Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Part 1: Cryptography
Outlines:1. Basics of Cryptography 2. Attacking Cryptography 3. How secure is secure? 4. Properties of Encryption Algorithms 5. Classification of Encryption Algorithms
The Story
Before we start, let us go back to the early methods of encryption or ciphering techniques . They are based on substitution.
Caesar Cipher
Earliest known substitution cipher by Julius Caesar First attested use in military affairs Replaces each letter by 3rd letter on Example:
MEET ME AFTER THE TOGA PARTY PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher
Mathematically give each letter a number Then have Caesar cipher as:
c = E(p) = (p + k) mod (26) p = D(c) = (c k) mod (26)
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Monoalphabetic Cipher rather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long
Human languages are redundant Letters are not equally commonly used In english E is by far the most common letter, followed by T,R,N,I,O,A,S Other letters like Z,J,K,Q,X are fairly rare Combinations of letters such th, gh, ph, ion,..Etc. There are tables of single, double & triple letter frequencies for various languages
Use in Cryptanalysis
Key concept - monoalphabetic substitution ciphers do not change relative letter frequencies Discovered by Arabian scientists Al kindi in 9th century Calculate letter frequencies for ciphertext Compare counts/plots against known values If Caesar cipher look for common peaks/troughs peaks at: A-E-I triple, NO pair, RST triple troughs at: JK, X-Z For monoalphabetic; identify each letter Tables of common double/triple letters may help
Example Cryptanalysis
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ UTQAOVUOHXMOEVGEOTEEVSGTHATOEFEEAXUDBMETAXAIZ
count relative letter frequencies (from text) guess P & Z are e and t guess ZW is th and hence ZWP is the proceeding with trial and error finally get:
it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the Viet Cong in Moscow
Playfair Cipher
not even the large number of keys in a monoalphabetic cipher provides security one approach to improving security was to encrypt multiple letters the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair
a 5X5 matrix of letters based on a keyword fill in letters of keyword (without duplicates) fill rest of matrix with other letters eg. using the keyword MONARCHY
M C E L U O H F P V N Y G Q W A B I/J S X R D K T Z
plaintext is encrypted two letters at a time 1. if a pair is a repeated letter, insert filler like 'X. E.g., Balloon,...> ba lx lo on 2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end). E.g., ar..> RM 3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), e.g. mu ..> CM 4. otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair (hs to BP and ea to IM or JM)
Polyalphabetic Ciphers
improve security using multiple cipher alphabets make cryptanalysis harder with more alphabets to guess and flatter frequency distribution use a key to select which alphabet is used for each letter of the message use each alphabet in turn repeat from start after end of key is reached
Vigenre Cipher
simplest polyalphabetic substitution cipher effectively multiple Caesar ciphers key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d, length of key letters in message decryption simply works in reverse
10
write the plaintext out write the keyword repeated above it use each key letter as a Caesar cipher key encrypt the corresponding plaintext letter e.g. using keyword deceptive
One-Time Pad
if a truly random key as long as the message is used, the cipher will be secure , called a One-Time pad, is unbreakable since ciphertext bears no statistical relationship to the plaintext, since for any plaintext & any ciphertext there exists a key mapping one to other, can only use the key once though, and problems in generation & safe distribution of key
11
23
Cryptographic Algorithms
The two main applications of cryptographic algorithms of principal interest are:
12
25
Symmetric cryptography
Encryption and decryption keys are known to both communicating parties. They are usually related and it is easy to derive the decryption key once one knows the encryption key. In most cases, they are identical. All of the classical (pre-1970) cryptosystems are symmetric. Examples : DES and AES (Rijndael) A Secret should be shared (or agreed) between the communicating parties.
