Introduction to Basic Crypto Schemes In order to
Introduction to Basic Crypto Schemes • In order to achieve confidentiality but at the same communicate/exchange information with intended parties, the information must be hidden from others • But how? – By encryption/decryption – By obscurity 8/27/2013 4: 40: 35 PM week 01 -crypto. ppt 1
By Obscurity – An Example A cover image (no message) 8/27/2013 4: 40: 36 PM week 01 -crypto. ppt 2
By Obscurity – An Example – cont. A cover image (no message) A stego image 8/27/2013 4: 40: 37 PM week 01 -crypto. ppt 3
Crypto Terminology • Cryptology The art and science of making and breaking “secret codes” • Cryptography making “secret codes” • Cryptanalysis breaking “secret codes” • Crypto all of the above (and more) 8/27/2013 4: 40: 39 PM week 01 -crypto. ppt 4
Crypto as Black Box plaintext key encrypt decrypt plaintext ciphertext A generic use of crypto 8/27/2013 4: 41: 15 PM week 01 -crypto. ppt 5
How to Speak Crypto • A cipher or cryptosystem is used to encrypt the plaintext – The result of encryption is ciphertext – We decrypt ciphertext to recover plaintext • A key is used to configure a cryptosystem – A symmetric key cryptosystem uses the same key to encrypt as to decrypt – A public key cryptosystem uses a public key to encrypt and a private key to decrypt – Key space is the total number of all possible keys that can be used in a cryptographic system 8/27/2013 4: 41: 42 PM week 01 -crypto. ppt 6
Crypto • Basic assumption – The system is completely known to the attacker – Only the key is secret • Also known as Kerckhoffs Principle – Crypto algorithms are not secret • Why do we make this assumption? – Experience has shown that secret algorithms are weak when exposed – Secret algorithms never remain secret – Better to find weaknesses beforehand 8/27/2013 4: 42: 05 PM week 01 -crypto. ppt 7
Confusion and diffusion • Proposed by Claude Shannon – The founder of Information Theory – 1949 paper: Comm. Thy. of Secrecy Systems • Confusion and diffusion – Confusion obscure relationship between plaintext and ciphertext • Note that the encryption must be invertible in order to be able to recover the original plaintext from the ciphertext – Diffusion spread plaintext statistics through the ciphertext 8/27/2013 4: 42: 25 PM week 01 -crypto. ppt 8
Usage of Crypto for Computer Security • Crypto provides fundamental tools to solve many problems in computer security – Confidentiality – Integrity – We have to understand the crypto algorithms and principles in order to understand many solutions to computer security problems 8/27/2013 4: 43: 04 PM week 01 -crypto. ppt 9
Simple Substitution • Plaintext: fourscoreandsevenyearsago • Key: Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • Ciphertext: IRXUVFRUHDAGVHYHABHDUVDIR • Shift by 3 is “Caesar’s cipher” 8/27/2013 4: 43: 17 PM week 01 -crypto. ppt 10
Ceasar’s Cipher Decryption • Suppose we know a Caesar’s cipher is being used • Ciphertext: IORULGDVWDWHXQLYHUVLWB Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • Plaintext: floridastateuniversity 8/27/2013 4: 44: 13 PM week 01 -crypto. ppt 11
Not-so-Simple Substitution • Shift by n for some n {0, 1, 2, …, 25} The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A = 0, B = 1, . . . , Z = 25. [1] Encryption of a letter by a shift n can be described mathematically as, [2] Decryption is performed similarly, Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext H I J K L M N O P Q R S T U V W X Y Z A B C D E F G 8/27/2013 4: 44: 20 PM week 01 -crypto. ppt 12
Cryptanalysis I: Try Them All • • A simple substitution (shift by n) is used But the key is unknown Given ciphertext: CSYEVIXIVQMREXIH How to find the key? Only 26 possible keys try them all! Exhaustive key search Solution: key = 4 8/27/2013 4: 45: 02 PM week 01 -crypto. ppt 13
