ISA 562 Information Security Theory & Practice

ISA 562 Information Security Theory & Practice

ISA 562 Information Security Theory & Practice Introduction to Cryptography Agenda • Basics & Definitions • Classical Cryptography • Symmetric (Secret Key) Cryptography • DES (Data Encryption Standard) • Multiple Encryptions • Modes of Block Cipher Operations • Math Essential • Asymmetric (Public Key) Cryptography 2 1 Basics & Definitions Security Concepts (I) • Confidentiality – Prevent information from being exposed to unintended party – Ex: An employee should not come to know the salary of his manager • Integrity – Assure that the information has not been tempered – Ex: An employee should not be able to modify the employee's own salary • Identity – Assure that the party of concern is authentic - it is what it claims to be – Ex: An employee should be able to uniquely identify and authenticate himself/herself 4 2 Security Concepts (II) • Availability – Assure that unused service or resource is available to legitimate users – Ex: Paychecks should be printed on time as stipulated by law • Anonymity – Assure that the identity of some party is remain anonymous – Ex: The manager should not know who had a critical review of him • Non-Repudiation – Assure that authenticated party has indeed done something that cannot be denied – Ex: Once the employee has cashed his paycheck, he can’t deny it. 5 Cryptography • Crypt = secret • Graph = writing • Cryptography is the science / art of transforming meaningful information into unintelligible text Becoming a science that relies on mathematics (number theory, algebra) • Cryptanalysis is the science / art of breaking cryptographic codes • Cryptology is the science / art / study of both cryptography and cryptanalysis 6 3 Applications of Cryptography • Assuring document integrity • Assuring document confidentiality • Authenticating parties • Document signature • Non-repudiation • Secure transactions • Exchanging keys • Sharing Secrets • Digital cash • Preserving anonymity • Copyright protection • More . 7 Cryptographic Services (I) Start From The Basics AB AB C a) Source Integrity b) Data Confidentiality Normal Flow Eavesdropping AB AB C C c) Data Integrity d) Source Authentication Modification Fabrication 8 4 Cryptographic Services (II) AB AB C e) Drop f) Replay AB C g) Denial of Service 9 Encryption/Decryption Basic Definitions plaintext ciphertext plaintext encryption decryption key key • Plaintext: a message in its original form • Ciphertext: a message in the transformed, unrecognized form • Encryption: the process that transforms a plaintext into a ciphertext • Decryption: the process that transforms a ciphertext to the corresponding plaintext • Key: the value used to control encryption/decryption. 10 5 Cryptanalytic Attack Definitions • Known Cipehrtext – Only the ciphertext is known to attacker – Cryptanalysis aims at revealing the plaintext and/or the key • Known Plaintext – Pairs of < plaintext , ciphertext > are known to attacker – Cryptanalysis aims at revealing the key – Relevant when plaintext is known / can be obtained • Chosen Plaintext – Attacker chooses the plaintext and receives the ciphertext – Cryptanalysis aims at revealing the key – Relevant when attacker can “inject” plaintext messages 11 Classical Cryptography 6 A little History • Cryptography was first used by early civilizations (including Egyptians, Greeks, Romans) for Secrecy (Confidentiality ) … now evolved to include Integrity , Authentication & Authenticity , and in some cases Non-Repudiation . • Early use of cryptography consisted of encryption by substitution methods and/or transposition methods – They were rather simple because of the lack of sophisticated computing engines – Can be easily attacked • Same methods are in use today, but with stronger properties and more powerful computing engines 13 Substitution Methods • Methods in which the letters of the alphabet are replaced with other letters / numbers / symbols. • Examples: – Caesar Cipher – fixed permutation – Shift Cipher – fixed permutation – Mono-Alphabetic Ciphers – one of many permutations – Poly-Alphabetic Ciphers – changing permutations – Vig`enere Cipher – multiple Mono-Alphabetic Ciphers – *Running Key Cipher – Simple yet effective • Algorithm is known – Key is “index” of permutation, but not for *Running Key Cipher 14 7 Caesar Cipher • Named after Julius Caesar, who supposedly invented it himself • Cyclic shift of the 26 letters of the alphabet by 3: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • In mathematical terms: C = ENC( P ) = P + 3 (mod 26) • For example: GMU → JPX • The secrecy is in the algorithm (!!!!) • There is one key (fixed permutation) • Easy to break (if algorithm is known) 15 A Shift Cipher • A Shift Cipher is similar to a Caesar Cipher, but there is a cyclic shift of the 26 letters of the alphabet by key K, where 0 ≤ K < 26. • In mathematical terms: C = ENC K( P ) = P + K (mod 26) • Algorithm is known • There are 26 different keys • Easy to break – check which of 26 possible keys returns the unintelligible ciphertext to a meaningful plaintext • Decipher HAL (the computer from the movie 2001: A Space Odyssey ) using a shift cipher of one. – So the shift variable n=1. • HAL ? 