Not Quite the Metric System: Symmetric and Asymmetric Key Systems


Cryptographic algorithms are broadly classified as either symmetric or asymmetric key systems.

Symmetric key cryptography

Symmetric key cryptography, also known as symmetric algorithm, secret key, single key, and private key), uses a single key to both encrypt and decrypt information. Two parties (Thomas and Richard) can exchange an encrypted message by using the following procedure in Lab 8-2:

Lab 8-2 Exchanging an Encrypted Message with Symmetric Key Cryptography

image from book
  1. The sender (Thomas) encrypts the plaintext message with a secret key known only to the intended recipient (Richard).

  2. The sender then transmits the encrypted message to the intended recipient.

  3. The recipient decrypts the message with the same secret key to obtain the plaintext message.

image from book

In order for an attacker (Harold) to read the message, he must guess the secret key (for example, a brute force attack) or intercept the secret key during the initial exchange.

The following are the main disadvantages of symmetric systems:

  • Distribution: Secure distribution of secret keys is absolutely required either through out-of-band methods or by using asymmetric systems.

  • Scalability: A different key is required for each pair of communicating parties.

  • Limited functionality: Symmetric systems can’t provide authentication or non-repudiation.

Of course, symmetric systems do have many advantages:

  • Speed: Symmetric systems are much faster than asymmetric systems.

  • Strength: Strength is gained when used with a large key.

  • Availability: Many algorithms are available.

Symmetric key algorithms include DES, Triple DES, Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), and RC5.

 Instant Answer   Symmetric key systems use a shared secret key.

Data Encryption Standard (DES)

In the early 1970s, the National Institute of Standards and Technology (NIST) solicited vendors to submit encryption algorithm proposals to be evaluated by the National Security Agency (NSA) in support of a national cryptographic standard. This new encryption standard was used for private-sector and Sensitive but Unclassified (SBU) government data. In 1974, IBM submitted a 128-bit algorithm originally known as Lucifer. After some modifications (the algorithm was shortened to 56 bits and the S-boxes were changed), the IBM proposal was endorsed by the NSA and formally adopted as the Data Encryption Standard. It was published in Federal Information Processing Standard (FIPS) PUB 46 in 1977 (updated and revised in 1988 as FIPS PUB 46-1) and American National Standards Institute (ANSI) X3.92 in 1981.

 Instant Answer   DES is a block cipher that uses a 56-bit key.

The DES algorithm is a symmetric (or private) key cipher consisting of an algorithm and a key. The algorithm is a 64-bit block cipher based on a 56-bit symmetric key. (It comprises 56 key bits + 8 parity bits . . . or think of it as 8 bytes with each byte containing 7 key bits and 1 parity bit.) During encryption, the original message (plaintext) is divided into 64-bit blocks. Operating on a single block at a time, each 64-bit plaintext block is split into two 32-bit blocks. Under control of the 56-bit key, 16 rounds of transpositions and substitutions are performed on each individual character to produce the resulting ciphertext output.

The four distinct modes of operation (the mode of operation defines how the plaintext/ciphertext blocks are processed) in DES are Electronic Code Book, Cipher Block Chaining, Cipher Feedback, and Output Feedback.

Electronic Code Book (ECB)

Electronic Code Book (ECB) mode is the native mode for DES operation and normally produces the highest throughput. It is best used for encrypting keys or small amounts of data. ECB mode operates on 64-bit blocks of plaintext independently and produces 64-bit blocks of ciphertext. One significant disadvantage of ECB is that the same plaintext, encrypted with the same key, will always produce the same ciphertext. If used for large amounts of data, it’s susceptible to Chosen Text Attacks (CTA) because certain patterns may be revealed.

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC) mode is the most common mode of DES operation. Like ECB mode, CBC mode operates on 64-bit blocks of plaintext to produce 64-bit blocks of ciphertext. However, in CBC mode, each block is XORed (see the sidebar “The XORcist” elsewhere in this chapter) with the ciphertext of the preceding block to create a dependency or chain, thereby producing a more random ciphertext result. The first block is encrypted with a random block known as the initialization vector (IV). One disadvantage of CBC mode is that errors propagate. However, this problem is limited to the block in which the error occurs and the block that immediately follows, after which the decryption will resynchronize.

image from book
The XORcist

The Exclusive Or (XOR) functionis a binary operation applied to two input bits: for example, a plaintext bit and a key bit. If the two bits are equal, the result is 0 (zero). If the two bits aren’t equal, the result is 1.

