Introduction to Cryptography INFSCI 1075 Network Security Spring

Introduction to Cryptography INFSCI 1075: Network Security – Spring 2013 Sam T. Zargar

Security Features and Mechanisms � Security Features (Security Services) Measures intended to counter security attacks by employing security mechanisms � Take on functions of physical documents and procedures like signatures, identity cards, endorsements, etc. � Typical services: Confidentiality, integrity, authentication, nonrepudiation, and availability. � � Security Mechanisms Prevent, detect, and recover from security attacks � No single security mechanism can provide all the security services � 2

Remarks � Not all security services can be provided by a single security mechanism � Cryptography, if used cleverly and correctly, can provide several of the security services � Cryptography is the backbone of most security mechanisms � SSL, SSH, IPSec, WPA, Kerberos, VPNs, Dial-up, etc. � Cryptography: using encryption and decryption principles/methods to conceal information 3

Limitations of Cryptography � Cryptography is not a complete solution in itself � Systems and networks are not secure today Not because of the mathematics behind cryptography � The math is sound � Implementation of the cryptosystems and usage of cryptography in protocols are occasionally flawed � The human factor � � Why you need to study cryptography An important component of information security today � Awareness of what is used where and why it works � Sense of why crypto in itself is not enough, but you need things around it to make networks and systems secure � 4

History � For thousands of years people have used methods of concealing information � � Concealing Ciphering or Encryption Examples � � Writing concealed information from the illiterate Mirrors were used in India Tattoo messages on scalps and allow hair to grow Biblical times (500 BC) � � Sparta (500 BC) � � 5 Substitution of one alphabet by another in a systematic way Scytale (sitaali) http: //en. wikipedia. org/wiki/Scytale

History (2) � Caesar Cipher (50 BC) � � Described by Julius Caesar Example of a Shift Cipher � World War I Creation of many new ciphers � ADFGVX code by the German military in World War 1 � A product cipher � � Cryptography and Mathematics Linkages started in the 1920 s � Extended to World War II � Information Theory played a role in 1949 when Shannon defined “perfect secrecy” � 6

Modern Times �Data Encryption Standard (DES)(1977) � Opened up a new area of research for securing digital information �All encryption algorithms from BC till 1976 were secret key algorithms � Also called private key algorithms or symmetric key algorithms �Public key algorithms were introduced in 1976 by Whitfield Diffie and Martin Hellman (asymmetric) 7

Some Basic Terminology � Plaintext - original message � Ciphertext - coded message � Cipher - algorithm for transforming plaintext to ciphertext � Key - info used in cipher known only to sender/receiver � Encipher (encrypt) - converting plaintext to ciphertext � Decipher (decrypt) - recovering plaintext from ciphertext 8

Definitions � Cryptography – using encryption and decryption principles/methods to conceal information � Cryptanalysis (code breaking) - study of principles/ methods of deciphering ciphertext without knowing the key � Cryptology – study of both cryptography and cryptanalysis � Encryption � Conventional (symmetric) encryption � Public-key (asymmetric) encryption 9

Cryptology PROTOCOLS CRYPTOLOGY CRYPTOGRAPHY Private Key (Secret Key) Block Cipher Stream Cipher CRYPTANALYSIS Public Key Integer Factorization Discrete Logarithm 10

Cryptography �Can characterize cryptographic system by: �Type of encryption operations used �Substitution �Number of keys used �Single-key �Way or private / two-key or public in which plaintext is processed �block 11 / transposition / product / stream

Block vs. Stream Ciphers �Block ciphers process messages in blocks, each of which is then en/decrypted �like a substitution on very big characters 64 -bits or more �Stream ciphers process messages a bit or byte at a time when en/decrypting �Many current ciphers are block ciphers �Broader 12 range of applications

Cryptanalysis � The science/art of breaking an encryption scheme � Objective is to recover key not just message � General approaches: � Cryptanalytic attack � May rely on: Nature of encryption algorithm Characteristics of the plaintext Some plaintext-cipher text pairs � Brute-force Try attack every key …time and space complexity! On average, half of all possible keys must be tried to achieve success. 13

