Post on 03-Jan-2016
Cryptography and Network Security 1
Roadmap of Cryptography
classical cryptography (--- 1920s) secret writing required only pen and paper Mostly: transposition, substitution ciphers Easily broken by statistics analysis (e.g., frequency)
mechanical devices invented for encryption Rotor machines (e.g. Enigma cipher) 1930s-1950s featured in films, such as in the James Bond adventure From
Russia with Love specification of DES and the invention of RSA
(1970s) --- modern ciphers Public key system, most notably AES replaces DES Hash functions being sort of broken
Quantum Cryptography (future?)
Cryptography and Network Security 2
Roadmap of Cryptography (cont)
Quantum cryptography currently has two aspects. quantum key exchange (also known as quantum key distribution), a method
for secure communications based on quantum mechanics conjectured effect of quantum computing on cryptanalysis, although it is
currently, like quantum computing itself, only a theoretical concept. Basic idea of quantum key exchange is to use the
"noisy" properties of light to render incoherent an image that acts to complement a secret key. This image can be represented in a number of ways, but the ability to decode
that image rests upon an understanding of how it was made. No way to intercept the transmission without changing it is possible, so key information can be exchanged with great confidence it has been transmitted secretly.
quantum computing will considerably extend the reach of cryptanalysis, making brute force key space searches much more effective -- if such computers ever become possible in actual practice
Cryptography and Network Security 3
Cryptography and Network Security
History and classical cryptography
Cryptography and Network Security 4
History
Ancient ciphers Have a history of at least 4000 years Ancient Egyptians enciphered some of their
hieroglyphic writing on monuments Ancient Hebrews enciphered certain words in the
scriptures 2000 years ago Julius Caesar used a simple substitution
cipher, now known as the Caesar cipher Roger bacon described several methods in 1200s
Cryptography and Network Security 5
History
Ancient ciphers Geoffrey Chaucer included several ciphers in his works Leon Alberti devised a cipher wheel, and described the
principles of frequency analysis in the 1460s Blaise de Vigenère published a book on cryptology in
1585, & described the polyalphabetic substitution cipher
Increasing use, esp in diplomacy & war over centuries
Cryptography and Network Security 6
Classical Cryptographic Techniques
Two basic components of classical ciphers: Substitution: letters are replaced by other letters Transposition: letters are arranged in a different order
These ciphers may be: Monoalphabetic: only one substitution/ transposition is
used, or Polyalphabetic:where several substitutions/
transpositions are used
Product cipher: several ciphers concatenated together
Cryptography and Network Security 7
Encryption and Decryption
Plaintextciphertext
Encipher C = E(K)(P) Decipher P = D(K)(C)
Key source
Cryptography and Network Security 8
Key Management
Using secret channel Encrypt the key Third trusted party The sender and the receiver generate
key The key must be same We will talk more about how we can generate keys for
two parties who are “unknown” of each other before, and want secure communication
Cryptography and Network Security 9
Attacks
Recover the message Recover the secret key
Thus also the message
Thus the number of keys possible must be large!
Cryptography and Network Security 10
Possible Attacks
Ciphertext only Algorithm, ciphertext
Known plaintext Algorithm, ciphertext, plaintext-ciphertext pair
Chosen plaintext Algorithm, ciphertext, chosen plaintext and its ciphertext
Chosen ciphertext Algorithm, ciphertext, chosen ciphertext and its plaintext
Chosen text Algorithm, ciphertext, chosen plaintext and ciphertext
Cryptography and Network Security 11
Steganography
Conceal the existence of message Character marking Invisible ink Pin punctures Typewriter correction ribbon
Cryptography renders message unintelligible!
Cryptography and Network Security 12
Contemporary Equiv.
Least significant bits of picture frames 2048x3072 pixels with 24-bits RGB info Able to hide 2.3M message
Drawbacks Large overhead Virtually useless if system is known
Improvement Using some “random” sequence of the last bit for storing the data Challenge: produce such random sequence such that the attacker
cannot figure out the sequence!
Cryptography and Network Security 13
Caesar Cipher
Replace each letter of message by a letter a fixed distance away Reputedly used by Julius Caesar
Example: L FDPH L VDZ L FRQTXHUHG
I CAME I SAW I CONGUERED
The mapping is ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
Cryptography and Network Security 14
Mathematical Model
Description Assume all letters are mapped to integers [0,25] A:-0, B-1, ….., Z25
Encryption E(k) : i i + k mod 26
Decryption D(k) : i i - k mod 26
Cryptography and Network Security 15
Cryptanalysis: Caesar Cipher
Key space: 26Exhaustive key search
Example GDUCUGQFRMPCNJYACJCRRCPQ
HEVDVHRGSNQDOKZBDKDSSDQR Plaintext:
JGXFXJTIUPSFQMBDFMFUUFSTKHYGYKUJVGRNCEGNGVVGTU
Ciphertext: LIZHZLVKWRUHSODFHOHWWHUVMJAIAMWXSVITPEGIPIXXIVW
Cryptography and Network Security 16
Character Frequencies
In most languages letters are not equally common in English e is by far the most common letter
Have tables of single, double & triple letter frequencies
Use these tables to compare with letter frequencies in ciphertext, a monoalphabetic substitution does not change relative
letter frequencies do need a moderate amount of ciphertext (100+ letters)
Cryptography and Network Security 17
Letter Frequency Analysis
Single Letter A,B,C,D,E,…..