Open table as spreadsheet

Input A (Plaintext)

Input B (Key)

Output C (Ciphertext)

0

0

0

0

1

1

1

0

1

1

1

0

image from book

Cipher Feedback (CFB)

Cipher Feedback (CFB) mode is a stream cipher most often used to encrypt individual characters. In this mode, previously generated ciphertext is used as feedback for key generation in the next key stream. The resulting cipher-text is chained together, which causes errors to be multiplied throughout the encryption process.

Output Feedback (OFB)

Output Feedback (OFB) mode is also a stream cipher very similar to CFB. It is often used to encrypt satellite communications. In this mode, previous plain-text is used as feedback for key generation in the next key stream. The resulting ciphertext is not chained together; therefore, errors don’t spread throughout the encryption process.

 Instant Answer   The four modes of DES are ECB, CBC, CFB, and OFB. ECB and CBC are the most commonly used.

The original goal of the DES standard was to develop an encryption standard that would be viable for 10–15 years. Although DES far exceeded this goal, in 1999 the Electronic Frontier Foundation achieved the inevitable, breaking a DES key in only 23 hours.

Triple DES (3DES)

Triple DES (3DES) has effectively extended the life of the DES algorithm. In Triple DES implementations, a message is encrypted by using one key, encrypted by using a second key, and then again encrypted by using either the first key or a third key.

You say To-may-to, and I say To-mah-to: 3DES variations

The several variations of Triple DES (3DES) are as follows:

  • DES-EEE2 (Encrypt-Encrypt-Encrypt) using 1st key, 2nd key, 1st key

  • DES-EDE2 (Encrypt-Decrypt-Encrypt) using 1st key, 2nd key, 1st key

  • DES-EEE3 (Encrypt-Encrypt-Encrypt) using 1st key, 2nd key, 3rd key

  • DES-EDE3 (Encrypt-Decrypt-Encrypt) using 1st key, 2nd key, 3rd key

The basic function of Triple DES is sometimes explained like this: The message is encrypted using one key, decrypted using a second key, and again encrypted using the first key. The differences in syntax (and operation) are subtle but important: The second key (in an EDE implementation) doesn’t truly decrypt the original message because the output is still gibberish (ciphertext). This variation was developed for backwards compatibility with single DES cryptosystems. Also, you should understand that use of the first key twice (in EDE2 and EEE2) is one common implementation, but use of a third distinct key is also possible (in EDE3 and EEE3).

The use of three separate 56-bit encryption keys produces an effective key length of 168 bits. But Triple DES doesn’t just triple the work factor required to crack the DES algorithm. Because the attacker doesn’t know whether he successfully cracked even the first 56-bit key (pick a number between 0 and 72 quadrillion!) until all three keys are cracked and the correct plaintext is produced, the workforce is more like 256 x 256 x 256, or 72 quadrillion x 72 quadrillion x 72 quadrillion. (Don’t try this on a calculator; just trust us on this one.)

 Warning   Double DES wasn’t a significant improvement to DES. In fact, by using a meet-in-the-middle attack, it has been shown that the work factor required to crack Double DES is only slightly greater than for DES. For this reason, Double DES isn’t commonly used.

Using Triple DES would seem enough to protect even the most sensitive data for at least a few lifetimes, but a few problems exist with Triple DES. First, the performance cost is significant. Although Triple DES is faster than many other symmetric encryption algorithms, it’s still unacceptably slow and won’t work with many applications requiring high-speed throughput of large volumes of data.

Second, a weakness exists in the implementation that allows a cryptanalyst to reduce the effective key size to 108 bits in a brute force attack. Although a 108-bit key size still requires a significant amount of time to crack (theoretically several million millennia), it’s still a weakness.

Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is a block cipher that will eventually replace DES. In October 2000, NIST announced selection of the Rijndael Block Cipher to implement AES.

 Instant Answer   AES is based on the Rijndael Block Cipher.

Rijndael Block Cipher

The Rijndael Block Cipher, developed by Dr. Joan Daemen and Dr. Vincent Rijmen, has variable block and key lengths (128, 192, or 256 bits). It was designed to be simple, resistant to known attacks, and fast.

