DOCSLIB.ORG

CNS Lecture 4 - 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CNS Lecture 4 - 2 In the news CNS Widely Deployed Software (1) CRITICAL: Apple QuickTime Multiple Vulnerabilities Lecture 4 (2) HIGH: Adobe Flash Player Multiple Vulnerabilities (3) HIGH: Microsoft Internet Explorer Compressed Content Heap Overflow(MS06-042) (4) HIGH: Microsoft Pragmatic General Multicast Buffer Overflow (MS06-052) Random Numbers (5) HIGH: Microsoft Publisher File Parsing Buffer Overflow (MS06-054) Steganography (6) MODERATE: Cisco IOS VTP Multiple Vulnerabilities (7) MODERATE: HP OpenView Multiple Vulnerabilities Classical cryptography (8) MODERATE: PHP NULL Processing Arbitrary File Overwrite (9) LOW: Microsoft Indexing Service Cross Site Scripting Vulnerability(MS06-053) Other Software Assignments ncp (10) HIGH: Multiple Products PHP File Include Vulnerabilities (11) HIGH: Multiple Products SQL Injection Vulnerabilities Hash/hmac values are binary data, you can’t use strcpy() (12) HIGH: Tagger LE Remote Code Execution or strcmp(), use memcpy() (13) MODERATE: Act Networks NetPerformer FRAD Multiple Vulnerabilities (14) MODERATE: SQL-Ledger/LedgerSMB Remote Code Execution CNS Lecture 4 - 2 Random Numbers 34495638193476348762347346 You are here … Attacks & Defenses Cryptography Applied crypto •Why? • Risk assessment •Random numbers •SSH • Generating (pseudo) random • Viruses numbers from a random seed •Hash functions •PGP • Unix security • • Sources of random bits • authentication MD5, SHA,RIPEMD S/Mime • •Classical + stego •SSL Network security Crypto Toolkit Firewalls,vpn,IPsec,IDS secret-key crypto •Number theory •Kerberos public-key crypto big-number math •Symmetric key •IPsec random numbers prime numbers hash functions DES, Rijndael, RC5 •Public key RSA, DSA, D-H,ECC CNS Lecture 4 - 3 CNS Lecture 4 - 4 Random Numbers Random numbers -- definition Good cryptography requires good random numbers. • equally likely to choose any element (uniform distribution) • independence – can’t infer one value in the sequence from others • tests of random sequences (Knuth) • non-crypto: games, simulation – half the bits 1 • salt, cookie, nonce (challenge) – Chi-square (bin tests), Komolgorov-Smirnov • TCP sequence number – spectral test – runs tests, n-D tests • used for public keys (RSA, D-H) – bit, byte, word correlations • per-message secrets (DSS k, PGP) – FIPS 140 tests: runs, poker, monobit • used for secret keys (KDC/ssh session key) – show that it's NOT random • Encryption initialization vectors (IV) – Software: Diehard or ent • • cryptographic random numbers need to be used for one-time pads or seed – unpredictable • used for blinding – resistant to attack • By observing random output, can’t predict next nor back-guess • Can’t significantly influence output or initial seed predictable = vulnerable predictable, means you can guess the key CNS Lecture 4 - 5 CNS Lecture 4 - 6 1 Pseudorandom numbers (PRNG) Stronger PRNGs • computer is deterministic • software linear feedback shift registers (LFSR) • encrypted counter • rand() statistically OK, but cryptographically weak • chained encryption (OFB, DES/rijndael/etc.) –based on linear congruential method Ri+1 = encrypt(key,Ri) OFB's (e.g.,DES) are slow (export limits) –R i+1 = (aRi + b) mod n • repeated hash (MD5, SHA) –random numbers between 0 and n-1 –R i+1 = MD5(key,Ri) BBS (large primes p and q, secret!) – outputsize eventually repeats –eventually repeats 2 2 X0 = s mod n n =pq where p=q=3 mod 4 – • Java SecureRandom -- SHA(seed,counter) 2 even if good seed, R0, can solve for a,b,n if you can capture three R’s Xi = (Xi-1) mod n s is relatively prime to n • Blum, Blum, Shub (quadratric residue) B = X mod 2 just use low order bit • repeatability good for testing (games/simulation), bad for i i crypto catch 22: need a good