You are on page 1of 33

Cryptography: Securing the

Information Age

Source: www.aep.ie/product/ technical.html

Information Systems Research Center

October 17, 2002 Future Technology Briefing

Agenda
• Definitions
• Why cryptography is important?
• Available technologies
• Benefits & problems
• Future of cryptography
• Houston resources
Information Systems Research Center

October 17, 2002 Future Technology Briefing

Essential Terms
• Cryptography
• Encryption
Plain text  Cipher text
• Decryption
Cipher text  Plain text
• Cryptanalysis
• Cryptology Source: http://www.unmuseum.org/enigma.jpg

Information Systems Research Center

October 17, 2002 Future Technology Briefing

2002 Future Technology Briefing . Information Security for… • Defending against external/internal hackers • Defending against industrial espionage • Securing E-commerce • Securing bank accounts/electronic transfers • Securing intellectual property • Avoiding liability Information Systems Research Center October 17.

wireless) • Trend towards paperless society • Weak legal protection of email privacy Information Systems Research Center October 17. 2002 Future Technology Briefing . Threats to Information Security • Pervasiveness of email/networks • Online storage of sensitive information • Insecure technologies (e.g.

Types of Secret Writing Secret writing Steganography Cryptography Information Systems Research Center October 17. 2002 Future Technology Briefing .

August 3rd. Steganography • Steganography – covered writing – is an art of hiding information • Popular contemporary steganographic technologies hide New York Times.nytimes. 2002 Future Technology Briefing .jpg images Information Systems Research Center October 17.com/images/2001/10/30/science/sci_STEGO_011030_00. 2001 information in http://www.

cam.ac. Hiding information in pictures Image in which to hide  Image to hide within the  another image other image Information Systems Research Center http://www.uk/~fapp2/steganography/image_downgrading / October 17.cl. 2002 Future Technology Briefing .

2002 Future Technology Briefing .cam.uk/~fapp2/steganography/image_downgrading / October 17.ac. Retrieving information from pictures Image with other  Recreated image hidden within Information Systems Research Center http://www.cl.

Digital Watermarks Information Systems Research Center Source: http://www.digimarc.com October 17. 2002 Future Technology Briefing .

Types of Secret Writing Secret writing Steganography Cryptography Substitution Transposition Code Cipher Information Systems Research Center October 17. 2002 Future Technology Briefing .

Public Key Cryptography • Private (symmetric. secret) key – the same key used for encryption/decryption • Problem of key distribution • Public (asymmetric) key cryptography – a public key used for encryption and private key for decryption • Key distribution problem solved Information Systems Research Center October 17. 2002 Future Technology Briefing .

2002 Future Technology Briefing . Currently Available Crypto Algorithms (private key) • DES (Data Encryption Standard) and derivatives: double DES and triple DES • IDEA (International Data Encryption Standard) • Blowfish • RC5 (Rivest Cipher #5) • AES (Advance Encryption Standard) Information Systems Research Center October 17.

2002 Future Technology Briefing . Shamir. Currently Available Crypto Algorithms (public key) • RSA (Rivest. Adleman) • DH (Diffie-Hellman Key Agreement Algorithm) • ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm) • RPK (Raike Public Key) Information Systems Research Center October 17.

Currently Available Technologies PGP (Pretty Good Privacy) – a hybrid encryption technology – Message is encrypted using a private key algorithm (IDEA) – Key is then encrypted using a public key algorithm (RSA) – For file encryption. only IDEA algorithm is used – PGP is free for home use Information Systems Research Center October 17. 2002 Future Technology Briefing .

2002 Future Technology Briefing . Authentication and Digital Signatures • Preventing impostor attacks • Preventing content tampering • Preventing timing modification • Preventing repudiation By: • Encryption itself • Cryptographic checksum and hash Information Systems Research Center functions October 17.

Digital Signatures • Made by encrypting a message digest (cryptographic checksum) with the sender’s private key • Receiver decrypts with the sender’s public key (roles of private and public keys are flipped) Information Systems Research Center October 17. 2002 Future Technology Briefing .

PKI and CA • Digital signature does not confirm identity • Public Key Infrastructure provides a trusted third party’s confirmation of a sender’s identity • Certification Authority is a trusted third party that issues identity certificates Information Systems Research Center October 17. 2002 Future Technology Briefing .

2002 Future Technology Briefing . Problems with CAs and PKI • Who gave CA the authority to issue certificates? Who made it “trusted”? • What good are the certificates? • What if somebody digitally signed a binding contract in your name by hacking into your system? • How secure are CA’s practices? Can a malicious hacker add a public key to a CA’s directory? Information Systems Research Center October 17.

