Stephen S. Yau 1CSE465-591 Fall 2006 Cryptography.

Stephen S. Yau 1CSE465-591 Fall 2006

CryptographyCryptography


CryptographyCryptography In Greek means “secret writing” In Greek means “secret writing” An outsider An outsider

(interceptor/intruder/adversary) can (interceptor/intruder/adversary) can make following threats: make following threats: Block message (affecting availability)Block message (affecting availability) Intercept message (affecting secrecy)Intercept message (affecting secrecy) Modify message (affecting integrity)Modify message (affecting integrity) Fabricate message (affecting integrity)Fabricate message (affecting integrity)

Cryptography is the fundamental Cryptography is the fundamental technique to counter these threats technique to counter these threats because the outsider does not because the outsider does not understand the meaning of messagesunderstand the meaning of messagesT1:

ch8.1 T2: ch9.1


Cryptography Cryptography (cont.)(cont.)

CryptographyCryptography:: Study of mathematical Study of mathematical techniques related to certain aspects of techniques related to certain aspects of information security, such as confidentiality, information security, such as confidentiality, data integrity, entity authentication, and data data integrity, entity authentication, and data origin authentication.origin authentication. The basic component of cryptography is a The basic component of cryptography is a

cryptosystemcryptosystem CryptanalystCryptanalyst:: Person working for Person working for

unauthorized interceptorunauthorized interceptor CryptographerCryptographer:: Person working for Person working for

legitimate sender or receiverlegitimate sender or receiver CryptologyCryptology:: Study of encryption and Study of encryption and

decryption, including cryptography and decryption, including cryptography and cryptanalysis.cryptanalysis.


CryptosystemCryptosystem AA cryptosystem cryptosystem is a 5-tuple (is a 5-tuple (, D, M, K, C, D, M, K, C), ),

where where MM is the set of plaintexts, K is the set is the set of plaintexts, K is the set of keys, of keys, CC is the set of ciphertexts, is the set of ciphertexts, : : K→CK→C is the set of encipher ( is the set of encipher (encryptionencryption) ) functions, and functions, and D: C D: C K→M K→M is the set of is the set of deciphering (deciphering (decryptiondecryption) functions.) functions. Plaintext Plaintext MM: set of messages in original form: set of messages in original form Ciphertext Ciphertext CC: set of messages in encrypted : set of messages in encrypted

formform


Cryptosystem Cryptosystem (cont.)(cont.) EncryptionEncryption:: Process of encoding Process of encoding

(enciphering) a message so that its meaning (enciphering) a message so that its meaning is not obvious.is not obvious. Provide confidentialityProvide confidentiality Principle of EncryptionPrinciple of Encryption

Very hard (impossible) to find out the Very hard (impossible) to find out the message without knowing the keymessage without knowing the key

Very easy (and fast) to find out the Very easy (and fast) to find out the message knowing the keymessage knowing the key

DecryptionDecryption:: Process of decoding Process of decoding (deciphering or transforming) an encrypted (deciphering or transforming) an encrypted message to its original form. message to its original form.


Types of CryptosystemsTypes of Cryptosystems Symmetric cryptosystems (also called Symmetric cryptosystems (also called single-single-

keykey cryptosystems) are cryptosystems) are classical classical cryptosystemscryptosystems: :

MM = = DD((KK, , EE((KK, , MM)))) The encryption key and decryption key are the same.The encryption key and decryption key are the same.

Asymmetric cryptosystem: Asymmetric cryptosystem:

MM = = DD((KKdd, , EE((KKee, , MM)))) KKdd is the decryption key and is the decryption key and KKee is the encryption key is the encryption key

KKd d ≠ ≠ KKeeT1: ch8.2 T2: ch9.2


One-Time PadOne-Time Pad One-Time Pad (OTP) is the only One-Time Pad (OTP) is the only

mathematically secure cryptosystem.mathematically secure cryptosystem. Mathematical SecurityMathematical Security: using theory of : using theory of

statistics and probability, the ciphertext statistics and probability, the ciphertext CC generated by the encryption algorithm generated by the encryption algorithm EE has has been proven to be undecipherablebeen proven to be undecipherable, except , except using the right decryption algorithm D. using the right decryption algorithm D.

