Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Selecting IDPS products that best fit an organization’s needs is a challenging and com-
- plex process. A wide array of products and vendors are available, each with its own
- approach and capabilities.
- ■ Deploying and implementing IDPS technology is a complex undertaking that
- requires knowledge and experience. After deployment, each organization should
- measure the effectiveness of its IDPS and then continue with periodic assessments
- over time.
- ■ Honeypots are decoy systems designed to lure potential attackers away from critical
- systems. In the security industry, these systems are also known as decoys, lures, or fly-
- traps. Two variations on this technology are known as honeynets and padded cell
- systems.
- ■ Trap-and-trace applications are designed to react to an intrusion event by tracing it
- back to its source. This process is fraught with professional and ethical issues—some
- people in the security field believe that the back hack in the trace process is as signifi-
- cant a violation as the initial attack.
- 410 Chapter 7
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 7
- ■ Active intrusion prevention seeks to limit the damage that attackers can perpetrate by
- making the local network resistant to inappropriate use.
- ■ Scanning and analysis tools are used to pinpoint vulnerabilities in systems, holes in
- security components, and unsecured aspects of the network. Although these tools
- are used by attackers, they can also be used by administrators to learn more about
- their own systems and to identify and repair system weaknesses before they result
- in losses.
- Review Questions
- 1. What common security system is an IDPS most like? In what ways are these systems
- similar?
- 2. How does a false positive alarm differ from a false negative alarm? From a security
- perspective, which is less desirable?
- 3. How does a network-based IDPS differ from a host-based IDPS?
- 4. How does a signature-based IDPS differ from a behavior-based IDPS?
- 5. What is a monitoring (or SPAN) port? What is it used for?
- 6. List and describe the three control strategies proposed for IDPSs.
- 7. What is a honeypot? How is it different from a honeynet?
- 8. How does a padded cell system differ from a honeypot?
- 9. What is network footprinting?
- 10. What is network fingerprinting?
- 11. How are network footprinting and network fingerprinting related?
- 12. Why do many organizations ban port scanning activities on their internal networks?
- 13. Why would ISPs ban outbound port scanning by their customers?
- 14. What is an open port? Why is it important to limit the number of open ports to those
- that are absolutely essential?
- 15. What is a system’s attack surface? Why should it be minimized when possible?
- 16. What is a vulnerability scanner? How is it used to improve security?
- 17. What is the difference between active and passive vulnerability scanners?
- 18. What is Metasploit Framework? Why is it considered riskier to use than other vulner-
- ability scanning tools?
- Review Questions 411
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 19. What kind of data and information can be found using a packet sniffer?
- 20. What capabilities should a wireless security toolkit include?
- Exercises
- 1. A key feature of hybrid IDPS systems is event correlation. After researching event cor-
- relation online, define the following terms as they are used in this process: compres-
- sion, suppression, and generalization.
- 2. ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at
- www.zonelabs.com and find the product specification for the IDPS features of ZoneA-
- larm. Which ZoneAlarm products offer these features?
- 3. Using the Internet, search for commercial IDPS systems. What classification systems
- and descriptions are used, and how can they be used to compare the features and com-
- ponents of each IDPS? Create a comparison spreadsheet to identify the classification
- systems you find.
- 4. Use the Internet to search for “live DVD security toolkit.” Read a few Web sites to
- learn about this class of tools and their capabilities. Write a brief description of a live
- DVD security toolkit.
- 5. Several online passphrase generators are available. Locate at least two on the Internet
- and try them. What did you observe?
- Case Exercises
- Miller Harrison was still working his way through his attack protocol.
- Nmap started out as it usually did, by giving the program identification and version num-
- ber. Then it started reporting back on the first host in the SLS network. It reported all of
- the open ports on this server. The program moved on to a second host and began report-
- ing back the open ports on that system, too. Once it reached the third host, however, it
- suddenly stopped.
- Miller restarted Nmap, using the last host IP as the starting point for the next scan. No
- response. He opened another command window and tried to ping the first host he had just
- port-scanned. No luck. He tried to ping the SLS firewall. Nothing. He happened to know the
- IP address for the SLS edge router. He pinged that and got the same result. He had been
- blackholed, meaning his IP address had been put on a list of addresses from which the SLS
- edge router would no longer accept packets. Ironically, the list was his own doing. The IDPS
- he had been helping SLS configure seemed to be working just fine at the moment. His attempt
- to hack the SLS network was shut down cold.
- 412 Chapter 7
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 7
- Discussion Questions
- 1. Do you think Miller is out of options as he pursues his vendetta? If you think he could
- take additional actions in his effort to damage the SLS network, what are they?
- 2. Suppose a system administrator at SLS read the details of this case. What steps should
- he or she take to improve the company’s information security program?
- Ethical Decision Making
- It seems obvious that Miller is breaking at least a few laws in his attempt at revenge.
- Suppose that when his scanning efforts had been detected, SLS not only added his IP
- address to the list of sites banned from connecting to the SLS network, the system also
- triggered a response to seek out his computer and delete key files on it to disable his
- operating system.
- Would such an action by SLS be ethical? Do you think that action would be legal?
- Suppose instead that Miller had written a routine to constantly change his assigned IP
- address to other addresses used by his ISP. If the SLS intrusion system determined what
- Miller was doing and then added the entire range of ISP addresses to the banned list, thus
- stopping any user of the ISP from connecting to the SLS network, would SLS’s action be
- ethical?
- What if SLS were part of an industry consortium that shared IP addresses flagged by its
- IDPS, and all companies in the group blocked all of the ISP’s users for 10 minutes? These
- users would be blocked from accessing perhaps hundreds of company networks. Would that
- be an ethical response by members of the consortium? What if these users were blocked for
- 24 hours?
- Endnotes
- 1. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
- Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1. (DRAFT)
- 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications /PubsSPs.
- html.
- 2. Ibid.
- 3. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
- Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
- February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
- 4. Ibid.
- 5. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
- to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
- (DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
- /PubsSPs.html.
- 6. Ibid.
- Endnotes 413
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 7. Ibid.
- 8. Ibid.
- 9. Ibid.
- 10. Ibid.
- 11. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
- Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
- February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
- 12. Ibid.
- 13. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
- to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
- (DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
- /PubsSPs.html.
- 14. Ibid.
- 15. Ibid.
- 16. Ibid.
- 17. Ibid.
- 18. Ranum, Marcus J. “False Positives: A User’s Guide to Making Sense of IDS Alarms.”
- ICSA Labs IDSC. February 2003. Accessed 15 February 2014 from www.
- bandwidthco.com/whitepapers/compforensics/ids/False%20Positives%20A%20Users%
- 20Guide%20To%20IDS%20Alarms.pdf.
- 19. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
- to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
- (DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
- /PubsSPs.html.
- 20. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
- Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
- February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
- 21. Ibid.
- 22. Ibid.
- 23. Ibid.
- 24. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
- to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
- (DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
- /PubsSPs.html.
- 25. Ibid.
- 26. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide to
- Intrusion Detection and Prevention Systems (IDPS). SP 800-94. 2007. Accessed 14
- February 2014 from http://csrc.nist.gov/publications/PubsSPs.html.
- 27. Scarfone, K., and Mell, P. National Institute of Standards and Technology. Guide
- to Intrusion Detection and Prevention Systems (IDPS). SP 800-94, Rev. 1.
- (DRAFT) 2012. Accessed 14 February 2014 from http://csrc.nist.gov/publications
- /PubsSPs.html.
- 414 Chapter 7
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 7
- 28. “Acquiring and Deploying Intrusion Detection Systems.” National Institute of Stan-
- dards and Technology. Accessed 16 February 2014 from http://csrc.nist.gov/publica-
- tions/nistbul/11-99.pdf.
- 29. “Pen Registers” and “Trap-and-Trace Devices.” Accessed 15 February 2014 from
- https://ssd.eff.org/wire/govt/pen-registers.
- 30. 18 U.S. Code Chapter 206. “Pen Registers and Trap-and-Trace Devices.” Accessed 15
- February 2014 from http://uscode.house.gov/view.xhtml?req=(title:18%20chapter:206%
- 20edition:prelim.
- 31. SecTools.Org: Top 125 Network Security Tools. Accessed 15 February 2014 from
- http://sectools.org/tag/vuln-scanners/.
- Endnotes 415
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- chapter 8
- Cryptography
- Yet it may roundly be asserted that human ingenuity cannot concoct a
- cipher which human ingenuity cannot resolve.
- EDGAR ALLAN POE, THE GOLD BUG
- Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an
- e-mail from the manager of the accounting department. The e-mail had an attachment—
- probably a spreadsheet or a report of some kind—and from the file icon he could tell it
- was encrypted. He saved the file to his computer’s hard drive and then double-clicked the
- icon to open it.
- His computer operating system recognized that the file was encrypted and started the
- decryption program, which prompted Peter for his passphrase. Peter’s mind went blank. He
- couldn’t remember the passphrase. “Oh, good grief!” he said to himself, reaching for his
- phone.
- “Charlie, good, you’re still here. I’m having trouble with a file in my e-mail program. My
- computer is prompting me for my passphrase, and I think I forgot it.”
- “Uh-oh,” said Charlie.
- “What do you mean ‘Uh-oh’?”
- “I mean you’re S.O.L.” Charlie replied. “Simply outta luck.”
- “Out of luck?” said Peter. “Why? Can’t you do something? I have quite a few files that are
- encrypted with this PGP program. I need my files.”
- 417
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- Charlie let him finish, then said, “Peter, remember how I told you it was important to remem-
- ber your passphrase?” Charlie heard a sigh on the other end of the line, but decided to ignore
- it. “And do you remember I said that PGP is only free for individuals and that you weren’t to
- use it for company files since we didn’t buy a license for the company? I only set that program
- up on your personal laptop for your home e-mail—for when your sister wanted to send you
- some financial records. When did you start using it on SLS systems for company business?”
