901480_ch02

download 901480_ch02

of 66

Transcript of 901480_ch02

  • 8/9/2019 901480_ch02

    1/66

    Cryptography andCryptography and

    Network SecurityNetwork Security

    Chapter 2Chapter 2

    Fourth EditionFourth Edition

    by William Stallingsby William Stallings

  • 8/9/2019 901480_ch02

    2/66

    Chapter 2 Chapter 2 Classical EncryptionClassical Encryption

    TechniquesTechniques

  • 8/9/2019 901480_ch02

    3/66

    CRYPTOO!Y

    Definition:

    Cryptology " #ro$ the !reek

    Crypto$eaning secret or hidden% and

    ology$eaning theory% or science

    Two $a&or di'isions"

    Cryptography & Cryptanalysis

  • 8/9/2019 901480_ch02

    4/66

    Sy$$etric EncryptionSy$$etric Encryption

    or conventional /or conventional / private-keyprivate-key / single-key/ single-key

    sender and recipient share a common keysender and recipient share a common key

    all classical encryption algorithms areall classical encryption algorithms areprivate-keyprivate-key

    was only type prior to invention of public-was only type prior to invention of public-

    key in 19!"skey in 19!"s and by far most widely usedand by far most widely used

  • 8/9/2019 901480_ch02

    5/66

    So$e (asic Ter$inologySo$e (asic Ter$inology

    plainte)tplainte)t- original message- original message cipherte)tcipherte)tor cryptogramor cryptogram- coded message #- coded message #$he

    transformed message%&

    ciphercipher- algorithm for transforming plainte't to cipherte't- algorithm for transforming plainte't to cipherte't keykeyor cryptovariableor cryptovariable( $he information( $he information used inused incon)unction with the algorithm to create cipherte't fromcon)unction with the algorithm to create cipherte't fromplainte'tplainte't

    encipher *encrypt+encipher *encrypt+- converting plainte't to cipherte't- converting plainte't to cipherte't

    decipher *decrypt+decipher *decrypt+- recovering cipherte't from plainte't- recovering cipherte't from plainte't cryptographycryptography- study of encryption principles/methods- study of encryption principles/methods cryptanalysis *code,reaking+cryptanalysis *code,reaking+- study of principles/- study of principles/

    methods of deciphering cipherte'tmethods of deciphering cipherte't withoutwithoutknowing keyknowing key cryptologycryptology- field of both cryptography and cryptanalysis- field of both cryptography and cryptanalysis

  • 8/9/2019 901480_ch02

    6/66

    Sy$$etric Cipher -odelSy$$etric Cipher -odel

  • 8/9/2019 901480_ch02

    7/66

    Require$entsRequire$ents

    two re*uirements for secure use oftwo re*uirements for secure use of#conventional% symmetric encryption+#conventional% symmetric encryption+ a strong encryption algorithma strong encryption algorithm a secret key known only to sender / receivera secret key known only to sender / receiver

    mathematically have+mathematically have+

    CC , E, EKK#%#%

    PP , ., .KK#%#% assume encryption algorithm is knownassume encryption algorithm is known implies a secure channel to distribute keyimplies a secure channel to distribute key

  • 8/9/2019 901480_ch02

    8/66

    CryptographyCryptography

    characteri.e cryptographic syste$ ,y"characteri.e cryptographic syste$ ,y"1- The type of operations used for transforming plaintext to ciphertext:- there1- The type of operations used for transforming plaintext to ciphertext:- there

    are two general principles ..are two general principles ..

    - Substitution, in which each element in the plaintext is mapped into- Substitution, in which each element in the plaintext is mapped into

    another element.another element. - Transposition, in which elements in the plaintext are rearranged.- Transposition, in which elements in the plaintext are rearranged.

    - Product:- Product: involve multiple stages of substitutions and transpositionsinvolve multiple stages of substitutions and transpositions

    2- The number of eys used:-2- The number of eys used:-

    - Secret -ey !symmetric-ey or single-ey", where both sender and recei#er- Secret -ey !symmetric-ey or single-ey", where both sender and recei#eruse the same ey.use the same ey.

