Sie sind auf Seite 1von 72
Goals of this lecture: to introduce basic concepts & terminology of encryption to prepare us

Goals of this lecture:

to introduce basic concepts & terminology of encryption to prepare us for studying modern cryptography

this lecture: to introduce basic concepts & terminology of encryption to prepare us for studying modern

SCYTALESCYTALE ,, isis anan exampleexample forfor aa reallyreally oldold techtech thatthat waswas

useusedd ttoo cciipphherer (encryp(encryptt)) iinnfformaormatitionon

operationoperation isis soso simplesimple

windwind itit overover aa roderode likelike thethe picturepicture ,, writewrite thethe clearclear datadata onon tthhee lleateathherer overover tthhee rorodd anandd tthhenen unwunwiinndd iitt

ThThee concepconceptt ooff

GetGet aa longlong stripstrip ofof leatherleather andand

ff GetGet aa longlong stripstrip ofof leatherleather andand “ “ HELP HELP ME ME I I

HELPHELP MEME II AMAM UNDERUNDER ATTACKATTACK willwill bebe "HENTEIDTLAEAPMRCMUAK“ , andand itit totallytotally dependsdepends onon thethe diameterdiameter ofof thethe rodrod ,, whichwhich isis thethe keykey toto decipherdecipher thethe messagemessage

diameterdiameter ofof thethe rodrod ,, whichwhich isis thethe keykey toto decipherdecipher thethe messagemessage
Plaintext: original message to be encrypted Ciphertext: the encrypted message E nc i p h

Plaintext: original message to be encrypted

Ciphertext: the encrypted message

Enciphering or encryption: the process of converting plaintext into ciphertext

Encryption algorithm: performs encryption

o Two inputs: a plaintext and a secret key

plaintext into ciphertext Encryption algorithm: per f orms encryption o Two inputs: a plaintext and a

3

Deciphering or decryption: recovering plaintext from ciphertext

Decryption algorithm: performs decryption

o Two inputs: ciphertext and secret key

Secret key: same key used for encryption and decryption

o Also referred to as a symmetric key

secret key Secret key: same k ey use d f or encrypt i on and decryption

4

Cipher or cryptographic system : a scheme for encryption and decryption

Cryptography: science of studying ciphers

Cryptanalysis: science of studying attacks against cryptographic systems

Cryptology: cryptography + cryptanalysis

science of studying attacks aga i ns t cryp tograp hi c sys t ems Cryptology:

5

Sy mmetric ci p her: same ke y used for encryption and decryption o Block

Symmetric cipher: same key used for encryption and decryption

o Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits)

o Stream cipher: encrypts data one bit or one byte at a time

Asymmetric cipher: different keys used for encryption and decryption

encrypts data one bit or one byte at a time Asymmetric cipher: different keys used for

6

or conventional / secret-key / single-key sender and recipient share a common key all classical

or conventional / secret-key / single-key sender and recipient share a common key all classical encryption algorithms are symmetric

The only type of ciphers prior to the invention of asymmetric-key ciphers in

1970s

by far most widely used

Th e on l y type o f ciph ers pr ior to th e invention

7

Goal: Confidentiality Ali ce “My account number is 485853 and my PIN is 4984 ”

Goal: Confidentiality

Ali ce

Goal: Confidentiality Ali ce “My account number is 485853 and my PIN is 4984 ” Eve

“My account number is 485853 and my PIN is 4984

ce “My account number is 485853 and my PIN is 4984 ” Eve Bob Message “
ce “My account number is 485853 and my PIN is 4984 ” Eve Bob Message “

Eve

Bob
Bob

Message “sent in clear”: Eve can overhear Encryption unintelligible to Eve; only Bob can decipher with his secret key (shared w/ Alice)

Eve can overhear Encryption unintelligible to Eve; only Bob can deci p her with his secret
Eve can overhear Encryption unintelligible to Eve; only Bob can deci p her with his secret
Notations mathematically: Y = E ( X ) X K = D K ( Y