- “Well,” Peter answered, “one of my staff had some financials that were going to be ready a few
- weeks ago while I was traveling. I swapped public keys with him before I left, and then he sent
- the files to me securely by e-mail while I was in Dubai. It worked out great. So the next week I
- encrypted quite a few files. Now I can’t get to any of them because I can’t seem to remember
- my passphrase.” There was a long pause, and then he asked, “Can you hack it for me?”
- Charlie chuckled and then said, “Sure, Peter, no problem. Send me the files and I’ll put the
- biggest server we have to work on it. Since we set you up in PGP with 256-bit AES, I should
- be able to apply a little brute force and crack the key to get the plaintext in a hundred tril-
- lion years or so.”
- LEARNING OBJECTIVES:
- Upon completion of this material, you should be able to:
- • Chronicle the most significant events and discoveries in the history of cryptology
- • Explain the basic principles of cryptography
- • Describe the operating principles of the most popular cryptographic tools
- • List and explain the major protocols used for secure communications
- Introduction
- Key Terms
- cryptanalysis The process of obtaining the plaintext message from a ciphertext message
- without knowing the keys used to perform the encryption.
- cryptography The process of making and using codes to secure the transmission of information.
- cryptology The science of encryption, which encompasses cryptography and cryptanalysis.
- The science of cryptography is not as enigmatic as you might think. A variety of crypto-
- graphic techniques are used regularly in everyday life. For example, open your newspaper to
- the entertainment section and you’ll find the daily cryptogram, a word puzzle that involves
- unscrambling letters to find a hidden message. Also, although it is a dying art, many secretar-
- ies still use shorthand, or stenography, an abbreviated, symbolic writing method, to take rapid
- dictation. A form of cryptography is used even in knitting patterns, where directions are writ-
- ten in a coded form in patterns such as K1P1 (knit 1, purl 1) that only an initiate can under-
- stand. These examples illustrate one important application of cryptography—the efficient and
- rapid transmittal of information—but cryptography also protects and verifies data transmitted
- via information systems.
- 418 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- The science of encryption, known as cryptology, encompasses cryptography and cryptanaly-
- sis. Cryptography comes from the Greek words kryptos, meaning “hidden,” and graphein,
- meaning “to write,” and involves making and using codes to secure messages. Cryptanalysis
- involves cracking or breaking encrypted messages back into their unencrypted origins.
- Cryptography uses mathematical algorithms that are usually known to all. After all, it’s not
- the knowledge of the algorithm that protects the encrypted message, it’s the knowledge of the
- key—a series of characters or bits injected into the algorithm along with the original message
- to create the encrypted message. An individual or system usually encrypts a plaintext message
- into ciphertext, making it unreadable to unauthorized people—those without the key needed
- to decrypt the message back into plaintext, where it can be read and understood.
- The field of cryptology is so vast that it can fill many volumes. This textbook provides only a
- general overview of cryptology and some specific information about cryptographic tools. In
- the early sections of this chapter, you learn the background of cryptology as well as key con-
- cepts in cryptography and common cryptographic tools. In later sections, you will learn about
- common cryptographic protocols and some of the attack methods used against cryptosystems.
- Foundations of Cryptology
- Cryptology has an extensive, multicultural history. Table 8-1 provides a brief overview of the
- history of cryptosystems.
- Date Event
- 1900 B.C. Egyptian scribes used nonstandard hieroglyphs while inscribing clay tablets; this is the first
- documented use of written cryptography.
- 1500 B.C. Mesopotamian cryptography surpassed that of the Egyptians, as demonstrated by a tablet that was
- discovered to contain an encrypted formula for pottery glazes; the tablet used symbols that have
- differentmeanings depending on the context.
- 500 B.C. Hebrew scribes writing the book of Jeremiah used a reversed alphabet substitution cipher known as
- ATBASH.
- 487 B.C. The Spartans of Greece developed the skytale, a system consisting of a strip of papyrus wrapped
- around a wooden staff. Messages were written down the length of the staff, and the papyrus was
- unwrapped. The decryption process involved wrapping the papyrus around a shaft of similar
- diameter.
- 50 B.C. Julius Caesar used a simple substitution cipher to secure military and government communications.
- To form an encrypted text, Caesar shifted the letters of the alphabet three places. In addition to
- this monoalphabetic substitution cipher, Caesar strengthened his encryption by substituting Greek
- letters for Latin letters.
- Fourth
- to sixth
- centuries
- The Kama Sutra of Vatsayana listed cryptography as the 44th and 45th of the 64 arts (yogas) that
- men and women should practice: (44) The art of understanding writing in cipher, and the writing of
- words in a peculiar way; (45) The art of speaking by changing the forms of the word.
- 725 Abu ‘Abd al-Rahman al-Khalil ibn Ahmad ibn ‘Amr ibn Tammam al Farahidi al-Zadi al Yahmadi
- wrote a book (now lost) on cryptography; he also solved a Greek cryptogram by guessing the
- plaintext introduction.
- Table 8-1 History of Cryptology (continues)
- Foundations of Cryptology 419
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- Date Event
- 855 Abu Wahshiyyaan-Nabati, a scholar, published several cipher alphabets that were used to encrypt
- magic formulas.
- 1250 Roger Bacon, an English monk, wrote Epistle of Roger Bacon on the Secret Works of Art and of
- Nature and Also on the Nullity of Magic, in which he described several simple ciphers.
- 1392 The Equatorie of the Planetis, an early text possibly written by Geoffrey Chaucer, contained a
- passage in a simple substitution cipher.
- 1412 Subhalasha, a 14-volume Arabic encyclopedia, contained a section on cryptography, including both
- substitution and transposition ciphers, as well as ciphers with multiple substitutions, a technique that
- had never been used before.
- 1466 Leon Battista Alberti, the father of Western cryptography, worked with polyalphabetic substitution
- and designed a cipher disk.
- 1518 Johannes Trithemius wrote the first printed book on cryptography and invented a steganographic
- cipher, in which each letter was represented as a word taken from a succession of columns. He also
- described a polyalphabetic encryption method using a rectangular substitution format that is now
- commonly used. He is credited with introducing the method of changing substitution alphabets with
- each letter as it is deciphered.
- 1553 Giovan Batista Bellaso introduced the idea of the passphrase (password) as a key for encryption. His
- polyalphabetic encryption method is misnamed for another person who later used the technique; it
- is called the Vigenère Cipher today.
- 1563 Giovanni Battista Porta wrote a classification text on encryption methods, categorizing them as
- transposition, substitution, and symbol substitution.
- 1623 Sir Francis Bacon described an encryption method that employed one of the first uses of
- steganography; he encrypted his messages by slightly changing the typeface of a random text so
- that each letter of the cipher was hidden within the text.
- 1790s Thomas Jefferson created a 26-letter wheel cipher, which he used for official communications while
- ambassador to France; the concept of the wheel cipher would be reinvented in 1854 and again in
- 1913.
- 1854 Charles Babbage reinvented Thomas Jefferson’s wheel cipher.
- 1861–5 During the U.S. Civil War, Union forces used a substitution encryption method based on specific
- words, and the Confederacy used a polyalphabetic cipher whose solution had been published before
- the start of the war.
- 1914–17 Throughout World War I, the Germans, British, and French used a series of transposition and
- substitution ciphers in radio communications. All sides expended considerable effort to try to
- intercept and decode communications, and thereby created the science of cryptanalysis. British
- cryptographers broke the Zimmerman Telegram, in which the Germans offered Mexico U.S.
- territory in return for Mexico’s support. This decryption helped to bring the United States into
- the war.
- 1917 William Frederick Friedman, the father of U.S. cryptanalysis, and his wife, Elizabeth, were employed
- as civilian cryptanalysts by the U.S. government. Friedman later founded a school for cryptanalysis in
- Riverbank, Illinois.
- 1917 Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a
- nonrepeating random key.
- 1919 Hugo Alexander Koch filed a patent in the Netherlands for a rotor-based cipher machine; in 1927,
- Koch assigned the patent rights to Arthur Scherbius, the inventor of the Enigma machine.
- Table 8-1 History of Cryptology (continues)
- 420 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- Today, many common IT tools use embedded encryption technologies to protect sensitive
- information within applications. For example, all the popular Web browsers use built-in
- encryption features to enable secure e-commerce, such as online banking and Web
- shopping.
- Since World War II, there have been restrictions on the export of cryptosystems, and they
- continue today, as you saw in Figure 3-4. In 1992, encryption tools were officially listed
- as Auxiliary Military Technology under the Code of Federal Regulations: International
- Traffic in Arms Regulations. 1 These restrictions are due in part to the role cryptography
- played in World War II, and the belief of the American and British governments that the
- cryptographic tools they developed were far superior to those in lesser developed coun-
- tries. As a result, both governments believe such countries should be prevented from
- using cryptosystems to communicate potential terroristic activities or gain an economic
- advantage.
- For more information on the history of cryptology, visit the National Security Agency’s National
- Cryptologic Museum (see www.nsa.gov/about/cryptologic_heritage/museum) or visit the online
- Crypto Museum at www.cryptomuseum.com.
- Date Event
- 1927–33 During Prohibition, criminals in the United States began using cryptography to protect the privacy of
- messages used in illegal activities.
- 1937 The Japanese developed the Purple machine, which was based on principles similar to those of
- Enigma, and used mechanical relays from telephone systems to encrypt diplomatic messages. By
- 1940, a team headed by William Friedman had broken the code generated by this machine and
- constructed a machine that could quickly decode Purple’s ciphers.
- 1939–42 The Allies secretly broke the Enigma cipher, undoubtedly shortening World War II.
- 1942 Navajo code talkers entered World War II; in addition to speaking a language that was unknown
- outside a relatively small group within the United States, the Navajos developed code words for
- subjects and ideas that did not exist in their native tongue.
- 1948 Claude Shannon suggested using frequency and statistical analysis in the solution of substitution
- ciphers.
- 1970 Dr. Horst Feistel led an IBM research team in the development of the Lucifer cipher.
