Benefits of Encryption
Modern encryption can be accomplished through the use of software or hardware. Hardware encryption is usually the preferred method, in part because of specialized Application Specific Integrated Circuits (ASICs) and advanced signal processors that do not rely on the central processing unit (CPU) of the device, which is usually busy performing many other functions, to provide intensive encryption services. Encryption provides many services, four of which are included in the following list (however, encryption can never provide availability of data or systems):
Confidentiality means that unauthorized parties cannot access information. Authenticity refers to validating the source of the message to ensure that the sender is properly identified; that is, that the peer device you are communicating with is legitimate and is not part of a hijacked session. Integrity means assurance that the message was not modified during transmission, accidentally or intentionally. Nonrepudiation means that a sender cannot deny sending the message at a later date, and the receiver cannot deny receiving it. With nonrepudiation, you are provided with proof that a message was sent and that it was received. A digital signature that provides proof of the identity of the sender is attached to the message that was sent, and in many instances, the time the message was sent is also included.
Different types of messages and transactions require a higher degree of one or all of the services that encryption methods can supply. Financial institutions care about confidentiality, but they care more about the integrity of the data being transmitted, so the encryption mechanism they would choose may differ from a professional sports coach’s encryption methods. If messages that had a misplaced decimal point or zero were accepted, the ramifications could be far reaching to the financial institution. Legal agencies care more about the authenticity of messages they receive. If information that was received needed to be presented in a court of law, its authenticity would certainly be questioned; therefore, the encryption method used should ensure authenticity to confirm who sent the information.
Symmetric and Asymmetric Key Encryption
Encryption algorithms can use one of two different keying methods: symmetric keys, also known as private keys, or asymmetric keys, also known as public keys.
Symmetric Key Encryption
Symmetric key encryption is the most popular type of encryption and understood by most people. In symmetric key encryption, both the sender and receiver know a secret key and will use this key for both encryption and decryption. Obviously, the challenge with symmetric encryption is to make the secret key available to both the sender and receiver without compromise. Thus, is can be stated that the security of the symmetric encryption method is completely dependent on how well users protect the key.
Each pair of peers who want to exchange data in encrypted format using symmetric key encryption must posses their own identical set of keys. For example, in Figure 5.2, Host A needs to communicate to Host B using symmetric key encryption. Notice that both Host A and Host B have obtained a copy of the same private key.
Figure 5.2: Example of symmetric key encryption.
If Host A wants to communicate with another host, say Host C, using symmetric key encryption, Host A will need to possess two keys, one for Host B and another for Host C. Now this does not sound like a big deal at this point, but if Host A has to begin communicating to hundreds of other hosts using symmetric key encryption, Host A must possess a separate key for each host that it must communicate with and use the correct key with the correct host, which can become a burdensome task.
Because both users use the same key to encrypt and decrypt messages, symmetric key encryption can provide confidentiality, but it cannot provide authentication or nonrepudiation. There is no way to prove who actually sent a message if two people are using the exact same key.
Symmetric key encryption has a few advantages over asymmetric key encryption. If a large key size is used (greater than 128 bits), symmetric key encryption is very difficult to break. When comparing symmetric key encryption to asymmetric key encryption, you’ll find that symmetric key encryption is also extremely faster and can be used to encrypt large volumes of data.
Symmetric key encryption also has a few disadvantages. It provides no secure mechanisms to ensure proper delivery of keys and each pair of encryption peers must maintain a unique pair of keys. Symmetric key encryption also can only provide confidentiality and cannot provide authentication or nonrepudiation.
Symmetric key encryption can use several different types of symmetric key algorithms. Each uses a different method of providing encryption and decryption functionality, and two symmetric key algorithm will be discussed in detail in the following sections, “DES” and “Triple DES.”
Data Encryption Standard (DES)
The Data Encryption Standard is a symmetric key algorithm that was devised in 1972 as a deviation of the Lucifer algorithm developed by IBM. DES is used for commercial and nonclassified purposes. DES defines a 64−bit block size and uses a 56−bit key. It begins with a 64−bit key and strips off 8 bits. Using a 56−bit key means that an attacker would have to try 256, or 70 quadrillion, possible keys in order to find the private key using a brute force attack. This may at first seem like a tremendous amount of possible combinations, but given today’s distributed computing environments, DES can and has been broken. In fact, the Electronic Frontier Foundation built a distributed computer network system that broke DES in 22 hours and 15 minutes. The system contained a supercomputer known as Deep Crack and a distributed network of almost 100,000 worldwide PCs connected to the Internet. For further information on the breaking of DES, see
http://www.rsasecurity.com/news/pr/990119−1.html. Because of vulnerabilities like these, the U.S. government has not used DES since November of 1998.
There are four defined modes of operation for DES: cipher block chaining (CBC), Electronic Code Book (ECB), cipher feedback (CFB), and Output Feedback (OFB). Electronic Code Book is the most commonly used.
Cipher block chaining (CBC) operates with plaintext blocks of 64 bits. It uses what is known as an initialization vector (IV) of 64 bits. In cipher block chaining, each plaintext block is XORed with the previous ciphertext block and the result is encrypted using the DES key. Identical ciphertext blocks can be the result, only if the same plaintext block is encrypted using both the same key and the initialization vector and if the ciphertext block order is not changed. Ideally, the initialization vector
should be different for any two messages encrypted with the same key. One of the cipher block chaining major characteristics is that it uses a chaining mechanism that makes the decryption of a block of ciphertext dependant upon all the preceding ciphertext blocks. As a result, the entire validity of all preceding blocks is contained in the previous ciphertext block. A single bit error in a ciphertext block affects the decryption of all subsequent blocks. Rearrangement of the order of the ciphertext blocks causes decryption to become corrupted. It has the advantage over the ECB mode in that the XORing process hides plaintext patterns.