random seed (key) p=383 seed needs to be unpredictable q=503 s=101355 CNS Lecture 4 - 7 CNS Lecture 4 - 8 ANSI random numbers True random numbers ANSI X9.17 Sources for a random seed • coin toss, dice • V0 64-bit initial seed • radioactive source • Ek 3DES encryption with random keys K1 K2 (112 bits) • noisy diode • • DT high-resolution time t (max 64-bits) unplugged microphone (/dev/audio) i • lava lamps (video, SHA, BBS) • R = E (E (t) ⊕ V ) next random number n k k n • FORTEZZA card has random source ? • V = E (E (t) ⊕ R ) next seed n+1 k k n • a few hardware sources for computers (QNG),intel i810, AMD768 • 9 DES operations – thermal noise (resistor) • Export controlled – sampling oscillators • if keys are discovered, – I/O device, 75 Kbs can predict all outputs! – Serial port devices need a good random seed/key need to verify generator is working (FIPS 140-2) CNS Lecture 4 - 9 CNS Lecture 4 - 10 Almost random sources Bad random sources Netscape (SSL) • source for a random seed x = mixbits (time.tv_usec) y = mixbits(getpid() + time.tv_sec + getppid() << 12) –keystroke timing seed = MD5(x,y) –mouse tracking nonce = MD5(seed++) –frame buffer key = MD5(seed++) –disk times MIT_MAGIC_COOKIE –/dev/random key = rand() % 256 –system status (netstat, ps, iostat) Kerberos v4 • Netscape attack srandom(time.tv_usec ^ time.tv_sec ^ getpid() ^ gethostid() ^ counter++ ) key = random() • poll several sources SESAME • may be biases -- use a mixing function (MD5, encryptor) to eliminate biases key = rand() and "stretch" output • Retain (and protect) random pool across reboots CNS Lecture 4 - 11 CNS Lecture 4 - 12 2 Texas hold’em -- ooops SSH v1 random numbers randoms.c • On-line poker site used simple random number generator and random_get_noise_from_command(state, uid, "ps laxww 2>/dev/null"); guessable seed (Pascal’s Randomize() ) if (time(NULL) - start_time < 30) random_get_noise_from_command(state, uid, "ps -al 2>/dev/null"); 32 • Instead of 52! possibilities from a shuffle, less than 2 if (time(NULL) - start_time < 30) • After 5 cards revealed, you can figure out the order of the deck random_get_noise_from_command(state, uid, "ls -alni /tmp/. 2>/dev/null"); • Nerd’s revenge if (time(NULL) - start_time < 30) random_get_noise_from_command(state, uid, "w 2>/dev/null"); if (time(NULL) - start_time < 30) random_get_noise_from_command(state, uid, "netstat -s 2>/dev/null"); if (time(NULL) - start_time < 30) random_get_noise_from_command(state, uid, "netstat -an 2>/dev/null"); if (time(NULL) - start_time < 30) random_get_noise_from_command(state, uid, "netstat -in 2>/dev/null"); then mixes using MD5 ssh v2 uses openssl (/dev/urandom) CNS Lecture 4 - 13 CNS Lecture 4 - 14 Truerand() PGP’s random numbers in Blaze's cryptolib •returns about 16 bits of entropy per call noise.c random.c randpool.c •starts a timer (16.7 ms) • key strokes, high res time •does count++ til timer expires • randomness retained in randseed.bin • shifts/XOR count into a buffer • data from file pre/post washed with encryption (CFB) •does it 11 times • updated any time user does keyboard input randomness of clock skew and OS events • updated with hash (MD5) of file being encrypted • data stirred with MD5 • uses X9.17 but with IDEA Java’s dueling threads • paper on randomness of PGP IDEA keys Start 8 threads each doing counter[i]++ rand is XOR of 8 counters CNS Lecture 4 - 15 CNS Lecture 4 - 16 gpg randomness UNIX /dev/random • Random numbers for public key generation and message keys • cipher/random.c based on Gutman’s paper • Uses /dev/urandom, seed file + pid, time, and clock • Mixes pool with RIPEMD-160 • Wipes stack and prefers “secure memory” (no swap) • Pool updated whenever key requested for encryption or secure • Entropy C collected from sources and mixed into primary pool hash ( DSS k ) • Secondary pools