- 1976 A design based on Lucifer was chosen by the U.S. National Security Agency as the Data Encryption
- Standard, which found worldwide acceptance.
- 1976 Whitfield Diffie and Martin Hellman introduced the idea of public-key cryptography.
- 1977 Ronald Rivest, Adi Shamir, and Leonard Adleman developed a practical public-key cipher both for
- confidentiality and digital signatures; the RSA family of computer encryption algorithms was born.
- 1978 The initial RSA algorithm was published in Communications of the ACM.
- 1991 Phil Zimmermann released the first version of PGP (Pretty Good Privacy); PGP was released as
- freeware and became the worldwide standard for public cryptosystems.
- 2000 Rijndael’s cipher was selected as the Advanced Encryption Standard.
- Table 8-1 History of Cryptology
- © Cengage Learning 2015
- Foundations of Cryptology 421
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- Terminology
- To understand the fundamentals of cryptography, you must know the meanings of the fol-
- lowing terms:
- ●
- Algorithm: The steps used to convert an unencrypted message into an encrypted
- sequence of bits that represent the message; sometimes refers to the programs that
- enable the cryptographic processes.
- ●
- Bit stream cipher: An encryption method that involves converting plaintext to cipher-
- text one bit at a time.
- ●
- Block cipher: An encryption method that involves dividing the plaintext into blocks or
- sets of bits and then converting the plaintext to ciphertext one block at a time.
- ●
- Cipher or cryptosystem: An encryption method or process encompassing the algorithm,
- key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.
- ●
- Ciphertext or cryptogram: The encoded message resulting from an encryption.
- ●
- Code: The process of converting components (words or phrases) of an unencrypted
- message into encrypted components.
- ●
- Decipher: To decrypt, decode, or convert ciphertext into the equivalent plaintext.
- ●
- Decrypt: See Decipher.
- ●
- Encipher: To encrypt, encode, or convert plaintext into the equivalent ciphertext.
- ●
- Encrypt: See Encipher.
- ●
- Key or cryptovariable: The information used in conjunction with an algorithm to cre-
- ate the ciphertext from the plaintext or derive the plaintext from the ciphertext. The
- key can be a series of bits used by a computer program, or it can be a passphrase used
- by people that is then converted into a series of bits used by a computer program.
- ●
- Keyspace: The entire range of values that can be used to construct an individual key.
- ●
- Link encryption: A series of encryptions and decryptions between a number of systems,
- wherein each system in a network decrypts the message sent to it and then reencrypts
- the message using different keys and sends it to the next neighbor. This process con-
- tinues until the message reaches the final destination.
- ●
- Plaintext or cleartext: The original unencrypted message, or a message that has been
- successfully decrypted.
- ●
- Steganography: The hiding of messages—for example, within the digital encoding of a
- picture or graphic.
- ●
- Work factor: The amount of effort (usually in hours) required to perform cryptanalysis
- to decode an encrypted message when the key, the algorithm, or both are unknown.
- Cipher Methods
- There are two methods of encrypting plaintext: the bit stream method or the block cipher
- method, as defined in the previous section. In the bit stream method, each bit in the plaintext
- is transformed into a cipher bit one bit at a time. In the block cipher method, the message is
- divided into blocks—for example, sets of 8-, 16-, 32-, or 64-bit blocks—and then each block
- 422 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- of plaintext bits is transformed into an encrypted block of cipher bits using an algorithm and
- a key. Bit stream methods commonly use algorithm functions like the exclusive OR operation
- (XOR), whereas block methods can use substitution, transposition, XOR, or some combina-
- tion of these operations, as described in the following sections. Note that most computer-
- based encryption methods operate on data at the level of its binary digits (bits), while others
- operate at the byte or character level.
- Substitution Cipher
- Key Terms
- monoalphabetic substitution A substitution cipher that only incorporates a single alphabet in
- the encryption process.
- polyalphabetic substitution A substitution cipher that incorporates two or more alphabets in
- the encryption process.
- substitution cipher An encryption method in which one value is substituted for another.
- Vigenère cipher An advanced type of substitution cipher that uses a simple polyalphabetic code.
- A substitution cipher exchanges one value for another—for example, it might exchange a let-
- ter in the alphabet with the letter three values to the right, or it might substitute one bit for
- another bit four places to its left. A three-character substitution to the right results in the fol-
- lowing transformation of the standard English alphabet.
- Initial alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ yields
- Encryption alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC
- Within this substitution scheme, the plaintext MOM would be encrypted into the ciphertext PRP.
- This is a simple enough method by itself, but it becomes very powerful if combined with
- other operations. The previous example of substitution is based on a single alphabet and
- thus is known as a monoalphabetic substitution. More advanced substitution ciphers use
- two or more alphabets, and are referred to as polyalphabetic substitutions.
- To extend the previous example, consider the following block of text:
- Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
- Substitution cipher 1: DEFGHIJKLMNOPQRSTUVWXYZABC
- Substitution cipher 2: GHIJKLMNOPQRSTUVWXYZABCDEF
- Substitution cipher 3: JKLMNOPQRSTUVWXYZABCDEFGHI
- Substitution cipher 4: MNOPQRSTUVWXYZABCDEFGHIJKL
- The first row here is the plaintext, and the next four rows are four sets of substitution ciphers,
- which taken together constitute a single polyalphabetic substitution cipher. To encode the word
- TEXT with this cipher, you substitute a letter from the second row for the first letter in TEXT,
- a letter from the third row for the second letter, and so on—a process that yields the ciphertext
- WKGF. Note how the plaintext letter T is transformed into a W or an F, depending on its
- order of appearance in the plaintext. Complexities like these make this type of encryption sub-
- stantially more difficult to decipher when one doesn’t have the algorithm (in this case, the rows
- of ciphers) and the key, which is the substitution method. A logical extension to this process is
- to randomize the cipher rows completely in order to create a more complex operation.
- Cipher Methods 423
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- One example of a monoalphabetic substitution cipher is the cryptogram in the daily newspa-
- per (see Figure 8-1). Another example is the once famous Radio Orphan Annie decoder pin
- (shown in Figure 8-2), which consisted of two alphabetic rings that could be rotated to a pre-
- determined pairing to form a simple substitution cipher. The device was made to be worn as
- A P N U P A T A U M :
- :
- M A J X T U E Q
- M J F P A U A T - O T X J A
- -
- '
- ' M A J X T U E Q U M D P V E
- H T V R X J E
- '
- H T V J A M M ' D O X E
- E F A Z D P E T D V X D P Q N V V R
- Figure 8-1 Daily cryptogram
- Figure 8-2 Radio Orphan Annie’s decoder pin
- Source: www.RadioArchives.com
- © Cengage Learning 2015
- 424 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- a pin so one could always be at the ready. As mentioned in Table 8-1, Julius Caesar report-
- edly used a three-position shift to the right to encrypt his messages (A became D, B became
- E, and so on), so this substitution cipher was given his name—the Caesar Cipher.
- An advanced type of substitution cipher that uses a simple polyalphabetic code is the
- Vigenère cipher. The cipher is implemented using the Vigenère square (or table), also known
- as a tabula recta—a term invented by Johannes Trithemius in the 1500s. Table 8-2 illustrates
- the setup of the Vigenère square, which is made up of 26 distinct cipher alphabets. In the
- header row and column, the alphabet is written in its normal order. In each subsequent
- row, the alphabet is shifted one letter to the right until a 26 ? 26 block of letters is formed.
- Table 8-2 The Vigenère Square
- © Cengage Learning 2015
- Cipher Methods 425
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- You can use the Vigenère square in several ways. For example, you could perform an encryp-
- tion by simply starting in the first row, finding a substitute for the first letter of plaintext, and
- then moving down the rows for each subsequent letter of plaintext. With this method, the
- word SECURITY in plaintext becomes TGFYWOAG in ciphertext.
- A much more sophisticated way to use the Vigenère square is to use a keyword to represent
- the shift. To accomplish this, you begin by writing a keyword above the plaintext message.
- For example, suppose the plaintext message is “SACK GAUL SPARE NO ONE” and the
- keyword is ITALY. We thus end up with the following:
- ITALYITALYITALYITA
- SACKGAULSPARENOONE
- Now you use the keyword letter and the message (plaintext) letter below it in combination.
- Returning to the Vigenère square, notice how the first column of text, like the first row,
- forms the normal alphabet. To perform the substitution, start with the first combination
- of keyword and message letters, IS. Use the keyword letter to locate the column and the
- message letter to find the row, and then look for the letter at their intersection. Thus, for
- column “I” and row “S,” you will find the ciphertext letter “A.” After you follow this
- procedure for each letter in the message, you will produce the encrypted ciphertext
- ATCVEINLDNIKEYMWGE. One weakness of this method is that any keyword-message
- letter combination containing an “A” row or column reproduces the plaintext message letter.
- For example, the third letter in the plaintext message, the C (of SACK), has a combination of
- AC, and thus is unchanged in the ciphertext. To minimize the effects of this weakness, you
- should avoid choosing a keyword that contains the letter “A.”
- Transposition Cipher
- Key Terms
- permutation cipher See transposition cipher.
- transposition cipher Also known as a permutation cipher, an encryption method that involves
- simply rearranging the values within a block based on an established pattern to create the
- ciphertext.
- Like the substitution operation, the transposition cipher is simple to understand, but if prop-
- erly used, it can produce ciphertext that is difficult to decipher. In contrast to the substitution
- cipher, however, the transposition cipher or permutation cipher simply rearranges the bits or
- bytes (characters) within a block to create the ciphertext. For an example, consider the fol-
- lowing transposition key pattern.
- Key pattern: 8 ! 3, 7 ! 6, 6 ! 2, 5 ! 7, 4 ! 5, 3 ! 1, 2 ! 8, 1 ! 4
- In this key, the bit or byte (character) in position 1 moves to position 4. When operating on
- binary data, position 1 is at the far right of the data string, and counting proceeds from right
- to left. Next, the bit or byte in position 2 moves to position 8, and so on. This cipher is simi-
- lar to another newspaper puzzle favorite: the word jumble, as illustrated in Figure 8-3. In the
- jumble, words are scrambled, albeit with no defined pattern. Upon unscrambling, the words
- provide key characters used to decode a separate message.