Notations mathematically:

Y = E (X)

X

K

= D K (Y)

or

or

Y = E(K , X) X = D(K, Y)

X = plaintext Y = ciphertext K = secret key

E = encryption algorithm D = decryption algorithm D is the inverse of E

Both E and D are known to public

E = encryption algorithm D = decryption algorithm D i s th e i nverse o
E = encryption algorithm D = decryption algorithm D i s th e i nverse o

9

Alice M C E K1 (M) D K2 (C) K1 K2 M Bob M –

Alice

M C E K1 (M) D K2 (C) K1 K2
M
C
E
K1 (M)
D K2 (C)
K1
K2

M

Alice M C E K1 (M) D K2 (C) K1 K2 M Bob M – message

Bob

M – message K1 encryption key E K1 (M) – message M is encrypted using key K1

C – ciphertext K2 – decryption key

If K1=K2 this is symmetric (secret key) encryption

D K2 (C) – ciphertext C is decrypted using key K2

D K 2 (C) – ciphertext C is decrypted using key K2 If K1 ≠ K2
D K 2 (C) – ciphertext C is decrypted using key K2 If K1 ≠ K2

If K1K2 this is asymmetric (public key) encryption

Alice encrypts (algorithm F ) a message ( m ) with the same ke y

Alice encrypts (algorithm F) a message (m) with the same key (k) that Bob uses to decrypt.

Alice Bob 1. Construct m 2. Compute c= F(m,k) c 3. Send c to Bob
Alice
Bob
1. Construct m
2. Compute c= F(m,k)
c
3. Send c to Bob
4. Receive c from Alice
5. Compute d=F -1 (c,k)
6
. m =
d

Eve can see c, but cannot compute m because k is only known to Alice and Bob

5. Compute d=F -1 (c,k) 6 . m = d Eve can see c , but
5. Compute d=F -1 (c,k) 6 . m = d Eve can see c , but
Objective : to recover the plaintext of a ciphertext or, more typica ll y, to

Objective: to recover the plaintext of a ciphertext or, more typically, to recover the secret key.

Kerkhoff’s principle: the adversary knows all details about a cryptosystem except the secret key.

Two general approaches:

o brute-force attack o non-brute-force attack (cryptanalytic attack)

the secret key . Two general approaches: o brute-force attack o non-brute-force attack (cryptanalytic attack) 12

12

Try every key to decipher the ciphertext. On average , need to try half of

Try every key to decipher the ciphertext. On average, need to try half of all possible keys Time needed proportional to size of key space

Key Size (bits)

 

Number of Alternative Keys

 

Time required at 1 decryption/µs

Time required at 10 6 decryptions/µs

32

2 32

= 4.3 × 10 9

 

2 31 µs

= 35.8 minutes

2.15 milliseconds

56

2

56

= 7.2 × 10

16

2

55

µs

= 1142 years

10.01

h

ours

128

2 128

= 3.4 × 10 38

2 127 µs years

= 5.4 × 10 24

5.4

× 10 18 years

168

2 168

= 3 7 × 10 50

.

2 167 µs years

= 5 9 × 10 36

.

5 9 × 10 30 years

.

26 characters (permutation)

26! = 4 × 10 26

 

2 × 10 26 µs = 6.4 × 10 12 years

6.4

× 10 6 years

26! = 4 × 10 2 6   2 × 10 2 6 µs = 6.4
26! = 4 × 10 2 6   2 × 10 2 6 µs = 6.4

13

Ma y be classified b y how much information needed by the attacker: o Ciphertext-only

May be classified by how much information needed by the attacker:

o Ciphertext-only attack o Known-plaintext attack o Chosen-plaintext attack o Chosen-ciphertext attack

attacker: o Ciphertext-only attack o Known-plaintext attack o Chosen-plaintext attack o Chosen-ciphertext attack 14

14

Given: a ciphertext c Q: what is the plaintext m ? An encryption scheme is

Given: a ciphertext c Q: what is the plaintext m?

