Lec1-Crypto Overview
-
Upload
ahmed-mahgoub -
Category
Documents
-
view
218 -
download
0
Transcript of Lec1-Crypto Overview
-
7/30/2019 Lec1-Crypto Overview
1/28
1
1
Cryptography Overview
2
Outlines:-1. Basics of Cryptography
2.Attacking Cryptography3.How secure is secure?4.Properties of Encryption Algorithms5.Classification of Encryption
Algorithms
Part 1: Cryptography
-
7/30/2019 Lec1-Crypto Overview
2/282
3
Before we start, let us go back to the earlymethods of encryption or cipheringtechniques . They are based on substitution.
The Story
4
Notations and Basics of Cryptography
-
7/30/2019 Lec1-Crypto Overview
3/283
Examples of SubstitutionCiphering techniques
5
Caesar Cipher
Earliest known substitution cipherby Julius Caesar
First attested use in military affairs Replaces each letter by 3rd letter on Example:
MEET ME AFTER THE TOGA PARTYPHHW PH DIWHU WKH WRJD SDUWB
-
7/30/2019 Lec1-Crypto Overview
4/284
Caesar Cipher
Can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y z
d e f g h i j k l m n o p q r s t u v w x y z a b c
Mathematically give each letter anumbera b c d e f g h i j k l m n o p q r s t u v w x y z0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Then have Caesar cipher as:c= E(p) = (p+ k) mod (26)
p= D(c) = (c k) mod (26)
Cryptanalysis of Caesar Cipher
Only have 26 possible ciphers
A is mapped to A,B,..,Z
Could simply try each in turn (a brute forcesearch)
Given ciphertext, just try all shifts of letters
Dont need to recognize once we get the plaintext
e.g., try to break ciphertext "GCUA VQDTGCM"
-
7/30/2019 Lec1-Crypto Overview
5/285
Monoalphabetic Cipher
rather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random
ciphertext letter hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: dkvqfibjwpescxhtmyauolrgzn
Plaintext: ifwewishtoreplacelettersCiphertext: wirfrwajuhyftsdvfsfuufya
Monoalphabetic Cipher Security
There is a total of 26! = 4 x 1026 keys
with so many keys, is it secure ? The answer is NO because of the
language characteristics
-
7/30/2019 Lec1-Crypto Overview
6/286
Language Redundancy and Cryptanalysis
Human languages are redundant
Letters are not equally commonly used
In english E is by far the most commonletter, followed by T,R,N,I,O,A,S
Other letters like Z,J,K,Q,X are fairly rare
Combinations of letters such th, gh, ph,ion,..Etc.
There are tables of single, double & tripleletter frequencies for various languages
English Letter FrequenciesSource: W. Stallings, Cryptography and Networking, 3rd ed. 2003
-
7/30/2019 Lec1-Crypto Overview
7/287
Use in Cryptanalysis
Key concept - monoalphabetic substitution ciphers donot change relative letter frequencies
Discovered by Arabian scientists Al kindi in 9thcentury
Calculate letter frequencies for ciphertext
Compare counts/plots against known values
If Caesar cipher look for common peaks/troughs
peaks at: A-E-I triple, NO pair, RST triple troughs at: JK, X-Z
For monoalphabetic; identify each letter
Tables of common double/triple letters may help
Example Cryptanalysis
given ciphertext:(Example from W.Stalling)UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
UTQAOVUOHXMOEVGEOTEEVSGTHATOEFEEAXUDBMETAXAIZ
count relative letter frequencies (from text) guess P & Z are e and t guess ZW is th and hence ZWP is the
proceeding with trial and error finally get:it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the Viet Cong in Moscow
-
7/30/2019 Lec1-Crypto Overview
8/288
Playfair Cipher
not even the large number of keys in amonoalphabetic cipher provides security
one approach to improving security was toencrypt multiple letters
the Playfair Cipher is an example
invented by Charles Wheatstone in 1854,but named after his friend Baron Playfair
PlayfairKey Matrix
a 5X5 matrix of letters based on a keyword
fill in letters of keyword (without duplicates)
fill rest of matrix with other letters eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
-
7/30/2019 Lec1-Crypto Overview
9/289
Encrypting and Decrypting
plaintext is encrypted two letters at a time1. if a pair is a repeated letter, insert filler like 'X.
