DOCSLIB.ORG

ISA 562 Information Security Theory & Practice

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

ISA 562 Information Security Theory & Practice Introduction to Cryptography Agenda • Basics & Definitions • Classical Cryptography • Symmetric (Secret Key) Cryptography • DES (Data Encryption Standard) • Multiple Encryptions • Modes of Block Cipher Operations • Math Essential • Asymmetric (Public Key) Cryptography 2 1 Basics & Definitions Security Concepts (I) • Confidentiality – Prevent information from being exposed to unintended party – Ex: An employee should not come to know the salary of his manager • Integrity – Assure that the information has not been tempered – Ex: An employee should not be able to modify the employee's own salary • Identity – Assure that the party of concern is authentic - it is what it claims to be – Ex: An employee should be able to uniquely identify and authenticate himself/herself 4 2 Security Concepts (II) • Availability – Assure that unused service or resource is available to legitimate users – Ex: Paychecks should be printed on time as stipulated by law • Anonymity – Assure that the identity of some party is remain anonymous – Ex: The manager should not know who had a critical review of him • Non-Repudiation – Assure that authenticated party has indeed done something that cannot be denied – Ex: Once the employee has cashed his paycheck, he can’t deny it. 5 Cryptography • Crypt = secret • Graph = writing • Cryptography is the science / art of transforming meaningful information into unintelligible text Becoming a science that relies on mathematics (number theory, algebra) • Cryptanalysis is the science / art of breaking cryptographic codes • Cryptology is the science / art / study of both cryptography and cryptanalysis 6 3 Applications of Cryptography • Assuring document integrity • Assuring document confidentiality • Authenticating parties • Document signature • Non-repudiation • Secure transactions • Exchanging keys • Sharing Secrets • Digital cash • Preserving anonymity • Copyright protection • More . 7 Cryptographic Services (I) Start From The Basics AB AB C a) Source Integrity b) Data Confidentiality Normal Flow Eavesdropping AB AB C C c) Data Integrity d) Source Authentication Modification Fabrication 8 4 Cryptographic Services (II) AB AB C e) Drop f) Replay AB C g) Denial of Service 9 Encryption/Decryption Basic Definitions plaintext ciphertext plaintext encryption decryption key key • Plaintext: a message in its original form • Ciphertext: a message in the transformed, unrecognized form • Encryption: the process that transforms a plaintext into a ciphertext • Decryption: the process that transforms a ciphertext to the corresponding plaintext • Key: the value used to control encryption/decryption. 10 5 Cryptanalytic Attack Definitions • Known Cipehrtext – Only the ciphertext is known to attacker – Cryptanalysis aims at revealing the plaintext and/or the key • Known Plaintext – Pairs of < plaintext , ciphertext > are known to attacker – Cryptanalysis aims at revealing the key – Relevant when plaintext is known / can be obtained • Chosen Plaintext – Attacker chooses the plaintext and receives the ciphertext – Cryptanalysis aims at revealing the key – Relevant when attacker can “inject” plaintext messages 11 Classical Cryptography 6 A little History • Cryptography was first used by early civilizations (including Egyptians, Greeks, Romans) for Secrecy (Confidentiality ) … now evolved to include Integrity , Authentication & Authenticity , and in some cases Non-Repudiation . • Early use of cryptography consisted of encryption by substitution methods and/or transposition methods – They were rather simple because of the lack of sophisticated computing engines – Can be easily attacked • Same methods are in use today, but with stronger properties and more powerful computing engines 13 Substitution Methods • Methods in which the letters of the alphabet are replaced with other letters / numbers / symbols. • Examples: – Caesar Cipher – fixed permutation – Shift Cipher – fixed permutation – Mono-Alphabetic Ciphers – one of many permutations – Poly-Alphabetic Ciphers – changing permutations – Vig`enere Cipher – multiple Mono-Alphabetic Ciphers – *Running Key Cipher – Simple yet effective • Algorithm is known – Key is “index” of permutation, but not for *Running Key Cipher 14 7 Caesar Cipher • Named after Julius Caesar, who supposedly invented it himself • Cyclic shift of the 26 letters of the alphabet by 3: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • In mathematical terms: C = ENC( P ) = P + 3 (mod 26) • For example: GMU → JPX • The secrecy is in the algorithm (!!!!) • There is one key (fixed permutation) • Easy to break (if algorithm is known) 15 A Shift Cipher • A Shift Cipher is similar to a Caesar Cipher, but there is a cyclic shift of the 26 letters of the alphabet by key K, where 0 ≤ K < 26. • In mathematical terms: C = ENC K( P ) = P + K (mod 26) • Algorithm is known • There are 26 different keys • Easy to break – check which of 26 possible keys returns the unintelligible ciphertext to a meaningful plaintext • Decipher HAL (the computer from the movie 2001: A Space Odyssey ) using a shift cipher of one. – So the shift variable n=1. • HAL ? 