Cryptography Basics Pki

Unit 1 : Cryptography Basics Introduction and Key Terms

LEARN CRYPO & PKI

« La Citadelle électronique »

Cryptography

A technology for protecting you digital asset

And then design Security Solution

Introduction and Key Terms Unit 1 : Cryptography Basics

TRAINING CRYPTOGRAPHY & PKI

Author: Sylvain Maret
Security architect, PKI instructor & Checkpoint instructor
(Checkpoint CCSE)
Dimension Data (Swiss) formerly Datelec

Cédric Enzler
IPSEC & cryptographic engineer, PKI instructor
Dimension Data (Swiss) formerly Datelec

Revision: Version 1.5, October 1999, rev. August 2000


TABLE OF CONTENTS
Learn Crypo & PKI _______________________________________________1
Training Cryptography & PKI ______________________________________2
Table of contents _________________________________________________3
1. Cryptography Basics ___________________________________________5
1.1. Introduction _______________________________________________________5
1.2. Key terms _________________________________________________________5
1.3. Miscellaneous Cryptosystems _________________________________________7
1.3.1. Secret Key __________________________________________________________ 7
1.3.2. Public Key __________________________________________________________ 7
1.3.3. Message Digest ______________________________________________________ 7
1.4. Cryptography in history _____________________________________________8
1.5. Cryptoanalysis ____________________________________________________20
1.6. AES (Advanced Encryption Standard) ________________________________22
1.6.1. Overview of the AES Development Effort ________________________________ 22
1.6.2. Minimum Acceptability Requirements ___________________________________ 23
1.6.3. AES Round 2 Finalists ________________________________________________ 23
1.7. Smart Cards ______________________________________________________25
1.7.1. Introduction ________________________________________________________ 25
1.7.2. What kinds of Smart Cards are available? _________________________________ 25
1.7.3. Symmetric / Asymmetric Cryptoprocessing _______________________________ 26
1.7.4. Smart Cards with different “flavor” ______________________________________ 26
1.7.5. Memory Cards ______________________________________________________ 26
1.7.6. Symmetric Cryptoprocessor Cards ______________________________________ 27
1.7.7. PKI Smart Cards ____________________________________________________ 27
2. PKI Applications (lab exercises)_________________________________29
2.1. Symmetric file encryption ___________________________________________29
2.1.1. Lab Exercise 1 ______________________________________________________ 29
2.2. Message-Digest Algorithms __________________________________________33
2.2.1. Lab Exercise 2 ______________________________________________________ 33
2.3. Securing the desktop _______________________________________________37
2.3.1. Introduction ________________________________________________________ 37
2.3.2. Blowfish Advanced CS _______________________________________________ 37
2.3.3. Lab Exercise 3 ______________________________________________________ 40
2.4. PGP (Pretty Good Privacy) __________________________________________46
2.4.1. The PGP Symmetric Algorithms ________________________________________ 46
2.4.2. About PGP Data Compression Routines __________________________________ 47
2.4.3. About the Random Numbers used as Session Keys__________________________ 48
2.4.4. About the Message Digest _____________________________________________ 48
2.4.5. Encryption and Decryption ____________________________________________ 49
2.4.6. Digital Signature for PGP _____________________________________________ 50


2.4.7. Lab Exercise 4_______________________________________________________ 51
2.5. The SSH Protocol _________________________________________________ 63
2.5.1. Introduction _________________________________________________________ 63
2.5.2. Host Authentication___________________________________________________ 64
2.5.3. User Authentication___________________________________________________ 64
2.5.4. Cryptographic Methods________________________________________________ 65
2.5.5. Lab Exercise 5_______________________________________________________ 66
2.6. S/MIME _________________________________________________________ 79
2.6.1. Lab Exercise 6_______________________________________________________ 79
2.7. SSL _____________________________________________________________ 97
2.7.1. History_____________________________________________________________ 97
2.7.2. Secure Sockets Layer (SSL) ____________________________________________ 97
2.7.3. Session Establishment _________________________________________________ 98
2.7.4. Key Exchange Method ________________________________________________ 99
2.7.5. Cipher for Data Transfer _______________________________________________ 99
2.7.6. Digest Function _____________________________________________________ 100
2.7.7. Handshake Sequence Protocol _________________________________________ 100
2.7.8. Data Transfer_______________________________________________________ 101
2.7.9. Lab Exercise 7______________________________________________________ 102
2.7.10. Lab Exercise 8______________________________________________________ 123
2.8. Smart Card _____________________________________________________ 138
2.8.1. Lab Exercise 9______________________________________________________ 138
2.9. Playing the security officer _________________________________________ 140
2.9.1. Lab Exercise 10_____________________________________________________ 140
2.10. Revocation with client SSL authentication __________________________ 143
2.10.1. Lab Exercise 11_____________________________________________________ 143
2.11. IPSEC ________________________________________________________ 147
2.11.1. Introduction ________________________________________________________ 147
2.11.2. IPSec Architecture___________________________________________________ 148
2.11.3. IPSec Tunneling ____________________________________________________ 149
2.11.4. IKE Main Mode and Quick Mode_______________________________________ 154
2.11.5. Lab Exercise 12_____________________________________________________ 157


1. CRYPTOGRAPHY BASICS
1.1. INTRODUCTION
It is likely that almost all students attending our “introduction to PKI” already have at least a
basic knowledge of encryption and related subjects. Consequently, some of you might wish to
skip this chapter: defining a terminology or a set of cryptography key terms is austere. However,
we decided to begin with this less exciting section because we noticed, in many discussions with
people familiar to the field, that terms definitions are often mixed up. As a result, we decided to
start with simple definitions of key terms, which will be used constantly in the course, in order to
provide the basis needed to understand the subject.

1.2. KEY TERMS
A message will be defined as plaintext or cleartext.

The process of disguising a message to hide its substance is encryption.

The encrypted message is refered to as ciphertext.

Decryption is the process turning cyphertext back into plaintext.

You can see hereafter a schematic view of these definitions:

Cryptography Key Terms Figure 1

Cryptography is the science allowing messages to be kept secure.

Cryptanalysis is the art and science of breaking ciphertext (seeing through the above disguise).

Cryptology is the mathematics branch encompassing both cryptography and cryptanalysis.
Today, as cryptology is based on mathematical properties of numbers both in modern algebra and
number theory, cryptologists are theoretical mathematicians.


Encryption and decryption are conducted by way of a set of mathematical functions, referred to
as cryptographic algorithm or cipher. Besides providing confidentiality, cryptography is
required to provide other security feature, as:

- Authentication: It should be possible for the receiver of an encrypted message to be certain
of the sender’s identity. Authentication is the process that guarantees the respect of this rule.
- Non repudiation: Inability of a sender to certify he was not the sender of the ciphertext.
- Integrity: Provides a guarantee that the message was not modified between the sender and
the receiver.

First ciphers or cryptographic algorithms suffered a major drawback : their security was based on
the secrecy of the algorithm itself. As a result, every time a user was leaving the group of people
knowing the algorithm, all other users had to switch to a different one! We understand today that
this is not acceptable, therefore these ciphers, called restricted algorithms, are not used anymore.

Modern cryptography worked around this drawback by introducing the concept of key. In these
algorithms, security is based on key(s), meaning that the algorithm can be published at no risk. In
most cases, the key used for encryption is not the same as the one used for decryption. As a
result, the above diagram is modified as follows:

Cryptography Key Terms Figure 2

A cryptosystem consists of a cipher, keys and all possible plaintexts and ciphertexts.

In some algorithms, the decryption key can be calculated from the encryption key. Both keys can
be similar or different. In this case, we talk about symmetric encryption (see further in the
course). In some other algorithms, both keys cannot be calculated from each other: this is called
asymmetric encryption or Public-Key encryption.

Unit 1 : Cryptography Basics Miscellaneous Cryptosystems

1.3. MISCELLANEOUS CRYPTOSYSTEMS
Today’s cryptosystems do not rely on simple text shifts or substitution techniques, like those
described in the beginning of the next section, but rather on sophisticated mathematical
algorithms that theoretically would use an unreasonable amount of computer power and time to
break. The range of applications using cryptography to solve everyday problems is growing.
Today, exchanging information is so easy and the amount of information we routinely exchange is
so far greater than ever before, that the need to secure that information and have secure means of
transmitting it is of considerable importance.

Records ranging from personal medical data to credit card purchases that were once relatively
easy to secure in hard copy now flow freely over public networks. Today, the use of cryptography
has shifted from a “weapon” conceived primarily for military applications and espionage to a
valuable and indispensable tool the general public to conduct everyday, routine transactions

1.3.1. Secret Key
This cryptosystem – sometimes referred to as Symmetric Key Encryption, this is a rather
straightforward cryptographic system in which plain text is encrypted by providing the encryption
algorithm with a value; this value is the secret key. Only the parties that know the secret key value
are able to decrypt the resulting cyphertext.

