- By
**penda** - Follow User

- 92 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'An Introduction to Cryptology & Steganography' - penda

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### An Introduction to Cryptology & Steganography

Mgr. Tomas Foltynek, Ph.D.

Department of Informatics

Faculty of Business and Economics

Mendel University in Brno

Czech republic

Introduction

- Secure communication problem is as old as mankind
- people want privacy (=nobody reads their messages)
- people are curious (=want to read others’ messages)
- More communication => more need of security
- We often hear about
- Hackers, crackers, attackers,
- Viruses, worms, Trojan horses
- E-banking breakthroughs
- Breaking ciphers and secret codes
- Hidden messages, watermarks
- How are these topics related?

Content

- What is cryptology
- Symmetric cryptology
- Basic principles
- Asymmetric cryptology
- Digital signature
- Steganography

What is cryptology

- Science of cryptography and cryptanalysis
- Cryptography
- science of secret codes, enabling the confidentiality of communication through an insecure channel
- e.i. how to make a message uncomprehensible for unauthorised persons
- Cryptanalysis
- theory of (in)security analysis of cryptographic systems
- e.i. how to break ciphers and read secret messages
- Also includes Steganography & Steganalysis
- how to hide a message
- how to find a hidden message
- Word origin from Greek: crypto = hidden

The Paradigms of Cryptography

- Confidentiality
- the content of a message remains secret
- information should’n leak to third party
- Data integrity
- to avoid any malicious data manipulation
- insertion, deletion, substitution
- Authentication
- identification of the author
- signature authentication, access control, etc.

Other Goals of Cryptography

- Authorisation
- confirmation about data origin
- Non-repudiation
- nobody can deny previous action
- Practical notions
- Anonymity, electronic payment, electronic votes, zero-knowledge protocol,…

Cryptographic methods

- Transposition
- change the position of characters
- Characters remain the same
- Substitution
- position of characters remain the same
- characters in the message are changed

Transposition

- The position of letters is changed
- Example:

IWSAYNMNAERG – TAMNADAYYAAO

IAIGOBTEE – NKNDMYHSA

TAAADNHRLVDHMOMYNW – HTMIETEEIEWOYUAKO

BTEAEFNAELE – YHNMOANBLE

- Solution:

It was many and many a year ago

In a kingdom by the sea

That a maiden there lived whom you may know

By the name of Annabel Lee

Scytale (Sparta)

- First military cipher in history
- Leather tape wound on a pole of given thickness

Substitution

- The letters are changed
- Codes
- binary code
- Morse code
- Ciphers
- Alphabet shifting (Caesar cipher)
- Polyalfabetic substitution (Vigenère cipher)

Denotion of Communication Parties

- A – Alice – sender of the message
- B – Bob – recipient of the message
- E – Eve – eavesdropper – tries to break the message
- E – encoding/enciphering algorithm
- D – decoding/deciphering algorithm
- M – message (plaintext)
- K – key
- C – ciphertext
- C = E(M, K); M = D(C, K)

General encryption process

- Sender applies encryption algorithm to a plain text
- S/he gains a cipher text, sends it to the recipient
- Recipient applies decryption algorithm to the cipher text
- S/he gains the plain text again

Division of Cryptography

- Symmetric cryptography
- both sender and recipient have the same key
- deciphering is an inversion of enciphering
- Asymmetric cryptography
- sender and recipient have different keys
- mathematic relation
- algorithms are generally different
- useful for both encryption and digital signature

Modular arithmetics

- Arithmetics on a cyclic set
- 2 + 3 = 5 (mod 7)
- 5 + 4 = 2 (mod 7)
- 5 · 4 = 6 (mod 7)
- because 20/7 = 2, remainder 6
- 11 · 9 = 1 (mod 7)
- because 99/7 = 14, remainder 1
- 35 = 5 (mod7)

XOR operation

- eXclusive OR
- Logical OR, only one of two given expression can be true
- 0 0 = 0
- 0 1 = 1
- 1 0 = 1
- 1 1 = 0
- Sum modulo 2
- Simple enciphering and deciphering C = M K, M = C K

Kerckhoffs’ principle

- Basic cryptographic principle
- Dutch lingvist Auguste Kerckhoffs von Nieuwenhoff (1883)

“A cryptosystem is secure even if everything about the system, except the key, is public knowledge”

- Security shouldn’t depend on the secrecy of algorithm, but on the secrecy of the key

Caesar Cipher

- Alphabet shifted by 3

abcdefghijklmnopqrstuvwxyz

DEFGHIJKLMNOPQRSTUVWXYZABC

- Example
- veni, vidi, vici YHQL, YLGL, YLFL
- Algorithm: alphabet shift
- Key: by how many letters
- 25 possible keys (English)

Classical Ciphers

- Monoalphabeticsubstitutioncipher

abcdefghijklmnopqrstuvwxyz

JULISCAERTVWXYZBDFGHKMNOPQ

- Kryptanalysisvia frequencyanalysis
- found by arabictheologists
- Zeroletters, codewords, homomorficsubstitution
- Vigenère (polyalphabetic) cipher
- Key length by Kasiski examination
- Frequency analysis
- Vernam cipher (one-time pad)
- Theoretically unbreakable

Why Was a Computer Invented?

