IN3210 – Network Security Cryptographic Foundations History of Cryptography 2 Confidential Communication Eve Dear Dear Bob Bob .... .... Alice Bob 3 Confidential Communication A B 4 Steganography ⚫ Examples: − Tattoo on head + growing hair back − Invisible ink − Micro dot ⚫ Security by obscurity ⚫ Typically not conforming with Kerckhoff’s principle ⚫ Modern steganography: − Printer steganography − Embedding into multimedia Image Source: Wikipedia Source: Image data 5 Cryptology ⚫ Cryptography − Practice and study of using mathematics to protect data/information − From Greek ▪ kryptos: "hidden, secret" and ▪ gráphō: "I write" ⚫ Cryptanalysis − Practice and study of finding weaknesses or insecurity in a cryptographic scheme, thus permitting its subversion or evasion − From Greek ▪ analýein: "to loosen" or "to untie" 6 Classical Cipher ⚫ Caesar Cipher (50 B.C.) X Y Z A B C D E 3 Key X Y Z A B C D E Hello Khoor Plaintext Chiffre- text Image Source: www.asterix.com Source: Image 7 Encryption Key = 3 Key = 3 KhoorHello Hello 8 Symmetric Encryption 6R4Y2 Eve hlbMZ CB... Dear Dear Bob Bob Encryption Decryption .... .... Alice Bob 9 Caesar Cipher Testing all possible values (e.g. of a key) is called ⚫ Which plaintext is encrypted here? Brute Force Attack − Ymjvznhpgwtbsktcozruxtajwymjqfeditl. ⚫ Try each possible key: 1. Xliuymgofvsarjsbnyqtwszivxlipedchsk. 2. Wkhtxlfneurzqiramxpsvryhuwkhodcbgrj. 3. Vjgswkemdtqyphqzlworuqxgtvjgncbafqi. 4. Uifrvjdlcspxogpykvnqtpwfsuifmbazeph. 5. Thequickbrownfoxjumpsoverthelazydog. 6. Sgdpthbjaqnvmenwitlornudqsgdkzyxcnf. 7. Rfcosgaizpmuldmvhsknqmtcprfcjyxwbme. 8. Qebnrfzhyoltkclugrjmplsboqebixwvald. 9. Pdamqeygxnksjbktfqilokranpdahwvuzkc. 10. … 10 Security of Crypto Systems ⚫ The previous attack assumes that the attacker knows: a) the Caesar cipher was used for encryption b) how the Caesar cipher work ⚫ What is the effect if the attacker does not have this information? ⚫ More general: is a crypto system more secure if the system and its internal function kept secret? 11 Kerckhoff‘s Principle ⚫ “A cryptosystem should be secure even if the attacker knows all details about the system (including the encryption and decryption algorithms), with the exception of the secret key.“ ⚫ Common mistake: keeping cryptographic algorithms secret increases the security (“security by obscurity”) ⚫ Example: GSM A5 algorithms Auguste Kerckhoffs − Details kept secret (1835 – 1903) Dutch crytographer − No cryptanalysis by the research community possible − Attackers found weaknesses Wikipedia Source: Image − Nearly all variants nowadays broken! 12 Caesar Cipher BON 18 TGF HUT 12 Finding the correct key 2 is hard, without RED knowledge of (at least part of) the plaintext. 13 One-Time Pad Encryption Attack at dawn! k1 k2 Retreat at 1100 B2 A0 C1 C2 E7 FB FE FA 89 AA AF 56 6A 67 k3 The cat is dead k4 14 Basic Types of Attacks (on the Encryption Key) ⚫ Ciphertext-only attack − The attacker has access to one or several ciphertexts ⚫ Known-plaintext attack − The attacker has access to one or several plaintext / ciphertext pairs ⚫ Chosen-plaintext attack − The attacker can retrieve ciphertexts for arbitrarily chosen plaintexts ⚫ (Adaptive) chosen-ciphertext attack − The attacker can retrieve plaintexts for arbitrarily chosen ciphertexts 15 Monoalphabetical Substitution ⚫ Improvement over Caesar cipher ⚫ Each letter is replaced by (exactly) one other letter ⚫ Example: Plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext: U F L P W D R A S J M C O N Q Y B V T E X H Z K G I ⚫ Number of possible keys? ⚫ 26! 