901480_ch02
-
Upload
gingeevimal -
Category
Documents
-
view
226 -
download
0
Transcript of 901480_ch02
-
8/9/2019 901480_ch02
1/66
Cryptography andCryptography and
Network SecurityNetwork Security
Chapter 2Chapter 2
Fourth EditionFourth Edition
by William Stallingsby William Stallings
-
8/9/2019 901480_ch02
2/66
Chapter 2 Chapter 2 Classical EncryptionClassical Encryption
TechniquesTechniques
-
8/9/2019 901480_ch02
3/66
CRYPTOO!Y
Definition:
Cryptology " #ro$ the !reek
Crypto$eaning secret or hidden% and
ology$eaning theory% or science
Two $a&or di'isions"
Cryptography & Cryptanalysis
-
8/9/2019 901480_ch02
4/66
Sy$$etric EncryptionSy$$etric Encryption
or conventional /or conventional / private-keyprivate-key / single-key/ single-key
sender and recipient share a common keysender and recipient share a common key
all classical encryption algorithms areall classical encryption algorithms areprivate-keyprivate-key
was only type prior to invention of public-was only type prior to invention of public-
key in 19!"skey in 19!"s and by far most widely usedand by far most widely used
-
8/9/2019 901480_ch02
5/66
So$e (asic Ter$inologySo$e (asic Ter$inology
plainte)tplainte)t- original message- original message cipherte)tcipherte)tor cryptogramor cryptogram- coded message #- coded message #$he
transformed message%&
ciphercipher- algorithm for transforming plainte't to cipherte't- algorithm for transforming plainte't to cipherte't keykeyor cryptovariableor cryptovariable( $he information( $he information used inused incon)unction with the algorithm to create cipherte't fromcon)unction with the algorithm to create cipherte't fromplainte'tplainte't
encipher *encrypt+encipher *encrypt+- converting plainte't to cipherte't- converting plainte't to cipherte't
decipher *decrypt+decipher *decrypt+- recovering cipherte't from plainte't- recovering cipherte't from plainte't cryptographycryptography- study of encryption principles/methods- study of encryption principles/methods cryptanalysis *code,reaking+cryptanalysis *code,reaking+- study of principles/- study of principles/
methods of deciphering cipherte'tmethods of deciphering cipherte't withoutwithoutknowing keyknowing key cryptologycryptology- field of both cryptography and cryptanalysis- field of both cryptography and cryptanalysis
-
8/9/2019 901480_ch02
6/66
Sy$$etric Cipher -odelSy$$etric Cipher -odel
-
8/9/2019 901480_ch02
7/66
Require$entsRequire$ents
two re*uirements for secure use oftwo re*uirements for secure use of#conventional% symmetric encryption+#conventional% symmetric encryption+ a strong encryption algorithma strong encryption algorithm a secret key known only to sender / receivera secret key known only to sender / receiver
mathematically have+mathematically have+
CC , E, EKK#%#%
PP , ., .KK#%#% assume encryption algorithm is knownassume encryption algorithm is known implies a secure channel to distribute keyimplies a secure channel to distribute key
-
8/9/2019 901480_ch02
8/66
CryptographyCryptography
characteri.e cryptographic syste$ ,y"characteri.e cryptographic syste$ ,y"1- The type of operations used for transforming plaintext to ciphertext:- there1- The type of operations used for transforming plaintext to ciphertext:- there
are two general principles ..are two general principles ..
- Substitution, in which each element in the plaintext is mapped into- Substitution, in which each element in the plaintext is mapped into
another element.another element. - Transposition, in which elements in the plaintext are rearranged.- Transposition, in which elements in the plaintext are rearranged.
- Product:- Product: involve multiple stages of substitutions and transpositionsinvolve multiple stages of substitutions and transpositions
2- The number of eys used:-2- The number of eys used:-
- Secret -ey !symmetric-ey or single-ey", where both sender and recei#er- Secret -ey !symmetric-ey or single-ey", where both sender and recei#eruse the same ey.use the same ey.
- Public-ey !asymmetric or two-ey", where both sender and recei#er each- Public-ey !asymmetric or two-ey", where both sender and recei#er eachuses different ey.uses different ey.
$- The way in which the plaintext is processed:-$- The way in which the plaintext is processed:-
- %loc &ipher.- %loc &ipher.
