Password and Algorithm Security

PASSWORD AND ALGORITHM SECURITY
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl" (Anonymous)

When computers initiate a communications session, two different yet interrelated technologies are involved -- authentication and encryption. When these two are combined, a "security protocol" is said to have been created. A security protocol is a theoretical concept in computer science which refers to gaining the maximum amount of security possible. Security protocols are also sometimes called "suites" or "stacks." IPSec and Kerberos are the two most well-known security-related "suites" or "stacks." A suite refers to the modules or components of the software, and a stack refers to how each of the software components interrelate with one another to produce "layers" of ever-increasing levels of security. However, since there are finite limits to ever-increasing layers of security (and computer systems always require something measurable), a concept for measuring infinite things must be brought in from the field of discrete (or finite) mathematics. This concept is called an algorithm, and all security protocols involve algorithms. An algorithm is a formula or mathematical expression that performs some well-known sequence of operations, often over-and-over again, sometimes incorporating random numbers, in order to solve something, or reach an end state (so that the math doesn't keep going on infinitely). In other words, an algorithm is a program that eventually stops after a given number of calculations (like a flowchart with closed or terminating decision loops). The repetitive behavior of an algorithm as it transforms itself or adds in random numbers (in order to reach a solution or end state) makes it the perfect thing to use for security stacks that must step up to higher levels of security at times. Algorithms are essential for computer calculations, and the study of algorithms is a rather important subfield of computer science. Well-designed security protocols based on algorithms also have the advantages of modularity (capable of being taken apart and put back together again), granularity (capable of having small calculating time relative to communicating time), and interoperability (capable of being used across different kinds of systems).

If the goal is to ensure safe and secure delivery of data between two parties (from sender to receiver), then this kind of transmission is always going to involve IP (short for Internet Protocol), which is the built-in Postal System of the Internet. It's what specifies the format of a message in the form of packets (also called datagrams) and contains the addressing scheme. Most networks combine IP with another protocol called TCP (Transmission Control Protocol), hence TCP/IP is the most common protocol on the Internet. TCP enables streams of data (not just datagrams) to be sent and received, and most importantly, guarantees the four things that all protocols do: (1) determine the type of error checking (checksum) to be used; (2) determine the data compression method to be used, if any; (3) determine how the sending unit will signal it is finished sending; and (4) determine when the receiving unit will signal it is finished receiving.

Authentication and encryption, as previously mentioned, are always involved in computer communications. Authentication is the process of ensuring that both ends of the connection are in fact who they say they are (proof). Encryption is the assurance that any information transmitted within a session is not compromised (reliability). There are some other processes involved along with these two basic ones, but first, let's take a look at all the ways "authentication" as "proof" can be achieved:

The Four Levels of Proof (from least to most secure)

1 - What You Know - Passwords are widely used at this level

2 - What You Have - Digital certificates, smart cards, or other physical tokens

3 - What You Are - Biometrics such as fingerprints and iris recognition

4 - What You Do - Dynamic biometrics such as hand writing or voice recognition

At the first level, not only passwords can be used, but various other methods of so-called "human authentication" exist, such as CAPTCHA tests which display a visual or audio cue (usually a scrambled or fuzzy word, see example) that only humans can understand. This keeps Bots out, and offers some protection against worms, spam, and dictionary attacks. At the second level, smart cards or other credit card-sized tokens usually operate on a method of authentication known as "challenge/response" where a Network Access Server creates the "challenge" (usually a random number) and the token encrypts that number via a built-in algorithm, sending the "response" back to the network. Login doesn't occur if the challenge/response cryptographic process doesn't work. So-called "two-factor authentication" is based on use of BOTH a password and a token. So-called "digital signatures" operate similarly to tokens in that an encrypted digest of the file is transmitted and an MD5 checksum comparison is made between parties on a TCP/IP connection. More typically, digital signatures simply involve a one-way hash function (crypto talk for converting a string of text into numbers and making it difficult to convert it back). The first major application for digital signatures was "digital certificates" which verify the identity of organizations or individuals and/or enable certain parts of website to be secure (as in SSL, Secure Sockets Layer, an alternative to HTTPS which just redirects the message to a secure port other than the default web port 80). Both SSL and HTTPS produce the visual appearance of a lock at the bottom of a web browser. The most common biometics are fingerprints, iris and retinal patterns, hand geometry, voice, and facial recognition. Dynamic biometrics analyze the process of handwriting, and other actions as well.

