Encryption Methods
|
|
The various types of encryption that are discussed in this section include stream and block ciphers, message digests, digital signatures, public key cryptography, and public key infrastructure (PKI). The listed types are often interrelated and interdependent. First is an examination of the mathematics involved in encryption.
Manipulation of the data to be encrypted boils down to transformation of the bits representing that data. Binary math involves core functions used to process ones and zeroes flowing through circuits called logic gates. A higher-level representation of these functions is also applicable in programming. These core functions include: AND, OR, XOR, NOT, NAND, NOR, and XNOR. An explanation of each can be found at: http://whatis.techtarget.com/definition/0,,sid9_gci213512,00.html.
Many encryption algorithms use XOR as an intermediate step. XOR is short for exclusive or, which identifies a certain type of binary operation with a truth table, as shown in Table 6.3. As each bit from A is combined with B, the result is "0" only if the bits in A and B are identical. Otherwise, the result is 1.
| A | B | A XOR B |
|---|---|---|
| 0 | 0 | 0 |
| 0 | 1 | 1 |
| 1 | 0 | 1 |
| 1 | 1 | 0 |
Exercise 6.02: Binary Math with XOR
 |
Let's look at an XOR operation and see how it might be used with a simple encryption algorithm. In the example, we will use the bits of the text "Binary" as the plaintext, and an initialization vector of the same bit length. These two values will be XOR'd. Our algorithm will not perform any other operations to produce our ciphertext.
The binary value for the word "Binary" is determined by looking up the hexadecimal (hex) values for each letter and then converting those values to their binary equivalents. If you do not have an ASCII reference handy, one can be found at: http://whpo.ucsd.edu/manuals/pdf/90_1/appendxf.pdf. The hex values for our word are shown in Table 6.4:
| Character | Hex Value |
|---|---|
| B | 42 |
| i | 69 |
| n | 6E |
| a | 61 |
| r | 72 |
| y | 79 |
Hex values can be easily converted to their binary equivalents using the Windows Calculator program. Click Start | Run, then type calc.exe in the Open text box and press Enter. This opens the calculator program. In the upper left portion of the calculator you should see a series of radio buttons labeled: Hex, Dec, Oct, and Bin. If you do not see these buttons, your calculator is in standard mode. You can change your calculator from standard to scientific mode by going to the View menu for the calculator and selecting the option Scientific. The calculator defaults to Dec (decimal notation) since that is what is normally used for math functions such as balancing a checkbook.
Select the Hex radio button and enter the hex value for the first letter, 42. Then click the Bin radio button and note that the data that was input changed to 1000010. Performing this operation for the rest of the hexadecimal values is shown in Table 6.5.
| Character | Hex Value | Bin Value |
|---|---|---|
| B | 42 | 1000010 |
| i | 69 | 1101001 |
| n | 6E | 1101110 |
| a | 61 | 1100001 |
| r | 72 | 1110010 |
| y | 79 | 1111001 |
Next, a value is needed to XOR the above data with. Let's use: 100101001101011010011001101001011110110111. Referencing Table 6.3 if needed, the XOR operation is performed. The results are seen in Table 6.6.
| Data Item | Binary |
|---|---|
| ASCII "Binary" | 100001011010011101110110000111100101111001 |
| Random value | 100101001101011010011001101001011110110111 |
| Ciphertext | 000100010111000111101111101110111011001110 |
The random value and the ciphertext can be sent to a friend, letting them know to XOR the two values to derive the plaintext. That operation is shown in Table 6.7.
| Data Item | Binary Representation |
|---|---|
| Ciphertext | 000100010111000111101111101110111011001110 |
| Random Value | 100101001101011010011001101001011110110111 |
| Result: | 100001011010011101110110000111100101111001 |
As can be seen in the result, we achieved the binary equivalent of our original word "Binary."
