An Introduction to Applied Cryptography
Total Page:16
File Type:pdf, Size:1020Kb
SI4 { R´eseauxAvanc´es Introduction `ala s´ecurit´edes r´eseauxinformatiques An Introduction to Applied Cryptography Dr. Quentin Jacquemart [email protected] http://www.qj.be/teaching/ 1 / 129 Outline ) Introduction • Classic Cryptography and Cryptanalysis • Principles of Cryptography • Symmetric Cryptography (aka. Secret-Key Cryptography) • Asymmetric Cryptography (aka. Public-Key Cryptography) • Hashes and Message Digests • Conclusion 1 / 129 2 / 129 Introduction I • Cryptography is at the crossroads of mathematics, electronics, and computer science • The use of cryptography to provide confidentiality is self-evident • But cryptography is a cornerstone of network security • Cryptology is a (mathematical) discipline that includes | cryptography: studies how to exchange confidential messages over an unsecured/untrusted channel | cryptanalysis: studies how to extract meaning out of a confidential message, i.e. how to breach cryptography 2 / 129 3 / 129 Introduction II • Plaintext: the message to be exchanged between Alice and Bob (P) • Ciphering: a cryptographic function that encodes the plaintext into ciphertext (encrypt: E(·)) • Ciphertext: result of applying the cipher function to the plain text (unreadable) (C) • Deciphering: a cryptographic function that decodes the ciphertext into plaintext (decrypt: D(·)) • Key: a secret parameter given to the cryptographic functions (K ) 3 / 129 4 / 129 Introduction III Trudy Alice Bob plaintext ciphertext plaintext P E(P) P E(P) = D(E(P)) Encryption Decryption Algorithm Algorithm E(·) D(·) 4 / 129 5 / 129 Outline • Introduction ) Classic Cryptography and Cryptanalysis • Principles of Cryptography • Symmetric Cryptography (aka. Secret-Key Cryptography) • Asymmetric Cryptography (aka. Public-Key Cryptography) • Hashes and Message Digests • Conclusion 5 / 129 6 / 129 Caesar Cipher [Stallings 2013; Kurose et al. 2017] abcdefghi jklmnopqrstuvwxyz plain 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 defghijklmnopqrstuvwxyzabc cipher 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 1 2 plain: bob, i love you. alice cipher: ere, l oryh brx. dolfh c = E(p ) = v(p ) + k mod 26 i i i k = 3 for Caesar pi = D(ci ) = v(ci ) − k mod 26 Only 25 possible keys ) Brute force attack is possible 6 / 129 7 / 129 Monoalphabetic Cipher [Kurose et al. 2017] • 25 possible keys ) Caesar cipher is far from secure • Let's increase the keyspace! • Monoalphabetic substitution | uniquely replace one letter with another, without regular pattern a bcdefghijklmnopqrstuvwxyz mnbvcxzasdfghjklpoiuytrewq plain: bob, i love you. alice cipher: nkn, sgktc wky. mgsbc • Keyspace: 26! substitutions possible (≈ 288) • Spectrum too broad for brute force attack ) job done? 7 / 129 8 / 129 Monoalphabetic Cipher: Cryptanalysis I [Stallings 2013] Imagine you know the nature of the plaintext, e.g. uncompressed English 38 CHAPTER 2 / CLASSICAL ENCRYPTION TECHNIQUES 14 12.702 12 1. Compute the relative frequency of letters 10 ) 9.056 8.167 in the ciphertext 8 7.507 6.996 6.749 6.327 6.094 6 5.987 Relative frequency (% 4.253 4 4.025 2. Compare with standard distribution for 2.782 2.758 2.406 2.360 2.228 2.015 1.974 2 1.929 1.492 0.978 English 0.772 0.153 0.150 0.095 0.074 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Figure 2.5 Relative Frequency of Letters in English Text So far, then, we have UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ t a e e te a that e e a a VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX e t ta t ha e ee a e th The t a relative frequency of letters is sufficient EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ e e e tat e the t Only four letters have tobeen identified,decrypt but already we have quitelong-enough a bit of the ciphertexts (100's of characters) message. Continued analysis of frequencies plus trial and error should easily yield a solution from this point. The complete plaintext, with spaces added between words, follows: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet. A countermeasure is to provide multiple substitutes, 8 / 129 9 / 129 Monoalphabetic Cipher: Cryptanalysis II If ciphertext is not long enough: 1. use bigrams, trigrams, quadgrams, . , (short) word frequency Bigrams