104 Views

Download Presentation
##### Introduction to Cryptography

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Introduction to Cryptography**--- Foundations of computer/network security ---**Outline**• Why study cryptology? • basic terms in cryptology • classic secret key ciphers • modern secret key ciphers • DES (Data Encryption Standard) • how does it work • how to use DES in practice • 4 modes of operations CPE3001 Information and Network Security**Why Study cryptology(1)**A B Intruder Communications security CPE3001 Information and Network Security**Why Study cryptology(2)**Customer Merchant TTP Electronic Commerce Security CPE3001 Information and Network Security**Why Study cryptology(3)**A B LEA Law enforcement CPE3001 Information and Network Security**The Basic Problem**• We consider the confidentiality goal: • Alice and Bob are Friends • Marvin is a rival • Alice wants to send secret messages (M1,M2,…) to Bob over a network such as Internet • Rival Marvin wants to read the messages (M1,M2,…) - Alice and Bob want to prevent this! • Assumption: The network is OPEN: Marvin is able to eavesdrop and read all data sent from Alice to Bob. • Consequence: Alice must not send messages (M1,M2,…) directly – they must be “scrambled” or encrypted using a ‘secret code’ unknown to Marvin but known to Bob. CPE3001 Information and Network Security**Basic terms**• cryptology (to be very precise) • cryptography --- designing • cryptanalysis --- code breaking • cryptologist • cryptographer • cryptanalyst • encryption/encipherment • scrambling data into unintelligible to unauthorised parties CPE3001 Information and Network Security**Basic terms (2)**• decryption/decipherment • un-scrambling • cipher/cryptosystem CPE3001 Information and Network Security**A short history**• dividing line is 1976/77 • classic ~1976/77 • 1976: Diffie & Hellman discovered public key cryptography • 1977: National Bureau of Standards published DES (Data Encryption Standard) • modern 1976/77 ~ today CPE3001 Information and Network Security**History (2)**• the word of “cipher”--- from Greek (secret writing) • ancient Egypt, Julius Caesar, ... • WWII • Enigma cipher machine • broken by British team including Alan Turing • Purple cipher • broken by US, led to the death of Yamamoto • Mainly for war, diplomacy & politics CPE3001 Information and Network Security**Best book on history of crypto**• David Kahn, The Codebreakers, Macmillan, New York, 1972. • PS: a revised edition has been published in 1996. CPE3001 Information and Network Security**Types of ciphers**• private key cryptosystems/ciphers • public key cryptosystems/ciphers CPE3001 Information and Network Security**Examples of “Messages”**• Types of secret “Messages” Alice might want to send Bob (in increasing length): • Decision (yes/no), eg as answer to the question “Are we meeting tomorrow?” • Numerical Value, eg as answer to the question “at what hour are we meeting?” • Document • Software, • Images etc. CPE3001 Information and Network Security**Representation of Data (1)**• Before encryption, messages must be represented in a standard way. • A representation code for a set of messages is: • A code which associates each possible message to a unique representing string of symbols • The symbols are elements of an “alphabet” • English Letter alphabet = {A,B,C,…,X,Y,Z} (26 elements) • Decimal digit alphabet = {0,1,…,9} (10 elements) • Binary digit (bit) alphabet = {0,1} (2 elements) • Assumption: The message representation code is NOT secret and is known to everyone, including Marvin! CPE3001 Information and Network Security**Representation of Data (2)**• Example 1: • Set of Messages = {yes, no} (Decisions) • Symbol Alphabet = {0,1} (bit alphabet) • Representation Code: • 0 = yes, 1 = no • Example 2: • Set of messages = {English text} • Symbol alphabet = {A,B,…,Y,Z} (letters) • Representation code: Leave as is. CPE3001 Information and Network Security**Representation of Data (3)**• Example 3: • Set of Messages = {English text} • Symbol Alphabet = {0,1} (bits) • Representation Code: • Convert each English letter in text to an 8-bit ASCII code, and concatenate the 8-bit codes. • Example 4: • Set of Messages = {0,1,…,1000} • Symbol Alphabet = {0,1} (bits) • Representation code: binary base system • Represent number x as string of 10 bits where: • Eg x = 734 is encoded as 1011011110 CPE3001 Information and Network Security**Private key cipher**Original Plain Text Cipher Text Plain Text Cipher Text D Network or Storage E Secret Key Secret Key Bob Alice CPE3001 Information and Network Security**Concepts**• a private key cipher is composed of two algorithms • encryption algorithm E • decryption algorithm D • the same key K is used for encryption & decryption • K has to be distributed beforehand CPE3001 Information and Network Security**Notations**• encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P) • decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C) • Note: P = D(K,C) = D(K, E(K,P)) CPE3001 Information and Network Security**Classic ciphers**• substitution ciphers • monoalphabetic ciphers • polyalphabetic ciphers • transposition (permutation) ciphers • product ciphers • using both • substitution, and • transposition CPE3001 Information and Network Security**The Caesar cipher**• The