    - Public-ey !asymmetric or two-ey", where both sender and recei#er each- Public-ey !asymmetric or two-ey", where both sender and recei#er eachuses different ey.uses different ey.

    $- The way in which the plaintext is processed:-$- The way in which the plaintext is processed:-

    - %loc &ipher.- %loc &ipher.

    - Stream &ipher- Stream &ipher

  • 8/9/2019 901480_ch02

    9/66

    CryptanalysisCryptanalysis

    ob)ective to recover key not )ust messageob)ective to recover key not )ust message

    general approaches+general approaches+

    cryptanalytic attackcryptanalytic attack brute-force attackbrute-force attack

  • 8/9/2019 901480_ch02

    10/66

    Cryptanalytic /ttacksCryptanalytic /ttacks

    cipherte)t onlycipherte)t only only know algorithm 0 cipherte't is statisticalonly know algorithm 0 cipherte't is statistical

    know or can identify plainte'tknow or can identify plainte't

    known plainte)tknown plainte)t

    know/suspect plainte't 0 cipherte'tknow/suspect plainte't 0 cipherte't chosen plainte)tchosen plainte)t

    select plainte't and obtain cipherte'tselect plainte't and obtain cipherte't

    chosen cipherte)tchosen cipherte)t select cipherte't and obtain plainte'tselect cipherte't and obtain plainte't

    chosen te)tchosen te)t select plainte't or cipherte't to en/decryptselect plainte't or cipherte't to en/decrypt

  • 8/9/2019 901480_ch02

    11/66

    -ore 0e#initions-ore 0e#initions

    unconditional securityunconditional securityif the ciphertext generated by the scheme does not contain enoughif the ciphertext generated by the scheme does not contain enough

    information to determine uniquely the corresponding plaintextinformation to determine uniquely the corresponding plaintext no matter how much computer power or time isno matter how much computer power or time is

    available the cipher cannot be broken since theavailable the cipher cannot be broken since the

    cipherte't provides insufficient information to uni*uelycipherte't provides insufficient information to uni*uely

    determine the corresponding plainte'tdetermine the corresponding plainte't

    co$putational securityco$putational security given limited computing resources #eg time neededgiven limited computing resources #eg time needed

    for calculations is greater than age of universe% thefor calculations is greater than age of universe% the

    cipher cannot be brokencipher cannot be broken

  • 8/9/2019 901480_ch02

    12/66

    (rute(rute1orce Search1orce Search

    always possible to simply try every keyalways possible to simply try every key most basic attack proportional to key si2emost basic attack proportional to key si2e assume either know / recognise plainte'tassume either know / recognise plainte't

    Key Size (bits) Number of Alternative

    Keys

    Time required at 1

    decryption/s

    Time required at 106

    decryptions/s

    32 232 = 4.3 109 231s = 35.8 minutes 2.15 milliseconds

    56 256 = 7.2 1016 255s = 1142 years 10.01 hours

    128 2128 = 3.4 1038 2127s = 5.4 1024years 5.4 1018years

    168 2168 = 3.7 1050 2167s = 5.9 1036years 5.9 1030years

    26 characters

    (permutation)26! = 4 1026 2 1026s = 6.4 1012years 6.4 106years

  • 8/9/2019 901480_ch02

    13/66

    Classical Su,stitutionClassical Su,stitution

    CiphersCiphers wherewhere letters of plainte't are replaced byletters of plainte't are replaced byother letters or by numbers or symbolsother letters or by numbers or symbols

    or if plainte't isor if plainte't is viewed as a se*uence ofviewed as a se*uence ofbits then substitution involves replacingbits then substitution involves replacing

    plainte't bit patterns with cipherte't bitplainte't bit patterns with cipherte't bit

    patternspatterns

  • 8/9/2019 901480_ch02

    14/66

    Types o# CiphersTypes o# Ciphers

    33 Si$ple Su,stitutionSi$ple Su,stitution cipher orcipher or -onoalpha,etic-onoalpha,etic cipher is one in which eachcipher is one in which each

    character in the plain te't is replaced with a corresponding character of cipher-te't&character in the plain te't is replaced with a corresponding character of cipher-te't&