draw entropy E from primary pool • Stats track current entropy of pool • Whenever entropy is withdrawn some is mixed back in • Application can request strong entropy (slower) • Event entropy (bits): • Saves pool to file ~/.gpg/randseed.bin keyboard(12), mouse(8), disk(3), interrupts(4) CNS Lecture 4 - 17 CNS Lecture 4 - 18 3 /dev/random Entropy gathering daemons (EGD) • randomness from keyboard timings, mouse,interrupts, IO completion, delta times • For systems without /dev/random • randomness is added to pool by each driver in kernel • EGADS (securesoftware.com) –Linux: e.g., in mouse driver routine –Conservative entropy estimates add_mouse_randomness(queue->buf[head] = inb(AUX_INPUT_PORT)); • If not enough entropy, gathers more data –and in keyboard.c, after a key press –“Tiny” variant of Yarrow, slow pool and fast pool of entropy add_keyboard_randomness(scancode); –Data gathered from system mixed in pool (8 LFSR’s) with UMAC nonce and • mixing with primitive polynomial GF(2) and MD5 counter using primitive polynomial • • startup is a problem (can save/restore pool) Unix info: /dev/random, df, ps • Windows: timestamp, sleep() jitter, performance counters, • Available on most UNIX systems –Access via UNIX domain socket • user can request random bytes with read to /dev/random –API for random bytes, int’s, double, range, various distributions (uniform, reading reduces the available bits (4096 max) and may block! gaussian, …) • /dev/urandom for pseudo-random (recurse MD5) –OpenSSL will look for EGADS daemon if no /dev/random • /dev/hwrandom if hardware random source available (AMD, intel) What if embedded system, cold start, little activity? CNS Lecture 4 - 19 CNS Lecture 4 - 20 OpenSSL random numbers Other PRNG’s • Window’s CryptGenRandom() –Entropy gathered from system (process and thread IDs, ticks since boot, –mix (MD5) in msg, time, /dev/random current time, memory info, performance counters) and mixed with MD4 and –Windows -- hash of screen (frame buffer) RC4 • Java’s SecureRandom –add randomness
Load more

Recommended publications
  • International Journal for Scientific Research & Development
    IJSRD - International Journal for Scientific Research & Development| Vol. 6, Issue 03, 2018 | ISSN (online): 2321-0613 Designing of Decryption Tool Shashank Singh1 Vineet Shrivastava2 Shiva Agrawal3 Shakti Singh Rawat4 1,3,4Student 2Assistant Professor 1,2,3,4Department of Information Technology 1,2,3,4SRM Institute of Science & Technology, India Abstract— In the modern world secure transmission of the r = gk mod p data is very important. Many modern day cryptographic methods can be used to encrypt the message before C. Decryption of the Cipher-text transmitting in the secured medium. In certain situations like The receiver with his private key calculates when there is matter of national security the information t. r−x encrypted has to be decrypted, it is where the cryptanalysis which gives the plaintext. comes into play. Cryptanalysis is the field of Cryptography in But in this algorithm, as there is just one private key, it can which various types of Cryptographic techniques are be guessed by any intruder and is thus not reliable. carefully studied in order to reverse engineer the encrypted information in order to retrieve the sensible information. The III. PROBLEM SOLUTION main aim and function of the Decryption tool is to take the In this project we are modifying the existing conventional input as the encrypted text given from the user and encryption algorithm by dividing the private key and cryptanalyze it and give the output as the decrypted text in assigning them to 2n+1 authorized receivers individually. case more than one sensible decrypted text found it will The persons will be able to decrypt the message received output all the possible decrypted texts.
