■
Skipjack Skipjack was developed by the United States government for use
with the Clipper Chip. It uses an 80-bit key, which may be marginal in the
near future.
■
Blowfish Blowfish allows for variable length keys up to 448 bits and was
optimized for execution on 32-bit processors.
■
CAST-128 CAST-128 uses a 128-bit key. It is used in newer versions of PGP.
▲
GOST GOST is a Russian standard that was developed in answer to DES.
It uses a 256-bit key.
Any of these algorithms may appear in security products. All of them are likely to be
strong enough for general use. Keep in mind that it is not only the algorithm, but also the
implementation and the use of the system that define its overall security.
PUBLIC KEY ENCRYPTION
Public key encryption is a more recent invention than private key encryption. The pri-
mary difference between the two types of encryption is the number of keys used in the
operation. Where private key encryption uses a single key to both encrypt and decrypt in-
formation, public key encryption uses two keys. One key is used to encrypt and a different
key is then used to decrypt the information.
What Is Public Key Encryption
Figure 12-9 shows the basic public key or asymmetric encryption operation. As you can see,
both the sender and the receiver of the information must have a key. The keys are related
to each other (hence they are called a key pair), but they are different. The relationship
Chapter 12: Encryption
219
Figure 12-9.
Public key encryption
220
Network Security: A Beginner’s Guide

between the keys is such that information encrypted by K1 can only be decrypted by its
pair K2. If K2 encrypts the information, it can only be decrypted by K1.
In practice, one key is called the private key and the other is called the public key. The
private key is kept secret by the owner of the key pair. The public key is published with
information as to who the owner is. Another property of public key encryption is that if
you have one of the keys of a pair, you cannot compute the other key.
If confidentiality is desired, encryption is performed with the public key. That way only
the owner of the key pair can decrypt the information since the private key is kept secret by
the owner. If authentication is desired, the owner of the key pair encrypts the information
with the private key. Only the correct published public key can correctly decrypt the infor
-
mation and thus only the owner of the key pair could have sent the information. The integ
-
rity of the information in transit is protected in either operation. The integrity of the
information after reception can be checked if the original information was encrypted with
the owner’s private key.
The downside of public key encryption systems is that they tend to be computationally
intensive and thus are much slower than private key systems. However, if we team public
key and private key encryption we end up with a much stronger system. The public key sys-
tem is used to exchange keys and authenticate both ends of the connection. The private key
system is then used to encrypt the rest of the traffic.
Diffie-Hellman Key Exchange
Whitfield Diffie and Martin Hellman developed their public key encryption system in
1976. The Diffie-Hellman system was developed to solve the problem of key distribution
for private key encryption systems. The idea was to allow a secure method of agreeing on
a private key without the expense of sending the key through another method. Therefore,
they needed a secure way of deciding on a private key using the same method of commu-
nication that they were trying to protect. Diffie-Hellman cannot be used to encrypt or decrypt
information.
The Diffie-Hellman algorithm works like this:

1. Assume we have two people that need to communicate securely and thus need
to agree on an encryption key.
2. P1 and P2 agree on two large integers a and b such that 1 < a < b.
3. P1 then chooses a random number i and computes I = a
i
mod b. P1 sends I to P2.
4. P2 then chooses a random number j and computes J = a
j
mod b. P2 sends J to P1.
5. P1 computes k1 = J
i
mod b.
TEAMFLY























































Team-Fly
®

Chapter 12: Encryption
221
6. P2 computes k2 = I
j
mod b.
7. We have k1 = k2 = a
ij
mod b and thus k1 and k2 are the secret keys to use for the
other transmission.
NOTE:
In the equations, “mod” means remainder. For example, 12 mod 10 is 2. Two is the remainder
that is left when 12 is divided by 10.
If someone is listening to the traffic on the wire, they will know a, b, I, and J. However, i
and j remain secret. The security of the system depends on the difficulty of finding i given
I = a
i
mod b. This problem is called the discrete logarithm problem and is considered to be a
hard problem (that is, computationally infeasible with today’s computer equipment)
when the numbers are very large. Therefore, a and b must be chosen with care. For example,
b and (b–1)/2 should both be prime numbers and at least 512 bits in length. A better choice
would be at least 1,024 bits in length.

