Cryptography and Network Security 1 Roadmap of Cryptography classical cryptography (--- 1920s) m secret writing required only pen and paper m Mostly:

Cryptography and Network Security 1

Roadmap of Cryptography

classical cryptography (--- 1920s) secret writing required only pen and paper Mostly: transposition, substitution ciphers Easily broken by statistics analysis (e.g., frequency)

mechanical devices invented for encryption Rotor machines (e.g. Enigma cipher) 1930s-1950s featured in films, such as in the James Bond adventure From

Russia with Love specification of DES and the invention of RSA

(1970s) --- modern ciphers Public key system, most notably AES replaces DES Hash functions being sort of broken

Quantum Cryptography (future?)


Roadmap of Cryptography (cont)

Quantum cryptography currently has two aspects. quantum key exchange (also known as quantum key distribution), a method

for secure communications based on quantum mechanics conjectured effect of quantum computing on cryptanalysis, although it is

currently, like quantum computing itself, only a theoretical concept. Basic idea of quantum key exchange is to use the

"noisy" properties of light to render incoherent an image that acts to complement a secret key. This image can be represented in a number of ways, but the ability to decode

that image rests upon an understanding of how it was made. No way to intercept the transmission without changing it is possible, so key information can be exchanged with great confidence it has been transmitted secretly.

quantum computing will considerably extend the reach of cryptanalysis, making brute force key space searches much more effective -- if such computers ever become possible in actual practice


Cryptography and Network Security

History and classical cryptography


History

Ancient ciphers Have a history of at least 4000 years Ancient Egyptians enciphered some of their

hieroglyphic writing on monuments Ancient Hebrews enciphered certain words in the

scriptures 2000 years ago Julius Caesar used a simple substitution

cipher, now known as the Caesar cipher Roger bacon described several methods in 1200s


History

Ancient ciphers Geoffrey Chaucer included several ciphers in his works Leon Alberti devised a cipher wheel, and described the

principles of frequency analysis in the 1460s Blaise de Vigenère published a book on cryptology in

1585, & described the polyalphabetic substitution cipher

Increasing use, esp in diplomacy & war over centuries


Classical Cryptographic Techniques

Two basic components of classical ciphers: Substitution: letters are replaced by other letters Transposition: letters are arranged in a different order

These ciphers may be: Monoalphabetic: only one substitution/ transposition is

used, or Polyalphabetic:where several substitutions/

transpositions are used

Product cipher: several ciphers concatenated together


Encryption and Decryption

Plaintextciphertext

Encipher C = E(K)(P) Decipher P = D(K)(C)

Key source


Key Management

Using secret channel Encrypt the key Third trusted party The sender and the receiver generate

key The key must be same We will talk more about how we can generate keys for

two parties who are “unknown” of each other before, and want secure communication


Attacks

Recover the message Recover the secret key

Thus also the message

Thus the number of keys possible must be large!


Possible Attacks

Ciphertext only Algorithm, ciphertext

Known plaintext Algorithm, ciphertext, plaintext-ciphertext pair

Chosen plaintext Algorithm, ciphertext, chosen plaintext and its ciphertext

Chosen ciphertext Algorithm, ciphertext, chosen ciphertext and its plaintext

Chosen text Algorithm, ciphertext, chosen plaintext and ciphertext


Steganography

Conceal the existence of message Character marking Invisible ink Pin punctures Typewriter correction ribbon

Cryptography renders message unintelligible!


Contemporary Equiv.

Least significant bits of picture frames 2048x3072 pixels with 24-bits RGB info Able to hide 2.3M message

Drawbacks Large overhead Virtually useless if system is known

Improvement Using some “random” sequence of the last bit for storing the data Challenge: produce such random sequence such that the attacker

cannot figure out the sequence!


Caesar Cipher

Replace each letter of message by a letter a fixed distance away Reputedly used by Julius Caesar

Example: L FDPH L VDZ L FRQTXHUHG

I CAME I SAW I CONGUERED

The mapping is ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC


Mathematical Model

Description Assume all letters are mapped to integers [0,25] A:-0, B-1, ….., Z25

Encryption E(k) : i i + k mod 26

Decryption D(k) : i i - k mod 26


Cryptanalysis: Caesar Cipher

Key space: 26Exhaustive key search

Example GDUCUGQFRMPCNJYACJCRRCPQ

HEVDVHRGSNQDOKZBDKDSSDQR Plaintext:

JGXFXJTIUPSFQMBDFMFUUFSTKHYGYKUJVGRNCEGNGVVGTU

Ciphertext: LIZHZLVKWRUHSODFHOHWWHUVMJAIAMWXSVITPEGIPIXXIVW


Character Frequencies

In most languages letters are not equally common in English e is by far the most common letter

Have tables of single, double & triple letter frequencies

Use these tables to compare with letter frequencies in ciphertext, a monoalphabetic substitution does not change relative

letter frequencies do need a moderate amount of ciphertext (100+ letters)


Letter Frequency Analysis

Single Letter A,B,C,D,E,…..

