Introduction to Basic Crypto Schemes

week01-crypto.ppt 18/27/2013 4:40:35 PM

Introduction to Basic Crypto Schemes

• In order to achieve confidentiality but at the same communicate/exchange information with intended parties, the information must be hidden from others

• But how?– By encryption/decryption– By obscurity

week01-crypto.ppt 28/27/2013 4:40:36 PM

By Obscurity – An Example

A cover image (no message)

week01-crypto.ppt 38/27/2013 4:40:37 PM

By Obscurity – An Example – cont.

A cover image (no message)

A stego image

week01-crypto.ppt 48/27/2013 4:40:39 PM

Crypto Terminology

• Cryptology The art and science of making and breaking “secret codes”

• Cryptography making “secret codes”• Cryptanalysis breaking “secret codes”• Crypto all of the above (and more)

week01-crypto.ppt 58/27/2013 4:41:15 PM

Crypto as Black Box

plaintext

keykey

plaintextciphertext

A generic use of crypto

encrypt decrypt

week01-crypto.ppt 68/27/2013 4:41:42 PM

How to Speak Crypto

• A cipher or cryptosystem is used to encrypt the plaintext – The result of encryption is ciphertext – We decrypt ciphertext to recover plaintext

• A key is used to configure a cryptosystem– A symmetric key cryptosystem uses the same key to encrypt

as to decrypt– A public key cryptosystem uses a public key to encrypt and

a private key to decrypt– Key space is the total number of all possible keys that can

be used in a cryptographic system

week01-crypto.ppt 78/27/2013 4:42:05 PM

Crypto

• Basic assumption– The system is completely known to the attacker– Only the key is secret

• Also known as Kerckhoffs Principle– Crypto algorithms are not secret

• Why do we make this assumption?– Experience has shown that secret algorithms are weak

when exposed– Secret algorithms never remain secret– Better to find weaknesses beforehand

week01-crypto.ppt 88/27/2013 4:42:25 PM

Confusion and diffusion

• Proposed by Claude Shannon – The founder of Information Theory– 1949 paper:

Comm. Thy. of Secrecy Systems• Confusion and diffusion

– Confusion obscure relationship between plaintext and ciphertext• Note that the encryption must be invertible in order to be

able to recover the original plaintext from the ciphertext– Diffusion spread plaintext statistics through the

ciphertext

week01-crypto.ppt 98/27/2013 4:43:04 PM

Usage of Crypto for Computer Security

• Crypto provides fundamental tools to solve many problems in computer security– Confidentiality– Integrity– We have to understand the crypto algorithms and

principles in order to understand many solutions to computer security problems

week01-crypto.ppt 108/27/2013 4:43:17 PM

Simple Substitution

• Plaintext: fourscoreandsevenyearsago• Key:

a b c d e f g h i j k l m n o p q r s t u v w x y

D E F G H I J K L M N O P Q R S T U V W X Y Z A B

zC

• Ciphertext: IRXUVFRUHDAGVHYHABHDUVDIR

• Shift by 3 is “Caesar’s cipher”

PlaintextCiphertext

week01-crypto.ppt 118/27/2013 4:44:13 PM

Ceasar’s Cipher Decryption

• Plaintext: floridastateuniversity

a b c d e f g h i j k l m n o p q r s t u v w x y

D E F G H I J K L M N O P Q R S T U V WX Y Z A B

z

CPlaintext

Ciphertext

• Suppose we know a Caesar’s cipher is being used

• Ciphertext: IORULGDVWDWHXQLYHUVLWB

week01-crypto.ppt 128/27/2013 4:44:20 PM

Not-so-Simple Substitution

• Shift by n for some n {0,1,2,…,25}

a b c d e f g h i j k l m n o p q r s t u v w x y

H I J K L M N O P Q R S T U V W X Y Z A B C D E F

z

GPlaintext

Ciphertext

The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A = 0, B = 1,..., Z = 25. [1] Encryption of a letter  by a shift n can be described mathematically as,[2]