E.g., Balloon,...> ba lx lo on2. if both letters fall in the same row, replace each
with letter to right (wrapping back to startfrom end). E.g., ar..> RM
3. if both letters fall in the same column, replaceeach with the letter below it (again wrapping to top
from bottom), e.g. mu ..> CM4. otherwise each letter is replaced by the letter inthe same row and in the column of the other letterof the pair (hs to BP and ea to IM or JM)
Security of Playfair Cipher
security much improved over monoalphabetic since we have 26 x 26 = 676 diagrams
would need a 676 entry frequency table to analyse(verses 26 for a monoalphabetic) and correspondingly more ciphertext was widely used for many years
by US & British military in WW1 and WW2 it can be broken, given a few hundred letterssince still has much of original language or plaintextstructure
-
7/30/2019 Lec1-Crypto Overview
10/2810
Polyalphabetic Ciphers
improve security using multiple cipher alphabets
make cryptanalysis harder with more alphabets toguess and flatter frequency distribution
use a key to select which alphabet is used for eachletter of the message
use each alphabet in turn
repeat from start after end of key is reached
Vigenre Cipher
simplest polyalphabetic substitution cipher
effectively multiple Caesar ciphers
key is multiple letters long K = k1 k2 ... kd
ith letter specifies ith alphabet to use
use each alphabet in turn
repeat from start after d, length of keyletters in message
decryption simply works in reverse
-
7/30/2019 Lec1-Crypto Overview
11/2811
Example of Vigenre Cipher
write the plaintext out
write the keyword repeated above it
use each key letter as a Caesar cipher key
encrypt the corresponding plaintext letter
e.g. using keyword deceptive
Key : deceptivedeceptivedeceptive (det. Row)plaintext: wearediscoveredsaveyourself (det. Col)
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
One-Time Pad
if a truly random key as long as the messageis used, the cipher will be secure ,
called a One-Time pad, is unbreakable since ciphertext bears no
statistical relationship to the plaintext,
since for any plaintext & any ciphertextthere exists a key mapping one to other,
can only use the key once though, and
problems in generation & safe distributionof key
-
7/30/2019 Lec1-Crypto Overview
12/2812
Types of CryptographicAlogrithms
23
24
The two main applications of cryptographic algorithmsof principal interest are:
Data Encryption : transforms plaintext data intociphertext in order to conceal its meaning
Data Signature: computes a check value or digitalsignatureto a given plain- or ciphertext, that can beverified by some or all entities being able to access thesigned data. Some cryptographic algorithms can beused for both purposes, some are only secure and / orefficient for one of them.
Cryptographic Algorithms
-
7/30/2019 Lec1-Crypto Overview
13/2813
25
Principal categories of cryptographicalgorithms:
Symmetric cryptography
Asymmetric cryptography
Cryptographic hash functions
26
Symmetric cryptography
Encryption and decryption keys are known to bothcommunicating parties.
They are usually related and it is easy to derivethe decryption key once one knows the encryptionkey.
In most cases, they are identical. All of the classical (pre-1970) cryptosystems are
symmetric.
Examples : DES and AES (Rijndael)
A Secret should be shared (or agreed) between the
communicating parties.
-
7/30/2019 Lec1-Crypto Overview
14/2814
27
Asymmetric cryptography
Each user has a pair of keys which are generated togetherunder a scheme:
Private Key - known only to the owner
Public Key - known to anyone in the systems with assurance
Why public key cryptography ?
Key Distribution and Management is difficult inSymmetric Cryptoystems (DES, 3DES, IDEA, AES(Rijndael)over large networks.No Electronic Signature with symmetric ciphers
28
Examples of Public Key Cryptosystems are:
RSA Discrete Logarithm based cryptosystems.(El-Gamal) Elliptic Curve Cryptosystems
-
7/30/2019 Lec1-Crypto Overview
15/2815
29
Cryptographic hash functions
using 0 keys (the key is not a separateinput but appended to or mixed withthe data).
30
Cryptanalysisis the process of attempting to
discover the plaintext and / or the key.
2- Attacking CryptographyCryptanalysis
-
7/30/2019 Lec1-Crypto Overview
16/2816
31
Types of cryptanalytic attacks:
Ciphertext-Only Attack
ciphertext onlyOnly you know the algorithm and ciphertext.Statistical can identify plaintext
32
Known-Plaintext Attack
known plaintextYou only Know a copy of ciphertext and the
corresponding plaintext. Try to deduce the key.
-
7/30/2019 Lec1-Crypto Overview
17/28
-
7/30/2019 Lec1-Crypto Overview
18/2818
35
chosen textselect either plaintext or ciphertext toen/decrypt to attack cipher
Important directions in cryptanalysis:
-Computation of discrete logarithms-Factorization of large integers
36
-
7/30/2019 Lec1-Crypto Overview
19/2819
37
Attacks on protocols
Known-key attack: obtain some previouskeys and use the information to get the newones
Replay: the adversary records acommunication session and replays the
entire session or portions of it at a latertime
38
Impersonation: adversary assume theidentity of a legitimate user
Dictionary: the attacker has a list ofprobable passwords, hashes them andcompares with the entries in the list of trueencrypted passwords hoping to get a match
-
7/30/2019 Lec1-Crypto Overview
20/2820
39
3- How secure is secure?
