Outline and • Cryptology CMSC 426 - Computer Security • Symmetric • Cryptanalytic Attacks • Block and Stream Ciphers

1 2 Cryptography and Cryptanalysis • Cryptography - the • Cryptanalysis - the creation and use of theory and practice of Cryptology secret codes and related “breaking” data security cryptographic algorithms mechanisms. and protocols. The scientific study of codes: creating, using, analyzing, and “breaking.” • More generally, the • “Breaking” means study, theory, and recovering protected implementation of text or otherwise security mechanisms bypassing security based on the without knowledge of transformation of data. secret parameters.

3 4 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Cryptographic Cryptographic Mechanisms (a la X.800) Algorithms

Data Confidentiality • Many choices, e.g. Encipherment... DES

Encipherment Symmetric • Encryption Encryption Data and System Integrity 3DES

• Digital Signatures Asymmetric Encryption AES • Data Integrity Mechanisms El Authentication Exchange RSA Gamal RC4 • DH

5 6

Symmetric Encryption In addition to learning about the primary cryptographic security mechanisms, we will The main ingredients: study utility mechanisms: • • Plaintext (message before encryption) Key Derivation - derivation of secret keys • Encryption algorithm for use in encipherment. • • Secret key Random Number Generation - generation • (message after encryption) of security-critical random values. • • Decryption algorithm

7 8 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Substitution Ciphers • The plaintext is just a message written in the alphabet. • Suppose my plaintext alphabet consists of A-Z, a- • The ciphertext uses the same alphabet. z, 0-9, period (.), and space. The secret key is the permutation P. • Let P be any permutation of the alphabet and P -1 • the inverse of P. • The encryption algorithm is the application of P to • For a message M = m0 m1 ... mn-1, the encipherment is each character in the plaintext. Z = P(m0) P(m1) ... P(mn-1). • The decryption algorithm is the application of the • The message can be decrypted by applying P -1 in inverse permutation to each character in the the same way to the characters in Z. ciphertext.

9 10

Exercise: Substitution Exercise continued...

• Suppose I intercept a message encrypted with an unknown permutation P. • In the previous example, the alphabet consists of 64 letters. • I’ve got a special computer that can try all possible permutations to find the one that • How many different permutations of 64 decrypts the message. It can try one billion letters are there? (109) permutations per second. • How long will it take to find the answer?

11 12 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 A Better Attack?

That’s called BRUTE FORCE. • Think back to Caesar Ciphers...wrack your It’s the simplest type of cryptanalytic brains... attack...but it’s not always practical. • What is a better way to attack a ?

13 14

Cryptanalytic Attacks

That’s called a CIPHERTEXT ONLY attack. Suppose we intercept ciphertext that we It’s a real cryptanalytic attack, and in the case • want to decrypt and that we know the of a substitution cipher, is much more details of the encryption algorithm. efficient than Brute Force. • Cryptanalytic attacks are classified There are other types of attacks... according to what other information is available to the attacker.

15 16 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Type of Known to Cryptanalyst A Few Scenarios Attack (in addition to algorithm and ciphertext)

Ciphertext Substitution cipher: No additional information. • only ciphertext only. Known One or more plaintext/ciphertext pairs encrypted with the plaintext same key. • SIM or smart card in a test harness: chosen Chosen Plaintext messages chosen by analyst along with plaintext. plaintext corresponding encrypted with the same key. Chosen Ciphertext messages chosen by analyst along with • Stereotypical messages ciphertext corresponding plaintexts decrypted with the same key. (e.g. encrypted PDF, Word, or structured Chosen text Chosen plaintexts and chosen ciphertexts. messages: known plaintext. Source: www.scmartcarddetective.com

17 18

Block Ciphers Generic

N O W I S T H E T I M E / / / / • Processes plaintext in fixed-size blocks (called the block size) and produces ciphertext in blocks of the same size. Key Algorithm Key Algorithm • Typical block sizes are 64 and 128 bits. • Examples: DES, 3DES, and AES r 2 Y a y w d k i k R 2 e r 1

19 20 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Stream Ciphers Generic

• Algorithm (called a key generator) produces Key Generator Key a pseudo-random string of bits or bytes. Key Stream • Pseudo-random stream is XORed with Z N 0 k I Q B D m U q K ... plaintext. ⊕ Plaintext • Typically small and fast. N O W I S T H E T I M E Ciphertext • Examples: RC4, A5/1 = 0x14 0x01 0x67 0x22 0x1a 0x05 0x0a 0x01 0x39 0x1c 0x3c 0x0e

21 22

Alice and Bob Asymmetric Encryption

• Alice and Bob are perpetually searching for • Imagine a cryptographic system in which… ways to communicate securely. ‣ Alice has two algorithms EA and DA.

• Eve wants to read their communications. ‣ EA is used to encrypt a message to Alice; • Using block or stream ciphers, both Alice she can share EA freely. and Bob must have the same key K. ‣ DA is used to decrypt a message encrypted • This is a pain, because they have to meet to with EA; she needs to keep DA secret. agree on the value of K…or trust FedEx to • Similarly, Bob has EB and DB.

23 24 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Alice Bob Public Key Algorithms

Publishes EA Receives EA Through the magic of number theory… Message M • ‣ Rivest-Shamir-Adleman-Cocks (RSA) M = DA(C) Ciphertext ‣ El Gamal C = EA(M) ‣ Diffie-Hellman (DH) Eve Shouldn’t be able to decrypt C or ‣ Elliptic Curve variants derive DA from EA.

25 26

Application: SSH Other Algorithms

• There are a number of other important • Asymmetric encryption does not replace classes of algorithms: symmetric algorithms ‣ Message Authentication and Hashing ‣ Asymmetric (e.g. RSA) for authentication ‣ Pseudo-Random Number Generation ‣ Asymmetric (e.g. DH) for key agreement ‣ Key Scheduling ‣ Symmetric (e.g. AES) for data encryption • We will cover all of these to some extent.

27 28 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Next time: block ciphers in detail.

29

CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018