UNderstanding and applying crypttography and data securyty

158 5.2.3.2 Counter with Cipher Block Chaining-Message Authentication Code Mode 164 5.2.4 Efficient Implementation.. 11 4.1 Typical Stream Cipher Implementation.. 69 5.1 Block Diagram for

www.ebook777.com

CISO Leadership: Essential Principles for Success

Todd Fitzgerald and Micki Krause

ISBN: 978-0-8493-7943-7

CISO Soft Skills: Securing Organizations Impaired by

Employee Politics, Apathy, and Intolerant Perspectives

Ron Collette, Michael Gentile, and Skye Gentile

ISBN: 978-1-4200-8910-3

Critical Infrastructure: Understanding Its Component Parts,

Vulnerabilities, Operating Risks, and Interdependencies

Information Security Management Metrics: A Definitive

Guide to Effective Security Monitoring and Measurement

IT Auditing and Sarbanes-Oxley Compliance: Key Strategies for Business Improvement

Dimitris N Chorafas ISBN: 978-1-4200-8617-1

Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet

Ken Dunham and Jim Melnick ISBN: 978-1-4200-6903-7

Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition

Marlin B Pohlman ISBN: 978-1-4200-7247-1

Profiling Hackers: The Science of Criminal Profiling as Applied to the World

of Hacking

Raoul Chiesa, Stefania Ducci, and Silvio Ciappi ISBN: 978-1-4200-8693-5

Security in an IPv6 Environment

Daniel Minoli and Jake Kouns ISBN: 978-1-4200-9229-5

Security Software Development: Assessing and Managing Security Risks

Douglas A Ashbaugh ISBN: 978-1-4200-6380-6

Software Deployment, Updating, and Patching

Bill Stackpole and Patrick Hanrion ISBN: 978-0-8493-5800-5

Terrorist Recognition Handbook: A Practitioner’s Manual for Predicting and Identifying Terrorist Activities, Second Edition

Malcolm Nance ISBN: 978-1-4200-7183-2

21st Century Security and CPTED: Designing for Critical Infrastructure Protection and Crime Prevention

Randall I Atlas ISBN: 978-1-4200-6807-8

Understanding and Applying Cryptography and Data Security

Adam J Elbirt ISBN: 978-1-4200-6160-4

AUERBACH PUBLICATIONS www.auerbach-publications.com

To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401

E-mail: orders@crcpress.com

www.ebook777.com

CRC Press

Taylor & Francis Group

6000 Broken Sound Parkway NW, Suite 300

Boca Raton, FL 33487-2742

© 2009 by Taylor & Francis Group, LLC

CRC Press is an imprint of Taylor & Francis Group, an Informa business

No claim to original U.S Government works

Version Date: 20131120

International Standard Book Number-13: 978-1-4200-6161-1 (eBook - PDF)

This book contains information obtained from authentic and highly regarded sources Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S Copyright Law, no part of this book may be reprinted, reproduced, ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

transmit-For permission to photocopy or use material electronically from this work, please access www.copyright com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400 CCC is a not-for-profit organization that provides licenses and registration for a variety of users For organizations that have been granted a photocopy license by the CCC,

a separate system of payment has been arranged.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used

only for identification and explanation without intent to infringe.

Visit the Taylor & Francis Web site at

http://www.taylorandfrancis.com

and the CRC Press Web site at

http://www.crcpress.com

To Danielle, Jacob, and Rachel — the impossible became realbecause of you You are the shining lights of my life and bring joy