A password is a secret word or string of characters that is used for authentication purposes, such as to prove identity or gain access to a resource. Many methods have been used to verify passwords in a network setting (see Wikipedia Entry on Password), but the main principle governing password security has been "Easy to remember; hard to guess." Here are a few tips for creating a good password, and keeping it safe:

•Be creative. Don't use words that can be found in a dictionary.
•Use at least eight characters.
•Don't use a password that you have used elsewhere.
•Don't use keyboard patterns (asdf) or sequential numbers (1234).
•Create an acronym. Don't use a common one, like NASA or SCUBA. Combine it with numbers and punctuation marks.
•Include punctuation marks and numbers. Mix capital and lowercase letters.
•Include similar looking substitutions, such as the number zero for the letter 'O' or $ for the letter 'S'.
•Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh.'
•Don't make your password all numbers, all uppercase letters, or all lowercase letters.
•Find ways of collecting random letters and numbers, such as opening books, looking at license plates or taking the third letter from the first ten words you see.
•Don't use repeating characters (aa11).
•Don't use a password that is listed as an example of how to pick a good password.
Learn how to change your password.

Picking a good security question and answer:

•Choose a question only you know the answer to - make sure the question isn't associated with your password.
•Pick a question that can't be answered through research (for example, avoid your mother's maiden name, your birth date, your first or last name, your social security number, your phone number, your pet's name, etc.).
•Make sure your answer is memorable, but not easy to guess. Use an answer that is a complete sentence for even more security.
Learn how to change your security question and answer.

Current versions of TCP/IP are designed to transmit data as cleartext, sometimes called "transmitting in the clear." A short email message will typically be divided into six or seven packets (often more, because three of the packets are involved in "handshaking" rituals to initiate the connection). So, somewhere around Packet #4 or #5, the login password of the sender will be visible (login name and password combination are typically sent in POP3 email) if a packet decoder is used. Packet decoders are easily available as part of or separate from hex editing freeware, but the bigger problem is if someone has installed a "network analyzer" somewhere on the network. A network analyzer can monitor network traffic, and can be installed as hardware (on cables and wires) or as software (on a compromised workstation). Programs that operate via cleartext include: POP3 (Post Office Protocol), FTP (File Transfer Protocol), Telnet, SMTP (Simple Mail Transfer Protocol), HTTP (Hypertext Transfer Protocol), IMAP (Internet Message Access Protocol), and SNMP (Simple Network Management Protocol). The SNMP vulnerability presents some additional problems since it is used to manage network devices, such as switches, routers, and firewalls. Hence, if the passwords on SNMP are stolen, the network is severely compromised. Here are three related, covert ways to compromise a network:

1. IP Sniffing - install some network analyzer or probe somewhere within the network
2. IP Spoofing - send a malicious email (virus or worm) while pretending to be from a trusted IP address
3. Domain Spoofing - send spam while pretending to be from a trusted From address in the message

Networks that allow or permit users to use the same authentication logon for different accounts are particularly vulnerable to the possibility of snooped logons. However, there are other vulnerabilities involving other protocols, as follows:

4. Session Hijacking (aka man-in-the-middle attack) - here, someone is monitoring and decoding the traffic between server and client, and intercepts the session by sending a flood (Ping of Death) of messages to shut down the client, then impersonates the client, and then transmits port and sequence numbers directly to the server in hopes of escalating the client's privileges or communicating with the server as the impersonated client.

5. DNS Attacks - DNS (Domain Name System) refers to an application layer (high-level) protocol that is essential to the functioning of the Internet. What is does is basically convert or resolve "domain names" (such as www.example.com) to IP addresses (such as 208.77.188.166). Around the world, there are a number of DNS servers (known as authoritative nameservers and root nameservers) which keep a registry of all domain names or parts of a domain name. They help resolve words into numbers for all the things people type in their search windows. However, there are only a small number of these kinds of servers in the world, and they would be quickly overwhelmed if they did all the work. So, the way it works is that each computer has its own built-in DNS caching mechanism. These "caches" are similar but not the same as a browser cache (where the user can clean their record of sites visited). Each computer will maintain a record of sites visited in its DNS cache, and they can only be cleaned by hand, as follows:

*Viewing and Cleaning the DNS Cache*
On a Windows XP system	On a Vista system
1. First, from RUN, type CMD (to open a separate window; otherwise the data will stream by so fast you can't read it) 2. At any part of the command prompt (usually the default spot that comes up), type: ipconfig /displaydns 3. Look at the record of all sites visited; an item called time to live determines how long the record stays in the system 4. Clean the records by typing ipconfig /flushdns	1. Go to Accessories 2. Right click on Command Prompt 3. Select Run as Administrator 4. Type ipconfig /displaydns 5. Look at the records 6. Clean the records by typing ipconfig /flushdns

Try the above, even after you've run all your desktop cleaners such as Ad-Aware, CCleaner, or Spybot S&D, and you'll still find that the DNS cache contains a record of all sites visited. It will record Internet travels even if you've been running in Incognito or Anonymous mode. Quite frankly, it's a serious built-in vulnerability, and there's nothing anyone can do about it because that's the way the Internet works. The most sophisticated attacks by hackers and spyware will take advantage of the DNS caching mechanism, and they can do it in a number of ways beyond capturing the Hosts.txt file which is the way most ordinary spyware works.