2002 Future Technology Briefing . Currently Available Technologies • MD4 and MD5 (Message Digest) • SHA-1 (Secure Hash Algorithm version 1) • DSA (The Digital Signature Algorithm) • ECDSA (Elliptic Curve DSA) • Kerberos • OPS (Open Profiling Standard) • VeriSign Digital IDs Information Systems Research Center October 17.

2002 Future Technology Briefing . JAVA and XML Cryptography • java. etc.security package includes classes used for authentication and digital signature • javax. different encryption for different recipients. Information Systems Research Center October 17.crypto package contains Java Cryptography Extension classes • XML makes it possible to encrypt or digitally sign parts of a message.

card number. and expiration date <?xml version='1.000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Bank of the Internet</Issuer> <Expiration>04/02</Expiration> </CreditCard> Information Systems Research Center </PaymentInfo> October 17.html/index. Information on John Smith showing his bank.com/developerworks/xml/library/s-xmlsec.html) . limit of $5.0'?> <PaymentInfo xmlns='http://example.ibm.org/paymentv2'> <Name>John Smith<Name/> <CreditCard Limit='5. 2002 Future Technology Briefing (Source: http://www-106.000. XML Crypto Document Listing 1.

0'?> <PaymentInfo xmlns='http://example.com/developerworks/xml/library/s-xmlsec. XML Crypto document Listing 2.html/index.org/paymentv2'> <Name>John Smith<Name/> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.org/2001/04/xmlenc#'> <CipherData><CipherValue>A23B45C56</CipherValue></CipherData> </EncryptedData> </PaymentInfo> Information Systems Research Center (Source: http://www-106.w3.ibm.html) October 17. 2002 Future Technology Briefing . Encrypted document where all but name is encrypted <?xml version='1.

edu/~hos/h398/matrix. 2002 Future Technology Briefing .princeton. Benefits of Cryptographic Technologies • Data secrecy • Data integrity • Authentication of message originator • Electronic certification and digital signature • Non-repudiation Source: http://www.jpg Information Systems Research Center October 17.

2002 Future Technology Briefing . Potential Problems with Cryptographic Technologies? • False sense of security if badly implemented • Government regulation of cryptographic technologies/export restrictions • Encryption prohibited in Source: http://www.jpg some countries Information Systems Research Center October 17.com/Mary%20Scots%20B.tudor-portraits.

RC5. RSA. 2002 Future Technology Briefing . resist complex attacks when properly implemented • distributed.757 days and 331.000 machine cracks 56 bit key DES code in 56 hours • IDEA. 2002 • A computer that breaks DES in 1 second will take 149 trillion years to break AES! • Algorithms are not theoretically unbreakable: Information Systems Research Center successful attacks in the future are possible October 17. How Secure are Today’s Technologies? • $250. etc.252 people) in July.net cracked 64 bit RC5 key (1.

– TEMPEST attacks.How Secure are Today’s Technologies? • Encryption does not guarantee security! • Many ways to beat a crypto system NOT dependent on cryptanalysis. – Unauthorized physical access to secret keys • Cryptography is only one element of comprehensive computer security Information Systems Research Center October 17. hackers. 2002 Future Technology Briefing . such as: – Viruses. etc. worms.

mit. The Future of Secret Writing Quantum cryptanalysis – A quantum computer can perform practically unlimited number of simultaneous computations – Factoring large integers is a natural application for a quantum computer (necessary to break RSA) Source: http://www. 2002 Future Technology Briefing .edu/quanta/5-qubit-molecule.jpg – Quantum cryptanalysis would render ALL modern cryptosystems instantly obsolete Information Systems Research Center October 17.media.

When will it happen? • 2004 – 10-qubit special purpose quantum computer available • 2006 – factoring attacks on RSA algorithm • 2010 through 2012 – intelligence agencies will have quantum computers • 2015 – large enterprises will have quantum computers Source: The Gartner Group Information Systems Research Center October 17. 2002 Future Technology Briefing .

What is to be done? The Gartner Group recommends: • Develop migration plans to stronger crypto by 2008 • Begin implementation in 2010 Information Systems Research Center October 17. 2002 Future Technology Briefing .

The Future of Secret Writing (continued) Quantum encryption – No need for a quantum computer – A key cannot be intercepted without altering its content – It is theoretically unbreakable – Central problem is transmitting a quantum message over a significant distance Source: http://qubit.gov/Images/OptLat.nist.jpg Information Systems Research Center October 17. 2002 Future Technology Briefing .

) Companies − EDS − RSA Security − Schlumberger − SANS Institute Information Systems Research Center October 17. WEP. Houston Resources University of Houston − Crypto courses − Ernst Leiss Rice University: Computer Science Dept − Crypto research and offers crypto training − Dan Wallach (security of WAP. 2002 Future Technology Briefing . etc.

2002 Future Technology Briefing . Your questions are welcome! Information Systems Research Center October 17.