Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums
Total Page:16
File Type:pdf, Size:1020Kb
Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Cryptography CS3SR3/SE3RA3 Ryszard Janicki Acknowledgments: Material based on Computer Security: Art and Science by Matt Bishop (Chapter 9) Ryszard Janicki Cryptography 1 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Cryptography and Cryptosystems Cryptography ≡ Secret Writing in Greek Denition (Cryptosystem) A cryptosystem is a 5-tuple (E; D; M; K; C), where: M is the set of plaintexts, K is the set of keys, E = fEk j k 2 Kg, where each Ek : M ! C, is the set of enciphering functions, D = fDk j k 2 Kg, where each Dk : C ! M, is the set of deciphering functions. Ryszard Janicki Cryptography 2 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Caesar Cipher Example (Caesar Cipher) Idea: letters are shifted and key=shift. If k = 3 the A ! D; B ! E;:::; Z ! C, and HELLO ! KHOOR. M = all sequences in Roman letters = fA; B; C;:::; Zg∗, K = fi j 0 ≤ i ≤ 25g, or K = fi j 1 ≤ i ≤ 26g, E = fEk j k 2 Kg, where for each m 2 M; Ek (m) = mk , and mk is derived from m by shifting each letter by k, D = fDk j k 2 Kg, where for each c 2 C; Dk (c) = ck , and ck is derived from c by shifting back each letter by k C = M. Ryszard Janicki Cryptography 3 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Goals and Adversaries The goal of cryptography is to keep enciphered information secret. An adversary wants to break a cipher-text. Adversary knows D and E. Three types of attacks: 1 Ciphertext only - Adversary has only the ciphertext. Goal: plaintext and, if possible, the key. 2 Known Plaintext - Adversary has the ciphertext and the plaintext that was enciphered. Goal: the key 3 Chosen Plaintext - Adversary may ask that specic plaintexts be enciphered, and is given the corresponding ciphetexts. Goal: the key A good cryptosystem protects against all three types of attacks. Ryszard Janicki Cryptography 4 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Classical Cryptosystems Denition Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherement and decipherement. In these systems, for all Ek 2 C −1 and k 2 K, there is a Dk 2 D such that Dk = Ek . Example The Caesar cipher discussed earlier had a key of 3, so the enciphering function was E3. To decipher KHOOR, we used the same key in decipherment function D3. Hence, the Caesar cipher is a classical cipher. There are two basic types of classical ciphers: transposition ciphers, and substitution ciphers. Ryszard Janicki Cryptography 5 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Transposition Ciphers Denition A transposition cipher rearranges the characters in the plaintext to form the ciptertext. The letters are not changed. Example (Rail-Fence Cipher) The rail-fence cipher is composed by writing the plaintext in two rows, proceeding down, then across, and reading the ciphertext across. 1 3 5 7 1 2 3 4 5 6 7 8 =) 2 4 6 8 =) 1 3 5 7 =) 1 3 5 7 2 4 6 8 2 4 6 8 HLOOL For example: HELLOWORLD =) ELWRD =) HLOOLELWRD Ryszard Janicki Cryptography 6 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Transposition Ciphers Example (Rail-Fence Cipher. Version 2) 1 4 7 1 2 3 4 5 6 7 8 9 =) 2 5 8 =) 3 6 9 1 4 7 2 5 8 =) 1 4 7 2 5 8 3 6 9 3 6 9 HLWL For example: HELLO WORLD =) EOOD =) LR HLWLEOODL R Ryszard Janicki Cryptography 7 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Transposition Ciphers Mathematically, the key to a transposition cipher is a permutation function. Permutations does not change the frequency of plaintext characters, which provides means of attack. Example For instance because HE has frequency 3:05% in English, one may assume that in HLOOLELWRD, E should follow H, so one may try: HE LL OW OR LD Reading the letters across and down produces HELLOWORLD. Ryszard Janicki Cryptography 8 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Substitution Ciphers Denition A substitution cipher changes characters in the plaintext to produce the ciphertexts. Example Consider Caesar cipher with the key k = 3 or D, i.e. A ! D; B ! E;:::; X ! A; Y ! B; Z ! C. HELLOWORLD ! KHOORZRUOG A Caesar cipher is susceptible to a statistical ciphertext-only attack. Ryszard Janicki Cryptography 9 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Substitution Ciphers Example Ciphertext: KHOORZRUOG (length is 10 characters). Numbering of letters: A ! 0; B ! 1;:::; Z ! 