html5-img
1 / 68

Cryptography continued…

Cryptography continued…. Today . Information security principles Code book Rotor machine Block vs stream ciphers Feistel cipher design. Information Security Principles . 10 generally accepted basic principles . Principle 1:There is no such thing as absolute Security

olive
Download Presentation

Cryptography continued…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography continued…

  2. Today • Information security principles • Code book • Rotor machine • Block vs stream ciphers • Feistel cipher design

  3. Information Security Principles

  4. 10 generally accepted basic principles Principle 1:There is no such thing as absolute Security • Given enough time, tools, skills and inclination ; a hacker can break through any security measure . • E.g. safes & vaults: are usually rated according to their resistance to attacks. • How long would it take ?

  5. Principle 2: C-I-A • All information security tries to address at least one of the three: • Protect the Confidentiality of data • Preserve Integrity of data • Promote the Availability of data

  6. CIA Triad

  7. Principle 3: Defense in depth • Layered security approach • E.g Internet attached devices • Firewall(IPS) • IDS/Traffic analyzer • Auto traffic block • Prevent • Detect • Response • E.g. Bank • Human guard/door lock • CCTV/Motion sensor • Alarm/Tear gas

  8. Principle 4: people are easy to be tricked into giving up secrets. • Studies have proved it ! • Pen for password study. • I love you virus.

  9. Principle 5: Security through Obscurity • If hackers don’t know how software is secured, does it make security is better ? • WRONG!!!!! • Leads to false sense of security !

  10. Principle 6: Security = Riskmanagement • Careful balance of the above two. • E.g buy $500 safe to secure $200 jewelry • Risk analysis • Mitigate • Insurance • Accept • Likely hood/consequence

  11. Principle 7: 3 types of security controls • Preventive • Detective • Responsive

  12. Principle 8: people, process &technology • All are needed to adequately secure a system • E.g firewall with out process • Dual control • Separation of duties

  13. Principle 9:Open disclosure of vulnerabilities is good for security! • To disclose or not to disclose; that is the question ! E.g. Automobile defects

  14. The ethical Question is how should that valuable information be disseminated to the good guys while keeping it away from the bad guys! • Anyhow Hackers know about most vulnerability long before the public! • Problem shared is half solved!

  15. Principle 10: Complexity is the enemy of security. • With too many interfaces b/n programs and other systems, the interface became difficult to secure.

  16. Codebook Cipher • Literally, a book filled with “codewords” • Zimmerman Telegram encrypted via codebook Februar 13605 fest 13732 finanzielle 13850 folgender 13918 Frieden 17142 Friedenschluss 17149 : : • Modern block ciphers are codebooks! • More about this later…

  17. Codebook Cipher: Additive • In practice, also used additive • Additive  book of “random” numbers • Sender encrypts msg with codebook • Then chooses position in additive book • Adds additive numbers to get ciphertext • Send ciphertext and additive position (MI) • Recipient subtracts additives before decrypting • Why use an additive sequence?

  18. ZimmermanTelegram • Perhaps most famous codebook ciphertext ever • A major factor in U.S. entry into WWI

  19. ZimmermanTelegramDecrypted • British had recovered partial codebook • Then able to fill in missing parts

  20. Rotor Machines • before modern ciphers, rotor machines were most common complex ciphers in use • widely used in WW2 • German Enigma, Allied Hagelin, Japanese Purple • implemented a very complex, varying substitution cipher • used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted • with 3 cylinders have 263=17576 alphabets

  21. Hagelin Rotor Machine

  22. Rotor Machine Principles

  23. What have we learned? Old crypto…Basics • Substitution • Monoalphabetic • Polyalphabetic • Onetime • Code book • Transposition • Spartans(skytale),Rail fence • Row transpos • Product chipers • Modern crypto

  24. Taxonomy of Cryptography Modern world…. • Symmetric key • Same key for encryption and decryption • Two types : Stream Cipher, Block Cipher • Public key (or asymmetric crypto) • Two keys, one for encryption (public), and one for decryption (private) • Also, digital signatures…not possible before • Hash algorithms (Crypto hash function) • “One way crypto” for integrity

  25. Symmetric Key Crypto • Stream cipher  like a one-time pad • Except that key is relatively short • Key is stretched into a long keystream • Keystream is used just like a one-time pad. • Employs “substitution” only • Block cipher  based on codebook concept • Block cipher key determines a codebook • Each key yields a different codebook • Employs both “substitution” and “transposition”

  26. Block vs. Stream Ciphers…

  27. Stream cipher • Like one time pad • What was good? • What was Bad? • Trade the provable security of onetimepad for practicality !!! • E.g A5/1(Hw based) • Gsm Mobile communication • Use shift registers to generate the key stream • RC4(Sw based) • Uses lookup tables generated based on the key • Most widely used in WEP to secure wireless network • Secure sockets Layer (SSL) to protect internet traffic

  28. Cloud Shannon • Father of information Theory • He proposed the foundation concepts for modern cryptography . • Confusion: Obscure the relationship between plaintext and cipher text. • E.g. Simple substitution (how do we break these?) • Diffusion: spread plaintext statistics through the cipher text. • E.g.Transpostion

  29. Block cipher • Like Code book • replaces a block of N plaintext bits with a block of N ciphertext bits. • How big is the block? (64,128,192, 256bits) • But here we have many code books • key determines which codebook to use • Remember it works with block of bits

