- By
**riva** - Follow User

- 140 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'ISA 562 Information Security Theory Practice' - riva

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### ISA 562 Information System Security

Overview

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

Cryptography

- Cryptology means hidden writing
- Comes from the Greek words (hidden or secret) and (writing)
- A mechanism for
- Confidentiality
- Integrity (authentication, non-repudiation)
- In the face of
- passive, and
- active attacks

Terminology

- Encryption: the process of coding a message to conceal its meaning
- Decryption: The process of transforming an encrypted message into the original form
- Often we use encode or encipher instead of encrypt, and decode or decipher instead of decrypt
- Plaintext or Cleartext: A message in its original form
- Ciphertext:A message in the encrypted form
- Cryptography: The practice (or art) of using encryption to conceal text
- Cryptosystem: A system for encryption and decryption
- Cryptographer: Invents encryption algorithms (“Good Guys”)
- Cryptanalyst:Attempts to break encryption algorithms (“Bad Guys”)

Secret Key Cryptosystem

Plain-

text

Plain-

text

Ciphertext

Encryption

Algorithm

Decryption

Algorithm

INSECURE CHANNEL

A

B

K

K

SECURE CHANNEL

Secret Key

shared by

A and B

Public Key Cryptosystem

Plain-

text

Plain-

text

Ciphertext

Encryption

Algorithm

Decryption

Algorithm

INSECURE CHANNEL

A

B

B\'s Public Key

B\'s Private Key

RELIABLE CHANNEL

B\'s Public Key

Notation for a Cryptosystem

- Quintuple (E, D, M, K, C)
- M set of plaintexts
- K set of keys
- C set of ciphertexts
- E set of encryption functions e: M KC
- c = e(k,m)
- D set of decryption functions d: C KM
- m = d(k’,c)
- Is k=k’?
- Who keeps k and k’?

Example

- Example: Caesar cipher
- M= { all sequences of letters }
- K = { i | i is an integer and 0 ≤ i ≤ 25 }
- E = { Ek | kK, where Ek(m) = (m + k) mod 26 for any letter m}
- E0 (a) = a, E2 (b) = ?, E2 (y) = ?
- D = { Dk | kK, where Dk(c) = (26 + c–k) mod 26 for any letter c}
- D0 (a) = a, D2 (b) = ?, D2 (y) = ?
- C = M

m

c

k

Cryptanalysis

- Adversary ’sgoal is to break the cryptosystem
- Knows e and dbut not k
- Knows how the lock works, but don’t’ know the combination
- Break the cryptosystem = get the key
- Real objective might be to discover the plaintext message, but this is generally assumed to be equivalent to discovering the key
- Unlock the cabinet (and use the remote control)

Cryptanalysis (Cont’d)

- Types of attacks:
- ciphertext only: adversary has only ciphertext
- The enemy intercepted encrypted messages
- known plaintext: adversary has some plaintext-ciphertext pairs
- The enemy later learned the content of those messages
- chosen plaintext: adversary has plaintext-ciphertext pairs for plaintext of the cryptanalyst\'s choice
- A spy submit fake messages for encryption
- chosen ciphertext: adversary has plaintext-ciphertext pairs for ciphertext of the cryptanalyst\'s choice
- A spy submit fake encrypted messages for decryption

Basis for Attacks

- Mathematical attacks
- Based on analysis of underlying mathematics
- Statistical attacks
- Natural language contains particular distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. ,in a natural language
- Called models of the language
- In English, ‘e’ appears the most frequently (65 times more frequently than the least frequent ‘z’ and ‘q’)
- In this handout: ‘e’ 1769, ‘z’ 27, ‘q’ 68
- Encryption may not fully destroy the distribution, so observe the ciphertext for related properties

Overview

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

Secret Key Cryptography

- Sender, receiver share common key
- Keys may be the same, or trivial to derive from one another
- Also called symmetric key cryptography
- Two basic types
- Transposition ciphers
- Substitution ciphers
- Combinations are called product ciphers