1.3.2. Public Key
Sometimes referred to as Asymmetric Key Encryption, this type of cryptosystem relies on a key set
composed of two elements: a private key and a public key. The public key is typically stored in a
location available to anyone. When someone wants to send an encrypted message to another
party, he obtains that party’s public key and uses it to encrypt the message. As the recipient is in
possession of the private component of the key, only he can decrypt s the message.

Miscellaneous Cryptosystems Figure 1

1.3.3. Message Digest
This type of cryptosystem is often called a hashing function. With this technology, a variable length
message is run through the encryption algorithm to produce a fixed length digest through the
algorithm to produce the original message.

All three cryptosystems are used in most Public Key Infrastructure implementations. They will be
described in more details in the following sections.

© Dimension Data SA (Switzerland), Sylvain Maret & Cédric Enzler
Version 1.5, October 1999, rev. August 2000 Page 7

Cryptography in History Unit 1 : Cryptography Basics

1.4. CRYPTOGRAPHY IN HISTORY
Cryptography is one of the oldest fields of technical study we can find records of, going back at
least 4,000 years. It is quite noteworthy that, of all the cryptosystems developed in those 4,000
years of effort, only 3 systems remain hard enough to break to be of real value.

Cryptography probably began in or around 2000 B.C. in Egypt, where hieroglyphics were used to
decorate the tombs of deceased rulers and kings. These hieroglyphics told the story of the life of
the king and proclaimed the great acts of his life. They were purposefully cryptic, but not
apparently intended to hide the text. Rather, they seem to have been intended to make the text
seem more regal and important. As time went by, these writings became more and more
complicated, and eventually the people lost interest in deciphering them.

Cryptography in History Figure 1: Hieroglyphics

Cryptology was (and still is to some extent) enshrouded in a veil of mystique to most people. It
was because of this that the public began to acquaint cryptography with the black arts. It was
often thought to be related to communication with dark spirits, and developed a bad image
because of this. Most early cryptographers were scientists, but the common people were often
convinced that they were also followers of the devil.

The ancient Chinese used the ideographic nature of their language to hide the meaning of words.
Messages were often transformed into ideographs for privacy, but no substantial use in early
Chinese military conquests is apparent. Genghis Khan, for example, seems never to have used
cryptography.

In India, secret writing was apparently more advanced. The government used secret codes to
communicate with a network of spies spread throughout the country. Early Indian ciphers
consisted mostly of simple alphabetic substitutions, often based on phonetics. Some of these were
spoken or used as sign language. This is somewhat similar to quot;pig latinquot; (igpay atinlay) where the
first consonant is placed at the end of the word and followed by the sound quot;ayquot;.


Unit 1 : Cryptography Basics Cryptography in History

The cryptographic history of Mesopotamia was similar to that of Egypt, in that cuneiforms were
used to encipher text. The picture here under shows table of numbers found in Suse (Iran
modern). These numbers were associated to words, demonstrating an amazingly modern level of
cryptography.

Cryptography in History Figure 2: Mesopotamian tables

This technique was also used in Babylon and Assyria. In the Bible, a Hebrew ciphering method is
used at times. In this method, the last letter of the alphabet is replaced by the first, and vice versa.
This is called 'atbash'. For example, the following table gives a translation of this sort for English.
The word quot;HELLOquot; becomes quot;SVOOLquot;. Try to decrypt the word quot;WVXIBKGquot; and see what
you get.

ABCDEFGHIJKLMNOPQRSTUVWXYZ
ZYXWVUTSRQPONMLKJIHGFEDCBA

Cryptography in History Figure 3: An “Atbash” cipher

In the famous Greek drama the 'Iliad', cryptography was used when Bellerophon was sent to the
king with a secret tablet, which told the king to have him put to death. The king tried to kill him
by having him fight several mythical creatures, but he won every battle.

The Spartans used a system, which consisted of a thin sheet of papyrus wrapped around a staff
(now called a quot;staff cipherquot;). Messages were written down the length of the staff, and the papyrus
was unwrapped. In order to read the message, the papyrus had to be wrapped around a staff of
equal diameter. Called the 'skytale' cipher, this was used in the 5th century B.C. to send secret
messages between Greek warriors. Without the right staff, it would be difficult to decode the
message using the techniques available at that time. The following version of the alphabet
demonstrates the technique. First we see the wrapped version of the alphabet, then the
unwrapped version.

ADGJMPSVY
BEHKNQTWZ
CFILORUX

ADGJMPSVYBEHKNQTWZCFILORUX

Cryptography in History Figure 4: A “Skytale” cypher



Polybius developed another Greek method (now called the quot;Polybius Squarequot;). The letters of the
alphabet would be laid out in a five by five square (similar to the later Playfair method), with i and
j occupying the same square. Rows and columns are numbered 1 to 5 so that each letter has a
corresponding (row,column) pair. These pairs could easily be signaled by torches or hand signals.
Decryption consists of mapping the digit pairs back into their corresponding characters. This
system was the first to reduce the size of the symbol set, and in a loose sense it might be
considered the forerunner of modern binary representations of characters.

Cryptography in History Figure 5: The “Polybius Square”

Julius Ceasar used a system of cryptography (i.e. the 'Caesar Cipher') which shifted each letter 2
places further through the alphabet (e.g. Y shifts to A, R shifts to T, etc.). This is probably the
first cipher used by most schoolchildren. In figure 5, the first row is plaintext, while the second
row is the equivalent ciphertext. The distance of the displacement is not important to the scheme,
and in fact, neither is the lexical ordering chosen. The general case of this sort of cipher is the
quot;monoalphabetic substitution cipherquot; wherein each letter is mapped into another letter in a one to
one fashion. Try decoding VJKU.

ABCDEFGHIJKLMNOPQRSTUVWXYZ
CDEFGHIJKLMNOPQRSTUVWXYZAB

Cryptography in History Figure 6: The “Caesar” cypher

Cryptanalysis is the practice of changing ciphertext into plaintext without complete knowledge of
the cipher. The Arabs were the first to make significant advances in cryptanalysis. An Arabic
author, Qalqashandi, wrote down a technique for solving ciphers which is still used today. The
technique is to write down all the ciphertext letters and count the frequency of each symbol.
Using the average frequency of each letter of the language, the plaintext can be written out. This
technique is powerful enough to cryptanalyze ANY monoalphabetic substitution cipher if enough
cyphertext is provided.

During the Middle Ages, cryptography started to progress. All of the Western European
governments used cryptography in one form or another, and codes started to become more
popular. Ciphers were commonly used to keep in touch with ambassadors. The first major
advances in cryptography were made in Italy. Venice created an elaborate organization in 1452
with the sole purpose of dealing with cryptography. They had three cipher secretaries who solved
and created ciphers that were used by the government.



Leon Battista Alberti was known as quot;The Father of Western Cryptologyquot; in part because of his
development of polyalphabetic substitution. Polyalphabetic substitution is any technique allowing
different ciphertext symbols to represent the same plaintext symbol. This makes it more difficult
to interpret ciphertext using frequency analysis. In order to develop this technique, Alberti
analyzed the methods for breaking ciphers, and devised a cipher which would try to render these
techniques invalid. He designed two copper disks that fit into each other, each with the alphabet
inscribed upon it. To start enciphering, a predetermined letter on the inner disk is lined up with
any letter on the outer disk, which is written as the first character of the ciphertext. The disks are
kept stationary, with each plaintext letter on the inner disk aligned with a ciphertext letter on the
outer disk. After a few words of ciphertext, the disks are rotated so that the index letter on the
inner disk is aligned with a new letter on the outer disk, and in this manner, the message is
enciphered. By rotating the disk every few words, the cipher changed enough to limit the
effectiveness of frequency analysis. Even though this technique in its stated form is very weak, the
idea of rotating the disks and therefore changing the cipher many times within a message was a
major breakthrough in cryptography.