Cryptanalytic Attacks � Ciphertext � Cryptanalyst has only Ciphertext of possibly many messages. � Known � plaintext Access to both plain and ciphertext of several messages, probable words. � Chosen � � 14 ciphertext Attacker has access to decrypting box, objective is deduce the key, have the corresponding plaintext. � The � plaintext Attacker can select plaintext and obtain its ciphertext. � Chosen � only HUMAN factor Rubber hose attack -- threaten, torture, blackmail for the key Purchase-key attack -- bribery (or burglary) Scam attack – “excuse me, could you tell me your password? ” I’m stupid attack – easy to guess key (name, birthdate, phone number, …. )

Encryption scheme is: �Unconditionally secure if: �No matter how much computer power or time is available, the cipher cannot be broken since the cipher-text provides insufficient information to uniquely determine the corresponding plaintext �e. g. , one-time pad (later) �Computationally secure if: �Given limited computing resources (e. g. time needed for calculations is greater than age of universe), the cipher cannot be broken and it is costly! 15

Brute Force Search �Always possible to simply try every key �Most basic attack, proportional to key size �Assume either know / recognize plaintext Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4. 3 109 231 µs = 35. 8 minutes 2. 15 milliseconds 56 256 = 7. 2 1016 255 µs = 1142 years 10. 01 hours 128 2128 = 3. 4 1038 2127 µs = 5. 4 1024 years 5. 4 1018 years 168 2168 = 3. 7 1050 2167 µs = 5. 9 1036 years 5. 9 1030 years 26! = 4 1026 2 1026 µs = 6. 4 1012 years 26 characters (permutation) 16 6. 4 106 years

Symmetric Encryption � OR conventional / private-key / single-key � Sender and receiver share a common key � All classical encryption algorithms (from BC till 1976) � Was only type prior to invention of public-key in 1976 � and by far most widely used 17

Symmetric Cipher Model 18

Conventional Encryption Model Insecure channel Alice x Encrypt y Decrypt Bob x k k Secure Channel Oscar Key Source 19

Requirements � Two requirements for secure use of symmetric encryption: � a strong encryption algorithm � a secret key known only to sender / receiver � Mathematically have: Y = ek(X) X = dk(Y) � The functions ek() and dk() must be inverses of one another � � � ek(dk(y)) = ? dk(ek(x)) = ? ek(dk(x)) = ? � Assume encryption/decryption algorithm is known, strength is in key �Implies a secure channel to distribute key 20

Substitution Ciphers 21

Classical Substitution Ciphers � where letters of plaintext are replaced by other letters or by numbers or symbols � or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

Shift Ciphers �Idea � Represent the capital letters of the English alphabet by integers �Encryption � ek(x) = (x + k) mod 26 �Decryption � dk(y) = (y – k) mod 26 A B C 0 1 2 N O P 13 14 15 23 D 3 Q 16 E 4 R 17 F 5 S 18 G H I J K L M 6 7 8 9 10 11 12 T U V W X Y Z 19 20 21 22 23 24 25

Caesar Cipher � earliest known substitution cipher � by Julius Caesar (50 BC) � first attested use in military affairs � replaces each letter by 3 rd letter on � example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB

Set of Residues: Zn � The result of the modulo operation with modulus n is always an integer between 0 and n-1. � Modulo operation creates a set, which in modular arithmetic is referred to as the set of least residues, modulo n, or Zn � E. g. � Z 2 ={0, 1} � Z 6 ={0, 1, 2, 3, 4, 5} � Z 10={0, 1, 2, 3, 4, 5, 6, 7, 8, 9} 25

The modulo operation (Quick review) � What is 27 mod 5? Dividend Divisor 5 Quotient? 5 27 - 25 Remainder? 2 � What is -27 mod 5? Dividend Divisor Quotient? -6 5 -27 - (-30) Remainder? 3 � 26