The Diffie-Hellman Key Exchange is used by many security systems to exchange se
-
cret keys to use for additional traffic. The one weakness in the Diffie-Hellman system is
that it is susceptible to a man-in-the-middle attack (see Figure 12-10). If an attacker could
place his system in the path of traffic between P1 and P2 and intercept all of the communi-
cation, the attacker could then act like P2 when talking to P1 and P1 when talking to P2.
Thus, the key exchange would be between P1 and the attacker and P2 and the attacker.
However, this type of attack requires significant resources and is very unlikely to occur in
the real world.
RSA
In 1978, Ron Rivest, Adi Shamir, and Len Adleman released the Rivest-Shamir-Adleman
(RSA) public key algorithm. Unlike the Diffie-Hellman algorithm, RSA can be used for
encryption and decryption. Also unlike Diffie-Hellman, the security of RSA is based on
Figure 12-10.
Diffie-Hellman man-in-the-middle attack
the difficultly of factoring large numbers. This is considered a hard problem when the
numbers are very large (512 bits or larger).
The basic algorithm for confidentiality is very simple:
Ciphertext = (Plaintext)
e
mod n
Plaintext = (Ciphertext)
d
mod n
Private Key = {d, n}
Public Key = {e, n}
The difficulty in calculating d given e and n provides the security. It is assumed that
the owner of the key pair keeps the private key secret and that the public key is published.
Therefore, if information is encrypted with the public key, only the owner can decrypt it.
It should also be noted that the algorithm can be reversed to provide authentication of

the sender. In this case, the algorithm would be
Ciphertext = (Plaintext)
d
mod n
Plaintext = (Ciphertext)
e
mod n
Private Key = {d, n}
Public Key = {e, n}
For authentication, the owner encrypts the information with the private key. Only the
owner could do this since the private key is kept secret. Anyone can now decrypt the in-
formation and verify that it could have only come from the owner of the key pair.
Generating RSA Keys
Care must be taken in the generation of RSA keys. To generate an RSA key pair, follow
these steps:
1. Choose two prime numbers p and q and keep them secret.
2. Calculate n = pq.
3. Calculate φ(n) = (p – 1)(q – 1).
4. Select e such that e is relatively prime to φ(n).
5. Determine d such that (d)(e) = 1 mod φ(n) and that d < φ(n).
The number n should be on the order of a 200-digit number or larger. Therefore, both
p and q should be at least 100-digit numbers. Keys for real-world use should be at least
1,024 bits. For sensitive information, 2,048 bits and larger keys should be considered.
222
Network Security: A Beginner’s Guide
Chapter 12: Encryption
223
Worked RSA Example
To show how RSA generates keys, we will do an example calculation. Keep in mind that I
chose numbers that can be relatively easily verified for this example. Real uses of RSA

will use much larger numbers.
1. First I choose two prime numbers. In this case, I choose p = 11 and q = 13.
2. Now I calculate n = pq. That means n = (11)(13) = 143.
3. I must now calculate φ(n) = (p – 1)(q – 1) = (11 – 1)(13 – 1) = (10)(12) = 120.
4. I select a number e so that e is relatively prime to φ(n) = 120. For this number, I
choose e = 7.
5. I must determine d such that (d)(e) = 1 mod φ(n). Therefore, (d)(7) = 1 mod 120
and d must also be less than 120. We find that d = 103. (103 times 7 equals 721.
721 divided by 120 is 6 with 1 remaining.)
6. The private key is {103, 143}.
7. The public key is {7, 143}.
To perform an actual encryption and decryption we can use the original formulas:
Ciphertext = (Plaintext)
e
mod n
Plaintext = (Ciphertext)
d
mod n
Let’s assume that I wish to send the message “9.” I use the encryption formula and
end up with:
Ciphertext = (9)
7
mod 143 = 48
When the encrypted information is received, it is put through the decryption algorithm:
Plaintext = (48)
103
mod 143 = 9
Other Public Key Algorithms
There are several other public key algorithms that display the same properties as RSA
and Diffie-Hellman. We will briefly cover three of the more popular ones in this section.