|
| Test Day Tip | Know the similarities, strengths, and weaknesses of the various encryption types. Simply recognizing the names and terms is not enough. You will be expected to know and understand the methods of encryption included in this section. |
Stream Ciphers
Stream ciphers are symmetric algorithms that operate on plaintext bit-by-bit. Stream cipher algorithms create a keystream that is combined with the plaintext to create the ciphertext. As with other ciphers, the processing of plaintext uses an XOR operation. The initial secret key is used in the algorithm to create the keystream, which can be performed separately from the input of the plaintext. In such cases, the stream cipher is called a synchronous cipher. Stream ciphers that use the plaintext in the process of creating the keystream or in processing portions of the plaintext are called self-synchronizing stream ciphers. RC4 is an example of a stream cipher. A well-designed stream cipher will produce a keystream that has very high entropy or randomness. In other words, ideally no matter how many bits of the keystream are tested, it should be very difficult if not impossible to predict the following bit's state (zero or one).
Stream ciphers are designed to be very fast (compared to block ciphers, which are discussed in the next section) and are often designed with embedded hardware applications in mind. Note that theoretically a block cipher with a block size of one would become a stream cipher by definition, so the differences are not absolute.
Block Ciphers
Block ciphers, sometimes also referred to as block mode ciphers, encrypt data in discrete chunks of a fixed size. Block ciphers are symmetric; they use the same secret key for encryption and decryption. Commonly, the block size will be 64 bits, but the ciphers may support blocks of any size, depending on the implementation. 128-bit block cipher implementations are becoming common.
Plaintext data comes in any possible length, and often that length is not perfectly divisible by the block size. In such cases, the last block is padded with data to create the needed fixed input for the cipher. Various methods for increasing the complexity of a block cipher exist. Importantly, block ciphers can operate on messages using methods that extend the basic cipher algorithm being used. These methods are called modes. A mode is not effective if its implementation reduces the strength of the base cipher algorithm. Modes are also less useful if they significantly decrease the efficiency of the cipher.
For the standard algorithm DES, four modes are defined:
-
Cipher Block Chaining (CBC)
-
Cipher Feedback (CFB)
-
Electronic Code Book (ECB)
-
Output Feedback (OFB)
The NIS document FIPS 81 defines these modes, as does the ANSI standard X3.016. An overview of each of these methods is outlined in the sections that follow.
For all of the modes listed, the strength of the encryption of the resulting ciphertext is equal to the strength of the encryption formula used and the strength of the key chosen. Some modes, however, are more or less efficient because of the ease or difficulty in parallelizing the encryption operation. Parallelizing refers to the ability to encrypt multiple blocks at once rather than performing the operations in a purely serial manner.
| Exam Warning | You are going to see lots of acronyms between now and test day, and you will see lots of these again on the test. Be sure and keep straight that the following are block cipher modes:
You will also want to have a firm grasp on how each mode operates. |
Cipher Block Chaining Mode
Cipher block chaining (CBC) mode, sometimes also referred to as block chaining cipher mode, uses data encrypted in one block as part of the input for the encryption of the following block. Specifically, each subsequent plaintext block is XOR'd with the previously enciphered block. To begin this process, an arbitrary block of data (usually random) is used as a seed. This seed is called an initialization vector. This process adds additional difficulty for attackers as the encryption of latter portions of encrypted data are dependent on former ones for decryption. To better visualize this process, examine Figure 6.2.
Figure 6.2: Diagram of Cipher Block Chaining
Where is the initialization vector (IV), P0 is the first block of plaintext, and E0 is the first generated block of ciphertext. Algorithm implementations you are likely to encounter that support CBC include DES and 3DES.
Cipher Feedback Mode
Using Cipher (CFB) Feedback Mode blocks of ciphertext are run through the encryption engine and then XOR'd with the following block of plaintext to create further ciphertext. Cipher Feedback mode could be engineered to utilize feedback input of less than a single data block. As with CBC, an IV is used as a seed for the first encrypted block. The XOR operation in this mode is what conceals the plaintext. There is a weakness in this mode because of the encrypt ×® XOR order. If two encrypted blocks are identical, the outputs from the following encryption operation are also identical. This can reveal plaintext patterns.
