Post on 16-Aug-2015
Data Protection Techniques and Data Protection Techniques and CryptographyCryptography
Çankaya Çankaya UniversityUniversityTalha SAVAŞTalha SAVAŞb20500686@hacettepe.edu.trb20500686@hacettepe.edu.tr
Outline of the Outline of the PresentationPresentation
Basic Terminology in CryptographyBasic Security GoalsEncryption & DecryptionBasic CiphersBlock CiphersEncryption ModesSecret Sharing (Threshold)IPSECSSL/TLSMalicious SoftwareReferences
Cryptography:The study of mathematical techniques related to aspects of providing information security services (to construct).
Cryptanalysis: The study of mathematical techniques for attempting to defeat information security services (to break).
Cryptology: The study of cryptography and cryptanalysis (both).
Basic Terminology in Cryptography
Computer Security:Ensure security of data kept on the computer.
Network Security:Ensure security of communication over insecure medium.
Approaches to Secure Communication:
Steganography:Hides the existence of a message.
Cryptography:Hide the meaning of a message.
Information Security = CS + NS
Basic Terminology in Cryptography
Privacy (secrecy, confidentiality):Only the intended recipient can see the communication.
Authenticity (integrity):The communication is generated by the alleged sender.
Authorization:Limit the resources that a user can access.
Availability:Make the services available 99.999…% of time.
Non-repudiation:No party can refuse the validity of its actions.
Auditing:Take a log of everything done in the system.
Basic Security Goals
Encryption (encipherment):The process of transforming information (plaintext) using an algorithm (cipher) to make it unreadable to anyone except those possessing special knowledge.
Decryption (decipherment):The process of making the encrypted information readable again.
Key:The special knowledge shared between communicating parties.
Plaintext:The data to be concealed.
Ciphertext: The result of encryption on the plaintext.
Encryption & DecryptionEncryption & Decryption
Shift Cipher:
A substitution cipher
The Key Space: [1 .. 25]Encryption given a key K:
Each letter in the plaintext P is replaced with the K’th letter following corresponding number (shift right).
Decryption given K: (shift left).
Basic CiphersBasic Ciphers
Shift Cipher: An Example
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
P = CRYPTOGRAPHYISFUN
K = 11
C = NCJAVZRCLASJTDQFY
C 2+11 mod 26 = 13 → → N
R 17+11 mod 26 = 2 → → C…
N 13+11 mod 26 = 24 → →Y
General Mono - alphabetical Substitution Cipher:
The key space: all permutations of Σ = {A, B, C, …, Z}
Encryption given a key :̟Each letter X in the plaintext P is replaced with π(X).
Decryption given a key :̟Each letter Y in the ciphertext P is replaced with π-1(Y).̟
Example:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Zπ=B A D C Z H W Y G O Q X S V T R N M S K J I P F E U
BECAUSE→AZDBJSZ
Cryptanalysis: The key space size is 26!
Basic CiphersBasic Ciphers
Frequency Analysis:
Frequency Features of English:
Vowels, which constitute 40 % of plaintext, are oftenseparated by consonants.
Letter A is often found in the beginning of a word or second from last.Letter I is often third from the end of a word.Letter Q is followed only by U.
Some words are more frequent, such as:the, and, at, is, on, in.
Basic CiphersBasic Ciphers
Summary:
• Shift ciphers are easy to break using brute force attacks,they have small key space.
• Substitution ciphers preserve language features and arevulnerable to frequency analysis attacks.
Basic CiphersBasic Ciphers
The Vigenère Cipher:
Definition:Given m, a positive integer, P = C = (Z26)n, and K = (k1, k2, …, km) a key, we define:
Encryption:ek(p1, p2… pm) = (p1+k1, p2+k2…pm+km) (mod 26)
Decryption:dk(c1, c2… cm) = (c1-k1, c2-k2 … cm-km) (mod 26)
Example:Plaintext: C R Y P T O G R A P H YKey: L U C K L U C K L U C KCiphertext: N L A Z E I I B L J J I
Basic CiphersBasic Ciphers
Vigenere Cipher: Cryptanalysis
Find the length of the key.
• Divide the message into that many shift cipher encryptions.• Use frequency analysis to solve the resulting shift ciphers.
Vigenere cipher is vulnerable: once the key length is found, a cryptanalyst can apply frequency analysis.
How to Find the Key Length?• For Vigenere, as the length of the keyword increases, the letter frequency shows less English-like characteristics and becomes more random.
• One method to find the key length:Kasisky test.
Basic CiphersBasic Ciphers
Kasisky Test:
Note:Two identical segments of plaintext, will be encrypted to the same ciphertext, if the they occur in the text at the distance Δ, (Δ≡0 (mod m), m is the key length).