An encryption scheme is completely insecure if it cannot resist ciphertext-only attacks.

is the plaintext m ? An encryption scheme is completely insecure if it cannot resist ciphertext-only

15

Alice M C E K (M) D K (C) K K Eve Cyph er t

Alice

M C E K (M) D K (C) K K
M
C
E K (M)
D K (C)
K
K

Eve

Cyphertext-only attack:

M

K (M) D K (C) K K Eve Cyph er t ex t -on ly att

Bob

Eve can gather and analyze C’s to learn K How does Eve know she got the right key? Eve has to have enough ciphertext

can gather and analyze C’s to learn K How does Eve know she g ot the
Given: (m 1 ,c 1 ), (m 2 ,c 2 ), …, (m k ,c

Given: (m 1 ,c 1 ), (m 2 ,c 2 ), …, (m k ,c k ) and a new ciphertext c.

Q: what is the plaintext of new ciphertext c?

Q: what is the secret key in use?

a new ciphertext c . Q: what is the plaintext of new ciphertext c ? Q

17

Alice M C E K (M) D K (C) K K Eve M Bob Known-plaintext

Alice

M C E K (M) D K (C) K K Eve
M
C
E K (M)
D K (C)
K
K
Eve

M

Alice M C E K (M) D K (C) K K Eve M Bob Known-plaintext attack

Bob

Known-plaintext attack:

Eve can attempt to learn K by observing many ciphertexts C for known messages M

How does Eve obtain the plaintext?

: Eve can attempt to learn K by observing many ciphertexts C for known messages M
Given: (m 1 ,c 1 ) , (m 2 ,c 2 ) , …, (m

Given: (m 1 ,c 1 ), (m 2 ,c 2 ), …, (m k ,c k ), where m 1 , m 2 , …, m k are chosen by the adversary; and a new ciphertext c.

Q: what is the plaintext of c, or what is the secret key?

chosen by the adversary; and a new ciphertext c . Q : what is the p

19

Alice M C E K (M) D K (C) K K Mallory M Bob Chosen-plaintext

Alice

M C E K (M) D K (C) K K Mallory
M
C
E K (M)
D K (C)
K
K
Mallory

M

Alice M C E K (M) D K (C) K K Mallory M Bob Chosen-plaintext attack

Bob

Chosen-plaintext attack: Mallory can feed chosen messages M into encryption algorithm and look at resulting ciphertexts C. Learn either K or messages M that produce C. Assumption is that extremely few messages M can produce same C.

C. Learn either K or messages M that produce C. Assumption is that extremely few messages
C. Learn either K or messages M that produce C. Assumption is that extremely few messages
In 1942, US Navy cryptanalysts discovere d that Japan was planning an attack on “

In 1942, US Navy cryptanalysts discovered that Japan was planning an attack on “AF.

They believed that “AF” means Midway island. Pentagon didnt think so.

US forces in Midway sent a plain message that their freshwater supplies were low.

Shortly, US intercepted a Japanese ciphertext saying that AFwas low on water.

This proved that “AF” is Midway.

a Japanese ciphertext saying th at “ AF ” was l ow on wa t er.
a Japanese ciphertext saying th at “ AF ” was l ow on wa t er.

21

Given: (m 1 ,c 1 ), (m 2 ,c 2 ), …, (m k ,c

Given: (m 1 ,c 1 ), (m 2 ,c 2 ), …, (m k ,c k ), where

c 1 ,

c 2 , …, c k are chosen by the adversary; and a

new ciphertext c.

