Cryptography

Stephen S. Yau

CSE465-591 Fall 2006

Cryptography

In Greek means secret writing An outsider (interceptor/intruder/adversary) can make following threats:
Block message (affecting availability) Intercept message (affecting secrecy) Modify message (affecting integrity) Fabricate message (affecting integrity)

Cryptography is the fundamental technique to counter these threats because the outsider does not understand the meaning of messages
CSE465-591 Fall 2006

Stephen S. Yau

T1: ch8.1 T2: ch9.1

Cryptography (cont.)

Cryptography: Study of mathematical techniques

related to certain aspects of information security, such as confidentiality, data integrity, entity authentication, and data origin authentication.

The basic component of cryptography is a cryptosystem

Cryptanalyst: Person working for unauthorized

interceptor or receiver

Cryptographer: Person working for legitimate sender

Cryptology: Study of encryption and decryption,

including cryptography and cryptanalysis.
CSE465-591 Fall 2006

Stephen S. Yau

Cryptosystem

A cryptosystem is a 5-tuple (, D, M, K, C), where M is the set of plaintexts, K is the set of keys, C is the set of ciphertexts, : KC is the set of encipher (encryption) functions, and D: C KM is the set of deciphering (decryption) functions.
Plaintext M: set of messages in original form Ciphertext C: set of messages in encrypted form

Stephen S. Yau

CSE465-591 Fall 2006

Cryptosystem (cont.)

Encryption: Process of encoding (enciphering) a

message so that its meaning is not obvious. Provide confidentiality Principle of Encryption
Very

hard (impossible) to find out the message without knowing the key Very easy (and fast) to find out the message knowing the key

Decryption: Process of decoding (deciphering or

transforming) an encrypted message to its original form.

Stephen S. Yau

CSE465-591 Fall 2006

Types of Cryptosystems

Symmetric cryptosystems (also called single-key cryptosystems) are classical cryptosystems: M = D(K, E(K, M))

The encryption key and decryption key are the same.

Asymmetric cryptosystem: M = D(Kd, E(Ke, M))

Kd is the decryption key and Ke is the encryption key Kd Ke T1: ch8.2

T2: ch9.2

Stephen S. Yau

CSE465-591 Fall 2006

One-Time Pad

One-Time Pad (OTP) is the only mathematically secure cryptosystem.

Mathematical Security: using theory of statistics and

probability, the ciphertext C generated by the encryption algorithm E has been proven to be undecipherable, except using the right decryption algorithm D.

OTP uses a symmetric key, which should be statistically proven to be random T1: ch8.2.2
T2: ch9.2.2

Message
10010110

Cipher
10111101

Cipher
10111101

Message
10010110

Key 00101011 Sender

Key 00101011 Receiver

7

One Time Pad (cont.)

A and B wish to communicate privately using the one-time pad (it uses a symmetric key K) They have previously agreed upon secret key K which is a string of n randomly chosen bits If A wishes to send an n-bit message M to B, A sends to B the ciphertext C = M XOR K, The received ciphertext can be decrypted by B to obtain M, since M = C XOR K. When another message is to be sent, another key K must be used, hence the name onetime pad
CSE465-591 Fall 2006 8

Stephen S. Yau

Difficulties of OTP
To ensure the security of the system, key size should not be less than message size (not necessary for other cryptosystems) Generating a fully random key is practically very difficult Sending an unrepeated key with the same size of the message through a secure channel to the receiver is not practical

Stephen S. Yau CSE465-591 Fall 2006 9

Computational Security

An encryption scheme is computationally secure if it takes exponentially long time to break the ciphertext. Lifetime of a cryptosystem: The minimum time for unauthorized decoding of encrypted message Defined for each application, Examples:
Military

orders = 1 hour to 3 years Check transactions = 1 year Business agreements = 10-15 years
Stephen S. Yau CSE465-591 Fall 2006 10

Classical Cryptography

Basic techniques for classical ciphers Substitution: One letter is exchanged for another Transposition: The order of the letters is rearranged Classical ciphers Mono-alphabetic: Letters of the plaintext alphabet are mapped into other unique letters Poly-alphabetic: Letters of the plaintext alphabet are mapped into letters of the ciphertext space depending on their positions in the text Stream: Key stream is generated and used to encrypt the plaintext (Symmetric Key Algorithms)
CSE465-591 Fall 2006 11

Stephen S. Yau

Substitution

Substitute each letter in the plaintext for another one Goal: Confusion difficult to determine how a message and key were transformed into ciphertext. Example (Caesar Cipher)
a

bcdefghijklmnopqrstuvwxyz q e r y u i o p a s d f g w h j k l z x c v b n m t

under attack we need help cwyul qxxqrd bu wuuy pufj

T1: ch8.2.2 T2: ch9.2.2
Stephen S. Yau CSE465-591 Fall 2006 12

Transposition

Change the positions of the characters in the plaintext Goal: Diffusion spread the information from the message or the key across the ciphertext. Example: message: meet me after the toga party m e m a t r h t g p r y e t e f e t e o a a t
Ciphertext:

MEMATRHTGPRYETEFETEOAAT
T1: ch8.2.1 T2: ch9.2.1

Stephen S. Yau

CSE465-591 Fall 2006

13

Four Secure Key Distribution Strategies for Symmetric Cryptosystems

1. A key K can be selected by A to be shared with B,
and K needs to be physically delivered to B 2. A third party can select the same key K and physically deliver K to A and B 3. If A and B have previously used a key K, one party can transmit the new key K to the other, encrypted using the old key K 4. If A and B each has an encrypted connection to a third party C, C can transmit the new key K on the encrypted links to both A and B
Stephen S. Yau CSE465-591 Fall 2006 14

