Isa 562 information security theory practice
This presentation is the property of its rightful owner.
Sponsored Links
1 / 67

ISA 562 Information Security Theory & Practice PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on
  • Presentation posted in: General

ISA 562 Information Security Theory & Practice. Cryptography Chapter 9 of Bishop ’ s Book. Overview. Background Secret Key Cryptography Caesar cipher Vigen è re cipher. Cryptography. Cryptology means hidden writing

Download Presentation

ISA 562 Information Security Theory & Practice

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Isa 562 information security theory practice

ISA 562 Information Security Theory & Practice

Cryptography

Chapter 9 of Bishop’s Book


Overview

Overview

  • Background

  • Secret Key Cryptography

    • Caesar cipher

    • Vigenère cipher


Cryptography

Cryptography

  • Cryptology means hidden writing

  • Comes from the Greek words  (hidden or secret) and  (writing)

  • A mechanism for

    • Confidentiality

    • Integrity (authentication, non-repudiation)

  • In the face of

    • passive, and

    • active attacks


Terminology

Terminology

  • Encryption: the process of coding a message to conceal its meaning

  • Decryption: The process of transforming an encrypted message into the original form

    • Often we use encode or encipher instead of encrypt, and decode or decipher instead of decrypt

  • Plaintext or Cleartext: A message in its original form

  • Ciphertext:A message in the encrypted form

  • Cryptography: The practice (or art) of using encryption to conceal text

  • Cryptosystem: A system for encryption and decryption

  • Cryptographer: Invents encryption algorithms (“Good Guys”)

  • Cryptanalyst:Attempts to break encryption algorithms (“Bad Guys”)


Cryptosystems

Cryptosystems

SECRET KEY

Symmetric Key

Single Key

Conventional

PUBLIC KEY

Asymmetric Key

Two Keys


Secret key cryptosystem

Secret Key Cryptosystem

Plain-

text

Plain-

text

Ciphertext

Encryption

Algorithm

Decryption

Algorithm

INSECURE CHANNEL

A

B

K

K

SECURE CHANNEL

Secret Key

shared by

A and B


Public key cryptosystem

Public Key Cryptosystem

Plain-

text

Plain-

text

Ciphertext

Encryption

Algorithm

Decryption

Algorithm

INSECURE CHANNEL

A

B

B's Public Key

B's Private Key

RELIABLE CHANNEL

B's Public Key


Notation for a cryptosystem

Notation for a Cryptosystem

  • Quintuple (E, D, M, K, C)

    • M set of plaintexts

    • K set of keys

    • C set of ciphertexts

    • E set of encryption functions e: M KC

      • c = e(k,m)

    • D set of decryption functions d: C KM

      • m = d(k’,c)

  • Is k=k’?

  • Who keeps k and k’?


Example

Example

  • Example: Caesar cipher

    • M= { all sequences of letters }

    • K = { i | i is an integer and 0 ≤ i ≤ 25 }

    • E = { Ek | kK, where Ek(m) = (m + k) mod 26 for any letter m}

      • E0 (a) = a, E2 (b) = ?, E2 (y) = ?

    • D = { Dk | kK, where Dk(c) = (26 + c–k) mod 26 for any letter c}

      • D0 (a) = a, D2 (b) = ?, D2 (y) = ?

    • C = M

m

c

k


Cryptanalysis

Cryptanalysis

  • Adversary ’sgoal is to break the cryptosystem

  • Knows e and dbut not k

    • Knows how the lock works, but don’t’ know the combination

  • Break the cryptosystem = get the key

    • Real objective might be to discover the plaintext message, but this is generally assumed to be equivalent to discovering the key

    • Unlock the cabinet (and use the remote control)


Cryptanalysis cont d

Cryptanalysis (Cont’d)

  • Types of attacks:

    • ciphertext only: adversary has only ciphertext

      • The enemy intercepted encrypted messages

    • known plaintext: adversary has some plaintext-ciphertext pairs

      • The enemy later learned the content of those messages

    • chosen plaintext: adversary has plaintext-ciphertext pairs for plaintext of the cryptanalyst's choice

      • A spy submit fake messages for encryption

    • chosen ciphertext: adversary has plaintext-ciphertext pairs for ciphertext of the cryptanalyst's choice

      • A spy submit fake encrypted messages for decryption


Basis for attacks

Basis for Attacks

  • Mathematical attacks

    • Based on analysis of underlying mathematics

  • Statistical attacks

    • Natural language contains particular distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. ,in a natural language

      • Called models of the language

      • In English, ‘e’ appears the most frequently (65 times more frequently than the least frequent ‘z’ and ‘q’)

        • In this handout: ‘e’ 1769, ‘z’ 27, ‘q’ 68

    • Encryption may not fully destroy the distribution, so observe the ciphertext for related properties


Overview1

Overview

  • Background

  • Secret Key Cryptography

    • Caesar cipher

    • Vigenère cipher


Secret key cryptography

Secret Key Cryptography

  • Sender, receiver share common key

    • Keys may be the same, or trivial to derive from one another

    • Also called symmetric key cryptography

  • Two basic types

    • Transposition ciphers

    • Substitution ciphers

    • Combinations are called product ciphers


Transposition cipher

Transposition Cipher

  • Rearrange letters in plaintext to produce ciphertext

  • Example (Rail-Fence Cipher)

    • Plaintext is HELLO WORLD

    • Rearrange as HLOOL ELWRD

    • Ciphertext is HLOOL ELWRD

  • Permutation

    • Does not alter frequency of single characters

    • Called a 1-gram


Attacking the transposition cipher

Attacking the Transposition Cipher

  • Anagramming

    • If 1-grams of ciphertext match English frequencies, but other n-grams (that is, frequency of n-tuple of characters) do not, probably transposition

    • Rearrange letters to form n-grams with highest frequencies

      HELLO WORLD

      HLOOL

      ELWRD

      HLOOL ELWRD

Permutations do not change frequency of single characters, but do change frequency of pairs of characters


Example1

Example

  • Ciphertext: HLOOLELWRD

  • In English, frequencies of 2-grams starting w/ H

    • HE0.0305 the winner!

    • HO 0.0043

    • HL, HW, HR, HD < 0.0010

  • Frequencies of 2-grams ending in H

    • WH 0.0026

    • EH, LH, OH, RH, DH ≤ 0.0002

  • Implies E follows H


Example2

Example

  • Arrange so the H and E are adjacent

    HE

    LL

    OW

    OR

    LD

  • Read off across, then down, to get original plaintext

HLOOL ELWRD


Overview2

Overview

  • Background

  • Secret Key Cryptography

    • Caesar cipher

    • Vigenère cipher


Substitution ciphers caesar cipher

KHOOR ZRUOG

HELLO WORLD

Substitution Ciphers - Caesar cipher

  • Change characters in plaintext to produce ciphertext

  • Example (Caesar cipher)

    • Plaintext is HELLO WORLD

    • Change each letter to the third letter following it (X goes to A, Y to B, Z to C)

      • Key is 3, usually written as letter ‘D’

    • Ciphertext is KHOOR ZRUOG


Attacking the caesar cipher

Attacking the Caesar Cipher

  • Exhaustive search

    • If the key space is small enough, try all possible keys until you find the right one

    • Caesar cipher has 26 possible keys

  • Statistical analysis

    • The right key should let decrypted message match the 1-gram model of English


Statistical attack on caesar cipher

Statistical Attack on Caesar Cipher

  • 1-grams of the ciphertext KHOOR ZRUOG

    g 0.1h0.1k0.1o0.3

    r0.2u0.1z0.1

  • 1-grams of English p:

  • Question: how to choose the right key such thatthe two 1-grams match the best?


