Introduction to Cryptography INFSCI 1075: Network Security – Spring 2013 Sam T. Zargar.

Introduction to Cryptography

INFSCI 1075: Network Security – Spring 2013

Sam T. Zargar

2

Security Features and Mechanisms

Security Features (Security Services) Measures intended to counter security attacks by

employing security mechanisms Take on functions of physical documents and procedures

like signatures, identity cards, endorsements, etc. Typical services: Confidentiality, integrity,

authentication, non-repudiation, and availability. Security Mechanisms

Prevent, detect, and recover from security attacks No single security mechanism can provide all the

security services

3

Remarks

Not all security services can be provided by a single security mechanism

Cryptography, if used cleverly and correctly, can provide several of the security services

Cryptography is the backbone of most security mechanisms SSL, SSH, IPSec, WPA, Kerberos, VPNs, Dial-up, etc.

Cryptography: using encryption and decryption principles/methods to conceal information

4

Limitations of Cryptography

Cryptography is not a complete solution in itself Systems and networks are not secure today

Not because of the mathematics behind cryptography The math is sound

Implementation of the cryptosystems and usage of cryptography in protocols are occasionally flawed

The human factor Why you need to study cryptography

An important component of information security today Awareness of what is used where and why it works Sense of why crypto in itself is not enough, but you need

things around it to make networks and systems secure

History For thousands of years

people have used methods of concealing information Concealing Ciphering or

Encryption Examples

Writing concealed information from the illiterate

Mirrors were used in India Tattoo messages on scalps and

allow hair to grow Biblical times (500 BC)

Substitution of one alphabet by another in a systematic way

Sparta (500 BC) Scytale (sitaali) http://en.wikipedia.org/wiki/Scyt

ale

5

6

History (2) Caesar Cipher (50 BC)

Described by Julius Caesar Example of a Shift Cipher

World War I Creation of many new ciphers ADFGVX code by the German military in World War 1

A product cipher Cryptography and Mathematics

Linkages started in the 1920s Extended to World War II Information Theory played a role in 1949 when Shannon

defined “perfect secrecy”

7

Modern Times Data Encryption Standard (DES)(1977)

Opened up a new area of research for securing digital information

All encryption algorithms from BC till 1976 were secret key algorithms Also called private key algorithms or

symmetric key algorithms Public key algorithms were introduced in

1976 by Whitfield Diffie and Martin Hellman (asymmetric)

Some Basic Terminology

8

Plaintext - original message

Ciphertext - coded message

Cipher - algorithm for transforming plaintext to ciphertext

Key - info used in cipher known only to sender/receiver

Encipher (encrypt) - converting plaintext to ciphertext

Decipher (decrypt) - recovering plaintext from ciphertext

Definitions

9

Cryptography – using encryption and decryption principles/methods to conceal information

Cryptanalysis (code breaking) - study of principles/ methods of deciphering ciphertext without knowing the key

Cryptology – study of both cryptography and cryptanalysis

Encryption Conventional (symmetric) encryption Public-key (asymmetric) encryption

10

Cryptology

CRYPTOLOGY

CRYPTOGRAPHY CRYPTANALYSIS

Private Key(Secret Key)

Public Key

Block Cipher Stream Cipher Integer Factorization

Discrete Logarithm

PR

OTO

CO

LS

Cryptography

11

Can characterize cryptographic system by: Type of encryption operations used

Substitution / transposition / product Number of keys used

Single-key or private / two-key or public Way in which plaintext is processed

block / stream

12

Block vs. Stream Ciphers Block ciphers process messages in

blocks, each of which is then en/decrypted

like a substitution on very big characters64-bits or more

Stream ciphers process messages a bit or byte at a time when en/decrypting

Many current ciphers are block ciphers

Broader range of applications

Cryptanalysis

13

The science/art of breaking an encryption scheme Objective is to recover key not just message General approaches:

Cryptanalytic attack May rely on:

Nature of encryption algorithm Characteristics of the plaintext Some plaintext-cipher text pairs

Brute-force attack Try every key …time and space complexity! On average, half of all possible keys must be tried to

achieve success.

Cryptanalytic Attacks

14

Ciphertext only Cryptanalyst has only Ciphertext of possibly many messages.

Known plaintext Access to both plain and ciphertext of several messages, probable

words. Chosen plaintext

Attacker can select plaintext and obtain its ciphertext. Chosen ciphertext

Attacker has access to decrypting box, objective is deduce the key, have the corresponding plaintext.

The HUMAN factor Rubber hose attack -- threaten, torture, blackmail for the key Purchase-key attack -- bribery (or burglary) Scam attack – “excuse me, could you tell me your password?” I’m stupid attack – easy to guess key (name, birthdate, phone

number, ….)