16 8 Mono-Alphabetic Ciphers • Generalization: arbitrary mapping of one letter to another • One of N! permutations on N letters of the alphabet • The key is the index of the permutation • Algorithm is known (mono-alphabetic cipher) • Key is secret (one of N! options) • Example: – N = 26 letters of the English alphabet – N! = 26! ≈ 4 • 10 26 ≈ 288 permutations or 309 Septillion – ≈ 309,485,009,821,345,000,000,000,000 permutations • IS IT SECURE? 17 Not with Frequency Analysis • Cryptanalysis formally began in later part of the first millennium AD in the Middle East. • Frequency analysis is the study of the frequency of occurrence of letters. (statistics) • First treatise on frequency analysis was written by Ab‾uY‾us‾uf Ya‘q‾ub ibn Is-h‾aq ibn as-Sabb‾ah ibn ‘omr‾an ibn Isma‾il al-Kind‾i, the “philosopher of the Arabs.” 18 9 Attacking Mono-Alphabetic Ciphers (I) • English is highly redundant, as shown in the next slide, it has a non-uniform distribution of letters. • Each symbol of ciphertext depends on only one symbol of plaintext and one value of the permutation key, so guessing part of the key gives part of the plaintext. • Attack proceeds by guessing parts of key corresponding to most common letters, which makes it possible to decipher entire message. 19 The problem: Letter Frequencies 20 10 Attacking Mono-Alphabetic Ciphers (II) • Appearance frequency of letters (in long enough texts) in the language is well determined as shown by the previous slide. • Appearance frequency of pairs of letters in the language is well defined: th, ee, oo, tt, qu, is, ae, . • Appearance frequency of certain words in the language is well defined as well: the ≈ 6.4% a ≈ 2.1% i ≈ 0.9% of ≈ 4.0% in ≈ 1.8% it ≈ 0.9% and ≈ 3.2% that ≈ 1.2% for ≈ 0.8% to ≈ 2.4% is ≈ 1.0% as ≈ 0.8% 21 Attacking Mono-Alphabetic Ciphers (III) • Using the appearance frequencies of letters, words, and pairs-of-letters – accelerates the identification of certain letter substitutions (which are part of the key) • Identification of word patterns, vowels, and consonants helps in finding parts of the text • The identification of the remaining parts of the key now reduces the search space dramatically (from N!) • Using heuristics and associative word-completions, the rest of the key can be easily revealed 22 11 Summary of English Language Facts 1. most common letters: E, T, A, O, I, N, S, H. 2. more than half of all words end in E, T, D, S. 3. Q is always followed by U. 4. most common word: “THE.” 5. most common doublets: EE, TT, OO, SS, LL, FF. 6. most common 2-letter combos: HE, RE, AN, TH, ER,IN. 7. most common 3-letter combos: ION, AND, ING, THE, ENT. 23 Possible solutions • You can try not to use redundant letters, like the letter “e”, as was done by a French writer named Georges Perec in 1969. He published a 300-page novel La Disparition (The Disappearance). It was translated into english by Gilbert Adair and is called “A Void”. • Or you can you a group of different Mono-Alphabetic Ciphers at different parts of the plaintext called Ploy-Alphabetic Ciphers. • Or you can group the plaintext into blocks that will then go through some transformation. 24 12 Poly-Alphabetic Ciphers • Use different Mono-Alphabetic Ciphers at different parts of the plaintext • Using many Mono-Alphabetic Ciphers will more-or-less equate the appearance frequencies of letters • Well-designed, and sufficiently long, Poly-Alphabetic Ciphers can be quite strong • A common scheme to build a Poly-Alphabetic Cipher: – Use a collection of related Mono-Alphabetic Ciphers – Use a key to determine which one of the Mono-Alphabetic Ciphers in the collection to use at each stage 25 Vig`enere Cipher (I) • Blaise de Vig`enere: (1523) Creates the Vig`enere cipher. • Thought to be too slow and cumbersome for warfare, the Vig`enere cipher was unused almost 200 years. • Vig`enere Cipher is one type of Poly-Alphabetic Cipher • The collection of Mono-Alphabetic Ciphers consists of the 26 options for Caesar Cipher (with K = 0, 1, 2, . ., 25) • Each of the 26 Caesar Ciphers is denoted by a letter, which is the ciphertext letter that replaces the letter ‘a’ • In practice: – A table of 26 rows by 26 columns is built. Row i in the table contains the 26 letters of the alphabet circularly shifted by i. – A keyword is used (over and over again) to select which of the mono-alphabetic ciphers
Recommended publications
  • Codebusters Coaches Institute Notes

