Outline Cryptography and Cryptanalysis • Cryptology CMSC 426 - Computer Security • Symmetric Encryption • Cryptanalytic Attacks • Block and Stream Ciphers 1 2 Cryptography and Cryptanalysis • Cryptography - the • Cryptanalysis - the creation and use of theory and practice of Cryptology secret codes and related “breaking” data security cryptographic algorithms mechanisms. and protocols. The scientific study of codes: creating, using, analyzing, and “breaking.” • More generally, the • “Breaking” means study, theory, and recovering protected implementation of text or otherwise security mechanisms bypassing security based on the without knowledge of transformation of data. secret parameters. 3 4 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Cryptographic Cryptographic Mechanisms (a la X.800) Algorithms Data Confidentiality • Many choices, e.g. Encipherment... DES Encipherment Symmetric • Encryption Encryption Data and System Integrity 3DES • Digital Signatures Asymmetric Encryption AES • Data Integrity Mechanisms El Authentication Exchange RSA Gamal RC4 • DH 5 6 Symmetric Encryption In addition to learning about the primary cryptographic security mechanisms, we will The main ingredients: study utility mechanisms: • • Plaintext (message before encryption) Key Derivation - derivation of secret keys • Encryption algorithm for use in encipherment. • • Secret key Random Number Generation - generation • Ciphertext (message after encryption) of security-critical random values. • • Decryption algorithm 7 8 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Substitution Ciphers • The plaintext is just a message written in the alphabet. • Suppose my plaintext alphabet consists of A-Z, a- • The ciphertext uses the same alphabet. z, 0-9, period (.), and space. The secret key is the permutation P. • Let P be any permutation of the alphabet and P -1 • the inverse of P. • The encryption algorithm is the application of P to • For a message M = m0 m1 ... mn-1, the encipherment is each character in the plaintext. Z = P(m0) P(m1) ... P(mn-1). • The decryption algorithm is the application of the • The message can be decrypted by applying P -1 in inverse permutation to each character in the the same way to the characters in Z. ciphertext. 9 10 Exercise: Substitution Exercise continued... • Suppose I intercept a message encrypted with an unknown permutation P. • In the previous example, the alphabet consists of 64 letters. • I’ve got a special computer that can try all possible permutations to find the one that • How many different permutations of 64 decrypts the message. It can try one billion letters are there? (109) permutations per second. • How long will it take to find the answer? 11 12 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 A Better Attack? That’s called BRUTE FORCE. • Think back to Caesar Ciphers...wrack your It’s the simplest type of cryptanalytic brains... attack...but it’s not always practical. • What is a better way to attack a substitution cipher? 13 14 Cryptanalytic Attacks That’s called a CIPHERTEXT ONLY attack. Suppose we intercept ciphertext that we It’s a real cryptanalytic attack, and in the case • want to decrypt and that we know the of a substitution cipher, is much more details of the encryption algorithm. efficient than Brute Force. • Cryptanalytic attacks are classified There are other types of attacks... according to what other information is available to the attacker. 15 16 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Type of Known to Cryptanalyst A Few Scenarios Attack (in addition to algorithm and ciphertext) Ciphertext Substitution cipher: No additional information. • only ciphertext only. Known One or more plaintext/ciphertext pairs encrypted with the plaintext same key. • SIM or smart card in a test harness: chosen Chosen Plaintext messages chosen by analyst along with plaintext. plaintext corresponding ciphertexts encrypted with the same key. Chosen Ciphertext messages chosen by analyst along with • Stereotypical messages ciphertext corresponding plaintexts decrypted with the same key. (e.g. encrypted PDF, Word, or structured Chosen text Chosen plaintexts and chosen ciphertexts. messages: known plaintext. Source: www.scmartcarddetective.com 17 18 Block Ciphers Generic Block Cipher N O W I S T H E T I M E / / / / • Processes plaintext in fixed-size blocks (called the block size) and produces ciphertext in blocks of the same size. Key Algorithm Key Algorithm • Typical block sizes are 64 and 128 bits. • Examples: DES, 3DES, and AES r 2 Y a y q w d k i k R 2 e r 1 19 20 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Stream Ciphers Generic Stream Cipher • Algorithm (called a key generator) produces Key Generator Key a pseudo-random string of bits or bytes. Key Stream • Pseudo-random stream is XORed with Z N 0 k I Q B D m U q K ... plaintext. ⊕ Plaintext • Typically small and fast. N O W I S T H E T I M E Ciphertext • Examples: RC4, A5/1 = 0x14 0x01 0x67 0x22 0x1a 0x05 0x0a 0x01 0x39 0x1c 0x3c 0x0e 21 22 Alice and Bob Asymmetric Encryption • Alice and Bob are perpetually searching for • Imagine a cryptographic system in which… ways to communicate securely. ‣ Alice has two algorithms EA and DA. • Eve wants to read their communications. ‣ EA is used to encrypt a message to Alice; • Using block or stream ciphers, both Alice she can share EA freely. and Bob must have the same key K. ‣ DA is used to decrypt a message encrypted • This is a pain, because they have to meet to with EA; she needs to keep DA secret. agree on the value of K…or trust FedEx to • Similarly, Bob has EB and DB. 23 24 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Alice Bob Public Key Algorithms Publishes EA Receives EA Through the magic of number theory… Message M • ‣ Rivest-Shamir-Adleman-Cocks (RSA) M = DA(C) Ciphertext ‣ El Gamal C = EA(M) ‣ Diffie-Hellman (DH) Eve Shouldn’t be able to decrypt C or ‣ Elliptic Curve variants derive DA from EA. 25 26 Application: SSH Other Algorithms • There are a number of other important • Asymmetric encryption does not replace classes of algorithms: symmetric algorithms ‣ Message Authentication and Hashing ‣ Asymmetric (e.g. RSA) for authentication ‣ Pseudo-Random Number Generation ‣ Asymmetric (e.g. DH) for key agreement ‣ Key Scheduling ‣ Symmetric (e.g. AES) for data encryption • We will cover all of these to some extent. 27 28 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018 Next time: block ciphers in detail. 29 CMSC 426 - Cryptography and Cryptanalysis - SP2018 - February 27, 2018.