- 426 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- The following rows show the numbering of bit locations for this key; the plaintext message
- 00100101011010111001010101010100, which is broken into 8-bit blocks for clarity; and
- the ciphertext that is produced when the transposition key depicted above is applied to the
- plaintext.
- Bit locations: 87654321 87654321 87654321 87654321
- Plaintext 8-bit blocks: 00100101|01101011|10010101|01010100
- Ciphertext: 00001011|10111010|01001101|01100001
- Reading from right to left in this example, the first bit of plaintext (position 1 of the first byte)
- becomes the fourth bit (in position 4) of the first byte of the ciphertext. Similarly, the second bit
- of the plaintext (position 2) becomes the eighth bit (position 8) of the ciphertext, and so on.
- To examine further how this transposition key works, look at its effects on a plaintext mes-
- sage comprised of letters instead of bits. Replacing the 8-bit block of plaintext with the exam-
- ple plaintext message presented earlier, “SACK GAUL SPARE NO ONE,” yields the
- following.
- Letter locations: 87654321|87654321|87654321
- Plaintext: __ENO_ON|_ERAPS_L|UAG_KCAS
- Key: Same key as above, but characters transposed, not bits.
- Ciphertext: ON_ON_E_|_AEPL_RS|A_AKSUGC
- Here, you read from right to left to match the order in which characters would be transmit-
- ted from a sender on the left to a receiver on the right. The letter in position 1 of the first
- block of plaintext, “S,” moves to position 4 in the ciphertext. The process is continued until
- the letter “U,” the eighth letter of the first block of plaintext, moves to the third position of
- the ciphertext. This process continues with subsequent blocks using the same specified pat-
- tern. Obviously, the use of different-sized blocks or multiple transposition patterns would
- enhance the strength of the cipher.
- In addition to being credited with inventing a substitution cipher, Julius Caesar was associ-
- ated with an early version of the transposition cipher. In the Caesar block cipher, the recipi-
- ent of the coded message knows to fit the text to a prime number square. In practice, this
- “Ben Franklin’s Airport Woes”
- “Those who desire to give up freedom in
- order to gain will not have, nor do
- they deserve, either one.”
- R S T U T
- H P R I E C
- E D N O E C
- D I N E H D
- B I E S S C R
- v I Y p A R C
- ANSWER:
- Figure 8-3 Word jumble
- © Cengage Learning 2015
- Cipher Methods 427
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- means that if there are fewer than 25 characters, the recipient uses a 5 × 5 square. For exam-
- ple, if you received the Caesar ciphertext shown below, you would make a square of five col-
- umns and five rows, and then write the letters of the message into the square, filling the slots
- from left to right and top to bottom. Then you would read the message from the opposite
- direction—that is, from top to bottom, left to right.
- Ciphertext: SGS_NAAPNECUAO_KLR _ _ _ EO
- S G S _ N
- A A P N E
- C U A O _
- K L R _ _
- _ _ E O _
- Reading from top to bottom, left to right reveals the plaintext “SACK GAUL SPARE NO
- ONE.”
- When mechanical and electronic cryptosystems became more widely used, transposition
- ciphers and substitution ciphers were combined to produce highly secure encryption pro-
- cesses. To make the encryption even stronger and more difficult to cryptanalyze, the keys
- and block sizes can be increased to 128 bits or more, which produces substantially more
- complex substitutions or transpositions. These systems use a block padding method to fill
- the last block of the plaintext with random characters to facilitate the algorithm.
- Exclusive OR
- Key Term
- exclusive OR operation (XOR) A function within Boolean algebra used as an encryption
- function in which two bits are compared. If the two bits are identical, the result is a binary 0;
- otherwise, the result is a binary 1.
- The exclusive OR operation (XOR) is a function of Boolean algebra in which two bits are
- compared and a binary result is generated. XOR encryption is a very simple symmetric cipher
- that is used in many applications where security is not a defined requirement. Table 8-3 shows
- an XOR table with the results of all possible combinations of two bits.
- To see how XOR works, consider an example in which the plaintext is the word “CAT.”
- The ASCII binary representation of the plaintext is 01000011 01000001 01010100.
- First bit Second bit Result
- 0 0 0
- 0 1 1
- 1 0 1
- 1 1 0
- Table 8-3 XOR Table
- © Cengage Learning 2015
- 428 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- In order to encrypt the plaintext, a key value should be selected. In this case, the bit pattern
- for the letter “V” (01010110) is used, and is repeated for each character to be encrypted,
- written from left to right. Performing the XOR operation on the two bit streams (the plain-
- text and the key) produces the result shown in Table 8-4.
- The bottom row of Table 8-4, “Cipher,” is read from left to right and contains the bit stream
- that will be transmitted. When this cipher is received, it can be decrypted using the key value
- “V.” Note that the XOR encryption method is very simple to implement and equally simple
- to break. The XOR encryption method should not be used by itself when an organization is
- transmitting or storing sensitive data. Actual encryption algorithms used to protect data typi-
- cally use the XOR operator as part of a more complex encryption process.
- You can combine XOR with a block cipher to produce a simple but powerful operation.
- In the example that follows (again read from left to right), the first row shows a character
- message “5E5þ•” requiring encryption. The second row shows this message in binary
- notation. In order to apply an 8-bit block cipher method, the binary message is broken
- into 8-bit blocks in the row labeled “Message blocks.” The fourth row shows the 8-bit
- key (01010101) chosen for the encryption. To encrypt the message, you must perform the
- XOR operation on each 8-bit block by using the XOR function onthe message bit and the
- key bit to determine the bits of the ciphertext. The result is shown in the row labeled
- “Ciphertext.” This ciphertext can now be sent to a receiver, who will be able to decipher
- the message simply by knowing the algorithm (XOR) and the key (01010101).
- Message (text): “5E5þ•”
- Message (binary): 00110101 01000101 00110101 00101011 10010101
- Message blocks: 00110101 01000101 00110101 00101011 10010101
- Key: 01010101 01010101 01010101 01010101 01010101
- Ciphertext: 01100000 00010000 01100000 01111110 11000000
- If the receiver cannot apply the key to the ciphertext and derive the original message, either
- the cipher was applied with an incorrect key or the cryptosystem was not used correctly.
- Vernam Cipher
- Key Term
- Vernam cipher An encryption process that generates a random substitution matrix between
- letters and numbers that is used only one time. Also called a one-time pad.
- Text value Binary value
- CAT as bits 0 1 0 0 0 0 1 1 0 1 0 0 0 0 0 1 0 1 0 1 0 1 0 0
- VVV as key 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0
- Cipher 0 0 0 1 0 1 0 1 0 0 0 1 0 1 1 1 0 0 0 0 0 0 1 0
- Table 8-4 Example XOR Encryption
- © Cengage Learning 2015
- Cipher Methods 429
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- Also known as the one-time pad, the Vernam cipher, developed by Gilbert Vernam in 1917
- while working at AT&T Bell Labs, uses a set of characters only one time for each encryption
- process (hence the name one-time pad). The pad in the name comes from the days of manual
- encryption and decryption when the key values for each ciphering session were prepared by
- hand and bound into an easy-to-use form—a pad of paper. To perform the Vernam cipher
- encryption, the pad values are added to numeric values representing the plaintext that needs
- to be encrypted. Each character of the plaintext is turned into a number and a pad value for
- that position is added to it. The resulting sum for that character is then converted back to a
- ciphertext letter for transmission. If the sum of the two values exceeds 26, then 26 is sub-
- tracted from the total. The process of keeping a computed number within a specific range is
- called a modulo; thus, requiring that all numbers be in the range of 1–26 is referred to as
- modulo 26. In this process, a number larger than 26 has 26 sequentially subtracted from it
- until the number is in the proper range.
- To examine the Vernam cipher and its use of modulo, consider the following example, which
- uses “SACK GAUL SPARE NO ONE” as plaintext. In the first step of this encryption pro-
- cess, the letter “S” is converted into the number 19 because it is the nineteenth letter of the
- alphabet. The same conversion is applied to the rest of the letters of the plaintext message,
- as shown below.
- Plaintext: S A C K G A U L S P A R E N O O N E
- Plaintext value: 19 01 03 11 07 01 21 12 19 16 01 18 05 14 15 15 14 05
- One-time pad text: F P Q R N S B I E H T Z L A C D G J
- One-time pad value: 06 16 17 18 14 19 02 09 05 08 20 26 12 01 03 04 07 10
- Sum of plaintext & pad: 25 17 20 29 21 20 23 21 24 24 21 44 17 15 18 19 21 15
- After modulo subtraction: 03 18
- Ciphertext: Y Q T C U T W U X X U R Q O R S U O
- Rows three and four in this example show the one-time pad text that was chosen for this
- encryption and the one-time pad value, respectively. As you can see, the pad value, like
- the plaintext value, is derived from the position of each pad text letter in the alphabet.
- Thus, the pad text letter “F” is assigned the position number 06. This conversion process
- is repeated for the entire one-time pad text. Next, the plaintext value and the one-time
- pad value are added together—the first sum is 25. Because 25 is in the range of 1 to 26,
- no modulo 26 subtraction is required. The sum remains 25, and yields the ciphertext
- “Y,” as shown above. Skipping ahead to the fourth character of the plaintext, “K,” you
- find that its plaintext value is 11. The pad text is “R” and the pad value is 18. The sum
- of 11 and 18 is 29. Because 29 is larger than 26, 26 is subtracted from it, which yields
- the value 3. The ciphertext for this plaintext character is then the third letter of the
- alphabet, “C.”