Q: what is the plaintext of c, or what is the secret key?

k are chosen by the adversary; and a new ciphertext c . Q: what is the

22

Alice M C E K (M) D K (C) K K Mallory M Bob Man-in-the-middle

Alice

M C E K (M) D K (C) K K Mallory
M
C
E K (M)
D K (C)
K
K
Mallory

M

Alice M C E K (M) D K (C) K K Mallory M Bob Man-in-the-middle attack

Bob

Man-in-the-middle attack:

o

o

Mallory can substitute messages Mallory can modify messages o So that they have different meaning o So that they are scrambled Mallory can drop messages Mallory can replay messages to Alice, Bob or the third party

o

they are scrambled Mallory can drop messages Ma ll ory can rep l ay messages t
o
o
M C M Alice Bob E K (M) D K (C) K K Eve k
M C M Alice Bob E K (M) D K (C) K K Eve k
M
C
M
Alice
Bob
E K (M)
D K (C)
K
K
Eve
k
Eve has caught a ciphertext and will try every possible
key to try to decrypt it.
B
ru e- orce a
t
f
tt
ac
:

This can be made infinitely hard by choosing a large keyspace.

to try to decrypt it. B ru e- orce a t f tt ac : This
to try to decrypt it. B ru e- orce a t f tt ac : This
Plaintext is viewed as a sequence of el ements (e.g., bi ts or ch aracters

Plaintext is viewed as a sequence of elements (e.g., bits or characters) Substitution cipher: replacing each element of the plaintext with another element. Transposition (or permutation) cipher:

rearranging the order of the elements of the plaintext. Product cipher: using multiple stages of substitutions and transpositions

order of the elements of the plaintext. Product cipher: using multiple stages of substitutions and transpositions

25

Substitution o Goal: obscure relationship between plaintext and ciphertext o Substitute parts of plaintext with

Substitution

o Goal: obscure relationship between plaintext and ciphertext o Substitute parts of plaintext with parts of ciphertext

Transposition (shuffling)

o Goal: dissipate redundancy of the plaintext by spreading it over ciphertext o This way changing one bit of plaintext affects many bits of the ciphertext (if we have rounds of encryption)

is way c h anging one b it o f p l aintext a ff ects
Earliest known substitution cipher Invented by Julius Caesar Each letter is replaced by the letter

Earliest known substitution cipher

Invented by Julius Caesar

Each letter is replaced by the letter K positions further down the alphabet. (e.g. K=3)

Plain:

a b c d e f g h i

j

k

l m n o

p q r s t

u v w x y z

Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Example: ohio state RKLR VWDWH

D E F G H I J K L M N O P Q R S

HELLO becomes KHOOR

D E F G H I J K L M N O P Q R S

27

Mathematically, map letters to numbers: a, b, c, 0, 1, 2, , x, , 23,

Mathematically, map letters to numbers:

a, b, c, 0, 1, 2,

, x,

, 23, 24, 25

y,

z

Then the general Caesar cipher is:

c = E K (p) = (p + k) mod 26 p = D K (c) = (c k) mod 26

Can be generalized with any alphabet.

K ( p ) = ( p + k ) mo d 26 p = D

28

Key space: I nstea d of us i ng num b er k=3 we cou

Key space:

Instead of using number k=3 we could use k [1,25]. K would be our key

{0, 1,

25}

,

How can we break this cipher?

o Vulnerable to brute-force attacks.

E.g., break ciphertext "UNOU YZGZK“

Need to recognize it when have the plaintext

What if the plaintext is written in Swahili?

"UNOU YZGZK“ Need to recognize it when have the plaintext What if the plaintext is written
"UNOU YZGZK“ Need to recognize it when have the plaintext What if the plaintext is written

29

W e can a l so c h oose a mapp ing f or eac

We can also choose a mapping for each letter

(A

(H

Z) : for example,

is A, E is M, L is K, O is Y).

This mapping would be our key. This is monoalphabetic cipher.

o HELLO becomes AMKKY

Monoalphabetic: each character is replaced with another character How can we break this cipher? frequency of symbols stays the same and can be used to break the cipher

How can we break this cipher? f requency o f sym bol s stays t h
How can we break this cipher? f requency o f sym bol s stays t h
Shuffle the letters and map each plaintext l etter to a di ff erent ran

Shuffle the letters and map each plaintext letter to a different random ciphertext letter:

Plain letters:

ab cd efghi

jk lmno pq r s t uvw xyz

Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

What does a key look like?