Examples § 36 mod 9 = 0 4 9 � -45 36 -36 0 mod 9 = 0 -5 9 -45 -(- 45) 0 27

Shift Ciphers �Cipher-text: HCEGDQQM �K: C �What is the plain-text? �Encryption � ek(x) = (x + k) mod 26 �Decryption � dk(y) = (y – k) mod 26 A B C 0 1 2 N O P 13 14 15 28 D 3 Q 16 E 4 R 17 F 5 S 18 G H I J K L M 6 7 8 9 10 11 12 T U V W X Y Z 19 20 21 22 23 24 25

Cryptanalysis of Caesar Cipher Ø only l have 26 possible ciphers A maps to A, B, . . Z Ø could simply try each in turn Ø a brute force search Ø given ciphertext, just try all shifts of letters Ø do need to recognize when have plaintext Ø eg. break ciphertext "GCUA VQ DTGCM“

Monoalphabetic Cipher � Rather than just shifting the alphabet � Could shuffle (jumble) the letters arbitrarily � Each plaintext letter maps to a different random ciphertext letter � Hence key is 26 letters long Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D K V Q F I B J W P E S C X H T M Y A U O L R G Z N If we wish to replace letters Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA 30

Monoalphabetic Cipher Security � now have a total of 26! = 4 x 1026 keys � with so many keys, might think is secure � but would be !!!WRONG!!! � problem is language characteristics

Language Redundancy and Cryptanalysis Ø human languages are redundant Ø eg "th lrd s m shphrd shll nt wnt" Ø letters are not equally commonly used Ø in English E is by far the most common letter l followed by T, R, N, I, O, A, S Ø other letters like Z, J, K, Q, X are fairly rare Ø have tables of single, double & triple letter frequencies for various languages

English Letter Frequencies (Stallings Fig 2. 5) 33 Seberry & Pieprzyk, "Cryptography - An Introduction to Computer Security", Prentice-Hall 1989, Appendix A has letter frequency graphs for 20 languages (most European & Japanese & Malay).

Example Cryptanalysis �Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ �Count relative letter frequencies (see text) �Guess P & Z are E and T �Guess ZW is th and hence ZWP is the �Proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow 34

The Affine Cipher A 0, B 1, C 2, …, Z 25 � Plaintext: x P = {0, 1, 2, …, 25} � Ciphertext: y C = {0, 1, 2, …, 25} � Encryption is defined as: � Use � ek (x) = ax + b mod 26 � How is decryption defined? � dk(y) � How 35 = (y – b)/a mod 26 do we divide modulo 26?

Example of Affine Ciphers � Let ek(x) = 3 x + 7 mod 26 � Consider encrypting “ANT” = 0, 13, 19 � Ciphertext is 7, 20, 12 = “HUM” � Let � � us decrypt it H = 7 => (7 -7)/3 = 0 = A U = 20 => (20 -7)/3 = 13/3 =? 13 * 3 -1 mod 26 M = 12 => (12 -7)/3 = 5/3 =? 5 * 3 -1 mod 26 3 -1 ? � Multiplicative Inverse of 3 in Z 26? � Using extended Euclidean algorithm � Ref. Cryptography and Network Security Forouzan) � Chapter 36 2: Mathematics of Cryptography (Behrouz A.

Polyalphabetic Ciphers �Polyalphabetic substitution ciphers �Improve security using multiple cipher alphabets �Make cryptanalysis harder with more alphabets to guess and flatter frequency distribution �Use a key to select which alphabet is used for each letter of the message �Use each alphabet in turn �Repeat from start after end of key is reached 37

Vigenère Cipher �Simplest polyalphabetic substitution cipher �Effectively multiple Caesar cipher �Key is multiple letters long K = k 1 k 2. . . kd �nth letter specifies nth alphabet to use �Use each alphabet in turn �Repeat from start after d letters in message �Decryption simply works in reverse 38

Example of Vigenère Cipher �Write the plaintext out �Write the keyword repeated above it �Use each key letter as a Caesar cipher key �Encrypt the corresponding plaintext letter �E. g. Using deceptive as a key: deceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ A B C D E F G H I J K L M 0 1 2 3 4 5 6 7 8 9 10 11 12 N O P Q R S T U V W X Y Z 13 14 15 16 17 18 19 20 21 22 23 24 25 39