Decryption is performed similarly,

week01-crypto.ppt 138/27/2013 4:45:02 PM

Cryptanalysis I: Try Them All

• A simple substitution (shift by n) is used• But the key is unknown• Given ciphertext: CSYEVIXIVQMREXIH• How to find the key?• Only 26 possible keys try them all!• Exhaustive key search• Solution: key = 4

week01-crypto.ppt 148/27/2013 4:45:06 PM

Even-less-Simple Substitution

• Key is some permutation of letters• Need not be a shift• For example

a b c d e f g h i j k l m n o p q r s t u v w x yJ I C A X S E Y V D K WB Q T Z R H F M P N U L G

zO

PlaintextCiphertext

• Then 26! > 288 possible keys!

week01-crypto.ppt 158/27/2013 4:45:29 PM

Cryptanalysis II: Be Clever• We know that a simple substitution is used• But not necessarily a shift by n• Can we find the key given ciphertext: PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQ

WAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA

week01-crypto.ppt 168/27/2013 4:45:45 PM

Cryptanalysis II• Can’t try all 288 simple substitution keys• Can we be more clever?• English letter frequency counts

– Also the relative frequencies for pairs and triples of characters

0.00

0.02

0.04

0.06

0.08

0.10

0.12

0.14

A C E G I K M O Q S U W Y

week01-crypto.ppt 178/27/2013 4:46:12 PM

Cryptanalysis II

week01-crypto.ppt 188/27/2013 4:47:20 PM

Cryptanalysis II

• Ciphertext: PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVC

XQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA

A B C D E F G H I J K L M N O P Q R S T U V W X Y21 26 6 10 12 51 10 25 10 9 3 10 0 1 15 28 42 0 0 27 4 24 22 28 6

Z

8

Ciphertext frequency counts:

• Decrypt this message using info below

week01-crypto.ppt 198/27/2013 4:47:53 PM

Cryptanalysis Terminology

• Cryptosystem is secure if best known attack is to try all keys

• Cryptosystem is insecure if any shortcut attack is known– By this definition, an insecure system might be

harder to break than a secure system, depending on the size of the key space

– In practice, we need to select a secure cipher with a large enough key space• As a secure cipher with a small key space can be broken

week01-crypto.ppt 208/27/2013 4:48:14 PM

Even-less-Simple Substitution – cont.

• Key is some permutation of letters– It is not secure when used to encrypt plain

English messages• It uses only confusion

– How can we improve the security of this cipher?

week01-crypto.ppt 218/27/2013 6:01:19 PM

Double Transposition

• Plaintext: attackxatxdawnPermute rowsand columns

• Ciphertext: xtawxnattxadakc • Key: matrix size and permutations

(3,5,1,4,2) and (1,3,2)

week01-crypto.ppt 228/27/2013 6:01:24 PM

Double Transposition

• Plaintext: attackxatxdawnPermute rowsand columns

• Which principles does a double

transposition cipher use, confusion, diffusion, or both?

week01-crypto.ppt 238/27/2013 6:01:28 PM

One-time Pad Encryption

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

h e i l h i t l e r001 000 010 100 001 010 111 100 000 101111 101 110 101 111 100 000 101 110 000

110 101 100 001 110 110 111 001 110 101

s r l h s s t h s r

Encryption: Plaintext Key = Ciphertext

Plaintext:Key:

Ciphertext:

week01-crypto.ppt 248/27/2013 6:01:33 PM

One-time Pad Encryption

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

h e i l h i t l e r001 000 010 100 001 010 111 100 000 101111 101 110 101 111 100 000 101 110 000

110 101 100 001 110 110 111 001 110 101

s r l h s s t h s r

Encryption: Plaintext Key = Ciphertext

Plaintext:Key:

Ciphertext:

How to decrypt a message encrypted using one-time pad?

week01-crypto.ppt 258/27/2013 6:01:39 PM

One-time Pad Decryption

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

s r l h s s t h s r110 101 100 001 110 110 111 001 110 101

111 101 110 101 111 100 000 101 110 000

001 000 010 100 001 010 111 100 000 101

h e i l h i t l e r

Decryption: Ciphertext Key = Plaintext

Ciphertext:Key:

Plaintext:

week01-crypto.ppt 268/27/2013 6:01:41 PM

One-time Pad

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

s r l h s s t h s r110 101 100 001 110 110 111 001 110 101101 111 000 101 111 100 000 101 110 000

011 010 100 100 001 010 111 100 000 101

k i l l h i t l e r

Ciphertext:“key”:

“Plaintext”:

Double agent claims sender used “key”:

week01-crypto.ppt 278/27/2013 6:01:44 PM

One-time Pad

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

s r l h s s t h s r110 101 100 001 110 110 111 001 110 101111 101 000 011 101 110 001 011 101 101

001 000 100 010 011 000 110 010 011 000

h e l i k e s i k e

Ciphertext:“Key”:

“Plaintext”:

Sender is captured and claims the key is:

week01-crypto.ppt 288/27/2013 6:01:52 PM

One-time Pad Summary

• Provably secure, when used correctly– Ciphertext provides no info about plaintext– All plaintexts are equally likely– Pad must be random, used only once– Pad is known only by sender and receiver– Pad is same size as message– No assurance of message integrity

• Why not distribute message the same way as the pad?

week01-crypto.ppt 298/27/2013 6:02:03 PM

Messages in Depth

• Messages are in depth if they are encrypted with the same key

week01-crypto.ppt 308/27/2013 6:02:11 PM

Real-world One-time Pad

• Project VENONA– Soviet spy messages from U.S. in 1940’s– Nuclear espionage, etc.– Thousands of messages

• Spy carried one-time pad into U.S.• Spy used pad to encrypt secret messages• Repeats within the “one-time” pads made

cryptanalysis possible

week01-crypto.ppt 318/27/2013 6:02:39 PM

Codebook

• Literally, a book filled with “codewords”• Zimmerman Telegram encrypted via codebook

Februar 13605fest 13732finanzielle 13850folgender 13918Frieden 17142Friedenschluss 17149

: :

• Modern block ciphers are codebooks.

week01-crypto.ppt 328/27/2013 6:02:57 PM

Zimmerman Telegram

• One of most famous codebook ciphers ever

• Led to US entry in WWI

• Ciphertext shown here…

week01-crypto.ppt 338/27/2013 6:03:12 PM

Zimmerman Telegram Decrypted

• British had recovered partial codebook

• Able to fill in missing parts

week01-crypto.ppt 348/27/2013 6:03:26 PM

Taxonomy of Cryptography

• Symmetric Key– Same key for encryption as for decryption– Stream ciphers– Block ciphers

• Public Key– Two keys, one for encryption (public), and one for

decryption (private)– Digital signatures nothing comparable in symmetric

key crypto• Hash algorithms

week01-crypto.ppt 358/27/2013 6:03:35 PM

Taxonomy of Cryptanalysis

• Ciphertext only• Known plaintext• Chosen plaintext

– “Lunchtime attack”– Protocols might encrypt chosen text

• Adaptively chosen plaintext• Related key• Forward search (public key crypto only)

week01-crypto.ppt 368/27/2013 6:03:42 PM

Summary

• Substitutions and transpositions are the building blocks of ciphers– While the ones we covered so far are simple and

straightforward, their generalized versions are used extensively in modern ciphers

37

Class Discussion

• Do you agree with the following (p. 722, E. Skoudis, “Counter Hack Reloaded”, 2nd Edition)?– “Just as this is the Golden Age of Hacking, so too is

it the Golden Age of Information Security. We live in very exciting times with technologies rapidly advancing, offering tremendous opportunities for learning and growing. If technology itself doesn’t get you excited, think of the tremendous job security afforded to system administrators, security personnel, and network managers who know how to secure their systems properly.”

38

Class Discussion

• If you place an unpatched computer on the Internet, what is the average survival time before being completely compromised?

39

Class Discussion

http://isc.sans.edu/survivaltime.html

40

Class Discussion

http://isc.sans.edu/survivaltime.html

41

Before Class Discussion

• Homeland Security Secretary Janet Napolitano in her farewell address given on Aug. 27, 2013