Cryptography -- Classical Styles Anita Jones CS451 Information Security Copyright(C) Anita Jones.

Cryptography -- Classical Styles

Anita Jones

CS451 Information Security

Copyright(C) Anita Jones

9/2006

Overview

IntroductionA security modelWhat is cryptography?Some classical ciphers

from days of olde ……. up to World War II

9/2006

Security problems of interest

confidentiality - protect info content from unwarranted observation

integrity - protect info accuracy availability - ensure information delivery

authentication - assure identity of user (sender) non-repudiation - protect from deniability

access control - control access to info/resources

Policies:

Problems that arise in implementation:

9/2006

Attacks

interception - of information-traffic, breaches confidentiality

interruption - of service, availabilitymodification - of information, i.e. loss of

integrityfabrication - of information, destroys

authenticity

9/2006

Response?

identify key assets evaluate threat posed to assets implement suitable countermeasures manage implementation cryptography is a key technology

Note – not a “perimeter defense” technology

9/2006

Model for cryptography

Principal Principal

Message

SecretInformation

SecurityTransform

SecurityTransform

Message

SecretInformation

Trusted 3rd Party(arbitrates, distributessecret information)

Opponent

Info channel

9/2006

Issues

Transformation algorithmWhat’s the secret information; How to

generate itHow to distribute secret information Protocols -- disciplined interaction

involving all parties

9/2006

What’s cryptographycryptography is the study of secret (crypto-)

writing (-graphy) concerned with developing algorithms which

may be used to: conceal the content of a message from all except

the sender & recipient (secrecy or confidentiality) verify the correctness of a message or its sender

to the recipient (integrity & authentication)

includes protocols solving many problems

9/2006

A few terms

cryptography the art or science of transforming an intelligible

message into one that is unintelligible, and then transforming that message back to original form

plaintext the original intelligible message

ciphertext the transformed message

9/2006

A few terms

cipher an algorithm for transforming an intelligible

message into one that is unintelligible

key critical (secret) information used in the cipher

& known only to the sender & receiver Symmetric – shared Asymmetric – public/private

9/2006

A few terms

encipher (encode) the process of converting plaintext to ciphertext

using a cipher plus key

decipher (decode) the process of converting ciphertext back into

plaintext using a cipher plus key

9/2006

A few terms

cryptanalysis (codebreaking) the study of methods for transforming an

unintelligible message back into an intelligible message without knowledge of the key

code an algorithm for transforming an intelligible

message into an unintelligible message using a code-book

9/2006

Transformations

encryption applying a mathematical function mapping

plaintext to ciphertext using the specified key:

C = EK(P)

decryption applying a mathematical function mapping

ciphertext to plaintext using the specified key:

P = EK-1(C) P = DK(C)

9/2006

More terms

cryptographic system a single parameter family of invertible

transformations with unique inverses where only the key is secret

the cryptographic system is typically made public

keys, of course, are secret

9/2006

Steganography

embed message in innocuous setting

My Special Friend,

Our speaker today in class today is exciting, & I know that the next speaker is even better. I need to report to you that next class the teacher will give the mid-term exam. Well, there is only one mid-term! YEAH!!! That is it for now. I’m awful at writing, but will keep trying ………...

9/2006

Steganography

embed message in innocuous setting

My Special Friend,

Our speaker today in class today is exciting, & I know that the next speaker is even better. I need to report to you that next class the teacher will give the mid-term exam. Well, there is only one mid-term! YEAH!!! That is it for now. I’m awful at writing, but will keep trying ………...

Two crypto techniques

Permutation

Substitution

9/2006

“Staff” cipheran early Greek transposition cipher:

cut a narrow strip of paper long enough to write message

wind it around a staff so that adjacent edges abut write message horizontally down the shaft with a

character on each wrapping unwind

Result: long sequence of seemingly random letters

9/2006

The ole alternation trick

write message letters on alternate rows read off cipher by row

Plain = “I CAME I SAW I CONQUERED”

Plain: I A E S W C N U E C M I A I O Q R D Cipher: IAESW CNUE CMIAI OQRD

9/2006

The ole structured patterns trick

write message letters as a matrix read off cipher by some pattern

Plain: I C A M E I S A W I C O N Q U E R E D A Cipher: diagonals, concentric circle, in and out, etc

9/2006

The ole mirror trick

write the message backwards

Plain: I CAME I SAW I CONQUERED Cipher: DEREU QNOCI WASIE MACI

………and speaking of J. Caesar

Two crypto techniques

Permutation

Substitution

9/2006

Caesar cipher - substitution cipher

Julius Caesar invented to transmit military information -- 2000 years ago

Map each letter to another -- fixed offset -- called the translation alphabet

Alphabets: Plain: A B C D E F G H I J K L M N O P Q R S T UCipher: E F G H I J K L M N O P Q R S T U V W X Y

CipherText: W TI G M E P W T I E O I V G S Q M R K

9/2006

Caesar cipher - substitution cipher

Julius Caesar invented to transmit military information -- 2000 years ago

Map each letter to another -- fixed offset -- called the translation alphabet

Alphabets: Plain: A B C D E F G H I J K L M N O P Q R S T UCipher: E F G H I J K L M N O P Q R S T U V W X Y

CipherText: W TI G M E P W T I E O I V G S Q M R KP = S P E C I A L S P EA K E R C O M I N G

9/2006

Substitution TechniqueEncryption algorithm used in previous slide is C = E(P) = (p + 4) mod(26)

More generally, any shift, k, in range 1:25 C = E(P) = (p + k) mod(26)

Decryption algorithm p = D(C) = (c - k) mod(26)

plaintext letter P (p is its offset into the alphabet of interest; ciphertext letter C (ditto); modulus function mod

9/2006

Cryptanalysis – break Caesar cipher

check out brute force cryptanalysis of a Caesar cipher

What is the Key?What is the Key size?