Caesar cipher is a substitution cipher, named after Julius Caesar. • Operation principle:each letter is translated into the letter a fixed number of positions after it in the alphabet table. • the fixed number of positions is a key both for encryption and decryption. CPE3001 Information and Network Security**The Caesar cipher (cnt’d)**Outer: plaintext Inner: ciphertext CPE3001 Information and Network Security**The Caesar cipher (cnt’d)**K=3 CPE3001 Information and Network Security**An example**• for a key K=3,plaintext letter: ABCDEF...UVWXYZciphtertext letter: DEF...UVWXYZABC • HenceTREATY IMPOSSIBLEis translated intoWUHDWB LPSRVVLEOH CPE3001 Information and Network Security**An exercise**• Using the Caesar cipher to encode the following message under a key K=5WAR STARTS TOMORROW CPE3001 Information and Network Security**Breaking the Caesar cipher**• by trial-and error • by using statistics on letters • frequency distributions of lettersletter percentA 7.49%B 1.29%C 3.54%D 3.62%E 14.00%.................................. CPE3001 Information and Network Security**4 types of cryptanalysis**• depending on what a cryptanalyst has to work with, attacks can be classified into • ciphertext only attack • known plaintext attack • chosen plaintext attack • chosen ciphertext attack (most severe) CPE3001 Information and Network Security**4 types of attacks (2)**• ciphertext only attack • the only data available is a target ciphertext • known plaintext attack • a target ciphertext • pairs of other ciphertext and plaintext (say, previously broken) CPE3001 Information and Network Security**4 types of attacks (3)**• chosen plaintext attacks • a target ciphertext • can feed encryption algorithm with plaintexts and obtain the matching ciphertexts • chosen ciphertext attack • a target ciphertext • can feed decryption algorithm with ciphertexts and obtain the matching plaintexts CPE3001 Information and Network Security**Two Main Types of Secrecy**• Types of secrecy a cipher can offer: • Perfect Secrecy: For these ciphers Marvin cannot determine the message M even with unlimited computation time • Decrypting C with all possible keys K gives many possible messages, all reasonable candidates for the actual message M • One of the decrypted messages is M, but Marvin has no way to tell which one is the actual message encrypted by Alice! • Example: Caesar cipher with all 26 possible keys equally likely and message being just ONE letter (26 possible messages). • Eg Given ciphertext A, corresponding plaintexts under keys {0,1,2,…,25} are {A,B,C,…,X,Y,Z}. CPE3001 Information and Network Security**Two Main Types of Secrecy (2)**• Unfortunately, ciphers achieving perfect secrecy are not practical in most cases: • May require very long keys (eg as long as message) • Cannot withstand known plaintext attacks (or stronger) • Instead, most common are ciphers aiming to achieve: • Computational Secrecy: Marvin cannot determine the message M unless he performs an unfeasible amount of computation (eg it would take 10,000 years for Marvin to determine M using the fastest supercomputer!) • This can be achieved under all 4 possible attack scenarios, and using quite short keys! CPE3001 Information and Network Security**Breaking classic ciphers**• with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks. • The first computer designed by Alan Turing was used to break the Enigma cipher in WWII. CPE3001 Information and Network Security**Modern private key ciphers**• DES (US, 1977) • key -- 56 bits, plaint/ciphertext -- 64 bits • IDEA (Lai & Massey, Swiss, 1991) • key -- 128 bits, plaint/ciphertext -- 64 bits • LOKI (ADFA, Australia, 1989) • key, plaint/ciphertext -- 64 bits • FEAL (NTT, Japan, 1990) • key -- 128 bits, plaint/ciphertext -- 64 bits CPE3001 Information and Network Security**The SPEED Cipher**• designed by Y Zheng in 1996 • SPEED stands for “Secure Package for Encrypting Electronic Data” • length of a Key • 48,64,80,…,256 bits • length of a plaintext/ciphertext • 64 bits, or • 128 bits, or • 256 bits CPE3001 Information and Network Security**DES Encryption (Pfleeger, P.114)**CPE3001 Information and Network Security**0**0 = 0 1 1 = 0 0 1 = 1 1 0 = 1 Bit-wise exclusive-or (XOR) 101010111 110000010 011010101 CPE3001 Information and Network Security**Encryption using DES**• a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2, ..., K16) • Encryption consists of 16 rounds, each using a different 48-bit subkey • Both a plaintext & a ciphertext are 64 bits long CPE3001 Information and Network Security**DES as an iterative cipher**plaintext 0101101010111011 0101101010111011 after round 1 0101101010111011 after round 2 after round 3 0101101010111011 after round 4 0101101010111011 after round 16 0101101010111011 ciphertext 0101101010111011 CPE3001 Information and Network Security**Decryption using DES**• Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15, ..., K2, K1) CPE3001 Information and Network Security**DES Decryption**CPE3001 Information and Network Security**DES decryption illustrated**plaintext 0101101010111011 0101101010111011 after round 16 0101101010111011 after round 15 0101101010111011 after round 14 0101101010111011 after round 13 after round 1 0101101010111011 ciphertext 0101101010111011 CPE3001 Information and Network Security