Cryptography in essence tries to solve three main real world problems.
- Confidentialty
- Integrity
- Authenticity
Lets consider there are two people Alice and Bob who want to communicate with each other, and Eve is trying to eaves drop on the communication. The communication is said to be confidential if eve is not able to understand what messages Alice and Bob are exchanging. Ok, Eve cannot understand what Alice and Bob are talking, however Eve could stand between Alice and Bob and tamper the message. Somehow Bob must be able to deduce that the messages that come from Alice have not been tampered. There is yet another problem, Eve could be sending messages on behalf of Alice, somehow Bob must be able to authenticate that the message came from Alice.
There are two kinds of Cryptography
- Symmetric/Secret Key Cryptography
- Asymmetric/Public Key Cryptography
Confidentiality using Symmetric/Secret Key Cryptography
Secret key cryptography, uses the same key to encrypt and decrypt the message. If Alice wants to communicate a confidential message to Bob they must first have the same encryption key in their possession.
In the example below we use the key generator to generate a key for the DES encryption algorithm. The cipher class is then instantiated for encryption and decryption using the key which is distributed to Alice and Bob.
1 package org.symmetric;
2
3 import javax.crypto.Cipher;
4 import javax.crypto.KeyGenerator;
5 import javax.crypto.SecretKey;
6
7 public class ConfidentialitySecretKey {
8
9 public ConfidentialitySecretKey() throws Exception {
10 KeyGenerator keyGenerator = KeyGenerator.getInstance(“DES”);
11 SecretKey key = keyGenerator.generateKey();
12 Alice alice = new Alice();
13 Bob bob = new Bob();
14 alice.setKey(key);
15 bob.setKey(key);
16 byte[] cipherText = alice.getMessage();
17 bob.receiveMessage(cipherText);
18 }
19
20 public class Alice {
21 private SecretKey key;
22
23 public void setKey(SecretKey key) {
24 this.key = key;
25 }
26
27 public byte[] getMessage() throws Exception {
28 String message = “Top Secret”;
29 Cipher cipher = Cipher.getInstance(“DES/ECB/PKCS5Padding”);
30 cipher.init(Cipher.ENCRYPT_MODE, key);
31 return cipher.doFinal(message.getBytes(“UTF-8″));
32 }
33
34 }
35
36 public class Bob {
37 private SecretKey key;
38
39 public void setKey(SecretKey key) {
40 this.key = key;
41 }
42
43 public void receiveMessage(byte[] message) throws Exception {
44 Cipher cipher = Cipher.getInstance(“DES/ECB/PKCS5Padding”);
45 cipher.init(Cipher.DECRYPT_MODE, key);
46 byte[] plainText = cipher.doFinal(message);
47 System.out.println(new String(plainText, “UTF-8″));
48 }
49 }
50
51 public static void main(String args[]) throws Exception {
52 ConfidentialitySecretKey c = new ConfidentialitySecretKey();
53 }
54 }
Integrity using Symmetric/Secret Key Cryptography
Now since Alice can send a confidential message to Bob, she is faced with another problem. She needs to some how ensure the integrity of the message. On the event that the message is tampered by eve, somehow Bob should be able to detect that the message has been tampered. A message digest is an function on the message that generates a unique but shorter representation of the message itself. Alice now generates a digest of the message that she needs to send to Bob. Now she encrypts the message digest with the secret key that only she and Bob shares. The result of the transforation is called the Message Authentication Code or MAC. She now sends the message and the MAC to Bob. Since Bob is the only other person in the world who is in possession of the secret key, nobody can tamper the message and regenerate the MAC. When Bob received the message he verifies that the message has not been tampered by generating the message digest from the message and matching it with the decripted MAC.
The example below shows how one could generate a MAC using java.
1 package org.symmetric;
2
3 import java.util.Arrays;
4
5 import javax.crypto.KeyGenerator;
6 import javax.crypto.Mac;
7 import javax.crypto.SecretKey;
8
9 public class IntegritySecretKey {
10
11 public IntegritySecretKey() throws Exception {
12 KeyGenerator keyGen = KeyGenerator.getInstance(“HmacMD5″);
13 SecretKey key = keyGen.generateKey();
14 Alice alice = new Alice();
15 Bob bob = new Bob();
16 alice.setKey(key);
17 bob.setKey(key);
18 byte[] message = alice.getMessage();
19 byte[] mac = alice.getMAC();
20 bob.receiveMessage(message, mac);
21 // eve tampers the next message
22 message[0] = 0;
23 bob.receiveMessage(message, mac);
24 }
25
26 public class Alice {
27 private SecretKey key;
28
29 public void setKey(SecretKey key) {
30 this.key = key;
31 }
32
33 public byte[] getMessage() throws Exception {
34 return “Top Secret”.getBytes(“UTF-8″);
35 }
36
37 public byte[] getMAC() throws Exception {
38 byte[] message = getMessage();
39 Mac mac = Mac.getInstance(key.getAlgorithm());
40 mac.init(key);
41 return mac.doFinal(message);
42 }
43
44 }
45
46 public class Bob {
47 private SecretKey key;
48
49 public void setKey(SecretKey key) {
50 this.key = key;
51 }
52
53 public void receiveMessage(byte[] message, byte[] macReceived)
54 throws Exception {
55 Mac mac = Mac.getInstance(key.getAlgorithm());
56 mac.init(key);
57 byte[] macToCompare = mac.doFinal(message);
58 System.out.println(Arrays.equals(macToCompare, macReceived));
59 }
60 }
61
62 public static void main(String args[]) throws Exception {
63 IntegritySecretKey i = new IntegritySecretKey();
64 }
65 }
Authentication using Secret/Symmetric Key Cryptography
Using message authentication codes inherently solves the problems of authentication, as not only the integrity of the message is ensured, since Alice and Bob are the only two persons who are in possession of the secret key, if the MAC is verified it also authencitates that Alice really sent the message. Now Eve has a few tricks up her sleeve ! She could record the messages and replay them at a later time, or she should reorder the messages. This could be solved by embedding the timestamp in the messages. Eve could still cause trouble by deleting the messages totatally ! This problem cannot be solved by cryptography but with the handshake and protocol used for communication.