26
13
Asymmetric cryptography
Each user has a pair of keys which are generated together under a scheme: Private Key - known only to the owner Public Key - known to anyone in the systems with assurance Why public key cryptography ? Key Distribution and Management is difficult in Symmetric Cryptoystems (DES, 3DES, IDEA, AES(Rijndael) over large networks. No Electronic Signature with symmetric ciphers
27
Examples of Public Key Cryptosystems are: RSA Discrete Logarithm based cryptosystems. (El-Gamal) Elliptic Curve Cryptosystems
28
14
29
2- Attacking Cryptography
Cryptanalysis
30
15
ciphertext only
Only you know the algorithm and ciphertext. Statistical can identify plaintext
Ciphertext-Only Attack
31
known plaintext
You only Know a copy of ciphertext and the corresponding plaintext. Try to deduce the key.
Known-Plaintext Attack
32
16
chosen plaintext
You have a copy of ciphertext corresponding to a copy of a selected plaintext which may be useful to deduce the key.
chosen ciphertext You have a plaintext corresponding to a copy of a selected ciphertext which may be useful to deduce the key.
Chosen-ciphertext Attack
34
17
chosen text select either plaintext or ciphertext to en/decrypt to attack cipher Important directions in cryptanalysis: -Computation of discrete logarithms -Factorization of large integers
35
36
18
Attacks on protocols
Known-key attack: obtain some previous keys and use the information to get the new ones Replay: the adversary records a communication session and replays the entire session or portions of it at a later time
37
assume
the
Dictionary: the attacker has a list of probable passwords, hashes them and compares with the entries in the list of true encrypted passwords hoping to get a match
38
19
In general, evaluating the security of a system is a crucial and most difficult task.
39
If the ciphertext does not contain enough information to determine uniquely the corresponding plaintext. Consequently, the attacker cannot find the plaintext regardless of how much time and computational power he has because the information is not there! Bad news: only one known system has this property: one-time pad
40
20
Contd.
Complexity-theoretic security
Consider a model of computation (e.g., Turing machine) and adversaries modeled as having polynomial computational power Consider the weakest possible assumptions and the strongest possible attacker and do worst-case or at least average-case analysis
41
Provable security
Prove that breaking the system is equivalent with solving a supposedly difficult (math) problem (e.g., from Number Theory)
Computationally secure
The (perceived) cost of breaking the system exceeds the value of the encrypted information. The (perceived) time required to break the system exceeds the useful lifetime of the information
42
21
The brute force attack tries every possible key until it finds an intelligible plaintext: Every cryptographic algorithm can in theory be attacked by brute force On average, half of all possible keys will have to be tried
Source: W. Stallings
43
44
22
45
Consider, a sender is encrypting plaintext messages P1, P2,.. to ciphertext messages C1, C2, ... Then the following properties of the encryption algorithm are of special interest:
Error Propagation, and Synchronization.
46
23
Error propagation
characterizes the effects of bit-errors during transmission of ciphertext to reconstructed plaintext P1, P2, ... Depending on the encryption algorithm there may be one or more erroneous bits in the reconstructed plaintext per erroneous ciphertext bit.
.
47
Synchronization
characterizes the effects of lost ciphertext data units to the reconstructed plaintext. Some encryption algorithms can not recover from lost ciphertext and need therefore explicit re-synchronization in case of lost messages. Other algorithms do automatically resynchronize after 0 to n (n depending on the algorithm) ciphertext bits
48
24
ctd.
3-
Block ciphers
Stream ciphers
It work on bit streams and encrypt one bit after another: Many stream ciphers are based on the idea of linear feedback shift registers, and there have been detected vulnerabilities of a lot of algorithms of this class, as there exists a profound mathematical theory on this subject.
50
25
6- Steganography
An alternative to encryption that : It hides existence of message using only a subset
51
52
26
Authentication
Ensuring that the origin of a message is correctly identified
Integrity
Ensuring that only authorized parties are able to modify computer system assets and transmitted information
Non-repudiation
Requires that neither of the authorized parties deny the aspects of a valid transaction
53
54
27
A final Word Almost all of the practical cryptosystems are theoretically breakable given the time and computational resources However, there is one system which is even theoretically unbreakable: One-time-pad.
55
28