to my heart

www.ebook777.com

1.3 Existing Texts 4

1.4 Book Organization 5

1.5 Supplements 8

2 Symmetric-Key Cryptography 9 2.1 Cryptosystem Overview 10

2.2 The Modulo Operator 13

2.3 Greatest Common Divisor 19

2.4 The Ring Z m 20

vii

2.5 Homework Problems 22

3 Symmetric-Key Cryptography: Substitution Ciphers 25 3.1 Basic Cryptanalysis 25

3.2 Shift Ciphers 30

3.3 Affine Ciphers 33

3.4 Homework Problems 41

4 Symmetric-Key Cryptography: Stream Ciphers 49 4.1 Random Numbers 52

4.2 The One-Time Pad 53

4.3 Key Stream Generators 56

4.3.1 Linear Feedback Shift Registers 57

4.3.2 Clock Controlled Shift Register Key Stream Generators 68

4.3.3 Attacks Against LFSRs 70

4.4 Real-World Applications 73

4.5 Homework Problems 74

CONTENTS ix

5.1 The Data Encryption Standard 84

5.1.1 Feistel Networks 84

5.1.2 Cryptosystem 87

5.1.3 Modes of Operation 99

5.1.3.1 Electronic Code Book Mode 99

5.1.3.2 Cipher Block Chaining Mode 101

5.1.3.3 Propagating Cipher Block Chain-ing Mode 105

5.1.3.4 Cipher Feedback Mode 107

5.1.3.5 Output Feedback Mode 109

5.1.3.6 Counter Mode 111

5.1.4 Key Whitening 112

5.1.5 Efficient Implementation 113

5.1.6 Attacks Against DES 117

5.1.6.1 Weak and Semi-Weak Keys 118

5.1.6.2 Exhaustive Key Search 120

www.ebook777.com

5.1.6.3 Meet-In-The-Middle 122

5.1.6.4 S-Box Design Criteria 126

5.1.7 Homework Problems 128

5.2 The Advanced Encryption Standard 139

5.2.1 Galois Field Mathematics 140

5.2.2 Cryptosystem 146

5.2.3 Modes of Operation 157

5.2.3.1 Cipher-Based Message Authentica-tion Code Mode 158

5.2.3.2 Counter with Cipher Block Chaining-Message Authentication Code Mode 164 5.2.4 Efficient Implementation 173

5.2.5 Attacks Against AES 183

5.2.6 Homework Problems 186

6 Public-Key Cryptography 195 6.1 Issues with Symmetric-Key Cryptosystems 195

6.2 Public-Key Cryptosystem Overview 196

CONTENTS xi

6.3 One-Way Functions 199

6.4 The Euclidean Algorithm 200

6.5 The Extended Euclidean Algorithm 202

6.6 Euler’s Phi Function 211

6.7 Euler’s Theorem 213

6.8 Fermat’s Little Theorem 214

6.9 Homework Problems 216

7 Public-Key Cryptography: RSA 223 7.1 Cryptosystem 223

7.2 Efficient Implementation 228

7.2.1 Parameter Selection 228

7.2.2 Exponentiation 230

7.2.3 The Chinese Remainder Theorem 253

7.2.4 Multi-Precision Arithmetic 266

7.2.4.1 Addition 267

7.2.4.2 Multiplication 268

7.2.4.3 Squaring 272

7.2.4.4 Montgomery Arithmetic 274

7.2.4.5 Inversion 283

7.2.5 The Karatsuba-Ofman Multiplication Algo-rithm 285

7.2.6 Performance 289

7.3 Attacks 295

7.4 Homework Problems 298

8 Public-Key Cryptography: Discrete Logarithms 313 8.1 Cyclic Groups 313

8.2 The Discrete Logarithm Problem 324

8.3 Diffie-Hellman Key Agreement Protocol 326

8.4 Efficient Implementation 330

8.5 ElGamal Encryption 332

8.6 Attacks 338

8.6.1 Shank’s Algorithm 338

8.6.2 Pollard’s Rho Method 342

8.6.3 The Pohlig-Hellman Algorithm 354

www.ebook777.com

CONTENTS xiii

8.6.4 The Index Calculus Method 362

8.7 Homework Problems 379

9 Public-Key Cryptography: Elliptic Curves 395 9.1 Cryptosystem 395

9.2 Diffie-Hellman Key Agreement Protocol 413

9.3 Efficient Implementation 416

9.4 Menezes-Vanstone Encryption 420

9.5 Attacks 428

9.6 Homework Problems 429

10 Cryptographic Components 437 10.1 Digital Signatures 437

10.1.1 RSA 440

10.1.2 ElGamal 444

10.1.3 Elliptic Curves 453

