Đang tải... (xem toàn văn)
The content of this study is divided into four main sessions:•A Basic Research on the Basic Cryptography Knowledge•Algorithms that Commonly Used in Symmetric Cryptosystem•Algorithms that Commonly Used in Asymmetric Cryptosystem•Theoretical Analysis of Encryption Algorithm
Area 1: Common Infrastructure Technology Student ID Student name Email address Class Submit date October 2020 Title Search Two Types of Encryption Keys: Public and Secret Key Algorithms Purpose of the Study The Internet is an open environment to exchange information, any information sent or received on the Internet can be stolen or eavesdropped on Therefore, one of the most effective solutions for this problem is encryption The main goal of this report is to give a brief overview of two encryption keys: public and secret key algorithms for newcomers to cyber security and cryptography, hence, it will not go too deep into coding techniques Contents and Scope a Contents The content of this study is divided into four main sessions: A Basic Research on the Basic Cryptography Knowledge Algorithms that Commonly Used in Symmetric Cryptosystem Algorithms that Commonly Used in Asymmetric Cryptosystem Theoretical Analysis of Encryption Algorithm b Scope This study will introduce some fundamental definitions and models in cryptography as well as briefly give the explanations and related knowledge and informations of several common symmetric encryption techniques of both symmetric and asymmetric key algorithms Results of the Study 4.1 Basic Cryptography Definitions Plaintext is the original content in documents may including typical characters, sentences, figures, or images or texts which is readable Ciphertext is the materials that replaced from original characters, sentences, figures, or images to other characters, figures or images that can not be recognized by manual method Encryption is the process in which data is converted into something that seems to be unreadable or can be simply known as a process transforming plaintext into ciphertext Decryption is the process in which the encoded information is converted back to its original form or can be known as a process transforming ciphertext into plaintext Key is a piece of information used in combination with an algorithm or a cipher to transform plaintext into ciphertext, which called encryption, and vice versa, decryption Cryptosystem is a system consisting of encryption algorithm and decryption algorithm The picture below is a visual explanation how this system work For a given encryption key the encryption algorithm will map a plaintext to a ciphertext, which is usually unique determined For the corresponding decryption key, the decryption algorithm will map the ciphertext to the plaintext, which is usually unique determined too Figure Cryptosytem 4.2 Symmetric/Secret Key Algorithms a Symmetric encryption system A symmetric encryption system is an encryption system that uses a shared secret key for both encryption and decryption In this system, the key is a random and secret value shared among information exchange parties that can be generated from trusted third parties and distributed to senders and receivers or can be directly created by the sender and transmitted to the receiver The mechanism of this system is simple: the sender uses the key to encrypt information and sends it to the receiver, then the receiver uses that shared secret key to decrypt There many symmetric ciphers, for example: DES, 3DES, AES, RC4, etc This study is about to mention two most common secret key algorithms: DES and AES b Data Encryption Standard (DES) On May 15, 1973, the National Bureau of Standards (NBS), which is now known as NIST National Institute of Standards and Technology (USA), published a notice in the Federal Register soliciting proposals for cryptographic algorithms to protect data during transmission and storage and waited for the responses to come in However, it received none until August 6, 1974, when IBM submitted a candidate that it had developed internally under the name Lucifer After evaluating the algorithm with the help of the National Security Agency (NSA), the NBS adopted a modification of the Lucifer algorithm as the new Data Encryption Standard (DES) on July 15, 1977 DES is a very default method and also well known as a block cipher It encrypts messages or data in many blocks of size of 64 bits per each, means 64-bit blocks of plaintext goes as the input to DES, which produces 64-bit blocks of ciphertext The initial key also consists of 64 bits However, before the DES process even starts, every 8th bit of the key is discarded (at position 8, 16, 24, 32, 40, 48, 56 and 64) to produce a 56 bit key, so the final key length is 56 bits The same algorithm and key are used for encryption and decryption, with minor differences DES is based on the two fundamental attributes of cryptography: substitution (also called as confusion) and transposition2 (also called as diffusion) DES includes of 16 rounds, each round performs the steps of substitution and transposition before generates the final ciphertext blocks The encoding process goes as follows: Calculating the total of bits of the plaintext and dividing them into 64-bit blocks Separating the 64-bit blocks into two halves, says Left Group (L) and Right Group (R) Substituting and transposing each group, those groups go through 16 rounds of encryption process In the end, the two groups are rejoined, the finale result of this process is 64-bit ciphertext Figure DES encrpytion process Substitution cipher is an encryption technique that replaces one symbol with another Transposition cipher is an encryption technique that reorders symbols in a block of symbols c Advanced Encryption Standard (AES) A replacement for DES was needed as its key size was too small comparing to a lot of information that need to encrypt Additionally, with the increasing of computing power, it was considered vulnerable against Brute force attacks 3; so, triple DES4 was designed to overcome this drawback but it was found slow Therefore, a new encryption standard recommended by NIST to replace DES and 3DES: Advanced Encryption Standard (AES) In fact, AES