- 116 Views
- Uploaded on
- Presentation posted in: General

ISA 562 Information Security Theory & Practice

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

ISA 562 Information Security Theory & Practice

Cryptography

Chapter 9 of Bishop’s Book

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

- Cryptology means hidden writing
- Comes from the Greek words (hidden or secret) and (writing)
- A mechanism for
- Confidentiality
- Integrity (authentication, non-repudiation)

- In the face of
- passive, and
- active attacks

- Encryption: the process of coding a message to conceal its meaning
- Decryption: The process of transforming an encrypted message into the original form
- Often we use encode or encipher instead of encrypt, and decode or decipher instead of decrypt

- Plaintext or Cleartext: A message in its original form
- Ciphertext:A message in the encrypted form
- Cryptography: The practice (or art) of using encryption to conceal text
- Cryptosystem: A system for encryption and decryption
- Cryptographer: Invents encryption algorithms (“Good Guys”)
- Cryptanalyst:Attempts to break encryption algorithms (“Bad Guys”)

SECRET KEY

Symmetric Key

Single Key

Conventional

PUBLIC KEY

Asymmetric Key

Two Keys

Plain-

text

Plain-

text

Ciphertext

Encryption

Algorithm

Decryption

Algorithm

INSECURE CHANNEL

A

B

K

K

SECURE CHANNEL

Secret Key

shared by

A and B

Plain-

text

Plain-

text

Ciphertext

Encryption

Algorithm

Decryption

Algorithm

INSECURE CHANNEL

A

B

B's Public Key

B's Private Key

RELIABLE CHANNEL

B's Public Key

- Quintuple (E, D, M, K, C)
- M set of plaintexts
- K set of keys
- C set of ciphertexts
- E set of encryption functions e: M KC
- c = e(k,m)

- D set of decryption functions d: C KM
- m = d(k’,c)

- Is k=k’?
- Who keeps k and k’?

- Example: Caesar cipher
- M= { all sequences of letters }
- K = { i | i is an integer and 0 ≤ i ≤ 25 }
- E = { Ek | kK, where Ek(m) = (m + k) mod 26 for any letter m}
- E0 (a) = a, E2 (b) = ?, E2 (y) = ?

- D = { Dk | kK, where Dk(c) = (26 + c–k) mod 26 for any letter c}
- D0 (a) = a, D2 (b) = ?, D2 (y) = ?

- C = M

m

c

k

- Adversary ’sgoal is to break the cryptosystem
- Knows e and dbut not k
- Knows how the lock works, but don’t’ know the combination

- Break the cryptosystem = get the key
- Real objective might be to discover the plaintext message, but this is generally assumed to be equivalent to discovering the key
- Unlock the cabinet (and use the remote control)

- Types of attacks:
- ciphertext only: adversary has only ciphertext
- The enemy intercepted encrypted messages

- known plaintext: adversary has some plaintext-ciphertext pairs
- The enemy later learned the content of those messages

- chosen plaintext: adversary has plaintext-ciphertext pairs for plaintext of the cryptanalyst's choice
- A spy submit fake messages for encryption

- chosen ciphertext: adversary has plaintext-ciphertext pairs for ciphertext of the cryptanalyst's choice
- A spy submit fake encrypted messages for decryption

- ciphertext only: adversary has only ciphertext

- Mathematical attacks
- Based on analysis of underlying mathematics

- Statistical attacks
- Natural language contains particular distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. ,in a natural language
- Called models of the language
- In English, ‘e’ appears the most frequently (65 times more frequently than the least frequent ‘z’ and ‘q’)
- In this handout: ‘e’ 1769, ‘z’ 27, ‘q’ 68

- Encryption may not fully destroy the distribution, so observe the ciphertext for related properties

- Natural language contains particular distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. ,in a natural language

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

- Sender, receiver share common key
- Keys may be the same, or trivial to derive from one another
- Also called symmetric key cryptography

- Two basic types
- Transposition ciphers
- Substitution ciphers
- Combinations are called product ciphers

- Rearrange letters in plaintext to produce ciphertext
- Example (Rail-Fence Cipher)
- Plaintext is HELLO WORLD
- Rearrange as HLOOL ELWRD
- Ciphertext is HLOOL ELWRD

- Permutation
- Does not alter frequency of single characters
- Called a 1-gram

- Anagramming
- If 1-grams of ciphertext match English frequencies, but other n-grams (that is, frequency of n-tuple of characters) do not, probably transposition
- Rearrange letters to form n-grams with highest frequencies
HELLO WORLD

HLOOL

ELWRD

HLOOL ELWRD

Permutations do not change frequency of single characters, but do change frequency of pairs of characters

