Information Security Lecture 3 1 Lecture 3 Title : Classical Encryption Lecture Outlines: 3.1 Symmetric Cipher Model 3.2 Cryptosystems and Cryptanalysis 3.3 Substitution Techniques 3.4 Transposition Techniques Objectives: After studying this lecture, you will be able to discuss ✓ Understand basic principle of symmetric cipher ✓ Encrypt and decrypt messages using simple substitution methods ✓ Understand the weakness of encryption methods ✓ Devise ways to strengthen the methods ✓ Devise cryptanalytic attacks on the methods ✓ Use transposition for encryption ✓ Understand the operation of rotor machines which is multiple encryption ✓ Appreciate the strength and simplicity of steganography for hiding messages
12
Embed
3 Title : Classical Encryption 3.2 Cryptosystems and ... · In this section we examine some classical encryption techniques, based on substitution. A substitution technique is one
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Information Security Lecture 3
1
Lecture 3 Title : Classical Encryption
Lecture Outlines:
3.1 Symmetric Cipher Model
3.2 Cryptosystems and Cryptanalysis
3.3 Substitution Techniques
3.4 Transposition Techniques
Objectives:
After studying this lecture, you will be able to discuss
✓ Understand basic principle of symmetric cipher
✓ Encrypt and decrypt messages using simple substitution methods
✓ Understand the weakness of encryption methods
✓ Devise ways to strengthen the methods
✓ Devise cryptanalytic attacks on the methods
✓ Use transposition for encryption
✓ Understand the operation of rotor machines which is multiple
encryption
✓ Appreciate the strength and simplicity of steganography for hiding
messages
Information Security Lecture 3
2
3.1 Symmetric Cipher Model
A symmetric encryption scheme has five items (Figure 3.1). They are:
1. Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
3. Secret key: The secret key is also input to the encryption algorithm. The key is
a value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the specific key being used at the time.
The exact substitutions and transformations performed by the algorithm depend
on the key.
4. Cipher text: This is the scrambled message produced as output. It depends on
the plaintext and the secret key. For a given message, two different keys will
produce two different cipher texts. The cipher text is random stream of data
and, as it stands, is unintelligible.
5. Decryption algorithm: This is essentially the encryption algorithm run in
reverse. It takes the cipher text and the secret key and produces the original
plaintext.
Figure 3.1: Simplified Model of Conventional Encryption
Information Security Lecture 3
3
There are two requirements for secure use of conventional (classical)encryption:
1. We need a strong encryption algorithm. At a minimum, we would like the
algorithm to be such that an opponent who knows the algorithm and has access
to one or more cipher texts would be unable to decipher the cipher text or figure
out the key. The opponent should be unable to decrypt cipher text or discover the
key even if he or she has a number of cipher texts together with the plaintext that
produced each cipher text.
2. Sender and receiver must have obtained copies of the secret key in a secure
manner and must keep the key secure. If someone can discover the key and
knows the algorithm, all communication using this key is readable.
It is impractical keep the algorithm secret; we need to keep only the key secret. This
feature of symmetric encryption is what makes it feasible for widespread use. With
the use of symmetric encryption, the principal security problem is maintaining the
secrecy of the key. For this reason, key is sent to the receiver through a separate
secure channel. Alternatively, a trusted third party can generate the key and send
this to both source and destination.
Let us take a closer look at the essential elements of a symmetric encryption scheme,
using Figure 3.2. A source produces a message in plaintext,
X = [X1, X2, ... XM ]. The M elements of X are letters in some finite alphabet.
Traditionally, the alphabet usually consisted of the 26 capital letters. Nowadays, the
binary alphabet {0, 1} is typically used. For encryption, a key of the form K = [K1,
K2, ... KJ] is generated. If the key is generated at the message source, then it must
also be provided to the destination by means of some secure channel. Alternatively,
a third party could generate the key and securely deliver it to both source and
destination.
With the message X and the encryption key K as input, the encryption algorithm
forms the cipher text Y= [Y1, Y2, ..., YN]. We write this as Y= E(K, X).
This notation indicates that Y is produced by using encryption algorithm E as a
function of the plaintext X, with the specific function determined by the value of the
key K. The intended receiver, in possession of the key, is able to invert the
transformation using decryption algorithm and the secret key.