Figure 6.3 shows the flow of CFB.
Figure 6.3: Diagram of Cipher Feedback Mode
Electronic Code Book Mode
When using Electronic Code Book (ECB) mode, each plaintext block is simply run through the encryption process. This produces blocks of ciphertext that are independent of each other in relation to their position in the message. Any identical blocks of plaintext will produce identical ciphertext. This reveals patterns that can provide clues to the plaintext message. Therefore, ECB is more susceptible to known plaintext attacks than the other block cipher modes discussed. Similarly, ECB mode is susceptible to the manipulation of the message by repeating, deleting, or changing the order of the blocks if the message is intercepted, modified, and then forwarded to the recipient.
Figure 6.4: Diagram of Electronic Code Book Mode
Output Feedback Mode
This mode varies from CFB and CBC in that the data block that is XOR'd in each step is independent of the previous step. This removes the problem of error propagation to subsequent ciphertext blocks, but also weakens the strength of the cipher in that known plaintext attacks are simpler to execute. Figure 6.5 shows the flow of OFB.
Figure 6.5: Diagram of Output Feedback Mode
Figure 6.5 shows that the IV is used as a seed for the process. After passing through the encryption function the ciphered data S0 is XOR'd with the first block of plaintext data. The result is the first ciphertext block E0. The S0 data is also passed to the next sequence, into the encryption engine.
Digital Signatures
A digital signature is merely a means of "signing" data to authenticate that the message sender is really the person he or she claims to be. Digital signatures can also provide for data integrity along with authentication and non-repudiation. Digital signatures have become important in a world where many business transactions, including contractual agreements, are conducted over the Internet. Digital signatures generally use both signature algorithms and hash algorithms.
When a message is encrypted with a user's private key, the hash value that is created becomes the signature for that message. Signing a different message produces a different signature. Each signature is unique, and any attempt to move the signature from one message to another would result in a hash value that would not match the original; thus, the signature would be invalidated. Digital signatures are most often based on the X.509 standard.
| Test Day Tip | Understanding how digital signatures are created, what their components are, and how they are used is an integral part of the SSCP exam. |
Key Types
Whether chosen or generated and whatever size, encryption keys are classified by their use in cryptographic methods. In some cases, the same key is shared among all participants or endpoints; in others, different or complementary keys are distributed throughout a user population. The key systems are classified as private, public, and hybrid.
Private Key
Private key encryption is also called symmetric encryption or secret key encryption, and uses just one key, called a shared secret, for both encrypting and decrypting. This is a simple method of encryption, but there is one problem with it: The key must be shared between the sender and the recipient of the data, so a secure method of key exchange must be devised. Otherwise, if a third party intercepts the key during the exchange, an unauthorized person can easily decrypt the data.
Public Key
There are many cases where a single key cannot or should not be used at both (or all) endpoints. For example, if a private key is spread among many systems or users, the likelihood of compromise increases. Sharing a single key also makes it difficult to validate the encryption source as each user or system does not have a unique key. Also, some users may not have the same level of trust within an organization, so sharing a key with them may not be desirable. Importantly, if a key is compromised, every user or system must change their key. Key synchronization problems could easily result in failed communications.
Alternate methods of encryption and decryption were devised to resolve the above problems. Asymmetric encryption uses different, but complementary keys for encryption and decryption. One key is used exclusively to encrypt messages, with the other key in the pair used for decryption. This is advantageous in that the second key can be distributed to many destinations or recipients. In these cases, the decryption key is "public," giving rise to the term public key cryptography.
This process assumes that the recipients have a copy of the sender's public key. Likewise, when the recipient wishes to send a secure reply guaranteed to be from them (non-repudiation) they must ensure that the other party holds their public key. Each party must also use some method to guarantee or provide assurance that the public key they have is authentic. In most cases, this is straightforward but produces problems with very large numbers of keys. Some of these issues are addressed with PKI, discussed later in the chapter. If the parties can ensure that the public keys they hold are valid, then the successful decryption of a message's contents have not been modified. This is called assurance of plaintext integrity or authenticity.