One sophisticated spyware method is called DNS poisoning, and it involves an attacker getting some bogus information (fake DNS-to-IP resolutions) into your internal DNS table, and after a short time, the DNS cache will automatically redirect you to a bogus websites (no matter what or how many times you try to type in the correct website). The experience will seem like you have no control over your browser. It just travels all over the Internet beyond your control. In effect, the attacker has control over how DNS requests resolve on your computer. And, it just so happens that the attacker will redirect you to malicious sites with malware on them, further infecting your computer with all sorts of viruses and worms. Your only hope is to unplug from the Internet quickly. Wikipedia has a pretty good article on the phenomenon, calling it pharming (a combination of farming and phishing).

Another trick is to do pretty much the same thing with email. Even email relies on specialized DNS entries known as MX records, so (with minor variation) the same method of poisoning your cache can also work to redirect your email (intended for one domain) to another domain or a malicious server which steals your information. Given how so many service providers utilize email for users to request recovery or reset of their passwords, this represents a serious vulnerability issue, and is a common trick associated with identity theft.

During 2008, a new kind of DNS attack was discovered, one based on poisoning the cache by deforming the domain name in various ways. For example, the attacker might send requests for domains such as aaaa.example.com or aaab.example.com. These domains do not exist, but simultaneously, the attacker issues responses for these, and if they guess the transaction IDs correctly and accomplish a BIND hijack, not only can the attacker control some non-existent domain, but a whole block of domains (i.e., all of example.com). In effect, they end up "owning" the whole domain name and all its related blocks. This is a tactic commonly encountered by corporations or government agencies. All traffic intended for that corporation or agency is redirected to the hacker, and it's more than just having their website stolen. It's all the data streams intended to be transmitted securely. This is how banks and financial institutions get their accounts stolen.

Most of the time, an attacker isn't interested in exploiting any software applications, but instead is out to obtain unauthorized access to network devices. Unmonitored network devices are the main source of information leakage in organizations. Just as corporate networks (wires, cables) are the circulatory system of any organization, network devices (routers, hubs, switches) are the caretakers or traffic cops. Indeed, every email message, every web page request, every user logon, and every transmittable file is handled by a network device. Under some setups, telephone service and voice messaging are also handled by network devices. If the attacker is able to "own" your network devices, then they "own" your entire network. Network attacks cut across all categories of software and platform type.

There are at least five types of network attacks: (1) sniffing; (2) hijacking; (3) back doors; (4) trojans; and (5) social engineering. These are in addition to the standard spyware techniques.

(1) SNIFFING is the interception of data packets traversing a network. A sniffer program works at the Ethernet layer in combination with network interface cards (NIC) to capture all traffic traveling to and from an Internet host site. Further, if any of the Ethernet NIC cards are in promiscuous mode (easily done remotely via a sniffer program), the sniffer program will pick up any and all communication packets floating by anywhere near the Internet host site. A sniffer placed on any backbone device, inter-network link, or network aggregation point will therefore be able to monitor a whole lot of traffic. Also, since most LAN environments are Ethernet-based, messages are not sent securely to their designated parties, but bounce around in what is called the broadcast (network) channel for all addresses on Ethernet-based networks. Most packet sniffers are passive, listening (and possibly recording) all data-link-layer frames passing by the device's network interface. There are dozens of freely available packet sniffer programs on the Internet. The more sophisticated ones (like Back Orifice) allow more active intrusion.

An example of active intrusion is when PACKET SNIFFING is used for IP SPOOFING. You should recall that Internet data packets carry the sender's IP address as well as application-layer data. If the attacker obtains control over the software running on a network device (in particular its operating software), they can then easily modify the device's protocols to place an arbitrary IP address into the data packet's source address field. This is known as IP spoofing (faking email), which makes any payload (message, document, spam, virus, application) appear to come from any source.