Transposition Cipher

- Rearrange letters in plaintext to produce ciphertext
- Example (Rail-Fence Cipher)
- Plaintext is HELLO WORLD
- Rearrange as HLOOL ELWRD
- Ciphertext is HLOOL ELWRD
- Permutation
- Does not alter frequency of single characters
- Called a 1-gram

Attacking the Transposition Cipher

- Anagramming
- If 1-grams of ciphertext match English frequencies, but other n-grams (that is, frequency of n-tuple of characters) do not, probably transposition
- Rearrange letters to form n-grams with highest frequencies

HELLO WORLD

HLOOL

ELWRD

HLOOL ELWRD

Permutations do not change frequency of single characters, but do change frequency of pairs of characters

Example

- Ciphertext: HLOOLELWRD
- In English, frequencies of 2-grams starting w/ H
- HE0.0305 the winner!
- HO 0.0043
- HL, HW, HR, HD < 0.0010
- Frequencies of 2-grams ending in H
- WH 0.0026
- EH, LH, OH, RH, DH ≤ 0.0002
- Implies E follows H

Example

- Arrange so the H and E are adjacent

HE

LL

OW

OR

LD

- Read off across, then down, to get original plaintext

HLOOL ELWRD

Overview

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

HELLO WORLD

Substitution Ciphers - Caesar cipher- Change characters in plaintext to produce ciphertext
- Example (Caesar cipher)
- Plaintext is HELLO WORLD
- Change each letter to the third letter following it (X goes to A, Y to B, Z to C)
- Key is 3, usually written as letter ‘D’
- Ciphertext is KHOOR ZRUOG

Attacking the Caesar Cipher

- Exhaustive search
- If the key space is small enough, try all possible keys until you find the right one
- Caesar cipher has 26 possible keys
- Statistical analysis
- The right key should let decrypted message match the 1-gram model of English

Statistical Attack on Caesar Cipher

- 1-grams of the ciphertext KHOOR ZRUOG

g 0.1 h 0.1 k 0.1 o 0.3

r 0.2 u 0.1 z 0.1

- 1-grams of English p:
- Question: how to choose the right key such thatthe two 1-grams match the best?

Correlation of Frequency

- ‘Match the best’ means…
- The right key 0i 25 should maximize

(i) = 0.1•p (6 –i) + 0.1 •p (7 –i) + 0.1 •p (10 –i) + 0.3 •p (14 –i) + 0.2 •p (17 –i) + 0.1 •p (20 –i) + 0.1 •p (25 –i)

- 0.3 •p ( 14 –i )

(k) is maximum iff the two sides match (having similar relative percentage)

frequency of ‘o’

in ciphertext

frequency of decrypted ‘o’ in english

Who is the Winner?

- Most probable keys, based on :
- i = 6, (i) = 0.0660
- plaintext EBIIL TLOLA
- i = 10, (i) = 0.0635
- plaintext AXEEH PHKEW
- i = 3, (i) = 0.0575
- plaintext HELLO WORLD
- i = 14, (i) = 0.0535
- plaintext WTAAD LDGAS
- Only English phrase is for i = 3
- That’s the key
- Why ranked #3?

Overview

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher

Caesar Cipher’s Problem

- Key is too short
- Can be found by exhaustive search (13 tries)
- Statistical frequencies not concealed well
- 1-grams are not changed (only shifted)
- So make key longer
- Use a sequence as key: k1 k2 k3… kn(key space 26n)
- Conceal statistical frequencies through diffusion
- Use ki to encrypt the ith letter of plaintext
- Statistical patterns average out

Vigenère Cipher

- Example
- Message THE BOY HAS THE BALL
- Key VIG repeating
- Period of the key is 3
- Encipher using Caesar cipher for each letter:

key VIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

Cipher OPKWWECIYOPKWIRG

G I V

A G I V

B H J W

E L M Z

H N P C

L R T G

O U W J

S Y A N

T Z B O

Y E H T

Tableau shown has relevant rows, columns only (full version: Figure 9-3 in textbook)

