Most serious security breaches are not done by people breaking codes or otherwise using high tech methods to find security holes; they are done by low tech methods like looking over someone's shoulder as they type their password. In fact many security breaches are inside jobs in which people who have access to information steal or modify it.

Everything in this class is based on the assumption that passwords and keys are secure, and this is not a valid assumption.

Cryptography
There are two basic categories of cryptography systems

• Symmetric key ciphers - the same key is used to encrypt and decrypt the message

  For many years the standard symmetric key system was DES. This is a block cipher. The key is 56 bits. The message is divided into 64 bit blocks, and then goes through a series of operations in which bits are permutated and then modified by portions of the key. This has the following strengths

  • It can be instantiated in hardware and thus performed very fast
  • Changing a single bit of the key will effect many bits in the encrypted message

  The initial DES algorithm was based on a 128 bit key, but NSA modified it so that it has a 56 bit key. Many people thought that this was because NSA, which had the most powerful computers in the world, could break it, but no one else could. Until recently, as far as was known to the public, DES can only be broken through brute force, in other words, try every possible key to decrypt the encrypted message and see if one of them results in apparently meaningful plaintext. Since there are 2⁵⁶ possible keys, this is difficult and time consuming, even with vast computing resources.

  When DES was first adopted as a standard in 1977, it not feasible to try to break it with brute force, but today, it is difficult, but not impossible. In 1998 the Electonic Frontier Foundation announced that they had broken it using a special purpose DES cracker machine. it took 3 days. They are now claiming that it is easily crackable.

  In response, NIST recommended that DES only be used for legacy systems. and they had a competition for a new encryption standard. The winner was AES, the Advanced Encryption Standard. This is also a block cipher, but it uses a 128 bit block, and supports key sizes of 128, 192, and 256 bits.

  Other modern ciphers include include:
  triple DES in which the message is encrypted three times using DES, with three different keys. Since there 2¹⁶⁸ possible keys, this is completely unbreakable, but takes three times as long to encrypt and decrypt.
  Blowfish fast, compact, simple, with a choice of key sizes as high as 448 bits based on a 64 bit block.

  Here is a good overview of Block Ciphers

  Another widely used symmetric key cipher is RC4 - a stream cipher. In a stream cipher, data are encoded one byte at a time. A key is input to a pseudo random number generator which produces a key stream of infinite length. Starting key can be either 40 or 128 bits. Stream ciphers are generally faster than block ciphers.

  The problem with Symmetric key ciphers is key distribution. Two strangers who want to communicate securely have no simple way to agree on a key without an eavesdropper being able to read it. The first published solution to this problem was the Diffie-Hellman key exchange procedure (1976)

• Public private key ciphers - There is a pair of keys (obviously there is a mathematical relationship between them), one of which is designated the public key and is known to the world (including the bad guys). Anyone can use the public key to encrypt a message, but it can only be decrypted with the private key, which is (hopefully) known only to the receiver of the message.

  The best known and most widely used public private key system is the RSA algorithm. Here is a link to a web site on the Mathematical guts of RSA

  Wikipedia has remarkably good high level overviews of many such technologies. Here is their material on RSA

  Public private key systems solve the problem of key distribution. If two strangers want to communicate securely, they simply exchange public keys. An eavesdropper can read the public keys, and can even encrypt messages to either party, but cannot decrypt the messages.

  Public-private key ciphers are not more secure than DES (security depends on key size), and they will not drive out symmetric key encryption because it is much more computationally intensive.

• Disclosure The bad guy can read your communications
• Traffic analysis Eavesdroppers can see who you are communicating with and how much traffic you are sending
• Masquerade insertion of messages into the network from a fraudulent source (includes fraudulent acks), pretending to be someone legitimate
• Content modification Modifying messages by arbitrarily adding content, deleting content, or changing contnt.
• Sequence and timing modification This includes delaying messages, changing the order of messages, or resending messages
• Denial of service - preventing users from communicating, Example: flooding a web site with bogus hits

  The last two do not involve bad guys, but reflect a lack of trust between the sender and the receiver

• Source repudiation The sender sends a message, and then later denies sending it or claims that the message that was sent was different.

  Example: Alice buys 100 shares of ABC stock through an on-line broker, and shortly afterwards, the stock of ABC tanks. Alice then denies sending the buy order.

• Destination repudiation The receiver denies receiving a message

  Example: Alice places a $100 bet with her on-line bookie on Bluenote in the Fourth race at Aquaduct. Bluenote wins the race and pays 10 to 1. The bookie denies receiving Alice's bet.

Authentication functions

The purpose of authentication is to prevent masquerade. When Bob receives a message which is supposed to be from Alice, how does he know that it was really sent by Alice and not someone pretending to be Alice.

If Alice and Bob have agreed on a private symmetric key. known only to the two of them, and Bob uses this key to decrypt the message, and the message seems to be English, this is reasonably good evidence that the message came from Alice. However, if that is not good enough, Alice can attach a Message Authentication Code (MAC) or a hash function to the message.

A Message authentication code is a public function of the message and a secret key that produces a fixed length value that serves as the authenticator (aka a cryptographic checksum)

MAC = C_k(M)

where M is the message, k is the key, and MAC is the fixed length value. These have the feature that it is impossible to derive the message from the MAC. A widely used MAC is the Data Authentication Algorithm (DAA), based on DES.

Hash function a public function that maps a message of any length to a fixed length hash value that serves as the authenticator. It does not use a key, so anyone can compute it

One widely used hash function is MD5 (message digest algorithm) which produces a 128 bit value Another is the Secure Hash Algorithm SHA-1 and its variants.

Here is a method of addressing masquerading, message modification, and source repudiation. It uses public-private encryption, symmetric key encryption, and a hash function. Alice wants to send a message to Bob.

1. Alice writes the message
2. She appends a time and date stamp
3. She calculates a hash function such as MD5 on this
4. She encrypts this hash function with her private key
5. She generates a random one time session key and uses this to encrypt the message using DES or a similar cipher.
6. She encrypts the one time session key with Bob's public key
7. She sends the message over the Internet.

1. Bob receives the message. He uses his private key to decrypt the one time session key
2. He uses the one time session key to decrypt the message.
3. He confirms the time and date. If Eve has delayed the message somehow, he will know this.
4. He calculates the hash function.
5. He uses Alice's public key to decrypt the hash value that Alice sent.
6. He compare the two values. If they are the same, Bob knows that the message came from Alice and not someone pretending to be Alice, and that Eve did not modify the message in any way, because if she did, the two hash values would be different.
7. If later, Alice denies sending the message or claims that the content was modified, Bob can show the original message and prove that it came from Alice at the specified time with the specified content.