- Stream &ipher- Stream &ipher
-
8/9/2019 901480_ch02
9/66
CryptanalysisCryptanalysis
ob)ective to recover key not )ust messageob)ective to recover key not )ust message
general approaches+general approaches+
cryptanalytic attackcryptanalytic attack brute-force attackbrute-force attack
-
8/9/2019 901480_ch02
10/66
Cryptanalytic /ttacksCryptanalytic /ttacks
cipherte)t onlycipherte)t only only know algorithm 0 cipherte't is statisticalonly know algorithm 0 cipherte't is statistical
know or can identify plainte'tknow or can identify plainte't
known plainte)tknown plainte)t
know/suspect plainte't 0 cipherte'tknow/suspect plainte't 0 cipherte't chosen plainte)tchosen plainte)t
select plainte't and obtain cipherte'tselect plainte't and obtain cipherte't
chosen cipherte)tchosen cipherte)t select cipherte't and obtain plainte'tselect cipherte't and obtain plainte't
chosen te)tchosen te)t select plainte't or cipherte't to en/decryptselect plainte't or cipherte't to en/decrypt
-
8/9/2019 901480_ch02
11/66
-ore 0e#initions-ore 0e#initions
unconditional securityunconditional securityif the ciphertext generated by the scheme does not contain enoughif the ciphertext generated by the scheme does not contain enough
information to determine uniquely the corresponding plaintextinformation to determine uniquely the corresponding plaintext no matter how much computer power or time isno matter how much computer power or time is
available the cipher cannot be broken since theavailable the cipher cannot be broken since the
cipherte't provides insufficient information to uni*uelycipherte't provides insufficient information to uni*uely
determine the corresponding plainte'tdetermine the corresponding plainte't
co$putational securityco$putational security given limited computing resources #eg time neededgiven limited computing resources #eg time needed
for calculations is greater than age of universe% thefor calculations is greater than age of universe% the
cipher cannot be brokencipher cannot be broken
-
8/9/2019 901480_ch02
12/66
(rute(rute1orce Search1orce Search
always possible to simply try every keyalways possible to simply try every key most basic attack proportional to key si2emost basic attack proportional to key si2e assume either know / recognise plainte'tassume either know / recognise plainte't
Key Size (bits) Number of Alternative
Keys
Time required at 1
decryption/s
Time required at 106
decryptions/s
32 232 = 4.3 109 231s = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255s = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127s = 5.4 1024years 5.4 1018years
168 2168 = 3.7 1050 2167s = 5.9 1036years 5.9 1030years
26 characters
(permutation)26! = 4 1026 2 1026s = 6.4 1012years 6.4 106years
-
8/9/2019 901480_ch02
13/66
Classical Su,stitutionClassical Su,stitution
CiphersCiphers wherewhere letters of plainte't are replaced byletters of plainte't are replaced byother letters or by numbers or symbolsother letters or by numbers or symbols
or if plainte't isor if plainte't is viewed as a se*uence ofviewed as a se*uence ofbits then substitution involves replacingbits then substitution involves replacing
plainte't bit patterns with cipherte't bitplainte't bit patterns with cipherte't bit
patternspatterns
-
8/9/2019 901480_ch02
14/66
Types o# CiphersTypes o# Ciphers
33 Si$ple Su,stitutionSi$ple Su,stitution cipher orcipher or -onoalpha,etic-onoalpha,etic cipher is one in which eachcipher is one in which each
character in the plain te't is replaced with a corresponding character of cipher-te't&character in the plain te't is replaced with a corresponding character of cipher-te't&
33 o$ophonico$ophonic su,stitutionsu,stitution cipher is like a simple substitution crypto-systemcipher is like a simple substitution crypto-system
e'cept that a single character of plainte't can map to one of several characters ofe'cept that a single character of plainte't can map to one of several characters of
cipherte't& For E'ample 3 could correspond to 4 15 and 15&cipherte't& For E'ample 3 could correspond to 4 15 and 15&
33 Polygra$ su,stitutionPolygra$ su,stitutioncipher is one which blocks of characters are encrypted incipher is one which blocks of characters are encrypted in