Relevant Parts of Tableaukey

plaintext

key VIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

Cipher OPKWWECIYOPKWIRG

Attacking the Cipher

- Approach
- Establish period; call it n
- Break message into n parts, each part being enciphered using the same key letter
- Solve each part
- We will show each step

keyVIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

CipherOPKWWECIYOPKWIRG

The Target Cipher

- We want to break this cipher:

ADQYS MIUSB OXKKT MIBHK IZOOO

EQOOG IFBAG KAUMF VVTAA CIDTW

MOCIO EQOOG BMBFV ZGGWP CIEKQ

HSNEW VECNE DLAAV RWKXS VNSVP

HCEUT QOIOF MEGJS WTPCH AJMOC

HIUIX

First Tool: Kaskski’s Method

- Kaskski: if characters of the key appear over the same characters in the plaintext, repetitions in the ciphertext will occur

key VIGVIGVIGVIGVIGV

plain THEBOYHASTHEBALL

cipher OPKWWECIYOPKWIRG

- Distance between repetitions is 9, so the period must be a factor of 9 (that is, 1, 3, or 9)
- Will the ciphertext contain the same repetition in the following two cases?

key VIGVIGVIGVIGVIGVI

plain THEBOOYHASTHEBALL

key VIGJVIGJVIGJVIGJ

plain THEBOYHASTHEBALL

Estimate of Period

- The longest repetition OEQOOG is probably not a coincidence
- Distance is 30
- The second longest is MOC
- Distance is 72
- GCD of 30 and 72 is 6
- Others
- (7/10) have 2 in their factors
- (6/10) have 3 in their factors
- 6 is a probable period

Second Tool: Index of Coincidence

- Index of coincidence (IC)
- The probability that any two randomly chosen letters from ciphertext are the same
- A measure of variation in frequencies of letters
- IC of aaaaaaaabc (> or <) IC of aabcdefghi ?
- This variation depends on the period of key
- Longer key tends to average out statistical patterns that exist in English (and thus in plaintext)
- Known result of period - IC

1 - 0.066 3 - 0.047 5 - 0.044

2 - 0.052 4 - 0.045 10 - 0.041 larger- 0.038

Compute IC of Our Ciphertext

- IC =0≤i≤25 (Fi (Fi– 1))

(n (n– 1))

- where n is length of ciphertext and Fi the number of times character i occurs in ciphertext
- aaaaa aaabb
- Here, IC = 0.043
- Indicates a period of slightly more than 5
- Agrees with the previous estimate 6
- Step 1 done; now we have the key period

Splitting Into Alphabets

alphabet 1: AIKHOIATTOBGEEERNEOSAI IC 0.069

alphabet 2: DUKKEFUAWEMGKWDWSUFWJU IC 0.078

alphabet 3: QSTIQBMAMQBWQVLKVTMTMI IC 0.078

alphabet 4: YBMZOAFCOOFPHEAXPQEPOX IC 0.056

alphabet 5: SOIOOGVICOVCSVASHOGCC IC 0.124

alphabet 6: MXBOGKVDIGZINNVVCIJHH IC 0.043

- 1,2,3,5 indicate period 1
- 4 and 6 don’t (well, statistics)
- Step 2 done; now we are dealing with 6 Caesar ciphers!

ADQYS MIUSB OXKKT MIBHKIZOOO

EQOOG IFBAG KAUMF VVTAA CIDTW

MOCIO EQOOG BMBFV ZGGWP CIEKQ

HSNEW VECNE DLAAV RWKXS VNSVP

HCEUT QOIOF MEGJS WTPCH AJMOC

HIUIX

Frequency Examination

ABCDEFGHIJKLMNOPQRSTUVWXYZ

131004011301001300112000000

2 10022210013010000010404000

3 12000000201140004013021000

4 21102201000010431000000211

5 10500021200000500030020000

6 01110022311012100000030101

- Letter frequencies in English

HMMMHMMHHMMMMHHMLHHHMLLLLL

- #1 matches – the key is a

(H high, M medium, L low)