  30. (Ideal )block cipher • n bitsplaintext blockproduce a n bits cipher text block. • 2n possible different plaintext blocks each must produce a 2nunique cipher text block. • Such that a transformation is called reversible

  31. Reversible • 2n possible unique mapping • E.g. n=2( using 2 bit 4 unique (plain-cipher)) Plaintext Ciphertext 00(4possible) 11 01 10 10 00 (01 irreversible ) 11 01 • 2n! code book => 24 code book • A secret key indicates which mapping to use • 64 =>264 !codebooks

  32. Ideal Block Cipher • An ideal block cipher would allow us to use any of these 2N! mappings. • The key space would be extremely large. • But this would require a key space of 2N! bits. • If N = 64, ≈ 1011 GB. • Infeasible!

  33. Practical Block Ciphers(Iterated) • Modern block ciphers use a key of K bits to specify a random subset of 2K mappings. • If K ≈ N, • 2K is much smaller than 2N! • But is still very large. • If the selection of the 2K mappings is random, the resulting cipher will be a good approximation of the ideal block cipher. (with iterating the functions) • Horst Feistel, in1970s, proposed a method to achieve this.

  34. Block Cipher Principles • most symmetric block ciphers are based on a Feistel Cipher Structure • Block cipher • n bitsplaintext blockproduce a n bits ciphertextblock • like an extremely large substitution(one time) • substitution cipher for a large block size is not practical, from an implementation and performance point of view.

  35. Feistel Cipher… • Instead of extremely large substitution • Feistel proposed that we can approximate the ideal block cipher by utilizing the concept of a product cipher. • which is the execution of two or more simple ciphers in sequence in such a way that the final result or product is cryptographically stronger.

  36. Substitution-Permutation Ciphers • use of concept of a product cipher that alternates substitutions and permutations • This idea was originally proposed by • Claude Shannon in 1949. • form basis of modern block ciphers • S-P nets are based on the two primitive cryptographic operations seen before: • substitution (S-box) • permutation (P-box) • provide confusion & diffusion of message & key

  37. Confusion and Diffusion • cipher needs to completely obscure statistical properties of original message • a one-time pad does this • more practically Shannon suggested combining S & P elements to obtain: • diffusion – scatters statistical structure of plaintext over bulk of ciphertext • confusion – makes relationship between ciphertext and key as complex as possible

  38. Feistel Cipher: Encryption • Feistel cipher is a type of block cipher design, not a specific cipher • Split plaintext block into left and right halves: P = (L0,R0) • For each roundi = 1,2,...,n, compute Li= Ri1 Ri= Li1F(Ri1,Ki) where F is round functionand Ki is subkey • Ciphertext: C = (Ln,Rn)

  39. Feistel Cipher: Decryption • Start with ciphertextC =(Ln,Rn) • For each round i= n,n1,…,1, compute Ri1 = Li Li1 = RiF(Ri1,Ki) where F is round functionand Ki is subkey • Plaintext: P=(L0,R0) • Formula “works” for any function F • But only secure for certain functions F

  40. Feistel Cipher Design Elements • Block size - increasing size improves security, but slows cipher • Key size - increasing size improves security, makes exhaustive key searching harder, • Number of rounds - increasing number improves security, but slows cipher • Subkey generation algorithm - greater complexity can make analysis harder, but slows cipher

  41. Feistel Cipher Design Elements • round function - greater complexity can make analysis harder, but slows cipher • fast software en/decryption - more recent concern for practical use • ease of analysis - for easier validation & testing of strength

  42. Summary • Stream cipher  like a one-time pad • Key is stretched into a long keystreamthen XOR • Psudorandom key stream generator • Confusion only just like a one-time pad • Efficient for hardware implementation (low powered device) • Block cipher  based on codebook concept • Block cipher key determines a codebook • Employs both “confusion” and “diffusion” • Faster, Good for Software implementation • Used in Most of the current ciphers

  43. Data encryption standard (DES)

  44. Data Encryption Standard • Most widely used block cipher in world • DESdeveloped in 1970’s • Based on IBM revised Lucifer cipher • U.S. government standard • DES development was controversial • NSA secretly involved • Design process was secret • Key length reduced from 128 to 56 bits • clever changes to Lucifer algorithm

  45. DES Design Controversy • although DES standard is public • was considerable controversy over design • in choice of 56-bit key (vs Lucifer 128-bit) • and because design criteria were classified • subsequent events and public analysis show in fact design was appropriate. • use of DES has flourished • especially in financial applications • still standardised for legacy application use

  46. DES • DES is a Feistel cipher with… • 64 bit block length • 56 bit key length • 16 rounds • 48 bits of key used each round (subkey) • Each round is simple (for a block cipher) • Security depends heavily on “S-boxes” • Each S-boxes maps 6 bits to 4 bits

  47. DES Encryption Overview

  48. Initial Permutation IP • IP: the first step of the encryption. • It reorders the input data bits. • The last step of encryption is the inverse of IP. • IP and IP-1 are specified by tables

  49. Example

  50. key L R 32 28 28 expand shift shift One Round of DES 48 28 28 32 Ki  compress 48 48 S-boxes 28 28 32 P box 32 32  32 key L R

More Related