- Ciphertext: HLOOLELWRD
- In English, frequencies of 2-grams starting w/ H
- HE0.0305 the winner!
- HO 0.0043
- HL, HW, HR, HD < 0.0010

- Frequencies of 2-grams ending in H
- WH 0.0026
- EH, LH, OH, RH, DH ≤ 0.0002

- Implies E follows H

- Arrange so the H and E are adjacent
HE

LL

OW

OR

LD

- Read off across, then down, to get original plaintext

HLOOL ELWRD

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

KHOOR ZRUOG

HELLO WORLD

- Change characters in plaintext to produce ciphertext
- Example (Caesar cipher)
- Plaintext is HELLO WORLD
- Change each letter to the third letter following it (X goes to A, Y to B, Z to C)
- Key is 3, usually written as letter ‘D’

- Ciphertext is KHOOR ZRUOG

- Exhaustive search
- If the key space is small enough, try all possible keys until you find the right one
- Caesar cipher has 26 possible keys

- Statistical analysis
- The right key should let decrypted message match the 1-gram model of English

- 1-grams of the ciphertext KHOOR ZRUOG
g 0.1h0.1k0.1o0.3

r0.2u0.1z0.1

- 1-grams of English p:
- Question: how to choose the right key such thatthe two 1-grams match the best?

- ‘Match the best’ means…
- The right key 0i 25 should maximize
(i) = 0.1•p (6 –i) + 0.1 •p (7 –i) + 0.1 •p (10 –i) + 0.3 •p (14 –i) + 0.2 •p (17 –i) + 0.1 •p (20 –i) + 0.1 •p (25 –i)

- 0.3 •p ( 14 –i )

(k) is maximum iff the two sides match (having similar relative percentage)

frequency of ‘o’

in ciphertext

frequency of decrypted ‘o’ in english

- Most probable keys, based on :
- i = 6, (i) = 0.0660
- plaintext EBIIL TLOLA

- i = 10, (i) = 0.0635
- plaintext AXEEH PHKEW

- i = 3, (i) = 0.0575
- plaintext HELLO WORLD

- i = 14, (i) = 0.0535
- plaintext WTAAD LDGAS

- i = 6, (i) = 0.0660
- Only English phrase is for i = 3
- That’s the key
- Why ranked #3?

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

- Key is too short
- Can be found by exhaustive search (13 tries)

- Statistical frequencies not concealed well
- 1-grams are not changed (only shifted)

- So make key longer
- Use a sequence as key: k1 k2 k3… kn(key space 26n)

- Conceal statistical frequencies through diffusion
- Use ki to encrypt the ith letter of plaintext
- Statistical patterns average out

- Example
- Message THE BOY HAS THE BALL
- Key VIG repeating
- Period of the key is 3

- Encipher using Caesar cipher for each letter:
key VIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

Cipher OPKWWECIYOPKWIRG

GIV

A G I V

B H J W

E L M Z

H N P C

L R T G

O U W J

S Y A N

T Z B O

Y E H T

Tableau shown has relevant rows, columns only (full version: Figure 9-3 in textbook)

key

plaintext

key VIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

Cipher OPKWWECIYOPKWIRG

- Approach
- Establish period; call it n
- Break message into n parts, each part being enciphered using the same key letter
- Solve each part

- We will show each step

keyVIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

CipherOPKWWECIYOPKWIRG

- We want to break this cipher:
ADQYS MIUSB OXKKT MIBHK IZOOO

EQOOG IFBAG KAUMF VVTAA CIDTW

MOCIO EQOOG BMBFV ZGGWP CIEKQ

HSNEW VECNE DLAAV RWKXS VNSVP

HCEUT QOIOF MEGJS WTPCH AJMOC

HIUIX

- Kaskski: if characters of the key appear over the same characters in the plaintext, repetitions in the ciphertext will occur
key VIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

cipher OPKWWECIYOPKWIRG

- Distance between repetitions is 9, so the period must be a factor of 9 (that is, 1, 3, or 9)
- Will the ciphertext contain the same repetition in the following two cases?

key VIGVIGVIGVIGVIGVI

plain THEBOOYHASTHEBALL

key VIGJVIGJVIGJVIGJ

plain THEBOYHASTHEBALL

- The longest repetition OEQOOG is probably not a coincidence
- Distance is 30

- The second longest is MOC
- Distance is 72

- GCD of 30 and 72 is 6
- Others
- (7/10) have 2 in their factors
- (6/10) have 3 in their factors

- 6 is a probable period

- Index of coincidence (IC)
- The probability that any two randomly chosen letters from ciphertext are the same

- A measure of variation in frequencies of letters
- IC of aaaaaaaabc (> or <) IC of aabcdefghi ?