Double Letter TH,HE,IN,ER,RE,ON,AN,EN,….
Triple Letter THE,AND,TIO,ATI,FOR,THA,TER,RES,…
Cryptography and Network Security 20
N-gram Frequencies
Digraph Frequency th he an in er on re ed nd ha at en es of nt ea ti to io
le is ou ar as de rt ve
Trigraph Frequency the and tha ent ion tio for nde has nce tis oft men
For more, see http://www.letterfrequency.org
Cryptography and Network Security 21
Modular Arithmetic Cipher
Use a more complex equation to calculate the ciphertext letter for each plaintext letter
E(a,b) : i ai + b mod 26 Need gcd(a,26) = 1 Otherwise, not reversible So, a2, 13, 26 Caesar cipher: a=1, b=3
Cryptography and Network Security 22
Cryptanalysis
Key space:12*26 Brute force search
Use letter frequency counts to guess a couple of possible letter mappings frequency pattern not produced just by a shift
But it is still a substitution, thus we can use frequency analysis
use these mappings to solve 2 simultaneous equations to derive above parameters
Cryptography and Network Security 23
Playfair Cipher
The Playfair cipher or Playfair square is a manual symmetric encryption technique and was the first literal digraph substitution cipher. The scheme was invented in 1854 by Charles
Wheatstone, but bears the name of Lord Playfair who promoted the use of the cipher.
Cryptography and Network Security 24
Playfair Cipher
s i/j m p l
e a b c d
f g h k n
o q r t u
v w x y z
Key: simple
Used in WWI and WWII
Cryptography and Network Security 25
Playfair Cipher
Use filler letter to separate repeated letters
Encrypt two letters together Same row– followed letters
ac--bd Same column– letters under
qw--wi Otherwise—square’s corner at same row
ar--bq
Cryptography and Network Security 26
Analysis
Size of diagrams: 25! But the actual different diagrams are not 25! Two diagrams are the same if they derive the same
encryption and decryption method Then what is the number of difference diagrams in
playfair cipher? 25!/25=24!
Difficult using frequency analysis But it still reveals the frequency information
Frequency of 2-gram (bi-gram, two-letters)
Cryptography and Network Security 27
Playfair Cryptanalysis
Like most pre-modern era ciphers, the Playfair cipher can be easily cracked if there is enough text. Obtaining the key is relatively straightforward if both
plaintext and ciphertext are known. When only the ciphertext is known, brute force
cryptanalysis of the cipher involves searching through the key space for matches between the frequency of occurrence of digrams (pairs of letters) and the known frequency of occurrence of digrams in the assumed language of the original message.
Cryptography and Network Security 28
Playfair, cont
A different approach to tackling a Playfair cipher is the shotgun hill climbing method. This starts with a random square of letters. Then minor changes
are introduced (i.e. switching letters, rows, or reflecting the entire square) to see if the candidate plaintext is more like standard plaintext than before the change (perhaps by comparing the trigrams to a known frequency chart).
If the new square is deemed to be an improvement, then it is adopted and then further mutated to find an even better candidate.
Eventually, the plaintext or something very close is found to achieve a maximal score by whatever grading method is chosen.
Computers can adopt this algorithm to crack Playfair ciphers with a relatively small amount of text.
Cryptography and Network Security 29
Hill Cipher
Hill cipher is a polygraphic substitution cipher based on linear algebra. Invented by Lester S. Hill in 1929, it was the first polygraphic
cipher in which it was practical (though barely) to operate on more than three symbols at once.
Each letter is treated as a digit in base 26: A = 0, B =1, and so on. A block of n letters is then considered as a vector of n dimensions, and multiplied by a n × n matrix, modulo 26. The components of the matrix are the key, and should be random provided that the matrix is invertible in (to ensure decryption is possible).
The Hill cipher has achieved Shannon's diffusion, and an n-dimensional Hill cipher can diffuse fully across n symbols at once.
Cryptography and Network Security 30
Hill Cipher Machine
With fixed Key and patented Triple encryption was recommended for
security: a secret nonlinear step, followed by the wide diffusive
step from the machine, followed by a third secret nonlinear step.
Such a combination was actually very powerful for 1929, and indicates that Hill apparently understood the concepts of a meet-in-the-middle attack as well as confusion and diffusion.
Unfortunately, his machine did not sell.
Cryptography and Network Security 31
Hill Cipher
Encryption Assign each letter an index C=KP mod 26 Matrix K is the key
Decryption P=K-1C mod 26 Thus, we can decrypt iff gcd(det(K), 26) =1.
Cryptography and Network Security 32
How to Decrypt?
