Pre-Lab

Pre Lab Cryptography

Learning Objectives

• • Understand the Cryptography concepts

  • Learn the algorithms for encryption and decryption and digital signature

  • Learn how to use Cipher to encrypt and decrypt data using Cipher in SQLite database.

Overview

Cryptography, which is changing original information to some format to avoid other people getting it. In this lab We will first talk about Encryption and Decryption. We will also talk about Digital Signature which is widely used in mobile security to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. The signature validation will ensure that you know who created the document and you know that it has not been altered in any way since that person created it.

I. Encryption

The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption. Encryption algorithm- A mathematical procedure for performing encryption on data. Through the use of an algorithm, information is made into meaningless cipher text and requires the use of a key to transform the data back into its original form. Blowfish, RSA, AES RC4, RC5, and RC6 are examples of encryption algorithm. RSA encryption and decryption are essentially mathematical operations. RSA keys actually consist of numbers involved in this calculation, as follows: the public key consists of the modulus and a public exponent; the private key consists of that same modulus plus a private exponent.

The Public Key is Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.

Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.

For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key.

Only Alice has access to her corresponding Private Key and is the only person with the capability of decrypting the encrypted data back into its original form.

As only Alice has access to her Private Key, it is possible that only Alice can decrypt the encrypted data. Even if someone else gains access to the encrypted data, it will remain confidential as they should not have access to Alice's Private Key.

RSA is one of the first practicable public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. Clifford Cocks, an English mathematician, had developed an equivalent system in 1973, but it was not declassified until 1997.

2. RSA algorithm

Key generation

RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. The keys for the RSA algorithm are generated the following way:

a. Choose two distinct prime numbers p and q.

• • For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test.

b. Compute n = pq.

• • n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.

c. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n - (p + q -1), where φ is Euler's totient function.

d. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e., e and φ(n) are coprime.

• • e is released as the public key exponent.

  • e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings.[5]

e. Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the multiplicative inverse of e (modulo φ(n)).

• • This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod φ(n))

  • This is often computed using the extended Euclidean algorithm. Using the pseudocode in the Modular integers section, inputs a and n correspond to e and φ(n), respectively.

  • d is kept as the private key exponent.

3. Encryption

Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then wishes to send message M to Alice. He first turns M into an integer m, such that 0 ≤ m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext c corresponding to

This can be done efficiently, even for 500-bit numbers, using Modular exponentiation. Bob then transmits c to Alice. Note that at least nine values of m will yield a ciphertext c equal to m but this is very unlikely to occur in practice.

4. Decryption

Alice can recover m from c by using her private key exponent d via computing

Given m, she can recover the original message M by reversing the padding scheme.

Example: RSA public key encryption can be understood by using a simple example. However note that in a real RSA system, the numbers used are much larger and need to satisfy other constraints

1. Convert some text into a large number.

Normally the ASCII text file is first compressed and the message is considered one huge number. It is possible to break a long message into blocks(words, letters) and encrypt each block separately. It is also possible (for digital signatures) to compute a message digest of the message and encrypt that number.

2. The ASCII string"ABCD" = 1145258561 (as a 4 byte unsigned integer, 65x224+66x216+67x28+68x20)

3. However to keep the math simpler we will encrypt this as 4 numbers,

4. Using a=1, B=2, C=3, etc., our message becomes this series of messages: 1 2 3 4.

5. Generate a pair of keys.

• 1. Pick a pair of large prime numbers at random (that satisfy various constraints). Here we pick the (poor) prime numbers of p=3 and q=11.

b. Computer the product of these values:

n = p × q = 3 × 11 = 33 (This is the step that is supposedly hard to reverse!)

• 1. Compute the value of Euler's totient function of n: φ(n):

  2. φ(n) = (p-1) × (q-1) = 2 × 10 = 20

  3. Pick any number less than and relatively prime to φ(n), in this case any prime number except 2 or 5 will do. This is one of your two keys, say the public or encryption key e. Let's pick e = 7.

  4. Finally compute the matching private or decryption key d, as the inverse of e modulus φ(n). In this case the inverse means a number such that

e × d mod φ(n) = 1:

g. d = inv of e mod φ(n) = inv of (7) mod 20 = 3

6. Encrypt the messages using one of the keys (the public key e=7, n=33):

cyphertext = plaintext^key mod n

'A‘: 1⁷ mod 33 = 1 mod 33 = 1

‘B’: 2⁷ mod 33 = 128 mod 33 = 29

‘C’: 3⁷ mod 33 = 2187 mod 33 = 9

‘D’: 4⁷ mod 33 = 16384 mod 33 = 16

Decrypt the messages using the other key (the private key d = 3):

plaintext = cyphertext^key mod n

= 1³ mod 33 = 1 mod 33 = 1 for 'A’

= 29³ mod 33 = 24389 mod 33 = 2 for 'B'

= 9³ mod 33 = 729 mod 33 = 3 for 'C'

= 16³ mod 33 = 4096 mod 33 = 4 for 'D‘

The resulting cyphertext can be converted back to ASCII, say by adding "64" to each number (ASCII for 'A' = 65, 'B' = 66, ...)

Fig 1 Public Key Encryption

II. Digital Signatures

• Digital Signatures apply the same functionality to an e-mail message or data file that a handwritten signature does for a paper-based document. The Digital Signature vouches for the origin and integrity of a message, document or other data file.

• How do we create a Digital Signature?

• The creation of a Digital Signature is a complex mathematical process. However as the complexities of the process are computed by the computer, applying a Digital Signature is no more difficult that creating a handwritten one!

1. Alice clicks 'sign' in her email application or selects which file is to be signed.

2. Alice's computer calculates the 'hash' (the message is applied to a publicly known mathematical hashing function that coverts the message into a long number referred to as the hash).

3. The hash is encrypted with Alice's Private Key (in this case it is known as the Signing Key) to create the Digital Signature.

4. The original message and its Digital Signature are transmitted to Bob.

5. Bob receives the signed message. It is identified as being signed, so his email application knows which actions need to be performed to verify it.

6. Bob's computer decrypts the Digital Signature using Alice's Public Key.

7. Bob's computer also calculates the hash of the original message (remember - the mathematical function used by Alice to do this is publicly known).

8. Bob's computer compares the hashes it has computed from the received message with the now decrypted hash received with Alice's message.

Fig 2. Digital Signature

III. SQL Cipher

In this lab, you will learn how to do encryption by using Android embedded SQLite with Cipher. SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of full database. Cipher is a quite simple API in Android. Its main function is to encrypt and decrypt data in Android SQLite database. User can just create a password and it can be delivered to methods for encryption and decryption.

Reference: http://content.hccfl.edu/pollock/AUnixSec/PublicKeyDemo.htm