Information Security Lecture 3
4
We write this as X= D (K, Y). An opponent, observing Y but not having access to
K or X, may attempt to recover X or K or both X and K. It is assumed that the
opponent knows the encryption (E) and decryption (D)
algorithms.
Figure 3.2: Model of Conventional (Classical) Cryptosystem
3.2 Cryptosystems and Cryptanalysis
3.2.1 Cryptosystems
Cryptosystems (Cryptographic systems) are characterized along three independent
dimensions:
1. The type of operations used for transforming plaintext to cipher text: All
encryption algorithms are based on two general principles: substitution, in which each
element in the plaintext (bit, letter, group of bits or letters) is mapped into another
element, and transposition, in which elements in the plaintext are rearranged. The
fundamental requirement is that no information be lost (that is, that all operations are
reversible). Most systems, referred to as product systems, involve multiple stages of
substitutions and transpositions.
2. The number of keys used: If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the
Information Security Lecture 3
5
sender and receiver use different keys, the system is referred to as asymmetric, two-
key, or public-key encryption.
3. The way in which the plaintext is processed: A block cipher processes the input one
block of elements at a time, producing an output block for each input block. A stream
cipher processes the input elements continuously, producing output one element at a
time, as it goes along.
3.2.2 Cryptanalysis
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some
knowledge of the general characteristics of the plaintext or even some sample plain
text-cipher text pairs. This type of attack exploits the characteristics of the algorithm
to attempt to deduce a specific plaintext or to deduce the key being used.
Table 3.1 summarizes several various types of cryptanalytic attacks, based on the
amount of information known to the cryptanalyst:
Table 3.1: Types of attacks on encrypted messages
Type of Attack Known to Cryptanalyst
Cipher text Only • Encryption algorithm
• Cipher text
Known Plaintext
• Encryption algorithm
• Cipher text
• One or more plaintext–cipher text pairs formed with the secret key (Or the analyst may know that certain plaintext patterns will appear in a
message)
•
Chosen Plaintext
• Encryption algorithm
• Cipher text
• Plain text message chosen by cryptanalyst, together with its
corresponding cipher text generated with the secret key (The cryptanalyst can encrypt a large number of suitably chosen
plaintexts and try to use the resulting cipher texts to deduce the
key).
Information Security Lecture 3
6
Chosen Cipher text
• Encryption algorithm
• Cipher text
• Cipher text chosen by cryptanalyst, together with its
corresponding decrypted plaintext generated with the secret
key (The cryptanalyst can decrypt several string of symbols,
and tries to use the results to deduce the key)
Chosen Text
• Encryption algorithm
• Cipher text
• Plaintext message chosen by cryptanalyst, together with its
corresponding Cipher text generated with the secret key
• Cipher text chosen by cryptanalyst, together with its
corresponding decrypted plaintext generated with the secret
key
There are two other important definitions: An encryption scheme is
unconditionally secure if the cipher text generated by the scheme does not
contain enough information to determine uniquely the corresponding plaintext, no
matter how much cipher text is available. That is, no matter how much time an
opponent has, it is impossible for him or her to decrypt the cipher text, simply
because the required information is not there. With the exception of a scheme known
as the one-time pad (described later), there is no encryption algorithm that is
unconditionally secure.
Therefore, all that the users of an encryption algorithm can seek for is an algorithm
that meets one or both of the following criteria:
• The cost of breaking the cipher exceeds the value of the encrypted
information.
• The time required to break the cipher exceeds the useful lifetime of the
information.
An encryption scheme is said to be computationally secure if either of the
foregoing two criteria are met. All forms of cryptanalysis for symmetric encryption
schemes are designed to exploit the fact that traces of structure or pattern in the
plaintext may survive encryption and be distinguishable in the cipher text. This will
become clear as we examine various symmetric encryption schemes. We will see
that cryptanalysis for public-key schemes proceeds from a fundamentally different
Information Security Lecture 3
7
premise, namely, that the mathematical properties of the pair of keys may make it
possible for one of the two keys to be deduced from the other.