    Codebusters Coaches Institute Notes

    BEING COVER AGENT FIXED DELAY, PILOT RIGHT PLANE, CATCH SMALL RADIO (CODEBUSTERS) This is the first year CodeBusters will be a National event. A few changes have been made since the North Carolina trial event last year. 1. The Atbash Cipher has been added. 2. The running key cipher has been removed. 3. K2 alphabets have been added in addition to K1 alphabets 4. Hill Cipher decryption has been added with a given decryption matrix. 5. The points scale has been doubled, but the timing bonus has been increased by only 50% in order to further balance the test. 1 TYPES OF PROBLEMS 1.1 ARISTOCRAT (EASY TO HARD DIFFICULTY) http://www.cryptograms.org/tutorial.php An Aristocrat is the typical Crypto-quote you see in the newspaper. Word spaces are preserved. No letter will stand for itself and the replacement table is given as a guide (but doesn’t need to be filled in by the team to get credit). FXP PGYAPYF FIKP ME JAKXPT AY FXP GTAYFMJTGF THE EASIEST TYPE OF CIPHER IS THE ARISTOCRAT A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Frequency 4 1 6 3 1 2 2 2 6 3 3 4 Replacement I F T A Y C P O E R H S 1.2 ARISTOCRATS WITH SPELLING AND/OR GRAMMAR ERRORS (MEDIUM TO VERY HARD DIFFICULTY) For these, either words will be misspelled or grammatical errors introduced. From a student perspective, it is what they might expect when someone finger fumbles a text message or has a bad voice transcription.
  • The Mathemathics of Secrets.Pdf