    33 o$ophonico$ophonic su,stitutionsu,stitution cipher is like a simple substitution crypto-systemcipher is like a simple substitution crypto-system

    e'cept that a single character of plainte't can map to one of several characters ofe'cept that a single character of plainte't can map to one of several characters of

    cipherte't& For E'ample 3 could correspond to 4 15 and 15&cipherte't& For E'ample 3 could correspond to 4 15 and 15&

    33 Polygra$ su,stitutionPolygra$ su,stitutioncipher is one which blocks of characters are encrypted incipher is one which blocks of characters are encrypted in

    groups& For E'ample 363 could correspond to 7$8&groups& For E'ample 363 could correspond to 7$8& $he layfair cipher is an e'ample of this type of cipher and was used by the 6ritish in World$he layfair cipher is an e'ample of this type of cipher and was used by the 6ritish in World

    War ne&War ne&

    33 Polyalpha,etic su,stitutionPolyalpha,etic su,stitution cipher is made up of multiple :onoalphabeticcipher is made up of multiple :onoalphabetic

    ciphers& $he particular cipher used changes with the position of each character in theciphers& $he particular cipher used changes with the position of each character in the

    plain te't& For E'ample ;igenere cipher&plain te't& For E'ample ;igenere cipher&

  • 8/9/2019 901480_ch02

    15/66

    Caesar CipherCaesar Cipher

    earliest known substitution cipherearliest known substitution cipher by

  • 8/9/2019 901480_ch02

    16/66

    Caesar CipherCaesar Cipher

    can define transformation as+can define transformation as+a b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z

    D E F G H I J K L M N O P Q R S T U V W X Y Z A B CD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

    mathematically give each letter a numbermathematically give each letter a numbera b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z

    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 250 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

    then have aesar cipher as+then have aesar cipher as+

    cc , E#, E#pp% , #% , #pp >> kk% mod #?@%% mod #?@%

    pp , .#c% , #c (, .#c% , #c ( kk% mod #?@%% mod #?@%

  • 8/9/2019 901480_ch02

    17/66

    Cryptanalysis o# CaesarCryptanalysis o# Caesar

    CipherCipher only have ?@ possible ciphersonly have ?@ possible ciphers3 maps to 36&&A3 maps to 36&&A

    could simply try each in turn acould simply try each in turn a ,rute #orce,rute #orcesearchsearch

    given cipherte't )ust try all shifts of lettersgiven cipherte't )ust try all shifts of letters

    do need to recogni2e when have plainte'tdo need to recogni2e when have plainte't eg& break cipherte't BCD3 ;8 .$C:Beg& break cipherte't BCD3 ;8 .$C:B

  • 8/9/2019 901480_ch02

    18/66

    (rute3#orce cryptanalysis is easily(rute3#orce cryptanalysis is easily

    per#or$ed withper#or$ed withCaesar Cipher "Caesar Cipher "

    $he encryption and decryption algorithms$he encryption and decryption algorithms

    are knownare known

    $here are only ?4 keys to try #?4 different$here are only ?4 keys to try #?4 differentk values%k values%

    $he language of plainte't is known and$he language of plainte't is known and

    easily recogni2ableeasily recogni2able

  • 8/9/2019 901480_ch02

    19/66

    -onoalpha,etic Cipher-onoalpha,etic Cipher

    rather than )ust shifting the alphabetrather than )ust shifting the alphabet could shuffle #)umble% the letters arbitrarilycould shuffle #)umble% the letters arbitrarily each plainte't letter maps to a different randomeach plainte't letter maps to a different random

    cipherte't lettercipherte't letter hence key is ?@ letters longhence key is ?@ letters long

