations for certificate storage that provide a
single access point for administration and distribution.
●
Management protocols, which organize and manage communications among CAs,
RAs, and end users. This includes the functions and procedures for setting up new
users, issuing keys, recovering keys, updating keys, revoking keys, and enabling the
transfer of certificates and status information among the parties involved in the PKI’s
area of authority.
●
Policies and procedures, which assist an organization in the application and manage-
ment of certificates, in the formalization of legal liabilities and limitations, and in
actual business use.
Common implementations of PKI include systems that issue digital certificates to users and
servers, directory enrollment, key issuing systems, tools for managing key issuance, and veri-
fication and return of certificates. These systems enable organizations to apply an enterprise-
wide solution that allows users within the PKI’s area of authority to engage in authenticated
and secure communications and transactions.
The CA performs many housekeeping activities regarding the use of keys and certificates that
are issued and used in its zone of authority. Each user authenticates himself or herself with
Cryptographic Tools 443
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
the CA. The CA can issue new or replacement keys, track issued keys, provide a directory of
public-key values for all known users, and perform other management activities. When a pri-
vate key is compromised or the user loses the privilege of using keys in the area of authority,
the CA can revoke the user’s keys. The CA periodically distributes a certificate revocation list
(CRL) to all users. When important events occur, specific applications can make a real-time
request to the CA to verify any user against the current CRL.
The issuance of certificates and their keys by the CA enables secure, encrypted, nonrepudi-
able e-business transactions. Some applications allow users to generate their own certificates
and keys, but a key pair generated by the end user can only provide nonrepudiation, not reli-
able encryption. A central system operated by a CA or RA can generate cryptographically
strong keys that are considered independently trustworthy by all users, and can provide ser-
vices for users such as private-key backup, key recovery, and key revocation.
The strength of a cryptosystem relies on both the raw strength of its key’s complexity and the
overall quality of its key management security. PKI solutions can provide several mechanisms
for limiting access and possible exposure of the private keys. These mechanisms include pass-
word protection, smart cards, hardware tokens, and other hardware-based key storage
devices that are memory-capable, like flash memory or PC memory cards. PKI users should
select the key security mechanisms that provide an appropriate level of key protection for
their needs. Managing the security and integrity of the private keys used for nonrepudiation
or the encryption of data files is critical to successfully using the encryption and nonrepudia-
tion services within the PKI’s area of trust. 6
For more information on public-key cryptography, read FIPS 191: “Entity Authentication Using
Public Key Cryptography” at http://csrc.nist.gov/publications/PubsFIPS.html.
 Digital Signatures
Key Terms
Digital Signature Standard (DSS) The NIST standard for digital signature algorithm usage by
federal information systems. DSS is based on a variant of the ElGamal signature scheme.
digital signatures Encrypted message components that can be mathematically proven as
authentic.
nonrepudiation The process of reversing public-key encryption to verify that a message was
sent by the sender and thus cannot be refuted.
Digital signatures were created in response to the rising need to verify information trans-
ferred via electronic systems. Asymmetric encryption processes are used to create digital
signatures. When an asymmetric cryptographic process uses the sender’s private key to
encrypt a message, the sender’s public key must be used to decrypt the message. When
the decryption is successful, the process verifies that the message was sent by the sender
and thus cannot be refuted. This process is known as nonrepudiation, and is the principle
of cryptography that underpins the authentication mechanism collectively known as a dig-
ital signature. Digital signatures, therefore, are encrypted messages that can be mathemati-
cally proven as authentic.
444 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
8
The management of digital signatures is built into most Web browsers. For example, the
digital signature management screen in Internet Explorer is shown in Figure 8-7. In gen-
eral, digital signatures should be created using processes and products that are based on
the Digital Signature Standard (DSS). When processes and products are certified as DSS
compliant, they have been approved and endorsed by U.S. federal and state governments,
Figure 8-7 Digital signature in Windows 7 Internet Explorer
Source: Windows 7 Internet Explorer.