Even-less-Simple Substitution • Key is some permutation of letters • Need not be a shift • For example Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext J I C A X S E Y V D K W B Q T Z R H F M P N U L G O • Then 26! > 288 possible keys! 8/27/2013 4: 45: 06 PM week 01 -crypto. ppt 14
Cryptanalysis II: Be Clever • We know that a simple substitution is used • But not necessarily a shift by n • Can we find the key given ciphertext: PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQ WAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBF XFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVP PBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDP TOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFI PBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEB QPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAV WAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA 8/27/2013 4: 45: 29 PM week 01 -crypto. ppt 15
Cryptanalysis II • Can’t try all 288 simple substitution keys • Can we be more clever? • English letter frequency counts – Also the relative frequencies for pairs and triples of characters 8/27/2013 4: 45 PM week 01 -crypto. ppt 16
Cryptanalysis II 8/27/2013 4: 46: 12 PM week 01 -crypto. ppt 17
Cryptanalysis II • Ciphertext: PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBV CXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVW LBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFO THFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQ PWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTO GHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFX VAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLV WPTOFFA • Decrypt this message using info below Ciphertext frequency counts: A B C D E F G H I J K LMN O P Q R S T U VWX Y Z 21 26 6 10 12 51 10 25 10 9 8/27/2013 4: 47: 20 PM 3 10 0 1 15 28 42 0 week 01 -crypto. ppt 0 27 4 24 22 28 6 18 8
Cryptanalysis Terminology • Cryptosystem is secure if best known attack is to try all keys • Cryptosystem is insecure if any shortcut attack is known – By this definition, an insecure system might be harder to break than a secure system, depending on the size of the key space – In practice, we need to select a secure cipher with a large enough key space • As a secure cipher with a small key space can be broken 8/27/2013 4: 47: 53 PM week 01 -crypto. ppt 19
Even-less-Simple Substitution – cont. • Key is some permutation of letters – It is not secure when used to encrypt plain English messages • It uses only confusion – How can we improve the security of this cipher? 8/27/2013 4: 48: 14 PM week 01 -crypto. ppt 20
Double Transposition • Plaintext: attackxatxdawn Permute rows and columns • Ciphertext: xtawxnattxadakc • Key: matrix size and permutations (3, 5, 1, 4, 2) and (1, 3, 2) 8/27/2013 6: 01: 19 PM week 01 -crypto. ppt 21
Double Transposition • Plaintext: attackxatxdawn Permute rows and columns • Which principles does a double transposition cipher use, confusion, diffusion, or both? 8/27/2013 6: 01: 24 PM week 01 -crypto. ppt 22
One-time Pad Encryption e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 Encryption: Plaintext Key = Ciphertext h e i l h i t l e r Plaintext: 001 000 010 100 001 010 111 100 000 101 Key: 111 101 110 101 111 100 000 101 110 000 Ciphertext: 110 101 100 001 110 111 001 110 101 s 8/27/2013 6: 01: 28 PM r l h s week 01 -crypto. ppt s t h s r 23
One-time Pad Encryption e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 Encryption: Plaintext Key = Ciphertext h e i l h i t l e r Plaintext: 001 000 010 100 001 010 111 100 000 101 Key: 111 101 110 101 111 100 000 101 110 000 Ciphertext: 110 101 100 001 110 111 001 110 101 s r l h s s t h s r 8/27/2013 to 6: 01: 33 PM week 01 -crypto. ppt 24 How decrypt a message encrypted using one-time pad?