9/2006

Mono-alphabetic Substitution

Use any permutation of the 26 alphabetic characters 26! (i.e. 4 x 1026) possible keys brute force attack is cheap to execute But, regularities of the language give clues

English, German, Hebrew, Russian – have different characteristics in terms of letter usage

9/2006

Language regularitiescan base cryptanalysis on frequency of letter occurrenceE is most frequent, thenT, R, I, N, O, A, S, then …..rarely are J, K, Q X Z used

E is 25 times more frequent than Q

Strategy (for a “long enough” message) is to guess at letter value based on frequency of appearance in ciphertext

9/2006

Language regularities - example

Ceasar (Mono alphabetic substitution) Alphabets: Plain: A B C D E F G H I J K L M N O P Q R S T UCipher: E F G H I J K L M N O P Q R S T U V W X Y

CipherText: W TI G M E P W T I E O I V G S Q M R KP = S P E C I A L S P EA K E R C O M I N G

P = S P E C I A L S P EA K E R C O M I N G

9/2006

Crypt algorithm developmentearly manuscript -- Abu al-Kindi's "A

Manuscript on Deciphering Cryptographic Messages" published in the 9th century stronger mono-alphabetic ciphers --some used

several replacement symbols for each letter, for common words

nulls were developed in middle ages

9/2006

Algorithm development (cont)Roger Bacon described methods in 1200s Geoffrey Chaucer included several ciphers

in his writings Arabic knowledge of cryptology described in

an encyclopedia in 1412 growing use in European diplomacyLeon Alberti devised a cipher wheel -- more

on that later

9/2006

Poly-alphabetic substitution cipher

attributed to Blaise de Vigenère isobjective: improve security by using multiple

mono-alphabetic substitution alphabets define multiple full alphabet substitutions each letter can be replaced by many others use a key to select which alphabet is used for each

letter of the message i-th letter of key specifies i-th alphabet to use use each alphabet in turn, then repeat

9/2006

Poly-alphabetic example

plaintext S O U N D A L A R M key C I P H E R C I P Hciphertext U W J U H R N I G T A-> ABCDEFGHIJKLMNOPQRSTUVWXYZ C -> CDEFGHIJKLMNOPQRSTUVWXYZAB I -> IJKLMNOPQRSTUVWXYZABCDEFGH P -> PQRSTUVWXYZABCDEFGHIJKLMNO H -> HIJKLMNOPQRSTUVWXYZABCDEFG E -> EFGHIJKLMNOPQRSTUVWXYZABCD R -> RSTUVWXYZABCDEFGHIJKLMNOPQ

'S' uses alphabet 'C' maps to 'U' 'O' uses alphabet 'I' maps to 'W' ’U' uses alphabet 'P' maps to 'J’ etc

9/2006

From letters to binary

Vernam (1918) uses binary, not letters

Ci = pi x ki

pi - ith binary digit of plaintext

ki - ith binary digit of key

Ci - ith binary digit of ciphertext

9/2006

One time padArmy Signal Corp officer, Joseph Mauborgne

improved Vernam cipherUse random key that was truly as long as the

messagecipher output is random -- has no statistical

relationship to plaintextproblem is that sender & receiver need to have

that long key -- different for each message

One time pad – the ultimate substitution technique

9/2006

Rotor Machinesenciphering (& deciphering) is rote, tedious,

and error prone (if done manually)Automation permits multiple (transposition)

stagesRotor Machine consists of

keyboard multiple rotors, each with 26 positions pre-wired

9/2006

Rotor machine

ABC…

Z

MotionFixed wiring

ABCDE…

U

Z

9/2006

Enigma: http://webhome.idirect.com/~jproc/crypto/enigma.html

Simulated deciphering of Enigma using “Turing Bombe”: http://library.thinkquest.org/28005/flashed/timemachine/courseofhistory/bombeapp.shtml

Code machine

9/2006

WW II crypto machines

German Enigma -- three rotors and later more

Japanese Purple -- broken by U.S. Yamamoto planned attack after Pearl Harbor U.S. fleet coming out of Pearl Harbor plans known hundreds of Japanese ships sunk

Next

Block Ciphers

9/2006

Backup Notes cracking polyalph original method developed by Babbage and Kasiski use repetitions in ciphertext to give clues as to period look for same plaintext an exact period apart which results in the same ciphertext of course, could also be random fluke eg.

Plaintext: TOBEORNOTTOBE Key: NOWNOWNOWNOW Ciphertext: GCXRCNACPGCXR

see repeated ciphertext "GCXR" since repeats are 9 chars apart, guess period is 3 or 9 in general find a number of duplicated sequences collect all their distances apart, look for common factors remembering that some will be random flukes and need to be discarded

9/2006

Backup Notes cracking polyalph (2) in order to break a polyalphabetic cipher must 1. determine how many alphabets -- d -- were used: See Kasiski method 2. separate ciphertext into d sections 3. Determine if each as a monoalphabetic value (if not, have a wrong guess) by computing the frequency balance across the cipher text (called an Index of Coincidence) 4. solve each as a monoalphabetic cipher using - frequency distribution, - common double & triple letters - word boundaries

9/2006

IssuesWhat do the attacks on classical

techniques target?

What is a “perfect cipher” and why?

How important is redundancy in cryptology?