groups& For E'ample 363 could correspond to 7$8&groups& For E'ample 363 could correspond to 7$8& $he layfair cipher is an e'ample of this type of cipher and was used by the 6ritish in World$he layfair cipher is an e'ample of this type of cipher and was used by the 6ritish in World
War ne&War ne&
33 Polyalpha,etic su,stitutionPolyalpha,etic su,stitution cipher is made up of multiple :onoalphabeticcipher is made up of multiple :onoalphabetic
ciphers& $he particular cipher used changes with the position of each character in theciphers& $he particular cipher used changes with the position of each character in the
plain te't& For E'ample ;igenere cipher&plain te't& For E'ample ;igenere cipher&
-
8/9/2019 901480_ch02
15/66
Caesar CipherCaesar Cipher
earliest known substitution cipherearliest known substitution cipher by
-
8/9/2019 901480_ch02
16/66
Caesar CipherCaesar Cipher
can define transformation as+can define transformation as+a b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B CD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a numbermathematically give each letter a numbera b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 250 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
then have aesar cipher as+then have aesar cipher as+
cc , E#, E#pp% , #% , #pp >> kk% mod #?@%% mod #?@%
pp , .#c% , #c (, .#c% , #c ( kk% mod #?@%% mod #?@%
-
8/9/2019 901480_ch02
17/66
Cryptanalysis o# CaesarCryptanalysis o# Caesar
CipherCipher only have ?@ possible ciphersonly have ?@ possible ciphers3 maps to 36&&A3 maps to 36&&A
could simply try each in turn acould simply try each in turn a ,rute #orce,rute #orcesearchsearch
given cipherte't )ust try all shifts of lettersgiven cipherte't )ust try all shifts of letters
do need to recogni2e when have plainte'tdo need to recogni2e when have plainte't eg& break cipherte't BCD3 ;8 .$C:Beg& break cipherte't BCD3 ;8 .$C:B
-
8/9/2019 901480_ch02
18/66
(rute3#orce cryptanalysis is easily(rute3#orce cryptanalysis is easily
per#or$ed withper#or$ed withCaesar Cipher "Caesar Cipher "
$he encryption and decryption algorithms$he encryption and decryption algorithms
are knownare known
$here are only ?4 keys to try #?4 different$here are only ?4 keys to try #?4 differentk values%k values%
$he language of plainte't is known and$he language of plainte't is known and
easily recogni2ableeasily recogni2able
-
8/9/2019 901480_ch02
19/66
-onoalpha,etic Cipher-onoalpha,etic Cipher
rather than )ust shifting the alphabetrather than )ust shifting the alphabet could shuffle #)umble% the letters arbitrarilycould shuffle #)umble% the letters arbitrarily each plainte't letter maps to a different randomeach plainte't letter maps to a different random
cipherte't lettercipherte't letter hence key is ?@ letters longhence key is ?@ letters long
Plain: abcdefghijklmnopqrstuvwxyzPlain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNCipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplacelettersPlaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYACiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
-
8/9/2019 901480_ch02
20/66
-onoalpha,etic Cipher-onoalpha,etic Cipher
SecuritySecurity now have a total of ?@ , 5 ' 1!?@ keysnow have a total of ?@ , 5 ' 1!?@ keys with so many keys might think is securewith so many keys might think is secure
but would bebut would be 4445RON!4444445RON!444 problem is language characteristicsproblem is language characteristics
-
8/9/2019 901480_ch02
21/66
anguage Redundancy andanguage Redundancy and
CryptanalysisCryptanalysis human languages arehuman languages are redundantredundant
eg Bth lrd s m shphrd shll nt wntBeg Bth lrd s m shphrd shll nt wntB
letters are not e*ually commonly usedletters are not e*ually commonly used
in English E is by far the most common letterin English E is by far the most common letter followed by $7G3Sfollowed by $7G3S
other letters like A
-
8/9/2019 901480_ch02
22/66
English etter 1requenciesEnglish etter 1requencies
-
8/9/2019 901480_ch02
23/66
6se in Cryptanalysis6se in Cryptanalysis
key concept - monoalphabetic substitutionkey concept - monoalphabetic substitutionciphers do not change relative letter fre*uenciesciphers do not change relative letter fre*uencies
discovered by 3rabian scientists in 9discovered by 3rabian scientists in 9ththcenturycentury