Plaintext: i f we wish to re p lace letters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA What does a key

31

Now we have a total of 26! = 4 x 10 2 6 keys .

Now we have a total of 26! = 4 x 10 26 keys.

With so many keys, it is secure against brute-force attacks.

But not secure against some cryptanalytic attacks.

Problem is language characteristics.

brute - force attacks . But not secure against some cryptanalytic attac k s. Problem is

32

Human languages are not random. Letters are not equally frequently used. I n E ng

Human languages are not random.

Letters are not equally frequently used.

In English, E is by far the most common letter, followed by T, R, N, I, O, A, S.

Other letters like Z, J, K, Q, X are fairly rare.

There are tables of single, double & triple letter frequencies for various languages

K, Q, X are fairly rare. There are tables of single, double & tri p le

33

34
34

34

In decreasing order of frequency Double letters: th he an in er Triple letters: the

In decreasing order of frequency

Double letters:

th

he

an

in

er

Triple letters:

the

and

ent

ion

re

tio

es

for

on,

nde, …

order of frequency Double letters: th he an in er Triple letters: the and ent ion

35

Key concept : o monoalphabetic substitution does not change relative letter frequencies To attack, we

Key concept:

o monoalphabetic substitution does not change relative letter frequencies

To attack, we

o calculate letter frequencies for ciphertext o compare this distribution against the known one

To attack, we o calculate letter fre q uencies for ciphertext o compare this distribution against

36

Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

Given ciphertext:

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies (see next page) Guess {P, Z} = {e, t} Of double letters, ZW has highest frequency, so guess ZW = th and hence ZWP = the Proceeding with trial and error finally get:

it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow

that several informal but direct contacts have been made with political representatives of the viet cong

37

P 13 33 . H 5 83 . F 3 33 . B 1 67

P

13 33

.

H

5 83

.

F

3 33

.

B

1 67

.

C

0 00

.

Z

11.67

D

5.00

W 3.33

G

1.67

K

0.00

S

8 33

E

5 00

Q

2 50

Y

1 67

L

0 00

.

.

.

.

.

U

8.33

V

4.17

T

2.50

I

0.83

N

0.00

O

7.50

X

4.17

A

1.67

J

0.83

R

0.00

M

6.67

       
O 7. 50 X 4. 17 A 1. 67 J 0. 83 R 0. 00 M

38

Not even the large number of keys in a monoal p habetic ci p her

Not even the large number of keys in a monoalphabetic cipher provides security.

One approach to improving security is to encrypt multiple letters at a time.

The Playfair Cipher is the best known such cipher.

Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.

is the best known such ci p her. Invented by Charles Wheatstone in 1854, but named

39

Use a 5 x 5 matrix. Fill in letters of the key (w/o duplicates). Fill

Use a 5 x 5 matrix. Fill in letters of the key (w/o duplicates). Fill the rest of matrix with other letters. E.g., key = MONARCHY.

MM OO NN AA RR CC HH YY BB DD EE FF GG I/JI/J KK
MM
OO
NN
AA
RR
CC
HH
YY
BB
DD
EE
FF
GG
I/JI/J
KK
LL
PP
QQ
SS
TT
UU
VV
WW
XX
ZZ

40

Plaintext is encrypted two letters at a time. 1. If a pair is a repeated

Plaintext is encrypted two letters at a time.

1. If a pair is a repeated letter, insert filler like 'X’.

2. If both letters fall in the same row, replace each with the letter to its right (circularly).

3. If both letters fall in the same column, replace each with the the letter below it (circularly).

4. Otherwise, each letter is replaced by the letter in the same row but in the column of the other letter of the pair.

Otherwise, each letter is replaced by the letter in the same row but in the column
Otherwise, each letter is replaced by the letter in the same row but in the column

41

Equivalent to a monoalphabetic cipher with an a lphabet o f 26 x 26 =

Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters.

Security is much improved over the simple monoalphabetic cipher.