    [Show full text]
  • Download Download
    International Journal of Integrated Engineering: Special Issue 2018: Data Information Engineering, Vol. 10 No. 6 (2018) p. 183-192. © Penerbit UTHM DOI: https://doi.org/10.30880/ijie.2018.10.06.026 Analysis of Four Historical Ciphers Against Known Plaintext Frequency Statistical Attack Chuah Chai Wen1*, Vivegan A/L Samylingam2, Irfan Darmawan3, P.Siva Shamala A/P Palaniappan4, Cik Feresa Mohd. Foozy5, Sofia Najwa Ramli6, Janaka Alawatugoda7 1,2,4,5,6Information Security Interest Group (ISIG), Faculty Computer Science and Information Technology University Tun Hussein Onn Malaysia, Batu Pahat, Johor, Malaysia E-mail: [email protected], [email protected], {shamala, feresa, sofianajwa}@uthm.edu.my 3School of Industrial Engineering, Telkom University, 40257 Bandung, West Java, Indonesia 7Department of Computer Engineering, University of Peradeniya, Sri Lanka E-mail: [email protected] Received 28 June 2018; accepted 5August 2018, available online 24 August 2018 Abstract: The need of keeping information securely began thousands of years. The practice to keep the information securely is by scrambling the message into unreadable form namely ciphertext. This process is called encryption. Decryption is the reverse process of encryption. For the past, historical ciphers are used to perform encryption and decryption process. For example, the common historical ciphers are Hill cipher, Playfair cipher, Random Substitution cipher and Vigenère cipher. This research is carried out to examine and to analyse the security level of these four historical ciphers by using known plaintext frequency statistical attack. The result had shown that Playfair cipher and Hill cipher have better security compare with Vigenère cipher and Random Substitution cipher.
    [Show full text]
  • COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Cryptography Is Everywhere a Long & Rich History
    COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Cryptography Is Everywhere A Long & Rich History Examples: • ~50 B.C. – Caesar Cipher • 1587 – Babington Plot • WWI – Zimmermann Telegram • WWII – Enigma • 1976/77 – Public Key Cryptography • 1990’s – Widespread adoption on the Internet Increasingly Important COS 433 Practice Theory Inherent to the study of crypto • Working knowledge of fundamentals is crucial • Cannot discern security by experimentation • Proofs, reductions, probability are necessary COS 433 What you should expect to learn: • Foundations and principles of modern cryptography • Core building blocks • Applications Bonus: • Debunking some Hollywood crypto • Better understanding of crypto news COS 433 What you will not learn: • Hacking • Crypto implementations • How to design secure systems • Viruses, worms, buffer overflows, etc Administrivia Course Information Instructor: Mark Zhandry (mzhandry@p) TA: Fermi Ma (fermima1@g) Lectures: MW 1:30-2:50pm Webpage: cs.princeton.edu/~mzhandry/2017-Spring-COS433/ Office Hours: please fill out Doodle poll Piazza piaZZa.com/princeton/spring2017/cos433mat473_s2017 Main channel of communication • Course announcements • Discuss homework problems with other students • Find study groups • Ask content questions to instructors, other students Prerequisites • Ability to read and write mathematical proofs • Familiarity with algorithms, analyZing running time, proving correctness, O notation • Basic probability (random variables, expectation) Helpful: • Familiarity with NP-Completeness, reductions • Basic number theory (modular arithmetic, etc) Reading No required text Computer Science/Mathematics Chapman & Hall/CRC If you want a text to follow along with: Second CRYPTOGRAPHY AND NETWORK SECURITY Cryptography is ubiquitous and plays a key role in ensuring data secrecy and Edition integrity as well as in securing computer systems more broadly.