Correlation of frequency

Correlation of Frequency

  • ‘Match the best’ means…

  • The right key 0i 25 should maximize

    (i) = 0.1•p (6 –i) + 0.1 •p (7 –i) + 0.1 •p (10 –i) + 0.3 •p (14 –i) + 0.2 •p (17 –i) + 0.1 •p (20 –i) + 0.1 •p (25 –i)

    • 0.3 •p ( 14 –i )

(k) is maximum iff the two sides match (having similar relative percentage)

frequency of ‘o’

in ciphertext

frequency of decrypted ‘o’ in english


I for 0 i 25

(i) for 0 ≤ i ≤ 25


Who is the winner

Who is the Winner?

  • Most probable keys, based on :

    • i = 6, (i) = 0.0660

      • plaintext EBIIL TLOLA

    • i = 10, (i) = 0.0635

      • plaintext AXEEH PHKEW

    • i = 3, (i) = 0.0575

      • plaintext HELLO WORLD

    • i = 14, (i) = 0.0535

      • plaintext WTAAD LDGAS

  • Only English phrase is for i = 3

    • That’s the key

    • Why ranked #3?


Overview3

Overview

  • Background

  • Secret Key Cryptography

    • Caesar cipher

    • Vigenère cipher


Caesar cipher s problem

Caesar Cipher’s Problem

  • Key is too short

    • Can be found by exhaustive search (13 tries)

  • Statistical frequencies not concealed well

    • 1-grams are not changed (only shifted)

  • So make key longer

    • Use a sequence as key: k1 k2 k3… kn(key space 26n)

  • Conceal statistical frequencies through diffusion

    • Use ki to encrypt the ith letter of plaintext

    • Statistical patterns average out


Vigen re cipher

Vigenère Cipher

  • Example

    • Message THE BOY HAS THE BALL

    • Key VIG repeating

      • Period of the key is 3

    • Encipher using Caesar cipher for each letter:

      key VIGVIGVIGVIGVIGV

      plain THEBOYHASTHEBALL

      Cipher OPKWWECIYOPKWIRG


Relevant parts of tableau

GIV

A G I V

B H J W

E L M Z

H N P C

L R T G

O U W J

S Y A N

T Z B O

Y E H T

Tableau shown has relevant rows, columns only (full version: Figure 9-3 in textbook)

Relevant Parts of Tableau

key

plaintext

key VIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

Cipher OPKWWECIYOPKWIRG


Attacking the cipher

Attacking the Cipher

  • Approach

    • Establish period; call it n

    • Break message into n parts, each part being enciphered using the same key letter

    • Solve each part

  • We will show each step

keyVIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

CipherOPKWWECIYOPKWIRG


The target cipher

The Target Cipher

  • We want to break this cipher:

    ADQYS MIUSB OXKKT MIBHK IZOOO

    EQOOG IFBAG KAUMF VVTAA CIDTW

    MOCIO EQOOG BMBFV ZGGWP CIEKQ

    HSNEW VECNE DLAAV RWKXS VNSVP

    HCEUT QOIOF MEGJS WTPCH AJMOC

    HIUIX


First tool kaskski s method

First Tool: Kaskski’s Method

  • Kaskski: if characters of the key appear over the same characters in the plaintext, repetitions in the ciphertext will occur

    key VIGVIGVIGVIGVIGV

    plain THEBOYHASTHEBALL

    cipher OPKWWECIYOPKWIRG

    • Distance between repetitions is 9, so the period must be a factor of 9 (that is, 1, 3, or 9)

    • Will the ciphertext contain the same repetition in the following two cases?

key VIGVIGVIGVIGVIGVI

plain THEBOOYHASTHEBALL

key VIGJVIGJVIGJVIGJ

plain THEBOYHASTHEBALL


Repetitions in example

Repetitions in Example


Estimate of period

Estimate of Period

  • The longest repetition OEQOOG is probably not a coincidence

    • Distance is 30

  • The second longest is MOC

    • Distance is 72

  • GCD of 30 and 72 is 6

  • Others

    • (7/10) have 2 in their factors

    • (6/10) have 3 in their factors

  • 6 is a probable period


Second tool index of coincidence

Second Tool: Index of Coincidence

  • Index of coincidence (IC)

    • The probability that any two randomly chosen letters from ciphertext are the same

  • A measure of variation in frequencies of letters

    • IC of aaaaaaaabc (> or <) IC of aabcdefghi ?

