Loading in 5 sec....

CS 5950/6030 Network Security Class 6 (W, 9/ 14 /05)PowerPoint Presentation

CS 5950/6030 Network Security Class 6 (W, 9/ 14 /05)

- By
**cybil** - Follow User

- 92 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'CS 5950' - cybil

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Computer can help find words in a big electronic book quickly!

CS 5950/6030 Network SecurityClass 6 (W, 9/14/05)

Leszek Lilien

Department of Computer Science

Western Michigan University

[Using some slides prepared by:

Prof. Aaron Striegel, U. of Notre Dame

Prof. Barbara Endicott-Popovsky, U. Washington, Prof. Deborah Frincke, U. Idaho

and Prof. Jussipekka Leiwo, Vrije Universiteit, Amsterdam, The Netherlands]

Section 2 – Class 6

Class 5: 2A.2-cont. - Basic Terminology and Notation

Cryptanalysis

Breakable Encryption

2A.4. Representing Characters

2B. Basic Types of Ciphers

2B.1. Substitution Ciphers

a. The Ceasar Cipher

b. Other Substitution Ciphers — PART 1

Class 6:

b. Other Substitution Ciphers — PART 2

c. One-Time Pads

2B.2. Transposition Ciphers

2B.3. Product Ciphers

2C. Making „Good” Ciphers

2C.1. Criteria for „Good” Ciphers

2A.2.-CONT- Basic Terminology and Notation (2A.2 addendum)

- Cryptanalysis
- Breakable Encryption

2A.4. Representing Characters

- Letters (uppercase only) represented by numbers 0-25 (modulo 26).
A B C D ... X Y Z

0 1 2 3 ... 23 24 25

- Operations on letters:
A + 2 = C

X + 4 = B (circular!)

...

2B. Basic Types of Ciphers

- Substitution ciphers—PART 1
- Substitution ciphers—PART 2
- Transposition (permutation) ciphers
- Product ciphers

2B.1. Substitution Ciphers

- Substitution ciphers:
- Letters of P replacedwithother letters by E

- Outline:
a. The Caesar Cipher

b. Other Substitution Ciphers — PART 1

b. Other Substitution Ciphers — PART 2

c. One-time Pads

- ci=E(pi)=pi+3 mod 26(26 letters in the English alphabet)
Change each letter to the third letter following it (circularly)

A D, B E, ... X A, Y B, Z C

- Can represent as a permutation : (i) = i+3 mod 26
(0)=3, (1)=4, ...,

(23)=26 mod 26=0, (24)=1, (25)=2

- Key = 3, or key = ‘D’ (bec. D represents 3)

Attacking a Substitution Cipher

- Exhaustive search
- If the key space is small enough, try all possible keys until you find the right one
- Cæsar cipher has 26 possible keys from A to Z OR: from 0 to 25

- Statistical analysis (attack)
- Compare to so called 1-gram (unigram) model of English
- It shows frequency of (single) characters in English

[cf. Barbara Endicott-Popovsky, U. Washington]

- Conclusion: Key is too short
- 1-char key – monoalphabetic substitution
- Can be found by exhaustive search
- Statistical frequencies not concealed well by short key
- They look too much like ‘regular’ English letters

- 1-char key – monoalphabetic substitution
- Solution: Make the key longer
- n-char key (n 2) – polyalphabetic substitution
- Makes exhaustive search much more difficult
- Statistical frequencies concealed much better
- Makes cryptanalysis harder

- n-char key (n 2) – polyalphabetic substitution

[cf. Barbara Endicott-Popovsky, U. Washington]

b. Other Substitution Ciphers

n-char key

- Polyalphabetic substitution ciphers
- Vigenère Tableaux cipher — PART 1
- Vigenère Tableaux cipher — PART 2

Note: Row A – shift 0 (a->a)

Row B – shift 1 (a->b)

Row C – shift 2 (a->c)

...

Row Z – shift 25 (a->z)

Vigenère Tableaux (1)- P

[cf. J. Leiwo, VU, NL]

Vigenère Tableaux (2)

- Example
Key:

EXODUS

Plaintext P:

YELLOW SUBMARINE FROM YELLOW RIVER

Extended keyword (re-applied to mimic words in P):

YELLOW SUBMARINE FROM YELLOW RIVER

EXODUS EXODUSEXO DUSE XODUSE XODUS

Ciphertext:

cbxoio wlppujmks ilgq vsofhb owyyj

- Question: How derived from the keyword and Vigenère tableaux?

[cf. J. Leiwo, VU, NL]

Vigenère Tableaux (3)

- Example
...

Extended keyword (re-applied to mimic words in P):

YELLOW SUBMARINE FROM YELLOW RIVER

EXODUS EXODUSEXO DUSE XODUSE XODUS

Ciphertext:

cbzoio wlppujmks ilgq vsofhb owyyj

- Answer:
c from P indexes row

c from extended key indexes column

e.g.: row Y and column e ‘c’

row E and column x ‘b’

row L and column o ‘z’

...

