Computer security module 1
-
Upload
deepak-john -
Category
Education
-
view
79 -
download
5
Transcript of Computer security module 1
![Page 1: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/1.jpg)
Cryptography and Network Security
Deepak John
SJCET-Pala
![Page 2: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/2.jpg)
Plain text : Original message(Message to be send)
Cipher Text : Message after transformation.
Encryption/Enciphering : Conversion of plain text to cipher
text
Decryption/Deciphering : Conversion of cipher text to plain
text
Cryptography: Area of Study about encryption and
decryption
Cipher/Cryptographic System: Entire system of
encryption/decryption.
Cryptanalysis : Cryptanalysis is the art of breaking codes
and ciphers
Cryptology : Study of Cryptography and cryptanalysis.
![Page 3: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/3.jpg)
Definitions
Computer Security - generic name for the collection of tools designed to protect data and to prevent hackers
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission over a collection of interconnected networks
![Page 4: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/4.jpg)
Key Security Concepts • Confidentiality is roughly
equivalent to privacy
• Integrity involves maintaining
the consistency, accuracy, and
trustworthiness of data over its
entire life cycle.
![Page 5: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/5.jpg)
Computer Security Challenges 1. not simple
2. must consider potential attacks
3. involve algorithms and secret info
4. must decide where to deploy mechanisms
5. battle of wits between attacker / admin
6. not perceived on benefit until fails
7. requires regular monitoring
8. regarded as impediment to using system
![Page 6: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/6.jpg)
OSI Security Architecture
ITU-T X.800 “Security Architecture for OSI”
defines a systematic way of defining and providing
security requirements.
Aspects of Security
consider 3 aspects of information security:
security attack
security mechanism
security service
![Page 7: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/7.jpg)
Security Attack
any action that compromises the security of information
owned by an organization
often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks
passive
active
![Page 8: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/8.jpg)
Passive Attacks
Passive attacks do not affect system resources
Two types of passive attacks
Unauthorized reading of messages
Traffic analysis
Passive attacks are very difficult to detect
Message transmission apparently normal
No alteration of the data
![Page 9: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/9.jpg)
![Page 10: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/10.jpg)
Active Attacks Active attacks try to alter system resources or affect their
operation
Modification of data, or creation of false data
Four categories
Masquerade
Replay
Modification of messages
Denial of service: preventing normal use
A specific target or entire network
Difficult to prevent
The goal is to detect and recover
![Page 11: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/11.jpg)
![Page 12: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/12.jpg)
![Page 13: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/13.jpg)
Security Mechanism Are designed to detect, prevent, or recover from a security
attack
no single mechanism that will support all services required
however one particular element underlies many of the security mechanisms in use(cryptographic techniques)
Security Mechanisms (X.800) • specific security mechanisms: incorporated into appropriate protocol layer • pervasive security mechanisms: not specific to any protocol layer
![Page 14: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/14.jpg)
![Page 15: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/15.jpg)
![Page 16: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/16.jpg)
Security Service
enhance security of data processing systems and
information transfers of an organization
using one or more security mechanisms
Example
X.800: defines a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers.
![Page 17: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/17.jpg)
Security Services (X.800)
Authentication - assurance that the communicating entity is the one claimed
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality –protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in a communication
Availability – resource accessible/usable
![Page 18: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/18.jpg)
Model for Network Security
![Page 19: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/19.jpg)
using this model requires us to:
1. design a suitable algorithm for the security transformation
2. generate the secret information (keys) used by the algorithm
3. develop methods to distribute and share the secret information
4. specify a protocol enabling the principals to use the transformation and secret information for a security service
![Page 20: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/20.jpg)
Model for Network Access Security
using this model requires us to:
1. select appropriate gatekeeper functions to identify users
2. implement security controls to ensure only authorised users access designated information or resources
![Page 21: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/21.jpg)
Fundamentals of Abstract Algebra
![Page 22: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/22.jpg)
Group
A group G is a set of elements and some generic operation/s, with some certain relations:
Axioms:
A1 (Closure) If {a,b} G, then (a.b)G
A2 (Associative) law:(a·b)·c = a·(b·c)
A3 (has identity) e: e·a = a·e = a
A4 (has inverses) a’: a·a’= e
A5 (has commutative) a·b = b·a,
A G is a finite group if has a finite number of elements
A G is abelian if it is commutative,
![Page 23: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/23.jpg)
Cyclic Group
a group G is cyclic if every element of G is a power of
some fixed element a G
ie b = ak for some a and every b in group (k is an integer).