Was widely used for many decades

o eg. by US & British military in WW1 and early WW2

Once thought to be unbreakable.

Actually, it can be broken, because it still leaves some structure of plaintext intact.

thought to be unbreakable. Actually, it can be broken, because it still leaves some structure of

42

Keyword “Infosec” I / J N F O S ECABD GHKLM P Q R T

Keyword “Infosec”

I / J N F O S ECABD GHKLM P Q R T U VWXY
I / J
N F
O S
ECABD
GHKLM
P
Q
R
T
U
VWXY
Z

43

Rules recall: o Group plaintext letters two at a time o Separate repeating letters with

Rules recall:

o Group plaintext letters two at a time

o Separate repeating letters with an x

o Take a pair of letters from plaintext

o Plaintext letters in the same row are replaced by letters to the right (cyclic manner)

o Plaintext letters in the same column are replaced by letters below (cyclic manner)

o Plaintext letters in different row and column are replaced by the letter in the row corresponding to the column of the other letter and vice versa

column are replaced by the letter in the row corresponding to the column of the other
column are replaced by the letter in the row corresponding to the column of the other

44

E.g., Plaintext: “CRYPTO IS TOO EASY” Keyword is “INFOSEC” Grouped text: CR YP TO IS

E.g., Plaintext: “CRYPTO IS TOO EASY”

Keyword is “INFOSEC”

Grouped text: CR YP TO IS TO XO EA SY

Ciphertext:

AQ VT YB NI YB YF CB OZ

To decrypt, the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the same rules as for encryption

the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the same
the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the same

45

A sequence of monoalphabetic ciphers (M 1 , M 2 , M 3 , ,

A sequence of monoalphabetic ciphers (M 1 ,

M 2 , M 3 ,

, M k ) is used in turn to encrypt

letters. A key determines which sequence of ciphers to use.

Each plaintext letter has multiple corresponding ciphertext letters.

This makes cryptanalysis harder since the letter frequency distribution will be flatter.

ciphertext letters. This makes cryptanalysis harder since the letter frequency distribution will be flatter. 46
ciphertext letters. This makes cryptanalysis harder since the letter frequency distribution will be flatter. 46

46

Simplest and most common polyalphabetic substitution cipher Consider the set of all Caesar ciphers: {

Simplest and most common polyalphabetic substitution cipher Consider the set of all Caesar ciphers:

{ C a , C b , C c ,

, C z }

Key: e.g. security Encrypt each letter using C s , C e , C c , C u , C r , C i , C t , C y in turn.

Repeat from start after C y . Decryption simply works in reverse.

, C i , C t , C y in turn. Repeat from start after C

47

E.g., Message = SEE ME IN MALL Take keyword as INFOSEC Vigenère cipher works as

E.g., Message = SEE ME IN MALL Take keyword as INFOSEC Vigenère cipher works as follows:

S E E M E I

N M A L L

I N F O S E C

I

N F O

-------------------------------------

A R J A W M P U N Q Z

as follows: S E E M E I N M A L L I N F

49

To decrypt, the receiver places the keyword ch arac t ers bel ow eac h

To decrypt, the receiver places the keyword characters below each ciphertext character

Using the table, choose the row corresponding to the keyword character and look for the ciphertext character in that row

Plaintext character is then at the top of that column

character and look for the ciphertext character in that row Plaintext character is then at the

50

Decryption of ciphertext: A R J A W M P U N Q Z I

Decryption of ciphertext:

A

R J

A W M P U N Q Z

I

N F O

S

E C

I

N F O

----------------------------------

S

E

E M E I N

M A L L

Best feature is that same plaintext character is substituted by different ciphertext characters (i.e., polyalphabetic)

feature is that same plaintext character is substituted by different ciphertext characters (i .e ., polyalphabetic

51

Keyword: deceptive key: plaintext: w e aredisc o v eredsa v e yourself ciphertext: Z

Keyword: deceptive

key:

plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

deceptivedeceptivedeceptive

e aredisc o v eredsa v e yourself ciphertext: Z I CVTWQNG R Z GVTWAVZ H

52

There are multiple (how many?) ciphertext letters corresponding to each plaintext letter . So, letter

There are multiple (how many?) ciphertext letters corresponding to each plaintext letter.