    Plain: abcdefghijklmnopqrstuvwxyzPlain: abcdefghijklmnopqrstuvwxyz

    Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNCipher: DKVQFIBJWPESCXHTMYAUOLRGZN

    Plaintext: ifwewishtoreplacelettersPlaintext: ifwewishtoreplaceletters

    Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYACiphertext: WIRFRWAJUHYFTSDVFSFUUFYA

  • 8/9/2019 901480_ch02

    20/66

    -onoalpha,etic Cipher-onoalpha,etic Cipher

    SecuritySecurity now have a total of ?@ , 5 ' 1!?@ keysnow have a total of ?@ , 5 ' 1!?@ keys with so many keys might think is securewith so many keys might think is secure

    but would bebut would be 4445RON!4444445RON!444 problem is language characteristicsproblem is language characteristics

  • 8/9/2019 901480_ch02

    21/66

    anguage Redundancy andanguage Redundancy and

    CryptanalysisCryptanalysis human languages arehuman languages are redundantredundant

    eg Bth lrd s m shphrd shll nt wntBeg Bth lrd s m shphrd shll nt wntB

    letters are not e*ually commonly usedletters are not e*ually commonly used

    in English E is by far the most common letterin English E is by far the most common letter followed by $7G3Sfollowed by $7G3S

    other letters like A

  • 8/9/2019 901480_ch02

    22/66

    English etter 1requenciesEnglish etter 1requencies

  • 8/9/2019 901480_ch02

    23/66

    6se in Cryptanalysis6se in Cryptanalysis

    key concept - monoalphabetic substitutionkey concept - monoalphabetic substitutionciphers do not change relative letter fre*uenciesciphers do not change relative letter fre*uencies

    discovered by 3rabian scientists in 9discovered by 3rabian scientists in 9ththcenturycentury

    calculate letter fre*uencies for cipherte'tcalculate letter fre*uencies for cipherte't compare counts/plots against known valuescompare counts/plots against known values

    if caesar cipher look for common peaks/troughsif caesar cipher look for common peaks/troughs peaks at+ 3-E-G triple pair 7S$ triplepeaks at+ 3-E-G triple pair 7S$ triple

    troughs at+

  • 8/9/2019 901480_ch02

    24/66

    E)a$ple CryptanalysisE)a$ple Cryptanalysis

    given cipherte't+given cipherte't+UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZUZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

    VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

    EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

    count relative letter fre*uencies #see te't%count relative letter fre*uencies #see te't% guess 0 A are e and tguess 0 A are e and t guess AW is th and hence AW is theguess AW is th and hence AW is the

    proceeding with trial and error finally get+proceeding with trial and error finally get+it was disclosd !st"da! t#at s$"al i%&o"'al ()tit was disclosd !st"da! t#at s$"al i%&o"'al ()t

    di"ct co%tacts #a$ (% 'ad wit# *oliticaldi"ct co%tacts #a$ (% 'ad wit# *olitical

    "*"s%tati$s o& t# $it co%+ i% 'oscow"*"s%tati$s o& t# $it co%+ i% 'oscow

  • 8/9/2019 901480_ch02

    25/66

    Play#air CipherPlay#air Cipher

    not even the large number of keys in anot even the large number of keys in a

    monoalphabetic cipher provides securitymonoalphabetic cipher provides security

    one approach to improving security was toone approach to improving security was toencrypt multiple lettersencrypt multiple letters

    thethePlay#air CipherPlay#air Cipheris an e'ampleis an e'ample

    invented by harles Wheatstone in 1J45invented by harles Wheatstone in 1J45but named after his friend 6aron layfairbut named after his friend 6aron layfair

  • 8/9/2019 901480_ch02

    26/66

    Play#air 7ey -atri)Play#air 7ey -atri)

    a 4I4 matri' of letters based on a keyworda 4I4 matri' of letters based on a keyword

    fill in letters of keyword #sans duplicates%fill in letters of keyword #sans duplicates%

    fill rest of matri' with other lettersfill rest of matri' with other letters eg& using the keyword :37KLeg& using the keyword :37KL

    :: 33 77

    KK LL 66 ..