The next major step was taken in 1518 by Trithemius, a German monk who had a deep interest in
the occult. He wrote a series of six books called 'Polygraphia', and in the fifth book, devised a
table that repeated the alphabet with each row a duplicate of the one above it, shifted over one
letter. To encode a message, the first letter of the plaintext is enciphered with the first row of the
table, the second letter with the second row, and so on. This produces a message where all
available ciphers are used before being repeated. Figure 7 shows a changing key cipher of this sort.
Notice that the assignment of code symbols to plaintext symbols changes at each time step
(T1,T2,...). In this system, the key repeats every 26 letters of ciphertext. Here under we see the
table used (called tabula recta) as well as successiv encryption step

Cryptography in History Figure 7: “Tabula recta”

ABCDEFGHIJKLMNOPQRSTUVWXYZ Plaintext
FGUQHXSZACNDMRTVWEJBLIKPYO T0
OFGUQHXSZACNDMRTVWEJBLIKPY T1
YOFGUQHXSZACNDMRTVWEJBLIKP T2
PYOFGUQHXSZACNDMRTVWEJBLIK T3

GUQHXSZACNDMRTVWEJBLIKPYOF T25

Cryptography in History Figure 8: A “Changing Key” cipher



In 1553, Giovan Batista Belaso extended this technique by choosing a keyword that is written
above the plaintext, in a letter to letter correspondence. The keyword is restarted at the beginning
of each new plaintext word. The letter of the keyword above the letter of the plaintext is the first
letter of the cipher line to be used. In other words, if the plaintext letter is 'b', and it's keyword
letter is 'r', then the line of the Trithemius cipher beginning with 'r' is used to encipher the letter
'b'. He chose to name the keyword a “password”…

Keyword : BEL ASOBELA SOB ELASOB
Plaintext : LES ITALIENS ONT TROUVE

The basic keyword is BELASO in this example.

The most famous cryptographer of the 16th century was Blaise de Vigenere (1523-1596). In 1585,
he wrote 'Tracte des Chiffres' in which he used a Trithemius table, but changed the way the key
system worked. One of his techniques was to use plaintext as its own key. Another used
ciphertext. The way in which these keys are used is known as key scheduling, and is an integral part
of the quot;Data Encryption Standardquot; (DES) which we will discuss later.

Cryptography in History Figure 9

Until 1917, Vigene cipher was considered as impossible to decrypt.

In 1628, a Frenchman named Antoine Rossignol helped his army defeat the Huguenots by
decoding a captured message. After this victory, he was called upon many times to solve ciphers
for the French government. He used two lists to solve his ciphers: quot;one in which the plain
elements were in alphabetical order and the code elements randomized, and one to facilitate
decoding in which the code elements stood in alphabetical or numerical order while their plain
equivalents were disarranged.quot; When Rossignol died in 1682, his son, and later his grandson,



continued his work. By this time, there were many cryptographers employed by the French
government. Together, they formed the quot;Cabinet Noirquot; (the quot;Black Chamberquot;).

By the 1700's, quot;Black Chambersquot; were common in Europe, one of the most renown being that in
Vienna. It was called 'The Geheime Kabinets-Kanzlei' and was directed by Baron Ignaz de Koch
between 1749 and 1763. This organization read through all the mail coming to foreign embassies,
copied the letters, resealed them, and returned them to the post-office the same morning. The
same office also handled all other political or military interceptions, and would sometimes read as
many as 100 letters a day. The English Black Chamber was formed by John Wallis in 1701. Until
that time, he had been solving ciphers for the government in a variety of unofficial positions.
After his death in 1703, his grandson, William Blencowe, who was taught by his grandfather, took
over his position and was granted the title of Decypherer. The English Black Chamber had a long
history of victories in the cryptographic world.

In the colonies, there was no centralized cryptographic organization. Decryption was done
predominantly by interested individuals and men of the cloth. In 1775, a letter intercepted from
Dr. Benjamin Church was suspected to be a coded message to the British, yet the American
revolutionaries could not decipher it. Their problem was solved by Elbridge Gerry, who later
became the fifth Vice-President, and Elisha Porter. The message proved Church guilty of trying
to inform the Tories, and he was later exiled.

Benedict Arnold used a code wherein each correspondent has an exact copy of the same
'codebook'. Each word of plaintext is replaced by a number indicating its position in the book
(e.g. 3.5.2, means page 3, line 5, word 2). Arnold's correspondent was caught and hung, so the
codebook wasn't used very much.

The revolutionaries also employed ciphers during the war. Samuel Woodhull and Robert
Townsend supplied General George Washington with much information about British troop
strength and movements in and around New York City. The code they used consisted of
numbers, which replaced plaintext words. Major Benjamin Tallmadge wrote this code. For further
assurance, they also used invisible ink.

The father of American cryptology is James Lovell. He was loyal to the colonies, and solved many
British ciphers, some which led to Revolutionary victories. In fact, one of the messages that he
deciphered set the stage for the final victory of the war.

Former Vice-President Aaron Burr and his assistant General James Wilkinson were exploring the
Southwest for possible colonization at the expense of Spain, and there was some confusion as to
whether this colony would belong to the United States or Aaron Burr. Wilkinson was a Spanish
agent, and changed one of Burr's encrypted letters home to make it appear as if Burr's intentions
were to carve out his own country. This letter fell into the hands of President Thomas Jefferson.
Burr was tried and acquitted, but his name was tainted forever.

The 'wheel cipher' was invented by Thomas Jefferson around 1795, and although he never did
very much with it, a very similar system was still in use by the US navy only a few years ago. The
wheel cipher consisted of a set of wheels, each with random orderings of the letters of the
alphabet. The key to the system is the ordering in which the wheels are placed on an axle. The
message is encoded by aligning the letters along the rotational axis of the axle such that the
desired message is formed. Any other row of aligned letters can then be used as the ciphertext for



transmission. The decryption requires the recipient to align the letters of the ciphertext along the
rotational axis and find a set of aligned letters that makes linguistic sense as plaintext. This will be
the message. There is a very small probability that there will be two sensible messages from the
decryption process, but this can be checked simply by the originator. Without knowing the
orderings of symbols on the wheels and the ordering of wheels on the axle, any plaintext of the
appropriate length is possible, and thus the system is quite secure for one time use. Statistical
attacks are feasible if the same wheels are used in the same order many times.

Wheel 1 GJTXUVWCHYIZKLNMARBFDOESQP
Wheel 2 IKMNQLPBYFCWEDXGZAJHURSTOV
Wheel 3 HJLIKNXWCGBDSRVUEOFYPAMQZT
...
Wheel n BDFONGHJIKLSTVUWMYEPRQXZAC

Cryptography in History Figure 10: A “Wheel” cipher

In 1817, Colonel Decius Wadsworth developed a set of two disks, one inside the other, where the
outer disk had the 26 letters of the alphabet, and the numbers 2-8, and the inner disk had only the
26 letters. The disks were geared together at a ratio of 26:33. To encipher a message, the inner
disk is turned until the desired letter is at the top position, with the number of turn required for
this result transmitted as ciphertext. Because of the gearing, a ciphertext substitution for a
character will not repeat itself until all 33 characters for that plaintext letter have been used.
Unfortunately, Wadsworth never got credit for his design, because Charles Wheatstone invented
an almost identical machine a few years after Wadsworth, and got all the credit.

In 1844, the development of cryptography was dramatically altered by the invention of the
telegraph. Communication with the telegraph was by no means secure, so ciphers were needed to
transmit secret information. The public's interest in cryptography blossomed, and many
individuals attempted to formulate their own cipher systems. The advent of the telegraph
provided the first instance where a base commander could be in instant communication with his
field commanders during battle. Thus, a field cipher was needed. At first, the military used a
Vigenere cipher with a short repeating keyword, but in 1863, a solution was discovered by
Friedrich W. Kasiski for all periodic polyalphabetic ciphers, which until this time were considered
unbreakable. So the military had to search for a new cipher to replace the Vigenere.

The Black Chambers of Europe continued to operate and were successful in solving most
American ciphers, but without a war underway, their usefulness was diminished, and by 1850 they
were dissolved.



The 'Playfair' system was invented by Charles Wheatstone and Lyon Playfair in 1854, and was the
first system that used pairs of symbols for encryption. The alphabet is laid out in a random 5 x 5
square, and the text is divided into adjacent pairs. The two letters of the pair are located, and a
rectangle is formed with the two letters at opposite corners. The letters at the other two corners
are the two letters of ciphertext. This is very simple to use, but is not extremely difficult to break.
The real breakthrough in this system was the use of two letters at a time. The effect is to make the
statistics of the language less pronounced, and therefore to increase the amount of work and the
amount of ciphertext required to determine a solution. This system was still in limited use in
World War 2, and was very effective against the Japanese.

I K M N Q
L P B Y F
C W E D X
G Z A H U
R S T O V

Plaintext: PL AI NT EX TZ
Ciphertext: LP MG MO XE AS

In 1859, Pliny Earle Chase, developed what is known as the fractionating or tomographic cipher.
A two digit number was assigned to each character of plaintext by means of a table. These
numbers were written so that the first numbers formed a row on top of the second numbers. The
bottom row was multiplied by nine, and the corresponding pairs are put back in the table to form
the ciphertext.