So, letter frequencies are obscured but not totally lost.

To break Vigenere cipher:

1. Try to guess the key length. How?

2. If key length is N, the cipher consists of N Caesar

ciphers.

2N+k, 3N+k, etc., are encoded by the same cipher.

Plaintext letters at positions k, N+k,

3.

Attack each individual cipher as before.

are encoded by the same cipher. Plaintext letters at positions k , N+k , 3. Attack
are encoded by the same cipher. Plaintext letters at positions k , N+k , 3. Attack

53

Main idea: Plaintext words separated by mu l t i p l es of t

Main idea: Plaintext words separated by multiples of the key length are encoded in the same way. In our example, if plaintext = “…thexxxxxxthe…” then thewill be encrypted to the same ciphertext words.

So look at the ciphertext for repeated patterns. E.g. repeated “VTW” in the previous example suggests a key length of 3 or 9:

ciphertext:

ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Of course, the repetition could be a random fluke.

key length of 3 or 9: c iph ertext: ZIC VTW QNGRZG VTW AVZHCQYGLMGJ Of course,
key length of 3 or 9: c iph ertext: ZIC VTW QNGRZG VTW AVZHCQYGLMGJ Of course,

54

Before modern ciphers, rotor machines were most common comp l ex cip h ers in

Before modern ciphers, rotor machines were most common complex ciphers in use.

Widely used in WW2.

Used a series of rotating cylinders.

Implemented a polyalphabetic substitution cipher of period K.

With 3 cylinders, K = 26 3 =17,576.

With 5 cylinders

What is a key?

, K = 26 5 =12 x 10 6 .

o If the adversary has a machine o If the adversary doesnt have a machine

, K = 2 6 5 =12 x 1 0 6 . o If the adversary
, K = 2 6 5 =12 x 1 0 6 . o If the adversary

55

56

56

57
57

57

58
58

58

59
59

59

Also called permutation ciphers. Shuffle the plaintext, without altering the actual letters used. Example: Row

Also called permutation ciphers.

Shuffle the plaintext, without altering the actual letters used. Example: Row Transposition Ciphers

ciphers. Shuffle the plaintext, without altering the actual letters used. Example: Row Transposition Ciphers 60

60

Plaintext is written row by row in a rectangle. Ciphertext : write out the columns

Plaintext is written row by row in a rectangle.

Ciphertext: write out the columns in an order specified by a key.

a

t

t

a

ckp

o

s

t

p

one

d

u

n

t

ilt

w

o

a

m

xyz

Key: 3 4 2

1

5 6

7

Plaintext:

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

n t ilt w o a m xyz Key: 3 4 2 1 5 6 7
n t ilt w o a m xyz Key: 3 4 2 1 5 6 7

61

Uses a sequence of substitutions and transpositions o Harder to break than just substitutions or

Uses a sequence of substitutions and transpositions

o Harder to break than just substitutions or transpositions

This is a bridge from classical to modern ciphers.

o Harder to break than just substitutions or tran spos itions This is a bridge from

62

A cipher is unconditionally secure if it is secure no matter how much resources (time,

A cipher is unconditionally secure if it is secure no matter how much resources (time, space) the attacker has.

A cipher is computationally secure if the best algorithm for breaking it will require so much resources (e.g., 1000 years) that practically the cryptosystem is secure.

All the ciphers we have examined are not unconditionally secure.

) th at practically the cryptosystem is secure. All the ciphers we have examined are not
) th at practically the cryptosystem is secure. All the ciphers we have examined are not

63

Vernam’s one-time pad cip her • Key = • • kkkk K (random, used one-time

Vernam’s one-time pad cip her

Key =

kkkk K

(random,

used one-time only

1234

Plaintext = mmmm K

1234

Ciphertext = cccc

1234

K

where cmk=

i

ii

)

Can be proved to be unconditionally secure.

