cs 5950/6030 network security class 6 (w, 9/ 14 /05)

CS 5950/6030 Network SecurityClass 6 (W, 9/14/05)

Leszek LilienDepartment of Computer Science

Western Michigan University

[Using some slides prepared by:Prof. Aaron Striegel, U. of Notre Dame

Prof. Barbara Endicott-Popovsky, U. Washington, Prof. Deborah Frincke, U. Idahoand Prof. Jussipekka Leiwo, Vrije Universiteit, Amsterdam, The Netherlands]

2

Section 2 – Class 6Class 5: 2A.2-cont. - Basic Terminology and

Notation Cryptanalysis Breakable Encryption2A.4. Representing Characters

2B. Basic Types of Ciphers2B.1. Substitution Ciphers

a. The Ceasar Cipherb. Other Substitution Ciphers —

PART 1Class 6:

b. Other Substitution Ciphers — PART 2

c. One-Time Pads2B.2. Transposition Ciphers2B.3. Product Ciphers

2C. Making „Good” Ciphers

2C.1. Criteria for „Good” Ciphers

3

2A.2.-CONT- Basic Terminology and Notation (2A.2 addendum)

Cryptanalysis Breakable Encryption

4

2A.4. Representing Characters

Letters (uppercase only) represented by numbers 0-25 (modulo 26).

A B C D ... X Y Z

0 1 2 3 ... 23 24 25

Operations on letters:A + 2 = C

X + 4 = B (circular!)...

5

2B. Basic Types of Ciphers

Substitution ciphers—PART 1 Substitution ciphers—PART 2

Transposition (permutation) ciphers

Product ciphers

6

2B.1. Substitution Ciphers

Substitution ciphers: Letters of P replaced with other letters by

E

Outline:

a. The Caesar Cipher



c. One-time Pads

7

a. The Caesar Cipher (1)

ci=E(pi)=pi+3 mod 26 (26 letters in the English

alphabet)

Change each letter to the third letter following it (circularly)

A D, B E, ... X A, Y B, Z C

Can represent as a permutation : (i) = i+3 mod 26

(0)=3, (1)=4, ..., (23)=26 mod 26=0, (24)=1, (25)=2

Key = 3, or key = ‘D’ (bec. D represents 3)

8

Attacking a Substitution Cipher

Exhaustive search If the key space is small enough, try all possible

keys until you find the right one Cæsar cipher has 26 possible keys

from A to Z OR: from 0 to 25

Statistical analysis (attack) Compare to so called 1-gram (unigram) model

of English It shows frequency of (single) characters in

English

[cf. Barbara Endicott-Popovsky, U. Washington]

9

Cæsar’s Problem

Conclusion: Key is too short 1-char key – monoalphabetic substitution

Can be found by exhaustive search Statistical frequencies not concealed well by

short key They look too much like ‘regular’ English

letters

Solution: Make the key longer n-char key (n 2) – polyalphabetic substitution

Makes exhaustive search much more difficult Statistical frequencies concealed much better

Makes cryptanalysis harder[cf. Barbara Endicott-Popovsky, U. Washington]

10

b. Other Substitution Ciphers

n-char key

Polyalphabetic substitution ciphers

Vigenère Tableaux cipher — PART 1

Vigenère Tableaux cipher — PART 2

11

Vigenère Tableaux (1)

P

[cf. J. Leiwo, VU, NL]

Note: Row A – shift 0 (a->a)

Row B – shift 1 (a->b)

Row C – shift 2 (a->c)

...Row Z – shift 25 (a-

>z)

12

Class 5 Ended Here

13

Vigenère Tableaux (2) Example

Key:EXODUS

Plaintext P:YELLOW SUBMARINE FROM YELLOW RIVER

Extended keyword (re-applied to mimic words in P):YELLOW SUBMARINE FROM YELLOW RIVEREXODUS EXODUSEXO DUSE XODUSE XODUS

Ciphertext:cbxoio wlppujmks ilgq vsofhb owyyj

Question: How derived from the keyword and Vigenère tableaux?


14

Vigenère Tableaux (3) Example

...Extended keyword (re-applied to mimic words in P):YELLOW SUBMARINE FROM YELLOW RIVEREXODUS EXODUSEXO DUSE XODUSE XODUS

Ciphertext:cbzoio wlppujmks ilgq vsofhb owyyj

Answer:c from P indexes rowc from extended key indexes column

e.g.: row Y and column e ‘c’row E and column x ‘b’row L and column o ‘z’...