Electronic Code Book (ECB) is the default native mode of DES and is a block cipher. In other words, the same plaintext value will always result in the same ciphertext value. ECB is used when a volume of plaintext is separated into several blocks of data, each of which is then encrypted independently of other blocks. In fact, ECB has the capability to support a separate encryption key for each block type. ECB is applied to 64−bit blocks of plaintext, and it produces corresponding 64−bit blocks of ciphertext. It operates by dividing the 64−bit input vector into two 32−bit blocks that are referred to as the right block and the left block. The bits are then recopied to produce two 48−bit blocks. Then, each of these 48−bit blocks is XORed with a 48−bit encryption key.
ECB is not the preferred system to use with small block sizes and identical encryption modes. Some words and phrases may be reused often enough so that the same repetitive blocks of ciphertext can emerge, laying the groundwork for a codebook attack because the plaintext patterns would become fairly obvious. However, security may be improved if random pad bits are added to each block. On the other hand, 64−bit or larger blocks should contain enough unique characteristics to make a
codebook attack unlikely to succeed. In terms of error correction, any bit errors in a ciphertext block affect decryption of that block only. Chaining dependency is not an issue in that reordering of the ciphertext blocks will only reorder the corresponding plaintext blocks but not affect them.
Cipher feedback (CFB) is a stream cipher in which the DES is used to generate pseudorandom bits, which are exclusively−ORed with binary plain text to form cipher text. The cipher text is fed back to form the next DES input block. Identical messages that are encrypted using the CFB mode and different initialization vectors will have different cipher texts. Initialization vectors that are shorter than 64 bits should be put in the least significant bits of the first DES input block and the unused, most significant bits initialized to 0s. In the CFB mode, errors in any K−bit unit of cipher text will affect the decryption of the garbled cipher text and also the decryption of succeeding cipher text until the bits in error have been shifted out of the CFB input block. The first affected K−bit unit of plain text will be garbled in exactly those places where the cipher text is in error. Succeeding decrypted plain text will have an average error rate of 50 percent until all errors have been shifted out of the DES input block. Assuming no additional errors are encountered during this time, the correct plain text will then be obtained.
Output feedback (OFB) is a stream cipher and has some similarities to the ciphertext feedback mode in that it permits encryption of differing block sizes; the key difference is that the output of the encryption block function is the feedback. It functions by generating a stream of random binary bits to be combined with the plaintext to create ciphertext. The XOR value of each plaintext block is created independently of both the plaintext and ciphertext. Because there are no chaining dependencies, it is this mode that is used when there can be no tolerance for error propagation. Like the ciphertext feedback mode, it uses an initialization vector (IV). Changing the IV in the same plaintext block results in different ciphertext. In this mode, output feedback can tolerate ciphertext bit errors but is incapable of self−synchronization after losing ciphertext bits because it disturbs the synchronization of the aligning keystream.
Triple DES currently enjoys a much wider use than DES because DES is relatively easy to break with today’s rapidly advancing technology. Triple DES was the answer to many of the shortcomings of DES. Because it is based on the DES algorithm, it is very easy to modify existing software to use Triple DES. It also has the advantage of proven reliability and a longer key length that eliminates many of the shortcut attacks that can be used to reduce the amount of time it takes to break DES. However, even this more powerful version of DES may not be strong enough to protect data for very much longer. The DES algorithm itself has become obsolete and is in need of replacement. The Advanced Encryption Standard (AES) is a replacement for DES. The AES will be at least as strong as Triple DES, and probably much faster. Many security systems will probably use both Triple DES and AES for at least the next five years. After that, AES may supplant Triple DES as the default algorithm on most systems if it lives up to its expectations. But Triple DES will be kept around for compatibility reasons for many years after that. So the useful lifetime of Triple DES is far from over, even with the AES near completion. For the foreseeable future, Triple DES is an excellent and reliable choice for the security needs of highly sensitive information.
Triple DES is simply another mode of DES operation. It takes three 64−bit keys for an overall key length of 192 bits. You simply type in the entire 192−bit (24−character) key rather than entering each of the three keys individually. Triple DES then breaks the user−provided key into three subkeys, padding the keys if necessary so they are each 64 bits long. The procedure for encryption is exactly the same as it is for regular DES, but it is repeated three times; hence the name Triple DES. The data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the third key. Consequently, Triple DES runs much slower than standard DES because
of the processing power needed to perform the multiple permutations, but it is much more secure if used properly. The procedure for decrypting something is the same as the procedure for encryption except it is executed in reverse. As with DES, data is encrypted and decrypted in 64−bit chunks. Unfortunately, there are some weak keys that one should be aware of: If all three keys, the first and second keys, or the second and third keys are the same, the encryption procedure is essentially the same as it is with standard DES. This situation should be avoided because it is the same as using a really slow version of regular DES.
Note again that, although the input key for DES is 64 bits long, the actual key used by DES is only 56 bits in length. The least significant (rightmost) bit in each byte is a parity bit and should be set so that there is always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most significant bits of each byte are used, resulting in a key length of 56 bits. This means that the effective key strength for Triple DES is actually 168 bits because each of the three keys contains 8 parity bits that are not used during the encryption process.