= mmmm K 1234 Ciphertext = cccc 1234 K ⊕ where cmk = i ii )

64

Hide a message in another messag e. E.g., hide your plaintext in a graphic image

Hide a message in another message. E.g., hide your plaintext in a graphic image

o Each pixel has 3 bytes specifying the RGB color o The least significant bits of pixels can be changed w/o greatly affecting the image quality o So can hide messages in these LSBs

Advantage: hiding existence of messages Drawback: high overhead

o So can hide messages in these LSBs Advantage: hiding existence of messages Drawb ac k

65

• Take a 640x480 (=30,7200) pixel image. • Using only 1 LSB , can hide

Take a 640x480 (=30,7200) pixel image.

Using only 1 LSB, can hide 115,200 characters

Using 4 LSBs, can hide 460,800 characters.

pixel image. • Using only 1 LSB , can hide 115 , 200 characters • Using

66

An actual message from a German spy o read second letter in each word “A

An actual message from a German spy

o read second letter in each word

“Apparently, neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affect pretext for embargo on by products, ejecting suets and vegetable oils.

“Pershing Sails from NY June 1”

o n b y p r oducts, e j ecting s u ets a n d

67

Have consi de r ed : o classical cipher techniques and terminology o monoalphabetic substitution

Have considered:

o classical cipher techniques and terminology o monoalphabetic substitution ciphers o cryptanalysis using letter frequencies o Playfair cipher o polyalphabetic ciphers o transposition ciphers o product ciphers and rotor machines o stenography

o polyalphabetic ciphers o transpos i t i on c i p h ers o product
o polyalphabetic ciphers o transpos i t i on c i p h ers o product

68

50 B.C. Julius Caesar uses cryptographic technique 400 A.D. Kama Sutra in India mentions cr

50 B.C. Julius Caesar uses cryptographic technique 400 A.D. Kama Sutra in India mentions cryptographic techniques 1250 British monk Roger Bacon describes simple ciphers

1466

Leon Alberti develops a cipher disk Union forces use a cipher during

1861 Civil War

simple ciphers 1466 Leon Alberti develops a cipher disk Uni on f orces use a c

69

1914 World War I – British, French, and 1917 German forces use encr yp tion

1914

World War I – British, French, and

1917

German forces use encryption technology William Friedman, Father of U.S.

1917

encryption efforts starts a school for teaching cryptanalysis in Illinois AT&T employee Gilbert Vernam

invents polyalphabetic cipher 1919 Germans develop the Engima machine for encryption

Gilbert Vernam invents polyalphabetic cipher 1919 Germans d eve l op th e E ng i

70

1937 Japanese design the Purple 1942 machine for encr yp tion Navajo windtalkers help with

1937

Japanese design the Purple

1942

machine for encryption Navajo windtalkers help with secure

1948

communication during World War II Claude Shannon develops statistical

1976

methods for encryption/decryption IBM develops DES

1976

Diffie – Hellman develop public key /

1977

private key cryptography Rivest – Shamir – Adleman develop the RSA algorithm for public key / private

key

key cryptography Rives t – Sh am i r – Adl eman d eve l op
key cryptography Rives t – Sh am i r – Adl eman d eve l op

71

Outline S y llabus o Concept of Secure Computing , Domain of Protection , Social

Outline Syllabus

o Concept of Secure Computing, Domain of Protection, Social Engineering, Attacks and Defenses, Defining Security Policy, Classical Ciphers, Encryption and Decryption, Symmetric and Asymmetric Ciphers, Operating System Holes, Application Security (Web, e-mail, Databases), Viruses, Privacy, and Digital Rights Management, Intrusion Detection Systems, Secure Protocols, Security of Middleware, Software Protection, Web Security and Wireless Network Security.

Secure Protocols , Securit y of Middleware , Software Protection, Web Security and Wireless Network Security.

72