25. STATISTICAL ATTACK: Frequencies of letters in KHOORZRUOG: 6 7 10 14 17 20 25 c = G H K O R U Z f (c) = 0.1 0.1 0.1 0.3 0.2 0.1 0.1 Correlation with average English text: 25 X Φ(i) = f (c)p(c − i); c=0 where p(x) are character frequencies in English (see Table 9-1 on page 11). Ryszard Janicki Cryptography 10 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Character Frequencies in English • p(0) = p(a) = 0:080; p(1) = p(b) = 0:015;:::; p(25) = p(z) = 0:002 Ryszard Janicki Cryptography 11 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Substitution Ciphers Example (continuation) Ciphertext: KHOORZRUOG. Numbering of letters: A ! 0; B ! 1;:::; Z ! 25. STATISTICAL ATTACK: For KHOORZRUOG, we have Φ(i) = 0:1p(6 − i) + 0:1p(7 − i) + 0:1p(10 − i) + 0:3p(14 − i) + 0:1p(20 − i) + 0:1p(25 − i) We are looking to the biggest Φ(i); i = 0;:::; 25. Ryszard Janicki Cryptography 12 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Values of Φ(i) for `KHOORZROOG` in English Φ(6) = 0:0660 =) KHOORZROOG ! EBIILTLOIA, Φ(10) = 0:0635 =) KHOORZROOG ! AXEEHPHKEW , Φ(3) = 0:0575 =) KHOORZROOG ! HELLOWORLD, Φ(14) = 0:0535 =) KHOORZROOG ! WTAADLDGAS, Ryszard Janicki Cryptography 13 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Vigenère Cipher Invented by Blaise de Vigenère in 1586. Denition The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. In other words, like Caesar cipher, but we use a phrase. Figure 9-3 on page 15 shows a tableau to implement this cipher eciently. Because this requires several dierent key letters, this type of cipher is called polyalphabetic. Ryszard Janicki Cryptography 14 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Ryszard Janicki Cryptography 15 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Vigenère Cipher Example Letters enumeration: A ! 0;:::; G ! 6;:::; I ! 8;:::; V ! 21;:::; Z ! 25: Message: THE BOY HAS THE BALL Key: VIG or 21-8-6. We encipher using Caesar cipher for each letter: Plaintext THEBOYHASTHEBALL Keys VIGVIGVIGVIGVIGV Ciphertext OPKWWECIYOPKWIMG, since (T + V ) mod 26 = O; (H + I ) mod 26 = P, (E + G) mod 26 = K, etc. Ryszard Janicki Cryptography 16 / 38 Cryptography Classical Cryptosystems Public Key Cryptography Cryptographic Checksums Vigenère Cipher Breaking is not easy but possible (Friedrich Kasiski in 1863). Breaking is based on the observation, that repetitions occur when characters of the key appear over the same characters in the ciphertext. Example Plaintext THE BOYHASTHE BALL Keys VIGVIGVIGVIGVIGV Ciphertext OPK WWECIYOPK WIMG, The string OPK appears twice. The ciphertext repetitions are nine character apart. Hence 9 is a multiple of the period, i.e. period must be either 3 or 9. We can then use some statistical analysis to break the cipher, however it is not easy. Ryszard Janicki Cryptography 17 / 38 7. A noted computer security expert has said that without integrity, no system can provide confidentiality. a. Do you agree? Justify your answer. b. Can a system provide integrity without confidentiality? Again, justify your answer. 8. A cryptographer once claimed that security mechanism other than cryptography were unnecessary because cryptography could provide any desired level of confidentiality and integrity. Ignoring availability, either justify or refute the cryptographer claim. 9. Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B and C, specify what type of access (read, write, both, or neither) is allowed in each of the following situations. Assume that discretionary access controls allow anyone access unless otherwise specified. a. Paul, cleared for (TOP SECRET, {A, C}), wants to access a document classified (SECRET, {B, C}). b. Anna, cleared for (CONFIDENTIAL, {C}), wants to access a document classified (CONFIDENTIAL, {B}). c. Jesse, cleared for (SECRET, {C}), wants to access a document classified (CONFIDENTIAL, {C}). d. Sammi, cleared for (TOP SECRET, {A, C}), wants to access a document classified (CONFIDENTIAL, {A}). e. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified (CONFIDENTIAL, {B}). 10. Give an example that demonstrates that the integrity level of subjects decreases in Biba’s low-water-mark policy. Under what conditions will the integrity level remain unchanged? 11. Decipher the following ciphertext, which was enciphered using the Caesar cipher: TEBKFKQEBZLROPBLCERJXKBSBKQP Cryptography Example (VigenèreClassical Cipher) Cryptosystems 12. Exercise 8 from page Public242 of Key Bishop’s Cryptography textbook. See below: The following messageCryptographic was Checksums enciphered with a Vigenère cipher. Find the key and decipher it: 2 SOLUTION We begin by looking for repetitions in the ciphertext. IYO appears twice 25 spaces apart. KRG also appears twice, 20 spaces apart. LVF is also repeated 55 spaces apart.