th, er, on, an, re, he, in, ed, nd, ha, at, en, es, of, or, nt, ea, ti, to, it, st, io, le, is, ou, ar, as, de, rt, ve Trigrams the, and, tha, ent, ion, tio, for, nde, has, nce, edt, tis, oft, sth, men Doubles ss, ee, tt, ff, ll, mm, oo First Letters t, o, a, w, b, c, d, s, f, m, r, h, i, y, e, g, l, n, p, u, j, k Final Letters e, s, t, d, n, r, y, f, l, o, g, h, a, k, m, p, u, w One-Letter Words a, I Two-Letter Words of, to, in, it, is, be, as, at, so, we, he, by, or, on, do, if, me, my, up, an, go, no, us, am ... [Singh 2002] 2. assign parts of key according to rules, and brute force other positions ) Monoalphabetic ciphers are easy to break: they reflect the same frequency data as the plaintext 9 / 129 10 / 129 Vigen`ereCipher [Stallings 2013] Polyalphabetic substitution: hide structure of plaintext by using multiple monoalphabetic substitutions. • We have the 26 Caesar ciphers • We use one Caesar rule per plaintext character • The order in which we use them is the key i.e. for a text of length n and a key of length m (m ≤ n): c0 = p0 + k0 mod 26 c1 = p1 + k1 mod 26 . cm−1 = pm−1 + km−1 mod 26 cm = pm + k0 mod 26 . cn−1 = pn−1 + kn−1 mod m mod 26 10 / 129 40 CHAPTER 2 / CLASSICAL ENCRYPTION TECHNIQUES 4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM, as the encipherer wishes). The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing, whereas there are only 26 letters, there are 26 * 26 = 676 digrams, so that identification of individual digrams is more difficult. Furthermore, the relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. For these reasons, the Playfair cipher was for a long time considered unbreakable. It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S. Army and other Allied forces during World War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to break, because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient. One way of revealing the effectiveness of the Playfair and other ciphers is shown in Figure 2.6. The line labeled plaintext plots a typical frequency distribution of the 26 alphabetic characters (no distinction between upper 11 / and lower case) in ordinary text. This is also the frequency distribution of any 129 monoalphabetic substitution cipher, because the frequency values for individual Vigen`ereCipher:letters are the same, just Cryptanalysis with different letters I substituted for the original letters.[Stallings 2013] The plot is developed in the following way: The number of occurrences of each • Goodletter atin obscuringthe text is lettercounted frequency and divided information by the number of occurrences of the most frequently used letter. Using the results of Figure 2.5, we see that e is the most frequently used letter. As a result, e has a relative frequency of 1, t of • Some information from plaintext still remains 1.0 0.9 Plaintext 0.8 Playfair 0.7 0.6 0.5 0.4 Vignere 0.3 Normalized relative frequency 0.2 Random polyalphabetic 0.1 0 123456178910 10 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 Frequency ranked letters (decreasing frequency) Figure 2.6 Relative Frequency of Occurrence of Letters 11 / 129 12 / 129 Vigen`ereCipher: Cryptanalysis II [Stallings 2013] plain: w e a r e d i s c o v e r e d s a v e y o u r s e l f key: d e c e p t i v e d e c e p t i v e d e c e p t i v e cipher: z i c v t w q n g r z g v t wavzhcqyglmgj 1. Determine key length | based on sequence repetitions in ciphertext | here: displacement of 9 ) key of length (1, ) 3, or 9 | sequence repetitions are unavoidable with long ciphertexts 2. Attack the monoalphabetic substitutions individually | here: key length = 9 ) attack 9 separate Caesar ciphers for each 9 characters 12 / 129 13 / 129 Vigen`ereCipher with Auto Key [Stallings 2013] Use non-repeating keyword, which is as long as message plain: w e a r e d i s c o v e r e d s a v e y o u r s e l f key: d e c e p t i v e w e a r e d i s c o v e r e d s a v cipher: z i c v t w q n g k z e i i g a s x s t s l v v w l a Still vulnerable to statistical analysis: key and plaintext exhibit same frequency distribution 13 / 129 14 / 129 Playfair Cipher [Stallings 2013] • Multiple letter encryption: treat bigrams (or digrams) as single units • Playfair relies on a 5 × 5 matrix p l a y f Key: playf¡air i/j r b c d e g h k m fill alphabetically n o q s t avoid repetitions u v w x z 1.