10.1.4 Efficient Implementation 465

10.1.5 Homework Problems 465

10.2 Hash Functions 471

10.2.1 The Birthday Paradox 476

10.2.2 Algorithms 482

10.2.2.1 Block Cipher Based Algorithms 483

10.2.2.2 MD4 485

10.2.2.3 MD5 489

10.2.2.4 Secure Hash Algorithm 495

10.2.2.5 RIPEMD-160 515

10.2.3 Efficient Implementation 524

10.2.4 Homework Problems 525

10.3 Message Authentication Codes 528

10.3.1 Algorithms 530

10.3.1.1 Block Cipher Based Algorithms 531

10.3.1.2 Hash Function Based Algorithms 533 10.3.2 Efficient Implementation 534

10.3.3 Homework Problems 534

CONTENTS xv

11.1 Security Services 537

11.2 Key Establishment 553

11.2.1 Key Distribution 554

11.2.2 Key Agreement 557

11.2.3 The Man-In-The-Middle Attack 558

11.2.4 Certificates 560

11.3 Applications 566

11.3.1 Kerberos 566

11.3.2 Pretty Good Privacy 574

11.3.3 Secure Sockets Layer 579

11.3.4 Internet Protocol Security 585

11.4 Homework Problems 589

References 595

Index 629

www.ebook777.com

1.1 Overview of the Field of Cryptology 6

2.1 Typical Symmetric-Key Cryptosystem 11

4.1 Typical Stream Cipher Implementation 51

4.2 Practical Stream Cipher Implementation 55

4.3 Example LFSR Implementation 57

4.4 Generalized LFSR Implementation 61

4.5 Clock Controlled Shift Register Implementation 69 5.1 Block Diagram for Standard Block Ciphers 86

5.2 DES Encryption Block Diagram 88

5.3 DES Round Function 89

5.4 DES f-Function 91

xvii

5.5 DES Encryption Key Schedule 96

5.6 DES Decryption Key Schedule 100

5.7 Block Cipher Operation in Electronic Code Book Mode 101

5.8 Bank Transaction Data Stream 102

5.9 Block Cipher Operation in Cipher Block Chaining Mode 103

5.10 Block Cipher Operation in Propagating Cipher Block Chaining Mode 106

5.11 Block Cipher Operation in Cipher Feedback Mode 108

5.12 Block Cipher Operation in Output Feedback Mode 110

5.13 Block Cipher Operation in Counter Mode 112

5.14 DES-X and Key Whitening 113

5.15 Double Encryption Using DES 123

5.16 Triple Encryption Using DES 124

5.17 Rijndael Plaintext Mapping 147

5.18 Rijndael Encryption Block Diagram 148

www.ebook777.com

LIST OF FIGURES xix

5.19 Rijndael ShiftRows Transformation 150

5.20 Rijndael MixColumns Transformation 150

5.21 Rijndael Decryption Block Diagram 152

5.22 Rijndael InvMixColumns Transformation 153

5.23 Rijndael InvShiftRows Transformation 154

5.24 Message Authentication Code Generation — No Padding of M n ∗ 160

5.25 Message Authentication Code Generation — Padded M n ∗ 161

6.1 Symmetric-Key Cryptosystem Key Sharing 196

7.1 Chinese Remainder Theorem Transformation 255

7.2 Chinese Remainder Theorem Transformation Applied to RSA 257

7.3 Storage Representation of a Multi-Precision Integer 266

7.4 Montgomery Arithmetic Transformation 275

7.5 Montgomery Arithmetic Transformation with MRed 281

7.6 Montgomery Arithmetic Transformation

Establishment Stage in Z p ∗ 328

for p > 3 where P1 = P2 397

for p > 3 where P1 = P2 398

Establishment Stage for Elliptic Curves 414

Generated Iteratively 473

Encryption 539

Encryption 540

LIST OF FIGURES xxi

Signatures 543

Signatures 545

and Symmetric-Key Encryption 547

Encryption 548

11.10 Diffie-Hellman Key Agreement Protocol —

Man-In-The-Middle Attack 55911.11 Diffie-Hellman Key Agreement Protocol Key

Establishment Stage Using Certificates 56211.12 Authenticated Diffie-Hellman Key Agreement