Elgamal
Taher Elgamal developed a variant of the Diffie-Hellman system. He enhanced
Diffie-Hellman to allow encryption and ended up with one algorithm that could perform
encryption and one algorithm that provided authentication. The Elgamal algorithm was
not patented (as RSA was) and thus provided a potentially lower-cost alternative. Since
this algorithm was based on Diffie-Hellman, the security of the information is based on
the difficultly in calculating discrete logarithms.
Digital Signature Algorithm
The Digital Signature Algorithm (DSA) was developed by the United States government
as a standard algorithm for digital signatures (see the next section for more detail on digi
-
tal signatures). This algorithm is based on Elgamal but only allows for authentication. It
does not provide for confidentiality.
Elliptic Curve Encryption
Elliptic curves were proposed for encryption systems in 1985. It is believed that Elliptic
Curve Cryptosystems (ECC) are based on different mathematical principles than either
factoring or discrete logarithms. However, more research in this area must be done.
There are benefits to using ECCs over RSA or Diffie-Hellman. The biggest benefit is that
keys are smaller and thus the computations are faster for the same level of security. For
example, the same security of a 1,024-bit RSA key can be found in a 160-bit ECC key. It
may be a while before ECCs are generally accepted as there is more research to be per-
formed and the existing ECCs are covered under a number of patents.
DIGITAL SIGNATURES
Digital signatures are not digital images of a handwritten signature. Digital signatures
are a form of encryption that provides for authentication. They are growing in popularity
and have been touted as a way to move into a completely paperless environment. Presi-
dent Clinton even signed a law to allow digital signatures to be used as a legal signature.
Even with all of this, digital signatures are widely misunderstood.
What Is a Digital Signature?
As I said, digital signatures are not the digitized image of a handwritten signature on an

electronic document. A digital signature is a method of authenticating electronic infor
-
mation by using encryption.
As was mentioned in the public key encryption section of this chapter, if information
is encrypted with a person’s private key, only that person could have encrypted the infor
-
mation. Therefore, we know that the information must have come from that person if the
decryption of the information works properly with that person’s public key. If the de
-
cryption works properly, we also know that the information did not change during trans
-
mission, so we have some integrity protection as well.
With a digital signature, we want to take this protection one step further and protect
the information from modification after it has been received and decrypted. Figure 12-11
shows how this may be done. First, information is put through a message digest or hash
function. The hash function creates a checksum of the information. This checksum is then
224
Network Security: A Beginner’s Guide
encrypted by the user’s private key. The information and the encrypted checksum are
sent to the receiver of the information.
When the receiver gets the information, she can also put it through the same hash
function. She decrypts the checksum that came with the message and compares the two
checksums. If they match, the information has not changed. By keeping the original en
-
crypted checksum with the information, the information can always be checked for
modifications.
The security and usefulness of a digital signature depends upon two critical elements:
▼
Protection of the user’s private key
▲

A secure hash function
If the user does not protect his private key, then he cannot be sure that only he is using
it. If someone else is also using his private key, there is no guarantee that only the user
could have signed the information in question.
Chapter 12: Encryption
225
Figure 12-11.
The digital signature operation
Secure Hash Functions
Secure hash functions are necessary for digital signatures. A hash function can be called
secure if:
▼
The function is one-way. In other words, the function creates a checksum from
the information but you cannot create the information from the checksum.
▲
It is very difficult to construct two pieces of information that provide the same
checksum when run through the function.
The second condition is not easy to satisfy. The checksums in question should also be
smaller than the information so as to make it easier to sign, store, and transmit. If this is
the case, it must also be true that some large number of different pieces of information
will map to the same checksum. What makes the functions secure is the way that all the
bits in the original information map to all the bits in the checksum. Thus, if a single bit in
the information is changed, a large number of bits in the checksum will also change.
Secure hash functions should create a checksum of at least 128 bits. The two most
common secure hash functions are MD5, which produces a 128-bit checksum, and SHA,
which produces a 160-bit checksum. There are many other hash functions but most of
them have been proven insecure. MD5 has been identified as having weaknesses that
may allow a computational attack. This attack may allow a second piece of information to
be created that will result in the same checksum. SHA was developed by the United
States government and is currently believed to be secure. Most security software offers

both MD5 and SHA as available options.
KEY MANAGEMENT
The management of keys is the bane of all encryption systems. The keys are the most
valuable information. If I can get a key, I can get (decrypt) everything that is encrypted by
that key. In some cases, I may also be able to get succeeding keys. The management of
keys is not just about protecting them while in use. It is also about creating strong keys,
securely distributing keys to remote users, certifying that they are correct, and revoking
them when they have been compromised or expired.
Keys and the infrastructure necessary to manage them appropriately can significantly
impact an organization’s ability to field an encryption system. While we discuss each of the
key management issues in detail, keep in mind that the problems identified must be multi
-
plied many thousand-fold to meet the needs of a true encryption infrastructure.
Key Creation
Obviously, keys must be created with care. Certain keys have poor security performance
with certain algorithms. For example, a key of all 0’s when used with DES does not pro
-
226
Network Security: A Beginner’s Guide