Hybrid Key
In some cases, it is important to utilize a private (shared) key to achieve the performance or efficiency needed. Remember, asymmetric systems are very slow compared to symmetric systems. But what of the cases where secure communication is needed, but it is not desirable to share a fixed private key? Even if it were desirable, how would you securely transfer that key? To solve this problem, you can begin the communication with public key encryption, using it merely to exchange a private key for use during that communication session (a symmetric key sent via an asymmetric message). This leads to the discussion of public key systems and PKI.
Key Management Issues
All the encryption methods and algorithms discussed require a key or keys. The overview of crypto system goals discussed the importance of strength through the size, randomness, and most importantly, the secrecy of the private key or keys in use. For private key (symmetric) systems, the secure storage of keys and the secure transfer of initial keys are critical, as is a secure method of notifying the recipients of key changes or updates.
If a particular key is used for an extended period it becomes more likely that the key will be compromised, whether by a brute force attack, other means of cryptanalysis, by theft, or other methods such as social engineering. This creates a requirement to change the key at regular intervals. How often a key is changed depends on a variety of factors including:
-
The confidentiality needed for the data being protected
-
The length of the key in use (the size of the key space)
-
The relative strength of the encryption algorithm in use
Key storage and distribution systems attempt to address these issues. Kerberos is an example of a private-key key distribution center (KDC). (PKI systems use asymmetric cryptography with a trusted distribution center and authentication to solve these problems in a different fashion.) Endpoints can then create a one-time key for use during their communications. Participants in the system have individual private keys that are seldom changed. Copies of these keys are stored in the KDC in a private key system. Public key systems simply use the participant's public keys that are stored at the KDC. When a participant wishes to send a message, the program initially communicates with the distribution point and receives a random key used only for the following communication. This is the session key. The distribution point encrypts the session key with each participant's public key (in private key only systems, the user's private keys are used). The encrypted key is sent to each user and is used only for that communication session or for a particular defined time period.
If an individual user's private key is compromised, the key stored at the KDC must be deleted and a new key (or key pair in a PKI system) created. This process is called key revocation. Some type of authentication is important to prevent a cracker from unauthorized revocation of user's keys.
The security of the keys used for the trusted source, the KDC, is of utmost importance. Assuring that no one person holds or knows the entire key increases the safety of these keys. To do this, a key may be stored as multiple smaller integers, where two or more individuals have only a portion of the key. Theft or ethical failings by one trusted person thereby, does not compromise the entire key distribution system.
Problems with Key Selection
As noted keys are ideally random numbers chosen from a large range of possible values called the key space. The use of random number-generation functions in modern computers assists in this process, but several problems must be overcome. Computing functions operate in cycles based on synchronization with an internal clock. All functions are processed based on timing from this internal clock, which is obviously predictable. How then do we introduce randomness into the selection of a number from a key space?
Often systems use input from outside the computer as a means of introducing randomness or "entropy" to the derived value. Inputs such as temperature sensors have been used in certain systems, and solutions using calculations based on the variation in the timing of key presses by a user are common. These external inputs are used to "seed" the generator with data for use in the number generation. Unfortunately, even with such outside input, the arithmetic functions used to generate the numbers are still pseudorandom. Selection of a superior random number generator should depend on the following desirable properties:
-
Sequence independence: Any set of numbers generated should not correlate (should be uncorrelated) with any other set generated.
-
The numbers generated should be unbiased. This is also called uniformity. For any set of random numbers generated, there should be no bias toward any number or group of numbers in the set. In the simplest example, a generator that produces binary numbers (either a 0 or 1) should be equally likely to produce a 0 or 1. Given a generator that produces numbers between 1 through 256, a large sample size of generated numbers should not result in a majority of results being in the range of 1 through 128.
-
Ideally, the generator should never repeat a large sequence; in practice, repetition may (or should) occur only after a very large set of results have been generated.
-
The generator should be efficient. A large amount of CPU time or CPU power should not be required for number generation.
|
|
EAN: 2147483647
Pages: 135