Encryption scheme is:

15

Unconditionally secure if: No matter how much computer power or time

is available, the cipher cannot be broken since the cipher-text provides insufficient information to uniquely determine the corresponding plaintext \

e.g., one-time pad (later) Computationally secure if:

Given limited computing resources (e.g. time needed for calculations is greater than age of universe), the cipher cannot be broken and it is costly!

Brute Force Search

16

Always possible to simply try every key Most basic attack, proportional to key size Assume either know / recognize plaintext

Key Size (bits)

Number of Alternative Keys

Time required at 1 decryption/µs

Time required at 106 decryptions/µs

32 232 = 4.3 109 231 µs = 35.8 minutes

2.15 milliseconds

56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4 1038 2127 µs = 5.4 1024 years

5.4 1018 years

168 2168 = 3.7 1050 2167 µs = 5.9 1036 years

5.9 1030 years

26 characters (permutation

)

26! = 4 1026 2 1026 µs = 6.4 1012 years

6.4 106 years

Symmetric Encryption

17

OR conventional / private-key / single-key Sender and receiver share a common key All classical encryption algorithms (from BC till

1976) Was only type prior to invention of public-key

in 1976 and by far most widely used

Symmetric Cipher Model

18

Conventional Encryption Model

19

Key Source

Insecure channel

Oscar

Encrypt DecryptAlice Bob

yx x

k k

Secure Channel

Requirements

20

Two requirements for secure use of symmetric encryption:a strong encryption algorithma secret key known only to sender / receiver

Mathematically have:Y = ek(X)X = dk(Y)

The functions ek() and dk() must be inverses of one another ek(dk(y)) = ? dk(ek(x)) = ? ek(dk(x)) = ?

Assume encryption/decryption algorithm is known, strength is in key

Implies a secure channel to distribute key

Substitution Ciphers

21

Classical Substitution Ciphers where letters of plaintext are replaced by

other letters or by numbers or symbols or if plaintext is viewed as a sequence of bits,

then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

Shift Ciphers Idea

Represent the capital letters of the English alphabet by integers

Encryption ek(x) = (x + k) mod 26

Decryption dk(y) = (y – k) mod 26

A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

23

Caesar Cipher earliest known substitution cipher by Julius Caesar (50 BC) first attested use in military affairs replaces each letter by 3rd letter on example:meet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWB

Set of Residues: Zn

25

The result of the modulo operation with modulus n is always an integer between 0 and n-1.

Modulo operation creates a set, which in modular arithmetic is referred to as the set of least residues, modulo n, or Zn

E.g. Z2 ={0,1}

Z6 ={0,1,2,3,4,5}

Z10={0,1,2,3,4,5,6,7,8,9}

The modulo operation (Quick review)

26

What is 27 mod 5? Quotient? 5 Divisor 5 27

Dividend - 25 Remainder?

2 What is -27 mod 5? Quotient? -

6 Divisor 5 -27

Dividend - (-30) Remainder?

3

Examples

27

36 mod 9 = 0 4 9 36 -36 0

-45 mod 9 = 0 -5 9 -45 -(-

45) 0

Shift Ciphers Cipher-text: HCEGDQQM K: C What is the plain-text? Encryption

ek(x) = (x + k) mod 26

Decryption dk(y) = (y – k) mod 26

A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

28

Cryptanalysis of Caesar Cipher only have 26 possible ciphers

A maps to A,B,..Z could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext "GCUA VQ DTGCM“

Monoalphabetic Cipher

30

Rather than just shifting the alphabet Could shuffle (jumble) the letters arbitrarily Each plaintext letter maps to a different random

ciphertext letter Hence key is 26 letters long

Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z

Cipher:D K V Q F I B J W P E S C X H T M Y A U O L R G Z N

If we wish to replace letters

Plaintext: ifwewishtoreplaceletters Ciphertext:WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher Security now have a total of 26! = 4 x 1026 keys with so many keys, might think is secure but would be !!!WRONG!!! problem is language characteristics

Language Redundancy and Cryptanalysis

human languages are redundant eg "th lrd s m shphrd shll nt wnt" letters are not equally commonly used in English E is by far the most common

letter followed by T,R,N,I,O,A,S

other letters like Z,J,K,Q,X are fairly rare have tables of single, double & triple letter

frequencies for various languages

33

Seberry & Pieprzyk, "Cryptography - An Introduction to Computer Security", Prentice-Hall 1989, Appendix A has letter frequency graphs for 20 languages (most European & Japanese & Malay).