    [Show full text]
  • An Extension to Traditional Playfair Cryptographic Method
    International Journal of Computer Applications (0975 – 8887) Volume 17– No.5, March 2011 An Extension to Traditional Playfair Cryptographic Method Ravindra Babu K¹, S. Uday Kumar ², A. Vinay Babu ³, I.V.N.S Aditya4 , P. Komuraiah5 ¹Research Scholar (JTNUH) & Professor in CSE, VITS SET, Kareemnagar, AP, India. ²Deputy Director, Professor in CSE. SNIST, JNTUH. Hyderabad, Andhra Pradesh, India. ³Director, Admissions, Jawaharlal Nehru Technological University, Hyderabad, Andhra Pradesh, India. 4Computer Science & Engineering, AZCET, Mancherial. 5HOD IT, VITS SET, Kareemnagar, AP, India. ABSTRACT Fig 1: General cryptographic system. The theme of our research is to provide security for the data that contains alphanumeric values during its transmission. The best known multiple letter encryption cipher is the play fair, which treats the plain text as single units and translates these units into cipher text. It is highly difficult to the intruder to understand or to decrypt the cipher text. In this we discussed about the existing play fair algorithm, its merits and demerits. The existing play fair algorithm is based on the use of a 5 X 5 matrix of letters constructed using a keyword. This algorithm can only allow the text that contains alphabets only. For this we have proposed an enhancement to the existing algorithm, that a 6 X 6 matrix can be constructed. General Terms Encryption, Decryption, Plaintext, Cipher text. 2. EXISTING TECHNIQUES All cryptographic algorithms are based on two general Keywords principals: substitution, in which each element in the plaintext Substitution, Transposition. (bit, letter and group of bits or letters) is mapped into another element and in transposition, the elements of the plaintext have 1.
    [Show full text]
  • Classifying Classic Ciphers Using Machine Learning
    San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Spring 5-20-2019 Classifying Classic Ciphers using Machine Learning Nivedhitha Ramarathnam Krishna San Jose State University Follow this and additional works at: https://scholarworks.sjsu.edu/etd_projects Part of the Artificial Intelligence and Robotics Commons, and the Information Security Commons Recommended Citation Krishna, Nivedhitha Ramarathnam, "Classifying Classic Ciphers using Machine Learning" (2019). Master's Projects. 699. DOI: https://doi.org/10.31979/etd.xkgs-5gy6 https://scholarworks.sjsu.edu/etd_projects/699 This Master's Project is brought to you for free and open access by the Master's Theses and Graduate Research at SJSU ScholarWorks. It has been accepted for inclusion in Master's Projects by an authorized administrator of SJSU ScholarWorks. For more information, please contact [email protected]. Classifying Classic Ciphers using Machine Learning A Project Presented to The Faculty of the Department of Computer Science San José State University In Partial Fulfillment of the Requirements for the Degree Master of Science by Nivedhitha Ramarathnam Krishna May 2019 © 2019 Nivedhitha Ramarathnam Krishna ALL RIGHTS RESERVED The Designated Project Committee Approves the Project Titled Classifying Classic Ciphers using Machine Learning by Nivedhitha Ramarathnam Krishna APPROVED FOR THE DEPARTMENT OF COMPUTER SCIENCE SAN JOSÉ STATE UNIVERSITY May 2019 Dr. Mark Stamp Department of Computer Science Dr. Thomas Austin Department of Computer Science Professor Fabio Di Troia Department of Computer Science ABSTRACT Classifying Classic Ciphers using Machine Learning by Nivedhitha Ramarathnam Krishna We consider the problem of identifying the classic cipher that was used to generate a given ciphertext message.