[cf. J. Leiwo, VU, NL]

c. One-Time Pads (1)

- OPT - variant of using Vigenère Tableaux
- Fixes problem with VT: key used might be too short
- Above: ‘EXODUS’ – 6 chars

- Sometimes considered a perfect cipher
- Used extensively during Cold War

- Fixes problem with VT: key used might be too short
- One-Time Pad:
- Large, nonrepeating set of long keys on pad sheets/pages
- Sender and receiver have identical pads

- Example:
- 300-char msg to send, 20-char key per sheet
=> use & tear off 300/20 = 15 pages from the pad

- 300-char msg to send, 20-char key per sheet

One-Time Pads (2)

- Example – cont.:
- Encryption:
- Sender writes letters of consecutive 20-char keys above the letters of P (from the pad 15 pages)
- Sender encipher P using Vigenère Tableaux (or other prearranged chart)
- Sender destroys used keys/sheets

- Decryption:
- Receiver uses Vigenère Tableaux
- Receiver uses the same set of consecutive 20-char keys from the same 15 consecutive pages of the pad
- Receiver destroys used keys/sheets

- Encryption:

One-Time Pads (3)

- Note:
- Effect: a key as long as the message
- If only key length ≤ the number of chars in the pad

- The key is always changing (and destroyed after use)

- Effect: a key as long as the message
- Weaknesses
- Perfect synchronization required between S and R
- Intercepted or dropped messages can destroy synchro

- Need lots of keys
- Needs to distribute pads securely
- No problem to generate keys
- Problem: printing, distribution, storing, accounting

- No problem to generate keys
- Frequency distribution not flat enough
- Non-flat distribution facilitates breaking

- Perfect synchronization required between S and R

Types of One-Time Pads

- Vernam Cipher
- = (lttr + random nr) mod 26 (p.48)
- Need (pseudo) random nr generator
- E.g., V = 21; (V +76) mod 26 = 97 mod 26 = 19; 19 = t

- Book Ciphers(p.49)
- Book used as a pad
- need not destroy – just don’t reuse keys

- Use common Vigenère Tableaux
- Details: textbook
- Incl. example of breaking a book cipher
- Bec. distribution not flat

- Incl. example of breaking a book cipher

- Book used as a pad

- Question:
Does anybody know other ciphers using books?

Or invent your own cipher using books?

ever, making predictions in ten letter

seven of those secret positi

gorithm

52

- Question:
...other ciphers using books?

- My examples:
- Use any agreed upon book
- P: SECRET

- Example 1:
Use:

(page_nr, line_nr, letter_in_line)

C: 52 2 1 52 1 1 52 1 16 ...

Better: use different pages for each char in P

- Example 2:
Use:

(page_nr, line_nr, word_nr)

C: 52 2 4

2B.2. Transposition Ciphers (1)

- Rearrange letters in plaintext to produce ciphertext
- Example 1a and 1b: Columnar transposition
- Plaintext: HELLO WORLD
- Transposition onto: (a) 3 columns:
HEL

LOW

ORL

DXX XX - padding

- Ciphertext (read column-by column):
(a) hlodeorxlwlx

(b) hloolelwrd

- What is the key?
- Number of columns: (a) key = 3 and (b) key = 2

- (b) onto 2 columns:
- HE
- LL
- OW
- OR
- LD

Transposition Ciphers (2)

- Example 2: Rail-Fence Cipher
- Plaintext: HELLO WORLD
- Transposition into 2 rows (rails) column-by-column:
HLOOL

ELWRD

- Ciphertext:hloolelwrd(Does it look familiar?)
- What is the key?
- Number of rails key = 2

[cf. Barbara Endicott-Popovsky, U. Washington]

Attacking Transposition Ciphers

- Anagramming
- n-gram – n-char strings in English
- Digrams (2-grams) for English alphabet are are: aa, ab, ac, ...az, ba, bb, bc, ..., zz(262 rows in digram table)
- Trigrams are: aaa, aab, ...(263 rows)
- 4-grams(quadgrams?) are: aaaa, aaab, ...(264 rows)

- n-gram – n-char strings in English
- Attack procedure:
- If 1-gram frequencies in C match their freq’s in Englishbut other n-gram freq’s in C do not match their freq’s in English, then it is probablya transposition encryption
- Find n-grams with the highest frequencies in C
- Start with n=2

- Rearrange substringsin C to form n-grams with highest freq’s

[cf. Barbara Endicott-Popovsky, U. Washington]

Ciphertext C: hloolelwrd(from Rail-Fence cipher)

- N-gram frequency check
- 1-gram frequencies in Cdomatch their frequencies in English
- 2-gram(hl, lo, oo, ...) frequenciesin C do notmatchtheir frequencies in English
- Question: How frequency of „hl” in C is calculated?