- This variation depends on the period of key
- Longer key tends to average out statistical patterns that exist in English (and thus in plaintext)

- Known result of period - IC
1 - 0.066 3 - 0.0475 - 0.044

2 - 0.052 4 - 0.04510 - 0.041 larger-0.038

- IC =0≤i≤25 (Fi (Fi– 1))
(n (n– 1))

- where n is length of ciphertext and Fi the number of times character i occurs in ciphertext
- aaaaa aaabb

- Here, IC = 0.043
- Indicates a period of slightly more than 5
- Agrees with the previous estimate 6
- Step 1 done; now we have the key period

alphabet 1: AIKHOIATTOBGEEERNEOSAI IC 0.069

alphabet 2: DUKKEFUAWEMGKWDWSUFWJUIC 0.078

alphabet 3: QSTIQBMAMQBWQVLKVTMTMIIC 0.078

alphabet 4: YBMZOAFCOOFPHEAXPQEPOXIC 0.056

alphabet 5: SOIOOGVICOVCSVASHOGCCIC 0.124

alphabet 6: MXBOGKVDIGZINNVVCIJHHIC 0.043

- 1,2,3,5 indicate period 1
- 4 and 6 don’t (well, statistics)
- Step 2 done; now we are dealing with 6 Caesar ciphers!

ADQYS MIUSB OXKKT MIBHKIZOOO

EQOOG IFBAG KAUMF VVTAA CIDTW

MOCIO EQOOG BMBFV ZGGWP CIEKQ

HSNEW VECNE DLAAV RWKXS VNSVP

HCEUT QOIOF MEGJS WTPCH AJMOC

HIUIX

ABCDEFGHIJKLMNOPQRSTUVWXYZ

131004011301001300112000000

210022210013010000010404000

312000000201140004013021000

421102201000010431000000211

510500021200000500030020000

6 01110022311012100000030101

- Letter frequencies in English
HMMMHMMHHMMMMHHMLHHHMLLLLL

- #1 matches – the key is a

(H high, M medium, L low)

- #3 matches if I shifted to A
- #6 matches if V shifted to A
- Substitute into ciphertext (bold are substitutions)
ADIYS RIUKB OCKKL MIGHKAZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKIHSSEW NECSE DDAAA RWCXS ANSNPHHEUL QONOF EEGOS WLPCM AJEOC MIUAX

- AJE in last line suggests “are”, meaning #2 key is s :
ALIYS RICKB OCKSL MIGHS AZOTO

MIOOL INTAG PACEF VATIS CIITE

EOCNO MIOOL BUTFV EGOOP CNESI

HSSEE NECSE LDAAA RECXS ANANP

HHECL QONON EEGOS ELPCM AREOC

MICAX

- MICAX in last line suggests “mical” (a common ending for an adjective), meaning #2 key is O :
ALIMS RICKP OCKSL AIGHS ANOTO MICOL INTOG PACET VATIS QIITE ECCNO MICOL BUTTV EGOOD CNESI VSSEE NSCSE LDOAA RECLS ANAND HHECL EONON ESGOS ELDCM ARECC MICAL

- QI means that U maps into I, as Q is always followed by U:
ALIME RICKP ACKSL AUGHS ANATO MICAL INTOS PACET HATIS QUITE ECONO MICAL BUTTH EGOOD ONESI VESEE NSOSE LDOMA RECLE ANAND THECL EANON ESSOS ELDOM ARECO MICAL

A LIMERICK PACKS LAUGHS ANATOMICAL INTO SPACE THAT IS QUITE ECONOMICAL BUT THE GOOD ONES IVE SEEN SO SELDOM ARE CLEAN AND THE CLEAN ONES SO SELDOM ARE COMICAL

- A Vigenère cipher with a random key at least as long as the message
- Perfectly secure (textbook 32.3.3)
- Why? Look at ciphertext DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters
- Impractical
- Remember the key must be transmitted via a secure channel

- Two basic types of ciphers
- Transposition ciphers and substitution ciphers
- Product ciphers combine them

- Caesar cipher uses one key
- Vigenère cipher uses a sequence of keys
- Cryptanalysis
- Exhaustive search
- Statistical analysis

ISA 562 Information System Security

Stream Cipher and Block Cipher

- Problems with naive use of ciphers
- Stream Cipher
- Block cipher
- DES

- Just encrypt each message (if message is too long, divide it into blocks and encrypt each block) and transmit the ciphertext’
- What can go wrong?