    EE FF CC G/

  • 8/9/2019 901480_ch02

    27/66

    Encrypting and 0ecryptingEncrypting and 0ecrypting

    plainte't is encrypted two letters at a timeplainte't is encrypted two letters at a time1&1& if a pair is a repeated letter insert filler like NI"if a pair is a repeated letter insert filler like NI"

    ?&?& if both letters fall in the same row replaceif both letters fall in the same row replace

    each with letter to righteach with letter to right #wrapping back to start#wrapping back to startfrom end%from end%

    =&=& if both letters fall in the same column replaceif both letters fall in the same column replaceeach with the letter below it #again wrapping toeach with the letter below it #again wrapping to

    top from bottom%top from bottom%5&5& otherwise each letter is replaced by the letterotherwise each letter is replaced by the letter

    in the same row and in the column of the otherin the same row and in the column of the otherletter of the pairletter of the pair

  • 8/9/2019 901480_ch02

    28/66

    Playfair Example

    6se the #ollowing ta,le"

    & ' ( ) *

    + S % , -

    . /01 2 3 4

    5 P 6 T 7

    8 9 : ; ? would yield 1 not 11& 3nd plus @ would yield =e'ample 9 > ? would yield 1 not 11& 3nd plus @ would yield =not 1=& KereNs how the spyNs working sheet would look&not 1=& KereNs how the spyNs working sheet would look&

    lainte't 1=19 1=?4 19!4 !=1J !4?!lainte't 1=19 1=?4 19!4 !=1J !4?!

    Hey ----- !4?@ 1J!? !J1@ 191!Hey ----- !4?@ 1J!? !J1@ 191!

    ipherte't 1=19 1J51 ?! !1?5 15=!ipherte't 1=19 1J51 ?! !1?5 15=!

    Encrypted messageEncrypted message 1319 1841 277 124 1431319 1841 277 124 143

  • 8/9/2019 901480_ch02

    56/66

    One3Ti$e Pad *OTP+One3Ti$e Pad *OTP+

    Step =+ .ecrypting the message&&&Step =+ .ecrypting the message&&& We subtract the key from the cipherte't usingWe subtract the key from the cipherte't using

    Fibonicci subtraction &Fibonicci subtraction &

    We allow no negative numbers&We allow no negative numbers&

    For e'ample ? - 9 would yield = #because we addFor e'ample ? - 9 would yield = #because we add1! so that weNre able to subtract 9 from 1?%&1! so that weNre able to subtract 9 from 1?%&

    R ipherte't 1=19 1J51 ?! !1?5 15=!R ipherte't 1=19 1J51 ?! !1?5 15=!

    Hey 1=19 !4?@ 1J!? !J1@ 191!Hey 1=19 !4?@ 1J!? !J1@ 191!

    lainte't ---- 1=?4 19!4 !=1J !4?!lainte't ---- 1=?4 19!4 !=1J !4?!

  • 8/9/2019 901480_ch02

    57/66

    Transposition CiphersTransposition Ciphers

    now consider classicalnow consider classical transpositiontranspositionoror

    per$utationper$utationciphersciphers

    these hide the message by rearrangingthese hide the message by rearranging

    the letter orderthe letter order

    without altering the actual letters usedwithout altering the actual letters used

    can recognise these since have the samecan recognise these since have the samefre*uency distribution as the original te'tfre*uency distribution as the original te't

  • 8/9/2019 901480_ch02

    58/66

    Rail 1ence cipherRail 1ence cipher

    write message letters out diagonally over awrite message letters out diagonally over anumber of rowsnumber of rows

    then read off cipher row by rowthen read off cipher row by row

    eg& write message out as+eg& write message out as+' ' a t " # t + * " !' ' a t " # t + * " !