Asymmetric Key Cryptosystem

(Public Key Cryptosystem)

Uses public and private keys Public key for encryption Private key for decryption Examples: RSA Trapdoor one-way function Elliptical curve cryptography
CSE465-591 Fall 2006

T1: ch8.3 T2: ch9.3

15

Stephen S. Yau

RSA Principle

Developed by Ron Rivest, Adi Shamir, and Leonard Adleman. (MIT, 1977)

C = me mod (pq)
q: any two large prime numbers (more than 512 bits) e: public key d: private key Knowing C and e, it is infeasible to calculate m without knowing d, p and q Knowing d, p and q, it is easy to find the original plaintext message m = Cd mod (pq) T1: ch8.3.1
T2: ch9.3.2
Stephen S. Yau CSE465-591 Fall 2006 16

p,

RSA Principle (cont.)

{m, e, p, q; C= me mod(pq)} {C, e, p, q; m=Cd mod(pq)} C

Sender

Receiver

Intruder

{C, e}

Stephen S. Yau

CSE465-591 Fall 2006

17

Public Key Distribution and Authentication

Using the Right Public Key: Must be authentic, not necessarily secret Obtaining the Right Public Key: Directly from its owner Indirectly, in a signed message from a Certification Authority (CA): A Certificate is a digitally signed message from a CA binding a public key to a name Certificates can be passed around, or managed in directories Protocols: X.509 (RFC 2459), SPKI/SDSI, etc.

Stephen S. Yau

CSE465-591 Fall 2006

18

References

Matt Bishop, Introduction to Computer Security, Addison- Wesley, 2004, ISBN: 0321247442 Matt Bishop, Computer Security: Art and Science, Addison- Wesley, 2002, ISBN: 0201440997

Stephen S. Yau

CSE465-591 Fall 2006

19

Steganography

Stephen S. Yau

CSE465-591 Fall 2006

20

Secure Communication
Two parties, Alice and Bob, can exchange information over an insecure medium in such a way that even if an intruder (Willie) is able to intercept, read and perform computation on the intercepted information, Willie will not be able to decipher the content of the exchanged information.

Stephen S. Yau

CSE465-591 Fall 2006

21

Encryption may not be enough

Prisoners Problem: Alice and Bob are in jail and wish to hatch an escape plan . All their communications pass through the warden,Willie, and if Willie detects any encrypted messages, he can simply stop the communication. So they must find some way of hiding their secret message in an innocuous looking text.

Stephen S. Yau

CSE465-591 Fall 2006

22

Steganography
The art of hiding information in ways that prevent detection of hidden messages. In Greek means covered writing Steganography and cryptography are cousins in the spy craft family While the goal of the cryptography system is to conceal the content of the messages, the goal of information hiding or steganography is to conceal their existence

Stephen S. Yau CSE465-591 Fall 2006 23

Steganography
What to hide Texts Images Sound How to hide embed text in text/images/audio/video files embed image in text/images/audio/video files embed sound in text/images/audio/video files

Stephen S. Yau CSE465-591 Fall 2006 24

Steganographic System

Stephen S. Yau

CSE465-591 Fall 2006

25

Comparison
Cryptography
C = Ek (P)
P = Dk (C) Key

Plain text
f Ciphertext

Steganography
secret message cover image f Stego message

Stephen S. Yau

CSE465-591 Fall 2006

26

A Real Example

During WW2 the following cipher message was actually sent by a German spy

Apparently neutrals protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils

Hidden Message
Pershing sails from NY June 1 Can be obtained by extracting the second letter in each word of the message sent

Stephen S. Yau

CSE465-591 Fall 2006

27

Steganographic Techniques

Genome Steganography: Encoding a hidden

message in a strand of human DNA Hiding in Text: Information hidden in documents by manipulating the positions of lines and words Hiding in Images/Videos:

least significant bit insertion masking and filtering applying more sophisticated image processing algorithms
CSE465-591 Fall 2006 28

Stephen S. Yau

Steganographic Techniques (Cont.)

Hiding data in audio files: Data can be hidden in the

audio files. Slight alterations on sound, such as tiny shifts in phase angle, speech cadence, and frequency, can transport hidden information, but are indiscernible to human senses Hiding in video file:

least significant bit insertion masking and filtering applying more sophisticated image processing algorithms

Stephen S. Yau

CSE465-591 Fall 2006

29

Steganographic Techniques (Cont.)

Hiding in the disk space: Hiding the data in

unused or reserved space.

Hiding data in software and circuitry: Data

can be hidden in the layout of the code distributed in a program or the layout of electronic circuits on a board. Hiding in network packets: Hidden in packets transmitted through the Internet.
CSE465-591 Fall 2006 30

Stephen S. Yau

Digital Watermarking

Watermarking is used primarily for identification and entails embedding a unique piece of information within a medium without noticeably altering the medium The difference between Steganography and Watermarking is primarily intent.

Steganography conceals information; Watermarks extend information and become an attribute of the cover image

Publishing and broadcasting industries are interested in techniques for hiding encrypted copyright marks and serial numbers in digital films, audio recordings, books and multimedia products.
CSE465-591 Fall 2006 31

Stephen S. Yau

References

Stefan Katzenbeisser, Fabien A. P. Petitcolas, Information Hiding Techniques for Steganography and Digital Watermarking, Artech House Books, January 2000

Stephen S. Yau

CSE465-591 Fall 2006

32