An example of more malicious behavior is the creation of havoc on the network. Recall that the domain name system (DNS), or routing daemons that exchange routing tables require secure communication between two parties. The same is true for shared applications on a network, or anything involving e-commerce. A packet sniffing intruder could easily interfere with, control, or corrupt DNS lookups and updates, routing computations, or network management functions. All this, and the ability to sniff and steal passwords too.

Sniffing can be detected two ways: (1) host-based; and (2) network-based. Software commands exist (cpm or check promiscuous mode in UNIX) that can be run on individual host machines to tell if the NIC is running in promiscuous mode. Network-based solutions tend to check for the presence of running processes and log files, both of which sniffer programs consume a lot of. Sophisticated intruders almost always hid their tracks, however, by disguising the process and/or cleaning up the log files. The best countermeasure against sniffing is end-to-end, or user-to-user encryption. Network administrators can help by closing SNMP (Simple Network Management Protocol) or community options.

(2) HIJACKING is a technique that takes advantage of a weakness (trust relationships) in the TCP/IP protocol stack, and the way headers are constructed. You'll note that the stack looks as follows:

A FIVE-LAYER MODEL OF TCP/IP ARCHITECTURE:
Application	Application Protocols and Services
Transport	TCP		UDP
Network	RARP	IP	ARP	ICMP	Routing Protocols
Interface	Network Driver and Network Interface Card (NIC)
Hardware

Each layer of the model adds what is called a header to the packets that are sent over the network. You create an e-mail message at the application layer, which passes it off to the transport layer, which passes it off to the network layer, and so on. E-mail and most common applications are handled by TCP software. Voice, music, and instant messaging (anything "fire-and-forget") are handled by UDP software. Therefore, all e-mails contain a TCP header implemented at the transport layer. Another header, the IP header is added at the network layer. By the time you click "Send" on an e-mail, the packet contains at least four headers (Ethernet, IP, TCP, application). Hijacking involves the use of tools that subvert the stack's header information. Someone might want to do this in order to spoof a fake message or send a payload inside the header field to the wrong port.

Let's look first at the IP header field. There are 12 different fields it can contain, but only five are shown above. Notice one of these fields is ICMP (Internet Control Message Protocol), whose purpose is to negotiate traffic by setting the maximum size of IP packets received. Using commonly found tools like Juggernaut and Hunt, an attacker can adjust the maximum packet size allowed, and send what is called the Ping of Death attack. Such ICMP floods, like Smurf and DoS attacks will quickly consume all resources on the network. ICMP is the most common carrier for bandwidth consumption attacks. It's also used to amplify a DoS (Denial of Service) attack. For example, Tribe Flood Network (TFN) is a hacker program that exploits ICMP traffic, and communicates over ICMP once the compromised system has been turned into a zombie system for launching distributed denial of service attacks on other systems. Encryption is the only defense against hijacking.

Now, let's look at the TCP header, or wrapper. Again, there are more fields than shown in the boxes above. TCP is a full-duplex communication channel, which means that information flows between sender and receiver in both directions. UDP is connectionless, so it will gladly accept a packet from anyone despite never having sent an original packet. All TCP headers contain familiar port numbers (even the ones UDP listen on) so packets know which services to obtain on which ports. Saavy attackers know how to subvert the port services that a packet calls upon by modifying the TCP header. This means that an attacker can exploit telnet (port 23), for example, thru a web packet (port 80), or FTP (port 21) thru a telnet (port 23) connection; indeed, just about any port service or application. Attackers commonly scan for open ports (using programs like Nmap) on DNS (port 53), Web (port 80), FTP (port 21), and mail (port 110) since these are rarely filtered by the firewall or router. TCP wrappers always do three-way handshaking to establish a connection, but half-scans and port scans over TCP are quite common and usually a prelude to a full-blown network attack.

Many attackers prefer the UDP header, which establishes multimedia communication, and among other things, is what Microsoft products use for logons. A little-known protocol called SNMP (Simple Network Management Protocol) is wrapped along with UDP, and is inherently insecure. SNMP is designed to allow viewing of device configurations by community names. All routers, for example, will have two community names: a read only community (with default password public); and a read/write community (with default password private, or secret). Other UDP exploits exist, most of which are aimed at making the attacker an administrator on a network device.

(3) BACK DOORS are accounts left by manufacturers and vendors on devices that allow them to bypass a locked-out or clueless system administrator in case of emergency. Every network device comes shipped with more than one default username and password, and these built-in accounts offer administrative privileges to anyone who finds them. Some examples of generic usernames and passwords are: manager, security, admin, debug, monitor, and guest. Some Cisco routers are known for using their own name, as in cisco, cisco. In any event, most network devices store their passwords in a configuration file which uses weak encryption, and is easily cracked. The smarter administrator will use MD5 password encryption. Router configuration files are usually located on UDP port 69 and easily downloaded via Trivial File Transfer Protocol (TFTP). Use of TFTP to get configuration files and SNMP to get community names are common attacks on network devices.