Double Letter TH,HE,IN,ER,RE,ON,AN,EN,….

Triple Letter THE,AND,TIO,ATI,FOR,THA,TER,RES,…


Letter Frequencies


Letter Frequencies


N-gram Frequencies

Digraph Frequency th he an in er on re ed nd ha at en es of nt ea ti to io

le is ou ar as de rt ve

Trigraph Frequency the and tha ent ion tio for nde has nce tis oft men

For more, see http://www.letterfrequency.org


Modular Arithmetic Cipher

Use a more complex equation to calculate the ciphertext letter for each plaintext letter

E(a,b) : i ai + b mod 26 Need gcd(a,26) = 1 Otherwise, not reversible So, a2, 13, 26 Caesar cipher: a=1, b=3


Cryptanalysis

Key space:12*26 Brute force search

Use letter frequency counts to guess a couple of possible letter mappings frequency pattern not produced just by a shift

But it is still a substitution, thus we can use frequency analysis

use these mappings to solve 2 simultaneous equations to derive above parameters


Playfair Cipher

The Playfair cipher or Playfair square is a manual symmetric encryption technique and was the first literal digraph substitution cipher. The scheme was invented in 1854 by Charles

Wheatstone, but bears the name of Lord Playfair who promoted the use of the cipher.


Playfair Cipher

s i/j m p l

e a b c d

f g h k n

o q r t u

v w x y z

Key: simple

Used in WWI and WWII


Playfair Cipher

Use filler letter to separate repeated letters

Encrypt two letters together Same row– followed letters

ac--bd Same column– letters under

qw--wi Otherwise—square’s corner at same row

ar--bq


Analysis

Size of diagrams: 25! But the actual different diagrams are not 25! Two diagrams are the same if they derive the same

encryption and decryption method Then what is the number of difference diagrams in

playfair cipher? 25!/25=24!

Difficult using frequency analysis But it still reveals the frequency information

Frequency of 2-gram (bi-gram, two-letters)


Playfair Cryptanalysis

Like most pre-modern era ciphers, the Playfair cipher can be easily cracked if there is enough text. Obtaining the key is relatively straightforward if both

plaintext and ciphertext are known. When only the ciphertext is known, brute force

cryptanalysis of the cipher involves searching through the key space for matches between the frequency of occurrence of digrams (pairs of letters) and the known frequency of occurrence of digrams in the assumed language of the original message.


Playfair, cont

A different approach to tackling a Playfair cipher is the shotgun hill climbing method. This starts with a random square of letters. Then minor changes

are introduced (i.e. switching letters, rows, or reflecting the entire square) to see if the candidate plaintext is more like standard plaintext than before the change (perhaps by comparing the trigrams to a known frequency chart).

If the new square is deemed to be an improvement, then it is adopted and then further mutated to find an even better candidate.

Eventually, the plaintext or something very close is found to achieve a maximal score by whatever grading method is chosen.

Computers can adopt this algorithm to crack Playfair ciphers with a relatively small amount of text.


Hill Cipher

Hill cipher is a polygraphic substitution cipher based on linear algebra. Invented by Lester S. Hill in 1929, it was the first polygraphic

cipher in which it was practical (though barely) to operate on more than three symbols at once.

Each letter is treated as a digit in base 26: A = 0, B =1, and so on. A block of n letters is then considered as a vector of n dimensions, and multiplied by a n × n matrix, modulo 26. The components of the matrix are the key, and should be random provided that the matrix is invertible in (to ensure decryption is possible).

The Hill cipher has achieved Shannon's diffusion, and an n-dimensional Hill cipher can diffuse fully across n symbols at once.

http://en.wikipedia.org/wiki/Confusion_and_diffusion


Hill Cipher Machine

With fixed Key and patented Triple encryption was recommended for

security: a secret nonlinear step, followed by the wide diffusive

step from the machine, followed by a third secret nonlinear step.

Such a combination was actually very powerful for 1929, and indicates that Hill apparently understood the concepts of a meet-in-the-middle attack as well as confusion and diffusion.

Unfortunately, his machine did not sell.


Hill Cipher

Encryption Assign each letter an index C=KP mod 26 Matrix K is the key

Decryption P=K-1C mod 26 Thus, we can decrypt iff gcd(det(K), 26) =1.


How to Decrypt?