    [Show full text]
  • Codebusters Coaches Institute Notes
    BEING COVER AGENT FIXED DELAY, PILOT RIGHT PLANE, CATCH SMALL RADIO (CODEBUSTERS) This is the first year CodeBusters will be a National event. A few changes have been made since the North Carolina trial event last year. 1. The Atbash Cipher has been added. 2. The running key cipher has been removed. 3. K2 alphabets have been added in addition to K1 alphabets 4. Hill Cipher decryption has been added with a given decryption matrix. 5. The points scale has been doubled, but the timing bonus has been increased by only 50% in order to further balance the test. 1 TYPES OF PROBLEMS 1.1 ARISTOCRAT (EASY TO HARD DIFFICULTY) http://www.cryptograms.org/tutorial.php An Aristocrat is the typical Crypto-quote you see in the newspaper. Word spaces are preserved. No letter will stand for itself and the replacement table is given as a guide (but doesn’t need to be filled in by the team to get credit). FXP PGYAPYF FIKP ME JAKXPT AY FXP GTAYFMJTGF THE EASIEST TYPE OF CIPHER IS THE ARISTOCRAT A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Frequency 4 1 6 3 1 2 2 2 6 3 3 4 Replacement I F T A Y C P O E R H S 1.2 ARISTOCRATS WITH SPELLING AND/OR GRAMMAR ERRORS (MEDIUM TO VERY HARD DIFFICULTY) For these, either words will be misspelled or grammatical errors introduced. From a student perspective, it is what they might expect when someone finger fumbles a text message or has a bad voice transcription.
    [Show full text]
  • Poet Admits // Mute Cypher: Beam Search to Find Mutually Enciphering
    Poet Admits // Mute Cypher: Beam Search to find Mutually Enciphering Poetic Texts Cole Peterson and Alona Fyshe University of Victoria [email protected], [email protected] Abstract other English poem. In a sense, Bok¨ not only turns a microbe into a genetic book, he also engineers The Xenotext Experiment implants poetry into the microbe to be, in a sense, a poet. The organ- an extremophile’s DNA, and uses that DNA to generate new poetry in a protein form. ism’s molecular machinery powers this translation The molecular machinery of life requires that between the two texts, which, at a high level, is a these two poems encipher each other un- symmetric substitution cipher between the letters, der a symmetric substitution cipher. We and is described in more detail in Section 2. The search for ciphers which permit writing under two poems (the poet’s and the organism’s) must both the Xenotext constraints, incorporating ideas play by the rules we refer to as the Xenotext Con- from cipher-cracking algorithms, and using straints: n-gram data to assess a cipher’s “writabil- ity”. Our algorithm, Beam Verse, is a beam Each text is valid natural language. search which uses new heuristics to navigate • the cipher-space. We find thousands of ci- phers which score higher than successful ci- The substitution cipher function applied to one • phers used to write Xenotext constrained texts. text, results in the other text, and vice versa. In other words, the cipher function must be sym- 1 Introduction metric. For over a decade, poet Christian Bok¨ has been Whitespace characters (space, new line) enci- • working on The Xenotext (Bok,¨ 2008), a literary ex- pher themselves, and are the only characters al- periment which aims to insert poetry into the DNA lowed identity mappings.