- Decryption of any ciphertext generated from a one-time pad requires either knowledge of the
- pad values or the use of elaborate and very difficult cryptanalysis (or so the encrypting party
- hopes). Using the pad values and the ciphertext, the decryption process works as follows:
- “Y” becomes the number 25, from which you subtract the pad value for the first letter of
- the message, 06. This yields a value of 19, or the letter “S.” This pattern continues until the
- fourth letter of the ciphertext, where the ciphertext letter is “C” and the pad value is 18. Sub-
- tracting 18 from 3 yields negative 15. Because of modulo 26, which requires that all numbers
- are in the range of 1–26, you must add 26 to the negative 15. This operation yields a sum of
- 11, which means the fourth letter of the message is “K.”
- 430 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- For more information about Gilbert Vernam and his cryptography work, view the video
- “Encryption, Episode 2: The Vernam Cipher” by visiting http://techchannel.att.com/ and using
- the search box.
- Book-Based Ciphers
- Two related encryption methods made popular by spy movies involve using the text in a book
- as the key to decrypt a message. These methods are the book cipher and the running key cipher.
- A third method, the template cipher, is not really a cipher but is related to this discussion.
- Book Cipher In a book cipher, the ciphertext consists of a list of codes representing the
- page number, line number, and word number of the plaintext word. The algorithm is the
- mechanical process of looking up the references from the ciphertext and converting each ref-
- erence to a word by using the ciphertext’s value and the key (the book). For example, from
- a copy of a particular popular novel, one may send the message 259,19,8; 22,3,8; 375,7,4;
- 394,17,2. Although almost any book can be used, dictionaries and thesauruses are typically
- the most popular sources, as they are likely to contain almost any word that might be
- needed. The recipient of a running key cipher must first know which book is used—in this
- case, suppose it is the science fiction novel A Fire Upon the Deep, the 1992 TOR edition.
- To decrypt the ciphertext, the receiver acquires the book, turns to page 259, finds line 19,
- and selects the eighth word in that line (which is “sack”). Then the receiver turns to page
- 22, line 3, selects the eighth word again, and so forth. In this example, the resulting message
- is “SACK ISLAND SHARP PATH.” If a dictionary is used, the message consists only of the
- page number and the number of the word on the page. An even more sophisticated version
- might use multiple books, perhaps even in a particular sequence for each word or phrase.
- Running Key Cipher Similar in concept to the book cipher is the running key cipher,
- which uses a book for passing the key to a cipher that is similar to the Vigenère cipher. The
- sender provides an encrypted message with a short sequence of numbers that indicate the
- page, line, and word number from a predetermined book to be used as the key or indicator
- block. Unlike the Vigenère cipher, if the key needs to be extended in a running key cipher,
- you don’t repeat the key. Instead, you continue the text from the indicator block. From this
- point, you follow the same basic method as the Vigenère cipher, using the tabula recta to
- find the column based on the plaintext, and the row based on the key-indicator block letter.
- Reversing the processes deciphers the ciphertext, using the ciphertext letter and key. You sim-
- ply use the row or column corresponding to the key letter, find the ciphertext in the row or
- column of text, and then identify the letter on the opposing axis. The mirrored layout of the
- table simplifies the selection of rows or columns during encryption and decryption.
- Template Cipher The template cipher or perforated page cipher is not strictly an
- encryption cipher, but more of an example of steganography. The template cipher involves
- the use of a hidden message in a book, letter, or other message. The receiver must use a
- page with a specific number of holes cut into it and place it over the book page or letter to
- extract the hidden message. Commonly shown in movies where an inmate sends coded mes-
- sages from prison, this cipher is both difficult to execute and easy to detect, provided either
- party is physically searched. The presence of the perforated page is a clear indicator that
- some form of hidden message communication is occurring. A much simpler method would
- Cipher Methods 431
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- be to employ a variation of acrostics, where the first letter of each line of a message (or
- every nth letter) would spell out a hidden message.
- Hash Functions
- Key Terms
- hash algorithms Public functions that create a hash value, also known as a message digest, by
- converting variable-length messages into a single fixed-length value.
- hash functions Mathematical algorithms that generate a message summary or digest
- (sometimes called a fingerprint) to confirm message identity and integrity.
- hash value See message digest.
- message authentication code (MAC) A key-dependent, one-way hash function that allows
- only specific recipients (symmetric key holders) to access the message digest.
- message digest A value representing the application of a hash algorithm on a message that is
- transmitted with the message so it can be compared with the recipient’s locally calculated hash
- of the same message. If both hashes are identical after transmission, the message has arrived
- without modification. Also known as a hash value.
- Secure Hash Standard (SHS) A standard issued by the National Institute of Standards and
- Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed
- representation of a message or data file.
- In addition to ciphers, another important encryption technique that is often incorporated into
- cryptosystems is the hash function. Hash functions are mathematical algorithms used to con-
- firm the identity of a specific message and confirm that the content has not been changed.
- While they do not create ciphertext, hash functions confirm message identity and integrity,
- both of which are critical functions in e-commerce.
- Hash algorithms are used to create a hash value, also known as a message digest, by convert-
- ing variable-length messages into a single fixed-length value. The message digest is a finger-
- print of the author’s message that is compared with the recipient’s locally calculated hash of
- the same message. If both hashes are identical after transmission, the message has arrived
- without modification. Hash functions are considered one-way operations in that the same
- message always provides the same hash value, but the hash value itself cannot be used to
- determine the contents of the message.
- Hashing functions do not require the use of keys, but it is possible to attach a message authen-
- tication code (MAC) to allow only specific recipients to access the message digest. Because
- hash functions are one-way, they are used in password verification systems to confirm the iden-
- tity of the user. In such systems, the hash value, or message digest, is calculated based on the
- originally issued password, and this message digest is stored for later comparison. When the
- user logs on for the next session, the system calculates a hash value based on the user’s pass-
- word input, and this value is compared against the stored value to confirm identity.
- The Secure Hash Standard (SHS) is issued by the National Institute of Standards and
- Technology (NIST). Standard document FIPS 180-4 specifies SHA-1 (Secure Hash Algorithm 1)
- as a secure algorithm for computing a condensed representation of a message or data file.
- SHA-1 produces a 160-bit message digest, which can be used as an input to a digital signature
- algorithm. SHA-1 is based on principles modeled after MD4, which is part of the MDx family
- 432 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- of hash algorithms created by Ronald Rivest. New hash algorithms, SHA-256, SHA-384, and
- SHA-512, have been proposed by NIST as standards for 128, 192, and 256 bits, respectively.
- The number of bits used in the hash algorithm is a measurement of the algorithm’s strength
- against collision attacks. SHA-256 is essentially a 256-bit block cipher algorithm that creates
- a key by encrypting the intermediate hash value, with the message block functioning as the
- key. The compression function operates on each 512-bit message block and a 256-bit interme-
- diate message digest. 2 As shown in Figure 8-4, free tools are available that can calculate hash
- values using a number of popular algorithms.
- For more information on the Secure Hash Standard, read FIPS 180-4 at http://csrc.nist.gov
- /publications/PubsFIPS.html.
- A recently developed attack method called rainbow cracking has generated concern about the
- strength of the processes used for password hashing. In general, if attackers gain access to a
- file of hashed passwords, they can use a combination of brute force and dictionary attacks to
- reveal user passwords. Passwords that are dictionary words or poorly constructed can be eas-
- ily cracked. Well-constructed passwords take a long time to crack even using the fastest com-
- puters, but by using a rainbow table—a database of precomputed hashes from sequentially
- calculated passwords, as described in Chapter 2—the rainbow cracker simply looks up the
- hashed password and reads out the text version. No brute force is required. This type of
- attack is more properly classified as a time-memory trade-off attack.
- To defend against such an attack, you must first protect the file of hashed passwords and
- implement strict limits on the number of attempts allowed per login session. You can also
- use an approach called password hash salting. Salting is the process of providing a random
- piece of data to the hashing function when the hash is first calculated. The use of the salt
- Figure 8-4 Various hash values
- Source: SlavaSoft HashCalc.
- Cipher Methods 433
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- value creates a different hash; when a large set of salt values are used, rainbow cracking fails
- because the time-memory trade-off is no longer in the attacker’s favor. The salt value is not
- kept a secret: It is stored along with the account identifier so that the hash value can be rec-
- reated during authentication. 3 Additional techniques include key stretching and key strength-
- ening. Key stretching involves repeating the hashing algorithm up to several thousand times
- to continuously inject the password, salt value, and interim hash results back into the pro-
- cess. Key strengthening extends the key with the salt value, but then deletes the salt value.
- Cryptographic Algorithms
- In general, cryptographic algorithms are often grouped into two broad categories—symmetric
- and asymmetric—but in practice, today’s popular cryptosystems use a combination of both
- algorithms. Symmetric and asymmetric algorithms are distinguished by the types of keys they
- use for encryption and decryption operations.
- Cryptographic Notation
- The notation used to represent the encryption process varies, depending on its
- source. The notation in this text uses the letter M to represent the original mes-
- sage, C to represent the ending ciphertext, E to represent the enciphering or
- encryption process, D to represent the decryption or deciphering process, and K to
- represent the key. This notation can be used as follows:
- ●
- E(M) ¼ C: encryption (E) is applied to a message (M) to create ciphertext (C).
- ●
- D[C] ¼ D[E(M)] ¼ M: by decrypting (D) an encrypted message [E(M)], you get
- the original message (M).
- ●
- E(M,K) ¼ C: encrypting (E) the message (M) with the key (K) results in the
- ciphertext (C). If more than one key (K) is used in a multiple-round encryp-
- tion, the keys are numbered K1, K2, and so on.
- ●
- D(C,K) ¼ D[E(M,K),K] ¼ M; that is, decrypting the ciphertext with key K results
- in the original plaintext message.
- To encrypt a plaintext set of data, you can use one of two methods: bit stream
- and block cipher. In the bit stream method, each bit is transformed into a cipher bit,
- one after the other. In the block cipher method, the message is divided into blocks—
- for example, 8-, 16-, 32-, or 64-bit blocks—and then each is transformed using the
- algorithm and key. Bit stream methods most commonly use algorithm functions like
- XOR, whereas block methods can use XOR, transposition, or substitution.