Protocol Key Establishment Stage

Using Certificates 56411.13 Kerberos Authentication Protocol — Stage 1 56911.14 Kerberos Authentication Protocol — Stage 2 571

www.ebook777.com

11.15 Kerberos Authentication Protocol — Stage 3 57311.16 PGP Email Transmission — Sender

Operations 57611.17 PGP Email Transmission — Recipient

Operations 578

List of Tables

5.9 DES S-Box S6 93

5.15 DES Weak Keys 1185.16 DES Semi-Weak Keys 1195.17 Rijndael Key Expansion Data 155

10.1 Secure Hash Algorithm Properties [224] 50110.2 Hash Algorithm Best Implementation Performance

in ASIC 52410.3 Hash Algorithm Best Implementation Performance

in FPGA 52510.4 Hash Algorithm Best Implementation Performance

in Software 525

www.ebook777.com

About the Author

Adam J Elbirt is a Senior Member of Technical Staff at the

Charles Stark Draper Laboratory, Inc He is also a member of theEta Kappa Nu and Sigma Chi honorary societies

Elbirt has given seminars for such prestigious universities asWorcester Polytechnic Institute, the New Jersey Institute of Tech-nology, and the University of Massachusetts Lowell He was afounding member of the Center for Network and Information Se-curity and recently completed a six-year term as a professor ofcomputer science at the University of Massachusetts Lowell

Prior to joining the Charles Stark Draper Laboratory, Elbirtheld senior engineering positions at Viewlogic Systems and NTRU

Worcester Polytechnic Institute where he performed his research

in the area of reconfigurable hardware architectures designed toaccelerate cryptographic algorithms Elbirt has published numer-ous articles in journals and conference proceedings and many of

xxv

his implementations broke previous encryption throughput mance records for symmetric-key algorithms.

I would like to deeply thank Christof Paar, chair for tion Security of the Horst Goßrtz Institut for IT Security at theRuhr-Universitaßt Bochum Christof was my advisor and mentor

Communica-at Worcester Polytechnic Institute from 1998 through 2002, andmuch of my lecture notes and thus the topics examined in thistextbook are based on his rigorous and comprehensive lectures,examples, and practical implementation knowledge It is throughChristof’s guidance and love for cryptography and information se-curity that I first became interested in these areas and I would like

to express my heartfelt appreciation to him

I would also like to extend my thanks to Ralph Spencer Poore,Managing Partner of PiR Squared Consulting LLP, for his timeand effort spent reviewing the text

xxvii

www.ebook777.com

se-a significse-ant role in the Allies’ victory over the Axis powers ing World War II, directly affecting the outcome of the Battle ofMidway and other engagements [88] For those interested in cryp-

dur-tographic history, books such as Brute Force: Cracking the Data

1

Encryption Standard [52], by Matt Curtin, and The ers The Story of Secret Writing [148], by David Kahn, provide

Codebreak-interesting reading on how cryptography has affected world events.Cryptography in its more contemporary form was fathered byClaude Shannon in 1949 [283] Widely known for his work inelectronic communications and digital computing, Shannon es-tablished the basic mathematical theory for cryptography and itscounterpart, cryptanalysis Shannon’s methods relied on a unique

shared secret, referred to as the key, that allowed two parties

to communicate securely as long as this key was not mised This class of algorithms, known as private-key, secret-key,

compro-or symmetric-key, was the sole method of secure communicationuntil 1976, when Whitfield Diffie and Martin Hellman proposed arevolutionary key distribution methodology [70] This methodol-ogy led to the development of a new class of algorithms, termedpublic-key or asymmetric-key, where a pair of mathematically re-

lated keys are used and one of these keys is made public,

obviat-ing the need for a secret shared specifically between two parties.Today, information systems typically use a hybrid approach, com-bining the benefits of symmetric-key and public-key algorithms toform a system that is both fast and secure

in the Modern World

Cryptography currently plays a major role in many informationtechnology applications With more than 188 million Americans

www.ebook777.com

1.2 CRYPTOGRAPHY AND DATA SECURITY IN THE MODERN WORLD 3

connected to the Internet [110], the use of cryptography to provideinformation security has become a top priority Many applications