Twofish Algorithm

The Twofish Algorithm was a finalist in the AES selection process. It is a symmetric block cipher that operates on 128-bit (instead of 64-bit) blocks, employing 16 rounds with key lengths up to 256 bits.

IDEA Cipher

The International Data Encryption Algorithm (IDEA) cipher evolved from the Proposed Encryption Standard and the Improved Proposed Encryption Standard (IPES) originally developed in 1990. IDEA is a block cipher that operates on 64-bit plaintext blocks using a 128-bit key. IDEA performs eight rounds on 16-bit sub-blocks and can operate in four distinct modes similar to DES. The IDEA cipher provides stronger encryption than RC4 and Triple DES, but because it’s patented, it’s not widely used. It is, however, used in the Pretty Good Privacy (PGP) e-mail encryption system. For more on RC4, read the following section. For more on PGP, read “Pretty Good Privacy (PGP).”

RC5

RC5 (Rivest Cipher No. 5 [ as distinguished from Mambo No. 5]) is part of a series of symmetric algorithms developed by RSA Data Security. RC2 is a block mode cipher that encrypts 64-bit blocks of data by using a variable-length key. RC4 is a stream cipher (data is encrypted in real time) that uses a variable-length key (128 bits is standard). RC5 is similar to RC2 but includes a variable-length key (0 to 2048 bits), variable block size (32, 64, or 128 bits) and variable number of processing rounds (0 to 255).

Asymmetric key cryptography

Asymmetric key cryptography (also known as asymmetric algorithm, or public key) uses two separate keys: one key to encrypt and a different key to decrypt information. These keys are known as public and private key pairs. When two parties want to exchange an encrypted message by using asymmetric key cryptography, they follow these steps, as in Lab 8-3.

Lab 8-3 Exchanging an Encrypted Message with Asymmetric Key Cryptography

image from book
  1. The sender (Thomas) encrypts the plaintext message with the intended recipient’s (Richard) public key.

  2. This produces a ciphertext message that can then be transmitted to the intended recipient (Richard).

  3. The recipient (Richard) then decrypts the message with his private key, known only to him.

image from book

Only the private key can decrypt the message; thus, an attacker (Harold) possessing only the public key can’t decrypt the message. This also means that not even the original sender can decrypt the message. This use of an asymmetric key system is known as a secure message. A secure message guarantees the confidentiality of the message.

 Instant Answer   Asymmetric key systems use a public key and private key.

Secure Message Format uses the recipient’s private key to protect confidentiality.

If the sender wants to guarantee the authenticity of a message (or, more correctly, the authenticity of the sender), he can sign the message by using the procedure in Lab 8-4:

Lab 8-4 Signing a Message to Guarantee Authenticity

image from book
  1. The sender (Thomas) encrypts the plaintext message with his own private key.

  2. This produces a ciphertext message that can then be transmitted to the intended recipient (Richard).

  3. To verify that the message is in fact from the purported sender, the recipient (Richard) applies the sender’s (Thomas’s) public key (which is known to every Tom, Dick, and Harry).

image from book

Of course, an attacker can also verify the authenticity of the message. This use of an asymmetric key system is known as an open message format because only the authenticity, not the confidentiality, is guaranteed.

 Instant Answer   Open message format uses the sender’s private key to protect authenticity.

If the sender wants to guarantee both the confidentiality and authenticity of a message, he can do so by using the following procedure in Lab 8-5:

Lab 8-5 Guaranteeing Confidentiality and Authenticity of a Message

image from book
  1. The sender (Thomas) encrypts the message first with the intended recipient’s (Richard’s) public key and then with his own private key.

  2. This produces a ciphertext message that can then be transmitted to the intended recipient (Richard).

  3. The recipient (Richard) uses the sender’s (Thomas’s) public key to verify the authenticity of the message, and then uses his own private key to decrypt the message’s contents.

image from book

If an attacker intercepts the message, he can apply the sender’s public key but will then have an encrypted message that can’t be decrypted without the intended recipient’s private key. Thus, both confidentiality and authenticity are assured. This use of an asymmetric key system is known as a secure and signed message format.

 Instant Answer   A secure and signed message format uses the sender’s private key and the recipient’s public key to protect confidentiality and authenticity.