Security of Vigenère Cipher � Have multiple ciphertext letters for each plaintext letter � Hence letter frequencies are obscured � But not totally lost! � Start with letter frequencies � See if look monoalphabetic or not � E. g. � key: 1 10 19 deceptivedeceptive � Letters in positions 1, 10, 19, and so on are all encrypted with the same monoalphabetic cipher! � Using known frequency characteristics of plaintext language to attack each monoalphabetic ciphers � Solution: Increase the key size to the length of message! 40

Autokey Cipher �Ideally want a key as long as the message �Vigenère proposed the autokey cipher �With keyword as a prefix to as much of the message as is needed to be used as key �Knowing keyword can recover the first few letters �Use these in turn on the rest of the message �But still have frequency characteristics to attack �E. g. Given deceptive as a key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA 41

One-Time Pad �If a truly random key as long as the message is used, the cipher will be secure � Called a One-Time pad �It is unbreakable since ciphertext bears no statistical relationship to the plaintext �Since for any plaintext & any ciphertext there exists a key mapping one to other � Can �There only use the key once though are problems in generation & safe distribution of key 42

Brute Force Search �Always possible to simply try every key �Most basic attack, proportional to key size �Assume either know / recognize plaintext Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4. 3 109 231 µs = 35. 8 minutes 2. 15 milliseconds 56 256 = 7. 2 1016 255 µs = 1142 years 10. 01 hours 128 2128 = 3. 4 1038 2127 µs = 5. 4 1024 years 5. 4 1018 years 168 2168 = 3. 7 1050 2167 µs = 5. 9 1036 years 5. 9 1030 years 26! = 4 1026 2 1026 µs = 6. 4 1012 years 26 characters (permutation) 43 6. 4 106 years

Question � Assume that you have a PC that can do 106 decryption per µs. You want to decrypt an algorithm that its key space/key size has 56 bits using brute force approach. So you need to in average check half of the key space. How long does it take to check half of the key space using your PC? (µs = 10 -6 seconds) � 256 / 2 = 255 different keys to be checked (should be decrypted) � In each � So: µs you can decrypt 106 ciphertexts using 106 keys out of 255 How many µs to decrypt using 255 keys? 255 / 106 = 36028797018. 963968 µs = 36028797018. 963968 *10 -6 ~ 36029 s / 60 ~ 600 min / 60 ~ 10 hours 44

Transposition Ciphers 45

Transposition Ciphers � Now consider classical transposition or permutation ciphers � Hide the message by rearranging the letter order without altering the actual letters used. � Can recognize these since they have the same frequency distribution as the original text � 46

Permutation Cipher �Permutation cipher � Do not change the plaintext � Simply shuffle the plaintext according to a known permutation π(j) � Different from the substitution cipher �Suppose the plaintext is x = (x 1, x 2, x 3, … xm) �Encryption is: ek(x) = y = (xπ(1), xπ(2), xπ(3), … xπ(m)) �Note that the ciphertext still consists of the same elements that were present in the plaintext 47

Example of Permutation Cipher P 1 (P) 3 2 1 3 2 C 1 -1(C) 2 More like an anagram � Encrypt HOTDOG = HOT DOG � Shuffling, � Decrypt THO GDO � Shuffling, 48 we get THO GDO we get HOTDOG 2 3 3 1

Rail Fence cipher �Write message letters out diagonally over a number of rows then read off cipher row by row �E. g. write message out as: � Org message: meet me after the toga party m ema t r h t g p r y e t e f e t e oa a t �Giving ciphertext MEMATRHTGPRYETEFETEOAAT 49

Remarks on Permutation Cipher � Read Section 2. 3 ‘Transposition Techniques’ for more on permutations � Permutations and substitutions are very important in modern encryption schemes � Example: DES makes use of permutations � Example: AES makes use of many rounds of substitutions and permutations 50