1026 288 16 Monoalphabetical Substitution ⚫ Can easily be broken by analyzing the letter frequency in the cipher text ⚫ Large key space is a requisite but not sufficient for a secure encryption scheme ⚫ Next improvement: polyalphabetical substitution (e.g. Vignere, 1550) th 1.52% he 1.28% Bigram Frequency in 0.94% (english text) er 2,26% an 2,00% re 1,99% nd 1,88% Letter Frequency at 1,79% (english text) 17 Enigma ⚫ Invented 1918 by Arthur Scherbius ⚫ Electro-mechanical rotor cipher machines ⚫ Used by the German forces during WWII ⚫ Implements a polyalphabetical substitution cipher 18 Image Source: Wikipedia Source:Image Enigma ⚫ When pressing a button on the keyboard: − (at least) on rotor is turning on position − an electrical circuit is closed and one bulb lights up Wikipedia 19 Image Source : : Source Image Enigma ⚫ Encryption was broken by Polish and British codebreakers in Bletchley Park ⚫ Most famous member: − Alan Turing Wikipedia , http://www.cryptomuseum.com/ 20 Source: Image Enigma ⚫ Simulator: − http://users.telenet.be/d.rijmenants/en/enigmasim.htm 21 History of Cryptography ⚫ Simon Singh ⚫ The Code Book: The Secret History of Codes and Code- breaking 22 Crypto Primitives and their Usage Confidentiality Integrity Authenticity Non-repudiation Encryption Hash Functions Digital Signature (Cipher) 23 (Symmetric) Encryption 24 Encryption ⚫ Encryption − Process of converting ordinary information the so-called plaintext into unintelligible gibberish the so-called ciphertext ⚫ Decryption − Reverse process converting ciphertext back to plaintext ⚫ Cipher (or cypher) − Pair of algorithms which create the encryption and the reversing decryption − The detailed operation of a cipher is controlled both by the algorithm and in each instance by a key 25 Symmetric Encryption ⚫ The same key (secret key) is used for encryption and decryption 6R4Y2 Eve hlbMZ CB... Dear Dear Bob Bob Encryption Decryption .... .... Alice Bob Key Generator Symmectric Key 26 Formalization of (symmetric) Encryption ⚫ Space of plain texts: P ⚫ Space of cipher texts: C ⚫ Space of keys: K ⚫ Encryption: E: P x K → C, E(x, k) = Ek(x) ⚫ Decryption: D: C x K → P, D(y, k) = Dk(y) ⚫ D is the invers function of E, i.e. for all x ∈ P and k ∈ K: Dk(Ek(x)) = x 27 Formalization of Caesar Cipher ⚫ Numerical encoding of letters: A → 0, B → 1, …, Z → 25 ⚫ Space of plain texts: P = ℤ26 = {0, 1, …, 25} ⚫ Space of cipher texts: C = ℤ26 ⚫ Space of keys: K = ℤ26 ⚫ Encryption: Ek(x) = x + k mod 26 ⚫ Decryption: Dk(x) = x + (– k) mod 26 ⚫ Size of key space? → |K| = 26 28 Stream Cipher Key stream ks Cipher stream c Plain text m Encryption Key stream ks Cipher stream c Plain text m‘ = m Decryption 29 Stream Ciphers ⚫ A stream cipher is a symmetric key cipher where plaintext bits (mi) are combined with a pseudorandom cipher bit stream (key stream ks) ⚫ The pseudorandom key stream is generated by a pseudorandom number generator from a (shared) key Key k PRNG Key stream ks Cipher stream c Plain text m 30 One time pad ⚫ Key stream is completely random and only used once ⚫ Problem: key exchange (key has same size than plain/cipher text) ⚫ Provable perfectly secure (can only broken if key is known) ⚫ Cipher text can mean anything 31 Examples for Stream Ciphers ⚫ A5/1 and A5/2 (1989; used in GSM) → broken ⚫ RC4 (1987) → broken ⚫ Salsa20 (2005) ⚫ ChaCha20 (2008) 32 Block Cipher ⚫ A block cipher (Enc) is a symmetric key cipher and takes as input an n-bit block of plaintext and a key (k), and outputs a n-bit block of ciphertext THIS IS A SIMPLE PLAINTEXT MESSAGE. n bit k Enc k Encryption k Encryption k Encryption n bit X&jÜ(mA’8Dwßµ<3 Ji8(clÄ+#/2Haq%7Ö1k5a$jA~Kq1§ü 33 Examples for Block Ciphers ⚫ DES (Data Encryption Standard) ⚫ AES (Advanced Encryption Standard) ⚫ Blowfish ⚫ Twofish ⚫ RC6 ⚫ MARS ⚫ Serpent AES Image Source: Wikipedia Source: Image 35 AES and DES ⚫ DES (NIST 1977) − 64 bit blocks und 56 bit keys − Standard encryption in 1980s and 1990s ⚫ Advanced Encryption Standard (AES) − AES (Rijndael) developed by Belgian cryptographers − Standardized by NIST in 2000 as DES successor − 128 bit blocks and 128, 192, 256 bit keys Brute force attack on AES and DES ⚫ Brute force attack on 56 key: − 1998: EFF DES Cracker (ASICs), 4.5 days, 250.000$ − 2006: COPACOBANA (FPGA), 6.4 days, 10.000$ Key length Duration − 2012: Pico Computing (FPGA), 0.5 days 56 bit 1 s ⚫ Brute force attack on 128 or 256 bit key? 64 bit 4 m (Assumption: breaking 56 bit in 1 80 bit 194 d second) 112 bit 109 a 128 bit 1014 a 192 bit 1033 a 256 bit 1052 a Padding ⚫ What happens if you want to encrypt 100 bit with a 128 bit block cipher? ⚫ You must fill the plaintext up to the block length of the cipher ⚫ Approaches − Decryption process knows the data length ▪ Example: from a header entry ▪ Block can be filled with random bits/byte − Decryption process does not know the data length ▪ Padding bits/bytes must be marked Padding – One and Zeros ⚫ Attach one binary 1 followed by none, one or multiple binary 0 11010010 101110 11010010 10111010 11010010 1011100 11010010 10111001 11010010 10111001 11010010 10111001 10000000 00000000 Padding PKCS#5 ⚫ Padding of whole bytes ⚫ Let L be the block size (in bytes) ⚫ When N bytes are missing to a full block (1 N L): add N bytes each with the value N ⚫ Examples (L = 8, XX = existing message, all numbers in hex) − XX XX XX XX XX XX XX XX | XX XX XX XX XX XX XX 01 − XX XX XX XX XX XX XX XX | XX XX XX XX XX 03 03 03 − XX XX XX XX XX XX XX XX | XX 07 07 07 07 07 07 07 − XX XX XX XX XX XX XX XX | 08 08 08 08 08 08 08 08 ⚫ Invalid padding example: − XX XX XX XX XX XX XX XX | XX XX XX XX XX XX 08 02 40 Modes of Operation ⚫ Block ciphers operate on a fixed length input − DES, 3DES, IDEA: 64 bit − AES: 128, 192, 256 bit ⚫ Processing of larger input − Cut input into blocks of the required block size and process them one after the other ⚫ This naïve approach is also known as the Electronic Codebook (ECB) mode of operation Block Cipher: Electronic Code Book THIS IS A SIMPLE PLAINTEXT MESSAGE. Encryption Encryption Encryption X&jÜ(mA’8Dwßµ<3Ji8(clÄ+#/2Haq% 7Ö1k5a$jA~Kq1§ü 42 Block Cipher: Electronic Code Book THIS IS A SIMPLE PLAINTEXT MESSAGE.