algorithm not only for security but also for great speed and it is also a very popular and widely adopted symmetric encryption algorithm likely to be encountered nowadays The AES encryption algorithm encrypts and decrypts data in blocks of 128 bits It can this using 128-bit, 192-bit, or 256-bit keys AES using 128-bit keys is often referred to as AES-128, and AES-192 as well as AES-256 are referred in a way similar to the AES-128 The number of rounds in AES is variable and depends on the length of the key: AES-128 uses 10 rounds, AES-192 uses 12 rounds and AES-256 used 14 rounds Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key and comprise of some sub-processes including substitution, transposition and mixing of the input plaintext to transform it into the final output of ciphertext The following diagram provides a simplified overview of the AES encryption process Figure AES encryption process In order, these are about four sub-steps in one round of AES encoding cipher: Brute force attacks is a very primitive form attack is also known as an exhaustive key search It basically involves trying every combination of numbers possible until the correct key is found Triple DES (3DES) is a sub-variant cipher of DES executing the DES algorithm three times Byte Substitution (SubBytes): The 16 input bytes are substituted by looking up a fixed table (Sbox) given in design The result is in a matrix of four rows and four columns Shiftrows: Each of the four rows of the matrix is shifted to the left Any entries that “fall off” are re-inserted on the right side of row Shift is carried out as: ○ First row is not shifted ○ Second row is shifted one (byte) position to the left ○ Third row is shifted two positions to the left ○ Fourth row is shifted three positions to the left ○ The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other MixColumns: Each column of four bytes is now transformed using a special mathematical function This function takes as input the four bytes of one column and outputs four completely new bytes, which replace the original column The result is another new matrix consisting of 16 new bytes It should be noted that this step is not performed in the last round Addroundkey: The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round key If this is the last round then the output is the ciphertext Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another similar round The first round process is depicted below: Figure AES first round process The decryption processes of an AES is similar to the encryption process in the reverse order and both sender and receiver have the same key to encrypt and decrypt data Each round consists of the four processes conducted in the reverse order, like this: Add round key Mix columns Shift rows Byte substitution Since sub-processes in each round are in reverse manner, the encryption and decryption algorithms needs to be separately implemented, although they are very closely related Comparing AES and DES algorithm, we can notice that they are both symmetric block ciphers, but AES is more mathematically efficient The main benefit of AES lies in its key length options The time required to crack an encryption algorithm is directly related to the length of the key used to secure the communication: 128-bit, 192-bit or 256-bit keys Therefore, it is exponentially stronger than the 56-bit key of DES and it is also significantly faster than 3DES The table below display more detail about several differences between AES and DES cryptosystem Table Difference between AES and DES ciphers AES – Advanced Encryption Standard Key length can be of 128-bits, 192-bits and 256bits Number of rounds depends on key length: 10 rounds for 128-bits, 12 rounds for 192-bits and 14 rounds for 256-bits The structure is based on substitutionpermutation network DES – Data Encryption Standard Key length is 56 bits Involving 16 rounds of identical operations The structure is based in feistel network The rounds in AES are: Byte Substitution, Shift Row, Mix Column and Key Addition Can be broken easily as it has known vulnerabilities (3DES - Triple DES is a variation of DES which is secure than the usual DES) The rounds in DES are : Expansion, XOR operation with round key, Substitution and Permutation Can encrypt 128 bits of plaintext Can encrypt 64 bits of plaintext Be derived from square cipher Be derived from Lucifer cipher More secure than the DES cipher and is the de facto world standard Was designed by Vincent Rijmen and Joan Daemen No known crypt-analytical attacks against AES but side channel attacks against AES implementations possible Biclique attack have better complexity than brute-force but still ineffective 4.3 Was designed by IBM Known attacks against DES include: Brute-force, Linear crypt-analysis and Differential cryptanalysis Asymmetric/Public Key Algorithms a Asymmetric encryption system An asymmetric encryption system is an encryption system that uses a pair of keys for every party: public key which are published openly, and a private key which are never revealed for encryption and decryption It means the key used encryption process will be totally different from the key used to decrypt the data In this system, the sender sends the information encrypted by public key through a non-confidential communication channel to the receiver The recipient who receives the information will use the private key to decrypt it Advantage of this encryption system is hackers will also know the public key, however, because there is no private key, they cannot see the submitted information One of the most widely used asymmetric key cryptosystem is RSA and digital signature, which use the public key encryption system as a principle to verify the authenticity of digital messages or documents b Rivest–Shamir–Adleman (RSA) The RSA algorithm has come to be known by the acronym from the inventors’name: Ron Rivest, Adi Shamir and Leonard Adleman The three authors firstly described the RSA cipher in 1977 and that idea was patented in 1983 by Massachusetts Institute of Technology (MIT), but it was not until the early days of the Internet that the algorithm began to see widespread adoption as an important