- Set of all possible messages is small
- {buy, sell}

- Public key cryptosystem used
- Encryption key is public

- Idea: precompute all (message, ciphertext) pairs
- (buy, cbuy ), (sell, csell)

- When ciphertext csell is intercepted, the adversary knows the message is sell even without decryption
- Digitized sound
- Seems like far too many possible plaintexts (232)
- Redundancy in human speech reduces this to 100,000 (≈ 217)
- This is small enough to worry about

- Seems like far too many possible plaintexts (232)

- Alice sends Bob message
- Message LIVE is too long to be encrypted, so divide into blocks and encrypt each letter
- Plaintext 11 08 21 04 and Ciphertext is 44 57 21 16

- A man-in-the-middle Eve intercepts the ciphertext
- Rearranges blocks to be 16 21 57 44

- Bob gets modified ciphertext and deciphers it
- He sees EVIL

- Encrypting repeated plaintext with the same key produces the same ciphertext
- Recall the Kasiski method

- Problems with naive use of ciphers
- Stream Cipher
- Block cipher
- DES

- E encipherment function
- Ek(b) encipherment of message b with key k
- In what follows, m = b1b2…, each bi of fixed length

- Block cipher
- Ek(m) = Ek(b1)Ek(b2) …

- Stream cipher
- k = k1k2…
- Ek(m) = Ek1(b1)Ek2(b2) …
- If k1k2… repeats itself, cipher is periodic
- For example, Vigenère cipher

- Problems with naive use of ciphers
- Stream Cipher
- Block cipher
- DES

- Encipher, decipher a block (multiple bits) at once
- ECB (electronic code book): each block is enciphered independently
- Problem:identical plaintext blocks produce identical ciphertext blocks
- Example: two database records
- MEMBER: HOLLY INCOME $100,000
- MEMBER: HEIDI INCOME $100,000

- Encipherment:
- ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN
- ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN

- Example: two database records

- Insert information about block’s position into the plaintext block, then encipher
- Cipher block chaining (CBC):
- Exclusive-or current plaintext block with previous ciphertext block:
- c0 = Ek(m0 I)
- ci = Ek(mi ci–1) for i > 0
where I is the initialization vector

- Exclusive-or current plaintext block with previous ciphertext block:

current plaintext block

previous ciphertext block

+

key

D

E

key

previous

ciphertext block

+

current plaintext block

- Double encipherment: c = Ek (Ek(m))
- Expected key length is 2n, if k, k are length n
- Problem: known plaintext attack needs 2n+1 encryptions, not 22n encryptions; so effective key length is only n+1

- Triple encipherment:
- EDE mode: c = Ek (Dk (Ek (m))
- Chosen plaintext attack takes O(2n) time using 2n ciphertexts

- Triple encryption mode: c = Ek (Ek (Ek (m))
- Best attack requires O(22n) time, O(2n) memory

- EDE mode: c = Ek (Dk (Ek (m))

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher
- DES

- A product cipher
- Both substitution and transposition on the bits

- A block cipher:
- encrypts plaintext blocks of 64 bits using a 56 bit key, and outputs 64 bits of ciphertext

- Developed by IBM; in 1977 adopted by NIST, with NSA approval for unclassified information
- Also widely used by the public sector
- E and D are public, but the design principles are classified

- Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key
- Round keys are 48 bits each

- Electronic Code Book Mode (ECB)
- Encipher each block independently

- Cipher Block Chaining Mode (CBC)
- XOR each block with previous ciphertext block
- Requires an initialization vector for the first one

- Double DES Mode (2 keys: k, k)
- c = DESk(DESk–1(DESk(m)))

- Triple DES Model (3 keys: k, k, k)
- c = DESk(DESk(DESk(m)))

- Considered too weak
- Major weakness is key size of 56 bits (on the threshold of allowing exhaustive-search known-plaintext attacks)
- Design decisions not public
- S-boxes may have backdoors

- 1977Approved as a Federal standard with 5 year cycle of re-certification
- 1987Reluctantly reapproved for 5 years
- 1993Approved for another 5 years
- 1999NIST could no longer support the use of DES
- Phase out use of Single DES (use permitted in legacy systems only)
- Use Triple DES

- October 2, 2000 A new encryption standard was announced, but Triple DES will remain an approved algorithm (for US Government use) for the foreseeable future

- NIST selected DRijndael as Advanced Encryption Standard (AES), successor to DES
- Developers are Vincent Rijmen & Joan Daeman
- Designed to withstand attacks successful on DES
- Also a product cipher
- Keys of 128/192/256 bits
- Key space: 3.4 x 1038 for 128-bit key, 6.2 x 1057 for 192-bit key and 1.1 x 1077 for 256-bit key
- In comparison, key space for DES is 7.2 x 1016
- 1021 times more keys in 128-bit AES keys than DES with 56-bit keys

- Blocks of 128 bits

- Naive use of ciphers creates problems
- Stream cipher
- How to generate a long key

- Block cipher
- ECB, CBC, Double-encryption, Triple-encryption

- DES