Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
The Fatass and the Jackass

The Fatass and the Jackass

Ratings: (0)|Views: 407|Likes:
Published by Ben Dahl

More info:

Published by: Ben Dahl on Nov 11, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





1 |
Ben DahlCNS 378The Fatass and The Jackass:A Tale of Electronic Faux-PasWhile remaining politically neutral is one of the fundamental tenets of the educationalsystem, the Internet has permeated even this stereotypically geriatric arena. Technological issuesare the hot-button topics of this election, and are present regardless of political leaning. TheDemocrats use e-mail, the Republicans use e-mail, and the Independents use email; e-mail hasbecome as much a part of societal operation as face-to-face communication, postal mail, and thetelephone.The problem is that the information being stored and transmitted has not been protected,an issue found on almost every computer and network across the globe. Generally, this does notpresent a problem, but people began using free Yahoo! e-mail accounts to conduct officialgovernment business. While this is nothing short of offensive, it presents a picture perfectopportunity to investigate the applications of encryption in a formal setting.While e-mail is obviously a pressing issue as it relates to encryption, it is only a piece of a very larger puzzle. There are a number of options available for public-key encryption of e-mail: PGP, GPG, etc. As opposed to discussing these types of encryption, a more available,user-friendly method will be discussed. In order to investigate this issue, the program WinZipand the AES encryption standard will be discussed.WinZip is the industry leader in file compression software, and is responsible for theproliferation of the popular .zip file extension. More importantly, the software is available fordownload and includes all options during the trial period. The ease of acquisition and the
2 |
company's vast resources allowed WinZip to integrate a very important aspect into newerversions of the program, encryption based on Dr. Brian Gladman's AES encryption schema [1].WinZip encrypts these files using the U.S. Government's National Institute of Scienceand Technology (NIST) Advanced Encryption Standard (AES), and is FIPS-197 Certified [6].Additionally, WinZip supports AES encryption in both the 125-bit and 256-bit flavors. In orderto fully appreciate the significance of WinZip encryption, AES as an encryption scheme must beinvestigated.While the FIPS-197 Certification Document [4] proves an invaluable resource in regardsto the actual operation of AES, it describes concepts to an almost obtuse mathematical extent. Inlight of this, Wikipedia [2] was also used a reference because it presents a more digestibleperspective about the encryption. These sources provide the background for the followingparagraphs, and a wealth of additional information is provided by both resources.AES is a substitution-permutation network that operates in a finite field and focuses on afixed array of bytes called the "State." The cipher goes through a number of steps to encrypt theplain-text to cipher-text, and then reverses this process to decrypt the information. The AESencryption scheme has a number of steps that are described in the following paragraphs.The four primary steps of the AES encryption scheme are as follows: Key Expansion,Initial Round, Rounds, and Final Round. AES, like most other ciphers uses a key schedule tocreate the encryption key. In the case of AES, this Key Expansion step expands a short-key to aseries of round keys, which will be used later. During the Initial Round step, the AddRoundKeyoperation is performed, which derives a subkey from the key schedule and combines it with the"State."
3 |
The Rounds phase is next and is composed of a number of sub-phases: SubBytes,ShiftRows, MixColumns, and another AddRoundKey. The SubBytes step linearly replaces bytesbased on the lookup table. The ShiftRows operation transposes "State" rows by shifting themcyclically. Next, the MixColumns step mixes "State" columns to combine the four bytes.Finally, another AddRoundKey operation is performed as described above. The final phase of AES encryption is appropriately titled the Final Round, and utilizes all steps of the Rounds phaseexcept for MixColumns [2, 4].As previously discussed, AES is provided in two easy to digest flavors; the extremelypowerful 125-bit version and the more robust 256-bit version. The 256-bit AES encryptionscheme has not been broken and is certified for NSA "Top Secret" level government documents,but even the 128-bit version of the scheme is incredibly difficult to crack [2]. The developmentteam from AES described this in the original specifications document when they wrote,"Assuming that one could build a machine that could recover a DES key in a
(i.e., try 2
 keys per second), then it would take that machine approximately 149 thousand-billion (149trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed tobe less than 20 billion years old" [3]. Obviously, it is quite a tall order to brute-force crack eventhe lowest provided AES encryption option.WinZip uses the AES encryption scheme to make the content of encrypted filesinaccessible without the appropriate password. WinZip does this in a way the developersdescribe as, "AES-encrypted files are stored within the guidelines of the standard Zip file formatusing only a new 'extra data' field, a new compression method code, and a value in the CRC fielddependant on the encryption version. The basic Zip file format is otherwise unchanged" [6].Essentially, additional information is being added into the header and the CRC, but the .zip file

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->