calculate letter fre*uencies for cipherte'tcalculate letter fre*uencies for cipherte't compare counts/plots against known valuescompare counts/plots against known values
if caesar cipher look for common peaks/troughsif caesar cipher look for common peaks/troughs peaks at+ 3-E-G triple pair 7S$ triplepeaks at+ 3-E-G triple pair 7S$ triple
troughs at+
-
8/9/2019 901480_ch02
24/66
E)a$ple CryptanalysisE)a$ple Cryptanalysis
given cipherte't+given cipherte't+UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZUZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
count relative letter fre*uencies #see te't%count relative letter fre*uencies #see te't% guess 0 A are e and tguess 0 A are e and t guess AW is th and hence AW is theguess AW is th and hence AW is the
proceeding with trial and error finally get+proceeding with trial and error finally get+it was disclosd !st"da! t#at s$"al i%&o"'al ()tit was disclosd !st"da! t#at s$"al i%&o"'al ()t
di"ct co%tacts #a$ (% 'ad wit# *oliticaldi"ct co%tacts #a$ (% 'ad wit# *olitical
"*"s%tati$s o& t# $it co%+ i% 'oscow"*"s%tati$s o& t# $it co%+ i% 'oscow
-
8/9/2019 901480_ch02
25/66
Play#air CipherPlay#air Cipher
not even the large number of keys in anot even the large number of keys in a
monoalphabetic cipher provides securitymonoalphabetic cipher provides security
one approach to improving security was toone approach to improving security was toencrypt multiple lettersencrypt multiple letters
thethePlay#air CipherPlay#air Cipheris an e'ampleis an e'ample
invented by harles Wheatstone in 1J45invented by harles Wheatstone in 1J45but named after his friend 6aron layfairbut named after his friend 6aron layfair
-
8/9/2019 901480_ch02
26/66
Play#air 7ey -atri)Play#air 7ey -atri)
a 4I4 matri' of letters based on a keyworda 4I4 matri' of letters based on a keyword
fill in letters of keyword #sans duplicates%fill in letters of keyword #sans duplicates%
fill rest of matri' with other lettersfill rest of matri' with other letters eg& using the keyword :37KLeg& using the keyword :37KL
:: 33 77
KK LL 66 ..
EE FF CC G/
-
8/9/2019 901480_ch02
27/66
Encrypting and 0ecryptingEncrypting and 0ecrypting
plainte't is encrypted two letters at a timeplainte't is encrypted two letters at a time1&1& if a pair is a repeated letter insert filler like NI"if a pair is a repeated letter insert filler like NI"
?&?& if both letters fall in the same row replaceif both letters fall in the same row replace
each with letter to righteach with letter to right #wrapping back to start#wrapping back to startfrom end%from end%
=&=& if both letters fall in the same column replaceif both letters fall in the same column replaceeach with the letter below it #again wrapping toeach with the letter below it #again wrapping to
top from bottom%top from bottom%5&5& otherwise each letter is replaced by the letterotherwise each letter is replaced by the letter
in the same row and in the column of the otherin the same row and in the column of the otherletter of the pairletter of the pair
-
8/9/2019 901480_ch02
28/66
Playfair Example
6se the #ollowing ta,le"
& ' ( ) *
+ S % , -
. /01 2 3 4
5 P 6 T 7
8 9 : ; ? would yield 1 not 11& 3nd plus @ would yield =e'ample 9 > ? would yield 1 not 11& 3nd plus @ would yield =not 1=& KereNs how the spyNs working sheet would look¬ 1=& KereNs how the spyNs working sheet would look&
lainte't 1=19 1=?4 19!4 !=1J !4?!lainte't 1=19 1=?4 19!4 !=1J !4?!
Hey ----- !4?@ 1J!? !J1@ 191!Hey ----- !4?@ 1J!? !J1@ 191!
ipherte't 1=19 1J51 ?! !1?5 15=!ipherte't 1=19 1J51 ?! !1?5 15=!
Encrypted messageEncrypted message 1319 1841 277 124 1431319 1841 277 124 143
-
8/9/2019 901480_ch02
56/66
One3Ti$e Pad *OTP+One3Ti$e Pad *OTP+
Step =+ .ecrypting the message&&&Step =+ .ecrypting the message&&& We subtract the key from the cipherte't usingWe subtract the key from the cipherte't using
Fibonicci subtraction &Fibonicci subtraction &
We allow no negative numbers&We allow no negative numbers&
For e'ample ? - 9 would yield = #because we addFor e'ample ? - 9 would yield = #because we add1! so that weNre able to subtract 9 from 1?%&1! so that weNre able to subtract 9 from 1?%&
R ipherte't 1=19 1J51 ?! !1?5 15=!R ipherte't 1=19 1J51 ?! !1?5 15=!
Hey 1=19 !4?@ 1J!? !J1@ 191!Hey 1=19 !4?@ 1J!? !J1@ 191!
lainte't ---- 1=?4 19!4 !=1J !4?!lainte't ---- 1=?4 19!4 !=1J !4?!