Kasiski developed a cryptanalysis method in 1863, which broke almost every existing cipher of
that time. The method was to find repetitions of strings of characters in the ciphertext. The
distance between these repetitions is then used to find the length of the key. Since repetitions of
identically ciphered identical plaintext occur at distances that are a multiple of the key length,
finding greatest common divisors of repetition distances will lead to the key length. Once the key
length (N) is known, we use statistics on every Nth character and the frequency of use implies
which character it represents in that set of ciphertext symbols. These repetitions sometimes occur
by pure chance, and it sometimes takes several tries to find the true length of the key using this
method, but it is considerably more effective than previous techniques. This technique makes
cryptanalysis of polyalphabetic substitution ciphers quite straight forward.

During the Civil War (1861-1865), ciphers were not very complex. Many techniques consisted
merely of writing words in a different order and substituting code words for proper names and
locations. Where the Union had centralized cipher control, the Confederacy tended to let field
commanders decide their own forms of ciphers. The Vigenere system was widely used by field
commanders, and sometimes led to the Union deciphering messages faster than their Confederate
recipients. The Confederacy used three keywords for most of its messages during the War,
quot;Manchester Bluffquot;, quot;Complete Victoryquot;, and quot;Come Retributionquot;. They were quickly discovered
by three Union cryptanalysts Tinker, Chandler, and Bates, and messages encoded using them were
regularly deciphered by the Union. The use of common words as keys to cryptosystems has
caused many plaintext messages to be discovered. In fact, the use of common words for
passwords is the most common entry point in modern computer system attacks.



In 1883, Auguste Kerckhoffs wrote 'La Cryptographie Militaire' in which he set forth six basic
requirements of cryptography. We note that the easily remembered key is very amenable to attack,
and that these rules, as all others, should be questioned before placing trust in them.

1. Ciphertext should be unbreakable.
2. The cryptosystem should be convenient for the correspondents.
3. The key should be easily remembered and changeable.
4. The ciphertext should be transmissible by telegraph.
5. The cipher apparatus should be easily portable.
6. The cipher machine should be relatively easily to use.

In the beginning of the 20th century, war was becoming likely in Europe. England spent a
substantial effort improving its cryptanalytic capabilities so that when the war started, they were
able to solve most enemy ciphers. The cryptanalysis group was called 'Room 40' because of its
initial location in a particular building in London. Their greatest achievements were in solving
German naval ciphers. These solutions were greatly simplified because the Germans often used
political or nationalistic words as keys, changed keys at regular intervals, gave away intelligence
indicators when keys were changed, etc.

Just as the telegraph changed cryptography in 1844, the radio changed cryptography in 1895. Now
transmissions were open for anyone's inspection, and physical security was no longer possible.
The French had many radio stations by WW1 and intercepted most German radio transmissions.
The Germans used a double columnar transposition that they called 'Ubchi', which was easily
broken by French cryptanalysts.

In 1917, the Americans formed the cryptographic organization MI-8. Its director was Herbert
Osborne Yardley. They analyzed all types of secret messages, including secret inks, encryption,
and codes. They continued with much success during and after WW1, but in 1929, Herbert
Hoover decided to close them down because he thought it was improper to quot;read others' mailquot;.
Yardley was hard pressed to find work during the depression, so to feed his family, he wrote a
book describing the workings of MI-8. It was titled quot;The American Black Chamberquot;, and became
a best seller. Many criticized him for divulging secrets and glorifying his own actions during the
War. Another American, William Frederick Friedman, worked with his wife, Elizabeth Smith, to
become quot;the most famous husband-and-wife team in the history of cryptologyquot;. He developed
new ways to solve Vigenere-like ciphers using a method of frequency counts and superimposition
to determine the key and plaintext.

Up to 1917, transmissions sent over telegraph wires were encoded in Baudot code for use with
teletypes. The American Telephone and Telegraph company was very concerned with how easily
these could be read, so Gilbert S. Vernam developed a system which added together the plaintext
electronic pulses with a key to produce ciphertext pulses. It was difficult to use at times, because
keys were cumbersome. Vernam developed a machine to encipher messages, but the system was
never widely used.

The use of cryptographic machines dramatically changed the nature of cryptography and
cryptanalysis. Cryptography became intimately related to machine design, and security personnel
became involved with the protection of these machines. The basic systems remained the same,
but the method of encryption became reliable and electromechanical.



In 1929, Lester S. Hill published an article quot;Cryptography in an Algebraic Alphabetquot; in quot;The
American Mathematical Monthlyquot;. Each plaintext letter was given a numerical value. He then
used polynomial equations to encipher plaintext, with values over 25 reduced modulo 26. To
simplify equations, Hill transformed them into matrices, which are more easily multiplied. This
method eliminates almost all ciphertext repetitions, and is not broken with a normal frequency
analysis attack. It has been found that if a cryptanalyst has two different ciphertexts from the
same plaintext, and if they use different equations of the same type, the equations can be solved,
and the system is thus broken. To counter charges that his system was too complicated for day to
day use, Hill constructed a cipher machine for his system using a series of geared wheels
connected together. One problem was that the machine could only handle a limited number of
keys, and even with the machine, the system saw only limited use in the encipherment of
government radio call signs. Hill's major contribution was the use of mathematics to design and
analyze cryptosystems.

The next major advance in electromechanical cryptography was the invention of the rotor. The
rotor is a hick disk with two faces, each with 26 brass contacts separated by insulating material.
Each contact on the input (plaintext) face is connected by a wire to a random contact on the
output (ciphertext) face. Each contact is assigned a letter. An electrical impulse applied to a
contact on the input face will result in a different letter being output from the ciphertext face. The
simple rotor thus implements a monoalphabetic substitution cipher. This rotor is set in a device
which takes plaintext input from a typewriter keyboard and sends the corresponding electrical
impulse into the plaintext face. The ciphertext is generated from the rotor and printed and/or
transmitted.

The next step separates the rotor from previous systems. After each letter, the rotor is turned so
that the entire alphabet is shifted one letter over. The rotor is thus a quot;progressive key
polyalphabetic substitution cipher with a mixed alphabet and a period of 26quot;. A second rotor is
then added, which shifts its position one spot when the first rotor has completed each rotation.
Each electrical impulse is driven through both rotors so that it is encrypted twice. Since both
rotors move, the alphabet now has a period of 676. As more rotors are added the period increases
dramatically. With 3 rotors, the period is 17,576, with 4 it is 456,976, and with 5 it is 11,881,376.
In order for a 5 rotor cipher to be broken with frequency analysis, the ciphertext must be
extremely long.

The rotor system can be broken because, if a repetition is found in the first 26 letters, the
cryptanalyst knows that only the first rotor has moved, and that the connections are changed only
by that movement. Each successive set of 26 letters has this property, and using equations, the
cryptanalyst can completely determine this rotor, hence eliminating one rotor from the whole
problem. This can be repeated for each successive rotor as the previous rotor becomes known,
with the additional advantage that the periods become longer, and thus they are guaranteed to
have many repetitions. This is quite complex to do by hand.
The first rotor machine was invented by Edward Hugh Hebern in 1918, and he instantly realized
what a success it could be. He founded a company called Hebern Electric Code, which he
promised would be a great financial success. The company died in a bitter struggle, the
Government bought some of his machines, and he continued to produce them on his own, but
never with great success.



During Prohibition, alcohol was transported into the country by illegal smugglers (i.e. rum
runners) who used coded radio communication to control illegal traffic and help avoid Coast
Guard patrols. In order to keep the Coast Guard in the dark the smugglers used an intricate
system of codes and ciphers. The Coast Guard hired Mrs. Elizabeth Smith Friedman to decipher
these codes, and thus forced the rum runners to use more complex codes, and to change their
keys more often. She succeeded in sending many rum runners to jail.

During WW2, the neutral country Sweden had one of the most effective cryptanalysis
departments in the world. It was formed in 1936, and by the time the war started, employed 22
people. The department was divided into groups, each concerned with a specific language. The
Swedes were very effective in interpreting the messages of all the warring nations. They were
helped, however, by bungling cryptographers. Often the messages that were received were
haphazardly enciphered, or even not enciphered at all. The Swedes even solved a German cipher
that was implemented on a Siemens machine similar to a Baudot machine used to encipher wired
messages.