(4) TROJANS are programs that look like ordinary software, but actually perform unintended (and sometimes malicious) actions behind the scenes when launched. Most remote control spyware programs are of this type, as are various login programs that look just like a user's regular login screen. Other trojans create back doors by running a TCP listener and shoveling back a UNIX shell to the attacker. The number of trojan techniques are only limited by the attacker's imagination. A "trojanized" file will look, operate, and appear to be the same size as the compromised system file. The only protection is early use of a cryptographic checksum (or binary file digital signature) procedure.

A common trojan is the driver file with a name something like FPWNCLNT.DLL whose purpose is to grab usernames and passwords while masquerading as a valid system logon component. Scheduled batch job services like weekly virus-scanning or scheduling can also be configured as trojans.

(5) SOCIAL ENGINEERING is the use of persuasion or deception to gain access to information systems. The medium is usually a telephone or e-mail message. The attacker usually pretends to be a director or manager in the company traveling on business with a deadline to get some important data left on their network drive. They pressure the help desk to give them the toll-free number of the RAS server to dial and sometimes get their password reset. At other times, the tactic is a malicious exploitation or manipulation of some poor clueless user. The human element has been referred to as the weakest link in network security.

Social engineers (a fancy word for flimflam artists) use a variety of tactics to play upon the guilt, ego, trust, duty, and desire to be helpful among ordinary users. Most tactics involve a contrived situation designed to elicit the revealing of confidential information so a system can be broken into. The social engineer may claim to have forgotten a password due to being on vacation, or need access to an area after his manager has left for the day. Crises may involve day care, medical care, or looming deadlines. Attempts will be made to heighten the target's belief that compliance is necessary, helpful, and appropriate. The social engineer typically gathers intelligence on the target organization and/or individual targeted user to make the exploit appear more plausible.

What follows are some typical tactics used by social engineers. The initial tactics involve actually walking into the organization to work on the computers, and the latter tactics involve remotely operated ploys.

(1) THE PAYROLL SCAM -- It's four o'clock in the morning on a Thursday, and the well-dressed social engineer walks up to your security guard, telling him or her they're from accounting and need to get in to work on tomorrow's payroll or "there'll be no checks tomorrow." Once in, they look around for passwords written down on desks, or engage in other "dumpster diving."

(2) THE GARAGE BREAK-IN -- The well-dressed social engineer waits in the underground parking garage next to an elevator that goes to secure floors in the building. Once someone gets out of the elevator, the social engineer hops in, posing as a temp worker. Once in, they look around for passwords written down on desks, or engage in other "dumpster diving."

(3) THE PASSWORD PATSY -- A user gets a call from the social engineer saying something like, "Hi, this is Joe from the MIS department. We were doing a routine systems check and found a problem with your account. Your data is corrupted and we're losing files. I'll need your username and password to make the fix." You'd be surprised how many users say "Sure, my username is JDOE and my password is mittleschmertz. Thanks for fixing the problem."

(4) THE HELPFUL HELP DESK -- The help desk gets a call from the social engineer impersonating a user reporting a forgotten password. In many cases the help desk will change the user's password over the phone. Just to clean up loose ends, the social engineer will call the user who was impersonated and say something like, "This is Joe from the MIS department. We had some problems with security today, so we've changed your password. Your new password is swordfish." The hacker now has a legitimate username and password to work with.

(5) SHOULDER SURFING -- You are being watched as you key in your username and password. Sometimes, the social engineers use binoculars and camcorders, or they are just looking over your shoulder.

(6) EXECUTIVE PRIVILEGE -- An important sounding man identifying himself as an executive will telephone a new system administrator and demand access to his account NOW!

(7) FAKED EMAIL -- The social engineer sends a message to one or more users in a domain that "this is the system administrator and your password must be reset to fooble" for a temporary period of time. The hacker usually gets at least one nibble, is running continuous online monitoring for the change, and then exploits the whole system.

(8) MALICIOUS WEB PAGE -- The social engineer sends a message to one or more users in a domain that "You are infected with a virus that lets hackers get into your machine and read your files, etc. I suggest you download [malicious url] and clean your infected machine. Otherwise you will be banned from [network]."