- New inventions mostly come of
- human laziness
- wars
- First computer
- 1943 Colossus
- Great Britain, Bletchley Park
- Breaking German ENIGMA code

Breaking the Enigma

- Poland – Marian Rejewski
- codebooks for day key inference from repeated message key
- mechanical decipherer – “bomb”
- Alan Turing (1912 – 1954)
- Inventor of Turing machine, founder of the theory of computation
- Analysed plenty of messages
- given structure (weather info)
- New type of “bomb” guessing the key from ciphertext and supposed plaintext

Computers in Cryptology

- Breaking ciphers = trying huge amount of possibilities
- computer does this in quite short time
- the end of “classical” ciphers
- One-way functions
- computation of every input in polynomial time
- computation of inverse in exponential time
- P != NP problem

Symmetric encryption algorithms

- DES, 3DES, AES, IDEA
- Block ciphers
- Many rounds consisting of transpositions, permutations, substitutions, XOR with key, etc.
- Security depends on the key length
- Let’s consider 128 bit key
- 2128 possible values
- 1GHz processor: 230 operations per second
- Breaking time: 298 seconds
- The age of the Universe: 260 seconds
- 1 more bit => breaking time doubles
- Problem: How to distribute the key?

Data Encryption Standard

- Block symmetric cipher
- 1973 – 1974 Horst Fiestel
- 16 rounds, Fiestel funciton
- expansion, XOR, substitution, permutation
- Better methods than brute force attack are known
- 3DES
- good for thepresent

Asymmetric Cryptography: RSA

- A pair of keys is needed
- Public key
- Private key
- Try to
- count 13*37
- factorize 527
- Security relies on infeasible factorization of p*q (p,q are primes)
- The secret key is derived from a product

Using RSA for Encryption and Digital Signature

- Using RSA for encryption
- Sender encrypts the message with receiver’s public key (everyone can do this)
- Only receiver is able to decrypt the message (s/he is the only one having private key)
- Using RSA for digital signature
- Author encrypts the message (hash) with his own private key (only he can do this)
- Anybody can examine his/her authorship by decrypting the message by author’s public key
- Combination (encryption and signature)
- Sender encrypts the message both with receiver’s public key and his own private key
- Only receiver can decrypt the message and examine authorship

Bypassing cryptography

- Cryptanalysis stands behind cryptography
- “Unbreakable” ciphers are known
- Meant unbreakable in reasonable time
- Electromagnetic tapping
- Messages are captured before encryption
- Tapping can be shielded; In USA special permission from FBI is required
- Viruses, Trojan horses

Steganography

- Hiding the existence of the message
- Hiding messages to almost all file types is possible
- Images, Music, Video, Executables, Text, …

Source: Wikipedia

Why to use Steganography

- Cryptography may be illegal in some countries
- We want to hide a message itself
- Security by obscurity
- Enciphered message arouse suspicion
- Protection of communication parties
- Not only of a message

Steganography in Antiquity and in the Middle Ages

- The battle of Salamis (480 BC)
- message hidden under wax on empty tables
- The revolt against Persians
- The message tattooed to the shaved head of a slave, hidden by regrown hair
- China
- message written on silk in a wax bullet, messenger swallowed the bullet…
- Italy
- Secret inks

Steganography in the WW2

- Hiding messages into toys, dolls, flowers…
- Sending these things was later banned in UK and USA
- Microdots
- Text reduced onto size of 1mm
- Pasted instead of period
- Text covered by post stamp

Second letters

- „Apparentlyneutral's protest isthoroughlydiscounted and ignored. Isman hard hit. Blockadeissueaffects pretext for embargo on by-products, ejectingsuets and vegetableoils.“
- Used by Germanspy
- PERSHING SAILS FROM NY JUNE 1

Digital Steganography

- Hiding messages into data files
- Terminology:
- Plaintext – message to be hid
- Text or a file
- Enciphered plaintext (ciphertext)
- Covertext – carrier of a message – file we hide in
- Stegotext – carrier containing a message

Usage of Steganography

- WTC attacks on Sep 11 2001
- Al Quaeda – maps and instruction hidden in images on sport chats and porn sites
- Software watermarks
- Microsoft’s patent – information about license is hidden into executable
- Printer steganography
- Yellow tracking dots
- Intelligence services
- Communication with illegal agents

Steganographic methods for text

- Any message is a sequence of 0 and 1
- We need to encode 2 different symbols/states
- Plain text
- White characters at the end of line
- Similar characters (I-1, O-0, etc.)
- Formatted text
- Similar fonts
- Move of lines (by 1/300 inch)

Steganographic methods for images

- The most often transferred multimedia
- Attracts less attention
- LSB = Least Significant Bit
- Serves for carrying the information
- Image data is changed slightly
- Human eye cannot recognize any change
- Color palette
- Order of colors encodes message
- JPEG matrix
- Less significant positions in hue matrix

Steganographic methods for audio

- LSB (same as images)
- Parity coding
- Uses parity bit as a carrier
- Phase movement (WAV)
- DCT decomposes signal to (co)sines
- Phase movement encodes message
- Composition of sines to “original” sound
- Totally different data
- Encoding to noise
- Echo coding

Steganography in executables

- Executable = sequence of instructions
- Interchangable instructions
- A := 3; B := 5; S := A + B;
- Positive / negative conditions
- Content of unused variables
- Jump over part with message

Steganalysis

- Trying known methods
- Comparing with known originals
- Statistical analysis
- Data from the same source
- Noise analysis
- Data may be changed before hiding
- Compression, adding prefixes/suffixes

Steganographic software

- www.stegoarchive.com
- www.spammimic.com
- JPHS (JPEG Hide and Seek)

Sources

- Literature
- Simon Singh: The Code Book
- David Kahn: The Codebreakers
- Serge Vaudenay: A Classical Introduction to Cryptography: Applications for Communications Security
- Internet
- computer.howstuffworks.com/computer-internet-security-channel.htm
- en.wikipedia.org/wiki/Category:Computer_security
- www.stegoarchive.com

The end

- Thank you for your attention
- Questions?

Download Presentation

Connecting to Server..