Download - CSCE 790G: Computer Network Security Chin-Tser Huang [email protected] University of South Carolina
8/28/2003 2
Cryptography
Can be characterized by type of encryption operations used
substitution / transposition / product number of keys used
single-key or shared / two-key or public way in which plaintext is processed
block / stream
8/28/2003 3
Security of Cryptography Unconditional security
no matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
Computational security given limited computing resources (eg. time
needed for calculations is greater than age of universe), the cipher cannot be broken
8/28/2003 4
Cryptographic Tools To Be Used
Shared keys Public and private keys Hashing functions and message
digest Nonces
8/28/2003 5
Symmetric Encryption
Sender and receiver share a common key
All classical encryption algorithms belong to this type
Was only type prior to invention of public-key in 1970’s
8/28/2003 6
Basic Terminology plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to
ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) – restoring plaintext from
ciphertext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext without knowing key
cryptology - the field of both cryptography and cryptanalysis
8/28/2003 7
Types of Cryptanalytic Attacks Ciphertext only
only know algorithm, ciphertext, and statistics can identify plaintext
Known plaintext know/suspect plaintext & ciphertext
Chosen plaintext select plaintext and obtain ciphertext
Chosen ciphertext select ciphertext and obtain plaintext
Chosen text select either plaintext or ciphertext to encrypt or
decrypt
8/28/2003 9
Requirements Two requirements for secure use of
symmetric encryption a strong encryption algorithm a secret key K known only to sender and
receiverY = EK(X)
X = DK(Y)
Assume encryption algorithm is known Imply a secure channel used to distribute
key
8/28/2003 10
Classical Substitution Ciphers
Letters of plaintext are replaced by other letters, by numbers, or by symbols
If plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
8/28/2003 11
Caesar Cipher Earliest known substitution cipher Invented by Julius Caesar First attested use in military affairs Replace each letter by letter three
places down the alphabet For example,
meet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWB
8/28/2003 12
Mechanism of Caesar Cipher
Can define transformation asa b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Or assign each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
In general, Caesar cipher can be specified asC = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
8/28/2003 13
Cryptanalysis of Caesar Cipher
Only 26 possible ciphers “A” maps to “A”, “B”, ... “Z”
Can easily break with brute-force cryptanalysis Given ciphertext, just try all 26 ciphers
Need to recognize the original plaintext eg. break ciphertext "GCUA VQ DTGCM"
8/28/2003 14
Monoalphabetic Cipher Rather than just shifting the alphabet Can shuffle the letters arbitrarily Each letter in plain alphabet maps to a
different random letter in cipher alphabet Hence key is 26 letters long For example,
Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNPlaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
8/28/2003 15
Monoalphabetic Cipher Security
Now have a total of 26! 4 x 1026
keys With so many keys, might think is
secure Still has problem: natural language
characteristics
8/28/2003 16
Language Characteristics and Cryptanalysis
Letters are not equally commonly used
In English, “E” is by far the most common letter, followed by “T”, “R”, “N”, “I”, “O”, “A”, “S”
Other letters “Z”, “J”, “K”, “Q”, “X” are rarely used
Have tables of single, double & triple letter frequencies
8/28/2003 18
Cryptanalysis of Caesar Cipher and Monoalphabetic Cipher Fact: monoalphabetic substitution ciphers do
not change relative letter frequencies Discovered by Arabian scientists in 9th century Calculate letter frequencies for ciphertext Compare counts/plots against known values For Caesar cipher, look for common peaks and
troughs peaks at: A-E-I triple, NO pair, RST triple troughs at: JK, X-Z
For monoalphabetic, must identify each letter tables of common double/triple letters help
8/28/2003 19
Example Cryptanalysis Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies Guess “P” and “Z” are “e” and “t” Guess “ZW” is “th” and hence “ZWP” is
“the” Proceeding with trial and error finally get:
it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the viet cong in moscow
8/28/2003 20
Playfair Cipher
Not even the large number of keys in a monoalphabetic cipher provides security
One approach to improving security was to encrypt multiple letters
Playfair cipher is an example
8/28/2003 21