a is said to be a generator of the group
![Page 24: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/24.jpg)
Ring
a set of “numbers” denoted by {R,+,X} with two operations (addition and multiplication) which form:
an abelian group with addition operation (R satisfies axioms A1-A5)
and multiplication:
closure :If a and b belong to R, then ab is also in R. (M1)
Associative:a(bc) = (ab)c for all a, b, c in R. (M2)
distributive over addition:(a(b+c) = ab + ac) (M3)
Commutative: ab = ba for all a, b in R. (M4)
Multiplicative identity: There is an element 1 in R such that a1 = 1a = a for all a in R. (M5)
No zero divisors: If a, b in R and ab = 0, then either a = 0 or b = 0 (M6)
![Page 25: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/25.jpg)
if multiplication operation is commutative, it forms a commutative ring
if multiplication operation has an identity and no zero divisors, it forms an integral domain
![Page 26: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/26.jpg)
Field
a set of numbers denoted by
{F,+,X}
with two operations which
form:
abelian group for
addition(F satisfies axioms
A1-A5)
abelian group for
multiplication (F satisfies
axioms A1-M6 ignoring 0)
![Page 27: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/27.jpg)
Modular Arithmetic
The Modulus
If ‘a’ is an integer and ‘n’ is a positive integer, we define “a
mod n” to be the remainder when ‘a’ is divided by n . The
integer ‘n’ is called the modulus.
Two integers ‘a’ and ‘b’ are said to be congruent modulo n,
if (a mod n)=(b mod n).
This can be written as a ≡ b (mod n)
i.e when divided by n, a & b have same remainder
eg. 100 ≡ 34 mod 11
![Page 28: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/28.jpg)
Modulo 8 Addition Example + 0 1 2 3 4 5 6 7
0 0 1 2 3 4 5 6 7
1 1 2 3 4 5 6 7 0
2 2 3 4 5 6 7 0 1
3 3 4 5 6 7 0 1 2
4 4 5 6 7 0 1 2 3
5 5 6 7 0 1 2 3 4
6 6 7 0 1 2 3 4 5
7 7 0 1 2 3 4 5 6
![Page 29: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/29.jpg)
![Page 30: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/30.jpg)
Euclidean Algorithm an efficient way to find the GCD(a,b)
uses theorem that:
GCD(a,b) = GCD(b, a mod b)
The algorithm assumes a > b > 0.
EUCLID(a,b)
1. A = a; B = b
2. if B = 0 return A = gcd(a, b)
3. R = A mod B
4. A = B
5. B = R
6. goto 2 algorithm progression
![Page 31: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/31.jpg)
FINITE FIELDS OF THE FORM GF(p) Galois Fields
order of a finite field (number of elements in the field) must
be a power of a prime .known as Galois Fields
GF(p) is the set of integers {0,1, … , p-1} with arithmetic
operations modulo prime p.
