It’s here, the finale! Our journey through the history of cryptography is coming to an end, but we still have a few last stations ahead of us. First we dealt with symmetric encryption and the encryption methods of Data Encryption Standard (DES) and Advanced Encryption Standard (AES), and in the last blog we introduced asymmetric encryption. In our final piece of the Cryptography trilogy, we will dive deeper into asymmetric encryption. Attack techniques such as man-in-the-middle attacks and brute force attacks will be examined. Finally, we will present a wide view into the future – keyword: quantum cryptography.

So now lean back in your chair and enjoy the last few stations before we have to say goodbye.

It’s a match: Asymmetric encryption with one key pair

As already mentioned in the last article, asymmetric encryption uses a key pair. The public key is available to all communication partners. The private key, as the second key, remains secret for each communication partner. The private key ensures that the message can be decrypted.

If a message is to be sent encrypted to a recipient, the public key of the recipient is required first. The public key can be characterized as a kind of “one-way key”, since it can only encrypt but not decrypt. A very common example to illustrate this, is the mailbox in traditional letter dispatch: The sender knows the address of the recipient and can drop the letter in his mailbox. However, the recipient cannot get the letter out this way. In this case, an additional key is required to open the mailbox and then access the letter. Simialarly, the recipient can only decrypt the message again with their private key.

In 1974 Ralph Merkle took the first step towards the development of the asymmetric cryptosystem with the Merkles Puzzle, named after him. The first asymmetric encryption method was then developed by cryptographers at MIT as early as 1977: the RSA method. However, this method is very susceptible to attacks, since it is deterministic, i.e. predetermined, and thus easy to crack.

We will now take a closer look at two well-known and actively used asymmetric encryption standards. Let’s go to our first station.

Pretty Good: Pretty Good Privacy

In the 1990s, the US Senate decided that a back door should be built into any encryption software or hardware. Pretty Good Privacy, PGP for short, was then specified by Philip Zimmermann in 1991. With the development he pursued the goal that all US citizens and citizens’ movements could exchange encrypted messages and avoid access by secret service.

Since the US export law prevented a license-free export of the PGP source code, it was typed as a book by more than 60 volunteers. At that time, the book was not subject to export restrictions and could therefore be legally exported from the USA to make the code known worldwide.

In 1997 PGP was bought by McAfee and integrated into their product portfolio. In 2002, the company abandoned the brand. The reason for this is said to have been the strong criticism of the undisclosed source code of PGP. Until 2010, the newly founded PGP Corporation held all rights to PGP until it was sold to Symantec in 2010.

PGP is based on an encryption concept with two main functions: Encryption and signing of a message. Encryption, as explained above, uses a pair of keys. However, PGP does not encrypt the entire message asymmetrically, but only the session key used. The actual message is encrypted symmetrically. The reason for this hybrid encryption is the excessive computational effort required for purely asymmetric encryption.

In addition to encryption, the public key can also be used for signature generation, which can be used to confirm the authenticity of the message. In this way the authenticity, integrity and confidentiality of the message can be guaranteed. To achieve this, the public key must be authenticated with the private keys of the other communication partners. This procedure is also known as Web of Trust (WoT). This type of trust model is advantageous if you want to remain anonymous. Prominent users of PGP encryption are therefore whistleblowers such as Edward Snowden. The security of PGP is only guaranteed as long as the users keep their private keys secret.

We take a leap from PGP, developed in 1991, to 1999, the birth of another asymmetric encryption standard.

S/MIME

The encryption method, S/MIME, published in 1999, is also based on the main applications signing and encryption and is therefore similar to the way PGP works. However, if you want to encrypt and sign your e-mails with S/MIME, you have to register with an appropriate certificate authority and apply for a certificate. The authentication of the public key by the other communication partners, as is the case with PGP, is thus replaced here by a formal certificate. The communication partner can then see in the header information of the message from which certification authority the sender has received his certificate and, if necessary, have his identity confirmed via this authority. Companies in particular use S/MIME for their email encryption.

A journey through the history of cryptography - infographic from Hornetsecurity

Basically, both encryption methods presented are only secure as long as the private key is kept secret. In 2018, however, a research team from the University of Applied Sciences Münster, the Ruhr University Bochum and the University of Leuven published a document questioning the security of the PGP and S/MIME encryption standards and thus attracted attention. However, the research results did not focus on the protocols themselves, but rather on a weakness in mail clients such as Thunderbird, Apple Mail, etc. The topic was taken up in media reports worldwide under “Efail”. Also Hornetsecurity dedicated an own blog post to Efail.

Slowly but surely we want to leave the terrain of the various encryption methods and look at the next stations to see what attacks both encryption methods and the data traffic itself are exposed to.

Trial and error with brute force attacks

Brute force attacks are used to obtain information by means of the trial and error method. With the help of appropriate software, various combinations of characters can be tested within a short time in order to gain illegal access to the desired information. This method is often used for passwords, but also for deciphering ciphertext. In this complete key search, all possible key combinations are tested “exhaustively”.

As already explained in the last article, the DES encryption algorithm was cracked by means of a brute-force attack, since with a key length of 56 bits “only” about 72 quadrillion combinations are possible. According to this, a brute force attack can be counteracted with modern encryption algorithms by using a sufficiently long key. It would be hopeless to start a brute force attack here, as the necessary computing effort would be too high. There are, however, mathematical attacks that considerably reduce the complexity of the key, such as the square root attack. In addition, there is another variant to secure these attacks, which you probably already know: after X failed login attempts on your smartphone, it will be locked for a certain period of time.

Our next station is dedicated to an attack technique that can tap any data traffic and is therefore particularly dangerous.

Undercover with man-in-the-middle attacks

In a man-in-the-middle attack, also known as the Janus attack (Roman mythology), a third party switches unnoticed between two communication partners. In doing so, he pretends to be the other’s actual counterpart. The aim of this attack is to view or even manipulate the data traffic at will. Depending on the area of application, the attack scenarios are varied. A popular attack vector is, for example, an open WLAN network set up by the attacker, to which the victim connects. This allows the cybercriminal to read any data traffic while the victim is surfing the Internet recklessly. Encrypted e-mail communication can also be attacked using the same principle:

The attacker transmits his public key to the sender, but pretends that it is the public key of the legitimate recipient. The sender now encrypts the message with the public key, which is also available to the attacker, who decrypts it with his private key and can read and manipulate the message. To ensure that the communication partners do not notice this, the message is encrypted by the attacker with the public key of the legitimate recipient and forwarded to him so that he can receive and decrypt the now manipulated message.

To avoid this kind of attacks, the public keys should be checked for authenticity, e.g. with appropriate certificates, as is the case with S/MIME.

A small outlook on what could still await us

We are at the end of our journey. We hope that you enjoyed this trip as well and that you were able to take some things with you. Finally, we would like to take a short look into the future. You will probably have read a lot about them in the media: Quantum computers. They are the most powerful and fastest computers in the world. The question that arises here in this context Is our encryption today safe from quantum computers? What do you think?