    The Mathemathics of Secrets.Pdf

    THE MATHEMATICS OF SECRETS THE MATHEMATICS OF SECRETS CRYPTOGRAPHY FROM CAESAR CIPHERS TO DIGITAL ENCRYPTION JOSHUA HOLDEN PRINCETON UNIVERSITY PRESS PRINCETON AND OXFORD Copyright c 2017 by Princeton University Press Published by Princeton University Press, 41 William Street, Princeton, New Jersey 08540 In the United Kingdom: Princeton University Press, 6 Oxford Street, Woodstock, Oxfordshire OX20 1TR press.princeton.edu Jacket image courtesy of Shutterstock; design by Lorraine Betz Doneker All Rights Reserved Library of Congress Cataloging-in-Publication Data Names: Holden, Joshua, 1970– author. Title: The mathematics of secrets : cryptography from Caesar ciphers to digital encryption / Joshua Holden. Description: Princeton : Princeton University Press, [2017] | Includes bibliographical references and index. Identifiers: LCCN 2016014840 | ISBN 9780691141756 (hardcover : alk. paper) Subjects: LCSH: Cryptography—Mathematics. | Ciphers. | Computer security. Classification: LCC Z103 .H664 2017 | DDC 005.8/2—dc23 LC record available at https://lccn.loc.gov/2016014840 British Library Cataloging-in-Publication Data is available This book has been composed in Linux Libertine Printed on acid-free paper. ∞ Printed in the United States of America 13579108642 To Lana and Richard for their love and support CONTENTS Preface xi Acknowledgments xiii Introduction to Ciphers and Substitution 1 1.1 Alice and Bob and Carl and Julius: Terminology and Caesar Cipher 1 1.2 The Key to the Matter: Generalizing the Caesar Cipher 4 1.3 Multiplicative Ciphers 6
  • The the Enigma Enigma Machinemachine

    The the Enigma Enigma Machinemachine

    TheThe EnigmaEnigma MachineMachine History of Computing December 6, 2006 Mike Koss Invention of Enigma ! Invented by Arthur Scherbius, 1918 ! Adopted by German Navy, 1926 ! Modified military version, 1930 ! Two Additional rotors added, 1938 How Enigma Works Scrambling Letters ! Each letter on the keyboard is connected to a lamp letter that depends on the wiring and position of the rotors in the machine. ! Right rotor turns before each letter. How to Use an Enigma ! Daily Setup – Secret settings distributed in code books. ! Encoding/Decoding a Message Setup: Select (3) Rotors ! We’ll use I-II-III Setup: Rotor Ring Settings ! We’ll use A-A-A (or 1-1-1). Rotor Construction Setup: Plugboard Settings ! We won’t use any for our example (6 to 10 plugs were typical). Setup: Initial Rotor Position ! We’ll use “M-I-T” (or 13-9-20). Encoding: Pick a “Message Key” ! Select a 3-letter key (or indicator) “at random” (left to the operator) for this message only. ! Say, I choose “M-C-K” (or 13-3-11 if wheels are printed with numbers rather than letters). Encoding: Transmit the Indicator ! Germans would transmit the indicator by encoding it using the initial (daily) rotor position…and they sent it TWICE to make sure it was received properly. ! E.g., I would begin my message with “MCK MCK”. ! Encoded with the daily setting, this becomes: “NWD SHE”. Encoding: Reset Rotors ! Now set our rotors do our chosen message key “M-C-K” (13-3-11). ! Type body of message: “ENIGMA REVEALED” encodes to “QMJIDO MZWZJFJR”.
  • Substitution Ciphers

    Substitution Ciphers

    Foundations of Computer Security Lecture 40: Substitution Ciphers Dr. Bill Young Department of Computer Sciences University of Texas at Austin Lecture 40: 1 Substitution Ciphers Substitution Ciphers A substitution cipher is one in which each symbol of the plaintext is exchanged for another symbol. If this is done uniformly this is called a monoalphabetic cipher or simple substitution cipher. If different substitutions are made depending on where in the plaintext the symbol occurs, this is called a polyalphabetic substitution. Lecture 40: 2 Substitution Ciphers Simple Substitution A simple substitution cipher is an injection (1-1 mapping) of the alphabet into itself or another alphabet. What is the key? A simple substitution is breakable; we could try all k! mappings from the plaintext to ciphertext alphabets. That’s usually not necessary. Redundancies in the plaintext (letter frequencies, digrams, etc.) are reflected in the ciphertext. Not all substitution ciphers are simple substitution ciphers. Lecture 40: 3 Substitution Ciphers Caesar Cipher The Caesar Cipher is a monoalphabetic cipher in which each letter is replaced in the encryption by another letter a fixed “distance” away in the alphabet. For example, A is replaced by C, B by D, ..., Y by A, Z by B, etc. What is the key? What is the size of the keyspace? Is the algorithm strong? Lecture 40: 4 Substitution Ciphers Vigen`ere Cipher The Vigen`ere Cipher is an example of a polyalphabetic cipher, sometimes called a running key cipher because the key is another text. Start with a key string: “monitors to go to the bathroom” and a plaintext to encrypt: “four score and seven years ago.” Align the two texts, possibly removing spaces: plaintext: fours corea ndsev enyea rsago key: monit orsto gotot hebat hroom ciphertext: rcizl qfkxo trlso lrzet yjoua Then use the letter pairs to look up an encryption in a table (called a Vigen`ere Tableau or tabula recta).
  • Practical Aspects of Modern Cryptography

