Cryptography — Introduction Version: 2012/02/06 16:06:05

Cryptography — Introduction Version: 2012/02/06 16:06:05

CSc 466/566 Computer Security 4 : Cryptography — Introduction Version: 2012/02/06 16:06:05 Department of Computer Science University of Arizona [email protected] Copyright c 2012 Christian Collberg Christian Collberg 1/51 Outline 1 Introduction 2 Attacks 3 Substitution Ciphers 4 Transposition Ciphers 5 Substitution and Permutation Boxes 6 One-Time Pads 7 Summary Introduction 2/51 Introduction In this section we introduce some classical symmetric ciphers. We also discuss various attacks against ciphers. Introduction 3/51 Outline 1 Introduction 2 Attacks 3 Substitution Ciphers 4 Transposition Ciphers 5 Substitution and Permutation Boxes 6 One-Time Pads 7 Summary Attacks 4/51 Attacks Against Cryptosystems Definition (cryptanalysis) The science of attacking cryptosystems. A cryptanalyst attacks cryptosystems. We assume the cryptanalyst knows the algorithms involved. He wants to discover plaintext or keys. Attacks 5/51 Ciphertext-only attack plaintext encrypt ciphertext decrypt plaintext K K We have: the ciphertext of several messages that have been encrypted with the same key, K. We recover: the plaintexts, or K. Ciphertext-only attack plaintext encrypt ciphertext decrypt plaintext K K Eve We have: the ciphertext of several messages that have been encrypted with the same key, K. We recover: the plaintexts, or K. Ciphertext-only attack plaintext encrypt ciphertext decrypt plaintext K K Eve K plaintext We have: the ciphertext of several messages that have been encrypted with the same key, K. We recover: the plaintexts, or K. Attacks 6/51 Known-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K We have: the ciphertexts and corresponding plaintexts of several messages, all encrypted with the same key K. We recover: the key K. Known-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K Eve We have: the ciphertexts and corresponding plaintexts of several messages, all encrypted with the same key K. We recover: the key K. Known-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K Eve K We have: the ciphertexts and corresponding plaintexts of several messages, all encrypted with the same key K. We recover: the key K. Attacks 7/51 Chosen-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K We have: the ciphertext of several messages that have been encrypted with the same key K, such that we get to choose the plaintexts. We recover: the key K. Chosen-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K Eve plaintext We have: the ciphertext of several messages that have been encrypted with the same key K, such that we get to choose the plaintexts. We recover: the key K. Chosen-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K Eve plaintext We have: the ciphertext of several messages that have been encrypted with the same key K, such that we get to choose the plaintexts. We recover: the key K. Chosen-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K Eve plaintext K We have: the ciphertext of several messages that have been encrypted with the same key K, such that we get to choose the plaintexts. We recover: the key K. Attacks 8/51 Chosen-ciphertext attack plaintext encrypt ciphertext decrypt plaintext K K We have: the plaintext of several messages that have been encrypted with the same key K, such that we get to choose the ciphertexts. We recover: the key K. Chosen-ciphertext attack plaintext encrypt ciphertext decrypt plaintext K K Eve ciphertext We have: the plaintext of several messages that have been encrypted with the same key K, such that we get to choose the ciphertexts. We recover: the key K. Chosen-ciphertext attack plaintext encrypt ciphertext decrypt plaintext K K Eve ciphertext We have: the plaintext of several messages that have been encrypted with the same key K, such that we get to choose the ciphertexts. We recover: the key K. Chosen-ciphertext attack plaintext encrypt ciphertext decrypt plaintext K K Eve ciphertext K We have: the plaintext of several messages that have been encrypted with the same key K, such that we get to choose the ciphertexts. We recover: the key K. Attacks 9/51 Offline vs. Adaptive Attacks There are two variants of the chosen-plaintext attack: Offline chosen-plaintext attack: the attacker must choose all plaintexts in advance; Adaptive chosen-plaintext attack: the attacker can choose one plaintext at a time, and choose plaintexts based on previous choices. Similar for the chosen-ciphertex attack. Attacks 10/51 Rubber-hose cryptanalysis We have: access to a person who can be threatened, blackmailed, tortured,. We recover: Everything! Also purchase-key attack. Attacks 11/51 How to Recognize Plaintext In a brute-force attack we try every possible key until we find the right one. How do we know that we’ve found