    [Show full text]
  • The Mathemathics of Secrets.Pdf
    THE MATHEMATICS OF SECRETS THE MATHEMATICS OF SECRETS CRYPTOGRAPHY FROM CAESAR CIPHERS TO DIGITAL ENCRYPTION JOSHUA HOLDEN PRINCETON UNIVERSITY PRESS PRINCETON AND OXFORD Copyright c 2017 by Princeton University Press Published by Princeton University Press, 41 William Street, Princeton, New Jersey 08540 In the United Kingdom: Princeton University Press, 6 Oxford Street, Woodstock, Oxfordshire OX20 1TR press.princeton.edu Jacket image courtesy of Shutterstock; design by Lorraine Betz Doneker All Rights Reserved Library of Congress Cataloging-in-Publication Data Names: Holden, Joshua, 1970– author. Title: The mathematics of secrets : cryptography from Caesar ciphers to digital encryption / Joshua Holden. Description: Princeton : Princeton University Press, [2017] | Includes bibliographical references and index. Identifiers: LCCN 2016014840 | ISBN 9780691141756 (hardcover : alk. paper) Subjects: LCSH: Cryptography—Mathematics. | Ciphers. | Computer security. Classification: LCC Z103 .H664 2017 | DDC 005.8/2—dc23 LC record available at https://lccn.loc.gov/2016014840 British Library Cataloging-in-Publication Data is available This book has been composed in Linux Libertine Printed on acid-free paper. ∞ Printed in the United States of America 13579108642 To Lana and Richard for their love and support CONTENTS Preface xi Acknowledgments xiii Introduction to Ciphers and Substitution 1 1.1 Alice and Bob and Carl and Julius: Terminology and Caesar Cipher 1 1.2 The Key to the Matter: Generalizing the Caesar Cipher 4 1.3 Multiplicative Ciphers 6
    [Show full text]
  • Steganography: Steganography Is a Type of Secret Communication Where the Existence of a Message Is Concealed
    Steganography: Steganography is a type of secret communication where the existence of a message is concealed. You can remember this by looking at the two parts of the word “stegano – graphy.” Both parts are of Greek origin. The Greek word steganos means “covered,” and the Greek word graphein means “to write.” Thus, a literal translation of steganography could be “covered writing.” The most simple form of steganography is hiding messages and images within larger pictures, such as the hidden symbols that can be found in the US dollar bill (can you find the spiders?). There are several different forms of steganography: Invisible Inks: Even in ancient times, invisible inks were used to hide messages. One example is using lemon juice on off-white parchment; only by holding the parchment up to a light will you be able to see the secret message: Music Cipher: In this method, notes on a scale correspond with letters in the alphabet. The message can be communicated through sheet music, or actual sound. Null Cipher: A null cipher is a type of hidden message where the real message is “camouflaged” in an innocent sounding message. A famous example of a null cipher is one sent by a German Spy in WWII: Apparently neutral’s protest is thoroughly discounted and ignored. Isman hit hard. Blockade issue affects pretext for embargo on by products, ejecting suets and vegetable oils. Taking the second letter in each word the following message emerges: Pershing sails from NY June 1. Digital Images: This fairly new method of steganography exploits the properties of digital images to hide messages.
    [Show full text]
  • Cryptography
    Cryptography A Brief History and Introduction MATH/COSC 314 Based on slides by Anne Ho Carolina Coastal University What is cryptography? κρυπτός γράφω “hidden, secret” “writing” ● Cryptology Study of communication securely over insecure channels ● Cryptography Writing (or designing systems to write) messages securely ● Cryptanalysis Study of methods to analyze and break hidden messages Secure Communications ● Alice wants to send Bob a secure message. ● Examples: ○ Snapchat snap ○ Bank account information ○ Medical information ○ Password ○ Dossier for a secret mission (because Bob is a field agent for an intelligence agency and Alice is his boss) Secure Communications Encryption Decryption Key Key Plaintext Ciphertext Plaintext Alice Encrypt Decrypt Bob Eve ● Symmetric Key: Alice and Bob use a (preshared) secret key. ● Public Key: Bob makes an encryption key public that Alice uses to encrypt a message. Only Bob has the decryption key. Possible Attacks Eve (the eavesdropper) is trying to: ● Read Alice’s message. ● Find Alice’s key to read all of Alice’s messages. ● Corrupt Alice’s message, so Bob receives an altered message. ● Pretend to be Alice and communicate with Bob. Why this matters ● Confidentiality Only Bob should be able to read Alice’s message. ● Data integrity Alice’s message shouldn’t be altered in any way. ● Authentication Bob wants to make sure Alice actually sent the message. ● Non-repudiation Alice cannot claim she didn’t send the message. Going back in time… 5th century BC King Xerxes I of Persia Definitely not historically accurate. Based on Frank Miller’s graphic novel, not history. 5th century BC Secret writing and steganography saved Greece from being completely conquered.