English Letter Frequencies (Stallings Fig 2.5)

Example Cryptanalysis

34

Given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies (see text) Guess P & Z are E and T Guess ZW is th and hence ZWP is the Proceeding with trial and error finally get:it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the viet cong in moscow

The Affine Cipher

35

Use A 0, B 1, C 2, …, Z 25 Plaintext: x P = {0,1,2, …, 25} Ciphertext: y C = {0,1,2, …, 25} Encryption is defined as:

ek (x) = ax + b mod 26 How is decryption defined?

dk(y) = (y – b)/a mod 26 How do we divide modulo 26?

Example of Affine Ciphers

36

Let ek(x) = 3x + 7 mod 26 Consider encrypting “ANT” = 0, 13, 19

Ciphertext is 7, 20, 12 = “HUM” Let us decrypt it

H = 7 => (7-7)/3 = 0 = A U = 20 => (20-7)/3 = 13/3 =? 13 * 3-1 mod 26 M = 12 => (12-7)/3 = 5/3 =? 5 * 3-1 mod 26 3-1 ?

Multiplicative Inverse of 3 in Z26? Using extended Euclidean algorithm

Ref. Cryptography and Network Security (Behrouz A. Forouzan)

Chapter 2: Mathematics of Cryptography

Polyalphabetic Ciphers

37

Polyalphabetic substitution ciphers Improve security using multiple cipher

alphabets Make cryptanalysis harder with more

alphabets to guess and flatter frequency distribution

Use a key to select which alphabet is used for each letter of the message

Use each alphabet in turn Repeat from start after end of key is reached

Vigenère Cipher

38

Simplest polyalphabetic substitution cipher

Effectively multiple Caesar cipher Key is multiple letters long K = k1 k2 ...

kd nth letter specifies nth alphabet to use Use each alphabet in turn Repeat from start after d letters in

message Decryption simply works in reverse

Example of Vigenère Cipher

39

Write the plaintext out Write the keyword repeated above it Use each key letter as a Caesar cipher key Encrypt the corresponding plaintext letter E.g. Using deceptive as a keykey: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

Security of Vigenère Cipher

40

Have multiple ciphertext letters for each plaintext letter Hence letter frequencies are obscured But not totally lost! Start with letter frequencies

See if look monoalphabetic or not E.g. 1 10 19

key: deceptivedeceptivedeceptive

Letters in positions 1,10, 19, and so on are all encrypted with the same monoalphabetic cipher!

Using known frequency characteristics of plaintext language to attack each monoalphabetic ciphers

Solution: Increase the key size to the length of message!

Autokey Cipher

41

Ideally want a key as long as the message Vigenère proposed the autokey cipher With keyword as a prefix to as much of the

message as is needed to be used as key Knowing keyword can recover the first few

letters Use these in turn on the rest of the

message But still have frequency characteristics to

attack E.g. Given deceptive as a keykey: deceptivewearediscoveredsav

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

One-Time Pad

42

If a truly random key as long as the message is used, the cipher will be secure

Called a One-Time pad

It is unbreakable since ciphertext bears no statistical relationship to the plaintext

Since for any plaintext & any ciphertext there exists a key mapping one to other

Can only use the key once though

There are problems in generation & safe distribution of key

Brute Force Search

43

Always possible to simply try every key Most basic attack, proportional to key size Assume either know / recognize plaintext

Key Size (bits)

Number of Alternative Keys

Time required at 1 decryption/µs

Time required at 106 decryptions/µs

32 232 = 4.3 109 231 µs = 35.8 minutes

2.15 milliseconds

56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4 1038 2127 µs = 5.4 1024 years

5.4 1018 years

168 2168 = 3.7 1050 2167 µs = 5.9 1036 years

5.9 1030 years

26 characters (permutation

)

26! = 4 1026 2 1026 µs = 6.4 1012 years

6.4 106 years

Question

44

Assume that you have a PC that can do 106 decryption per µs. You want to decrypt an algorithm that its key space/key size has 56 bits using brute force approach. So you need to in average check half of the key space. How long does it take to check half of the key space using your PC? (µs = 10-6 seconds)

256 / 2 = 255 different keys to be checked (should be decrypted)

In each µs you can decrypt 106 ciphertexts using 106 keys out of 255

So: How many µs to decrypt using 255 keys? 255 / 106 = 36028797018.963968 µs =

36028797018.963968 *10-6 ~ 36029 s

36029 s / 60 ~ 600 min 600 min / 60 ~ 10 hours

Transposition Ciphers

45

Transposition Ciphers

46

Now consider classical transposition or permutation ciphers

Hide the message by rearranging the letter order without altering the actual letters used.