Begin Decryption

- #3 matches if I shifted to A
- #6 matches if V shifted to A
- Substitute into ciphertext (bold are substitutions)

ADIYS RIUKB OCKKL MIGHK AZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKI HSSEW NECSE DDAAA RWCXS ANSNP HHEUL QONOF EEGOS WLPCM AJEOC MIUAX

Look For Clues

- AJE in last line suggests “are”, meaning #2 key is s :

ALIYS RICKB OCKSL MIGHS AZOTO

MIOOL INTAG PACEF VATIS CIITE

EOCNO MIOOL BUTFV EGOOP CNESI

HSSEE NECSE LDAAA RECXS ANANP

HHECL QONON EEGOS ELPCM AREOC

MICAX

Next Alphabet

- MICAX in last line suggests “mical” (a common ending for an adjective), meaning #2 key is O :

ALIMS RICKP OCKSL AIGHS ANOTO MICOL INTOG PACET VATIS QIITE ECCNO MICOL BUTTV EGOOD CNESI VSSEE NSCSE LDOAA RECLS ANAND HHECL EONON ESGOS ELDCM ARECC MICAL

Got It!

- QI means that U maps into I, as Q is always followed by U:

ALIME RICKP ACKSL AUGHS ANATO MICAL INTOS PACET HATIS QUITE ECONO MICAL BUTTH EGOOD ONESI VESEE NSOSE LDOMA RECLE ANAND THECL EANON ESSOS ELDOM ARECO MICAL

A LIMERICK PACKS LAUGHS ANATOMICAL INTO SPACE THAT IS QUITE ECONOMICAL BUT THE GOOD ONES IVE SEEN SO SELDOM ARE CLEAN AND THE CLEAN ONES SO SELDOM ARE COMICAL

One-Time Pad

- A Vigenère cipher with a random key at least as long as the message
- Perfectly secure (textbook 32.3.3)
- Why? Look at ciphertext DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters
- Impractical
- Remember the key must be transmitted via a secure channel

Key Points

- Two basic types of ciphers
- Transposition ciphers and substitution ciphers
- Product ciphers combine them
- Caesar cipher uses one key
- Vigenère cipher uses a sequence of keys
- Cryptanalysis
- Exhaustive search
- Statistical analysis

Stream Cipher and Block Cipher

Overview

- Problems with naive use of ciphers
- Stream Cipher
- Block cipher
- DES

Naive Use of Cipher

- Just encrypt each message (if message is too long, divide it into blocks and encrypt each block) and transmit the ciphertext’
- What can go wrong?

Attack #1: Forward Search

- Set of all possible messages is small
- {buy, sell}
- Public key cryptosystem used
- Encryption key is public
- Idea: precompute all (message, ciphertext) pairs
- (buy, cbuy ), (sell, csell)
- When ciphertext csell is intercepted, the adversary knows the message is sell even without decryption
- Digitized sound
- Seems like far too many possible plaintexts (232)
- Redundancy in human speech reduces this to 100,000 (≈ 217)
- This is small enough to worry about

Attack #2: Misordered Blocks

- Alice sends Bob message
- Message LIVE is too long to be encrypted, so divide into blocks and encrypt each letter
- Plaintext 11 08 21 04 and Ciphertext is 44 57 21 16
- A man-in-the-middle Eve intercepts the ciphertext
- Rearranges blocks to be 16 21 57 44
- Bob gets modified ciphertext and deciphers it
- He sees EVIL

Attack #3: Statistical Regularities

- Encrypting repeated plaintext with the same key produces the same ciphertext
- Recall the Kasiski method

Overview

- Problems with naive use of ciphers
- Stream Cipher
- Block cipher
- DES

Stream Cipher vs Block Cipher

- E encipherment function
- Ek(b) encipherment of message b with key k
- In what follows, m = b1b2…, each bi of fixed length
- Block cipher
- Ek(m) = Ek(b1)Ek(b2) …
- Stream cipher
- k = k1k2…
- Ek(m) = Ek1(b1)Ek2(b2) …
- If k1k2… repeats itself, cipher is periodic
- For example, Vigenère cipher