- TECHNICAL DETAILS
- 434 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- Symmetric Encryption
- Key Terms
- Advanced Encryption Standard (AES) The current federal standard for the encryption of data,
- as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent
- Rijmen and Joan Daemen.
- private-key encryption or symmetric encryption An encryption method that incorporates
- mathematical operations involving the same secret key both to encipher and decipher the message.
- secret key A key that can be used in symmetric encryption both to encipher and decipher the
- message.
- Encryption methodologies that require the same secret key to encipher and decipher the mes-
- sage are performing private-key encryption or symmetric encryption. Symmetric encryption
- methods use mathematical operations that can be programmed into extremely fast computing
- algorithms so that encryption and decryption are executed quickly, even by small computers.
- As you can see in Figure 8-5, one of the challenges is that both the sender and the recipient
- must have the secret key. Also, if either copy of the key falls into the wrong hands, messages
- can be decrypted by others and the sender and intended receiver may not know a message
- was intercepted. The primary challenge of symmetric key encryption is getting the key to the
- receiver, a process that must be conducted out of band to avoid interception. In other words,
- the process must use a channel or band other than the one carrying the ciphertext.
- There are a number of popular symmetric encryption cryptosystems. One of the most widely
- known is the Data Encryption Standard (DES); it was developed by IBM and is based on the
- company’s Lucifer algorithm, which uses a key length of 128 bits. As implemented, DES uses
- a 64-bit block size and a 56-bit key. DES was adopted by NIST in 1976 as a federal standard
- Rachel at ABC Corp. generates a secret key. She must somehow
- get it to Alex at XYZ Corp. out of band. Once Alex has it, Rachel can
- use it to encrypt messages, and Alex can use it to decrypt and read them.
- Private
- courier
- The deal
- is a “go.”
- 2LW0^M
- $AC6>1!
- The deal
- is a “go.”
- Secret key A
- encrypts message
- The corresponding
- ciphertext is transmitted
- Secret key A
- decrypts message
- Figure 8-5 Example of symmetric encryption
- © Cengage Learning 2015
- Cryptographic Algorithms 435
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- for encryption of nonclassified information, after which it became widely employed in com-
- mercial applications. DES enjoyed increasing popularity for almost 20 years until 1997,
- when users realized that a 56-bit key size did not provide acceptable levels of security. In
- 1998, a group called the Electronic Frontier Foundation (www.eff.org) used a specially
- designed computer to break a DES key in just over 56 hours. Since then, it has been theo-
- rized that a dedicated attack supported by the proper hardware (not necessarily a specialized
- computer) could break a DES key in less than a day.
- Triple DES (3DES) was created to provide a level of security far beyond that of DES. 3DES was
- an advanced application of DES, and while it did deliver on its promise of encryption strength
- beyond DES, it soon proved too weak to survive indefinitely—especially as computing power
- continued to double every 18 months. Within just a few years, 3DES needed to be replaced.
- The successor to 3DES is the Advanced Encryption Standard (AES). AES is a federal informa-
- tion processing standard (FIPS) that specifies a cryptographic algorithm used within the U.S.
- government to protect information in federal agencies that are not part of the national defense
- Triple DES (3DES)
- 3DES was designed to surpass the security provided by standard DES. (In between,
- there was a 2DES; however, it was statistically shown not to provide significantly
- stronger security than DES.) 3DES uses three 64-bit keys for an overall key length
- of 192 bits. 3DES encryption is the same as that of standard DES, repeated three
- times. 3DES can be employed using two or three keys and a combination of
- encryption or decryption for additional security. The most common implementa-
- tions involve encrypting and/or decrypting with two or three different keys, as
- described in the following steps. 3DES employs 48 rounds in its encryption compu-
- tation, generating ciphers that are approximately 256 times stronger than stan-
- dard DES ciphers but that require only three times longer to process. One example
- of 3DES encryption is as follows:
- 1. In the first operation, 3DES encrypts the message with key 1, decrypts it with
- key 2, and then encrypts it again with key 1. In cryptographic notation, this is
- [E{D[E(M,K1)],K2},K1]. Decrypting with a different key is essentially another encryp-
- tion, but it reverses the application of the traditional encryption operations.
- 2. In the second operation, 3DES encrypts the message with key 1, encrypts
- it again with key 2, and then encrypts it a third time with key 1 again, or
- [E{E[E(M,K1)],K2},K1].
- 3. In the third operation, 3DES encrypts the message three times with three different
- keys: [E{E[E(M,K1)],K2},K3]. This is the most secure level of encryption possible with
- 3DES.
- TECHNICAL DETAILS
- 436 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- infrastructure. (Agencies that are considered a part of national defense use more secure methods
- of encryption, which are provided by the National Security Agency.) The requirements for AES
- stipulate that the algorithm should be unclassified, publicly disclosed, and available royalty-free
- worldwide. AES was developed to replace both DES and 3DES. While 3DES remains an
- approved algorithm for some uses, its expected useful life is limited. Historically, crypto-
- graphic standards approved by FIPS have been adopted on a voluntary basis by organizations
- outside government entities. The AES selection process involved cooperation between the U.S.
- government, private industry, and academia from around the world. AES was approved by
- the Secretary of Commerce as the official federal governmental standard on May 26, 2002.
- AES implements a block cipher called the Rijndael Block Cipher with a variable block length
- and a key length of 128, 192, or 256 bits. Experts estimate that the special computer used by
- the Electronic Frontier Foundation to crack DES within a couple of days would require
- approximately 4,698,864 quintillion years (4,698,864,000,000,000,000,000) to crack AES.
- To learn more about AES, see the nearby Technical Details feature.
- For more information on the Advanced Encryption Standard, read FIPS 197 at http://csrc.nist.gov
- /publications/PubsFIPS.html.
- Asymmetric Encryption
- Key Terms
- asymmetric encryption An encryption method that incorporates mathematical operations
- involving both a public key and a private key to encipher or decipher a message. Either key
- can be used to encrypt a message, but then the other key is required to decrypt it.
- public-key encryption See asymmetric encryption.
- While symmetric encryption systems use a single key both to encrypt and decrypt a message,
- asymmetric encryption uses two different but related keys. Either key can be used to encrypt or
- decrypt the message. However, if key A is used to encrypt the message, only key B can decrypt it;
- if key B is used to encrypt a message, only key A can decrypt it. Asymmetric encryption can be
- used to provide elegant solutions to problems of secrecy and verification. This technique has its
- greatest value when one key is used as a private key, which means it is kept secret (much like
- the key in symmetric encryption) and is known only to the owner of the key pair. The other
- key serves as a public key, which means it is stored in a public location where anyone can use
- it. For this reason, the more common name for asymmetric encryption is public-key encryption.
- Consider the following example, as illustrated in Figure 8-6. Alex at XYZ Corporation wants
- to send an encrypted message to Rachel at ABC Corporation. Alex goes to a public-key regis-
- try and obtains Rachel’s public key. Remember that the foundation of asymmetric encryption
- is that the same key cannot be used both to encrypt and decrypt the same message. So, when
- Rachel’s public key is used to encrypt the message, only her private key can be used to decrypt
- the message; that private key is held by Rachel alone. Similarly, if Rachel wants to respond to
- Alex’s message, she goes to the registry where Alex’s public key is held and uses it to encrypt
- her message, which of course can only be read by Alex’s private key. This approach, which
- keeps private keys secret and encourages the sharing of public keys in reliable directories, is an
- elegant solution to the key management problems of symmetric key applications.
- Cryptographic Algorithms 437
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- Advanced Encryption Standard (AES)
- Of the many ciphers that were submitted from around the world for consideration
- in the AES selection process, five finalists were chosen: MARS, RC6, Rijndael,
- Serpent, and Twofish. On October 2, 2000, NIST announced the selection of
- Rijndael; it was approved as the official U.S. standard 18 months later. The AES ver-
- sion of Rijndael can use a multiple round-based system. Depending on the key size,
- the number of rounds varies from 9 to 13: for a 128-bit key, nine rounds plus one
- end round are used; for a 192-bit key, 11 rounds plus one end round are used; and
- for a 256-bit key, 13 rounds plus one end round are used. Once Rijndael was
- adopted for the AES, the ability to use variable-sized blocks was standardized to a
- single 128-bit block for simplicity. The four steps within each Rijndael round are
- described as follows:
- 1. “The Byte Sub step. Each byte of the block is replaced by its substitute in an
- S-box (substitution box). [Author’s note: The calculation of the S-box values is
- beyond the scope of this text.]
- 2. The Shift Row step. Considering the block to be made up of bytes 1 to 16,
- these bytes are arranged in a rectangle and shifted as follows:
- from to
- 1 5 9 13 1 5 9 13
- 2 6 10 14 6 10 14 2
- 3 7 11 15 11 15 3 7
- 4 8 12 16 16 4 8 12
- Other shift tables are used for larger blocks.
- 3. The Mix Column step. Matrix multiplication is performed; each column is
- multiplied by the matrix:
- 2 3 1 1
- 1 2 3 1
- 1 1 2 3
- 3 1 1 2
- 4. The Add Round Key step. This simply XORs in the subkey for the current round.
- The extra final round omits the Mix Column step, but is otherwise the same as a
- regular round.” 4
- TECHNICAL DETAILS
- 438 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- Asymmetric algorithms are one-way functions, meaning they are simple to compute in one
- direction, but complex to compute in the opposite direction. This is the foundation of
- public-key encryption. It is based on a hash value, which is calculated from an input number
- using a hashing algorithm, as you learned earlier in this chapter. This hash value is essentially
- a summary of the original input values. It is virtually impossible to derive the original values
- without knowing how they were used to create the hash value. For example, if you multiply
- 45 by 235, you get 10,575. This is simple enough. But if you are simply given the number
- 10,575, can you determine which two numbers were multiplied to produce it?