Algorithm:Search for pairs of identical segments of length at least 3Record distances between the two segments: Δ1, Δ2, …m divides gcd(Δ1, Δ2, …)
PT: T H E S U N A N D T H E M A N I N T H E M O O NKey: K I N G K I N G K I N G K I N G K I N G K I N GCT: D P R Y E V N T N B U K W I A O X B U K W W B T
Basic CiphersBasic Ciphers
Block size: In general larger block sizes mean greater security.
Key size: Larger key size means greater security (larger key space).
Number of rounds: Multiple rounds offer increasing security.
Encryption modes: Define how messages larger than the block size are encrypted, very important for the security of the encrypted message.
Block CiphersBlock Ciphers
Feistel Network:
A Feistel Network is fully specified given
The block size: n = 2w number of rounds: d d round functions f1, f2…, fd: {0,1}w {0,1}w→
Each f function is a SP cipher.Used in DES, IDEA, RC5, and many other block ciphers.
Block CiphersBlock Ciphers
Encryption:
L1=R0, R1=L0 ⊕ f1(R0)L2=R1, R2=L1 ⊕ f2(R1)...Ld=Rd-1, Rd=Ld-1⊕ fd(Rd-1)
Decryption:
Rd-1=Ld, Ld-1=Rd ⊕ fd(Ld)…R0=L1, L0=R1 ⊕ f1(L1)
Feistel Network
Data Encryption Standard (DES):
Features:
Block size = 64 bits Key size = 56 bits Number of rounds = 16 16 intermediary keys, each 48 bits
Block CiphersBlock Ciphers
Details of DES Rounds:
An initial permutation is applied on the plaintext.
IP(x) = L0 R0
In each round:
Li = Ri-1Ri = Li-1 f(Ri-1, Ki)⊕
Block CiphersBlock Ciphers
DES S-boxes:
Block CiphersBlock Ciphers
• S-boxes are the only non-linear elements in DES design.
• Each S-box is a 4x16 matrix, values from 0 to 15
B = b1 b2 b3 b4 b5 b6 b1b6 = row b2b3b4b5 = column C = 4-bit the result
Electronic Code Book (ECB):
Encryption ModesEncryption Modes
• Message is broken into independent blocks of block_size bits;
•(ECB): Each block encrypted separately.
• Encryption: ci = Ek(xi) • Decryption: xi = Dk(ci)
Cipher Block Chaining (CBC):
Encryption ModesEncryption Modes
(CBC): Next input depends upon previous output.
• Encryption: Ci = Ek (Mi Ci-1), with C0=IV⊕
• Decryption: Mi= Ci-1 Dk(Ci), with C0=IV⊕
Output Feedback Mode (OFB):
Encryption ModesEncryption Modes
• (OFB): Construct a pseudorandom number generator (PRNG) to obtain a one time pad and XOR the message with the pad.
• y0=IV yi = Ek[yi-1]
Cipher Feedback Mode (CFB):
Encryption ModesEncryption Modes
• (CFB): the message is XORed with the feedback of encrypting the previous block.
Counter Mode (CTR):
Encryption ModesEncryption Modes
• Counter Mode (CTR): Another way to construct PRNG using DES.
yi= Ek[counter+i]ci= yi xi⊕
• Sender and receiver share a counter value (does not need to be secret) and the secret key.
Block Ciphers vs. Stream Ciphers:
• A block cipher operates on blocks of fixed length.
•A stream cipher is a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream (keystream), typically by an exclusive-or (xor) operation.
Counter Mode (CTR):
Secret Sharing (Threshold)Secret Sharing (Threshold)
• Counter Mode (CTR): Another way to construct PRNG using DES.
yi= Ek[counter+i]ci= yi xi⊕
• Sender and receiver share a counter value (does not need to be secret) and the secret key.
Block Ciphers vs. Stream Ciphers:
• A block cipher operates on blocks of fixed length.
•A stream cipher is a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream (keystream), typically by an exclusive-or (xor) operation.
Counter Mode (CTR):
• Counter Mode (CTR): Another way to construct PRNG using DES.
yi= Ek[counter+i]ci= yi xi⊕
• Sender and receiver share a counter value (does not need to be secret) and the secret key.
Block Ciphers vs. Stream Ciphers:
• A block cipher operates on blocks of fixed length.
•A stream cipher is a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream (keystream), typically by an exclusive-or (xor) operation.
Secret Sharing (Threshold)Secret Sharing (Threshold)
References Cristina Nita-Rotaru Associate Professor
Department of Computer Science Purdue University
Internet
Wikipedia
Cryptography Decrypted by H.X. Mel, D. M. Baker