The private and public keys are mathematically tied together, so the corresponding private key can only decrypt that information encrypted using the public key. Say I want to send you a private message. I encrypt it using one of the programs listed below. Once encrypted, the message becomes a jumbled mess of random characters. But, equipped with the key I send you, you can decrypt it and find the original message. The technology comes in many forms, with key size and strength generally being the most significant differences in one variety to the next.
At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry. Triple DES uses three individual keys with 56 bits each. The total key length adds up to bits, but experts would argue that bits in key strength is more accurate.
Government and numerous organizations. Although it is highly efficient in bit form, AES also uses keys of and bits for heavy-duty encryption purposes. AES is largely considered impervious to all attacks, except for brute force, which attempts to decipher messages using all possible combinations in the , , or bit cipher. RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet.
The result of RSA encryption is a huge batch of mumbo jumbo that takes attackers a lot of time and processing power to break. Blowfish is yet another algorithm designed to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually. Blowfish is known for its tremendous speed and overall effectiveness.
This algorithm is not good for providing confusion, because an analyst who deduces the transformation of a few letters can also predict the transformation of the remaining letters, with no additional information. By contrast, a one-time pad with a key effectively as long as the message length provides good confusion, because one plaintext letter can be transformed to any ciphertext letter at different places in the output.
There is no apparent pattern to transforming a single plaintext letter. The cipher should also spread the information from the plaintext over the entire ciphertext so that changes in the plaintext affect many parts of the ciphertext. This principle is called diffusion, the characteristic of distributing the information from single plaintext letters over the entire output.
Good diffusion means that the interceptor needs access to much of the ciphertext to be able to infer the algorithm. Before becoming too convinced of the strength of any algorithm, you should remember that there are people very interested in nullifying the effects of encryption. As we noted earlier in this chapter, the opponent can work to weaken the apparent strength of the algorithm, to decrypt a single piece encrypted text, or to derive a key with which to break subsequent encryptions.
Commercial-grade cryptographers need to keep in mind the possibility of commercial-grade cryptanalysts as well.
So far we have looked at a few particular techniques a cryptanalyst could use to break the encryptions we have studied. Studying these techniques helps you appreciate the simplicity of the encryptions we have presented so far.
We introduced these algorithms primarily to illustrate several encryption concepts as well as the analysis a cryptographer performs. But these techniques have been more instructional than practical; no one would use these cryptosystems to protect data of any significant value because the cryptosystems are relatively easy to break. A different reason to consider cryptanalysis is to judge the difficulty of breaking an encryption or algorithm.
After all, encrypting data does no good if the attacker can find some way of decrypting it. Therefore, we look at cryptanalysis in general: What does a cryptanalyst do when confronted with an unknown, and possibly very strong, encryption scheme? Four possible situations confront the cryptanalyst, depending on what information is available. In turn , these four cases suggest five different approaches the analyst can use to address them. As we describe each case, keep in mind that the cryptanalyst can also use any other collateral information that can be obtained.
In most of the discussions so far, we assumed that the analyst had only the ciphertext with which to work. The decryption had to be based on probabilities, distributions, and characteristics of the available ciphertext, plus publicly available knowledge. This method of attack is called a ciphertext-only attack. The analyst may be fortunate enough to have a sample message and its decipherment. For example, a diplomatic service may have intercepted an encrypted message, suspected to be the text of an official statement.
In this case the analyst is attempting to find E or D by using a known plaintext attack. The analyst may have additional information, too.
For example, the analyst may know that the message was intercepted from a diplomatic exchange between Germany and Austria. From that information, the analyst may guess that the words Bonn, Vienna, and Chancellor appear in the message.
In these cases, the analyst can use what is called a probable plaintext analysis. After doing part of the decryption, the analyst may find places where the known message fits with the deciphered parts, thereby giving more clues about the total translation. After cryptanalysis has provided possible partial decipherments, a probable plaintext attack may permit a cryptanalyst to fill in some blanks.
The analyst may have infiltrated the sender's transmission process so as to be able to cause messages to be encrypted and sent at will. This attack is called a chosen plaintext attack. For instance, the analyst may be able to insert records into a database and observe the change in statistics after the insertions.
Linear programming sometimes enables such an analyst to infer data that should be kept confidential in the database. Alternatively, an analyst may tap wires in a network and be able to notice the effect of sending a particular message to a particular network user.