Compute K-1

Compute det(K) Check if gcd(det(K), 26) =1 If not, then K-1 do not exist Else K-1 is

1 1

1 1

1 1

1 1

1

1

1

1

2

1

K K

K K

K

n

n

n

n

n

n n

, ,

, ,

d et( )


cont

K

k k k k

k k k k

k k k k

k k k k

i j

j j n

i i j i j i n

i i i i

n n j n j n n

,

, , , ,

, , , ,

, , , ,

, , , ,

1 1 1 1 1 1 1

1 1 1 1 1 1 1

1 1 1 1 1 1 1 1

1 1 1


Hill Cipher Cryptanalysis

Difficult to use frequency analysis But vulnerable to known-plaintext

attack Give simple method to attack hill cipher under the

known-plaintext assumption? How to attack under the chosen plaintext assumption?

The security could be greatly enhanced by combining with some non-linear step to defeat this attack.


Key Sizes

How may good keys? One might naïvely think that the key size, in bits, is n2log226 or

about 4.7n2. In fact, it is slightly less than this because not all

randomly selected matrices are usable. A slightly less naïve view might guess that 1/2 + 1/26 of candidate

keys would be unusable, reducing the keyspace by about 54%. In fact, determinants are not uniformly distributed, and

the key space reduction is closer to 70%. Additionally it seems to be prudent to avoid too many zeroes in

the key matrix, since they reduce diffusion. The net effect is that the effective keyspace of a basic

Hill cipher is about 4.64n2. For a 5 × 5 Hill cipher, that is about 114 bits. Of course,

key search is not the most efficient known attack

http://en.wikipedia.org/wiki/Bit


Polyalphabetic Substitution

Use more than one substitution alphabet

Makes cryptanalysis harder since have more alphabets to guess and flattens frequency distribution

same plaintext letter gets replaced by several ciphertext letter, depending on which alphabet is used


Vigenère Cipher

Basically multiple Caesar ciphers key is multiple letters long

K = k1 k2 ... kd

ith letter specifies ith alphabet to use use each alphabet in turn, repeating from start after d

letters in message

Plaintext THISPROCESSCANALSOBEEXPRESSED

Keyword CIPHERCIPHERCIPHERCIPHERCIPHE Ciphertext VPXZTIQKTZWTCVPSWFDMTETIGAHLH


Enigma Machine

Enigma was a portable cipher machine used to encrypt and decrypt secret messages. a family of related electro-mechanical rotor machines

German military

Japan commercial


Enigma Machine

Enigma encryption for two consecutive letters —

current is passed into set of rotors, around the reflector, and back out through the rotors again.

Letter A encrypts differently with consecutive key presses, first to G, and then to C. This is because the right hand rotor has stepped, sending the signal on a completely different route.


Enigma

the actual encipherment of a letter is performed electrically. When a key is pressed, the circuit is completed; current flows

through the various components and ultimately lights one of many lamps, indicating the output letter.

Current flows from a battery through the switch controlled by the depressed key into a fixed entry wheel. This leads into the rotor assembly (or scrambler), where the complex internal wiring of each rotor results in the current passing from one rotor to the next along a convoluted path. After passing through all the rotors, current enters the reflector, which relays the signal back out again through the rotors and the entry wheel — this time via a different path — and, finally, to one of the lamps (the earliest Enigma models do not have the reflector).


Rotors

performs a very simple type of encryption a simple substitution cipher


World War II Era Encryption Devices A few here

Sigaba (United States) Typex (Britain) Lorenz cipher (Germany) Geheimfernschreiber (Germany)

For more, see http://w1tp.com/enigma/


One-time Pad

theoretically unbreakable (Claude Shannon) the plaintext is combined with a random "pad" the same length as the

plaintext. Patent by

Gilbert Vernam (AT&T) and Joseph Mauborgne Encryption

C=PK Decryption

P=CK Claude Shannon's work can be interpreted as

that any information-theoretically secure cipher will be effectively equivalent to the one-time pad algorithm. Hence one-time pads offer the best possible mathematical security of any encryption scheme, anywhere and anytime.


One-time pad--cont Drawbacks

it requires secure exchange of the one-time pad material, which must be as long as the message

pad disposed of correctly and never reused In practice

Generate a large number of random bits, Exchange the key material securely between the users before sending

an one-time enciphered message, Keep both copies of the key material for each message securely until

they are used, and Securely dispose of the key material after use, thereby ensuring the

key material is never reused.

It requires a perfect random numbers as key We will learn how to generate pseudo-random numbers


Random numbers needed

If the key material is generated by a deterministic program then it is not actually random should never be used in an one-time pad cipher. If so used, the method becomes a stream cipher; these

usually employ a short key that is used to generate a long pseudorandom stream, which is then combined with the message using some such mechanism as those used in one-time pads. Stream ciphers can be secure in practice, but they cannot be absolutely secure in the same provable sense as the one-time pad

Cryptography and Network Security 1 Roadmap of Cryptography classical cryptography (--- 1920s) m secret writing required only pen and paper m Mostly:

Documents

network security cryptography

centuries cryptography

decryption cryptography

network securityhistory

actual practice cryptography

quantum key distribution

key managementusing

quantum mechanics