16 8 Mono-Alphabetic Ciphers • Generalization: arbitrary mapping of one letter to another • One of N! permutations on N letters of the alphabet • The key is the index of the permutation • Algorithm is known (mono-alphabetic cipher) • Key is secret (one of N! options) • Example: – N = 26 letters of the English alphabet – N! = 26! ≈ 4 • 10 26 ≈ 288 permutations or 309 Septillion – ≈ 309,485,009,821,345,000,000,000,000 permutations • IS IT SECURE? 17 Not with Frequency Analysis • Cryptanalysis formally began in later part of the first millennium AD in the Middle East. • Frequency analysis is the study of the frequency of occurrence of letters. (statistics) • First treatise on frequency analysis was written by Ab‾uY‾us‾uf Ya‘q‾ub ibn Is-h‾aq ibn as-Sabb‾ah ibn ‘omr‾an ibn Isma‾il al-Kind‾i, the “philosopher of the Arabs.” 18 9 Attacking Mono-Alphabetic Ciphers (I) • English is highly redundant, as shown in the next slide, it has a non-uniform distribution of letters. • Each symbol of ciphertext depends on only one symbol of plaintext and one value of the permutation key, so guessing part of the key gives part of the plaintext. • Attack proceeds by guessing parts of key corresponding to most common letters, which makes it possible to decipher entire message. 19 The problem: Letter Frequencies 20 10 Attacking Mono-Alphabetic Ciphers (II) • Appearance frequency of letters (in long enough texts) in the language is well determined as shown by the previous slide. • Appearance frequency of pairs of letters in the language is well defined: th, ee, oo, tt, qu, is, ae, . • Appearance frequency of certain words in the language is well defined as well: the ≈ 6.4% a ≈ 2.1% i ≈ 0.9% of ≈ 4.0% in ≈ 1.8% it ≈ 0.9% and ≈ 3.2% that ≈ 1.2% for ≈ 0.8% to ≈ 2.4% is ≈ 1.0% as ≈ 0.8% 21 Attacking Mono-Alphabetic Ciphers (III) • Using the appearance frequencies of letters, words, and pairs-of-letters – accelerates the identification of certain letter substitutions (which are part of the key) • Identification of word patterns, vowels, and consonants helps in finding parts of the text • The identification of the remaining parts of the key now reduces the search space dramatically (from N!) • Using heuristics and associative word-completions, the rest of the key can be easily revealed 22 11 Summary of English Language Facts 1. most common letters: E, T, A, O, I, N, S, H. 2. more than half of all words end in E, T, D, S. 3. Q is always followed by U. 4. most common word: “THE.” 5. most common doublets: EE, TT, OO, SS, LL, FF. 6. most common 2-letter combos: HE, RE, AN, TH, ER,IN. 7. most common 3-letter combos: ION, AND, ING, THE, ENT. 23 Possible solutions • You can try not to use redundant letters, like the letter “e”, as was done by a French writer named Georges Perec in 1969. He published a 300-page novel La Disparition (The Disappearance). It was translated into english by Gilbert Adair and is called “A Void”. • Or you can you a group of different Mono-Alphabetic Ciphers at different parts of the plaintext called Ploy-Alphabetic Ciphers. • Or you can group the plaintext into blocks that will then go through some transformation. 24 12 Poly-Alphabetic Ciphers • Use different Mono-Alphabetic Ciphers at different parts of the plaintext • Using many Mono-Alphabetic Ciphers will more-or-less equate the appearance frequencies of letters • Well-designed, and sufficiently long, Poly-Alphabetic Ciphers can be quite strong • A common scheme to build a Poly-Alphabetic Cipher: – Use a collection of related Mono-Alphabetic Ciphers – Use a key to determine which one of the Mono-Alphabetic Ciphers in the collection to use at each stage 25 Vig`enere Cipher (I) • Blaise de Vig`enere: (1523) Creates the Vig`enere cipher. • Thought to be too slow and cumbersome for warfare, the Vig`enere cipher was unused almost 200 years. • Vig`enere Cipher is one type of Poly-Alphabetic Cipher • The collection of Mono-Alphabetic Ciphers consists of the 26 options for Caesar Cipher (with K = 0, 1, 2, . ., 25) • Each of the 26 Caesar Ciphers is denoted by a letter, which is the ciphertext letter that replaces the letter ‘a’ • In practice: – A table of 26 rows by 26 columns is built. Row i in the table contains the 26 letters of the alphabet circularly shifted by i. – A keyword is used (over and over again) to select which of the mono-alphabetic ciphers

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    77 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us