Brute-force attack
The attacker tries every possible key on a piece of cipher text until an
intelligible translation into plaintext is obtained. On average, half of all possible
keys must be tried to achieve success. Table 3.2 shows how much time is involved
for various key spaces. Results are shown for four binary key sizes. The 56-bit key
size is currently in use with the DES (Data Encryption Standard) algorithm, and the
168-bit key size is used for triple DES. The minimum key size specified for AES
(Advanced Encryption Standard) is 128 bits. Results are also shown for what are
called substitution codes that use a 26-character key (discussed later), in which all
possible permutations of the 26 characters serve as keys. For each key size, the
results are shown assuming that it takes 1 micro second to perform a single
decryption, which is a reasonable order of magnitude for today's machines. With the
use of massively parallel organizations of microprocessors, it may be possible to
achieve processing rates that are many orders of magnitude greater. The final
column of Table 3.2 considers the results for a system that can process 1 million
keys per microsecond. As you can see, at this performance level, DES can no longer
be considered computationally secure.
Table 3.2: Average time for brute force attack
Key Size (bits) Number of
Alternative
Keys
Time Required at the rate
of 1 Decryption/μs
Time
Required at
106
Decryptions/μs 32 2
32 = 4.3 x 10
9 2
31ms = 35.8 minutes
2.15 milliseconds
56 256
= 7.2 x 1016
255
ms = 1142 years 10.01 hours
128 2128
= 3.4 x 1038
2127
ms = 5.4 x 1024
years 5.4 x 1018
years
168 2168
= 3.7 x 1050
2167
ms = 5.9 x 1036
years 5.9 x 1030
years
26 characters
(permutation) 26! = 4 x 10
26 2 * 10
26ms = 6.4 x 10
12 years 6.4 x 106
years
Information Security Lecture 3
8
3.4 Substitution Techniques
In this section we examine some classical encryption techniques, based on
substitution. A substitution technique is one where letters of plain text are replaced
by other letters / numbers / symbols. If plain text is a bit pattern, then cipher is
another bit pattern of same length. However, substitutions ciphers are four basic
types :
• Monoalphapetic Substitution.
• Homophonic Substitution.
• Polyalphabetic Substitution.
• Polygram Substitution.
3.3.1 Monoalphapetic Substitution Ciphers
In simple substitution (monoalphabetic) ciphers, each character of the
plaintext is replaced with a corresponding character of ciphertext. A single one-to-
one mapping function (ƒ) from plaintext to ciphertext character is used to encrypt
the entire message using the same key (k); such that :
Ek(M)=f(m1)f(m2)….. f(mN)=C
Where N: is the length of the message.
M: is plaintext message given by M= (m1,m2 ...... mN).
C: is ciphertext message given by C= (c1, c2, ……….cN)
Several forms of f can be used in simple substitution, such as:
• Caesar cipher (Shifted alphabet)
f(mi) = (mi + k) mod n
Where k is the number of positions to be shifted, mi is a single character of the
alphabet, and n is the size of the alphabet.
If k = 3 then we can encrypt the following message as:
M = C O M P U T E R
C=Ek(M)= F R P S X W H U
• Affine :
f(mi)= (mi * k1+k0) mod n where k1 and n are relatively prime in order to
produce a complete set of residues.
Information Security Lecture 3
9
Relatively prime means that the greater common divisor (gcd) between k and n
equal to one (i.e. gcd(k,n)=1).
Simple substitution ciphers does not hide the underlying frequencies of the
different letters of the plaintext, and hence it can be easily broken.
3.3.2 Polyalphabetic Substitution Ciphers
A Polyalphabetic cipher means a sequence of monoalphabetic ciphers, which
are often referred to as its substitution alphabets or just alphabet. In another
meaning; it is made of multiple simple substitutions. The sequence of the
substituting alphabet may have fixed length (d) and is denoted as its period. Given
a period d, cipher alphabet (C1, ..., C2, and fi: A Ci be a mapping from a
plaintext A to its ciphertext C, and M =m1,…,md,md+1,…,m2d,... is enciphered by
repeating the sequence of mapping f1,…,fd every d characters.
Ek(M)=f1(m1),…,fd(md) , f1(md+1),….,fd(m2d)
For d=1 ,the cipher is monoalphabetic.
Several forms of f can be used in polyaphabetic substitution, such as Vigenere
and Beaufort ciphers.