    Practical Aspects of Modern Cryptography

    University of Washington CSEP 590TU – Practical Aspects of Modern Cryptography Instructors: Josh Benaloh, Brian LaMacchia, John Manferdelli Tuesdays: 6:30-9:30, Allen Center 305 Webpage: http://www.cs.washington.edu/education/courses/csep590/06wi/ Recommended texts: Stinson, Cryptography, Theory and Practice. 2nd Edition, CRC Press, 2002. Menezes, vanOrtshot, Vanstone. Handbook of Applied Cryptography. Ferguson and Schneier, Practical Cryptography. JLM 20060107 22:16 1 New Lecture Schedule Date Topic Lecturer 1 1/3 Practical Aspects of Cryptography Josh 2 1/10 Symmetric Key Ciphers and Hashes John 3 1/17 Public Key Ciphers Josh 4 1/24 Cryptographic Protocols I Brian 5 1/31 Cryptographic Protocols II Brian 6 2/7 Security of Block Ciphers John 7 2/14 AES and Cryptographic Hashes John 8 2/21 Trust, PKI, Key Management [Last HW Brian Assignment) 9 3/1 Random Numbers/Elliptic Curve Crypto Josh 10 3/8 Three topics: Elections, ITAR/Politics, Side All Channels/Timing Attacks, DRM, BigNum Implementation JLM 20060107 22:16 2 Symmetric Key Cryptography and Cryptographic Hashes - I John Manferdelli [email protected] [email protected] Portions © 2004-2005, John Manferdelli. This material is provided without warranty of any kind including, without limitation, warranty of non-infringement or suitability for any purpose. This material is not guaranteed to be error free and is intended for instructional use only. JLM 20060107 22:16 3 Communications Engineers Coat of Arms The Source Sender: Alice Noisy insecure channel Plaintext Compress Encrypt Encode (P) (to save space) (for confidentiality) (to correct errors) The Sink Receiver:Bob Noisy insecure channel Decode Decrypt Decompress Plaintext (for confidentiality) (to correct errors) (to save space) (P) JLM 20060107 22:16 4 Symmetric Encryption Plaintext (P) Encrypt Ciphertext (C) E (P) Key (k) k Ciphertext (C) Decrypt Plaintext (P) D (P) Key (k) k • Symmetric Key cryptographic algorithms use a secret known to the authorized parties called a “key”.
  • Communication Intelligence and Security, William F Friedman