- Now assume that each multiplier is 200 digits long and prime. The resulting multiplicative prod-
- uct would be up to 400 digits long. Imagine the time you’d need to factor out those numbers.
- There is a shortcut, however. In mathematics, it is known as a trapdoor (which is different
- from the software trapdoor). A mathematical trapdoor is a “secret mechanism that enables you
- to easily accomplish the reverse function in a one-way function.” 5 With a trapdoor, you can use
- a key to encrypt or decrypt the ciphertext, but not both, thus requiring two keys. The public key
- becomes the true key, and the private key is derived from the public key using the trapdoor.
- One of the most popular public-key cryptosystems is RSA, whose name is derived from
- Rivest-Shamir-Adleman, the algorithm’s developers. The RSA algorithm was the first public-
- key encryption algorithm developed (in 1977) and published for commercial use. It is very
- popular and has been embedded in both Microsoft and Netscape Web browsers to provide
- security for e-commerce applications. The patented RSA algorithm has become the de facto
- standard for public-use encryption applications.
- For more information on how the RSA algorithm works, read RFC 3447, “Public-Key Cryptography
- Standards (PKCS) #1: RSA Cryptography Specifications,” Version 2.1, which is available from www
- .rfc-editor.org/rfc/rfc3447.txt.
- Public ke
- repository
- y
- Alex at XYZ Corp. wants to send a message to Rachel at ABC Corp. Rachel
- stores her public key where it can be accessed by anyone. Alex retrieves Rachel’s
- key and uses it to create ciphertext that can be decrypted only by Rachel’s private key,
- which only she has. To respond, Rachel gets Alex’s public key to encrypt her message.
- Sounds
- great!
- Thanks.
- LLQ03&
- M1MQY
- >_WU#
- Sounds
- great!
- Thanks.
- Private key B
- decrypts message
- Corresponding
- ciphertext is transmitted
- Public key B
- encrypts message
- Figure 8-6 Example of asymmetric encryption
- © Cengage Learning 2015
- Cryptographic Algorithms 439
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- The problem with asymmetric encryption, as shown earlier in Figure 8-6, is that holding a
- single conversation between two parties requires four keys. Moreover, if four organizations
- want to exchange communications, each party must manage its private key and four public
- keys. In such scenarios, determining which public key is needed to encrypt a particular mes-
- sage can become a rather confusing problem, and with more organizations in the loop, the
- problem expands. This is why asymmetric encryption is sometimes regarded by experts as
- inefficient. Compared with symmetric encryption, asymmetric encryption is also not as effi-
- cient in terms of CPU computations. Consequently, hybrid systems, such as those described
- later in this chapter in the “public key infrastructure (PKI)” section, are more commonly
- used than pure asymmetric systems.
- The RSA organization is now a division of EMC Corporation. For information about the annual
- RSA security conference, see www.rsaconference.com. You can also visit the home pages of
- RSA’s developers. For example, Ronald L. Rivest’s home page is at http://people.csail.mit.edu
- /rivest/. Adi Shamir’s home page is at www.wisdom.weizmann.ac.il/math/profile/scientists
- /shamir-profile.html. Len Adleman’s home page is at www.usc.edu/dept/molecular-science/fm
- -adleman.htm.
- Encryption Key Size
- When deploying ciphers, it is important for users to decide on the size of the cryptovariable
- or key, because the strength of many encryption applications and cryptosystems is measured
- by key size. How exactly does key size affect the strength of an algorithm? Typically, the
- length of the key increases the number of random guesses that have to be made in order to
- break the code. Creating a larger universe of possibilities increases the time required to
- make guesses, and thus a longer key directly influences the strength of the encryption.
- It may surprise you to learn that when it comes to cryptosystems, the security of encrypted
- data is not dependent on keeping the encrypting algorithm secret. In fact, algorithms should
- be published and often are, to enable research to uncover their weaknesses. The security of
- any cryptosystem depends on keeping some or all elements of the cryptovariable(s) or key(s)
- secret, and effective security is maintained by manipulating the size (bit length) of the keys
- and following proper procedures and policies for key management.
- For a simple example of how key size is related to encryption strength, suppose you have an
- algorithm that uses a three-bit key. You may recall from earlier in the chapter that keyspace is
- the range from which the key can be drawn. Also, you may recall that in binary notation, three
- bits can be used to represent values from 000 to 111, which correspond to the numbers 0 to 7
- in decimal notation and thus provide a keyspace of eight keys. This means an algorithm that
- uses a three-bit key has eight possible keys; the numbers 0 to 7 in binary are 000, 001, 010,
- 011, 100, 101, 110, and 111. If you know how many keys you have to choose from, you can
- program a computer to try all the keys in an attempt to crack the encrypted message.
- The preceding statement makes a few assumptions:(1) you know the algorithm, (2) you have the
- encrypted message, and (3) you have time on your hands. It is easy to satisfy the first criterion.
- The encryption tools that use DES can be purchased over the counter. Many of these tools are
- based on encryption algorithms that are standards, as is DES itself, and therefore it is relatively
- easy to get a cryptosystem based on DES that enables you to decrypt an encrypted message if
- you possess the key. The second criterion requires the interception of an encrypted message,
- which is illegal but not impossible. As for the third criterion, the task required is a brute force
- 440 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- attack, in which a computer randomly or sequentially selects possible keys of the known size and
- applies them to the encrypted text or a piece of the encrypted text. If the result is plaintext—
- bingo! But, as indicated earlier in this chapter, it can take quite a long time to exert brute force
- on more advanced cryptosystems. In fact, the strength of an algorithm is determined by how
- long it takes to guess the key.
- When it comes to keys, how big is big? At the beginning of this section, you learned that a
- three-bit system has eight possible keys. An eight-bit system has 256 possible keys. If you
- use a 24-bit key, which is puny by modern standards, you have almost 16.8 million possible
- keys. Even so, a modern PC, such as the one described in Table 8-5, could discover this key
- in mere seconds. But, as the table shows, the amount of time needed to crack a cipher by
- guessing its key grows exponentially with each additional bit.
- One thing to keep in mind is that even though the estimated time to crack grows rapidly with
- respect to the number of bits in the encryption key and the odds of cracking seem
- It is estimated that to crack an encryption key using a brute force attack, a computer needs to
- perform a maximum of 2^k operations (2 k guesses), where k is the number of bits in the key.
- In reality, the average estimated time to crack is half that time.
- Using an average 2013-era Intel i7 PC (3770K) chip performing 109,924 Dhrystone MIPS
- (million instructions per second) at 3.9 GHz:
- Key length
- (bits)
- Maximum number of
- operations (guesses) Maximum time to crack
- Estimated average
- time to crack
- 16 65,636 0.00000061 seconds 0.00000031 seconds
- 24 16,777,216 0.00016 seconds 0.00008 seconds
- 32 4,294,967,296 0.04 seconds 0.02 seconds
- 56 72,057,594,037,927,900 7.8 days 3.9 days
- 64 18,446,744,073,709,600,000 5.48 years 2.74 years
- 128 3.40Eþ38 101,123,123,702,077,
- 000,000 years
- 50,561,561,851,038,
- 500,000 years
- 256 1.16Eþ77 34,410,426,468,960,
- 700,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000 years
- 17,205,213,234,480,300,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000 years
- 512 1.34Eþ154 3,984,515,321,402,380,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000 years
- 1,992,257,660,701,190,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000,000,000,000,000,
- 000 years
- Table 8-5 Encryption Key Power
- © Cengage Learning 2015
- Cryptographic Algorithms 441
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- insurmountable at first glance, Table 8-5 doesn’t account for the fact that high-end computing
- power has increased and continues to be more accessible. Therefore, even the once-standard
- 56-bit encryption can’t stand up anymore to brute force attacks by personal computers, espe-
- cially if multiple computers are used together to crack these keys. Each additional computer
- reduces the amount of time needed. Two computers can divide the keyspace—the entire set
- of possible combinations of bits that can be the cryptovariable or key—and crack the key in
- approximately half the time, and so on. Thus, 285 computers can crack a 56-bit key in one
- year; 10 times as many computers would do it in just over a month. This means people who
- have access to multiple systems or grid computing environments can radically speed up brute
- force key-breaking efforts. However, an even greater concern is the ease with which you can
- crack what appear to be uncrackable algorithms if you have the key. Key management (and
- password management) is the most critical aspect of any cryptosystem in protecting encrypted
- information, and is even more important in many cases than key strength.
- Why, then, do encryption systems such as DES incorporate multiple elements or operations? Con-
- sider this: If you use the same operation (XOR, substitution, or transposition) multiple times, you
- gain no additional benefit. For example, if you use a substitution cipher and substitute B for A,
- then R for B, and then Q for R, it has the same effect as substituting Q for A. Similarly, if you
- transpose a character in position 1, then position 4, then position 3, you could more easily have
- transposed the character from position 1 to position 3. There is no net advantage for sequential
- operations unless each subsequent operation is different. Therefore, if you substitute, then trans-
- pose, then XOR, then substitute again, you have dramatically scrambled, substituted, and recoded
- the original plaintext with ciphertext, which you hope is unbreakable without the key.
- Cryptographic Tools
- The ability to conceal the contents of sensitive messages and verify the contents of messages
- and the identities of their senders can be important in all areas of business. To be useful,
- these cryptographic capabilities must be embodied in tools that allow IT and information
- security practitioners to apply the elements of cryptography in the everyday world of comput-
- ing. This section covers some of the widely used tools that bring the functions of cryptography
- to the world of information systems.
- Public Key Infrastructure (PKI)
- Key Terms
- certificate authority (CA) In PKI, a third party that manages users’ digital certificates.
- certificate revocation list (CRL) In PKI, a published list of revoked or terminated digital
- certificates.
- digital certificates Public-key container files that allow PKI system components and end users
- to validate a public key and identify its owner.
- public key infrastructure (PKI) An integrated system of software, encryption methodologies,
- protocols, legal agreements, and third-party services that enables users to communicate securely
- through the use of digital certificates.