Compute K-1
Compute det(K) Check if gcd(det(K), 26) =1 If not, then K-1 do not exist Else K-1 is
1 1
1 1
1 1
1 1
1
1
1
1
2
1
K K
K K
K
n
n
n
n
n
n n
, ,
, ,
d et( )
Cryptography and Network Security 33
cont
K
k k k k
k k k k
k k k k
k k k k
i j
j j n
i i j i j i n
i i i i
n n j n j n n
,
, , , ,
, , , ,
, , , ,
, , , ,
1 1 1 1 1 1 1
1 1 1 1 1 1 1
1 1 1 1 1 1 1 1
1 1 1
Cryptography and Network Security 34
Hill Cipher Cryptanalysis
Difficult to use frequency analysis But vulnerable to known-plaintext
attack Give simple method to attack hill cipher under the
known-plaintext assumption? How to attack under the chosen plaintext assumption?
The security could be greatly enhanced by combining with some non-linear step to defeat this attack.
Cryptography and Network Security 35
Key Sizes
How may good keys? One might naïvely think that the key size, in bits, is n2log226 or
about 4.7n2. In fact, it is slightly less than this because not all
randomly selected matrices are usable. A slightly less naïve view might guess that 1/2 + 1/26 of candidate
keys would be unusable, reducing the keyspace by about 54%. In fact, determinants are not uniformly distributed, and
the key space reduction is closer to 70%. Additionally it seems to be prudent to avoid too many zeroes in
the key matrix, since they reduce diffusion. The net effect is that the effective keyspace of a basic
Hill cipher is about 4.64n2. For a 5 × 5 Hill cipher, that is about 114 bits. Of course,
key search is not the most efficient known attack
Cryptography and Network Security 36
Polyalphabetic Substitution
Use more than one substitution alphabet
Makes cryptanalysis harder since have more alphabets to guess and flattens frequency distribution
same plaintext letter gets replaced by several ciphertext letter, depending on which alphabet is used
Cryptography and Network Security 37
Vigenère Cipher
Basically multiple Caesar ciphers key is multiple letters long
K = k1 k2 ... kd
ith letter specifies ith alphabet to use use each alphabet in turn, repeating from start after d
letters in message
Plaintext THISPROCESSCANALSOBEEXPRESSED
Keyword CIPHERCIPHERCIPHERCIPHERCIPHE Ciphertext VPXZTIQKTZWTCVPSWFDMTETIGAHLH
Cryptography and Network Security 38
Enigma Machine
Enigma was a portable cipher machine used to encrypt and decrypt secret messages. a family of related electro-mechanical rotor machines
German military
Japan commercial
Cryptography and Network Security 39
Enigma Machine
Enigma encryption for two consecutive letters —
current is passed into set of rotors, around the reflector, and back out through the rotors again.
Letter A encrypts differently with consecutive key presses, first to G, and then to C. This is because the right hand rotor has stepped, sending the signal on a completely different route.
Cryptography and Network Security 40
Enigma
the actual encipherment of a letter is performed electrically. When a key is pressed, the circuit is completed; current flows
through the various components and ultimately lights one of many lamps, indicating the output letter.
Current flows from a battery through the switch controlled by the depressed key into a fixed entry wheel. This leads into the rotor assembly (or scrambler), where the complex internal wiring of each rotor results in the current passing from one rotor to the next along a convoluted path. After passing through all the rotors, current enters the reflector, which relays the signal back out again through the rotors and the entry wheel — this time via a different path — and, finally, to one of the lamps (the earliest Enigma models do not have the reflector).
Cryptography and Network Security 41
Rotors
performs a very simple type of encryption a simple substitution cipher
Cryptography and Network Security 42
World War II Era Encryption Devices A few here
Sigaba (United States) Typex (Britain) Lorenz cipher (Germany) Geheimfernschreiber (Germany)
For more, see http://w1tp.com/enigma/
Cryptography and Network Security 43
One-time Pad
theoretically unbreakable (Claude Shannon) the plaintext is combined with a random "pad" the same length as the
plaintext. Patent by
Gilbert Vernam (AT&T) and Joseph Mauborgne Encryption
C=PK Decryption
P=CK Claude Shannon's work can be interpreted as
that any information-theoretically secure cipher will be effectively equivalent to the one-time pad algorithm. Hence one-time pads offer the best possible mathematical security of any encryption scheme, anywhere and anytime.
Cryptography and Network Security 44
One-time pad--cont Drawbacks
it requires secure exchange of the one-time pad material, which must be as long as the message
pad disposed of correctly and never reused In practice
Generate a large number of random bits, Exchange the key material securely between the users before sending
an one-time enciphered message, Keep both copies of the key material for each message securely until
they are used, and Securely dispose of the key material after use, thereby ensuring the
key material is never reused.
It requires a perfect random numbers as key We will learn how to generate pseudo-random numbers
Cryptography and Network Security 45
Random numbers needed
If the key material is generated by a deterministic program then it is not actually random should never be used in an one-time pad cipher. If so used, the method becomes a stream cipher; these
usually employ a short key that is used to generate a long pseudorandom stream, which is then combined with the message using some such mechanism as those used in one-time pads. Stream ciphers can be secure in practice, but they cannot be absolutely secure in the same provable sense as the one-time pad