ISA 562 Information Security Theory & Practice
Total Page:16
File Type:pdf, Size:1020Kb
ISA 562 Information Security Theory & Practice Introduction to Cryptography Agenda • Basics & Definitions • Classical Cryptography • Symmetric (Secret Key) Cryptography • DES (Data Encryption Standard) • Multiple Encryptions • Modes of Block Cipher Operations • Math Essential • Asymmetric (Public Key) Cryptography 2 1 Basics & Definitions Security Concepts (I) • Confidentiality – Prevent information from being exposed to unintended party – Ex: An employee should not come to know the salary of his manager • Integrity – Assure that the information has not been tempered – Ex: An employee should not be able to modify the employee's own salary • Identity – Assure that the party of concern is authentic - it is what it claims to be – Ex: An employee should be able to uniquely identify and authenticate himself/herself 4 2 Security Concepts (II) • Availability – Assure that unused service or resource is available to legitimate users – Ex: Paychecks should be printed on time as stipulated by law • Anonymity – Assure that the identity of some party is remain anonymous – Ex: The manager should not know who had a critical review of him • Non-Repudiation – Assure that authenticated party has indeed done something that cannot be denied – Ex: Once the employee has cashed his paycheck, he can’t deny it. 5 Cryptography • Crypt = secret • Graph = writing • Cryptography is the science / art of transforming meaningful information into unintelligible text Becoming a science that relies on mathematics (number theory, algebra) • Cryptanalysis is the science / art of breaking cryptographic codes • Cryptology is the science / art / study of both cryptography and cryptanalysis 6 3 Applications of Cryptography • Assuring document integrity • Assuring document confidentiality • Authenticating parties • Document signature • Non-repudiation • Secure transactions • Exchanging keys • Sharing Secrets • Digital cash • Preserving anonymity • Copyright protection • More . 7 Cryptographic Services (I) Start From The Basics AB AB C a) Source Integrity b) Data Confidentiality Normal Flow Eavesdropping AB AB C C c) Data Integrity d) Source Authentication Modification Fabrication 8 4 Cryptographic Services (II) AB AB C e) Drop f) Replay AB C g) Denial of Service 9 Encryption/Decryption Basic Definitions plaintext ciphertext plaintext encryption decryption key key • Plaintext: a message in its original form • Ciphertext: a message in the transformed, unrecognized form • Encryption: the process that transforms a plaintext into a ciphertext • Decryption: the process that transforms a ciphertext to the corresponding plaintext • Key: the value used to control encryption/decryption. 10 5 Cryptanalytic Attack Definitions • Known Cipehrtext – Only the ciphertext is known to attacker – Cryptanalysis aims at revealing the plaintext and/or the key • Known Plaintext – Pairs of < plaintext , ciphertext > are known to attacker – Cryptanalysis aims at revealing the key – Relevant when plaintext is known / can be obtained • Chosen Plaintext – Attacker chooses the plaintext and receives the ciphertext – Cryptanalysis aims at revealing the key – Relevant when attacker can “inject” plaintext messages 11 Classical Cryptography 6 A little History • Cryptography was first used by early civilizations (including Egyptians, Greeks, Romans) for Secrecy (Confidentiality ) … now evolved to include Integrity , Authentication & Authenticity , and in some cases Non-Repudiation . • Early use of cryptography consisted of encryption by substitution methods and/or transposition methods – They were rather simple because of the lack of sophisticated computing engines – Can be easily attacked • Same methods are in use today, but with stronger properties and more powerful computing engines 13 Substitution Methods • Methods in which the letters of the alphabet are replaced with other letters / numbers / symbols. • Examples: – Caesar Cipher – fixed permutation – Shift Cipher – fixed permutation – Mono-Alphabetic Ciphers – one of many permutations – Poly-Alphabetic Ciphers – changing permutations – Vig`enere Cipher – multiple Mono-Alphabetic Ciphers – *Running Key Cipher – Simple yet effective • Algorithm is known – Key is “index” of permutation, but not for *Running Key Cipher 14 7 Caesar Cipher • Named after Julius Caesar, who supposedly invented it himself • Cyclic shift of the 26 letters of the alphabet by 3: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • In mathematical terms: C = ENC( P ) = P + 3 (mod 26) • For example: GMU → JPX • The secrecy is in the algorithm (!!!!) • There is one key (fixed permutation) • Easy to break (if algorithm is known) 15 A Shift Cipher • A Shift Cipher is similar to a Caesar Cipher, but there is a cyclic shift of the 26 letters of the alphabet by key K, where 0 ≤ K < 26. • In mathematical terms: C = ENC K( P ) = P + K (mod 26) • Algorithm is known • There are 26 different keys • Easy to break – check which of 26 possible keys returns the unintelligible ciphertext to a meaningful plaintext • Decipher HAL (the computer from the movie 2001: A Space Odyssey ) using a shift cipher of one. – So the shift variable n=1. • HAL ? 