- registration authority (RA) In PKI, a third party that operates under the trusted collaboration
- of the certificate authority and handles day-to-day certification functions.
- 442 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- Public key infrastructure (PKI) systems are based on public-key cryptosystems and include
- digital certificates and certificate authorities (CAs). Digital certificates allow the PKI compo-
- nents and their users to validate keys and identify key owners. (Digital certificates
- are explained in more detail later in this chapter.) PKI systems and their digital certificate reg-
- istries enable the protection of information assets by making verifiable digital certificates
- readily available to business applications. This, in turn, allows the applications to implement
- several key characteristics of information security and integrate these characteristics into the
- following business processes across an organization:
- ●
- Authentication: Individuals, organizations, and Web servers can validate the identity of
- each party in an Internet transaction.
- ●
- Integrity: Content signed by the certificate is known not to have been altered while in
- transit from host to host or server to client.
- ●
- Privacy: Information is protected from being intercepted during transmission.
- ●
- Authorization: The validated identity of users and programs can enable authorization
- rules that remain in place for the duration of a transaction; this reduces overhead and
- allows for more control of access privileges for specific transactions.
- ●
- Nonrepudiation: Customers or partners can be held accountable for transactions, such
- as online purchases, which they cannot later dispute.
- A typical PKI solution protects the transmission and reception of secure information by inte-
- grating the following components:
- ●
- A certificate authority (CA), which issues, manages, authenticates, signs, and revokes
- users’ digital certificates. These certificates typically contain the user name, public key,
- and other identifying information.
- ●
- A registration authority (RA), which handles certification functions such as verifying
- registration information, generating end-user keys, revoking certificates, and validating
- user certificates, in collaboration with the CA.
- ●
- Certificate directories, which are central locations for certificate storage that provide a
- single access point for administration and distribution.
- ●
- Management protocols, which organize and manage communications among CAs,
- RAs, and end users. This includes the functions and procedures for setting up new
- users, issuing keys, recovering keys, updating keys, revoking keys, and enabling the
- transfer of certificates and status information among the parties involved in the PKI’s
- area of authority.
- ●
- Policies and procedures, which assist an organization in the application and manage-
- ment of certificates, in the formalization of legal liabilities and limitations, and in
- actual business use.
- Common implementations of PKI include systems that issue digital certificates to users and
- servers, directory enrollment, key issuing systems, tools for managing key issuance, and veri-
- fication and return of certificates. These systems enable organizations to apply an enterprise-
- wide solution that allows users within the PKI’s area of authority to engage in authenticated
- and secure communications and transactions.
- The CA performs many housekeeping activities regarding the use of keys and certificates that
- are issued and used in its zone of authority. Each user authenticates himself or herself with
- Cryptographic Tools 443
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- the CA. The CA can issue new or replacement keys, track issued keys, provide a directory of
- public-key values for all known users, and perform other management activities. When a pri-
- vate key is compromised or the user loses the privilege of using keys in the area of authority,
- the CA can revoke the user’s keys. The CA periodically distributes a certificate revocation list
- (CRL) to all users. When important events occur, specific applications can make a real-time
- request to the CA to verify any user against the current CRL.
- The issuance of certificates and their keys by the CA enables secure, encrypted, nonrepudi-
- able e-business transactions. Some applications allow users to generate their own certificates
- and keys, but a key pair generated by the end user can only provide nonrepudiation, not reli-
- able encryption. A central system operated by a CA or RA can generate cryptographically
- strong keys that are considered independently trustworthy by all users, and can provide ser-
- vices for users such as private-key backup, key recovery, and key revocation.
- The strength of a cryptosystem relies on both the raw strength of its key’s complexity and the
- overall quality of its key management security. PKI solutions can provide several mechanisms
- for limiting access and possible exposure of the private keys. These mechanisms include pass-
- word protection, smart cards, hardware tokens, and other hardware-based key storage
- devices that are memory-capable, like flash memory or PC memory cards. PKI users should
- select the key security mechanisms that provide an appropriate level of key protection for
- their needs. Managing the security and integrity of the private keys used for nonrepudiation
- or the encryption of data files is critical to successfully using the encryption and nonrepudia-
- tion services within the PKI’s area of trust. 6
- For more information on public-key cryptography, read FIPS 191: “Entity Authentication Using
- Public Key Cryptography” at http://csrc.nist.gov/publications/PubsFIPS.html.
- Digital Signatures
- Key Terms
- Digital Signature Standard (DSS) The NIST standard for digital signature algorithm usage by
- federal information systems. DSS is based on a variant of the ElGamal signature scheme.
- digital signatures Encrypted message components that can be mathematically proven as
- authentic.
- nonrepudiation The process of reversing public-key encryption to verify that a message was
- sent by the sender and thus cannot be refuted.
- Digital signatures were created in response to the rising need to verify information trans-
- ferred via electronic systems. Asymmetric encryption processes are used to create digital
- signatures. When an asymmetric cryptographic process uses the sender’s private key to
- encrypt a message, the sender’s public key must be used to decrypt the message. When
- the decryption is successful, the process verifies that the message was sent by the sender
- and thus cannot be refuted. This process is known as nonrepudiation, and is the principle
- of cryptography that underpins the authentication mechanism collectively known as a dig-
- ital signature. Digital signatures, therefore, are encrypted messages that can be mathemati-
- cally proven as authentic.
- 444 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- 8
- The management of digital signatures is built into most Web browsers. For example, the
- digital signature management screen in Internet Explorer is shown in Figure 8-7. In gen-
- eral, digital signatures should be created using processes and products that are based on
- the Digital Signature Standard (DSS). When processes and products are certified as DSS
- compliant, they have been approved and endorsed by U.S. federal and state governments,
- Figure 8-7 Digital signature in Windows 7 Internet Explorer
- Source: Windows 7 Internet Explorer.
- Cryptographic Tools 445
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- as well as by many foreign governments, as a means of authenticating the author of an
- electronic document.
- DSS algorithms can be used in conjunction with the sender’s public and private keys, the
- receiver’s public key, and the Secure Hash Standard to quickly create messages that are
- both encrypted and nonrepudiable. This process first creates a message digest using the
- hash algorithm, which is then input into the digital signature algorithm along with a ran-
- dom number to generate the digital signature. The digital signature function also depends
- on the sender’s private key and other information provided by the CA. The resulting
- encrypted message contains the digital signature, which can be verified by the recipient
- using the sender’s public key.
- For more information on the Digital Signature Standard, read FIPS 186-4 at http://csrc.nist.gov
- /publications/PubsFIPS.html.
- Digital Certificates
- As you learned earlier in this chapter, a digital certificate is an electronic document or
- container file that contains a key value and identifying information about the entity that
- controls the key. The certificate is often issued and certified by a third party, usually a cer-
- tificate authority. A digital signature attached to the certificate’s container file certifies the
- file’s origin and integrity. This verification process often occurs when you download or
- update software via the Internet. For example, the window in Figure 8-8 shows that the
- downloaded files do come from the purported originating agency, Amazon.com, and thus
- can be trusted.
- Unlike digital signatures, which help authenticate the origin of a message, digital certificates
- authenticate the cryptographic key that is embedded in the certificate. When used properly,
- these certificates enable diligent users to verify the authenticity of any organization’s certifi-
- cates. This process is much like what happens when the Federal Deposit Insurance
- Corporation (FDIC) issues its logo to assure customers that a bank is authentic. Different
- client-server applications use different types of digital certificates to accomplish their assigned
- functions, as follows:
- ●
- The CA application suite issues and uses certificates (keys) that identify and establish a
- trust relationship with a CA to determine what additional certificates can be
- authenticated.
- ●
- Mail applications use Secure/Multipurpose Internet Mail Extension (S/MIME) certifi-
- cates for signing and encrypting e-mail as well as for signing forms.
- ●
- Development applications use object-signing certificates to identify signers of object-
- oriented code and scripts.
- ●
- Web servers and Web application servers use Secure Sockets Layer (SSL) certificates to
- authenticate servers via the SSL protocol in order to establish an encrypted SSL ses-
- sion. The SSL protocol is explained later in this chapter.
- ●
- Web clients use client SSL certificates to authenticate users, sign forms, and participate
- in single sign-on solutions via SSL.
- Two popular certificate types are created using Pretty Good Privacy (PGP) and applications
- that conform to International Telecommunication Union’s (ITU-T) X.509 version 3.
- 446 Chapter 8
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- Figure 8-8 Example digital certificate
- Source: Amazon.com.
- 8
- Cryptographic Tools 447
- Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
- Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
- The X.509 v3 certificate, whose structure is outlined in Table 8-6, is an ITU-T recommenda-
- tion that essentially defines a directory service that maintains a database of information (also
- known as a repository) about a group of users holding X.509 v3 certificates. These certifi-
- cates bind a distinguished name (DN), which uniquely identifies a certificate entity, to a
- user’s public key. The certificate is signed and placed in the directory by the CA for retrieval
- and verification by the user’s associated public key. The X.509 v3 standard’s recommenda-
- tion does not specify an encryption algorithm, although RSA, with its hashed digital signa-
- ture, is typically used.
- Hybrid Cryptography Systems
- Key Terms
- Diffie-Hellman key exchange A hybrid cryptosystem that facilitates exchanging private keys
- using public-key encryption.
- session keys Limited-use symmetric keys for temporary communications during an online
- session.
- X.509 v3 Certificate structure
- Version
- Certificate Serial Number
- ●
- Algorithm ID
- ●
- Algorithm ID
- ●
- Parameters
- Issuer Name
- ●
- Validity
- ●
- Not Before
- ●
- Not After
- Subject Name
- Subject Public-Key Information
- ●
- Public-Key Algorithm
- ●
- Parameters
- ●
- Subject Public Key
- Issuer Unique Identifier (Optional)
- Subject Unique Identifier (Optional)
- Extensions (Optional)
Add Comment
Please, Sign In to add comment