During WW2, the Americans had great success at breaking Japanese codes, while the Japanese,
unable to break US codes, assumed that their codes were also unbreakable. Cryptanalysis was used
to thwart the Japanese attack on Midway, a decisive battle in the South Pacific. The US had been
regularly reading Japanese codes before the attack on Pearl Harbor, and knew of the declaration
of war that was presented to the President just after the attack on Pearl Harbor, several hours
before the Japanese embassy in Washington had decoded it. German codes in WW2 were
predominantly based on the 'Enigma' machine, which is an extension of the electromechanical
rotor machine discussed above. A British cryptanalysis group, in conjunction with an escaped
group of Polish cryptanalysts, first broke the Enigma early in WW2, and some of the first uses of
computers were for decoding Enigma ciphers intercepted from the Germans. The fact that these
codes were broken was of such extreme sensitivity, that advanced knowledge of bombing raids on
England was not used to prepare for the raids. Instead, much credit was given to radar, and air
raids were given very shortly before the bombers arrived.

In 1948, Shannon published quot;A Communications Theory of Secrecy Systemsquot;. Shannon was one
of the first modern cryptographers to attribute advanced mathematical techniques to the science
of ciphers. Although the use of frequency analysis for solving substitution ciphers was begun
many years earlier, Shannon's analysis demonstrates several important features of the statistical
nature of language that make the solution to nearly all previous ciphers very straight forward.
Perhaps the most important result of Shannon's famous paper is the development of a measure of
cryptographic strength called the 'unicity distance'.

The unicity distance is a number that indicates the quantity of ciphertext required in order to
uniquely determine the plaintext of a message. It is a function of the length of the key used to
encipher the message and the statistical nature of the plaintext language. Given enough time, it is
guaranteed that any cipher can be broken given a length of ciphertext such that the unicity
distance is 1.

Shannon noted that in a system with an infinite length random key, the unicity distance is infinite,
and that for any alphabetic substitution cipher with a random key of length greater than or equal
to the length of the message, plaintext cannot be derived from ciphertext alone. This type of
cipher is called a quot;one-time-padquot;, because of the use of pads of paper to implement it in WW2
and before.



The story of cryptography would be finished if it weren't for the practical problem that, in order
to send a secret message, an equal amount of secret key must first be sent. This problem is not
severe in some cases, and it is apparently used on the hot line between Moscow and Washington,
but it is not the ultimate solution for many practical situations.

For most human (and computer) languages, a key of given length can only be guaranteed safe for
2-3 times the length of the key. From this analysis, it appears that any system with a finite key is
doomed to fail, but several issues remain to be resolved before all hope of a finite key
cryptography is abandoned.


Cryptoanalysis Unit 1 : Cryptography Basics

1.5. CRYPTOANALYSIS
As stated earlier, the strength of a cryptosystem lies in the key and whether or not the algorithm
has stood the test of time in a public forum. There are two terms used to describe the degree of
difficulty, sometimes called computational difficulty, associated with breaking a particular
cryptosystem:

Computationally secure: With a cryptosystem that is said to be computationally secure, it is
understood that given enough computing power and disk storage
space the system could eventually be broken. However, unless the
cryptosystem is flawed in some fundamental way, the amount of
time and computing power necessary to break the system would
either be too costly or unreasonable. For example, given today’s
technology, it would take an amount of time approximately equal
to the age of the universe to break the cryptosystem!

Unconditionally secure: A cryptosystem that can never be broken even if an infinite amount
of resources were dedicated to the effort is said to be
unconditionally secure.

By making the code of a cryptographic system available to the world, cryptographers have the
opportunity to do what they can to break a cryptosystem. Often, cryptographers will have a high
degree of computing power at their disposal: much more so than the average individual. This is
what is known as cryptoanalysis. In this field, a cryptanalyst deploys a variety of tools and
methods to break a cryptosystem, however, it does not necessarily mean that the entire algorithm
has been compromised. In fact, there are different levels of weaknesses one can discover in a
cryptosystem:

Information deduction: This is the lowest level weakness in which the cryptanalyst is able
to discover portions of the key or some information about the
plain text from the cipher text.

Instance deduction: The cryptanalyst is able to find the plaintext of a given intercepted
cipher.

Global deduction: The cryptanalyst devises an algorithm that can decrypt the
ciphertext created from another algorithm.

Total break: The cryptanalyst can recover the key and decrypt any encrypted
message.


Unit 1 : Cryptography Basics Cryptoanalysis

There are a variety of methods one can use to break a cipher. The easiest way is to obtain the key
either through social engineering, chance or some form of coercion. These however, are not
cryptanalytic techniques:

Ciphertext only: In this scenario, the cryptanalyst only has cipher text to work with.
If this is the case, one approach may be to user a brute-force attack in
which the cryptanalyst attempts to try all possible combinations of
keys. If the key is based on a pass phrase, often the cryptanalyst can
engage a dictionary attack in which he tries common words and
combinations

Chosen ciphertext: The cryptanalyst chooses the cipher text and attempts to obtain the
corresponding plaintext.

Adaptive chosen ciphertext:This is a variation of the attack outlined above in which the
cryptanalyst has free user of decryption hardware, but is unable to
extract the encryption key from it.

Known plaintext: The cryptanalyst may have the benefit of obtaining plaintext that
corresponds to some ciphertext. With these two elements, the
cryptanalyst may be able to derive the key with which to decipher
any text encrypted with that key.

Chosen plaintext: A variant of the known plaintext attack in which the cryptanalyst can
select the plaintext to use for the analysis and and then obtain the
corresponding ciphertext.

Adaptive chosen plaintext: A variation of the chosen plaintext attack in which the cryptanalyst
can dynamically choose the plaintext samples. Then, he can change
his selection based on the results of previous encryptions.

Biological attacks: This type of attack gets its name because the technique used to
break the cryptosystem resembles methods used in biology to study
organisms rather than the mathematically based techniques
described above. Biological techniques subject the cryptosystem
different stimuli to see how it reacts and studying its input and
outputs. An example would be some work done by Paul Kocher of
Cryptography research in which he was able to extract various
secrets from smartcards by monitoring its power consumption.
Specific information on these techniques can be found at
http://www.cryptography.com/dpa

Cryptanalytic attacks can be mounted against any cryptographic system including encryption
algorithms, digital signature algorithms and message authentication code (MAC) algorithms to
name a few.


AES (Advanced Encryption Standard) Unit 1 : Cryptography Basics

1.6. AES (ADVANCED ENCRYPTION STANDARD)

1.6.1. Overview of the AES Development Effort
The National Institute of Standards and Technology (NIST) has been working with industry and
the cryptographic community to develop an Advanced Encryption Standard (AES). The overall
aim is to develop a Federal Information Processing Standard (FIPS) that specifies an encryption
algorithm(s) capable of protecting sensitive government information well into the next century.
The algorithm(s) is expected to be used by the U.S. Government and, on a voluntary basis, by the
private sector.

On January 2, 1997, NIST announced the initiation of the AES development effort. They made a
formal call for algorithms on September 12, 1997. The call stipulated that the AES would specify
an unclassified, publicly disclosed encryption algorithm(s), available royalty-free, worldwide. In
addition, the algorithm(s) must implement symmetric key cryptography as a block cipher and (at a
minimum) support block sizes of 128-bits and key sizes of 128-, 192- and 256-bits.

On August 20th 1998, NIST announced a group of fifteen AES algorithm candidates at the First
AES Candidate Conference (AES1). Members of the cryptographic community from all over the
world had submitted these algorithms. At that conference and in a simultaneously published
Federal Register notice, NIST solicited public comments on the candidates. A Second AES
Candidate Conference (AES2) was held in March 1999, to discuss the results of the analysis
conducted by the global cryptographic community on the algorithm candidates. The public
comment period on the initial algorithm review closed on April 15th 1999. Using the analyses and
comments received, NIST selected five algorithms out of the fifteen.

The AES finalist algorithm candidates are MARS, RC6, Rijndael, Serpent, and Twofish. NIST has
developed a Round 1 Report describing the selection of the finalists. These algorithm finalists will
receive further analysis during a second, more detailed review period, and this before the selection
of the final algorithm(s) for the AES FIPS.

NIST solicits comments on the remaining algorithms until May 15th, 2000. Comments and
analysis are actively sought by NIST on any aspect of the candidate algorithm including (but not
limited to) the following topics: cryptanalysis, intellectual property, crosscutting analyses of all the
AES finalists, overall recommendations and implementation issues. An informal AES discussion
forum is also provided by NIST for interested parties to discuss the AES finalists and relevant
AES issues.

Near the end of Round 2, NIST will sponsor the Third AES Candidate Conference (AES3),
which is an open, public forum for discussing the analyses of the AES finalists. Submitters of the
AES finalists will be invited to attend the discussions and make comments on their algorithms.
AES3 will be held April 13th-14th, 2000 in New York, NY, USA. Proposed papers for this
conference are due to NIST by January 15th, 2000 and they will also be considered as Round 2
public comments.