15

c. One-Time Pads (1) OPT - variant of using Vigenère Tableaux

Fixes problem with VT: key used might be too short Above: ‘EXODUS’ – 6 chars

Sometimes considered a perfect cipher Used extensively during Cold War

One-Time Pad: Large, nonrepeating set of long keys on pad

sheets/pages Sender and receiver have identical pads

Example: 300-char msg to send, 20-char key per sheet

=> use & tear off 300/20 = 15 pages from the pad

16

One-Time Pads (2) Example – cont.:

Encryption: Sender writes letters of consecutive 20-char

keys above the letters of P (from the pad 15 pages)

Sender encipher P using Vigenère Tableaux (or other prearranged chart)

Sender destroys used keys/sheets

Decryption: Receiver uses Vigenère Tableaux Receiver uses the same set of consecutive 20-

char keys from the same 15 consecutive pages of the pad

Receiver destroys used keys/sheets

17

One-Time Pads (3) Note:

Effect: a key as long as the message If only key length ≤ the number of chars in the pad

The key is always changing (and destroyed after use) Weaknesses

Perfect synchronization required between S and R Intercepted or dropped messages can destroy

synchro Need lots of keys Needs to distribute pads securely

No problem to generate keys Problem: printing, distribution, storing, accounting

Frequency distribution not flat enough Non-flat distribution facilitates breaking

18

Types of One-Time Pads

Vernam Cipher = (lttr + random nr) mod 26 (p.48) Need (pseudo) random nr generator E.g., V = 21; (V +76) mod 26 = 97 mod 26 = 19; 19

= t

Book Ciphers (p.49) Book used as a pad

need not destroy – just don’t reuse keys Use common Vigenère Tableaux Details: textbook

Incl. example of breaking a book cipher Bec. distribution not flat

19

Question:Does anybody know other ciphers using books?

Or invent your own cipher using books?

20

Question:...other ciphers using books?

My examples: Use any agreed upon book

P: SECRET

Example 2: Use: (page_nr, line_nr, word_nr)

C: 52 2 4

Computer can help find words in a big electronic book quickly!

Example 1: Use: (page_nr, line_nr, letter_in_line)

C: 52 2 1 52 1 1 52 1 16 ...

Better: use different pages for each char in P

52 ever, making predictions in ten letter

seven of those secret positi

gorithm

Page 52 from a book:

21

2B.2. Transposition Ciphers (1)

Rearrange letters in plaintext to produce ciphertext

Example 1a and 1b: Columnar transposition Plaintext: HELLO WORLD Transposition onto: (a) 3 columns:

HELLOWORLDXX XX - padding

Ciphertext (read column-by column):(a) hlodeorxlwlx (b)

hloolelwrd

What is the key? Number of columns: (a) key = 3 and (b) key =

2

(b) onto 2 columns:

HELLOWORLD

22

Transposition Ciphers (2)

Example 2: Rail-Fence Cipher Plaintext: HELLO WORLD Transposition into 2 rows (rails) column-by-

column:HLOOL

ELWRD Ciphertext: hloolelwrd (Does it look

familiar?)

What is the key? Number of rails key = 2


23

Attacking Transposition Ciphers

Anagramming n-gram – n-char strings in English

Digrams (2-grams) for English alphabet are are: aa, ab, ac, ...az, ba, bb, bc, ..., zz (262 rows in digram table)

Trigrams are: aaa, aab, ... (263 rows)

4-grams (quadgrams?) are: aaaa, aaab, ... (264 rows)

Attack procedure: If 1-gram frequencies in C match their freq’s in

English but other n-gram freq’s in C do not match their freq’s in English, then it is probably a transposition encryption

Find n-grams with the highest frequencies in C Start with n=2

Rearrange substrings in C to form n-grams with highest freq’s


24

Example: Step 1Ciphertext C: hloolelwrd (from Rail-Fence

cipher) N-gram frequency check

1-gram frequencies in C do match their frequencies in English 2-gram (hl, lo, oo, ...) frequencies in C do not match

their frequencies in English Question: How frequency of „hl” in C is calculated?

