Encryption on the Internet, The Basic Concepts
Why Do I Need to Know About Encryption?
Data transmitted across the Internet is open to viewing by anyone unless it is encrypted. Passwords and secret documents alike are there for all eyes to see. Encryption provides privacy, reliability and authenticity. It is the only way to be sure that no one is tampering with your messages.
Computer security is about keeping data secure.. One type of data is kept in files on the computer; information about the company such as budgets, newly developed product information, employee information (phone numbers and salaries) etc. Another type of data is transaction data. Transaction data is transmitted between the local computer and some external computer via a network. This type of data is sensitive as it usually involves passwords and other secret information. When we talk about encryption and the Internet we are usually talking about securing Transaction data.
A networked computer that is unsecured is easy prey to even the moderately competent attacker.
What Is Encryption?
Encryption is the procedure of transforming plaintext, data that can be read by anyone, to ciphertext, data that can only be read by someone with a secret decryption key.
Encryption techniques have been in use for centuries. Scientists have wanted to keep ideas secret, lovers letters and, in particular, the military has always wanted to keep many things secret.
A message before being changed in any way is called plaintext. Plaintext messages are converted to ciphertext via some encryption method. A particular such method is called a cryptosystem.
One simple example of a cryptosystem is to shift
the letters of the alphabet by a number, say 2. Using this rule
the message:
attack at dawn
would become:
cvvcem cv fcyp
As you can see, all the letters have been shifted by 2. The letter 'a' becomes 'c', 't' becomes 'v' and so on. We can call this cryptosystem the "shift by n rule" where n is 2 in this case. We could use other values for 'n' as well. A popular method of sending dirty jokes across Usenet news is to shift letters by 13. Those who wanted to read the jokes could decrypt the message. In this system of encryption we call 'n' the key.
With respect to the Internet there are many types of data / messages that people would want to be kept secret. Now that commercial trading on the net is a reality one of the main targets of data encryption is credit card numbers.
Keys and Key Sizes
The key to a particular cryptosystem is some value which, when applied to ciphertext, allows the encrypted message to be decrypted and when applied to plaintext encrypts it. It is important to note that in the study of cryptography one talks about the lengths of keys in terms of bits. Messages, too, can be encrypted in 'n-bit blocks'. The longer a key is the more difficult it is to break the encrypted message.
The most common method of breaking ciphers is by a brute-force attack. This sort of attack involves running through possible combinations of keys and applying them to the cryptosystem until the message is decrypted. It is the same as trying to guess a PIN for someone's keycard by going through all the possible combinations of numbers. It is said that any University computer science major would have enough computer power available to be able to break most 56 bit key cryptosystems in less than one week.
The following table, from B. Schneier. Applied Cryptography, 2e. John Wiley & Sons. 1996, is for symmetric key ciphers (see below). It offers some guidelines on choosing appropriate key lengths.
| Type of Traffic | Lifetime | Minimum [Symmetric] Key Length |
| Tactical military information | minutes/hours | 56-64 bits |
| Product announcements, mergers | days/weeks | 64 bits |
| Long-term business plans | years | 64 bits |
| Trade secrets | decades | 112 bits |
| H-bomb secrets | >40 years | 128 bits |
| Identities of spies | >50 years | 128 bits |
| Personal affairs | >50 years | 128 bits |
| Diplomatic embarrassments | >65 years | at least 128 bits |
| U.S. Census data | 100 years | at least 128 bits |
Secret Key or Symmetric Encryption
Traditional encryption techniques rely on both the sender and the receiver of a message knowing a particular secret key. The sender encrypts the message with a particular cryptosystem using the secret key and the receiver decrypts the message with the same key. This method of encryption is called secret key, or symmetric, encryption. It relies on no one else being able to find out what the secret key is. This is fine if you are only encrypting files on your hard disk (in which case only you need to know the key) or if you are sending data to someone close by, say in the same office, in which case you can tell them the key personally.
If the receiver is not close by, however, then the key must somehow be sent. It could be sent by courier or told over the telephone or even sent separately to the actual message. All these methods involve trusting a third party not to divulge the secret key. Furthermore, the receiver of the message must also be trusted, as they could decrypt any message sent using the same key.