OTP uses a symmetric key, which should OTP uses a symmetric key, which should be statistically proven to be be statistically proven to be randomrandom

Message

Key 00101011 …

Cipher 10111101 … 10010110 …

Sender

Message

Key 00101011 …

Cipher 10111101 … 10010110 …

Receiver

T1: ch8.2.2 T2: ch9.2.2


One Time Pad One Time Pad (cont.)(cont.) A and B wish to communicate privately A and B wish to communicate privately

using the one-time pad (it uses a using the one-time pad (it uses a symmetric key K)symmetric key K)

They have previously agreed upon secret They have previously agreed upon secret key K which is a string of n randomly key K which is a string of n randomly chosen bitschosen bits

If A wishes to send an n-bit message M to If A wishes to send an n-bit message M to B, A sends to B the ciphertext C = M XOR B, A sends to B the ciphertext C = M XOR K, K,

The received ciphertext can be decrypted The received ciphertext can be decrypted by B to obtain M, since M = C XOR K. by B to obtain M, since M = C XOR K.

When another message is to be sent, When another message is to be sent, another key K must be used, hence the another key K must be used, hence the name “one-time pad”name “one-time pad”


Difficulties of OTPDifficulties of OTP To ensure the security of the To ensure the security of the

system, key size should not be less system, key size should not be less than message size (not necessary than message size (not necessary for other cryptosystems)for other cryptosystems)

Generating a fully random key is Generating a fully random key is practically very difficultpractically very difficult

Sending an unrepeated key with the Sending an unrepeated key with the same size of the message through a same size of the message through a secure channel to the receiver is secure channel to the receiver is not practicalnot practical


Computational SecurityComputational Security An encryption scheme is An encryption scheme is

computationally securecomputationally secure if it takes if it takes exponentially long time to break the exponentially long time to break the ciphertext. ciphertext.

Lifetime of a cryptosystemLifetime of a cryptosystem: : The The minimum time for unauthorized minimum time for unauthorized decoding of encrypted messagedecoding of encrypted message Defined for each application, Defined for each application,

Examples:Examples: Military orders = 1 hour to 3 yearsMilitary orders = 1 hour to 3 years Check transactions = 1 yearCheck transactions = 1 year Business agreements = 10-15 yearsBusiness agreements = 10-15 years


Classical CryptographyClassical Cryptography Basic techniques for classical ciphersBasic techniques for classical ciphers

SubstitutionSubstitution:: One letter is exchanged for One letter is exchanged for anotheranother

TranspositionTransposition:: The order of the letters is The order of the letters is rearrangedrearranged

Classical ciphersClassical ciphers Mono-alphabeticMono-alphabetic:: Letters of the plaintext Letters of the plaintext

alphabet are mapped into other unique lettersalphabet are mapped into other unique letters Poly-alphabeticPoly-alphabetic:: Letters of the plaintext Letters of the plaintext

alphabet are mapped into letters of the ciphertext alphabet are mapped into letters of the ciphertext space depending on their positions in the textspace depending on their positions in the text

StreamStream:: Key stream is generated and used to Key stream is generated and used to encrypt the plaintext (Symmetric Key Algorithms)encrypt the plaintext (Symmetric Key Algorithms)


SubstitutionSubstitution Substitute each letter in the plaintext for another Substitute each letter in the plaintext for another

oneone Goal: Goal: Confusion – difficult to determine how a Confusion – difficult to determine how a

message and key were transformed into ciphertext. message and key were transformed into ciphertext. Example Example (Caesar Cipher)(Caesar Cipher)

a b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z q e r y u i o p a s d f g w h j k l z x c v b n m tq e r y u i o p a s d f g w h j k l z x c v b n m t

under attack we need help under attack we need help

cwyul qxxqrd bu wuuy pufjcwyul qxxqrd bu wuuy pufj

T1: ch8.2.2 T2: ch9.2.2


TranspositionTransposition Change the positions of the characters in Change the positions of the characters in

the plaintextthe plaintext Goal:Goal: Diffusion – spread the information Diffusion – spread the information

from the message or the key across the from the message or the key across the ciphertext.ciphertext.