16 8 Mono-Alphabetic Ciphers • Generalization: arbitrary mapping of one letter to another • One of N! permutations on N letters of the alphabet • The key is the index of the permutation • Algorithm is known (mono-alphabetic cipher) • Key is secret (one of N! options) • Example: – N = 26 letters of the English alphabet – N! = 26! ≈ 4 • 10 26 ≈ 288 permutations or 309 Septillion – ≈ 309,485,009,821,345,000,000,000,000 permutations • IS IT SECURE? 17 Not with Frequency Analysis • Cryptanalysis formally began in later part of the first millennium AD in the Middle East. • Frequency analysis is the study of the frequency of occurrence of letters. (statistics) • First treatise on frequency analysis was written by Ab‾uY‾us‾uf Ya‘q‾ub ibn Is-h‾aq ibn as-Sabb‾ah ibn ‘omr‾an ibn Isma‾il al-Kind‾i, the “philosopher of the Arabs.” 18 9 Attacking Mono-Alphabetic Ciphers (I) • English is highly redundant, as shown in the next slide, it has a non-uniform distribution of letters. • Each symbol of ciphertext depends on only one symbol of plaintext and one value of the permutation key, so guessing part of the key gives part of the plaintext. • Attack proceeds by guessing parts of key corresponding to most common letters, which makes it possible to decipher entire message. 19 The problem: Letter Frequencies 20 10 Attacking Mono-Alphabetic Ciphers (II) • Appearance frequency of letters (in long enough texts) in the language is well determined as shown by the previous slide. • Appearance frequency of pairs of letters in the language is well defined: th, ee, oo, tt, qu, is, ae, . • Appearance frequency of certain words in the language is well defined as well: the ≈ 6.4% a ≈ 2.1% i ≈ 0.9% of ≈ 4.0% in ≈ 1.8% it ≈ 0.9% and ≈ 3.2% that ≈ 1.2% for ≈ 0.8% to ≈ 2.4% is ≈ 1.0% as ≈ 0.8% 21 Attacking Mono-Alphabetic Ciphers (III) • Using the appearance frequencies of letters, words, and pairs-of-letters – accelerates the identification of certain letter substitutions (which are part of the key) • Identification of word patterns, vowels, and consonants helps in finding parts of the text • The identification of the remaining parts of the key now reduces the search space dramatically (from N!) • Using heuristics and associative word-completions, the rest of the key can be easily revealed 22 11 Summary of English Language Facts 1. most common letters: E, T, A, O, I, N, S, H. 2. more than half of all words end in E, T, D, S. 3. Q is always followed by U. 4. most common word: “THE.” 5. most common doublets: EE, TT, OO, SS, LL, FF. 6. most common 2-letter combos: HE, RE, AN, TH, ER,IN. 7. most common 3-letter combos: ION, AND, ING, THE, ENT. 23 Possible solutions • You can try not to use redundant letters, like the letter “e”, as was done by a French writer named Georges Perec in 1969. He published a 300-page novel La Disparition (The Disappearance). It was translated into english by Gilbert Adair and is called “A Void”. • Or you can you a group of different Mono-Alphabetic Ciphers at different parts of the plaintext called Ploy-Alphabetic Ciphers. • Or you can group the plaintext into blocks that will then go through some transformation. 24 12 Poly-Alphabetic Ciphers • Use different Mono-Alphabetic Ciphers at different parts of the plaintext • Using many Mono-Alphabetic Ciphers will more-or-less equate the appearance frequencies of letters • Well-designed, and sufficiently long, Poly-Alphabetic Ciphers can be quite strong • A common scheme to build a Poly-Alphabetic Cipher: – Use a collection of related Mono-Alphabetic Ciphers – Use a key to determine which one of the Mono-Alphabetic Ciphers in the collection to use at each stage 25 Vig`enere Cipher (I) • Blaise de Vig`enere: (1523) Creates the Vig`enere cipher. • Thought to be too slow and cumbersome for warfare, the Vig`enere cipher was unused almost 200 years. • Vig`enere Cipher is one type of Poly-Alphabetic Cipher • The collection of Mono-Alphabetic Ciphers consists of the 26 options for Caesar Cipher (with K = 0, 1, 2, . ., 25) • Each of the 26 Caesar Ciphers is denoted by a letter, which is the ciphertext letter that replaces the letter ‘a’ • In practice: – A table of 26 rows by 26 columns is built. Row i in the table contains the 26 letters of the alphabet circularly shifted by i. – A keyword is used (over and over again) to select which of the mono-alphabetic ciphers