There are two types of symmetric encryption algorithms: stream ciphers and block ciphers. Stream ciphers can encrypt a single bit of plaintext at a time whereas block ciphers encrypt multiple bits of data (normally 64 bits) - called a block.
Symmetric ciphers are generally faster than public key ciphers. Some symmetric ciphers, such as DES, can be implemented in hardware. This makes them very fast.
DES
DES is the Data Encryption Standard, a secret key cryptosystem defined and endorsed by the US government. DES was developed in the 1970s and first endorsed by the US government in 1977 and is in wide use today. DES is popular because it is fast - it can be implemented in hardware - and it never been "broken". It is a block cipher with a 64 bit block size and a 56 bit key.
IDEA
IDEA (International Data Encryption Algorithm) is similar to DES. It is patented internationally and so can be used in software outside of the US to its full 128 bit key length. It is believed to be a strong algorithm and no practical attacks on it have been published.
Public Key Encryption
Public Key encryption was invented in 1976 to overcome
the problems associated with secret key encryption: managing the
secret key. Public key encryption is also known as asymmetric
key encryption. It uses different keys to encrypt and decrypt
a message. Under this system everyone gets a pair of keys: a
public key which is published for all to see and use, and a private
key which is to be kept secret. Anyone wishing to send you an
encrypted message can do so with your public key. Only you can
decrypt this message with your private key. Your private key
never gets transmitted so you don't have the same problems associated
with symmetric key encryption. Furthermore, public key encryption
can be used for authentication via the digital signature mechanism.
Public Key, or asymmetric, ciphers generally require longer keys than symmetric ciphers to achieve the same level of security. Comparing key lengths between different encryption algorithms is not particularly productive as the different algorithms have different characteristics. The following table, however, from B. Schneier. Applied Cryptography, 2e. John Wiley & Sons. 1996, gives a rough idea of the security (when considering brute force attacks) of symmetric versus asymmetric encryption algorithms with respect to key length.
RSA
RSA is a public key cryptosystem for both encryption and authentication. It was invented in 1977. RSA is typically used in conjunction with a secret key cryptosystem such as DES. One would use DES to encrypt the message as a whole and then use RSA to encrypt the secret key. Thus, RSA provides a digital envelope for the message.
RSA is in wide use today, it is possibly the most commonly used public key algorithm used. Because of this it has undergone a lot of public scrutiny and there is much empirical evidence of its security. It can be used for both encryption and signing.
PGP
PGP (Pretty Good Privacy) is used mainly for secure electronic mail. It uses the RSA algorithm for exchanging keys and IDEA, another symmetric key algorithm, for encrypting the actual messages. It was first released in 1991.
RC2 and RC4
RC2 and RC4 are variable key size symmetric cipher functions. They were designed for bulk encryption and are faster than most other symmetric functions such as DES. RC2 is a variable length key symmetric block cipher. It can serve as a replacement for DES and is about twice as fast. RC4 is a variable length key symmetric stream cipher - it is at least 10 times as fast as DES in software. Because both RC2 and RC4 can have variable length keys they can be as secure or insecure as is required or allowed.
RC2 and RC4 have special status with regard to export approval from the US. They are granted export approval quicker than other encryption software however they must limit their key lengths to 40 bits. It is this 40 bit RC4 algorithm that is used in many international versions of software such as Netscape Navigator.
The algorithm for RC4 was a trade secret until it was published in a Usenet newsgroup. As it wasn't actually copyrighted it has been implemented outside of the US and is used in various softwares such as SSLeay, the free implementation of Netscape's Secure Socket Layer.
Hash Functions
A hash function is a computation done on a variable sized input, say a document, that produces a fixed sized output. This fixed sized output is called the hash value. A one-way hash function is difficult to invert, that is, one cannot determine the input from the output easily. Note that this is different to a cipher. A cipher requires the original message to be obtainable from the output. A one way hash function is also known as a message digest function and the result of the computation is known as the message digest. A message digest represents an entire message concisely. Hash functions are used in electronic cryptography to aid in digitally signing messages. This is because hash functions are faster than signing functions so it is more efficient to compute the digital signature using the message digest rather than the message itself. Additionally, a message digest can be revealed without revealing the actual message. One of the most common one way hash functions available is MD5.