The cryptanalyst may be an insider or have an inside colleague and thus be able to cause certain transactions to be reflected in ciphertext; for example, the insider may forward messages resulting from a receipt of a large order. A chosen plaintext attack is very favorable to the analyst. The analyst may have available both the encryption algorithm and the ciphertext. In a chosen ciphertext attack, the analyst can run the algorithm on massive amounts of plaintext to find one plaintext message that encrypts as the ciphertext.
The purpose of a chosen ciphertext attack is to deduce the sender's encryption key so as to be able to decrypt future messages by simply applying the sender's decryption key to intercepted ciphertext. This approach fails if two or more distinct keys can produce the same ciphertext as the result of encrypting different meaningful plaintext. The cryptanalyst may be lucky enough to have some pairs of plaintext and matching ciphertext.
Then, the game is to deduce the key by which those pairs were encrypted so that the same key can be used in cases in which the analyst has only the ciphertext. Although it might seem uncommon to be able to obtain matching plain- and ciphertext, in fact it happens sometimes. For example, during World War II, cryptanalysts intercepted text from major diplomatic announcements sent in advance to embassies encrypted and then released to the public.
Having a few such pieces allowed the cryptanalysts to determine current keys and decrypt other messages. A cryptanalyst works against humans, who can be hurried, lazy, careless, na ve, or uninformed.
Humans sometimes fail to change cryptographic keys when needed, broadcast cryptographic keys in the clear, or choose keys in a predictable manner. That is, the algorithm may be strong and the implementation effective, but the people using it fail in some way and open up the encryption to detection. People have been known to be careless, discarding sensitive material that could give a spy access to plaintext by matching known ciphertext.
And humans can sometimes be bribed or coerced. Sidebar describes some examples of this behavior during World War II.
Not only are people fallible, but so are hardware and software implementations. Sometimes hardware fails in predictable ways, such as when disk reading heads lose their track alignment, so that sensitive data thought to be erased are still on the disk. At other times, seemingly small things can weaken an otherwise strong approach.
For example, in one attack, the analyst accurately measured the electricity being used by a computer performing an encryption and deduced the key from the difference in power used to compute a 1 versus a 0. These problems are separate from issues of the algorithm itself, but they offer ways that a cryptanalyst can approach the task of breaking the code.
Remember that the only rule that applies to the attacker is that there are no rules. Kahn [KAH96] describes the history of the Enigma machine, a mechanical tool used by the Germans in World War II to scramble messages and prevent the enemy from understanding them.
Enigma was based on revolving wheels, or rotors, that were wired together and connected to a typewriter keyboard. There were so many ways to encrypt a message that even if 1, analysts tried four different ways each minute, all day, every day, it would have taken the team 1.
So how did the Allies break the encryption? First, they made use of the likely chatter over the wires about each day's events. By guessing that the Germans would be discussing certain places or issues, the Allies found sections of scrambled text that they could relate to the original messages, or cleartext. Next, they concentrated on Luftwaffe messages. Counting on the likelihood that the Luftwaffe signalmen were not as well trained as those in the Army or Navy, the Allies watched for slip-ups that increased the odds of understanding the encrypted messages.
For instance, Luftwaffe signalmen often used "a girlfriend's name for a key setting or beginning a second message with the same setting as that left at the ending of the first. Thus, sophisticated technology can be trumped when control protocols are not followed carefully and completely.
Using these schemes is fairly easy, even though the detailed construction of the algorithms can be quite complex. As you study the three algorithms, keep in mind the possibility that cryptanalysts are also working to defeat these encryptions. Previous page. Table of content. Next page. What Makes a "Secure" Encryption Algorithm? Properties of "Trustworthy" Encryption Systems Commercial users have several requirements that must be satisfied when they select an encryption algorithm.
How the encryption is done and what type of encryption is used gets much more complex. There are two types of encryption algorithms: symmetric and asymmetric. With a symmetric algorithm, both encryption and decryption keys are the same, so the same key must be used to enable secure communication. Symmetric algorithm encryptions are commonly used for bulk data encryption and are fast and easily implemented by hardware. The downside is that anyone with that decryption key can decrypt your data even if it is not intended for them.
In asymmetric algorithm encryption, two separate but mathematically linked encryption keys are used. A public key is used to encrypt the data and can be distributed while the private key is used to decrypt the data and, therefore, is kept private.
Through the use of a private key, asymmetric encryption eliminates the preliminary exchange of secret keys, allows for public keys to be shared with anyone, and provides an underlying architecture for digital certificates, digital signatures, and a Public Key Infrastructure PKI. The disadvantages are that it is slower than symmetric algorithm encryption and that it requires greater computation power.
0コメント