A public and a private key are mathematically related, but theoretically, the private key can’t be computed or derived from the public key. This property of asymmetric systems is based on the concept of a one-way function. A one-way function is a problem that’s easy to compute in one direction but not in the reverse direction. In asymmetric key systems, a trapdoor (private key) resolves the reverse operation of the one-way function.

Because of the complexity of asymmetric key systems, they are more commonly used for key management or digital signatures than for encryption of bulk information. Often, a hybrid system is employed, using an asymmetric system to securely distribute the secret keys of a symmetric key system that’s used to encrypt the data.

The main disadvantage of asymmetric systems is speed. Because of the types of algorithms that are used to achieve the one-way hash functions, very large keys are required. (A 128-bit symmetric key has the equivalent strength of a 2,304-bit asymmetric key.) This, in turn, requires more computational power, causing a significant loss of speed (up to 10,000 times slower than a comparable symmetric key system).

However, many significant advantages to asymmetric systems exist, including

  • Extended functionality: Asymmetric key systems can provide both confidentiality and authentication; symmetric systems can only provide confidentiality.

  • Scalability: This resolves key management issues associated with symmetric key systems.

Asymmetric key algorithms include RSA, Diffie-Hellman, El Gamal, Merkle-Hellman (Trapdoor) Knapsack, and Elliptic Curve.

RSA

In 1978, Drs. Ron Rivest, Adi Shamir, and Len Adleman published the RSA algorithm, which is a key transport algorithm based on the difficulty of factoring a number that is the product of two large prime numbers (typically 512 bits). Two users (Thomas and Richard) can securely transport symmetric keys by using RSA as follows in Lab 8-6:

Lab 8-6 Securely Transporting Symmetric Keys with RSA

image from book
  1. Thomas creates a symmetric key, encrypts it with Richard’s public key, and then transmits it to Richard.

  2. Richard decrypts the symmetric key by using his own private key.

image from book

 Instant Answer   RSA is an asymmetric key algorithm based on factoring prime numbers.

Diffie-Hellman Key Exchange

In 1976, Drs. Whitfield Diffie and Martin Hellman published a paper entitled “New Directions in Cryptography” detailing a new paradigm for secure key exchange based on discrete logarithms. Diffie-Hellman is described as a key agreement algorithm. Two users (Thomas and Richard) can exchange symmetric keys by using Diffie-Hellman as follows in Lab 8-7:

Lab 8-7 Exchanging Symmetric Keys with Diffie-Hellman

image from book
  1. Thomas and Richard obtain each other’s public keys.

  2. Thomas and Richard then combine their own private key with the public key of the other person, producing a symmetric key that’s known only to the two users involved in the exchange.

image from book

Diffie-Hellman key exchange is vulnerable to man-in-the-middle attacks in which an attacker (Harold) intercepts the public keys during the initial exchange and substitutes his own private key to create a session key that will decrypt the session. A separate authentication mechanism is necessary to protect against this type of attack, ensuring that the two parties communicating in the session are, in fact, the legitimate parties.

 Instant Answer   Diffie-Hellman is an asymmetric key algorithm based on discrete logarithms.

El Gamal

El Gamal is an unpatented, asymmetric key algorithm based on the discrete logarithm problem used in Diffie-Hellman. It extends the functionality of Diffie-Hellman to include encryption and digital signatures.

Merkle-Hellman (Trapdoor) Knapsack

The Merkle-Hellman (Trapdoor) Knapsack, published in 1978, employs a unique approach to asymmetric cryptography. It’s based on the problem of determining what items, in a set of items with fixed weights, can be added to in order to obtain a given total weight. Knapsack was broken in 1982.

 Instant Answer   Knapsack is an asymmetric key algorithm based on fixed weights.

Elliptic Curve (EC)

In 1985, Neal Koblitz and Victor Miller proposed a new model for asymmetric algorithms based on elliptic curves (EC). Elliptic curves are far more difficult to compute than conventional discrete logarithm problems or factoring prime numbers. (A 160-bit EC key is equivalent to a 1,024-bit RSA key.) The use of smaller keys means that EC is significantly faster than other asymmetric algorithms and many symmetric algorithms and can be widely implemented in various hardware applications including wireless devices and smart cards.

 Instant Answer   Elliptic Curve is more efficient than other asymmetric key systems and many symmetric key systems because it can use a smaller key.




CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net