Cryptographic Tools 445
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
as well as by many foreign governments, as a means of authenticating the author of an
electronic document.
DSS algorithms can be used in conjunction with the sender’s public and private keys, the
receiver’s public key, and the Secure Hash Standard to quickly create messages that are
both encrypted and nonrepudiable. This process first creates a message digest using the
hash algorithm, which is then input into the digital signature algorithm along with a ran-
dom number to generate the digital signature. The digital signature function also depends
on the sender’s private key and other information provided by the CA. The resulting
encrypted message contains the digital signature, which can be verified by the recipient
using the sender’s public key.
For more information on the Digital Signature Standard, read FIPS 186-4 at http://csrc.nist.gov
/publications/PubsFIPS.html.
 Digital Certificates
As you learned earlier in this chapter, a digital certificate is an electronic document or
container file that contains a key value and identifying information about the entity that
controls the key. The certificate is often issued and certified by a third party, usually a cer-
tificate authority. A digital signature attached to the certificate’s container file certifies the
file’s origin and integrity. This verification process often occurs when you download or
update software via the Internet. For example, the window in Figure 8-8 shows that the
downloaded files do come from the purported originating agency, Amazon.com, and thus
can be trusted.
Unlike digital signatures, which help authenticate the origin of a message, digital certificates
authenticate the cryptographic key that is embedded in the certificate. When used properly,
these certificates enable diligent users to verify the authenticity of any organization’s certifi-
cates. This process is much like what happens when the Federal Deposit Insurance
Corporation (FDIC) issues its logo to assure customers that a bank is authentic. Different
client-server applications use different types of digital certificates to accomplish their assigned
functions, as follows:
●
The CA application suite issues and uses certificates (keys) that identify and establish a
trust relationship with a CA to determine what additional certificates can be
authenticated.
●
Mail applications use Secure/Multipurpose Internet Mail Extension (S/MIME) certifi-
cates for signing and encrypting e-mail as well as for signing forms.
●
Development applications use object-signing certificates to identify signers of object-
oriented code and scripts.
●
Web servers and Web application servers use Secure Sockets Layer (SSL) certificates to
authenticate servers via the SSL protocol in order to establish an encrypted SSL ses-
sion. The SSL protocol is explained later in this chapter.
●
Web clients use client SSL certificates to authenticate users, sign forms, and participate
in single sign-on solutions via SSL.
Two popular certificate types are created using Pretty Good Privacy (PGP) and applications
that conform to International Telecommunication Union’s (ITU-T) X.509 version 3.
446 Chapter 8
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Figure 8-8 Example digital certificate
Source: Amazon.com.
8
Cryptographic Tools 447
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
The X.509 v3 certificate, whose structure is outlined in Table 8-6, is an ITU-T recommenda-
tion that essentially defines a directory service that maintains a database of information (also
known as a repository) about a group of users holding X.509 v3 certificates. These certifi-
cates bind a distinguished name (DN), which uniquely identifies a certificate entity, to a
user’s public key. The certificate is signed and placed in the directory by the CA for retrieval
and verification by the user’s associated public key. The X.509 v3 standard’s recommenda-
tion does not specify an encryption algorithm, although RSA, with its hashed digital signa-
ture, is typically used.
 Hybrid Cryptography Systems
Key Terms
Diffie-Hellman key exchange A hybrid cryptosystem that facilitates exchanging private keys
using public-key encryption.
session keys Limited-use symmetric keys for temporary communications during an online
session.
X.509 v3 Certificate structure
Version
Certificate Serial Number
●
Algorithm ID
●
Algorithm ID
●
Parameters
Issuer Name
●
Validity
●
Not Before
●
Not After
Subject Name
Subject Public-Key Information
●
Public-Key Algorithm
●
Parameters
●
Subject Public Key
Issuer Unique Identifier (Optional)
Subject Unique Identifier (Optional)
Extensions (Optional)