Encryption

Goals
• Be able to describe the different types of
encryption and their properties.

Encryption • Show how digital signatures can be used

to verify the authenticity of information.
• Explain how hardware can assist in
encryption.

COMP375 Computer Architecture

and Organization

Security Goals Cryptography

The goals for protecting any system are to • Cryptography in general represents the process
of encrypting a plain-text message into an
assure that the following criteria are met: unreadable cipher so that it can be sent through
a network to be decrypted/deciphered by the
1. Availability – services up and running. intended recipient.
2. Data Integrity– data is created/modified by • Cryptography is an important tool for security.
authorized parties only.
3. Secrecy/Confidentiality – access is restricted to Key Key
authorized parties.
4. Authentication – verifying identity Plaintext Encryption Decryption Plaintext
5. Non-repudiation – verification of action or data

Encryption Media Types of Encryption

• Encryption can be used to secure • Secret Key

messages sent over a network. – The encryption key is the same as the
decryption key.
• Encryption can also be used to secure
data stored on a computer. – Sender and receiver have to securely
share a key.
• Think of a data file as a very slow
• Public Key
message.
– The key to decrypt is different, but related
to, the key to encrypt.
– The encryption key can be made public
while the decryption key is kept secret.

COMP375 1
Encryption

Secret Key Cryptography Public Key Cryptography

• Keys exchanged prior to communications. Parties verified at
that time.
• Public key different from private key.
• Key to encrypt message is the same as key to decrypt.
• RSA encryption is an example of Public Key Cryptography.
• DES and AES encryption are examples of Secret Key
Cryptography.
Remote Public Key Directory:

Plaintext Ciphertext Ciphertext Plaintext User2

E Network D Ciphertext Ciphertext

Plaintext Plaintext

E Network D

Secret Key Same Secret Key User2

User1
User1 User2 Private Key

Encryption Performance Encryption Accelerators

• RSA Public key encryption is slower than • Specialized
DES or AES. hardware can
• DES and AES are easy to implement in be used for
hardware. encryption.
• AES can be efficiently implemented in • Much of a web
software. server’s CPU
• Hybrid encryption uses both public and time can be
secret key systems. consumed by
encryption.

Key Strength Key Lengths

• The longer they key, the harder it is to • DES uses a 56 bit key
defeat the encryption by brute force. • Triple DES or DES3 uses two DES keys
• If the key is n bits, it requires 2n guesses to for a total of 112 bits
try all possible keys. You are likely to • AES uses 128, 192 or 256 bit keys.
guess correctly halfway through in 2n-1 • RSA uses variable length keys, frequently
tries. 512, 1024 or 2K bits in length.
• Public key algorithms require a
mathematical relation between the keys so
not every bit string can be a key.

COMP375 2
Encryption

Hybrid Cryptography (STEP 1) Hybrid Cryptography (STEP 2)

• DES key is encrypted with public key cryptography using
Public Key of receiver. • Message is encrypted with the DES key previously sent to the
• DES key sent to receiver. receiver.
• Both users end up with a shared DES key. • DES key is discarded after sending the message.
Remote Public Key Directory:
STEP1 STEP2
User2

Ciphertext Ciphertext Plaintext Ciphertext Ciphertext Plaintext

E Network D E Network D
DES Key DES Key

Receiver Receiver
Sender Private Key
Sender
DES Key DES Key

Encryption Methods Encryption Methods

• Block Cipher – one block of plaintext is • Stream Cipher – blocks are XORed with
encrypted to one block of cipher text. previous blocks.

Plaintext 1 Plaintext 2 Plaintext n Plaintext n+1

Key Key
Key Key
Cipher text 1 Cipher text 2
Cipher text n Cipher text n+1

Digital Signatures Message Hash

• Offer similar protections as hand- • A message hash is a checksum like value
written signatures in the real world. or condensed version of a file.
1. Difficult to forge. • Any change to a file will produce a
different message hash.
2. Easily verifiable. • Message hashes are one way functions.
There is no known method of creating a
3. Not deniable. data file to match a known message
4. Easy to implement. hash.
• SHA-1 is a Standard Hash Algorithm
5. Differs from document to document.

COMP375 3
Encryption

Digital Signature Digital Signature Process

• A hash of the data is created. The name
• Digitally signed messages can have of the sender is appended to the hash.
clearly viewed plaintext in the body of the
• The hash is encrypted with the private
message, the objective is to verify the
key of the sender.
sender.
• The hash is appended to the data and
• With RSA public key encryption either
transmitted together.
key can be used to encrypt or decrypt.
• The receiver decrypts the hash with the
public key of the sender.
• The receiver calculates a hash of the
message and compares it to the received
hash.

Digital Signature Digital Signature Use

(general - public key)
Remote Public Key Directory:
User1 User 1 • Digitally signed email verifies the sender.
Plaintext User2
One Way • Signed applets or programs come from a
Hash
Plaintext known source and have not been
modified.
Bits

One Way
Hash
+ Network +
Verifiable
• Digitally signed programs cannot be
E D C
Condensed Bits Signature Signature
Output modified or infected with a virus.
Compare • Digitally signed documents cannot be
User 1 User 1 hashes
Public Private Key Public Key Public changed.
Key Key
Encryption
Decryption

Key Distribution Key Servers

• Key servers are computers that have a
• If you are going to rely on public key database of public keys.
encryption, it is necessary to ensure the
• Upon receiving a request for a public key,
authenticity of public keys.
a key server sends the client the desired
• Keys can be distributed by public key.
– Key Servers
• The messages from the key server are
– Digital Certificates
digitally signed.
• Clients have to know the key server’s
public key.

COMP375 4
Encryption

Digital Certificates Digital Certificates

• A digital certificate contains a user’s public
key along with some information about the
user, such as their email address.
• The digital certificate is digitally signed by
a Certificate Authority.
• Certificate Authorities are venders of
digital certificates.
• Clients must know the public key of the
Certificate Authority.

Secure Sockets Layer (SSL) Capabilities of SSL

• SSL is a popular form of secure
communications that is widely used within
commercial applications.
• Combines elements of public and private
key encryption and digital signature.
• Used by HTTPS
1. To establish an encrypted, not Less preferred
necessarily authenticated,
communication channel
between client and server.
2. To authenticate the server, and
establish a secure channel
(using crypto algorithm).
3. To authenticate the server AND
the client, and establish an
More preferred
authenticated & secure channel.

Actions of SSL
1. Authenticates the server to the client.
2. Allows the server and client to select
the cryptographic algorithms they
support.
3. Optionally authenticate client to server.
4. Use public key encryption to generate
shared secrets.
5. Establish an encrypted SSL
connection.

COMP375 5