The simplest finite field is GF(2). Its arithmetic operations
are easily summarized:
Addition Multiplication
![Page 32: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/32.jpg)
Finding Multiplicative Inverse in GF(p) EXTENDED EUCLID(m, b)
1. (A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
2. if B3 = 0
return A3 = gcd(m, b); no inverse
3. if B3 = 1
return B3 = gcd(m, b); B2 = b–1 mod m
4. Q = A3 div B3
5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)
6. (A1, A2, A3)=(B1, B2, B3)
7. (B1, B2, B3)=(T1, T2, T3)
8. goto 2
![Page 33: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/33.jpg)
Ex: Inverse of 550 in GF(1759)
Q A1 A2 A3 B1 B2 B3
— 1 0 1759 0 1 550
3 0 1 550 1 –3 109
5 1 –3 109 –5 16 5
21 –5 16 5 106 –339 4
1 106 –339 4 –111 355 1
![Page 34: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/34.jpg)
Symmetric Encryption
or conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are private-key
Requirements
two requirements for secure use of symmetric encryption:
a strong encryption algorithm
a secret key known only to sender / receiver
Classical Encryption Techniques
![Page 35: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/35.jpg)
Symmetric Cipher Model
![Page 36: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/36.jpg)
Mathematically:
Y = E(K, X) X = D(K, Y)
X = plaintext
Y = ciphertext
K = secret key
E = encryption algorithm
D = decryption algorithm
Both E and D are known to public
![Page 37: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/37.jpg)
Model of conventional cryptosystem
![Page 38: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/38.jpg)
Cryptography characterize cryptographic system by:
i. Type of encryption operations used
ii. Number of keys used
iii. Way in which plaintext is processed
i. Type of encryption operations used
Substitution: each element in the plaintext is mapped
into another element,
Transposition: elements in the plaintext are rearranged.
Product : using multiple stages of substitutions and
transpositions
![Page 39: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/39.jpg)
ii. number of keys used
single-key or private / two-key or public
iii. way in which plaintext is processed
block : processes the input one block of elements at a
time, producing an output block for each input
block.
stream: processes the input elements continuously,
producing output one element at a time, as it goes
along.
![Page 40: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/40.jpg)
Cryptanalysis
objective to recover key not just message
general approaches:
cryptanalytic attack
brute-force attack
![Page 41: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/41.jpg)
i. Cryptanalytic Attacks
classified by how much information needed by the attacker:
Ciphertext-only attack
Known-plaintext attack
Chosen-plaintext attack
Chosen-ciphertext attack
![Page 42: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/42.jpg)
Ciphertext-only attack
only know algorithm & ciphertext
An encryption scheme is completely insecure if it cannot
resist ciphertext-only attacks.
known plaintext
Know plaintext & ciphertext
chosen plaintext
select plaintext and obtain ciphertext
chosen ciphertext
select ciphertext and obtain plaintext
![Page 43: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/43.jpg)
Brute Force Search
most basic attack, proportional to key size
always possible to simply try every key
An attacker has an encrypted message .They know that
this file contains data they want to see, and they know
that there’s an encryption key that unlocks it. To decrypt
it, they can begin to try every single possible password
and see if that results in a decrypted file.
![Page 44: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/44.jpg)
Classical Substitution Ciphers
where letters of plaintext are replaced by other letters or
by numbers or symbols
or if plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with
ciphertext bit patterns
![Page 45: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/45.jpg)
Caesar Cipher
earliest known substitution cipher by Julius Caesar
replaces each letter by 3rd letter on
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
![Page 46: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/46.jpg)
Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
Cryptanalysis of Caesar Cipher
only have 26 possible ciphers
could simply try each in turn
a brute force search
given ciphertext, just try all shifts of letters
![Page 47: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/47.jpg)
Monoalphabetic Cipher
rather than just shifting the alphabet could shuffle the letters arbitrarily
each plaintext letter maps to a different random ciphertext letter
hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
![Page 48: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/48.jpg)
Monoalphabetic Cipher Security
Now we have a total of 26! = 4 x 1026 keys.
With so many keys, it is secure against brute-force attacks.
But not secure against some cryptanalytic attacks.
Problem is language characteristics.
![Page 49: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/49.jpg)
Language Statistics and Cryptanalysis
Human languages are not random.
Letters are not equally frequently used.
In English, E is by far the most common letter, followed by
T, R, N, I, O, A, S.
Other letters like Z, J, K, Q, X are fairly rare.
There are tables of single, double & triple letter frequencies
for various languages
To attack, we
calculate letter frequencies for ciphertext
compare this distribution against the known one
![Page 50: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/50.jpg)
Example Cryptanalysis
Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies
Guess {P, Z} = {e, t}
Of double letters, ZW has highest frequency, so guess ZW = th and hence ZWP = the
Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
![Page 51: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/51.jpg)
Playfair Cipher
Not even the large number of keys in a monoalphabetic
cipher provides security.