In general, evaluating thesecurity of a system is a crucialand most difficult task.
40
Unconditionally secure systemIf the ciphertext does not contain enough
information to determine uniquely thecorresponding plaintext.Consequently, the attacker cannot find theplaintext regardless of how much time andcomputational power he has because theinformation is not there!
Bad news: only one known system has thisproperty: one-time pad
-
7/30/2019 Lec1-Crypto Overview
21/2821
41
How secure is secure? Contd.
Complexity-theoretic security
Consider a model of computation (e.g., Turingmachine) and adversaries modeled as havingpolynomial computational power
Consider the weakest possible assumptionsand the strongest possible attacker and doworst-case or at least average-case analysis
42
Provable securityProve that breaking the system is equivalent with
solving a supposedlydifficult (math) problem (e.g.,from Number Theory)
Computationally secureThe (perceived) cost of breaking the systemexceeds the value of the encrypted information.The (perceived) time required to break the systemexceeds the useful lifetime of the information
-
7/30/2019 Lec1-Crypto Overview
22/2822
43
The brute forceattacktries every possiblekey until it finds an intelligible plaintext: Every cryptographic algorithm can intheory be attacked by brute force On average, half of all possible keys willhave to be tried
Source: W. Stallings
Brute Force Attack
44
-
7/30/2019 Lec1-Crypto Overview
23/2823
45
How large are these numbers?
Source : Menezes et al.
46
Consider, a sender is encrypting plaintextmessages P1, P2,.. to ciphertext messagesC1, C2, ... Then the following properties ofthe encryption algorithm are of specialinterest:
Error Propagation, andSynchronization.
4- Properties of Encryption Algorithms
-
7/30/2019 Lec1-Crypto Overview
24/2824
47
Properties of Encryption AlgorithmsCtd.
Error propagationcharacterizes the effects of bit-errorsduring transmission of ciphertext toreconstructed plaintext P1, P2, ...
Depending on the encryption algorithm
there may be one or more erroneous bits inthe reconstructed plaintext per erroneousciphertext bit.
.
48
Synchronizationcharacterizes the effects of lost ciphertext
data units to the reconstructed plaintext.Some encryption algorithms can not recoverfrom lost ciphertext and need thereforeexplicit re-synchronization in case of lostmessages.Other algorithms do automatically re-synchronize after 0 to n (n depending on thealgorithm) ciphertext bits
-
7/30/2019 Lec1-Crypto Overview
25/2825
49
Encryption Algorithms can be classified according to:1- The type of operations used for transformingplaintext to ciphertext:Substitution, which maps each element in the plaintext(bit, letter, group of bits or letters) into anotherelementTransposition,which re-arranges elements in theplaintext
2- The number of keys used:Symmetric ciphers, which use the same key for en- /decryption.Asymmetric ciphers, which use different keys for en- /decryption.
.
5- Classification of Encryption Algorithms
50
Classification of Encryption Algorithms ctd.
3- The way in which the plaintext is processed:
Block ciphersIt work on blocks of width b, where bdepends on the used calgorithm
Stream ciphersItwork on bit streams and encrypt one bit after another:Many stream ciphers are based on the idea of linear feedbackshift registers, and there have been detected vulnerabilitiesof a lot of algorithms of this class, as there exists a profoundmathematical theory on this subject.
-
7/30/2019 Lec1-Crypto Overview
26/2826
51
6- Steganography
An alternative to encryption that :
It hides existence of message using only a subsetof letters/words in a longer message markedin some way such as:
using invisible ink
hiding in LSB in graphic image or sound file
Its basic drawbacks high overhead to hiderelatively few info bits.
52
Cryptographic Algorithms Examples
-
7/30/2019 Lec1-Crypto Overview
27/2827
53
7- Fundamental Cryptographic Applications
Confidentiality
Authentication
Integrity
Non-repudiation
Hiding the contents of the messages exchanged in a transaction
Ensuring that the origin of a message is correctly identified
Ensuring that only authorized parties are able to modifycomputer system assets and transmitted information
Requires that neither of the authorized parties deny theaspects of a valid transaction
54
Other Cryptographic Applications
Digital Signatures: allows electronically sign (personalize)the electronic documents, messages and transactionsIdentification: is capable of replacing password-basedidentification methods with more powerful (secure) techniques.Key Establishment: To communicate a key to yourcorrespondent (or perhaps actually mutually generate it withhim) whom you have never physically met before.Secret Sharing: Distribute the parts of a secret to a groupof people who can never exploit it individually.E-commerce: carry out the secure transaction over an insecurechannel like Internet. E-cash Games
-
7/30/2019 Lec1-Crypto Overview
28/28
55
Almost all of the practical cryptosystemsare theoretically breakable given the timeand computational resources However, there is one system which is eventheoreticallyunbreakable: One-time-pad.
A final Word