After the closing of the Round 2 public analysis period on May 15th, 2000, NIST intends to study
all available information and propose the AES, which will incorporate one or more AES
algorithms selected from the finalists. The AES will be announced as a proposed Federal
Information Processing Standard (FIPS), which will be published for public review and


Unit 1 : Cryptography Basics AES (Advanced Encryption Standard)

comments. Following the comment period, the standard will be revised, as appropriate, by NIST
in response to those comments. A review, an approval and a promulgation process will also
follow. If all steps of the AES development process proceed as planned, it is scheduled that the
standard will be completed by the summer of 2001.

1.6.2. Minimum Acceptability Requirements
1. The algorithm must implement symmetric (secret) key cryptography.
2. The algorithm must be a block cipher.
3. The algorithm candidates shall be capable of supporting key-block combinations with sizes of
128-128, 192-128, and 256-128 bits. A submitted algorithm may support other key-block sizes
and combinations, and such features will be taken into consideration during analysis and
evaluation.

1.6.3. AES Round 2 Finalists
Mars – IBM Research
MARS is a shared-key (symmetric) block cipher, supporting 128-bit blocks and a variable key size.
It is designed to take advantage of the powerful operations supported in today's computers,
resulting in a much improved security/performance trade-off over existing ciphers. As a result,
MARS offers better security than triple DES while running significantly faster than single DES.

The current C implementation runs at rates of about 65 Mbit/sec. on a 200 MHz Pentium-Pro,
and 85 Mbit/sec. on a 200 MHz PowerPC. In hardware, MARS can achieve a 10X-speedup
factor. Moreover, both hardware and software MARS implementations are remarkably compact
and fit easily on a smartcard and in other limited-resource environments.

The combination of high security, high speed and flexibility makes of MARS an excellent choice
for the encryption needs of this century’s world information.

TwoFish – Counterpane Bruce Schneier
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a
16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-
boxes, a fixed 4-by-4 maximum distance separable matrix over GF(28), a pseudo-Hadamard
transform, bitwise rotations, and a carefully designed key schedule. A fully optimized
implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8-bit
smart card implementation encrypts at 1820 clock cycles per byte.

Twofish can be implemented in a 14000-gate hardware. The design of the round function and the
key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate
count and memory. We have extensively cryptanalyzed Twofish : our best attack breaks 5 rounds
with 222.5 chosen plaintexts and 251 efforts.

RC6 - RSA Laboratories
Like all AES ciphers, RC6 works on 128 bit blocks. It can accept variable length keys and is very
similar to RC5, incorporating the results of various studies on RC5 to improve the algorithm. The
studies of RC5 found that not all bits of data are used to determine the rotation amount (rotation
is used extensively in RC5). However, RC6 uses multiplication to determine the rotation amount
and all bits of input data to determine the rotation amount, strengthening the avalanche effect.


AES (Advanced Encryption Standard) Unit 1 : Cryptography Basics

Serpent - Ross Anderson, Eli Biham, Lars Knudsen
Serpent is an AES submission by Ross Anderson, Eli Biham, and Lars Knudsen. Its authors
combined the design principles of DES with the recent development of bitslicing techniques to
create a very secure and very fast algorithm. While bitslicing is generally used to encrypt multiple
blocks in parallel, the designers of Serpent have embraced the technique of bitslicing
incorporating it into the design of the algorithm itself.

Serpent uses 128 bit blocks and 256 bit keys. Like DES, Serpent includes both an initial and a
final permutation of no cryptographic significance; these permutations are used to optimize the
data before encryption. Serpent was released at the 5th International Workshop on Fast Software
Encryption. This iteration of Serpent was called Serpent 0 and used the original DES S-boxes.
After comments, the key schedule and the S-boxes were changed slightly. This new iteration of
Serpent is called Serpent 1 and resists both linear and differential attacks.

Rijndael - Joan Daemen, Vincent Rijmen
The cipher has a variable block and key length. The authors have demonstrated how to extend the
block and key lengths by multiples of 32 bits. The SQUARE algorithm influenced the design of
Rijndael. The authors provide a Rijndael specification and a more theoretical paper on their
design principles. The authors have vowed to never patent Rijndael.


Unit 1 : Cryptography Basics Smart Cards

1.7. SMART CARDS

1.7.1. Introduction
Security issues around network (Internet) connected personal computers are heavily debated
today. One of the most discussed issues is weather someone can access your stored data or read
and alter information you type prior to sending it over the network.

If you want to do business over the Internet there are three major security services that have to be
in place:

1. Authentication
2. Confidentiality
3. Non-repudiation

PKI can offer those security services and seems to be the solution. PKI systems build on the
uniqueness and protection of the user’s private keys. The private key should never be exposed to
anyone, not even necessarily to the owner/user.

Where would you trust storing the keys you use to identity yourself and sign document or
agreements, order, etc… over the Internet? As you would have guessed, the answer to this
question is within a Smart Card.

1.7.2. What kinds of Smart Cards are available?
There are a number of smart cards on the market today but not all of them are viable for e-
commerce solutions requiring non-repudiation and remote authentication.

Smart cards consists of a chip (processor or/and memory), a contact plate (generally the visual
recognition point of a smart card) and a piece of plastic (ISO 7810 - 54x85x0.8 mm). Processor
chips require operating software (generally named a mask).

Although the chip may be the same, smart cards may be assembled and equipped by different
companies providing unique operating services. Widely known producers of smart cards are, to
mention a few, Gemplus, Schlumberger, Oberthur, Siemens, Giesecke & Devrient, Setec and
Bull. They all provide smart cards for a broad application range.

The combination of built-in chip functionality and an operating system on the chip (the mask),
supporting this functionality is essential in producing smart card security.

Basically all categories of cards described below offer some kind of write protection but not all of
them offer read protection. What is more important, some cards can not offer processing of data
(key) that only take place securely inside the chip. It should never be possible to copy quot;your
signaturequot;. Thus, techniques where signature keys are transported, even if encrypted, from the
card are simply not good enough. Therefore, in order to provide for non-repudiation services
there is an obvious need to have a secure signature process inside the smart card chip.


Smart Cards Unit 1 : Cryptography Basics

Smart cards can be divided into three prime categories:

1. Memory Cards
2. Symmetric Cryptoprocessor Cards
3. PKI smart cards (our name for asymmetric cryptoprocessor cards)

1.7.3. Symmetric / Asymmetric Cryptoprocessing
The reason for dividing Cryptoprocessor Cards into a symmetric and an asymmetric part (PKI
smart card) is simply because these processes are different when it comes to authentication and
non-repudiation. The processor on the chip providing symmetric encryption could possibly be
equipped with software (mask) enabling asymmetric encryption. Nevertheless, existing
asymmetric cryptoprocessor cards are dedicated to perform the cryptographic process (commonly
RSA) as fast as possible.

1.7.4. Smart Cards with different “flavor”
Remember that all smart cards are not alike, they come in different “flavors”. Many cards cannot
provide support for the RSA algorithm within the card processor. And even if they do support
RSA they may not be optimised to handle this process very efficiently. Far too often there are
solutions in place where the smart card is nothing but a storage media for the keys. This
document will describe various types of smart cards and where they typically apply.

1.7.5. Memory Cards

Access Control
Plain memory cards may provide access restrictions through one or several Personal Identification
Number (PIN). However, memory cards may not protect the contents of the stored information
file from disclosure. A memory card can be compared to a floppy disc although providing less
storage capacity. On the other hand the card reader device is less complex and less expensive
compared to a floppy disc reader, thus enabling a better commercial ground for deployment in
environments where a floppy disc reader may not be present.

Processing
Memory smart cards should probably not even be categorized as smart cards. Their processing
power is restricted to perform storage operations but little else. Once a user/owner of a PIN
protected file in a plain memory card has been granted read access he/she can freely retrieve the
contents of the file. Hence, the actual file contents may be copied from the smart card. These
cards exist with various amounts of memory and can be used in applications requiring none or
limited read protection. They may for instance be useful for storing medical information
necessary for emergency actions, such as your name and blood type. They may provide write
protection, which enables them to be useful in other applications where adding or modifying data
on the card should be restricted. However, such protection generally requires more than just a
PIN code, thus the commercial use is limited.

Conclusion
Memory cards can not provide a secure non-repudiation service, hence not very suitable for e-
commerce.


Unit 1 : Cryptography Basics Smart Cards

1.7.6. Symmetric Cryptoprocessor Cards

Access Control
Symmetric cryptoprocessor smart cards may offer a sophisticated access structure. Files may be
readable but not “writeable” or vice versa and if the reverse order applies, it is likely that the file
contents is accessible within the card. Files may be protected by one or several passwords (PIN)
and not accessible without entering the correct PIN. The PIN file itself is only “writeable” (in
order to let you change your password) and accessible within the card (in order to verify the PIN
you enter).