  • This variation depends on the period of key

    • Longer key tends to average out statistical patterns that exist in English (and thus in plaintext)

  • Known result of period - IC

    1 - 0.066 3 - 0.0475 - 0.044

    2 - 0.052 4 - 0.04510 - 0.041 larger-0.038


Compute ic of our ciphertext

Compute IC of Our Ciphertext

  • IC =0≤i≤25 (Fi (Fi– 1))

    (n (n– 1))

    • where n is length of ciphertext and Fi the number of times character i occurs in ciphertext

    • aaaaa aaabb

  • Here, IC = 0.043

    • Indicates a period of slightly more than 5

    • Agrees with the previous estimate 6

    • Step 1 done; now we have the key period


Splitting into alphabets

Splitting Into Alphabets

alphabet 1: AIKHOIATTOBGEEERNEOSAI IC 0.069

alphabet 2: DUKKEFUAWEMGKWDWSUFWJUIC 0.078

alphabet 3: QSTIQBMAMQBWQVLKVTMTMIIC 0.078

alphabet 4: YBMZOAFCOOFPHEAXPQEPOXIC 0.056

alphabet 5: SOIOOGVICOVCSVASHOGCCIC 0.124

alphabet 6: MXBOGKVDIGZINNVVCIJHHIC 0.043

  • 1,2,3,5 indicate period 1

  • 4 and 6 don’t (well, statistics)

  • Step 2 done; now we are dealing with 6 Caesar ciphers!

ADQYS MIUSB OXKKT MIBHKIZOOO

EQOOG IFBAG KAUMF VVTAA CIDTW

MOCIO EQOOG BMBFV ZGGWP CIEKQ

HSNEW VECNE DLAAV RWKXS VNSVP

HCEUT QOIOF MEGJS WTPCH AJMOC

HIUIX


Frequency examination

Frequency Examination

ABCDEFGHIJKLMNOPQRSTUVWXYZ

131004011301001300112000000

210022210013010000010404000

312000000201140004013021000

421102201000010431000000211

510500021200000500030020000

6 01110022311012100000030101

  • Letter frequencies in English

    HMMMHMMHHMMMMHHMLHHHMLLLLL

  • #1 matches – the key is a

(H high, M medium, L low)


Begin decryption

Begin Decryption

  • #3 matches if I shifted to A

  • #6 matches if V shifted to A

  • Substitute into ciphertext (bold are substitutions)

    ADIYS RIUKB OCKKL MIGHKAZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKIHSSEW NECSE DDAAA RWCXS ANSNPHHEUL QONOF EEGOS WLPCM AJEOC MIUAX


Look for clues

Look For Clues

  • AJE in last line suggests “are”, meaning #2 key is s :

    ALIYS RICKB OCKSL MIGHS AZOTO

    MIOOL INTAG PACEF VATIS CIITE

    EOCNO MIOOL BUTFV EGOOP CNESI

    HSSEE NECSE LDAAA RECXS ANANP

    HHECL QONON EEGOS ELPCM AREOC

    MICAX


Next alphabet

Next Alphabet

  • MICAX in last line suggests “mical” (a common ending for an adjective), meaning #2 key is O :

    ALIMS RICKP OCKSL AIGHS ANOTO MICOL INTOG PACET VATIS QIITE ECCNO MICOL BUTTV EGOOD CNESI VSSEE NSCSE LDOAA RECLS ANAND HHECL EONON ESGOS ELDCM ARECC MICAL


Got it

Got It!