One approach to improving security is to encrypt multiple
letters at a time.
The Playfair Cipher is the best known such cipher.
Invented by Charles Wheatstone in 1854, but named after
his friend Baron Playfair.
![Page 52: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/52.jpg)
Playfair Key Matrix
Use a 5 x 5 matrix.
The matrix is constructed by filling in the letters of the
keyword without duplicates from left to right and from top
to bottom.
Fill the rest of matrix with other letters in alphabetic order.
E.g., key = MONARCHY. M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
![Page 53: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/53.jpg)
Encrypting and Decrypting plaintext encrypted two letters at a time:
1. if a pair is a repeated letter, insert a filler like 'X',
eg. "balloon" encrypts as "ba lx lo on"
2. if both letters fall in the same row, replace each with letter
to right (wrapping back to start from end),
eg. “ar" encrypts as "RM"
3. if both letters fall in the same column, replace each with
the letter below it (again wrapping to top from bottom),
eg. “mu" encrypts to "CM"
4. otherwise each letter is replaced by the one in its row in the
column of the other letter of the pair,
eg. “hs” encrypts to "BP", and “ea" to "IM" or "JM"
![Page 54: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/54.jpg)
Security of Playfair Cipher
Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters or diagrams .
would need a 676 entry frequency table to analyse
Was widely used for many decades
eg. by US & British military in WW1 and early WW2
![Page 55: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/55.jpg)
Polyalphabetic Ciphers
A sequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk)
is used in turn to encrypt letters.
A key determines which sequence of ciphers to use.
Each plaintext letter has multiple corresponding ciphertext
letters.
This makes cryptanalysis harder since the letter frequency
distribution will be flatter
repeat from start after end of key is reached
![Page 56: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/56.jpg)
Vigenère Cipher
Simplest polyalphabetic substitution cipher
Consider the set of all Caesar ciphers:
{ Ca, Cb, Cc, ..., Cz }
Key: e.g. security
Encrypt each letter using Cs, Ce, Cc, Cu, Cr, Ci, Ct, Cy in turn.
Repeat from start after Cy.
Decryption simply works in reverse.
56
![Page 57: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/57.jpg)
Example of Vigenère Cipher
![Page 58: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/58.jpg)
Security of Vigenère Ciphers
There are multiple ciphertext letters corresponding to each plaintext letter.
To break Vigenere cipher:
1. Try to guess the key length.
2. If key length is N, the cipher consists of N Caesar
ciphers. Plaintext letters are encoded by the same
cipher.
3. Attack each individual cipher.
![Page 59: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/59.jpg)
One-Time Pad
if a truly random key as long as the message is used, the
cipher will be secure
called a One-Time pad
is unbreakable since ciphertext has no statistical relationship
to the plaintext
since for any plaintext & any ciphertext there exists a key
mapping one to other
can only use the key once
problems in generation & safe distribution of key
![Page 60: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/60.jpg)
Transposition Ciphers
Also called permutation ciphers.
these hide the message by rearranging the letter order.
without altering the actual letters used
Rail Fence cipher
write message letters out diagonally over a number of rows
Key: the number of Rails
Ciphertext: read off cipher row by row.
![Page 61: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/61.jpg)
eg. write message out as:
defend the east wall
Obtained ciphertext
DNETLEEDHESWLXFTAAX
![Page 62: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/62.jpg)
Row Transposition Ciphers
a more complex transposition
write letters of message in a rectangle in rows over a specified number of columns (related to the length of the key) and read out message column by column
then reorder the columns according to some key before reading off the rows
Key: 3 4 2 1 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
![Page 63: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/63.jpg)
Product Ciphers
Uses a sequence of substitutions and transpositions
Harder to break than just substitutions or transpositions
this is bridge from classical to modern ciphers.
