«Chapter 2 Communication Security and Key Safety In order to allow a secure communication system to function properly, users must keep some secret, ...»
Communication Security and Key Safety
In order to allow a secure communication system to function properly, users must
keep some secret, which is often referred as a cryptographic key or in short, a key.
Safety of key is a premise of communication security because once adversary knows
the key, the users’ communications will no longer be protected.
For centuries, the above understanding of the relationship between key safety and
communication security holds as an axiom. However, the prerequisite of key safety is difﬁcult to guarantee in practice. There are numerous vulnerabilities that allow the adversary to obtain the key and then compromise communication security. The decisive role of key safety becomes an inherent weakness in many practical systems.
This entire monograph is devoted to present dynamic secrets as an approach to relieve the tension between the possibility of key theft and the demand for communication security guarantee. In this chapter, we brieﬂy review typical secure communication systems and their design principles. This background review explains the motivation and the basis of our research.
Section 2.1 presents a series of historical ciphers and then reviews the Kerckhoffs’ guidelines for cryptosystem design.
These guidelines have served as a main frame for many secure communication systems from nineteenth century to modern days. We compare Kerckhoffs’ guidelines with the art of locksmith. The comparison demonstrates that the key safety is a single point of failure to communication security. Section 2.2 illustrates the practical challenges of key safety protection by presenting a collection of attacks that allow adversary to obtain key.
2.1 Secure Communication System Design and Locksmith The history of secure communication systems can be dated back at least 2,500 years ago. The Spartans invented a cipher namely scytale and used this cipher to protect conﬁdential messages transfer in war time. As shown in Fig. 2.1a, a scytale consists of a wooden rod and a strip of parchment. The message sender wraps the parchment S. Xiao et al., Dynamic Secrets in Communication Security, 5 DOI: 10.1007/978-1-4614-7831-7_2, © Springer Science+Business Media New York 2014 6 2 Communication Security and Key Safety Fig. 2.1 Ancient systems for secure communication: a a scytale, b a Caesar’s cipher disk strip around the rod and then writes his message along the rod’s axis direction. The unwrapped parchment strip is carried by a messenger to the recipient, who has a rod of the same diameter as the rod used by the sender. The recipient re-wraps the parchment strip and read the message. The rod diameter is a secret between the sender and the recipient and blocks their enemy from read the message.
The famous Julius Caesar used another method to secure thecommunications in his army. When writing a conﬁdential message to his generals, Caesar substitutes every letter by a different letter in the alphabet. The substitution rule was kept as a secret between Caesar and his generals. In this way, even if the encrypted message is intercepted by his enemies, they may discard the encrypted message as meaningless scrambled letters. The cipher that substitutes each letter with a letter some ﬁxed number of positions down the alphabet is named after Julius Caesar as Caesar’s cipher.
Figure 2.1b shows a Caesar’s cipher disk that helps quickly encrypt and decrypt messages.
There are many other ancient systems that provide communication security. Generally, these systems are fundamentally weak when judged by modern standard because they are easily crackable when adversary learns the system construction.
For example, the scytale system is easily defeated if the enemy of Spartans knows that decryption is to re-wrap the parchment on a rod. It is not difﬁcult for the enemy to make a rough guess of the rod’s diameter and decrypt the messages. Caesar’s enemy only needs to try several times to ﬁnd the exact offset between the plaintext message alphabet and the encrypted message alphabet. Once the enemy ﬁnds the offset, the secure communication is no longer secure.
In 1883, Dutch linguist and cryptographer Auguste Kerckhoffs proposed six cryptosystem design guidelines . He suggested to divide a cryptosystem into two parts:
the key and the system. More importantly, he emphasized that the communication security must remain intact even if the system construction is known by enemy. In other words, Key safety is the sole premise of communication security. This design principle is later recognized as Kerckhoffs’ principle.
Kerckhoffs’ principle distinguishes modern cipher designs from ancient ciphers such as the scytale and Caesar’s cipher. A famous modern cipher example is Enigma, used to protect the German military communications in World War II.
2.1 Secure Communication System Design and Locksmith 7 The Berlin headquarter encrypts messages using the Enigma machine and broadcast the encrypted messages through radio signals. Then the German submarine ﬂeets, often referred as the U-boat, would perform their battle tasks according to the received messages.
Enigma is a complicated electric-mechanical device that consists of some wired boards and rotors. The key of encryption and decryption is the initial rotor positions.
Berlin sender set rotors to some secret initial positions and feed the plaintext message into the machine. The output of Enigma machine is the encrypted message. The U-boat receiver will set his Enigma machine to some corresponding rotor initial positions and then input the encrypted message. The machine output will be the decrypted, plaintext message.
Capturing the Enigma machine alone does not allow the Allies to completely crack the German military secure communication system. It took some of the world’s smartest minds such as Alan Turing working days and nights to analyze the structure and the cryptographic properties of the Enigma machine and decrypt some Enigmaencrypted messages. In order to efﬁciently decrypt the targeted German military communications, it was also vital to have special military missions that brought back the German codebooks that contain the initial rotor positions.
The cracking of the Enigma cipher was a grand victory. The Allies were then able to stop the German U-boats from sinking their Atlantic transport ships. The Allies were also able to send fake battleﬁeld information to the German commanders and lure them to make wrong decisions. It was conjectured that the World War II would have been ended in 1948 instead of 1945, had the Enigma cipher not been cracked .