Example:Example: message: meet me after the toga partymessage: meet me after the toga party

m e m a t r h t g p r ym e m a t r h t g p r y e t e f e t e o a a te t e f e t e o a a t

Ciphertext: Ciphertext: MEMATRHTGPRYETEFETEOAATMEMATRHTGPRYETEFETEOAAT T1:

ch8.2.1 T2: ch9.2.1


Four Secure Key Distribution Four Secure Key Distribution StrategiesStrategies

for for Symmetric CryptosystemsSymmetric Cryptosystems

11. A key K can be selected by A to be shared . A key K can be selected by A to be shared with B, and K needs to be physically with B, and K needs to be physically delivered to B delivered to B

2. A third party can select the same key K 2. A third party can select the same key K and physically deliver K to A and Band physically deliver K to A and B

3. If A and B have previously used a key K’, 3. If A and B have previously used a key K’, one party can transmit the new key K to one party can transmit the new key K to the other, encrypted using the old key K’the other, encrypted using the old key K’

4. If A and B each has an encrypted 4. If A and B each has an encrypted connection to a third party C, C can connection to a third party C, C can transmit the new key K on the encrypted transmit the new key K on the encrypted links to both A and Blinks to both A and B


Asymmetric Key Asymmetric Key CryptosystemCryptosystem

(Public Key Cryptosystem)(Public Key Cryptosystem) Uses public and private keysUses public and private keys

Public key for encryptionPublic key for encryption Private key for decryptionPrivate key for decryption

Examples:Examples: RSA RSA Trapdoor one-way functionTrapdoor one-way function Elliptical curve cryptographyElliptical curve cryptography

T1: ch8.3 T2: ch9.3


RSA PrincipleRSA Principle Developed by Ron Developed by Ron RRivest, Adi ivest, Adi SShamir, and hamir, and

Leonard Leonard AAdleman. (MIT, 1977) dleman. (MIT, 1977)

C = mC = mee mod (pq) mod (pq) p, q: any two large prime numbers p, q: any two large prime numbers

(more than 512 bits)(more than 512 bits) e: public keye: public key d: private keyd: private key

Knowing CKnowing C and e, it is “infeasible” to and e, it is “infeasible” to calculate m without knowing d, p and qcalculate m without knowing d, p and q

Knowing d, p and q, it is easy to find the Knowing d, p and q, it is easy to find the original plaintext message m = Coriginal plaintext message m = Cdd mod (pq) mod (pq)

T1: ch8.3.1 T2: ch9.3.2


RSA Principle RSA Principle (cont.)(cont.)

Sender

Intruder

ReceiverC

{m, e, p, q; C= me mod(pq)}

{C, e, p, q; m=Cd mod(pq)}

{C, e}


Public Key Distribution and Public Key Distribution and AuthenticationAuthentication

Using the “Right” Public Key:Using the “Right” Public Key: Must be Must be authenticauthentic, not necessarily secret, not necessarily secret

Obtaining the “Right” Public Key:Obtaining the “Right” Public Key: DirectlyDirectly from its owner from its owner IndirectlyIndirectly, in a signed message from a , in a signed message from a

Certification AuthorityCertification Authority (CA):(CA): A A CertificateCertificate is a digitally signed message is a digitally signed message

from a CA binding a public key to a namefrom a CA binding a public key to a name Certificates can be passed around, or Certificates can be passed around, or

managed in directoriesmanaged in directories Protocols:Protocols: X.509 (RFC 2459), SPKI/SDSI, X.509 (RFC 2459), SPKI/SDSI,

etc. etc.


