- 75 Views
- Uploaded on
- Presentation posted in: General

CSCE 727 Cryptography

CSCE 727Cryptography

Confidential

Insecure channel

Sender

Recipient

www.applebuz.com

Secure communications

confidential

Insecure channel

Sender

Recipient

www.applebuz.com

Terminology

- Plaintext, cleartext: an “unhidden” message
- Encryption: transform a message to hide its meaning
- Ciphertext, cyphertext: an encrypted message
- Cipher: cryptographic algorithm. Mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm).
- Decryption: recovering plaintext from ciphertext
- Cryptography: art and science of keeping messages secure
- Cryptanalysis: art and science of breaking ciphertext
- Cryptology: study of both cryptography and cryptanalysis

www.applebuz.com

- Enciphering and deciphering algorithms must be efficient for all keys
- Coding and decoding at the time of transmission may be bottleneck

- System must be easy to use
- Ease of finding key with an invertible transformation

- Security should depend on the the secrecy of the keys not on the secrecy of the algorithms
- Algorithms must be inherently strong, i.e., encryption cannot be broken by simply knowing the method of encryption

www.applebuz.com

What makes a good cryptosystem?

- A good cryptosystem is one whose security does not depend upon the secrecy of the algorithm. This is why cryptographers are so unhappy about NSA's refusal to release details of SkipJack (Clipper).
- From Schneier:
- “Good cryptographers rely on peer review to separate the good algorithms from the bad.''

www.applebuz.com

- Unconditionally secure: impossible to decrypt. No amount of ciphertext will enable a cryptanalyst to obtain the plaintext without restrictions on technology
- Computationally secure: an algorithm that is not breakable in practice based on worst case scenario (based on the best known methods) and current technology
- Breakable: all algorithms (except one-time pad) are theoretically breakable

www.applebuz.com

Cryptanalyst’s goal:

- Break message
- Break key
- Break algorithm

www.applebuz.com

- Computationally infeasible to systematically determine the deciphering transformation for a given cipher, even if the corresponding plaintext is known
- Prevents decoding additional ciphertexts

- Computationally infeasible to systematically determine plaintext for a given cipher
- Prevents decoding the given ciphertext

www.applebuz.com

- Computationally infeasible to systematically determine enciphering transformation for a given cipher, even if the corresponding plaintext is known
- Prevents creating false ciphertext

- Computationally infeasible to find ciphertext such that it deciphers into a valid plaintext
- Prevents cipher substitution

www.applebuz.com

Taxonomy of Attacks

- Ciphertext-only attack: attacker has ciphertext for messages encrypted with E.
- Known plaintext attack: attacker additionally knows the plaintext of the messages.
- Chosen plaintext attack: attacker can select the encrypted plaintext for at least some messages.
- Chosen ciphertext attack: attacker can obtain decrypted (plaintext) versions of selected ciphertext.

www.applebuz.com

- Conventional (symmetric-key) cryptosystem
- Public-key (asymmetric-key) cryptosystem
- Quantum cryptosystem
- Hash Functions

www.applebuz.com

Plaintext

M

Ciphertext

C

Plaintext

M

Encryption

Decryption

Sender

Recipient

K

K

Secure channel

C=E(K,M)

M=D(K,C)

Key source

www.applebuz.com

Secret Key Cryptosystem Vulnerabilities (1)

Passive Attacker (Eavesdropper)

- Obtain and/or guess key and cryptosystem use these to decrypt messages
- Capture text in transit and try a ciphertext-only attack to obtain plaintext.

www.applebuz.com

Secret Key Cryptosystem Vulnerabilities (2)

Active Attacker

- Break communication channel (denial of service)
- Obtain and/or guess key and cryptosystem and use these to send false messages

www.applebuz.com

Inherent Weaknesses of Symmetric Cryptography

- Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other)
- Need a key for each pair of users
- n users need n*(n-1)/2 keys

- If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages

www.applebuz.com

- Steganography
- Substitution
- Permutation
- Combinations and iterations of these

www.applebuz.com

- Conceals the existence of secret message
- Needs:
- Carrier medium: text, picture, etc.
- Encoding schema: defines how to insert message into the carrier medium

- Not efficient – good for small messages only

www.applebuz.com

Before computers:

- Character markings: selected letters of printed or typewritten text are overwritten in pencil
- Invisible ink: not visible until some chemical reactions take place
- Pin punctures: tiny punctures on selected letters
Computer aided:

- Modification of digital carrier, e.g., digital image, sound, etc.
- Supported by secret key
- Digital watermarking

www.applebuz.com

- Simple substitution
- Monoalphabetic cipher
- Multiple letter encryption
- Polyalphabetic cipher

www.applebuz.com

- C=E(K,M), e.g., C=(M+n) mod 26
plaintext: A B C D E …

ciphertext: A B C D E F …

e.g., M=CAB

C =ECD

- Advantages: simple to implement
- Disadvantages: easy to break (25 possibilities for English alphabet)

www.applebuz.com

- Arbitrary substitution for each plaintext symbol, e.g.,
C E, A C, B D

- M=CAB
- C =ECD
- Advantages: large key space 26!
- Disadvantages: trivially broken for known plaintext attack

www.applebuz.com

- A set of related monoalphabetic substitution rules is used
- A key determines which particular rule is chosen for a given transformation
- Example: Vigenere cipher – based on 26 Caesar ciphers
- Advantages: there are multiple ciphertext for a plaintext letter
- Disadvantages: periodic nature of key makes it breakable with statistical cryptanalysis

www.applebuz.com

- Perfect Secrecy!
- Large, non-repeating set of keys
- Key is larger than the message
- Advantages: immune to most attacks
- Disadvantages:
- Need total synchronization
- Need very long, non-repeating key
- Key cannot be reused

www.applebuz.com

- Letters of the message are rearranged
- Break patterns
e.g., columnar transposition

Plaintext: this is a test

t h i s

i s a ttiehssiatst!

e s t !