Processing
By using encryption it is possible to transfer information between two parties without disclosing
the contents to a quot;third-personquot;. This is quite useful for applications utilizing an electronic smart
card purse or in connection with GSM cards. It is not only possible to have quot;filesquot; write
protected. In fact, it is possible with the encryption process to ensure that only an authorized
party may alter information in a successful manner.

Symmetric encryption is fast, by broad margin faster than asymmetric encryption.

Conclusion
Although symmetric encryption is fast, it has a few drawbacks. First, key management is virtually
impossible from a large-scale public perspective, mainly due to the difficulty of deploying and
maintaining trust, and secondly, it is not possible to provide non-repudiation services.

1.7.7. PKI Smart Cards

Access Control
The basic difference between the PKI smart card and symmetric cryptoprocessor smart cards is
that the former offer a secure RSA process onboard the chip. From an access point of view they
are equal, what differs is the processing of RSA. In fact, it is likely that the PKI smart card
additionally can offer symmetric as well as asymmetric encryption functionality. Files may be
readable but not writeable or vice versa and only accessible within the card as described earlier.
Files may be protected by one or several passwords (PIN) and not accessible without entering the
correct PIN. This is also a necessity concerning the private key file.

Processing
PKI smart cards enable secure remote authentication and non-repudiation services through the
use of the RSA algorithm. PKI smart cards are using a cryptoprocessor handling asymmetric
encryption. The general positive effects of smart cards, i.e. ease of use and fairly low-cost
equipment, apply for all cards including PKI smart cards.

What makes PKI smart cards additionally beneficial compared to symmetric encryption cards is
the possibility to provide a scalable solution and not to be forgotten, the ability to provide for a
secure authentication and non-repudiation service. Scalability advantages due to the fact that there
is a public and a private part of keys involved and this makes deployment and maintenance much
easier from a security perspective compared to symmetric keys.


Smart Cards Unit 1 : Cryptography Basics

Also consider the effect of having only the RSA cryptoprocessor enabled to use your private
information; the private information is not possible to copy! It can never leave the card. The PKI
card offers a completely different level of security compared to storing private information on a
floppy disc, on a hard disc or even on a less protected smart card.

It is the card's operating system that prevents the keys from being exposed outside the card. They
can thus never be read, removed or tampered with (even by the user). The user will only have
access to the functions of the card through the use of a secret PIN code that the user may change
at any time.

Conclusion
The only secure smart card solution out on the market today would be a solution based on PKI
smart cards. If using something less, keys are only as secure as if they were stored on a floppy or
on your hard disc. PKI smart cards are the only alternative for doing business over an evolving e-
commerce market.


Unit 2 : PKI Applications (Lab Exercises) Symmetric File Encryption

2. PKI APPLICATIONS (LAB EXERCISES)
2.1. SYMMETRIC FILE ENCRYPTION

2.1.1. Lab Exercise 1

Objective
The student will use a symmetric encryption algorithm to encrypt a text file. DES and IDEA will
be used for this lab.

Main steps
1. Create a text file with an editor
2. Encrypt this file using DES
3. Encrypt this file using IDEA
4. Decrypt this file using DES
5. Decrypt this file using IDEA

Time
15 minutes


Symmetric File Encryption Unit 2 : PKI Applications (Lab Exercises)

Step 1: Create a text file with an editor
• Create a “Notepad file” called toto.txt in c:temp

• Edit this file and add a text like “Hello world…”
• Save and quit


Unit 2 : PKI Applications (Lab Exercises) Symmetric File Encryption

Step 2: Encrypt this file using DES
• On your desktop, launch OpenSSL
• You will encrypt this file with DES. Type the command
des –in toto.txt –out toto.txt.des –e
• Enter a password that will be the secret key

• Have a look at the file toto.txt.des

Step 3: Encrypt this file using IDEA
• Encrypt the file toto.txt with IDEA. Type the command
idea –in toto.txt –out toto.txt.idea –e
• Enter a password

• Have a look at the file toto.txt.idea


Symmetric File Encryption Unit 2 : PKI Applications (Lab Exercises)

Step 4: Decrypt this file using DES
• You can now decrypt those two files
• Type des –in toto.txt.des –d to decrypt the DES file
• Enter your password

Step 5: Decrypt this file using IDEA
• Type idea –in toto.txt.idea –d to decrypt the IDEA file
• Enter your password

• Now you are finished…


Unit 2 : PKI Applications (Lab Exercises) Message-Digest Algorithms

2.2. MESSAGE-DIGEST ALGORITHMS

For a theoretical introduction, please refer to the book “Digital Certificates” written by Jalal Feghhi, Jalil Feghhi
and Peter Williams.


Objective
The student will “play” with message digest functions. MD5 and SHA-1 will be used to compute
digest for an input text file.

Main steps
1. Create a text file with an editor
2. Compute message digest functions with MD5
3. Change the text
4. Compute message digest functions again with MD5
5. Compute message digest functions with SHA-1

Time
15 minutes


Message-Digest Algorithms Unit 2 : PKI Applications (Lab Exercises)

Step 1: Create a text file with an editor
• Create a file with an editor called toto.txt in c:temp

• Edit this file and add a text like “Hello world…”
• Save and quit


Unit 2 : PKI Applications (Lab Exercises) Message-Digest Algorithms

Step 2: Compute message digest functions with MD5
• On your desktop, launch OpenSSL
• Type the command md5 toto.txt
• Have a look at the result. You will see the MD5 digest (128 bits)

Step 3: Change the text
• Edit again c:temptoto.txt and change only one character (for instance H h)


Message-Digest Algorithms Unit 2 : PKI Applications (Lab Exercises)

Step 4: Compute message digest functions again with MD5
• Type md5 toto.txt again on the OpenSSL applications
• What do you see? This is the new MD5 digest

Step 5: Compute message digest functions with SHA-1
• Type now sha1 toto.txt on the OpenSSL application
• What do you see? Compare this with the MD5 digest!

• You are now finished…


Unit 2 : PKI Applications (Lab Exercises) Securing the Desktop

2.3. SECURING THE DESKTOP

2.3.1. Introduction
Safeguarding data being transmitted as e-mail messages over an open network like the Internet is
an important step to take in order to keep your data private. Protecting data on a personal
computer presents a different set of issues in terms of how the data should be protected and how
to control keys. The most important issue may perhaps be how to select a data encryption
product for your desktop. Many products are available on the market to perform file encryption
(RSA SecurPC, Blowfish Advances CS, etc.)

For this particular training we will use “Blowfish Advanced CS” because it is a very simple
product to use. Moreover, it will allow you to be familiar with secret-key file encryption, key
splitting and files wiping.

2.3.2. Blowfish Advanced CS

Introduction
Blowfish Advanced CS is a file encryption program, protecting your files with a key built from a
password or a key disk, so that no one except you can access its contents. Blowfish Advanced CS
erases sensitive files that are no longer needed, in order to prevent anyone to restore them.
Working with encrypted files and clearing empty disk space are other useful features.

Today, we are in the information age and encrypting data is becoming more and more important
for most of us. There are many reasons why data have to be protected from unauthorized access,
as for instance sensitive medical data, private or business documents, or just some “hot stuff”
from the Internet.

There are many ways to make data readable only to a selection of people. Besides physical
measures like locking removable disks into a safe or hiding files with stenography (which is a
cheap solution), the only way to make files really inaccessible is to use strong cryptography. That
means high-end encryption algorithm with long-enough keys to resist any attacks, this combined
with secure removal of the original data.

Encryption Algorithms
Blowfish Advanced CS is currently shipped with 4 algorithms, which are the followings:

Blowfish
Bruce Schneier designed the algorithm. Blowfish is a very fast algorithm, performing with
excellence on modern 32bit processors. Another advantage is its variable key-size, which goes up
to 448 bits (56 bytes). It was first published in Doctor Dobb's Journal, issue 4/94, and after a year
of intensive cryptanalysis it was still unbroken (as reported in DDJ 10/95).

PC1
This algorithm is 100% compatible with the RC4 stream cipher. Ron Rivest developed RC4 in
1987. Someone posted 1994 the source code in a mailing list and since then it has been spread all
over the world. RC4 is a stream cipher handling single bytes. The implementation used by
Blowfish Advanced CS uses a key size of 160 bits.