— electronic mail, electronic banking, medical databases, and tronic commerce — require the exchange of private information.For example, when engaging in electronic commerce, customersprovide credit card numbers when purchasing products If theconnection is not secure, an attacker can easily obtain this sensi-tive data In order to implement a comprehensive security planfor a given network to guarantee the security of a connection, thefollowing services must be provided [202, 275, 296]:

elec-• Confidentiality: Information cannot be observed by an

symmetric-key encryption

• Data Integrity: Transmitted data within a given

communi-cation session cannot be altered in transit due to error or an

unauthorized party This is accomplished via the use of Hash

Functions and Message Authentication Codes (MACs).

• Message Authentication: Parties within a given

communi-cation session must provide certifiable proof validating theauthenticity of a message This is accomplished via the use

of Digital Signatures The only communicating party that can generate a Digital Signature that will successfully verify

as belonging to the originator of the message is the originator

of the message This process validates the authenticity of themessage, i.e that the claimed originator of the message is

the actual originator of the message.

• Non-repudiation: Neither the sender nor the receiver of a

message may deny transmission This is accomplished via

Digital Signatures and third-party notary services.

• Entity Authentication: Establishing the identity of an entity,

such as a person or device

• Access Control: Controlling access to data and resources

Ac-cess is determined based on the privilege assigned to the dataand resources as well as the privilege of the entity attempting

to access the data and resources

such as Applied Cryptography [275], by Bruce Schneier, are not

truly suited to classroom environments, though they are written to

be accessible to those with a less formal mathematics background.Moreover, mathematics-based books fail to provide real-world ex-amples that span the implementation domains of hardware, soft-ware, and embedded systems This book describes cryptography

1.4 BOOK ORGANIZATION 5

and data security from the “how do I implement the algorithmsand protocols” point of view, with relevant examples and home-work problems that will be coded in software languages, such asassembly and C, as well as hardware description languages, such

as VHDL and Verilog, to evaluate implementation results Thegoal of these implementation comparisons is to provide studentswith a feel for what they may encounter in actual job situations,examining tradeoffs between code size, hardware logic resourcerequirements, memory usage, speed and throughput, power con-sumption, etc

This book is organized with emphasis on cryptographic algorithmand protocol implementation in hardware, software, and embed-ded systems To that end, it is useful to hierarchically classify thedifferent subject areas that will be examined Figure 1.1 details

the breakdown of relevant topics We use the term cryptology to

refer to the generic study of secret messages, but it is often used

interchangeably with the term cryptography [89].

Different types of symmetric-key cryptographic algorithms arepresented in Chapters 2-5 Basic substitution ciphers will be ex-amined and the concept of cryptanalysis, or code breaking, will beintroduced Cryptography and cryptanalysis cannot exist withoutthe other — cryptanalysis provides the necessary scrutiny to val-idate the security (or lack thereof) of a cryptographic algorithm

www.ebook777.com

Ciphers

Block Ciphers

Figure 1.1: Overview of the Field of Cryptology

These ideas will lead to a study of both stream ciphers, in which

data is encrypted and decrypted a single bit at a time, and block

ciphers, in which data is broken into blocks for encryption anddecryption Both the Data Encryption Standard (DES), whichexpired in 1998 [275], and the Advanced Encryption Standard

(AES) algorithm Rijndael , chosen by the National Institute of

Standards and Technology (NIST) in October 2000, will be plored in detail with particular emphasis placed on the tradeoffsbetween hardware and software implementations in addition toattacks that have been proposed in recent publications

ex-1.4 BOOK ORGANIZATION 7

Chapters 6-9 will focus on public-key cryptographic algorithms.Initial discussions will center around the underlying mathematicsbehind the computation of inverses, knowledge that will be critical

in understanding cryptosystems such as RSA and those based on the Discrete Logarithm problem An extended discussion will be

presented on efficient implementations of public-key algorithms

through the use of fast exponentiation techniques, the Chinese

Remainder Theorem, and Montgomery Arithmetic Tradeoffs

be-tween public-key and symmetric-key algorithms will be examined,leading to the development of hybrid architectures that address the