  • QI means that U maps into I, as Q is always followed by U:

    ALIME RICKP ACKSL AUGHS ANATO MICAL INTOS PACET HATIS QUITE ECONO MICAL BUTTH EGOOD ONESI VESEE NSOSE LDOMA RECLE ANAND THECL EANON ESSOS ELDOM ARECO MICAL

    A LIMERICK PACKS LAUGHS ANATOMICAL INTO SPACE THAT IS QUITE ECONOMICAL BUT THE GOOD ONES IVE SEEN SO SELDOM ARE CLEAN AND THE CLEAN ONES SO SELDOM ARE COMICAL


One time pad

One-Time Pad

  • A Vigenère cipher with a random key at least as long as the message

    • Perfectly secure (textbook 32.3.3)

    • Why? Look at ciphertext DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters

    • Impractical

      • Remember the key must be transmitted via a secure channel


Key points

Key Points

  • Two basic types of ciphers

    • Transposition ciphers and substitution ciphers

    • Product ciphers combine them

  • Caesar cipher uses one key

  • Vigenère cipher uses a sequence of keys

  • Cryptanalysis

    • Exhaustive search

    • Statistical analysis


Isa 562 information system security

ISA 562 Information System Security

Stream Cipher and Block Cipher


Overview4

Overview

  • Problems with naive use of ciphers

  • Stream Cipher

  • Block cipher

    • DES


Naive use of cipher

Naive Use of Cipher

  • Just encrypt each message (if message is too long, divide it into blocks and encrypt each block) and transmit the ciphertext’

  • What can go wrong?


Attack 1 forward search

Attack #1: Forward Search

  • Set of all possible messages is small

    • {buy, sell}

  • Public key cryptosystem used

    • Encryption key is public

  • Idea: precompute all (message, ciphertext) pairs

    • (buy, cbuy ), (sell, csell)

  • When ciphertext csell is intercepted, the adversary knows the message is sell even without decryption

  • Digitized sound

    • Seems like far too many possible plaintexts (232)

      • Redundancy in human speech reduces this to 100,000 (≈ 217)

      • This is small enough to worry about


Attack 2 misordered blocks

Attack #2: Misordered Blocks

  • Alice sends Bob message

    • Message LIVE is too long to be encrypted, so divide into blocks and encrypt each letter

    • Plaintext 11 08 21 04 and Ciphertext is 44 57 21 16

  • A man-in-the-middle Eve intercepts the ciphertext

    • Rearranges blocks to be 16 21 57 44

  • Bob gets modified ciphertext and deciphers it

    • He sees EVIL


Attack 3 statistical regularities

Attack #3: Statistical Regularities

  • Encrypting repeated plaintext with the same key produces the same ciphertext

  • Recall the Kasiski method


Overview5

Overview

  • Problems with naive use of ciphers

  • Stream Cipher

  • Block cipher

    • DES


Stream cipher vs block cipher

Stream Cipher vs Block Cipher

  • E encipherment function

    • Ek(b) encipherment of message b with key k

    • In what follows, m = b1b2…, each bi of fixed length

  • Block cipher

    • Ek(m) = Ek(b1)Ek(b2) …

  • Stream cipher

    • k = k1k2…

    • Ek(m) = Ek1(b1)Ek2(b2) …

    • If k1k2… repeats itself, cipher is periodic

    • For example, Vigenère cipher


Overview6

Overview

  • Problems with naive use of ciphers

  • Stream Cipher

  • Block cipher

    • DES


Block ciphers

Block Ciphers

  • Encipher, decipher a block (multiple bits) at once

  • ECB (electronic code book): each block is enciphered independently

  • Problem:identical plaintext blocks produce identical ciphertext blocks

    • Example: two database records

      • MEMBER: HOLLY INCOME $100,000

      • MEMBER: HEIDI INCOME $100,000

    • Encipherment:

      • ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN

      • ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN


Solutions

Solutions

  • Insert information about block’s position into the plaintext block, then encipher

  • Cipher block chaining (CBC):

    • Exclusive-or current plaintext block with previous ciphertext block:

      • c0 = Ek(m0  I)

      • ci = Ek(mi ci–1) for i > 0

        where I is the initialization vector


Cipher block chaining

Cipher Block Chaining

current plaintext block

previous ciphertext block

+

key

D

E

key

previous

ciphertext block

+

current plaintext block


Multiple encryption

Multiple Encryption

  • Double encipherment: c = Ek (Ek(m))

    • Expected key length is 2n, if k, k are length n

    • Problem: known plaintext attack needs 2n+1 encryptions, not 22n encryptions; so effective key length is only n+1

  • Triple encipherment:

    • EDE mode: c = Ek (Dk (Ek (m))

      • Chosen plaintext attack takes O(2n) time using 2n ciphertexts

    • Triple encryption mode: c = Ek (Ek (Ek (m))

      • Best attack requires O(22n) time, O(2n) memory


Overview7

Overview

  • Background

  • Secret Key Cryptography

    • Caesar cipher

    • Vigenère cipher

    • DES


Overview of the des

Overview of the DES

  • A product cipher

    • Both substitution and transposition on the bits

  • A block cipher:

    • encrypts plaintext blocks of 64 bits using a 56 bit key, and outputs 64 bits of ciphertext

  • Developed by IBM; in 1977 adopted by NIST, with NSA approval for unclassified information

  • Also widely used by the public sector

  • E and D are public, but the design principles are classified


Generation of round keys

Generation of Round Keys

  • Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key

  • Round keys are 48 bits each


Encipherment

Encipherment


The f function

The f Function


Des modes

DES Modes

  • Electronic Code Book Mode (ECB)

    • Encipher each block independently

  • Cipher Block Chaining Mode (CBC)

    • XOR each block with previous ciphertext block

    • Requires an initialization vector for the first one

  • Double DES Mode (2 keys: k, k)

    • c = DESk(DESk–1(DESk(m)))

  • Triple DES Model (3 keys: k, k, k)

    • c = DESk(DESk(DESk(m)))


Controversy

Controversy

  • Considered too weak

    • Major weakness is key size of 56 bits (on the threshold of allowing exhaustive-search known-plaintext attacks)

    • Design decisions not public

      • S-boxes may have backdoors


Lifetime of des

Lifetime of DES

  • 1977Approved as a Federal standard with 5 year cycle of re-certification

  • 1987Reluctantly reapproved for 5 years

  • 1993Approved for another 5 years

  • 1999NIST could no longer support the use of DES

    • Phase out use of Single DES (use permitted in legacy systems only)

    • Use Triple DES

  • October 2, 2000 A new encryption standard was announced, but Triple DES will remain an approved algorithm (for US Government use) for the foreseeable future


Advanced encryption standard aes

Advanced Encryption Standard (AES)

  • NIST selected DRijndael as Advanced Encryption Standard (AES), successor to DES

    • Developers are Vincent Rijmen & Joan Daeman

    • Designed to withstand attacks successful on DES

    • Also a product cipher

    • Keys of 128/192/256 bits

      • Key space: 3.4 x 1038 for 128-bit key, 6.2 x 1057 for 192-bit key and 1.1 x 1077 for 256-bit key

      • In comparison, key space for DES is 7.2 x 1016

      • 1021 times more keys in 128-bit AES keys than DES with 56-bit keys

    • Blocks of 128 bits


Key points1

Key Points

  • Naive use of ciphers creates problems

  • Stream cipher

    • How to generate a long key

  • Block cipher

    • ECB, CBC, Double-encryption, Triple-encryption

  • DES


  • Login