    Communication Intelligence and Security, William F Friedman

    UNCLASSIFIED DATE: 26 April 1960 NAME: Friedman, William F. PLACE: Breckinridge Hall, Marine Corp School TITLE: Communications Intelligence and Security Presentation Given to Staff and Students; Introduction by probably General MILLER (NFI) Miller: ((TR NOTE: Introductory remarks are probably made by General Miller (NFI).)) Gentleman, I…as we’ve grown up, there have been many times, I suppose, when we’ve been inquisitive about means of communication, means of finding out what’s going on. Some of us who grew up out in the country used to tap in on a country telephone line and we could find out what was going on that way—at least in the neighborhood. And then, of course, there were always a few that you’d read about in the newspaper who would carry this a little bit further and read some of your neighbor’s mail by getting at it at the right time, and reading it and putting it back. Of course, a good many of those people ended up at a place called Fort Leavenworth. This problem of security of information is with us in the military on a [sic] hour-to-hour basis because it’s our bread and butter. It’s what we focus on in the development of our combat plans in an attempt to project these plans onto an enemy and defeat him. And so, we use a good many devices. We spend a tremendous amount of effort and money in attempting to keep our secrets in fact secret—at least at the echelon where we feel this is necessary.
  • A Complete Bibliography of Publications in Cryptologia

    A Complete Bibliography of Publications in Cryptologia

    A Complete Bibliography of Publications in Cryptologia Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 04 September 2021 Version 3.64 Title word cross-reference 10016-8810 [?, ?]. 1221 [?]. 125 [?]. 15.00/$23.60.0 [?]. 15th [?, ?]. 16th [?]. 17-18 [?]. 18 [?]. 180-4 [?]. 1812 [?]. 18th (t; m)[?]. (t; n)[?, ?]. $10.00 [?]. $12.00 [?, ?, ?, ?, ?]. 18th-Century [?]. 1930s [?]. [?]. 128 [?]. $139.99 [?]. $15.00 [?]. $16.95 1939 [?]. 1940 [?, ?]. 1940s [?]. 1941 [?]. [?]. $16.96 [?]. $18.95 [?]. $24.00 [?]. 1942 [?]. 1943 [?]. 1945 [?, ?, ?, ?, ?]. $24.00/$34 [?]. $24.95 [?, ?]. $26.95 [?]. 1946 [?, ?]. 1950s [?]. 1970s [?]. 1980s [?]. $29.95 [?]. $30.95 [?]. $39 [?]. $43.39 [?]. 1989 [?]. 19th [?, ?]. $45.00 [?]. $5.95 [?]. $54.00 [?]. $54.95 [?]. $54.99 [?]. $6.50 [?]. $6.95 [?]. $69.00 2 [?, ?]. 200/220 [?]. 2000 [?]. 2004 [?, ?]. [?]. $69.95 [?]. $75.00 [?]. $89.95 [?]. th 2008 [?]. 2009 [?]. 2011 [?]. 2013 [?, ?]. [?]. A [?]. A3 [?, ?]. χ [?]. H [?]. k [?, ?]. M 2014 [?]. 2017 [?]. 2019 [?]. 20755-6886 [?, ?]. M 3 [?]. n [?, ?, ?]. [?]. 209 [?, ?, ?, ?, ?, ?]. 20th [?]. 21 [?]. 22 [?]. 220 [?]. 24-Hour [?, ?, ?]. 25 [?, ?]. -Bit [?]. -out-of- [?, ?]. -tests [?]. 25.00/$39.30 [?]. 25.00/839.30 [?]. 25A1 [?]. 25B [?]. 26 [?, ?]. 28147 [?]. 28147-89 000 [?]. 01Q [?, ?]. [?]. 285 [?]. 294 [?]. 2in [?, ?]. 2nd [?, ?, ?, ?]. 1 [?, ?, ?, ?]. 1-4398-1763-4 [?]. 1/2in [?, ?]. 10 [?]. 100 [?]. 10011-4211 [?]. 3 [?, ?, ?, ?]. 3/4in [?, ?]. 30 [?]. 310 1 2 [?, ?, ?, ?, ?, ?, ?]. 312 [?]. 325 [?]. 3336 [?, ?, ?, ?, ?, ?]. affine [?]. [?]. 35 [?]. 36 [?]. 3rd [?]. Afluisterstation [?, ?]. After [?]. Aftermath [?]. Again [?, ?]. Against 4 [?]. 40 [?]. 44 [?]. 45 [?]. 45th [?]. 47 [?]. [?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?]. Age 4in [?, ?]. [?, ?]. Agencies [?]. Agency [?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?].
  • Cryptography