3-gram (hlo, loo, ool, ...) frequencies in C do not match their frequencies in English

... => it is probably a transposition

Frequencies in English for all 2-grams from C starting with h he 0.0305 ho 0.0043 hl, hw, hr, hd < 0.0010

Implies that in hloolelwrd e follows h


as table of freq’s of English digrams shows

25

Example: Step 2

Arrange so the h and e are adjacentSince 2-gram suggests a solution, cut C into 2

substrings – the 2nd substring starting with e: hlool elwrd

Put them in 2 columns:helloworld

Read row by row, to get original P: HELLO WORLD


26

2B.3. Product Ciphers A.k.a. combination ciphers

Built of multiple blocks, each is: Substitution

or: Transposition

Example: two-block product cipher E2(E1(P, KE1), KE2)

Product cipher might not be stronger than its individual components used separately! Might not be even as strong as individual

components

27

Survey of Students’ Backgroundand Experience (1)

Background SurveyCS 5950/6030 Network Security - Fall 2005

Please print all your answers.First name: __________________________ Last name: _____________________________Email _____________________________________________________________________Undergrad./Year ________ OR: Grad./Year or Status (e.g., Ph.D. student) ________________Major _____________________________________________________________________

PART 1. Background and Experience1-1) Please rate your knowledge in the following areas (0 = None, 5 = Excellent).

UNIX/Linux/Solaris/etc. Experience (use, administration, etc.)0 1 2 3 4 5Network Protocols (TCP, UDP, IP, etc.)0 1 2 3 4 5Cryptography (basic ciphers, DES, RSA, PGP, etc.)0 1 2 3 4 5Computer Security (access control, security fundamentals, etc.)0 1 2 3 4 5

Any new studentswho did not fill out the survey?

28

2C. Making „Good” Ciphers

Cipher = encryption algorithm

Outline

2C.1. Criteria for „Good” Ciphers

2C.2. Stream and Block Ciphers

2C.3. Cryptanalysis

2C.4. Symmetric and Asymmetric Cryptosystems

29

2C.1. Criteria for „Good” Ciphers (1)

„Good” depends on intended application Substitution

C hides chars of P If > 1 key, C dissipates high frequency chars

Transposition C scrambles text => hides n-grams for n > 1

Product ciphers Can do all of the above

What is more important for your app?What facilities available to sender/receiver?

E.g., no supercomputer support on the battlefield

30

Criteria for „Good” Ciphers (2) Claude Shannon’s criteria (1949):

1. Needed degree of secrecy should determine amount of labor

How long does the data need to stay secret?(cf. Principle of Adequate Protection)

2. Set of keys and enciphering algorithm should be free from complexity

Can choose any keys or any plaintext for given E E not too complex (cf. Principle of

Effectiveness)

3. Implementation should be as simple as possible Complexity => errors (cf. Principle of

Effectiveness) [cf. A. Striegel]

31

Criteria for „Good” Ciphers (3) Shannon’s criteria (1949) – cont.

4. Propagation of errors should be limited Errors happen => their effects should be limited

One error should not invlidate the whole C(None of the 4 Principles — Missing? — Invent a new Principle?)

5. Size / storage of C should be restricted Size (C) should not be > size (P) More text is more data for cryptanalysts to work

with Need more space for storage, more time to send

(cf. Principle of Effectiveness)

Proposed at the dawn of computer era – still valid! [cf. A. Striegel]

32

Criteria for „Good” Ciphers (4)

Characteristics of good encryption schemes Confusion:

interceptor cannot predict what will happen to C when she changes one char in P

E with good confusion:hides well relationship between

P”+”K, and C

Diffusion:changes in P spread out over many parts of C

Good diffusion => attacker needs access to much of C to infer E

33

Criteria for „Good” Ciphers (5) Commercial Principles of Sound Encryption

Systems1. Sound mathematics

Proven vs. not broken so far

2. Verified by expert analysis Including outside experts

3. Stood the test of time Long-term success is not a guarantee

Still. Flows in many E’s discovered soon after their release

Examples of popular commercial E’s: DES / RSA / AES [cf. A. Striegel]

DES = Data Encryption StandardRSA = Rivest-Shamir-AdelmanAES = Advanced Encryption Standard (rel. new)

Continued - Class 7

cs 5950/6030 network security class 6 (w, 9/ 14 /05)

Documents

substitution ciphersa

yellow submarine

letters of p

key longernchar key

key space

characters letters

yellow riverextended

arow b shift