• Vigenere cipher
It is a popular form of periodic substitution ciphers. The key is specified by a
sequence of letters, K= k1,k2,…,kd , then Vigenere cipher system is defined as:
fi (mi) = (mi +kj) mod n for j=1,2, ...., d
Example:
M= GOOD MORNING and Key=AB . '
M: G O O D M O R N I N G
K: A B A B A B A B A B A
C: H Q P F N Q S P J P H
The strength of the Vigenere that cipher letters of same plain text letter is usually
different. Letter frequency information is hidden. However not all knowledge of
plain text is lost. Suppose the attacker knows its Mono alphabetic or Vigenere
cipher. If Mono alphabetic cipher is used statistical properties of characters in
Information Security Lecture 3
10
Letter Homophones
D 17 19 34 4 56 60 67 83
G 08 22 53 65 88 90
O 03 44 76
cipher will break the code. If the opponent discovers it is not a Mono alphabetic,
he knows its Vigenere. If identical patterns in cipher text are discovered, then
length of the keyword is distance between the patterns or a factor of this.
3.3.3 Homophonic Substitution Cipher
Homophonic substitution ciphers maps each character (a) of the plaintext
alphabet into a set of ciphertext elements f(a) called homophone. Beale and
High-order are examples of homophonic ciphers.
• Beale Cipher: A plaintext message M=m1 m2... .... is encrypted as C = c1 c1 ... ...... where
ci is picked at random from the set of homophones f(mi).
Example: M=G O O D
C = 08 03 44 17
Homophonic substitution ciphers are more complicated than simple substitution
ciphers, but still do not obscure all of the statistical properties of the plaintext
language.
3.3.4 Polygram Substitution Cipher
Polygram cipher systems are ciphers in which group of letters are
encrypted together, and includes enciphering large blocks of letters. Therefore,
permits arbitrary substitution for groups of characters. For example the plaintext
group "ABC" could be encrypted to "RTQ", "ABB" could be encrypted to "SLL",
and so on. Examples of such ciphers are Playfair and Hill ciphers.
• PlayFair Cipher:
Playfair cipher is a diagram substitution cipher, the key is given by a 5*5
matrix of 25 letters ( j was not used ), as described in figure 3.3. Each pair of
plaintext letters are encrypted according to the following rules:
1. If m1 and m2 are in the same row, then c1 and c2 are to the right of m1 and m2,
Information Security Lecture 3
11
respectively. The first column is considered to the right of the last column.
2. If m1 and m2 are in the same column, then c1 and c2 are below m1 and m2
respectively. The first row is considered to be below the last row.
3. If m1 and m2 are in different rows and columns, then c1 and c2 are the other two
corners of the rectangle.
4. If m1=m2 a null letter is inserted into the plaintext between m1 and m2 to eliminate
the double.
5. If the plaintext has an odd number of characters, a null letter is appended to the end
of the plaintext.
H
A
R
P
S I C O D B
E M
F N
G Q
K T
L U
V W X Y Z
Figure 3.3 Key for Playfair cipher
Example:
M = CO MP UT ER
Ek(M) = OD TH MU GH
3.5 Transposition Techniques
This kind of mapping is achieved by performing some sort of permutation on
the plaintext letters. This technique is referred to as a transposition cipher. Rail
fence and Row Transposition ciphers are example of such cipher.
3.4.1 Rail fence
is simplest of such cipher, in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of rows.
Example: Plaintext = meet at the school house
To encipher this message with a rail fence of depth 2, we write the message as
follows:
M E A T E C O L O S
E T T H S H O H U E
Information Security Lecture 3
12
The encrypted message (cipher text) is MEATECOLOSETTHSHOHUE
3.4.2 Row Transposition Cipher
A more complex scheme is to write the message in a rectangle, row by row,
and read the message off, column by column, but permute the order of the columns.
The order of columns then becomes the key of the algorithm.
Example: Plaintext = meet at the school house
Key = 4 3 1 2 5 6 7
PT = M E E T A T T
H E S C H O O
L H O U S E
CT = ESOTCUEEHMHLAHSTOETO
A pure transposition cipher is easily recognized because it has the same letter
frequencies as the original plaintext. The transposition cipher can be made
significantly more secure by performing more than one stage of transposition. The
result is more complex permutation that is not easily reconstructed.