Securing the Desktop Unit 2 : PKI Applications (Lab Exercises)

Triple-DES
DES is the standard encryption algorithm, designed by IBM in the middle seventies. Although it
has been cryptanalyzed for over 20 years, no weakness has been found yet. The only problem of
DES is its short key length of 7 bytes (equals 56 bits). If someone has access to very fast
computers, he can try out all possible keys within a few hours. There are some DES variants,
extending the original algorithm to a new one with a larger key. The most common one is triple-
DES, where a 64-bit data block will be encrypted three times with DES, using three different keys
(or a single key split into three parts). Therefore, the key length is 21 bytes (168 bits), improving
significantly the security but also slowing down the algorithm. The triple-DES implementation in
Blowfish Advanced CS is 100% compatible with the DES standard.
Twofish
TwoFish is the AES candidate from Counterpane. It is a new, fast and very flexible encryption
algorithm. After extensive cryptanalysis, no weaknesses are known yet. For more information
about TwoFish, visit http://www.counterpane.com. The version of Twofish in Blowfish Advanced CS
uses a key size of 256 bits and a block size of 128 bits.

Key Setup
Different encryption algorithms require different key lengths. The Blowfish encryption algorithm
needs e.g. a key of 448 bits (56 bytes). It is very uncomfortable to find passwords having exactly
the right length each time, so that the program converts the password into a key for the individual
algorithm.

Blowfish Advanced CS uses a key setup in which your password (or key disk content) is hashed
with SHA-1, the most quot;Secure Hash Algorithmquot; available today. One of the advantages is that the
key result appears in binary form and looks like random data. Moreover, the password’s length is
not restricted to the maximum key-length of the selected algorithm, so it can be hashed up or
down to the right size.

You will find hereafter two examples, which will help you to understand the key setup of Blowfish Advanced CS:

Let us choose quot;helloworldquot; as our password. We want to create a key of 128 bits (16 bytes). The
SHA-1 allows us to input as many data bytes as we wish and it puts out a hash of 160 bits (20
bytes). A hash (also called digest) is like a CRC32 checksum, but secure for encryption.



To resize the 20 bytes of the hash to the required 16 bytes for the key, we take the first 16 bytes
of the hash and XOR the rest of 4 bytes over the beginning of these 16 bytes. Doing so, we take
the totality of the hash into consideration:

In the second example, we still define quot;helloworldquot; as our password, but we need a key for
Blowfish having the required length of 56 bytes.

As already mentioned, SHA-1 only returns 20 bytes. So we have to create 36 additional bytes
from the password in the following way: we hash the password with SHA-1 and get 20 bytes.
Then we add those 20 bytes to the original password and hash the modified password again. The
result is a new hash, which means 20 new bytes for our key. Due to the modified password, this
new hash is completely different from the first one. Now we append this second hash to the
modified password again and rehash it to get the last 20 bytes. Of course, we have now 4 bytes
too much, so we XOR them over the first hash as we did in the first example. At least, we have
the needed 56 bytes for the Blowfish encryption algorithm.

Random Number Generation
Blowfish Advanced CS offers you two pseudo random number generators. PRNGs are used to
create random data for security purposes, (e.g. salt values, which are combined with keys), for
overwriting (wiping) data or (most important) to create key files.

Yarrow
This PRNG was designed by Counterpane and can be considered as the best concept to create
random data for security purposes. Blowfish Advanced CS uses a Yarrow implementation with
SHA-1 as the hash algorithm and triple-DES as the block cipher. For the latest paper of the
Yarrow specifications please visit http://www.counterpane.com.

CryptPak PRNG
The random generator was working in the predecessor Blowfish Advanced 97 as the one and only
PRNG. It uses a SHA-1 rescrambling method. To initialize the generator, a string with various
data (system date and time, drive information, etc.) is built and hashed by SHA-1. As a result, one
gets a 20 bytes buffer of random data, from which just 16 bytes are used to avoid predictable
random sequences. If another 16 bytes are requested, the hash value is hashed with itself to a new
digest. This method provides a much better randomness than conventional 32-bit random
number generators.




Objective
The student will setup a file’s encryption software to protect sensitive information. This software
will use strong symmetric encryption mechanisms to protect information.

Scenario
The Management wants to implement a solution to protect sensitive information on the laptop.
For specific files they want to implement key splitting. Moreover, they want to store a secret key
on an external support that will be a diskette.

Main Steps
1. Encrypt a file with one secret key
2. Exchange this file with your partner
3. Decrypt the partner’s file you receive
4. Encrypt a file with two secret keys (Key Splitting)

Time
20 minutes



Step 1: Encrypt a file with one secret key
• On your desktop, launch Blowfish Advanced CS.
• Select c:encrypted filesssh.pdf.
• Encrypt this file using the Blowfish encryption algorithm.

• Enter a password. In fact, it will be your private key.
• Keep this password secret. Your partner should not know it.

• Reenter the password to confirm.



• Now your file ssh.pdf is encrypted with your private key (or symmetric key).

Step 2: Exchange this file with your partner
• Send this encrypted file to your partner via e-mail. Your partner will also send one to you.



Step 3: Decrypt the partner’s file you receive
• Read your e-mail. You should have received the encrypted file from your partner.

• Double click on the attachment. Blowfish Advanced CS will be launched.
• Ask your partner’s password.
• Enter the password.

• That’s it, you are able to read the PDF document.



Step 4: Encrypt a file with two secret keys (Key Splitting)
You will now use Key Splitting
• Insert a diskette into your reader. The Key Disk will be stocked on it.
• Go to Tools Option menu Miscellaneous and choose make a Key Disk. This key will be used as
a private key for encryption and decryption.

• Move you mouse until the progress bar has reached 100%. Those mouse’s movements are for
random seed.

• Key Disk generation is done.
• Now you can encrypt the file c:encrypted filessecuregate.pdf with your Key Disk.
• On the Encrypt option choose first Multi Key Input and Use Key Disk.



• Press Yes to append another password. It will be the second private key that we call Key
Splitting.

• Choose Password option and ask your partner to enter a password. Your partner should keep
this password private.

• Press No to end the encryption.

• The encryption with two keys (one Key Disk and one Standard password) is done.
• You can try to decrypt this file.
• Now, you are finished…


PGP (Pretty Good Privacy) Unit 2 : PKI Applications (Lab Exercises)

2.4. PGP (PRETTY GOOD PRIVACY)

2.4.1. The PGP Symmetric Algorithms
PGP offers a selection of different secret key algorithms to encrypt the actual message. By secret
key algorithm, we mean a conventional or symmetric block cipher that uses the same key to both
encrypt and decrypt. The three symmetric block ciphers offered by PGP are CAST, Triple-DES
and IDEA. They are not “home-grown” algorithms. Teams of cryptographers with distinguished
reputations developed them all.

For the cryptographic curious, all three ciphers operate on 64-bit blocks of plaintext and
ciphertext. CAST and IDEA have key sizes of 128 bits, while Triple-DES uses a 168-bit key. Like
Data Encryption Standard (DES), any of these ciphers can be used in cipher feedback (CFB) and
cipher block chaining (CBC) modes. PGP uses them in a 64-bit CFB mode.

CAST encryption algorithm has been included in PGP because it is promising as a good block
cipher with a 128-bit key size. Moreover, it is very fast and free. The name is derived from the
initials of its designers, Carlisle Adams and Stafford Tavares of Northern Telecom (Nortel).

Nortel have applied for a CAST patent, but they have made a written commitment to make CAST
available to anyone on a royalty-free basis. CAST appears to be exceptionally well designed by
people with good field reputation. The design is based on a very formal approach, with a number
of formally provable assertions, giving good reasons to believe that it probably requires key
exhaustion to break its 128-bit key. CAST has no weak or semiweak keys. There are strong
arguments that CAST is completely immune to both linear and differential cryptanalysis, the two
most powerful forms of cryptanalysis in the published literature. Moreover, both of them have
been effective in cracking DES.

CAST is too new to have developed a long track record, but its formal design and the good
reputation of its designers will undoubtedly draw the attention and attempt cryptanalytic attacks
of the rest of the academic cryptographic community. I nearly have the same good feeling of
confidence for CAST that I had years ago for IDEA, the cipher I selected for use in earlier
versions of PGP.

The IDEA (International Data Encryption Algorithm) block cipher is based on the design
concept of “mixing operations from different algebraic groups.” It was developed at ETH in
Zurich by James L. Massey and Xuejia Lai and published in 1990. Early published papers on the
algorithm called it IPES (Improved Proposed Encryption Standard), but they later changed the
name to IDEA. So far, IDEA has resisted attack much better than other ciphers such as FEAL,
REDOC-II, LOKI, Snefru and Khafre. Moreover, IDEA is more resistant than DES to Biham
and Shamir’s highly successful differential cryptanalysis attack, as well as attacks from linear
cryptanalysis.


Cryptography Basics Pki

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Cryptography Basics Pki

Similaire à Cryptography Basics Pki (20)

Plus de Sylvain Maret

Plus de Sylvain Maret (20)

Dernier

Dernier (20)

Cryptography Basics Pki