Rotor Machines
before modern ciphers, rotor machines were most common product cipher.
implemented a very complex, varying substitution cipher
used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted
with 3 cylinders have 263=17576 alphabets
![Page 64: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/64.jpg)
Steganography
Hide a message in another message.
E.g., hide your plaintext in a graphic image
Each pixel has 3 bytes specifying the RGB color
The least significant bits of pixels can be changed w/o greatly affecting the image quality
So can hide messages in these LSBs
Advantage: hiding existence of messages
Drawback: high overhead
![Page 65: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/65.jpg)
Hill Cipher
Multiletter or block cipher developed by Lester Hill in
1929,based on matrix multiplication
Key: an invertible m x m matrix (where m is the block
length)
Encryption
• first turn our keyword into a key matrix
• turn the plaintext into a column vector.
• then perform matrix multiplication modulo the length of
the alphabet (i.e. 26) on each vector.
• These vectors are then converted back into letters to
produce the ciphertext
![Page 66: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/66.jpg)
Example
• plaintext : “short example”, keyword : hill use 2 x 2
matrix.
• turn the keyword into a matrix.
• With the keyword in a matrix, we need to convert this into
a key matrix. We do this by converting each letter into a
number by its position in the alphabet (starting at 0). So, A
= 0, B = 1, C= 2, D = 3, etc.
The keyword written as a matrix. The key matrix
![Page 67: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/67.jpg)
• Convert plaintext to column vectors.
• convert the plaintext column vectors to plaintext matrix by
replacing each letter by its appropriate number.
• multiply the key matrix by each column vector in turn.
The algebraic rules of matrix multiplication.
![Page 68: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/68.jpg)
So we get
we have to reduce the resultant column vector modulo 26.
Repeating this procedure gives us a final ciphertext of
"APADJ TFTWLFJ".
![Page 69: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/69.jpg)
Message P =“ACTDOG”, use m=3
Break into two blocks: “ACT”, and “DOG”
For the first block “ACT” is the vector 'A' is 0, 'C' is 2 and
'T' is 19, the vector: x=
Encryption key is a 3*3 matrix: K=
The cipher text of the first block is:
c = K∙x
c =‘POH’
![Page 70: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/70.jpg)
If the first block plaintext is ‘CAT’
x =
c=K ∙ x
c= ‘FIN’
Cryptanalysis: - hard with ciphertext-only
- easy with known plaintext:
![Page 71: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/71.jpg)
Decryption
To decrypt a ciphertext encoded using the Hill Cipher, we
first multiply the inverse key matrix (K-1) with each
column vectors that the ciphertext is split into, take the
results modulo the length of the alphabet, and finally
convert the numbers back to letters.
where K is the key matrix, d is the determinant of the key
matrix and adj(K) is the adjugate matrix of K.
Where
General method to calculate the inverse key matrix.
![Page 72: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/72.jpg)
Example:
keyword :hill , ciphertext :"APADJ TFTWLFJ".
Multiplicative Inverse of the Determinant
The keyword written as a matrix. The key matrix
Algebraic method to calculate the determinant of a 2 x 2 matrix.
Once we have found this value, we need to take the number
modulo 26.
![Page 73: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/73.jpg)
Calculating the determinant of our 2 x 2 key matrix.
now have to find the multiplicative inverse of the
determinant working modulo 26. That is, the number
between 1 and 25 that gives an answer of 1 when we
multiply it by the determinant. So, in this case, we are
looking for the number that we need to multiply 15 by to
get an answer of 1 modulo 26.
ie
![Page 74: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/74.jpg)
By trail and error we found that the multiplicative inverse of
the determinant modulo 26 is 7.
The adjugate matrix is a matrix of the same size as the
original. That is, we swap the top left and bottom right
numbers in the key matrix, and change the sign of the the
top right and bottom left numbers. Algebraically this is
given below.
The adjugate matrix of a 2 x 2 matrix.
![Page 75: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/75.jpg)
once we have these values we will need to take each of them
modulo 26 (in particular, we need to add 26 to the negative
values to get a number between 0 and 25). For our example
we get the matrix below.
