28-07-2011, 11:18 AM
[attachment=14861]
A survey of Encryption Standards
What is Cryptography
Cryptography
science of information security
Cryptanalysis
The study of methods for obtaining the meaning of encrypted information without accessing the secret information
Cryptology
Cryptography + cryptanalysis
Objectievs of cryptography
Confidentiality
keeping messages secret
origin authentication
verlfying a message’s source
Integrity
assuring that a message has not been modified;
key management
distributing the secret “keys” for cryptographic algorithms.
Anonymity
The identity of an entity if protected from others.
Keys
It is a variable value that is used by cryptographic algorithms to produce encrypted text, or decrypt encrypted text.
The length of the key reflects the difficulty to decrypt from the encrypted message.
Algorithms
method of transforming a message to add some cryptographic protection
involve one or more keys, which are cryptographic variables
Key is unique to one user
Encryption algorithm classes
Secret-key cryptosystems
Public-key cryptosystems
Digital signature schemes
Key-agreement algorithms
Cryptographic hash functions
Authentication codes
Secret-key cryptosystems
it encrypt and decrypt messages with a key in such a way that it is difficult to decrypt without the key
Symmetric
uses same key for encryption and decryption
Key must be known by both parties.
Operates on one block at a time
It provides confidentiality and key management to parties who have previously agreed on a secret key
Uses data encryption standard(DES)
Secret Key How to?
DES (Data Encryption Standard)
Published in 1977, standardized in 1979.
Key: 64 bit quantity=8-bit parity+56-bit key
Every 8th bit is a parity bit.
64 bit input, 64 bit output.
DES continued
Adopted in 1977 by NBS (now NIST)
Now considered insecure, primarily due to the small key size
Very efficient to implement in hardware
Enjoyed widespread international use
Currently Available Crypto Algorithms (private key)
Public-key cryptosystems
encrypt and decrypt messages with two different keys
The encryption
key can be published without compromising security and is called private key
the decryption key is called the private key.
Asymmetric
encrytion and decyption key is different
The idea comes from Diffie and Hellman."
Encryption with a Public Key System
Public-Private Encryption
provide confidentiality and key management.
More secure than secret key encryption
But slower than secret key encyption
Their main advantage is that, since the encryption key can be published parties need not first agree on a secret key.
They are often combined with secret-key cryptosystems to gain the benefits of both: speed without prior secrets.
Currently Available Crypto Algorithms (public key)
RSA (Rivest, Shamir, Adleman)
DH (Diffie-Hellman Key Agreement Algorithm)
ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm)
RPK (Raike Public Key)
RSA
The Inventors
R - Ron Rivest
S - Adi Shamir
A - Leonard Adleman
The One-Way Function
The exponentiation function y = f(x) = xe mod n can be computed with reasonable effort.
Its inverse x = f -1(y) is extremely difficult to compute.
The Hard Problem Securing the Trapdoor
The RSA public key algorithm is based on the well-known hard problem of factoring large numbers into its prime factors that has been studied over many centuries
RSA Key Generation Algorithm Algorithm
Digital signature schemes
These schemes “sign” messages and verlfy the resulting signature with two different keys in such a way that it is difficult to sign without the signing key.
Similar to public-key cryptosystems, the verification key can be published without compromising security, and is called the public key; the signing key is called the private key
Digital signature schemes provide integrity and origin authentication
Slower than ske
related. In so-called reversible cryptography, signing in a digital signature scheme is the same as decryption in a public- key cryptosystem
Standaeds used
RSA
irreversible algorithm by NIST
ANSI X9.31 part 1,j
DSS
How digital Signature works?
DSA (Digital Signature Algorithm)
Key-agreement algorithms
These algorithms manage keys through an exchange of messages derived from private values that are not shared
These algorithms manage keys through an exchange of messages derived from private values that are not shared. The result of the exchange is that parties agree on a secret key
Need private values
Key-agreement algorithms provide confidentiality and key management and authentication
no primary standard key-agreement algorithm exist
Standard used
Diffie-Hellman, the de facto standard
ISO/IEC’s joint
working group SC6 is developing standards for key agreement in the network and transport layers of the OS1 reference m~del,~’’
Cryptographic hash functions
reduce a message of arbitrary length to a short code so that it is difficult to find a message with a given hash code
There is no key
Hash functions are also called message digests and
modification detection codes in the literature.
A hash code is typically 128 or 160 bits long.
Hash functions are generally quite fast.
They provide message integrity to parties knowing a message‘s hashcode
often combined with digital signature
The Secure Hash Standard (SHS),3i which defines SHA, is the primary standard.
SHA produces a 160-bit hash from a message of arbitrary length; it is intended to be combined
with DSA.31 ANSI X9.30 part 241 specifies SHA.
with DSA.31 ANSI X9.30 part 241 specifies SHA. Other hash algorithms suitable for standardization include MD2 and MD5,
ANSI X9.31 part 2.’4 SC27/WG2 is also developing standards
Authentication codes
These codes reduce a message of arbitrary length to a short code under a secret key so that it is difficult, without the key, to compute the authentication code, or to find a new message with a given authentication code
message integrity and origin authentication
An authentication code is typically 32 or 64 bits long, and the keys are 56 bits long.
The primary standard is FIPS PUB 113,+’w hich defines the Data Authentication Algorithm
The algorithm is a variant of DEA it produces a 32-bit authentication code from a message of arbitrary length and a 56-bit key
ANSI X9.Y6 and Australian standard AS2805.4“ specify DAA.
Secure electronic mail
Standard used
Internet privacy-enhanced mail (PEM)
combines secret-key cryptosystems, public-key
cryptosystems, hash functions, and digital signature
scheme
It is a text-based protocol compatible with most electronic-mail syste
, PEM has adopted RSA, DEA, MD2, and MD5 algorithms,
Secure communications
These standards focus on the security of local-area networks and wireless links
IEEE’s
P802.10 project, Secure Interoperable LAN (local area network) Security (SILS), addresses privacy and authentication of data at the data page link layer.
the protocol is transparent to higher layers
The CDPD specifications2” d efine an encryption protocol for wireless links based on Diffie-Hellman key agreement and RC4.
Directory authentication and network management.
X.509 directory authentication
public-key and secret- key techniques to check the identity of the user attempting to access global directory
“Weak” authentication identifies a user by a password, while ”strong” authentication involves digital signatures
Two additional contributions of X.509 are certificates, which bind a public key to a user’s name with a digital signature, and certificate-revocation lists,which break the binding
Banking.
Standard used is
ANSI X9.17
draft Australian standard AS2805.6.5.3,@w hich specifies
RSA;
9 CFONB ETEBAC-5,61 a French banking standard that
specifies RSA and DEA; and
IS0 CD 11666, a draft standard for banking key management
that specifies RSA.62.6W3 hether it will be approved
is unclear, as its architectural features have been
criticized
Conclusion
These a;gorithmd are solutions to the confidentiality problemencryption in the pure sense em to b
the hardest to standardize