-
8/9/2019 901480_ch02
57/66
Transposition CiphersTransposition Ciphers
now consider classicalnow consider classical transpositiontranspositionoror
per$utationper$utationciphersciphers
these hide the message by rearrangingthese hide the message by rearranging
the letter orderthe letter order
without altering the actual letters usedwithout altering the actual letters used
can recognise these since have the samecan recognise these since have the samefre*uency distribution as the original te'tfre*uency distribution as the original te't
-
8/9/2019 901480_ch02
58/66
Rail 1ence cipherRail 1ence cipher
write message letters out diagonally over awrite message letters out diagonally over anumber of rowsnumber of rows
then read off cipher row by rowthen read off cipher row by row
eg& write message out as+eg& write message out as+' ' a t " # t + * " !' ' a t " # t + * " !
t & t o a a t t & t o a a t
giving cipherte'tgiving cipherte't
MEMAT,HTGP,YETEFETEOAATMEMAT,HTGP,YETEFETEOAAT
-
8/9/2019 901480_ch02
59/66
Colu$nar Transposition CiphersColu$nar Transposition Ciphers
a more comple' transpositiona more comple' transpositioncolu$nar transposition"colu$nar transposition" i- eaan.e/en 0 1haa1e- 0 +lain e!i- eaan.e/en 0 1haa1e- 0 +lain e!
in 12l/n-3in 12l/n-3
Write plainte't in a rectangle row by row&Write plainte't in a rectangle row by row& ermute the order of the columnsermute the order of the columns 7ead the message off column by column7ead the message off column by column Key: 4 3 1 2 5 6 7Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k pPlaintext: a t t a c k p
o s t p o n eo s t p o n e
d u n t i l td u n t i l t
w o a m x y zw o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
-
8/9/2019 901480_ch02
60/66
-
8/9/2019 901480_ch02
61/66
Rotor -achinesRotor -achines
before modern ciphers rotor machines werebefore modern ciphers rotor machines weremost common comple' ciphers in usemost common comple' ciphers in use
widely used in WW?#World War GG%widely used in WW?#World War GG%
Cerman Enigma 3llied Kagelin
-
8/9/2019 901480_ch02
62/66
agelin Rotor -achineagelin Rotor -achine
C 0 i * %i00 iC 0 i * %i00 i
-
8/9/2019 901480_ch02
63/66
Cn02-in an* %i002-inCn02-in an* %i002-in 3 substitution is said to add confusion to the3 substitution is said to add confusion to the
encryption process whereas a transposition isencryption process whereas a transposition is
said to add diffusion&said to add diffusion& onfusion is intended to make the relationshiponfusion is intended to make the relationship
between the key and cipherte't as comple' asbetween the key and cipherte't as comple' aspossible& .iffusion refers to rearranging orpossible& .iffusion refers to rearranging or
spreading out the characters in the messagespreading out the characters in the message :ost modern block cipher systems apply a:ost modern block cipher systems apply a
number of rounds in succession to encryptnumber of rounds in succession to encryptplainte't&plainte't&
3 round then can be said to add both confusion3 round then can be said to add both confusionand diffusion to the encryptionand diffusion to the encryption
-
8/9/2019 901480_ch02
64/66
SteganographySteganography
an alternative to encryptionan alternative to encryption hides e'istence of messagehides e'istence of message
using only a subset of letters/words in ausing only a subset of letters/words in a
longer message marked in some waylonger message marked in some way using invisible inkusing invisible ink hiding in MS6 in graphic image or sound filehiding in MS6 in graphic image or sound file
has drawbackshas drawbacks high overhead to hide relatively few info bitshigh overhead to hide relatively few info bits
-
8/9/2019 901480_ch02
65/66
Popular sites #or Popular sites #or Steganography
in#or$ation
http"KK
www
-
8/9/2019 901480_ch02
66/66
Su$$arySu$$ary
have considered+have considered+ classical cipher techni*ues and terminologyclassical cipher techni*ues and terminology
monoalphabetic substitution ciphersmonoalphabetic substitution ciphers
cryptanalysis using letter fre*uenciescryptanalysis using letter fre*uencies
layfair cipherlayfair cipher
polyalphabetic cipherspolyalphabetic ciphers
transposition cipherstransposition ciphers
product ciphers and rotor machinesproduct ciphers and rotor machines
stenographystenography