The adjugate matrix of the key matrix.
![Page 76: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/76.jpg)
To get the inverse key matrix, we now multiply the inverse
determinant (that was 7 in our case) by each of the elements
of the adjugate matrix . Then we take each of these answers
modulo 26.
Ie
Multiplying the multiplicative inverse of the determinant by the adjugate
to get the inverse key matrix.
![Page 77: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/77.jpg)
convert the ciphertext into column vectors and multiply the
inverse matrix by each column vector in turn, take the
results modulo 26 and convert these back into letters to get
the plaintext.
After multiplying inverse key matrix with ciphertext
column vector, We get back our plaintext of "short
example".
![Page 78: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/78.jpg)
Block Ciphers
In a block cipher:
Plaintext and ciphertext have fixed length b (e.g., 128 bits)
A plaintext of length n is partitioned into a sequence of m
blocks, P[0], …, P[m1], where n bm n + b
Each message is divided into a sequence of blocks and
encrypted or decrypted in terms of its blocks.
Plaintext
Blocks of plaintext
Requires padding with extra bits.
![Page 79: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/79.jpg)
Claude Shannon and Substitution-Permutation Ciphers Claude Shannon introduced idea of (S-P) networks in 1949
.form basis of modern block ciphers
based on the two primitive cryptographic operations :
substitution (S-box): Replace n bits by another n bits
permutation (P-box): Bits are rearranged. No bits are
added/removed.
provide confusion & diffusion of message & key
diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
confusion – makes relationship between ciphertext and key as complex as possible
![Page 80: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/80.jpg)
Feistel Cipher Structure
Horst Feistel devised the feistel cipher
based on concept of invertible product cipher
partitions input block into two halves
Perform a substitution on left data half based on a function
of right half & subkey (Round Function).
Then permutation by swapping halves
Practical implementation of Shannon’s S-P net concept.
Repeat this round of S-P many times
![Page 81: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/81.jpg)
Feistel Cipher Design Elements
block size :Larger block sizes mean greater security but
reduced encryption/decryption speed for a given algorithm.
Ex:64,128bits
key size :Larger key size means greater security but may
decrease encryption/ decryption speed.
number of rounds :multiple rounds offer increasing security.
A typical size is 16 rounds.
subkey generation algorithm: Greater complexity in this
algorithm should lead to greater difficulty of cryptanalysis.
![Page 82: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/82.jpg)
round function :greater resistance to cryptanalysis.
fast software encryption/decryption: the speed of execution
of the algorithm becomes a concern.
ease of analysis
Input: 2w bits (L0, R0)
L1 = R0
R1= L0 xor F(R0, K1) K1 is the first subkey
![Page 83: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/83.jpg)
• Encryption:
L1 = R0 R1 = L0⊕f1(R0,K0)
L2 = R1 R2 = L1⊕f2(R1,K1)
Ln+1 = Rn Rn+1 = Ln⊕fn(Rn, Kn) R1 L1
Rn Ln
![Page 84: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/84.jpg)
• Decryption:
Rn = Ln+1 Ln = Rn+1⊕fn(Ln+1 ,Kn)
R0 = L1; L0 = R1⊕f0(L1 ,K0) Rn Ln
R1 L1
![Page 85: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/85.jpg)
Data Encryption Standard (DES)
Features:
– Block size = 64 bits
– Key size = 56 bits (in reality, 64 bits, but 8 are used as
parity-check bits for error control, see next slide)
– Number of rounds = 16
– 16 intermediary keys, each 48 bits
![Page 86: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/86.jpg)
Key length in DES
In the DES specification, the key length is 64 bit:
8 bytes; in each byte, the 8th bit is a parity-check bit
![Page 87: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/87.jpg)
DES Encryption Overview
![Page 88: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/88.jpg)
![Page 89: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/89.jpg)
Initial Permutation IP
first step of the data
computation
reorders the input data bits
• This table specifies the
input permutation on a 64-
bit block.
• The meaning is as follows:
the first bit of the output is
taken from the 58th bit of
the input;
the second bit from the
50th bit, and so on, with
the last bit of the output
taken from the 7th bit of
the input.