Product Ciphers 51

Product Ciphers �Ciphers using substitutions or transpositions are not secure because of language characteristics �Hence consider using several ciphers in succession to make the cipher harder: � Two substitutions make more complex substitution � Two transpositions make more complex transposition � But a substitution followed by a transposition makes a new difficult cipher! �This is a bridge from classical to modern ciphers (e. g. AES) 52

Example of Product Cipher 1 - Substitution: (e. g. Vigenère ): Key: SPRING Text: HOTDOG Encrypt (Using Substitution ) Decrypted: ZDKLBM 2 - Permutation j (j) 1 st 2 3 1 � Encrypt � 53 4 6 5 k 1 st -1(k) 2 2 3 3 1 4 5 5 6 6 4 (Using Permutation) ZDKLBM = Shuffling, we get KZDMLB � Decrypt � 3 2 KZDMLB Shuffling, we get ZDKLBM Then Key : SPRING Decrypted: ? A B C D E F G H I J K L M 0 1 2 3 4 5 6 7 8 9 10 11 12 N O P Q R S T U V W X Y Z 13 14 15 16 17 18 19 20 21 22 23 24 25

How about… A substitution then a permutation, then another substitution and permutation as an encryption? More secure? (Please think about it) 1 - Substitution: (e. g. Vigenère ): Key: SPRING Text: HOTDOG Encrypt (Using Substitution ) Decrypted: ZDKLBM 2 - Permutation j (j) 1 3 2 4 6 5 k 1 -1(k) 2 2 3 3 1 4 5 5 6 6 4 Encrypt (Using Permutation) ZDKLBM = Shuffling, we get KZDMLB 3 - Substitution: (e. g. Vigenère ): Key: SPRING Text: KZDMLB Encrypt (Using Substitution ) Decrypted: CQUUYH 4 - Permutation: Encrypt (Using Permutation) CQUUYH = Shuffling, we get UCQHUY Please do the decryption yourself 54 A B C D E F G H I J K L M 0 1 2 3 4 5 6 7 8 9 10 11 12 N O P Q R S T U V W X Y Z 13 14 15 16 17 18 19 20 21 22 23 24 25

Rotor Machines �Before modern ciphers, rotor machines were most common complex ciphers in use �Widely used in World. War. II � German Enigma, Allied Hagelin, Japanese Purple �Implemented very complex, varying substitution cipher �Used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted �With 3 cylinders had 263=17576 alphabets 55

Hagelin Rotor Machine 56

Rotor Machine Principles

An alternative to Encryption 58

Steganography �An alternative to encryption �Art of hiding information in the midst of irrelevant data �This is NOT cryptography �Hides existence of message � Using only a subset of letters/words in a longer message marked in some way � Using invisible ink � Hiding in LSB (least-signifcant-bit)in graphic image or sound file �Has drawbacks � High 59 overhead to hide relatively few info bits

Example of Steganography Dear George, Greetings to all at Oxford. Many thanks for your letter and for the summer examination package. All entry forms and fees forms should be ready for final dispatch to the syndicate by Friday 20 th or at the latest I am told by the 21 st. Admin has improved here though there is room for improvement still; just give us all two or three more years and we will really show you! Please don’t let these wretched 16+ proposals destroy your basic O and A pattern. Certainly this sort of change, if implemented immediately, would bring chaos. Sincerely yours, 60

Example of Steganography Dear George, Greetings to all at Oxford. Many thanks for your letter and for the summer examination package. All entry forms and fees forms should be ready for final dispatch to the syndicate by Friday 20 th or at the latest I am told by the 21 st. Admin has improved here though there is room for improvement still; just give us all two or three more years and we will really show you! Please don’t let these wretched 16+ proposals destroy your basic O and A pattern. Certainly this sort of change, if implemented immediately, would bring chaos. Sincerely yours, 61

Summary � Have considered: � Classical cipher techniques and terminology � Monoalphabetic substitution ciphers � Cryptanalysis using letter frequencies � Polyalphabetic ciphers � Transposition ciphers � Product ciphers � Steganography � ROTOR Machines 62