- 3-gram (hlo, loo, ool, ...)frequenciesin C do notmatch their frequencies in English
- ...
=>it is probablya transposition

- Frequencies in Englishfor all2-grams from C starting with h
- he 0.0305
- ho 0.0043
- hl, hw, hr, hd < 0.0010

- Implies that in hloolelwrdefollows h

as table of freq’s of English digrams shows

[cf. Barbara Endicott-Popovsky, U. Washington]

- Arrange so the h and e are adjacent
Since 2-gram suggests a solution, cut C into 2 substrings – the 2nd substring starting with e:

hloolelwrd

Put them in 2columns:

he

ll

ow

or

ld

- Read row by row, to get original P: HELLO WORLD

[cf. Barbara Endicott-Popovsky, U. Washington]

2B.3. Product Ciphers

- A.k.a. combination ciphers
- Built of multiple blocks, each is:
- Substitution
or:

- Transposition

- Substitution
- Example: two-block product cipher
- E2(E1(P, KE1), KE2)

- Product cipher might not be stronger than its individual components used separately!
- Might not be even as strong as individual components

Survey of Students’Backgroundand Experience (1)

Background Survey

CS 5950/6030 Network Security - Fall 2005

Please print all your answers.

First name: __________________________ Last name: _____________________________

Email _____________________________________________________________________

Undergrad./Year________OR:Grad./Year or Status (e.g., Ph.D. student) ________________

Major _____________________________________________________________________

PART 1. Background and Experience

1-1) Please rate your knowledge in the following areas (0 = None, 5 = Excellent).

UNIX/Linux/Solaris/etc. Experience (use, administration, etc.)

0 1 2 34 5

Network Protocols (TCP, UDP, IP, etc.)

0 1 2 34 5

Cryptography (basic ciphers, DES, RSA, PGP, etc.)

0 1 2 34 5

Computer Security (access control, security fundamentals, etc.)

0 1 2 34 5

Any new students

who did not fill out the survey?

2C. Making „Good” Ciphers

Cipher = encryption algorithm

- Outline
2C.1. Criteria for „Good” Ciphers

2C.2. Stream and Block Ciphers

2C.3. Cryptanalysis

2C.4. Symmetric and Asymmetric Cryptosystems

2C.1. Criteria for „Good” Ciphers (1)

- „Good” depends on intended application
- Substitution
- C hides chars of P
- If > 1 key, C dissipates high frequency chars

- Transposition
- C scrambles text => hides n-grams for n > 1

- Product ciphers
- Can do all of the above

- What is more important for your app?
What facilities available to sender/receiver?

- E.g., no supercomputer support on the battlefield

- Substitution

Criteria for „Good” Ciphers (2)

- Claude Shannon’s criteria (1949):
1. Needed degree of secrecy should determine amount of labor

- How long does the data need to stay secret?
(cf. Principle of Adequate Protection)

2. Set of keys and enciphering algorithm should be free from complexity

- Can choose any keys or any plaintext for given E
- E not too complex (cf. Principle of Effectiveness)
3. Implementation should be as simple as possible

- Complexity => errors(cf. Principle of Effectiveness)

- How long does the data need to stay secret?

[cf. A. Striegel]

Criteria for „Good” Ciphers (3) Proposed at the dawn of computer era –

- Shannon’s criteria (1949) – cont.
4. Propagation of errors should be limited

- Errors happen => their effects should be limited
- One error should not invlidate the whole C
(None of the 4 Principles — Missing? — Invent a new Principle?)

5. Size / storage of C should be restricted

- One error should not invlidate the whole C
- Size (C) should not be > size (P)
- More text is more data for cryptanalysts to work with
- Need more space for storage, more time to send
(cf. Principle of Effectiveness)

- Errors happen => their effects should be limited

still valid!

[cf. A. Striegel]

Criteria for „Good” Ciphers (4)

- Characteristics of good encryption schemes
- Confusion:
interceptor cannot predict what will happen to C when she changes one char in P

- E with good confusion:
hideswell relationship between P”+”K, and C

- E with good confusion:
- Diffusion:
changes in P spread out over many parts of C

- Good diffusion => attacker needs access to much of C to infer E

- Confusion:

Criteria for „Good” Ciphers (5) Examples of popular commercial E’s:

- Commercial Principles of Sound Encryption Systems
1. Sound mathematics

- Proven vs. not broken so far
2. Verified by expert analysis

- Including outside experts
3. Stood the test of time

- Long-term success is not a guarantee
- Still. Flows in many E’s discovered soon after their release

- Proven vs. not broken so far

- DES / RSA / AES

DES = Data Encryption Standard

RSA = Rivest-Shamir-Adelman

AES = Advanced Encryption Standard (rel. new)

[cf. A. Striegel]

Download Presentation

Connecting to Server..