Authentication and Digital Signatures
A digital signature provides the same function that a handwritten signature is supposed to provide: proof that the document to which it is attached does, in fact, originate from the signer.
A digital signature system consists of two parts: a method of signing a document such that forgery is impossible, and a method of verifying the signature.
To digitally sign a message you perform some computations involving your private key and the message itself (say the length and content). This produces a digital signature which is attached to the message. The receiver of the message performs other computations involving the message itself, your public key and the digital signature. Generally, the output of these computations will tell you if the message is from the person who claims to have sent it and whether or not the message itself has been tampered with in any way. This way the message is authenticated.
Digital signatures are superior to handwritten signatures. Whereas handwritten signatures can be forged it is impossible to forge digital signatures. Furthermore, digital signatures verify that the contents of the document are unmodified. If the document has changed in any way then the signature verification process will fail. A failed signature verification does not automatically mean than some sort of forgery has taken place. It may simply mean that there was some transmission error.
Digital IDs and Certificate Authorities
A major issue on the Internet is that of identity. If I receive a message from someone, how do I know whether or not it is from the person they claim to be? Even with public key encryption technology I cannot be sure that a public key really belongs to the person I think it does. It could well be the case that I encrypt a message with a public key, send to someone and, in fact, be tricked. My secret could still fall into the wrong hands, even with all this encryption.
Digital IDs provide a secure means of verifying the identity of each person in an electronic transaction. A third party, called a Certificate Authority (CA), is used to prove one's identity. The Certificate Authority is any trusted central administration willing to vouch for the identities of those to whom it issues Digital IDs. The way one normally obtains a Digital ID is to send the CA a public key along with some sort of proof of identity. The CA may even wish to physically meet people before issuing Digital IDs. Once proof of identity is established by the CA, they issue a Digital ID that can be used in electronic transactions. CAs are required to publish their requirements for issuing Digital IDs. Subsequently it is up to individuals and companies to decide if they wish to honour particular Digital IDs.
SSL
SSL, Secure Socket Layer, is a protocol designed and initially implemented by Netscape. The purpose of SSL is to provide privacy and reliability between two communicating applications. It was primarily developed in order to provide secure communications for web clients and web servers, to prevent eavesdropping, tampering or message forgery.
SSL provides the following:
- Privacy Messages between the client and the server are guaranteed to be private. This is achieved by end to end encryption.
- Authenticity The client is sure that the server to which it is connected is, indeed, the one it claims to be.
- Reliability The client can make sure that messages between itself and the server are not tampered with.
SSL is application protocol independent. This means that higher level protocols, such as HTTP and FTP, can invisibly use SSL to provide connection security.
SSLeay is a free implementation of SSL. SSLeay has allowed SSL support to be added to many Internet aware clients and servers such as web servers, browsers, telnet and ftp. It implements DES, RSA, RC4 and IDEA.
Can Encryption Software Be Exported From the US?
The US government considers encryption software to fall into the same area as munitions for export purposes. The US has a set of regulations, called the International Traffic in Arms Regulations (ITAR), that limits what is exportable. Encryption software may only be exported from the United States with a license from the State Department. This license is only available for software which uses 40-bit session keys. All encryption products developed in the US are subject to this export restriction - compared to the usual US domestic 128 bit key lengths. This crippled encryption software, which is built into web browsers and most network software where security is important, can actually be worse than having no encryption at all. It gives users a false sense of security.
Glossary
Plaintext
An unencrypted message, readable to everyone.
Ciphertext
A message that has been encoded by some rule. Only someone who knows
what the rule is to decipher the message can read it.
Encryption
The procedure of converting plaintext to ciphertext.
Cryptosystem
A particular method of converting plaintext to ciphertext.
Cryptography
The art of creating and using cryptosystems.
Cryptanalysis
The art of breaking cryptosystems, deciphering encrypted messages.
Cryptology
The study of both cryptography and cryptanalysis.
Key
Some (usually secret) value which, when applied
to a particular cryptosystem, deciphers ciphertext and visa versa.
Copyright © 1997, 1998 Robi Karp. Robi is
a consultant specialising in the areas of Unix application software,
security software, software development environments and The Internet.
He is technical director of Fluffy Spider Technologies Pty.
Ltd. He can be contacted via email: robi@fluffyspider.com.au