the right key? Attacks 12/51 How to Recognize Plaintext In a brute-force attack we try every possible key until we find the right one. How do we know that we’ve found the right key? Well, when we get something out which is plaintext. Attacks 12/51 How to Recognize Plaintext In a brute-force attack we try every possible key until we find the right one. How do we know that we’ve found the right key? Well, when we get something out which is plaintext. Well, how do we know that it is plaintext? Attacks 12/51 How to Recognize Plaintext In a brute-force attack we try every possible key until we find the right one. How do we know that we’ve found the right key? Well, when we get something out which is plaintext. Well, how do we know that it is plaintext? Because it looks like plaintext! Attacks 12/51 How to Recognize Plaintext In a brute-force attack we try every possible key until we find the right one. How do we know that we’ve found the right key? Well, when we get something out which is plaintext. Well, how do we know that it is plaintext? Because it looks like plaintext! Plaintext could be: English, Russian, Chinese (many different encoding); A Microsoft Word file; A gzip compressed file, .... Attacks 12/51 How to Recognize Plaintext In a brute-force attack we try every possible key until we find the right one. How do we know that we’ve found the right key? Well, when we get something out which is plaintext. Well, how do we know that it is plaintext? Because it looks like plaintext! Plaintext could be: English, Russian, Chinese (many different encoding); A Microsoft Word file; A gzip compressed file, .... Binary files usually have headers that are easy to recognize. Generally, when you decrypt with the wrong key, you get gibberish, when you have the right key the plaintext looks reasonable. Attacks 12/51 Unicity Distance: How Much Ciphertext do We Need? Definition (unicity distance) The unicity distance is the amount of the original ciphertext required such that there is only one reasonable plaintext, i.e. the expected amount of ciphertext needed such that there is exactly one key that produces a plaintext that makes sense. The unicity distance depends on the 1 characteristics of the plaintext 2 the key length of the encryption algorithm. Unicity distance of Standard English text: K/6.8, where K is the key length. (6.8 is a measure of the redundancy of ASCII English text). DES: 8.2 bytes. 128-bit ciphers: ≈ 19 bytes. Attacks 13/51 Unicity Distance: How Much Ciphertext do We Need?. RC4 encrypts data in bytes. Example 1: Plaintex: a single ASCII letter (0-25). Ciphertext: a single byte (0-255). Attacker tries to decrypt a ciphertext byte with a random key. He has a 26/256 chance of producing a valid plaintext. There’s no way for him to tell the correct plaintext from the wrong plaintext. Attacks 14/51 Unicity Distance: How Much Ciphertext do We Need?. RC4 encrypts data in bytes. Example 1: Plaintex: a single ASCII letter (0-25). Ciphertext: a single byte (0-255). Attacker tries to decrypt a ciphertext byte with a random key. He has a 26/256 chance of producing a valid plaintext. There’s no way for him to tell the correct plaintext from the wrong plaintext. Example 2: Plaintext: a 1K e-mail message. The attacker tries to decrypt with random keys. Eventually there’s a plaintext that looks like an e-mail. The odds are small that this is not the correct plaintext! Attacks 14/51 Unicity Distance: How Much Ciphertext do We Need?. RC4 encrypts data in bytes. Example 1: Plaintex: a single ASCII letter (0-25). Ciphertext: a single byte (0-255). Attacker tries to decrypt a ciphertext byte with a random key. He has a 26/256 chance of producing a valid plaintext. There’s no way for him to tell the correct plaintext from the wrong plaintext. Example 2: Plaintext: a 1K e-mail message. The attacker tries to decrypt with random keys. Eventually there’s a plaintext that looks like an e-mail. The odds are small that this is not the correct plaintext! The unicity distance determines when you can think like the second example instead of the first. Attacks 14/51 In-Class Exercise: Goodrich & Tamassia R-8.1-4 What type of attack is Eve employing here: 1 Eve tricks Alice into decrypting a bunch of ciphertexts that Alice encrypted last month. Attacks 15/51 In-Class Exercise: Goodrich & Tamassia R-8.1-4 What type of attack is Eve employing here: 1 Eve tricks Alice into decrypting a bunch of ciphertexts that Alice encrypted last month. 2 Eve picks Alice’s encrypted cell phone conversations. Attacks 15/51 In-Class Exercise: Goodrich & Tamassia R-8.1-4 What type of attack is Eve employing here: 1 Eve tricks Alice into decrypting a bunch of ciphertexts that Alice encrypted last month.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    101 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us