One-time Pad Decryption e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 Decryption: Ciphertext Key = Plaintext s r l h s s t h s r Ciphertext: 110 101 100 001 110 111 001 110 101 Key: 111 101 110 101 111 100 000 101 110 000 Plaintext: 001 000 010 100 001 010 111 100 000 101 h 8/27/2013 6: 01: 39 PM e i l h week 01 -crypto. ppt i t l e r 25
One-time Pad Double agent claims sender used “key”: s r l h s s t h s r Ciphertext: 110 101 100 001 110 111 001 110 101 “key”: 101 111 000 101 111 100 000 101 110 000 “Plaintext”: 011 010 100 001 010 111 100 000 101 k i l l h i t l e r e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 8/27/2013 6: 01: 41 PM week 01 -crypto. ppt 26
One-time Pad Sender is captured and claims the key is: s r l h s s t h s r Ciphertext: 110 101 100 001 110 111 001 110 101 “Key”: 111 101 000 011 101 110 001 011 101 “Plaintext”: 001 000 100 011 000 110 011 000 h e l i k e s i k e e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 8/27/2013 6: 01: 44 PM week 01 -crypto. ppt 27
One-time Pad Summary • Provably secure, when used correctly – Ciphertext provides no info about plaintext – All plaintexts are equally likely – Pad must be random, used only once – Pad is known only by sender and receiver – Pad is same size as message – No assurance of message integrity • Why not distribute message the same way as the pad? 8/27/2013 6: 01: 52 PM week 01 -crypto. ppt 28
Messages in Depth • Messages are in depth if they are encrypted with the same key 8/27/2013 6: 02: 03 PM week 01 -crypto. ppt 29
Real-world One-time Pad • Project VENONA – Soviet spy messages from U. S. in 1940’s – Nuclear espionage, etc. – Thousands of messages • Spy carried one-time pad into U. S. • Spy used pad to encrypt secret messages • Repeats within the “one-time” pads made cryptanalysis possible 8/27/2013 6: 02: 11 PM week 01 -crypto. ppt 30
Codebook • Literally, a book filled with “codewords” • Zimmerman Telegram encrypted via codebook Februar fest finanzielle folgender Friedenschluss : 13605 13732 13850 13918 17142 17149 : • Modern block ciphers are codebooks. 8/27/2013 6: 02: 39 PM week 01 -crypto. ppt 31
Zimmerman Telegram • One of most famous codebook ciphers ever • Led to US entry in WWI • Ciphertext shown here… 8/27/2013 6: 02: 57 PM week 01 -crypto. ppt 32
Zimmerman Telegram Decrypted • British had recovered partial codebook • Able to fill in missing parts 8/27/2013 6: 03: 12 PM week 01 -crypto. ppt 33
Taxonomy of Cryptography • Symmetric Key – Same key for encryption as for decryption – Stream ciphers – Block ciphers • Public Key – Two keys, one for encryption (public), and one for decryption (private) – Digital signatures nothing comparable in symmetric key crypto • Hash algorithms 8/27/2013 6: 03: 26 PM week 01 -crypto. ppt 34
Taxonomy of Cryptanalysis • Ciphertext only • Known plaintext • Chosen plaintext – “Lunchtime attack” – Protocols might encrypt chosen text • Adaptively chosen plaintext • Related key • Forward search (public key crypto only) 8/27/2013 6: 03: 35 PM week 01 -crypto. ppt 35
Summary • Substitutions and transpositions are the building blocks of ciphers – While the ones we covered so far are simple and straightforward, their generalized versions are used extensively in modern ciphers 8/27/2013 6: 03: 42 PM week 01 -crypto. ppt 36
Class Discussion • Do you agree with the following (p. 722, E. Skoudis, “Counter Hack Reloaded”, 2 nd Edition)? – “Just as this is the Golden Age of Hacking, so too is it the Golden Age of Information Security. We live in very exciting times with technologies rapidly advancing, offering tremendous opportunities for learning and growing. If technology itself doesn’t get you excited, think of the tremendous job security afforded to system administrators, security personnel, and network managers who know how to secure their systems properly. ” 37
Class Discussion • If you place an unpatched computer on the Internet, what is the average survival time before being completely compromised? 38
Class Discussion http: //isc. sans. edu/survivaltime. html 39
Class Discussion http: //isc. sans. edu/survivaltime. html 40
Before Class Discussion • Homeland Security Secretary Janet Napolitano in her farewell address given on Aug. 27, 2013 41
- Slides: 41