On the other hand, the cracking process of the Enigma machine is a proof of the effectiveness of Kerckhoffs’ guidelines. The key-system separation design signiﬁcantly increased the difﬁculty of cracking the Enigma cipher. It is necessary to have knowledge on both the system structure and the key to break the communication security. Many modern day secure communication system designs adopt Kerckhoffs’ principle. The cryptographic algorithms and protocols used in the system are documented publicly and left key safety as the necessary and sufﬁcient condition for communication security. Such a system is referred as an open cryptosystem in the context of communication security. Most civilian secure communication systems and a large number of military secure communication systems are open cryptosystems.
The open system design of secure communication systems reminds us of another craft with long history, the locksmith. Just like the key-system separation in the open system design of secure communication systems, a door lock consists of two components, the lock body installed on the door and the key. The search for strong cryptographic algorithms and protocols is like the search for lock structures that are resistant to lock-picking. With a strong lock body, key safety is the prerequisite for security. Key theft is disastrous to both secure communication systems and door locks.
Unlike lock body, which is often vulnerable to lock picking and brute force break in, modern day cryptographic algorithms and protocols can be extremely sophisticated and resistant to cryptanalysis attacks. A good example is AES Rijndael 8 2 Communication Security and Key Safety algorithm, the current NIST standard for electronic data encryption . It was proposed in 1998 and standardized in 2001. No publicly known efﬁcient cryptanalysis attack to AES Rijndael has been developed for more than a decade. The adversary who defeats AES by cryptanalysis must surpass all the public research efforts on AES throughout these years. The open system principle eliminates weak cryptographic designs by opening them up to the public tests.
However, it is more complicated to protect a cryptographic key than to safeguard a lock key. A lock key is a physical entity that the key owner can effectively check if it is stolen. Moreover, a lock key can be made with special three dimension structure and contains rare materials. Duplicating a carefully designed lock key is difﬁcult and costly. Even if a thief knows the shape and build of the lock key, he may not be able to create one. On the other side, a cryptographic key is merely a piece of information.
Unless adversary confessed or caused noticeable security damage, the cryptographic key owner would not be able to recognize that his key is known to adversary. The duplication of a cryptographic key only requires copying a bit string. An adversary may duplicate a cryptographic key remotely with negligible duplication cost.
In modern day secure communications, although cryptanalysis attacks are still a viable techniques to compromise the communication security, it is often more cost-effective for adversary to focus on obtaining the cryptographic key.
2.2 Challenges to Ensure Key Safety
Attacks that threaten key safety can be generally classiﬁed into two types. One type of attacks is key cracking. Adversary attempts to deduce the key from information available to him. For example, the adversary may analyze eavesdropped cipher texts that are encrypted from some known plain texts and try to calculate the key. Another type of attacks is key stealing. Adversary obtains the key through an unauthorized access to the key. In later chapters, we use key theft to represent the incident that adversary obtains the key, regardless of the type of attacks.
2.2.1 Key Cracking
Exhaustive search is a trivial yet effective key cracking attack. Adversary ﬁrst eavesdrop a short segment of key related information such as the key’s hash value in an authentication process, then he try out possible key values in the key space to ﬁnd the value that produces the hash value. Exhaustive search attack is extremely effective against human memorable passwords. Research work in  estimates that the majority of human created passwords have less than 20 bits of entropy by NIST standard tests (NIST SP800-63). With today’s computing technology, exhaustive search attack can reveal a large amount of passwords in several hours [68, 69].
2.2 Challenges to Ensure Key Safety 9 The exhaustive search attack can be defended by generating the cryptographic key using a pseudo random number generator (PRNG) and then storing the key in a secure storage device. The pseudo random key values spreads in a large key space. The exhaustive search would take an unreasonably long time, e.g. more than a thousand years, to ﬁnd the key.
PRNG is an algorithm that expands a short numeric seed to a long sequence of apparently random numeric values. The algorithm design defects, the implementation ﬂaws, and the insufﬁcient randomness in the seed value are vulnerabilities that an adversary may exploit for key cracking. For example, research works in  and  study the weakness in the key generation algorithms to predict the pseudo random key values with high probability. Reference  shows that various implementation ﬂaws can shrink the key space considerably and allow the adversary to exhaustive search the key in a limited key space. A famous incident was the implementation ﬂaw found in the OpenSSL library in Debian Linux operating system. A function that is supposedly to keep supplying entropy to the numeric seed of the PRNG has been neglected in the implementation. Therefore, the adversary may predict the outcomes of the PRNG and then explicitly calculate the cryptographic keys generated in the system .
The countermeasure to the exhaustive search attack and the PRNG related attacks is to generate the key with sufﬁcient true randomness, which is the randomness contained in physical phenomenon such as the coin ﬂipping and the dice rolling. In mission critical secure communication systems, the cryptographic keys are required to be generated by a true random number generator (TRNG), i.e. a device that collect random bits from random physical phenomenon.
The downside of true random number generator (TRNG) is its cost and portability. Coin ﬂipping and dice rolling are too slow to generate random bits for practical applications. In order to generate a stream of truly random bits in high speed, dangerous radioactive materials or expensive quantum optical devices will be used .
Our current technology does not allow TRNG to be efﬁciently and economically implemented into our daily communication devices, such as the laptop computers and the mobile phones.
Even if the key is generated with sufﬁcient entropy, i.e. true randomness, the adversary may crack the key through cryptanalysis attack to the cipher that uses the key. For example, Refs.  and  studies the methods to reveal the key from the encrypted texts by exploiting cipher vulnerabilities. A notable incidence of such key cracking attacks is the cryptanalysis to the RC4 cipher, which is widely used in wireless LAN security . Because a vulnerable design of the RC4 cipher was standardized in the wired equivalent privacy (WEP) mode of wireless LAN security, adversary can crack the wireless key within several minutes using a laptop computer .