Week 2 - Friday. What did we talk about last time? Substitution ciphers Vigenère ciphers One-time pad.

CS363Week 2 - Friday

Last time

What did we talk about last time? Substitution ciphers Vigenère ciphers One-time pad

Questions?

Project 1

Security PresentationMichael Franzese

Secure Encryption Algorithms

How do you define good? Claude Shannon is the guy that invented Shannon

secrecy and is considered the father of information theory He proposed 5 characteristics for a good cipher:1. The amount of secrecy needed should determine the

amount of labor appropriate for encryption and decryption

2. The set of keys and the enciphering algorithm should be free from complexity

3. The implementation of the process should be as simple as possible

4. Errors in ciphering should not propagate and cause corruption of further information in the message

5. The size of the enciphered text should be no larger than the text of the original message

A more modern view

Shannon was focused on hand encryption

Modern commercial users of cryptography want the following characteristics for their cryptosystems: Based on sound mathematics Analyzed by competent experts and

found to be sound Stood the test of time

Stream and Block Ciphers

Stream and block ciphers A common way of dividing ciphers is into

stream ciphers and block ciphers Block ciphers divide messages into fixed

length parts (or blocks) and encipher each part with the same key

Stream ciphers encipher each message character by character Some other authors define a stream cipher to

be like a block cipher except that the key changes with each block based on the message

Self-synchronous stream ciphers Self-synchronous ciphers are stream ciphers that get

the key from the message itself The simplest such cipher is an autokey cipher that

uses the message itself for the key Essentially, this is similar to the Vigenère cipher with

the key coming from the message Example:

Message: THISISTHEREMIX Key: QTHISISTHEREMI

Alternatively, the key can be drawn from the ciphertext Message: THEBOYHASTHECAT Key: XQXBCQOVVNGNRTT Ciphertext: QXBCQOVVNGNRTTM

Confusion and Diffusion

Confusion is the property of a cryptosystem that changing a single character in the plaintext should not have a predictable effect

Diffusion is the property of a cryptosystem that each character in the plaintext should impact many characters in the ciphertext

Examples: Caesar cipher has poor confusion and no diffusion One time pad has good confusion but no diffusion Auto-key ciphers may have poor confusion but good

diffusion AES and DES have good confusion and diffusion within

a block

Models of Attacks

Attacks

We measure a cryptosystem based on its resistance to an adversary or attacker

Kinds of attacks: Ciphertext only Full or partial plaintext Chosen plaintext Chosen ciphertext Ciphertext and plaintext pairs

Ciphertext only

Attacker only has access to an encrypted message, with a goal of decrypting it

This is the assumption we have made so far when cryptanalyzing the classical ciphers

The world is filled with ciphertext data

This model gives the attacker very little to work with

Full or partial plaintext

Attacker has access to a plaintext and its matching ciphertext, with a goal of discovering the key

It is possible that the full or partial plaintext is available because it is an encrypted broadcast of public (or soon to be public) information Perhaps a secret transmission informed everyone of a

new policy Then, the policy is made public

Some messages are very common “Nothing to report.” If these messages are predictable, the ciphertext could

be intercepted and the plaintext guessed

Chosen plaintext

Attacker may ask to encrypt any plaintext, with a goal of discovering the key

This model seems unusual, but it comes up in practice Military forces seize a transmission room and start

transmitting messages Perhaps they don’t have enough knowledge to

learn the encryption settings, but the known messages could be analyzed later

All public key cryptosystems allow this kind of attack, since anyone can generate encrypted messages

Chosen ciphertext

It is unusual that an attacker can pick a ciphertext and ask for it to be decrypted Why not just ask for any particular

ciphertext that you’re interested in? If you have access to code that can

encrypt huge amounts of plaintext quickly, it is possible to attempt a brute force encryption that will approximate choosing the ciphertext

Ciphertext and plaintext pairs

As an extension of known plaintext, it may be the case that you have many ciphertext/plaintext pairs that are encrypted with the same key

Human error

Humans allow some of the scenarios described above through error Operators transmit the same message

with two different keys Operators transmit some information in

the clear Operators transmit a repeat of a

message but make small mistakes the second time

As usual, humans are a problem

DES

Block ciphers

A block cipher is a symmetric key cipher that works on a block of data of a given size

For compatibility with hardware, block sizes are often powers of two: 64 bits, 128 bits, 256 bits, etc.

Block ciphers are a fundamental part of many modern cryptosystems

To encrypt a message longer than a single block: First break the message into blocks Then, each block could be encrypted individually Or data from the first block can be used in the

encryption of the second, and so on

DES

Data Encryption Standard DES is a typical block cipher It was chosen as the government's

standard for encryption in 1976 (but has since been deprecated)

DES works on blocks 64 bits in size DES uses a 56 bit key NSA helped design it… amidst some

controversy

History

In the 1970’s, the National Bureau of Standards (NBS) saw the need for a publicly available encryption standard

They called for proposals that met the following criteria: High level of security Easy to understand Publishable (no security through obscurity) Available to everyone Adaptable for many applications Economical to implement in hardware Efficient to use Able to be validated Exportable

A cryptosystem called Lucifer developed by IBM was adapted into the resulting DES

NBS was reorganized into the National Institute of Standards and Technology in 1988

Exportability

After WWII (the birth of modern cryptography), many governments saw the immense value of crypto Countries like the US with good crypto didn’t want their enemies to

have it Strong encryption was listed as an Auxiliary Weapons

Technology on the US Munitions List 40 bit or weaker encryption could be exported 240 possibilities can be brute forced in days (or hours)

In 1996, Bill Clinton signed an executive order that moved commercial encryption from the Munitions List to the Commerce Control List

It is still technically possible to be arrested for exporting software that can perform strong encryption and decryption But it is no longer illegal arms trafficking

Although DES is longer than 40 bits, its 56 bits seem to be in the range that never really posed a problem for the feds

DES internals

DES has 16 rounds The book calls them cycles

In each round, the input is broken into 2 halves, manipulated, and combined with part of the key

Input

Permutation

Left0 Right0f

Key1

Left1 Right1+

Left0 Right0

Upcoming

Next time…

More on DES Maybe start on AES Yuki Gage presents

Reminders

Read Section 2.5 Start working on Assignment 1

Due next Friday by midnight