    t & t o a a t t & t o a a t

    giving cipherte'tgiving cipherte't

    MEMAT,HTGP,YETEFETEOAATMEMAT,HTGP,YETEFETEOAAT

  • 8/9/2019 901480_ch02

    59/66

    Colu$nar Transposition CiphersColu$nar Transposition Ciphers

    a more comple' transpositiona more comple' transpositioncolu$nar transposition"colu$nar transposition" i- eaan.e/en 0 1haa1e- 0 +lain e!i- eaan.e/en 0 1haa1e- 0 +lain e!

    in 12l/n-3in 12l/n-3

    Write plainte't in a rectangle row by row&Write plainte't in a rectangle row by row& ermute the order of the columnsermute the order of the columns 7ead the message off column by column7ead the message off column by column Key: 4 3 1 2 5 6 7Key: 4 3 1 2 5 6 7

    Plaintext: a t t a c k pPlaintext: a t t a c k p

    o s t p o n eo s t p o n e

    d u n t i l td u n t i l t

    w o a m x y zw o a m x y z

    Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

  • 8/9/2019 901480_ch02

    60/66

  • 8/9/2019 901480_ch02

    61/66

    Rotor -achinesRotor -achines

    before modern ciphers rotor machines werebefore modern ciphers rotor machines weremost common comple' ciphers in usemost common comple' ciphers in use

    widely used in WW?#World War GG%widely used in WW?#World War GG%

    Cerman Enigma 3llied Kagelin

  • 8/9/2019 901480_ch02

    62/66

    agelin Rotor -achineagelin Rotor -achine

    C 0 i * %i00 iC 0 i * %i00 i

  • 8/9/2019 901480_ch02

    63/66

    Cn02-in an* %i002-inCn02-in an* %i002-in 3 substitution is said to add confusion to the3 substitution is said to add confusion to the

    encryption process whereas a transposition isencryption process whereas a transposition is

    said to add diffusion&said to add diffusion& onfusion is intended to make the relationshiponfusion is intended to make the relationship

    between the key and cipherte't as comple' asbetween the key and cipherte't as comple' aspossible& .iffusion refers to rearranging orpossible& .iffusion refers to rearranging or

    spreading out the characters in the messagespreading out the characters in the message :ost modern block cipher systems apply a:ost modern block cipher systems apply a

    number of rounds in succession to encryptnumber of rounds in succession to encryptplainte't&plainte't&

    3 round then can be said to add both confusion3 round then can be said to add both confusionand diffusion to the encryptionand diffusion to the encryption

  • 8/9/2019 901480_ch02

    64/66

    SteganographySteganography

    an alternative to encryptionan alternative to encryption hides e'istence of messagehides e'istence of message

    using only a subset of letters/words in ausing only a subset of letters/words in a

    longer message marked in some waylonger message marked in some way using invisible inkusing invisible ink hiding in MS6 in graphic image or sound filehiding in MS6 in graphic image or sound file

    has drawbackshas drawbacks high overhead to hide relatively few info bitshigh overhead to hide relatively few info bits

  • 8/9/2019 901480_ch02

    65/66

    Popular sites #or Popular sites #or Steganography

    in#or$ation

    http"KK

    www

  • 8/9/2019 901480_ch02

    66/66

    Su$$arySu$$ary

    have considered+have considered+ classical cipher techni*ues and terminologyclassical cipher techni*ues and terminology

    monoalphabetic substitution ciphersmonoalphabetic substitution ciphers

    cryptanalysis using letter fre*uenciescryptanalysis using letter fre*uencies

    layfair cipherlayfair cipher

    polyalphabetic cipherspolyalphabetic ciphers

    transposition cipherstransposition ciphers

    product ciphers and rotor machinesproduct ciphers and rotor machines

    stenographystenography