Key Distribution problem while also maintaining a reasonable level

of performance Finally, attacks against public-key algorithms will

be investigated, the results of which will be used to determine theminimum key lengths necessary to maintain acceptable levels ofsecurity

The understanding of cryptographic algorithms gained in ters 2-9 will be used as the foundation for the construction of cryp-tographic protocols Chapter 10 will examine the different compo-nents necessary for the creation of cryptographic protocols, such

Chap-as Digital Signatures, Message Authentication Codes (MACs), and

Hash Functions These components will be analyzed in terms of

the services they provide in combination with each other whenattempting to create cryptographic protocols that are fast, effi-cient, and secure Finally, Chapter 11 will investigate differentsecurity services and their impact on the construction of crypto-

graphic protocols The issues related to key establishment and key

distribution will be examined with respect to the constructed

pro-tocols, with particular focus on the use of certificates to establishidentity during the communication process

The material for this book is derived from the author’s ing notes and research publications, with other books and researcharticles in recent literature used as supplementary material to pro-vide information on state-of-the art implementations when eval-uating different methods The book is designed to be used inelectrical engineering and computer science courses focused on ap-plied cryptography, where students are taught not only the under-lying mathematics theory behind cryptographic algorithms, butalso how to efficiently implement these algorithms for a variety oftarget technologies

Chapter 2

Symmetric-Key

Cryptography

When examining Figure 1.1, it is interesting to note that until

1973, when James Ellis, Clifford Cocks, and Malcolm Williamsonfirst developed the concept of public-key encryption [121], and

1976, when Whitfield Diffie and Martin Hellman proposed theirrevolutionary key distribution methodology [70], all cryptosystemswere symmetric-key based Based on Figure 1.1, it is clear thatcryptographic algorithms used to ensure confidentiality fall withinone of two categories: symmetric-key (also known as secret-keyand private-key) and public-key Symmetric-key algorithms usethe same key for both encryption and decryption Conversely,public-key algorithms use a public key for encryption and the

verification of Digital Signatures while using a private key for

9

decryption and the generation of Digital Signatures Modern

cryp-tosystems tend to be hybrid systems that include both key and public-key algorithms In a typical session, a public-key algorithm will be used for the exchange of a session key and

symmetric-to provide authenticity through Digital Signatures The session

key is then used in conjunction with a symmetric-key algorithm.Symmetric-key algorithms tend to be significantly faster than public-key algorithms and as a result are typically used in bulk dataencryption [275] The two types of symmetric-key algorithms areblock ciphers and stream ciphers Block ciphers operate on a block

of data whereas stream ciphers encrypt individual bits Block phers are typically used when performing bulk data encryption,and the data transfer rate of the connection directly follows thethroughput of the implemented algorithm [82]

Figure 2.1 shows the setup of a typical symmetric-key

cryptosys-tem in which two parties, denoted as Alice and Bob, desire to

communicate in secret over an open channel such as the Internet

However, a third party, denoted as Oscar, wishes to determine

the contents of the communication and potentially modify said

contents without the knowledge of either Alice or Bob.

To achieve these goals, two options are available to Alice and

Bob The first option is to protect the open channel However,

this option is not practical when considering the vast size,

com-2.1 CRYPTOSYSTEM OVERVIEW 11

Oscar

Open Channel Y

Key Key

Generator

Secure Channel

Key

Figure 2.1: Typical Symmetric-Key Cryptosystem

plexity, and distributed nature of channels such as the Internet

The second and more viable option is the use of cryptography

Al-ice must encrypt the message X before sending it across the open

channel so that Oscar can only access Y, the encrypted message.

Oscar will be unable to translate Y to X without knowledge of

the Key.

To facilitate the use of cryptography, it is useful to develop

a notation defining a number of terms and variables for use incryptosystem specification:

• X is the plaintext and is of finite length.

• P = {x1, x2, x p } is the plaintext space, representing all

possible inputs

• Y is the ciphertext and is of finite length.

• C = {y1, y2, y p } is the ciphertext space, also representing

all possible inputs

www.ebook777.com