Overview

- Problems with naive use of ciphers
- Stream Cipher
- Block cipher
- DES

Block Ciphers

- Encipher, decipher a block (multiple bits) at once
- ECB (electronic code book): each block is enciphered independently
- Problem:identical plaintext blocks produce identical ciphertext blocks
- Example: two database records
- MEMBER: HOLLY INCOME $100,000
- MEMBER: HEIDI INCOME $100,000
- Encipherment:
- ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN
- ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN

Solutions

- Insert information about block’s position into the plaintext block, then encipher
- Cipher block chaining (CBC):
- Exclusive-or current plaintext block with previous ciphertext block:
- c0 = Ek(m0 I)
- ci = Ek(mi ci–1) for i > 0

where I is the initialization vector

Cipher Block Chaining

current plaintext block

previous ciphertext block

+

key

D

E

key

previous

ciphertext block

+

current plaintext block

Multiple Encryption

- Double encipherment: c = Ek (Ek(m))
- Expected key length is 2n, if k, k are length n
- Problem: known plaintext attack needs 2n+1 encryptions, not 22n encryptions; so effective key length is only n+1
- Triple encipherment:
- EDE mode: c = Ek (Dk (Ek (m))
- Chosen plaintext attack takes O(2n) time using 2n ciphertexts
- Triple encryption mode: c = Ek (Ek (Ek (m))
- Best attack requires O(22n) time, O(2n) memory

Overview

- Background
- Secret Key Cryptography
- Caesar cipher
- Vigenère cipher
- DES

Overview of the DES

- A product cipher
- Both substitution and transposition on the bits
- A block cipher:
- encrypts plaintext blocks of 64 bits using a 56 bit key, and outputs 64 bits of ciphertext
- Developed by IBM; in 1977 adopted by NIST, with NSA approval for unclassified information
- Also widely used by the public sector
- E and D are public, but the design principles are classified

Generation of Round Keys

- Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key
- Round keys are 48 bits each

DES Modes

- Electronic Code Book Mode (ECB)
- Encipher each block independently
- Cipher Block Chaining Mode (CBC)
- XOR each block with previous ciphertext block
- Requires an initialization vector for the first one
- Double DES Mode (2 keys: k, k)
- c = DESk(DESk–1(DESk(m)))
- Triple DES Model (3 keys: k, k, k)
- c = DESk(DESk(DESk(m)))

Controversy

- Considered too weak
- Major weakness is key size of 56 bits (on the threshold of allowing exhaustive-search known-plaintext attacks)
- Design decisions not public
- S-boxes may have backdoors

Lifetime of DES

- 1977 Approved as a Federal standard with 5 year cycle of re-certification
- 1987 Reluctantly reapproved for 5 years
- 1993 Approved for another 5 years
- 1999 NIST could no longer support the use of DES
- Phase out use of Single DES (use permitted in legacy systems only)
- Use Triple DES
- October 2, 2000 A new encryption standard was announced, but Triple DES will remain an approved algorithm (for US Government use) for the foreseeable future

Advanced Encryption Standard (AES)

- NIST selected DRijndael as Advanced Encryption Standard (AES), successor to DES
- Developers are Vincent Rijmen & Joan Daeman
- Designed to withstand attacks successful on DES
- Also a product cipher
- Keys of 128/192/256 bits
- Key space: 3.4 x 1038 for 128-bit key, 6.2 x 1057 for 192-bit key and 1.1 x 1077 for 256-bit key
- In comparison, key space for DES is 7.2 x 1016
- 1021 times more keys in 128-bit AES keys than DES with 56-bit keys
- Blocks of 128 bits

Key Points

- Naive use of ciphers creates problems
- Stream cipher
- How to generate a long key
- Block cipher
- ECB, CBC, Double-encryption, Triple-encryption
- DES

Download Presentation

Connecting to Server..