Applied Cryptography Week 4 Cryptography and.NET 1 Applied Cryptography Week 4 Mike McCarthy.
Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden)...
-
Upload
julius-matthews -
Category
Documents
-
view
219 -
download
2
Transcript of Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden)...
![Page 1: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/1.jpg)
Security in ComputingSecurity in Computing
Cryptography (Introduction)
Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing
![Page 2: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/2.jpg)
I.I. Terms and ConceptsTerms and ConceptsA. Encryption: transform a message
so its meaning in not obvious
B. Decryption: remove the transformation
C. Plaintext: unencrypted version of a message (i.e. original message)
D. Ciphertext: encrypted versions of a message
E. Cipher: Encryption algorithm
![Page 3: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/3.jpg)
I.I. Terms and ConceptsTerms and ConceptsD. Key: object (string) that
personalises an encryption algorithm (in the same way that a key personalises a physical lock)
E. Types of encryption
1. Symmetric: same key performs both encryption and decryption
2. Asymmetric: distinct keys, very different keys, one for encryption only and the other for decrypting only
![Page 4: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/4.jpg)
I.I. Terms and ConceptsTerms and Concepts
F. Processes
1. Cryptography: performing encryption and decryption
2. Cryptology: designing encryption algorithms
3. Cryptanalysis: analyzing algorithms and encrypted text with the objective of breaking the encryption
![Page 5: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/5.jpg)
I.I. Terms and ConceptsTerms and Concepts
G. Breaking encryption
1. Determining the content of an encrypted message without the use of the key
2. Almost any encryption can be broken in theory; in practice the amount of work (time) to do so may be prohibitive
3. “Work factor” is the estimate of amount of time sufficient to break an encryption; work factor may depend on speed of computers
![Page 6: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/6.jpg)
I.I. Terms and ConceptsTerms and Concepts4. The attacker can use any tools,
techniques and approaches ...
‘All is fair in love, war and cryptanalysis’!
![Page 7: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/7.jpg)
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
A. According to Shannon(1949) characteristics of good ciphers:
1. Desired amount of secrecy should determine the amount of labour for encryption and decryption
a) Low sensitivity items should not be protected under a cipher that is very difficult to implement
b) For high sensitivity items, it is worth paying a price in difficulty to encrypt
![Page 8: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/8.jpg)
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
2. Keys and algorithms should not be complex
a) Applying a complex algorithm or allowing only particular keys is error-prone
b) A complex algorithm may be avoided in the field
3. The implementation of the process should be as simple as possible
a) Hand implementation or complex computer programs are error-prone
4. Error in ciphering should not propagate and corrupt further cipher text – e.g. acknowledges the possibility of error
![Page 9: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/9.jpg)
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
5. Size of ciphertext should be no be larger than the size of the plaintext
a) a larger ciphertext size cannot carry more information (because that depends on the plaintext)
b) Longer ciphertext required more space and time to decrypt
![Page 10: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/10.jpg)
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
B. Properties of trustworthy encryption
1. Based on sound mathematicsa) Has a strong theoretical underpinning
to justify its strength
2. Analysed by competent expertsa) Has been scrutinized objectively
3. Has stood the test of timea) Has been used without problem and
continues to undergo expert review
![Page 11: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/11.jpg)
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
C. More terms and concepts1. Key distribution: problem of
establishing shared secret keys between sender and receiver
2. Key management: problem of storing and changing keys over time
3. Stream Vs block ciphersa) Stream cipher: plaintext converted
immediately to ciphertextb) Block cipher: plaintext queued up until a
full block is ready, then encrypted as a block
![Page 12: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/12.jpg)
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
4. Confusion and diffusiona) Confusion: complex relationship between
a plaintext unit and its ciphertextb) Diffusion: effect of changing a plaintext
character to ciphertext is spread widely through the ciphertext
4. Types of Cryptanalysis 1. Ciphertext only: common case,
ciphertext intercepted without contextNote: The algorithm used may be known but not the key
![Page 13: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/13.jpg)
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
2. Known plaintext: some plaintext and corresponding (matched) ciphertext
a) the goal is to figure out how the plaintext was transformed to that ciphertext
b) use the same approach to break the ciphertext for which the plaintext is not available
3. Chosen plaintext: a) ability to force the system to encrypt
anything (“chosen plaintext”) and see the effect
b) deduce what algorithm (or key was used)c) to break other ciphertext
![Page 14: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/14.jpg)
A. Building Blocks1. Substitution – change one symbol
(or unit) into anothera) Achieves confusion: obscures the
meaning of a symbol
2. Transposition (or permutation): move symbols (or units) around in ciphertext
a) Achieves diffusion: spreads effects of encryption throughout ciphertext
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
![Page 15: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/15.jpg)
B. Caesar Cipher (a form of substitution)1. Shifts all letters of alphabet n positions
forward. original cipher used n = 32. Easily implemented, can be done easily
in the head, required no paper or other physical resources
3. Also easy to break
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
![Page 16: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/16.jpg)
For each plaintext letter p, substitute the ciphertext letter C:
C = E(3, p) = (p + 3) mod 26
P = D(k, C) = (C – 3) mod 26
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
![Page 17: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/17.jpg)
C. One-Time Pad (next week)D. Multiple Substitutions (next
week)E. Columnar Transposition (next
week)F. Other (next week)
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
![Page 18: Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.](https://reader035.fdocuments.us/reader035/viewer/2022062717/56649e225503460f94b0ec52/html5/thumbnails/18.jpg)
A. Brute Force1. Try all the possible keys
a) E.g.: Cesar Cipher – there are only 25 possible keys to try - try all 25 possible keys and the plaintext leaps out
2. Cryptanalysisa) the art of breaking ciphers based on
nature of algorithm or plaintextb) Based on letter frequency distributions
of written language, e.g.: English
IV.IV. Types of AttacksTypes of Attacks