(9) CHAIN MAIL -- The social engineer keeps working a group of targets to participate in some kind of hoax or joke that slowly escalates into extracting more and more confidential information about network and password security.

(10) FICTITIOUS COMPETITION -- The social engineer manipulates a group of users to participate in some fake competition for a jackpot prize, with the ultimate purpose of eventually extracting confidential information about network and password security.

Cryptography (from the Greek kryptos, meaning "hidden") is the study of techniques and applications that hide the meaning of a message. This is also known as codemaking, or encryption, as distinguished from cryptanalysis, also known as codebreaking, or decryption. Cryptology is the name for the larger science that combines cryptography and cryptanalysis. The predominant practitioners include the military, diplomatic services, and governments.

Methods of hiding the existence of a message were used for many years prior to methods of hiding meanings. The earliest known methods of hiding messages involved techniques that have since been called steganography (from the Greek, steganos, meaning "covered"). The ancient Chinese, for example, invented the practice of swallowing messages scrunched into balls and covered in hard wax. Invisible ink has been used since the first century A.D., and any high-carbon, organic fluid will do, such as milk, vinegar, fruit juice, and urine. The microdot came into existence around 1941, and is simply the successive taking of smaller and smaller photographs to create the dot which can be successively enlarged later. Crossword puzzles often contain hidden messages, and of course, computers take steganography to new heights. The terrorist Osami bin-Laden was known to encode secret messages inside computer graphic files (.bmp, .gif, .jpg). Numerous software programs easily do this, such as Hide and Seek, StegoDos, White Noise Storm S-Tools, Jsteg, and Stealth, to name a few. Secret messages can also be easily embedded in sound files (.wav and .au) using programs like Steghide. Law enforcement software exists to detect steganography.

Cryptography depends on the use of a cipher, which is different from code, despite common usages of codemaker and codebreaker (which technically would be ciphermaker and cipherbreaker). Ciphers substitute letters for letters; codes substitute words for words. There are two general approaches to creating ciphers: transposition and substitution. Transposition is the rearrangement of letters side-by-side, as in Pig Latin or a crossword anagram. Substitution is the pairing of letters at random. There are many different varieties of transpositions and substitutions. You can even combine the two approaches, or mix symbols in for letters. Any actual method used or developed is called an algorithm, and any plaintext alphabet dictionary for it is called a key. You need both algorithm (method) and key (dictionary) to encrypt and decrypt ciphers. There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric systems use the same key (a secret key) to encrypt and decrypt a message. Asymmetric systems use one key (a public key) to encrypt a message and a different key (a private key) to decrypt it. Asymmetric systems are also called public key cryptosystems, and are the basis of RSA techniques, of which PGP (Pretty Good Privacy) is the most well-known implementation.

The goal of an asymmetric system is to achieve a symmetric system; that is, to produce a secret key that can be distributed without a face-to-face meeting. Since programs like PGP produce a private key every time a public key is created, the following protocol explains how sharing a public key and using a private key produces a secret key:

Protocols are a weakness of all cryptosystems. An attacker can easily impersonate one of the corresponding parties, recycle an exchange of keys used in earlier correspondence, or hack into the Alice's PGP program to obtain her private key from a password file. This last thing is exactly what the FBI has been trying to do, with the Clipper Chip initiative and the Magic Lantern virus.

Cipher systems have rules they should follow. One frequently seen set of rules are Kerckhoff's desiderata, developed back in 1883:

One of the simplest ciphers is the Caeser cipher, which is a shift of 1-25 places for every letter in the alphabet (meaning there are 25 possible Caeser ciphers for the English alphabet). For example, in a 3-bit Caeser shift cipher, the following key would be generated:

You can substitute symbols for certain letters if you want, randomize, or whatever, but the name monoalphabetic substitution cipher is used whenever the cipher alphabet consists of letters, symbols, or a mix of both. The standard way to crack such a cipher is by a technique known as frequency analysis, which consists of looking at the most frequently used letter or symbol and matching it with the most frequently used letters in the spoken alphabet, then guessing the rest. For most languages, the following letters are ranked in their frequency of use:

1 - E
2 - T
3 - A
4 - O
5 - I
6 - N
7 - S
8 - H

9 - R
10 - D
11 - L
12 - C
13 - U
14 - M
15 - W
16 - F
17 - G

18 - Y
19 - P
20 - B
21 - V
22 - K
23 - J
24 - X
25 - Q
26 - Z

Monoalphabetic ciphers can be made more difficult by adding nulls, or symbols that stand for nothing. The intended receiver would know to ignore them, but they would slow down an enemy using frequency analysis. Other tricks would be to deliberately misspell some words, mix in foreign words, or refer only to code words. The word nomenclator is used to describe a system that mixes a codebook with an alpha cipher.

