1 / 34

FNNC DUDMHMF !

FNNC DUDMHMF !. Sghr kdbstqd hr zants dmbqxoshnm. The Caesar Cipher (Suetonius).

verne
Download Presentation

FNNC DUDMHMF !

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FNNC DUDMHMF ! Sghr kdbstqd hr zants dmbqxoshnm Harvard CSCI E-2a

  2. The Caesar Cipher (Suetonius) • “If Caesar had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.” Harvard CSCI E-2a

  3. Caesar cipher • Replace each letter by the letter that comes some fixed distance before or after it in the alphabet. Shift = 3 Gallia est omnis divisa in partes tres JDOOLD HVW RPQLV GLYLVD LQ SDUWHV WUHV Harvard CSCI E-2a

  4. Cryptography and National Security

  5. Unless the issue of encryption is resolved soon, criminal conversations over the telephone … will become indecipherable by law enforcement. This, as much as any issue, jeopardizes the public safety and national security of this country. FBI Director Louis Freeh, March 30, 1995 Harvard CSCI E-2a

  6. The Stakes Rise After 9/11 • Sept. 13, 2001: Sen. Judd Gregg (NH) calls for encryption regulations, saying encryption makers should be required to include decryption methods for government agents. • US market force would be used to constrain foreign makers of encryption products Harvard CSCI E-2a

  7. A month later, encryption is OK! • October 24, 2001: USA PATRIOT Act passes • Vastly enhanced authorization for government surveillance in the interest of national security • Not one word about encryption! • Why did US Congress drop its efforts to control encryption, barely a month after the attack on the US? Harvard CSCI E-2a

  8. Electronic Commerce! Harvard CSCI E-2a

  9. Treatise on the Astrolabe, 1391

  10. Letter Frequencies Source: Wikipedia Harvard CSCI E-2a

  11. Treatise on the Astrolabe, 1391

  12. Treatise on the Astrolabe, 1391

  13. e e e e e e e e e e e e Treatise on the Astrolabe, 1391

  14. e t t t e t t e t e e t e e t t e e e e e t Treatise on the Astrolabe, 1391

  15. e h t t h t e t t e t e e t e h e t t h e e e e e t h Treatise on the Astrolabe, 1391

  16. e h t t h t e o t o t o e t e e t o e h e t t h o e o e o e e o e t h Treatise on the Astrolabe, 1391

  17. s s e i h t t i h t e o t o t o e t i e e t o e h e t t h o e i o e o e s i e o e t h i Treatise on the Astrolabe, 1391

  18. s s e r i h t t i h t e o r t o r t o e t i e e t o e h e t t h o e i o e o e r s i e o e t h i Treatise on the Astrolabe, 1391

  19. s a s e r i h t b l v t i h t e o r t o r t o e t n i e n f e t a o e h b l e q u a t f t h o e c i n o e o n m f e r s i e o e t h i d n Treatise on the Astrolabe, 1391

  20. Substitution cipher • Replace each character of the message by another character • In general • Original message is called the plaintext • Encrypted result is called the ciphertext • Substitution ciphers easily cracked by frequency analysis Harvard CSCI E-2a

  21. Bob Alice encrypt decrypt plaintext message plaintext message ciphertext key key Eve SENDER RECEIVER retreat at dawn retreat at dawn sb%6x*cmf ciphertext ATTACKER Cryptosystems Harvard CSCI E-2a

  22. Cracking ciphers • Frequency analysis has been known since the 9th century. • Al Kindi’s Manuscript on Deciphering Cryptographic Messages Yaqub Ibn Ishaq al-Kindi (801-873) Harvard CSCI E-2a

  23. Mary Stuart, 1587 Harvard CSCI E-2a

  24. The Koan of the Yogi • “In theory there is no difference between theory and practice. In practice, there is.” Harvard CSCI E-2a

  25. Cryptologic lessons • Breakthroughs can render previously reliable cryptographic methods insecure • News of cryptanalytic breakthroughs travels slowly • Making strong encryption systems available does not guarantee they will be used Harvard CSCI E-2a

  26. Vigenère Encryption • Use several Caesar substitutions and cycle through them • Sequence of substitutions determined by a secret key Blaise de Vigenere (1523-1596) Harvard CSCI E-2a

  27. Fight fiercely, Harvard! Fight! Fight! Fight! X W T N U N Z H JQRR ZPRU NOEJ GQXK LTVM IBWL YVG

  28. Breaking Vigenère – (1) • If the key has length K, then the ciphertext letters K positions apart are specified by the same character in the key … • And thus is the result of a simple substitution • And thus can be attacked by frequency analysis • Example: Suppose the key length is three: DJBK FJWO VJSW FKDS GFJD RKEM CNEJ JKSJ FKDJ SJSS So the decryption reduces to doing frequency analysis K times – provided we know K Harvard CSCI E-2a

  29. Breaking Vigenère – (2) • To find the length of the key: • Try different values for K, looking at every Kth letter of the ciphertext, and pick the one for which the frequency distribution looks like the frequency distribution for English. • Clever methods to do this by hand: • Babbage, Kasiski: counting double letters (1850s, 1860s) • Friedman: Index of Coincidence (1920s) • With computers, we don’t need to be clever: Can do brute-force statistics Harvard CSCI E-2a

  30. Theory vs. Practice1917 Harvard CSCI E-2a

  31. One-Time Pad: Key as long as plaintext • The Only Provably Secure Cryptosystem • No patterns, so nothing to analyze • But getting the keys from Alice to Bob securely is just as hard as getting an unencrypted message! • Unsuitable for e-commerce • What would it mean to “meet” Amazon to get a key? Harvard CSCI E-2a

  32. Beware Security Through Obscurity • Kerckhoffs Principle (1883): “The system must not require secrecy, and it could fall into the hands of the enemy without causing trouble. If a system requiring secrecy were to find itself in the hands of too many individuals, it could be compromised upon each engagement in which any of them take part.” • Still regularly violated by Internet security start-ups and their credulous investors Harvard CSCI E-2a

  33. DES: The Data Encryption Standard • A 1976 public standard • 56 bit key • Long enough in 1976 • With today’s more powerful computers a brute force search through possible keys takes only a day • Superceded by Advanced Encryption Standard or “AES”: 128, 192, or 256 bit key • AES has not been cracked as far as we know Harvard CSCI E-2a

  34. But the Big Problem Remains: How to Get the Key securely from Alice to Bob? ?? Harvard CSCI E-2a

More Related