    [Show full text]
  • Playfair Cipher and Shift Cipher Kriptografi – 3Rd Week
    “ Add your company slogan ” Playfair Cipher and Shift Cipher Kriptografi – 3rd Week LOGO Aisyatul Karima, 2012 . Standar kompetensi . Pada akhir semester, mahasiswa menguasai pengetahuan, pengertian, & pemahaman tentang teknik-teknik kriptografi. Selain itu mahasiswa diharapkan mampu mengimplementasikan salah satu teknik kriptografi untuk mengamankan informasi yang akan dikirimkan melalui jaringan. Kompetensi dasar . Mahasiswa menguasai teknik playfair cipher . Mahasiswa menguasai teknik shift cipher Contents 1 Play fair Cipher Method 2 Shift Cipher Method Playfair Cipher Method . Playfair cipher or Playfair square is symetric encryption technique that member of digraph substitution technique. This technique encrypt digraph or pair of alphabet . Based on the reason, this technique hard to encode compare with the simple substitution technique. Playfair Cipher Method . This technique found by Charles Wheatstone on physics he is founder of wheatstone bridge on 1854. Charles Wheatstone . But, popularized by Lord Playfair. Lord Playfair Playfair Cipher Method . The process of playfair cipher : . The key composed by 25 letters that arranged in a square 5x5 by removing the letter J from alphabet. S T A N D E R C H B K F G I L M O P Q U V W X Y Z ????? . contoh kunci yang digunakan . Jumlah kemungkinan kunci dari sistem ini adalah : 25!=15.511.210.043.330.985.984.000.000 Playfair Cipher Method . The keys on square expanded by adding the 6th column and the 6th row. 6th column = 1st column S T A N D S E R C H B E K F G I L K M O P Q U M V W X Y Z V S T A N D 6th row = 1st row Playfair Cipher Method .
    [Show full text]
  • Loads of Codes – Cryptography Activities for the Classroom
    Loads of Codes – Cryptography Activities for the Classroom Paul Kelley Anoka High School Anoka, Minnesota In the next 90 minutes, we’ll look at cryptosystems: Caesar cipher St. Cyr cipher Tie-ins with algebra Frequency distribution Vigenere cipher Cryptosystem – an algorithm (or series of algorithms) needed to implement encryption and decryption. For our purposes, the words encrypt and encipher will be used interchangeably, as will decrypt and decipher. The idea behind all this is that you want some message to get somewhere in a secure fashion, without being intercepted by “the bad guys.” Code – a substitution at the level of words or phrases Cipher – a substitution at the level of letters or symbols However, I think “Loads of Codes” sounds much cooler than “Loads of Ciphers.” Blackmail = King = Today = Capture = Prince = Tonight = Protect = Minister = Tomorrow = Capture King Tomorrow Plaintext: the letter before encryption Ciphertext: the letter after encryption Rail Fence Cipher – an example of a “transposition cipher,” one which doesn’t change any letters when enciphered. Example: Encipher “DO NOT DELAY IN ESCAPING,” using a rail fence cipher. You would send: DNTEAIECPN OODLYNSAIG Null cipher – not the entire message is meaningful. My aunt is not supposed to read every epistle tonight. BXMT SSESSBW POE ILTWQS RIA QBTNMAAD OPMNIKQT RMI MNDLJ ALNN BRIGH PIG ORHD LLTYQ BXMT SSESSBW POE ILTWQS RIA QBTNMAAD OPMNIKQT RMI MNDLJ ALNN BRIGH PIG ORHD LLTYQ Anagram – use the letters of one word, phrase or sentence to form a different one. Example: “Meet behind the castle” becomes “These belched a mitten.” Substitution cipher – one in which the letters change during encryption.
    [Show full text]