Can recognize these since they have the same frequency distribution as the original text

47

Permutation Cipher Permutation cipher

Do not change the plaintext Simply shuffle the plaintext according to a known

permutation π(j) Different from the substitution cipher

Suppose the plaintext is x = (x1,x2,x3,… xm) Encryption is: ek(x) = y = (xπ(1),xπ(2),xπ(3),…

xπ(m)) Note that the ciphertext still consists of the

same elements that were present in the plaintext

48

Example of Permutation Cipher

Encrypt HOTDOG = HOT DOG Shuffling, we get THO GDO

Decrypt THO GDO Shuffling, we get HOTDOG

P 1 2 3(P) 3 1 2

C 1 2 3-1(C) 2 3 1

More like an anagram

Rail Fence cipher

49

Write message letters out diagonally over a number of rows then read off cipher row by row

E.g. write message out as: Org message: meet me after the toga party

m e m a t r h t g p r y e t e f e t e o a a t

Giving ciphertextMEMATRHTGPRYETEFETEOAAT

50

Remarks on Permutation Cipher Read Section 2.3 ‘Transposition Techniques’ for

more on permutations Permutations and substitutions are very

important in modern encryption schemes Example: DES makes use of permutations Example: AES makes use of many rounds of

substitutions and permutations

Product Ciphers

51

Product Ciphers

52

Ciphers using substitutions or transpositions are not secure because of language characteristics

Hence consider using several ciphers in succession to make the cipher harder: Two substitutions make more complex substitution Two transpositions make more complex

transposition But a substitution followed by a transposition

makes a new difficult cipher! This is a bridge from classical to modern

ciphers (e.g. AES)

53

Example of Product Cipher

Encrypt (Using Permutation) ZDKLBM = Shuffling, we get KZDMLB

Decrypt KZDMLB Shuffling, we get ZDKLBM Then Key : SPRING

Decrypted: ?

j 1st 2 3 4 5 6

(j) 3 1 2 6 4 5

k 1st 2 3 4 5 6

-1(k) 2 3 1 5 6 4

2- Permutation

A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

1- Substitution: (e.g. Vigenère ): Key: SPRINGText: HOTDOG Encrypt (Using Substitution ) Decrypted: ZDKLBM

54

How about…

j 1 2 3 4 5 6

(j) 3 1 2 6 4 5

k 1 2 3 4 5 6

-1(k) 2 3 1 5 6 4

2- Permutation

A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

A substitution then a permutation, then another substitution and permutation as an encryption? More secure? (Please think about it)1- Substitution: (e.g. Vigenère ): Key: SPRING Text: HOTDOG Encrypt (Using Substitution ) Decrypted: ZDKLBM

3- Substitution: (e.g. Vigenère ): Key: SPRING Text: KZDMLB Encrypt (Using Substitution ) Decrypted: CQUUYH 4- Permutation: Encrypt (Using Permutation) CQUUYH = Shuffling, we get UCQHUYPlease do the decryption yourself

Encrypt (Using Permutation) ZDKLBM = Shuffling, we get KZDMLB

Rotor Machines

55

Before modern ciphers, rotor machines were most common complex ciphers in use

Widely used in WorldWarII German Enigma, Allied Hagelin, Japanese Purple

Implemented very complex, varying substitution cipher

Used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted

With 3 cylinders had 263=17576 alphabets

Hagelin Rotor Machine

56

Rotor Machine Principles

An alternative to Encryption

58

Steganography

59

An alternative to encryption Art of hiding information in the midst of

irrelevant data This is NOT cryptography Hides existence of message

Using only a subset of letters/words in a longer message marked in some way

Using invisible ink Hiding in LSB (least-signifcant-bit)in graphic image

or sound file Has drawbacks

High overhead to hide relatively few info bits

Example of Steganography

60

Dear George,Greetings to all at Oxford. Many thanks for yourletter and for the summer examination package.All entry forms and fees forms should be readyfor final dispatch to the syndicate by Friday20th or at the latest I am told by the 21st.Admin has improved here though there is roomfor improvement still; just give us all two or threemore years and we will really show you! Pleasedon’t let these wretched 16+ proposals destroyyour basic O and A pattern. Certainly thissort of change, if implemented immediately, would bring chaos.

Sincerely yours,

Example of Steganography

61

Dear George,Greetings to all at Oxford. Many thanks for yourletter and for the summer examination package.All entry forms and fees forms should be readyfor final dispatch to the syndicate by Friday20th or at the latest I am told by the 21st.Admin has improved here though there is roomfor improvement still; just give us all two or threemore years and we will really show you! Pleasedon’t let these wretched 16+ proposals destroyyour basic O and A pattern. Certainly thissort of change, if implemented immediately, would bring chaos.

Sincerely yours,

Summary

62

Have considered: Classical cipher techniques and terminology Monoalphabetic substitution ciphers Cryptanalysis using letter frequencies Polyalphabetic ciphers Transposition ciphers Product ciphers Steganography ROTOR Machines