security tool Moreover, the RSA cryptosystem has stood the test of time to this day, where it is used in cryptographic applications from banking, and e-mail security to e-commerce on the Internet RSA cryptosystem involves these major steps Key Generation o Select two large prime numbers5, and The prime numbers need to be very large, and also relatively far apart, so that they will be difficult for someone to figure them out o Calculate a trap function6: o Calculate the Euler’s totient function: o Select an integer , such that is co-prime to and The pair of numbers makes up the public key o Calculate such that The number can be found using the Extended Euclidean Algorithm The pair makes up the private key Encryption Given a plaintext , represented as a number, the ciphertext is calculated as: Decryption Using the private key , the plaintext can be found using: To sum up, the basic principle of this cipher is to find three very large positive integers , and can be found where: The idea of RSA is based on the fact that it is difficult to factorize a large integer The public key consists of two numbers where one number is multiplication of two large prime numbers And Prime number is a number that cannot be divided by any other number except itself and the number For example, 2, 3, and are prime numbers A trapdoor function is a function that is easy to compute in one direction, yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information In number theory, two integers and are relatively prime, mutually prime, or coprime if the only positive integer that evenly divides (is a divisor of) both of them is private key is also derived from the same two prime numbers So if somebody can factorize the large number, the private key is compromised; though, even knowing , and , it is very difficult to find Therefore encryption strength totally lies on the key size and if we double or triple the key size, the strength of encryption increases exponentially RSA keys can be typically 1024 or 2048 bits long Although experts believe that 1024 bit keys could be broken in the near future, it seems to be an infeasible task so far Figure RSA cryptosystem c Diffie-Hellman (DH) key exchange algorithm Although symmetric key algorithms are fast and secure, key exchange is always an issue A solution for this problem is using hybrid crypto system, the combination of symmetric and asymmetric encryption Asymmetric encryption is used as a technique in key exchange mechanism to share secret key After the key is shared between senders and receivers, the communication will take place using symmetric encryption, and then, the shared secret key will be used to encrypt the communication The Diffie-Hellman algorithm, named after two authors Whitfield Diffie and Martin Hellman, is a method for securely exchanging cryptographic keys over a public communications channel Actually, the keys are not really exchanged, but they are jointly derived The DH algorithm is also one of the earliest known asymmetric key implementations that is still in use today DH key exchange is a complicated cipher and it can be difficult to understand how it works because it uses huge amount and a lot of math Basically, the original idea of this algorithm is illustrated in the picture below: Figure Basic idea of Diffie-Hellman algorithm Claiming that there are two people, Alice and Bob, need to exchange their secret paint colors through a mixture of colors At first, Alice and Bob publicly agree on an arbitrary starting color that does not have to be kept secret ( ■) Each person also secretly selects a color that they keep to themselves (Alice’s color is ■, and Bob’s color is ■) The next crucial part of the process is the two parties mix their own private color together with their mutually shared one and then publicly exchange the two mixtures ( ■ and ■) After received the mixture from the other, each person adds their own secret color to get the identical color mixture ( ■) This final mixtures are exactly the same for both people and only the two know, called the common secret color The important point of this key exchange method is that both parties can get the same result, without having to send all the shared secrets on the communication channel Choose a generic color, their own private color, swap the first mixture and then add their own color again, giving both sides a way to go to the same generic secret without having to submit the whole If there is an outsider listening for the exchange, he or she could only know the common color ( ■) and the exchanged mixture (■ and ■) because it will be not easy (in terms of calculation) to figure out the two's shared secrets or the final color ( ■) Now, the two parties will use this shared secret to encrypt and decrypt data transmitted on public channels, which means they can safely communicate with each other The cryptographic explanation of the DH algorithm is described in the table below In this table, is a prime number, is a primitive root8 of and they are both publicly available numbers On the other hand, and are the private values selected by the two parties Table DH process Action Public keys available Private key selected Key generated Exchange the generated keys Key received Secret key generated Alice Bob Since , we can algebraically show that In this process, only the numbers and are kept secret All the other values, such as , , and are sent in the clear The strength of the scheme comes from the fact that take extremely long times to compute just from the public values Once the two parties complete computing the shared secret key they can use it to encrypt the messages for sending and communicating across the same open channel The Diffie–Hellman key agreement is not limited to negotiating a key shared by only two participants Any number of users can take part in an agreement by performing iterations of the agreement protocol and exchanging intermediate data, which does not itself need to be kept secret 4.4 Theoretical Analysis of Encryption Algorithm The table below shows several different points between the four algorithms mentioned above in the study Table Comparison between the DES – AES – RSA – DH Algorithms