    Cryptography

    CS 419: Computer Security Week 6: Cryptography © 2020 Paul Krzyzanowski. No part of this Paul Krzyzanowski content, may be reproduced or reposted in whole or in part in any manner without the permission of the copyright owner. cryptography κρυπός γραφία hidden writing A secret manner of writing, … Generally, the art of writing or solving ciphers. — Oxford English Dictionary October 16, 2020 CS 419 © 2020 Paul Krzyzanowski 2 cryptanalysis κρυπός ἀνάλυσις hidden action of loosing, solution of a problem, undo The analysis and decryption of encrypted text or information without prior knowledge of the keys. — Oxford English Dictionary October 16, 2020 CS 419 © 2020 Paul Krzyzanowski 3 cryptology κρυπός λογια hidden speaking (knowledge) 1967 D. Kahn, Codebreakers p. xvi, Cryptology is the science that embraces cryptography and cryptanalysis, but the term ‘cryptology’ sometimes loosely designates the entire dual field of both rendering signals secure and extracting information from them. — Oxford English Dictionary October 16, 2020 CS 419 © 2020 Paul Krzyzanowski 4 Cryptography ¹ Security Cryptography may be a component of a secure system Just adding cryptography may not make a system secure October 16, 2020 CS 419 © 2020 Paul Krzyzanowski 5 Cryptography: what is it good for? • Confidentiality – Others cannot read contents of the message • Authentication – Determine origin of message • Integrity – Verify that message has not been modified • Nonrepudiation – Sender should not be able to falsely deny that a message was sent October 16, 2020 CS
  • Cryptography

    Cryptography

    Cryptography © André Zúquete / João Paulo Barraca Security 1 Cryptography: terminology (1/2) w Cryptography ® Art or science of hidden writing • from Gr. kryptós , hidden + graph , r. of graphein , to write ® It was initially used to maintain the confidentiality of information ® Steganography • from Gr. steganós , hidden + graph , r. of graphein , to write w Cryptanalysis ® Art or science of breaking cryptographic systems or encrypted information w Cryptology ® Cryptography + cryptanalysis © André Zúquete / João Paulo Barraca Security 2 1 Cryptography: terminology (2/2) w Cipher ® Specific cryptographic technique w Cipher operation Encryption : plaintext ( or cleartext ) ciphertext ( or cryptogram ) Decryption : ciphertext plaintext Algorithm : way of transforming data Key : algorithm parameter encrypt() plaintext ciphertext decrypt() © André Zúquete / João Paulo Barraca Security 3 Use cases (symmetric cryptography) w Self-protection with key K ® Alice encrypts plaintext P with key K A: C = {P} K ® Alice decrypts cryptogram C with key K A: P’ = {C} K ® P’ should be equal to P (requires checking) w Secure communication with key K ® Alice encrypts plaintext P with key K A: C = {P} K ® Bob decrypts C with key K B: P’ = {C} K ® P’ should be equal to P (requires checking) © André Zúquete / João Paulo Barraca Security 4 2 Cryptanalysis: goals w Discover original plaintext ® Which originated a given ciphertext w Discover a cipher key ® Allows the decryption of ciphertexts created with the same key w Discover the cipher algorithm ® Or an equivalent
  • Assessing the Viability of the Rotor Cipher in the Modern World