- Advantages: easy to implement
- Disadvantages:
- Easy to recognize – same letter frequency as the original plaintext
- Trivially broken for known plaintext attack
- Easily broken for cipher only attack
- Multiple encipherment does not help

www.applebuz.com

- Substitution followed by permutation, followed by substitution, followed by permutation…
- One encryption applied to the result of the other En(En-1(…(E1(M)))
- Broken for
- Chosen plaintext

www.applebuz.com

- Mathematics to design strong product ciphers is classified
- Breakable by exhaustive search for known plaintext, chosen plaintext and chosen ciphertext attacks
- Security: computational complexity of computing the key under the above scenarios

www.applebuz.com

Data Encryption Standard (DES)

- DES is a product cipher
- 56 bit key size
- 64 bit block size for plaintext and cipher text

- Developed by IBM and adopted by NIST with NSA approval
- Encryption and decryption algorithms are public but the design principles are classified

www.applebuz.com

- Adopted by NIST to replace DES
- January 2, 1997: NIST announces the initiation of an effort to develop the AES (62 FR 93)
- Based on Rijndael algorithm

www.applebuz.com

- Chosen for: security, performance, efficiency, ease of implementation, and flexibility
- Block cipher (variable block and key length)
- Federal Information Processing Standard (FIPS)

www.applebuz.com

- Rijndael
- Symmetric, block cipher
- Key size: 128, 192, or 256 bits
- Block size: 128
- Processed as 4 groups of 4 bytes (state)
- Operates on the entire block in every round

- Number of rounds depending on key size:
- Key=128 9 rounds
- Key=192 11 rounds
- Key=256 13 rounds

www.applebuz.com

- Designed by X. Lai and J. Massey Swiss Federal Institute of Technology, 1990
- 64 bit block cipher
- Key size: 128 bits
- Used by Pretty Good Privacy (PGP) to encrypt electronic mail

www.applebuz.com

- DESX: modification of DES
- Blowfish: fast, compact and simple block cipher. Variable key length up to 448 bits
- RC2: block cipher. Variable key length up to 2048 bits
- RC4: stream cipher. Variable key length up to 448 bits
- RC5: block cipher. Allows user defined key length, data block size, and number of encryption rounds.

www.applebuz.com

- Two keys – one is private one is public
- Solves the key distribution problem (but need reliable channel)
- Provides electronic signatures
- Slower than secret-key encryption

www.applebuz.com

Public-Key Encryption

- Needed for security:
- One of the keys must be kept secret
- Impossible (at least impractical) to decipher message if no other information is available
- Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key

www.applebuz.com

Insecure channel

Ciphertext

Plaintext

Plaintext

Encryption

Alg.

Decryption

Alg.

B

Recipient

A

Sender

B’s private key

B’s public key

(need reliable channel)

www.applebuz.com

- Public key:(n,e)
- Secret key:(n,d)
- n is a 200 digit number
- C = Me mod n
- M = Cd mod n

www.applebuz.com

Key size:

- RSA: selected by user
(usually n is 154 digit (512 bits) so key is 1024 bits)

- DES: 64 bits (56 effective)

www.applebuz.com

- RSA Property: encryption and decryption are commutative
- Encryption followed by decryption yields the original message
(Me mod n)d mod n = M

- Decryption followed by encryption yields the original message
(Md mod n)e mod n = M

- Encryption followed by decryption yields the original message
- Cryptosystems that preserve message length have this property

www.applebuz.com

Digital Signatures in RSA

Insecure channel

Sign

Verify

Plaintext

Signed

plaintext

Plaintext

Decryption

Alg.

Encryption

Alg.

B

A

A’s private key

A’s public key

(need reliable channel)

www.applebuz.com

B

Encrypted

Signed

Plaintext

A

Signed

Plaintext

Signed

Plaintext

Plaintext

Plaintext

D

E

D

E

B’s public key

A’s public key

B’s private key

A’s private key

www.applebuz.com

- Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression)
- Given h and x, h(x) is easy to compute (ease of computation)

www.applebuz.com

- Preimage resistant (one-way): if for all specified outputs, it is computationally infeasible to find any input that hashes to that output
- Second-preimage resistent (weak collision resistant): if it is computationally infeasible to find any second input which has the same output as any specified input
- Collision resistant (strong collision resistant): if it is computationally infeasible to find any distinct inputs that has the same output

www.applebuz.com

- Message digest
- Used for authenticity and integrity purposes
- Algorithms:
- SHA-1MD2,MD4,
- MD5

www.applebuz.com

- Input of arbitrary length
- Output: 128 bits
- Block size: 512 bits

www.applebuz.com

- SHA was developed by National Institute of Standards and Technology
- 1993: Published as Federal Information Processing Standard (FIPS PUB 180)
- Input: maximum length 264 bits
- Output: 160-bit digest
- Block size: 512-bit

www.applebuz.com

- Very similar
- Security: SHA’s digest is 32 bits longer without algorithm flows SHA is more secure
- Speed:SHA has more steps and produces 160-bit buffer SHA slower
- Simplicity and compactness: MD5 has more internal steps with varying buffer modification SHA is simpler

www.applebuz.com