![Page 90: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/90.jpg)
Final Permutation (IP-1)
The final permutation is the inverse of the initial
permutation;
That is, the output of the Final Permutation has bit 40 as its
first bit, bit 8 as its second bit, and so on, until bit 25 as the
last bit of the output.
![Page 91: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/91.jpg)
DES Round Structure
uses two 32-bit L & R halves
Li = Ri–1
Ri = Li–1 F(Ri–1, Ki)
![Page 92: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/92.jpg)
F takes 32-bit R half and 48-bit subkey
E is an expansion function which takes a block of 32 bits as input and produces a block of 48 bits as output.
16 bits appear twice, in the expansion
48 bit added to subkey using XOR
And the result is passes through 8 S-boxes to get 32-bit result
finally permutes using 32-bit P
DES F Function
Expansion table
![Page 93: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/93.jpg)
![Page 94: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/94.jpg)
Substitution Boxes S
Each of the unique selection functions S1,S2,...,S8, takes a
6-bit block as input and yields a 4-bit block as output
![Page 95: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/95.jpg)
![Page 96: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/96.jpg)
DES Key Schedule
forms subkeys used in each round consists of:
• initial permutation of the key (PC1) which selects 56-bits in
two 28-bit halves
• 16 stages consisting of:
rotating each half separately
Give the shifted output to next round and permuting them
by PC2 for use in function f, selecting 24-bits from each
half
![Page 97: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/97.jpg)
K=64 bit
K1….K16=48 bits
C,D=28 bits
Ci=LSi(Ci-1)
Di=LSi(Di-1)
Ki=PC-2(CiDi)
![Page 98: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/98.jpg)
DES Decryption
Decryption uses the same algorithm as encryption, except
that the subkeys K1, K2,…K16 are applied in reversed
order.
Avalanche effect
A desirable property of any encryption algorithm is that a
small change in either plaintext or key should produce
significant changes in the ciphertext.
DES exhibits a strong avalanche effect.
![Page 99: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/99.jpg)
Strength of DES
Key Size: 56-bit keys have 256 values, brute force search
looked hard.
Timing Attacks: is one in which information about the key
or the plaintext is obtained by observing how long it takes a
given implementation to perform decryptions on various
ciphertexts. DES appears to be fairly resistant to a successful
timing attack.
Nature of the DES Algorithm
![Page 100: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/100.jpg)
Cryptanalysis of DES
Weak Keys: encrypting twice with a weak key K produces
the original plaintext.
EK(EK(x))=x
for all weak keys should be avoided at key generation. Four
weak keys in DES
semi-weak keys: which only produce two different subkeys,
each used eight times in the algorithm. We can refer to them
as K1 and K2.They have the property that
EK1(EK2(x))=x
![Page 101: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/101.jpg)
Differential Cryptanalysis (Biham-Shamir)
• This is a chosen plaintext attack, assumes than an attacker
knows (Plaintext, Ciphertext) pairs
• involves comparing the XOR of 2 plaintexts to the XOR
of the 2 corresponding ciphertexts
• Difference ΔP = P1⊕P2, ΔC = C1⊕C2
• Distribution of ΔC’s given ΔP may reveal information about
the key (certain key bits)
• After finding several bits, use brute-force for the rest of the
bits to find the key.
![Page 102: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/102.jpg)
DES was resistant to differential cryptanalysis. S-boxes were
designed to resist differential cryptanalysis.
Against 16-round DES, attack requires 247 chosen plaintexts.
Differential cryptanalys is not effective against DES in practice.
![Page 103: Computer security module 1](https://reader038.fdocuments.net/reader038/viewer/2022102621/55a58f181a28ab636c8b46bc/html5/thumbnails/103.jpg)
Linear Cryptanalysis of DES
another recent development
also a statistical method
must be iterated over rounds, with decreasing probabilities
developed by Matsui et al in early 90's
based on finding linear approximations
can attack DES with 243 known plaintexts, easier but still in practise infeasible