    Assessing the Viability of the Rotor Cipher in the Modern World

    Assessing the Viability of the Rotor Cipher in the Modern World by Jordan Zink Gahanna Lincoln High School 140 S Hamilton Road Gahanna, Ohio 43230 [email protected] (614) 307-3669 Prepared for GLHS Science Academy Symposium February 5, 2010 2 ASSESSING THE VIABILITY OF THE ROTOR CIPHER IN THE MODERN WORLD Jordan Zink Gahanna Lincoln High School, 140 S Hamilton Road, Gahanna, Ohio 43230 The purpose of this project is to determine the viability of the rotor cipher in the modern world of computer cryptography. This project consists of two phases: modifying the cipher to increase its security and running a simulation to assess the effectiveness of a brute force attack. While many modifications were made, one modification involved shortening the plaintext before encryption by removing unnecessary letters and replacing words with symbols. An experiment was run to determine the level of shortening that would not distort meaning. 20 subjects participated and it was found that a conservative level of shortening did not significantly distort meaning, while a liberal level of shortening did distortion meaning slightly. It was also found that there was no significant difference between youth and adult subjects, or between subjects familiar and unfamiliar with texting and online lingo. To simulate a brute force attack, a computer program was written in Visual Basic. Initial testing found household computers could not break a message encrypted with 3 or more rotors. A regression equation was found to predict the key search speed based on plaintext length (R2 = 0.9988). Also, the equation t = 2562n/s was created to showed the relation of time to run a brute force attack to the number of rotors and the key search speed.
  • Decoding Running Key Ciphers

    Decoding Running Key Ciphers

    Decoding Running Key Ciphers Sravana Reddy∗ Kevin Knight Department of Computer Science Information Sciences Institute The University of Chicago University of Southern California 1100 E. 58th Street 4676 Admiralty Way Chicago, IL 60637, USA Marina del Rey, CA 90292, USA [email protected] [email protected] Abstract Since we know that the plaintext and running key are both drawn from natural language, our objective There has been recent interest in the problem function for the solution plaintext under some lan- of decoding letter substitution ciphers using techniques inspired by natural language pro- guage model is: cessing. We consider a different type of classi- ˆ cal encoding scheme known as the running key P = arg max log Pr(P ) Pr(RP,C ) (1) cipher, and propose a search solution using P Gibbs sampling with a word language model. where the running key RP,C is the key that corre- We evaluate our method on synthetic cipher- sponds to plaintext P and ciphertext C. texts of different lengths, and find that it out- Note that if RP,C is a perfectly random sequence performs previous work that employs Viterbi of letters, this scheme is effectively a ‘one-time pad’, decoding with character-based models. which is provably unbreakable (Shannon, 1949). The knowledge that both the plaintext and the key 1 Introduction are natural language strings is important in breaking The running key cipher is an encoding scheme that a running key cipher. uses a secret key R that is typically a string of words, The letter-frequency distribution of running key usually taken from a book or other text that is agreed ciphertexts is notably flatter than than the plaintext upon by the sender and receiver.
  • Cryptography

    Cryptography

    Cristina Nita-Rotaru CS355: Cryptography Lecture 4: Enigma. Towards cryptographic engines } How to move from pencil and paper to more automatic ways of encrypting and decrypting? } How to design more secure ciphers } Alberti’s Disk } Jefferson’s Wheel } Enigma 2 Cristina Nita-Rotaru Alberti disk - 1467 } Outer is fixed } Insider is mobile 3 Cristina Nita-Rotaru Alberti disk } The numbers on outer disks are used to code pre- determined passphrases } Encode: on inner disk there is a mark which could be lined up with a letter on the outer disc as a key } Decode: } Need to use a disk with a matching alphabet on the inner ring } Need to know the correct letter to match the mark to rotate the inner disk 4 Cristina Nita-Rotaru Jefferson wheel cipher - 1790 } 15 x 4 cm } slice about 5mm across } 26 sections } one letter is assigned randomly to each section. 5 Cristina Nita-Rotaru Jefferson cipher } Encode: a fragment of the message appears along one side of the cylinder, the cylinder is then turned and another line is copied out at random } Decode: } Use the cylinder to enter the ciphertext, and then turn the cylinder examining each row until the plaintext is seen. } Same cylinder must be used for both encryption and decryption 6 Cristina Nita-Rotaru Rotor machines } Vigenere can be broken once somebody finds the key length } How to have a longer key? } Idea: } Multiple rounds of substitution, encryption consists of mapping a letter many times } Mechanical/electrical wiring to automate the encryption/decryption process } A machine consists of