An example of a polyalphabetic cipher is the Vigenere cipher, named after a French diplomat born in 1523. The idea is to create many different, successive monoalphabetic substitutions, and switch from Cipher A to Cipher B to Cipher C and so on as the message is read. For example, you could create a square moving each letter of the alphabet over one-by-one, as follows:

By creating such a square down to Cipher 26, you have the Vigenere square. If you wanted to randomize, you send your intended recipient a codeword, like LAMB, which tells them to start with Cipher L, then after the words become unintelligible, move to Cipher A, then Cipher M, and then Cipher B . Again, this would be a nomenclator if you used a codeword. A remarkably ingenious variation is the Great cipher (of Louis XIV), who added syllables, not just letters to his cipher alphabet, and also laid traps for would-be crackers by including certain cell values that deviously deleted the previous letter decrypted. By 1851, it was standard military procedure to send polyalphabetic ciphers via Morse code, the Morse code serving to make the system a nomenclator.

Morse code is not a cipher, but an alternative alphabet. World War I saw extensive use of Morse Code and the development of a technique called traffic analysis. The French realized that each German telegraph operator had a distinctive fist, or pattern of pauses and relative lengths of dots and dashes. They could then perform rudimentary profiles of each operator's anxiety levels, closeness to the German high command, and so forth. Traffic analysis yields intelligence even if the message is indecipherable.

Beginning in 1918, the U.S. Army started using what became known as the onetime pad cipher. This nomenclator technique used a random series of code letters instead of code words with the Vigenere system. Once the message had been successfully sent and received, both parties destroyed the sheet that acted as the key, and used the next random series of letters on the next pad of paper. By World War II, the pad cipher method gave way to the cipher disk, or scrambler system.

A basic cipher disk, or scrambler system, essentially consists of a metallic dial with letters on the outside rim and letters on the inside rim. These dials can be overlapped back-to-back, and constructed so that electrical wiring creates the key, with current passing thru six, seven, or however many dials you wanted to add. The most famous of these systems was the German Enigma machine. The initial setting of the scramblers (dials) determined how the message would be encrypted, and decryption usually required distributing a codebook every four weeks. At the height of WWII, the Germans changed their keys every day.

In response to the need for breaking the German Enigma code, the Brits set up a Government Code and Cypher School (GC&CS) at a place called Bletchley Park in Buckinghamshire. It was staffed by a group of mathematicians, scientists, linguists, chess grandmasters, and crossword addicts. One of the staff later hired was Alan Turing, who had resurrected Babbage's old idea of a difference engine to hypothesize a universal Turing machine (both ideas being predecessors of the modern computer). Bletchley funded Turing's idea to replace the old-fashioned mechanical bombes they were using that relied upon manually adjusting plugboard settings. The new electrical bombes consisted of twelve Enigma machines that exploited whatever little pieces of decrypted information could be gained from regular espionage activities. Most experts point to Bletchley Park as the birthplace of modern cryptoanalysis.

Americans used a version of what Bletchley had called the M-143-C cipher machine, which regularly broke the Japanese Purple code during World War II. However, field commanders in the Pacific wanted quick and easy radio code, and for this, they turned to the Navajo reservation in Arizona. Navajo, as it turns out, is one of two, possibly four, Native American languages unlike anything else in the world. The 420 Navajo code talkers, as they were called, served admirably as radio operators during WWII.

Following the experience with Navajo, there arose interest in the possibility of using other languages for cryptosystems -- hieroglyphics, demotic, cuneiform, Kok-Turki, Brahmi, Cretan (Linear A and B), Coptic, and Arabic. Some ancient languages consist of semagrams -- utterable symbols that represent whole ideas, and these seemed to have hundreds of characters (Chinese, for example, has over 5000 signs). Alphabetic scripts, by contrast, tend to have between 20 and 40 characters (English has 26, Russian has 36, Arabic has 28). Languages can also be classified by how verbs are conjugated and the degree of inflection allowed. Lexicons, of course, have to be built adding new words to the vocabulary, but building codes and ciphers based on less commonly-known languages is a subspecialty of linguistics and forensic archeology.

In 1945, the computer was invented (ENIAC at the University of Pennsylvania), and although the Brits had a similar machine, called Colossus, which cracked Hitler's personal Lorenz cipher, ENIAC (Electronic Numerical Integrator and Calculator) functioned entirely as a hundred scramblers, some spinning clockwise, others counterclockwise, some vanishing after every tenth letter, and others rotating faster as encryption progressed. Computers deal only in binary digits, or bits for short, and a kind of Morse Code called ASCII was soon developed, assigned a 7-digit binary number to each letter of the alphabet and some symbols too. By 1959, computers would become the de facto standard piece of equipment for all cryptography.

