Top Banner

Click here to load reader

ECE579S-Class 2_2012

Sep 05, 2014

ReportDownload

Documents

ECE579S Computer & Network Security

Cryptography PrimerProfessor Richard A. Stanley, P.E.

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #1

Overview of the Cryptology Field

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #2

Types of Cryptosystems Symmetric key Since times B.C.E. to today Also called private key, which has become confusing

Asymmetric key Invented in 1976 Also called public key systems

Hybrid SystemsSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #3

The Players Alice: commonly used to denote the sender of cryptographic traffic Bob: commonly used to indicate the recipient of that traffic Eve: an eavesdropper Oscar: a generalized bad guy

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #4

Symmetric Key Cryptosystems Problem Statement: Alice and Bob want to communication over an un-secure channel (e.g., computer network, satellite link). They want to prevent Oscar (the bad guy) from listening. Solution: Use of private-key cryptosystems (these have been around since ancient times) such that if Oscar reads the encrypted version y of the message x over the unsecured channel, he will not be able to understand its content because x is what really was sent.Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #5

Symmetric Key CryptographyAlice Bob

Shared private key

Shared private keySpring 2012 2000-2012, Richard A. Stanley

Alices messageWPIECE579S/2 #6

Monoalphabetic Substitution Ciphers One of the oldest approaches Simply replace one letter of the text alphabet by another letter from the same alphabet (e.g. the English-language alphabet), one letter for one letter There are problems Statistics Key lengthSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #7

Modern Approaches Use computers or computer-based machines to simulate a key of very long length (key length >>> text length) to avoid key management problems Key these machines with short keys that can generate larger numbers to simulate a very long key There are also problems hereSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #8

EnigmaPerhaps the most famous cipher machine in history.This is an early model. Later test versions had as many as five rotors. Standard Kriegsmarine machines had four rotors after about 1943.

Enigma was a tactical machine-designed for battlefield use.Even today, Enigma would provide decent securityIF no errors occurred on the part of the operators.Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #9

SigabaSimilar in theory to Enigma. Designed for strategic (fixed station) use; note direct punching of teletypewriter paper tape for transmission.

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #10

Symmetric Key Cryptosystems

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #11

Definitions

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #12

Kerckhoffs Principle Secrecy must reside solely in the key It is assumed that the attacker knows the complete details of the cryptographic algorithm and implementation

A. Kerckhoffs was a 19th century Dutch cryptographer Not to be confused with G. Kirchoff, a 19th century German physicist whose name is attached to mesh circuit analysis techniques

Ergo, Security by obscurity doesnt work!Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #13

Enigma and Sigaba Both illustrate the validity of Kerckhoffs theorem Even when cryptanalysts were armed with a nearly perfect replication of the Enigma logic, brute-force keyspace search was useless for providing practical results The key needed to be discovered!Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #14

Simple Block Ciphers

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #15

Other Crypto Systems Substitution ciphers Most famous is the Caesar cipher: monoalphabetic substitution with offset = 3 Transposition ciphers in this group Childrens decoders usually in this category

Book ciphers CodebooksSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #16

Problem Areas Languages have well-known statistics E.g., e is most common letter in English This can be exploited for cryptanalysis Thus, substitution ciphers are not very secure Similar problems plague book ciphers, etc.

The only way to achieve true security is to make the ciphertext appear to be as random as possibleSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #17

Letter Frequencies in EnglishIf this were arranged as a Pareto chart, it would quickly be obvious that e,t,a are the three most common letters usually

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #18

Modern Cryptography Uses Electronic Digital Systems Advantages: Speed Accuracy Ability of using complex mathematics

Disadvantages Complex equipment Electronic vulnerabilities Key managementSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #19

Symmetric Ciphers Have the same key at each end Important that message length < cipher length, otherwise statistics bleed through This is what modern cipher machines emulate

Billions of combinations possible Keys changed frequently Each circuit requires a key pairSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #20

Cipher Example (Mauborgne/Vernam) Encipher Plain: 001 010 011 100 +key: 111 011 010 101 Cipher: 110 001 001 001

Decipher Cipher: 110 001 001 001 +key: 111 011 010 101 Plain: 001 010 011 100

The ciphertext is simply the plain text added to the key, modulo 2. This is a reversible process, as seen above.Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #21

One-Time Pad Ciphers

The One-Time Pad is unconditionally secure if, and only if, the keys are used only once.Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #22

OTP Remarks

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #23

One Time Pad

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #24

OTP Encryption Only ONE provably secure cryptosystem One-time pad Secure even if pad or operator captured BUTerrors can lead to decryption http://www.cia.gov/csi/books/venona/preface.htm

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #25

Why Use Anything Except Onetime Pads? Speed of encipherment Letters vs. numbers Logistics Usability Error rates

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #26

How to Achieve Good Cryptography? Well-reviewed algorithms So weaknesses cannot hide until after implementation

Excellent key generation & management To maintain secrecy of the key

Algorithms that are sufficiently complex so as to not permit feasible exhaustive attacksSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #27

Feistel Ciphers: Characteristics Special class of iterated block ciphers Ciphertext calculated from plaintext by repeated application of the same transformation or round function

Encryption and decryption are structurally identical (subkey order reversed for decryption) Fast, even in software implementation Easily analyzed (i.e., deficiencies more readily found by analysis)Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #28

Feistel Ciphers in Operation Plaintext split into two halves Round function f is applied to one half using a subkey Output of f is XORd with the other half of the plaintext Two halves are swapped

Process repeated for n rounds No swap after last roundSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #29

DES: Feistel Applied DES: Data Encryption Standard Formal specification -- FIPS PUB 46-3, last affirmed 25 October 1999http://www.csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

Describes two cryptographic algorithms DES TDEA (commonly referred to as 3DES)

DES based on IBM Lucifer cipher of 1974Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #30

DES Characteristics 64-bit block cipher 56-bit key, with additional 8 bits used for error checking (odd parity on each byte) Four operating modes (not unique to DES) Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB)WPIECE579S/2 #31

Spring 2012 2000-2012, Richard A. Stanley

Subkey Generation Creating the subkeys in a Feistel cipher has a major effect on the overall security of the algorithm Possible to create weak keys Changes in the subkey algorithm can result in effectively different realizations of the algorithm

DES is based on Feistel rounds, and uses a complex method of subkey generationSpring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #32

DES Enciphering ComputationFeistel round

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #33

Initial Permutation

Means the 1st bit in is the 58th bit out, etc. Read left to right, top to bottom.Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #34

Cipher Function, f(Rn,Kn)

Spring 2012 2000-2012, Richard A. Stanley

WPI

ECE579S/2 #35

How Can This Happen? Turn 32-bit plaintext into 48-