Playfair Key Matrix A 5X5 matrix of letters based on a keyword Fill in letters of keyword (sans duplicates) Fill rest of matrix with other letters Eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
8/28/2003 22
Encrypting and Decrypting plaintext encrypted two letters at a time
1. if a pair is a repeated letter, insert a filler like “X” eg. “balloon” encrypts as “ba lx lo on”
2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end) eg. “ar” encrypts as “RM”
3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom) eg. “mu” encrypts to “CM”
4. otherwise each letter is replaced by the one in its row in the column of the other letter of the pair eg. “hs” encrypts to “BP”, and “ea” to “IM” or “JM” (as desired)
8/28/2003 23
Security of Playfair Cipher Security much improved over
monoalphabetic Have 26 x 26 = 676 digrams Would need a 676 entry frequency table to
analyze (verses 26 for a monoalphabetic) Also need correspondingly more
ciphertexts Can still be broken since still has much of
plaintext structure
8/28/2003 24
Polyalphabetic Ciphers Use multiple cipher alphabets to
improve security Make cryptanalysis harder with more
alphabets to guess and flatter frequency distribution
Use a key to select which alphabet is used for each letter of the message
Use each alphabet in turn Repeat from start after end of key is
reached
8/28/2003 25
Vigenère Cipher Simplest polyalphabetic substitution
cipher which effectively multiply Caesar ciphers
Key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use Use each key letter as a Caesar cipher key Eg. using keyword deceptive
key: deceptivedeceptivedeceptiveplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
8/28/2003 26
Security of Vigenère Ciphers Have multiple ciphertext letters for each
plaintext letter: obscure letter frequencies a bit Start with letter frequencies
see if look monoalphabetic or not if not, need to determine number of alphabets
Repetitions in ciphertext give clues to period Find same plaintext an exact period apart which
results in the same ciphertext (could also be random fluke)
Eg. repeated “VTW” in previous example suggests size of 3 or 9
8/28/2003 27
Autokey Cipher To eliminate periodic nature of keyword,
prefix keyword to message as key Knowing keyword can recover the first few
letters Use these in turn on the rest of the message Eg. given key deceptive
key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
Still have frequency characteristics to attack
8/28/2003 28
One-Time Pad If use a truly random key as long as
plaintext, cipher will be secure Unbreakable
ciphertext bears no statistical relationship to the plaintext
for any plaintext and any ciphertext there exists a key mapping one to other
Can only use the key once Problems
overhead of making large number pf random keys
safe distribution of key
8/28/2003 29
Transposition Ciphers
Hide message by rearranging order of letters
Without altering the actual letters used
Can recognize these since they have the same frequency distribution as the original text
8/28/2003 30
Rail Fence Cipher Write message letters out
diagonally over a number of rows Then read off cipher row by row For example, write message out as
m e m a t r h t g p r y e t e f e t e o a a t
and get ciphertext asMEMATRHTGPRYETEFETEOAAT
8/28/2003 31
Row Transposition Ciphers A more complex scheme Write letters of message out in rows
over a specified number of columns Then reorder the columns according
to some key before reading off the rowsKey: 3 4 2 1 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y zCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
8/28/2003 32
Product Ciphers Ciphers using substitutions or transpositions are
not secure because of language characteristics Hence consider using several ciphers in succession
to make it harder to break two substitutions make a more complex
substitution, but still a substitution two transpositions make a more complex
transposition, but still a transposition but a substitution followed by a transposition
makes a new much harder cipher Significance: bridge from classical to modern
ciphers
8/28/2003 33
Rotor Machines Before modern ciphers, rotor machines were
most common product cipher Were widely used in WW2
German Enigma, Allied Hagelin, Japanese Purple Implement a very complex, varying
substitution cipher Use a series of cylinders, each giving one
substitution, which rotate and change after each letter was encrypted
With 3 cylinders, have 263=17576 alphabets
8/28/2003 35
Steganography An alternative to encryption Hide existence of message
using only a subset of letters/words in a longer message marked in some way
using invisible ink hiding in LSB in graphic image or sound file
Has drawbacks high overhead to hide relatively few info bits