Chapter 2 - Cryptographic Protection

Copyright(c), 1990, 1995 Fred Cohen - All Rights Reserved

Cryptography is the study of secret writing, or in other words, of transforming information into a form that obscures its meaning. In cases where release or modification of information could cause harm, cryptography may be of value. We begin our discussion by listing the most widespread applications of cryptography and explaining how each is attained.

An obvious application for cryptography is the transformation of information to prevent an enemy from observing its meaning. This is the classical concept of secrecy, wherein we attempt to prevent information from reaching an enemy in a usable form. Secrecy is viewed by many as the central issue in the field of information protection.
A less obvious but very important cryptographic application is the transformation of information into an obscured form which makes it difficult to change the information without that change being easily detected. This exemplifies the classical concept of integrity, wherein we attempt to prevent harm that could result from corrupt information being used for problem solutions. This use of cryptography is called authentication, and is a widespread application which has historically gotten much less public attention than secrecy. Banks use authentication codes almost exclusively as their means of protecting electronic funds transfers (EFTs) of many billions of dollars per day, as does the U.S. Federal Reserve.
The concept of using cryptography for the electronic signing of documents has received increasing attention of late because of breakthroughs that have enabled practical systems to be implemented. The important aspects of these transformations are that a signature be an unforgeable and irrefutable certification of the agreement to which it is attached. This prevents harm which could result from forgery or attempts to back out of an agreement once signed.

Many other uses for cryptography now exist, and further applications will almost certainly grow as our understanding of information protection grows. The major advantage of properly designed and implemented cryptographic applications is that they are inexpensive to use, expensive to attack, and independent of other factors in the environment. The major problems are in the assurance of these advantages in actual use.

Questions

1 - Simple cryptographic in class problem:

a) Using a Caesar cipher, encode a sentence
b) Using a Polyalphabetic Substitution Cipher, encode a sentence
c) Exchange ciphers with another student, and decode their messages

2 - Estimate the time required to attack:

a) An RSA cryptosystem with a modulus of 40 digits using a CRAY-I
b) A polyalphabetic substitution cipher with a key length under 10

3 - Describe how and why encryption can be used for:

a) Keeping information transmitted over public phones secret
b) Signing documents that must stand up in court
c) Protecting files on disk from illicit observation

4 - Is it possible to: (explain why and how)

a) Break a polyalphabetic substitution cipher with any amount of ciphertext
b) Break any cipher given enough time
c) Break a polyalphabetic substitution cipher given enough text
d) Increase the attack time by data compression

5 - Describe and explain protocols to:

a) Exchange private keys using a public key system
b) Verify a signature using the RSA cryptosystem
c) Distribute session keys using the DES

6 - Which takes longer:

a) Breaking a 200 digit RSA message, or breaking a forty byte DES message
b) Breaking a 10 character Caesar cipher, or adding two 100 digit numbers
c) Forging an RSA authentication, or walking across the USA

7 - Which would you trust most, least if your life depended on it:

a) A cryptosystem with a 'secret but unbreakable cipher method'
b) A secret cryptosystem certified by the NSA
c) A one-time-pad