ReferencesReferences Matt BishopMatt Bishop, , Introduction to

Computer Security, , Addison- Addison- WesleyWesley, , 2004, ISBN: 0321247442 2004, ISBN: 0321247442

Matt Bishop, Matt Bishop, Computer Security: Art Computer Security: Art and Science,and Science, Addison- WesleyAddison- Wesley, , 2002, 2002, ISBN: 0201440997ISBN: 0201440997


SteganographySteganography


Secure Secure CommunicationCommunication

Two parties, Alice and Bob, can Two parties, Alice and Bob, can exchange information over an exchange information over an insecure mediuminsecure medium in such a way that in such a way that even if an intruder (Willie) is able to even if an intruder (Willie) is able to intercept, read and perform intercept, read and perform computation on the intercepted computation on the intercepted information, Willie will not be able to information, Willie will not be able to decipher the content of the decipher the content of the exchanged information. exchanged information.


Encryption may not be Encryption may not be enoughenough

Prisoners Problem: – Alice and Bob are in jail and wish to

hatch an escape plan . All their communications pass through the warden,Willie, and if Willie detects any encrypted messages, he can simply stop the communication.

So they must find some way of hiding their secret message in an innocuous looking text.


SteganographySteganographyThe art of hiding information in ways

that prevent detection of hidden messages.

In Greek means “covered writing” Steganography and cryptography are

cousins in the spy craft familyWhile the goal of the cryptography

system is to conceal the content of the messages, the goal of information hiding or steganography is to conceal their existence


SteganographySteganographyWhat to hide

– Texts– Images– Sound

How to hide– embed text in

text/images/audio/video files– embed image in

text/images/audio/video files– embed sound in

text/images/audio/video files


Steganographic Steganographic SystemSystem


ComparisonComparisonCryptography

C = Ek (P) Plain text

P = Dk (C)

Key

Steganography

secret message

cover image

f Stego message

f Ciphertext


A Real ExampleA Real Example During WW2 the following cipher

message was actually sent by a German spy “Apparently neutral’s protest is thoroughly

discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils”

Hidden Message “Pershing sails from NY June 1” Can be obtained by extracting the second

letter in each word of the message sent


Steganographic Steganographic TechniquesTechniques

Genome Steganography: Encoding a hidden message in a strand of human DNA

Hiding in Text: Information hidden in documents by manipulating the positions of lines and words

Hiding in Images/Videos: least significant bit insertion masking and filtering applying more sophisticated image processing

algorithms


Steganographic Steganographic TechniquesTechniques (Cont.)(Cont.)

Hiding data in audio files: Data can be hidden in the audio files. Slight alterations on sound, such as tiny shifts in phase angle, speech cadence, and frequency, can transport hidden information, but are indiscernible to human senses

Hiding in video file: least significant bit insertion masking and filtering applying more sophisticated image processing

algorithms


Steganographic Steganographic TechniquesTechniques (Cont.)(Cont.)

Hiding in the disk space: Hiding the data in unused or reserved space.

Hiding data in software and circuitry: Data can be hidden in the layout of the code distributed in a program or the layout of electronic circuits on a board.

Hiding in network packets: Hidden in packets transmitted through the Internet.


Digital WatermarkingDigital Watermarking Watermarking is used primarily for identification Watermarking is used primarily for identification

and entails embedding a unique piece of and entails embedding a unique piece of information within a medium without noticeably information within a medium without noticeably altering the mediumaltering the medium

The difference between Steganography and The difference between Steganography and Watermarking is primarily Watermarking is primarily intentintent. . Steganography conceals information; Steganography conceals information; Watermarks extend information and become an Watermarks extend information and become an

attribute of the cover imageattribute of the cover image Publishing and broadcasting industries are Publishing and broadcasting industries are

interested in techniques for hiding encrypted interested in techniques for hiding encrypted copyright marks and serial numbers in digital copyright marks and serial numbers in digital films, audio recordings, books and multimedia films, audio recordings, books and multimedia products.products.


ReferencesReferences Stefan Katzenbeisser, Fabien A. P. Stefan Katzenbeisser, Fabien A. P.

Petitcolas, Petitcolas, Information Hiding Information Hiding Techniques for Steganography and Techniques for Steganography and Digital WatermarkingDigital Watermarking, , Artech House Artech House Books, January 2000 Books, January 2000

Stephen S. Yau 1CSE465-591 Fall 2006 Cryptography.

Documents

integrity cryptography

cryptography slide

set of ciphertexts

set of keys

set of plaintexts

availability block message

availability intercept

secrecy intercept message