One of the first computer ciphers was called Lucifer. It was based on a mangling function, which divides each possible scramble into Left and Right, then relabels the original Right as Left. Sender and receiver only have to agree on one number as the key. When Lucifer software was being made commercially available in the 1960s, the NSA jumped in to limit the number of possible keys made possible by a single number system. The result was a 56-bit (100,000,000,000,000,000 possible keys) solution which became known as the DES (Data Encryption Standard) standard. The 56-bit security level became the business standard in America for e-commerce (secure web pages). The NSA got to keep the original Lucifer program.

In 1969, the Internet (ARPANet) was born, and at first, only a small number of academics and nongovernmental entities were allowed to use it along with the military. One of these academics was an MIT student named Whitfield Diffie who teamed up with a Stanford professor named Martin Hellman and another intellectual named Ralph Merkle. In 1976, at a conference, the Diffie-Hellman-Merkle key exchange scheme was presented. It revolutionized cryptography because they described, in theory, at least, the idea of an asymmetric system where sender and receiver did not have to meet or share a keycode. DES, the standard at the time, was a symmetric system because Lucifer generated one key used by both parties. Their solution was based on using what mathematicians call one-way functions -- algebraic expressions that have one solution but never the same solution again. The so-called hash function, which is used with digital signatures, is an example of a one-way function.

Two years later, in 1978, three researchers at MIT, who were working on the key distribution problem from a different angle -- that of using a computer's power to factor prime numbers -- came up with a solution dubbed RSA, named after the initials of their last names (Ron Rivest, Adi Shamir, and Leo Adleman). The multiplication of prime numbers, it seems, produces values so large that it takes computers a long time to factor them down by multiplying each descending number by the next one. With sufficiently large primes, it would take a supercomputer hundreds of years to compute the factorial, and there are no mathematical shortcuts for factoring. Other schemes, such as the ElGamal scheme, have come along over the years, but the RSA scheme has been the de facto standard since the 1980s. All Bob has to do is pick two prime numbers, keep those choices a secret, and publish the product. Alice then inserts Bob's product number into a typical one-way encryption function, and sends her message. When Bob receives it, he reverses the function and decrypts it using his originally chosen prime numbers. The larger the prime numbers, the longer it's going to take any eavesdropper's computer to guess the original primes. It's common to talk about RSA-level security as 128-bit or higher. In 1991, a Florida professor by the name of Phil Zimmerman started giving away a software program called PGP, which was based on the RSA system of public key cryptography.

It takes two people or more to have a secret, but something is only truly private when one party knows it. The sharing of privacy is conceptually impossible. TRUST is the best there is. With encryption key exchange (also the best there is), as long as each party maintains privacy of their own private keys, it is perfectly all right to share public keys, or even post them in some data repository. In fact, under any public key encryption scheme, you cannot encrypt anything to anybody unless you know their public key. The problem here is that someone can easily forge a public key, and that's where digital certificates and trusted third parties (TTP) come in. The PGP cryptosystem (since version 2.0) has included a variant of TTP in the form of a web of trust. PGP users digitally sign each others' identity certificates and are instructed to do so only if they are confident the person and the public key belong together. A key signing party is one way of accomplishing this (often with a phone call). TTP has a private signing algorithm and public verification algorithm, and TTP also often provides a digital certificate, binding the identity of that party to their public key. Users should be careful when they accept (sign) a digital certificate from somebody, but eventually, if enough people use digital certificates to verify the identity of others, a fault-tolerant web of confidence (trust) will be built (at least for all public keys).

Last updated: Nov. 16, 2009
Not an official webpage of APSU, copyright restrictions apply, see Megalinks in Criminal Justice
O'Connor, T. (Date of Last Update at bottom of page). In Part of web cited (Windows name for file at top of browser), MegaLinks in Criminal Justice. Retrieved from http://www.apsu.edu/oconnort/rest of URL accessed on today's date.

Alphabet	A	B	C	D	E	F	G	H	I	J
Cipher A	B	C	D	E	F	G	H	I	J	K
Cipher B	C	D	E	F	G	H	I	J	K	L
Cipher C	D	E	F	G	H	I	J	K	L	M

Alphabet	A	B	C	D	E	F	G	H	I	J
Cipher	D	E	F	G	H	I	J	K	L	M