elementary cryptography chapter 2 computer security systems lecturer : h.ben othmen department of...

Elementary Cryptography

Chapter 2

Computer Security Systems Lecturer :H.Ben Othmen

Department of Computer Science, Umm Al-Qura University University year: 1435/1436

Concepts of encryption Cryptanalysis: how encryption systems are

"broken" Symmetric (secret key) encryption and the DES

and AES algorithmsAsymmetric (public key) encryption and the RSA

algorithmKey exchange protocols and certificatesDigital signaturesCryptographic hash functions

Computer Security Systems

2

Outline

1435/1436


3

Introduction

1435/1436

Study of algorithms and protocols used to preserve confidentiality of information and ensuring its integrity.It forms the basis of most

security measures: Secure Internet exchanges, confidentiality of banking, protection of trade secrets, protection of medical

confidentiality, protection of computer systems

against intrusion, Through the electronic signature:

identification of correspondents, Guarantee of integrity of documents.

Encryption is the process of encoding a messageDecryption is the reverse process, transforming an encrypted message back into its normalEncode the original message to hide its meaning

Decode it to reveal the original message The original form of a message is known as plaintextThe encrypted form is called ciphertext

Terminology


4 1435/1436

encode = encrypt= encipher

decode=decrypt = decipher

P: plaintext message / P = <p1, p2, …, pn> (as a sequence of individual characters)

C: ciphertext message / C = <c1, c2, …, cm> For example

the plaintext message "I want cookies" can be denoted as the message string <I, ,w,a,n,t, , c,o,o,k,i,e,s>.

It can be transformed into ciphertext <c1, c2, …, c14>, the encryption algorithm tells us how the transformation is

done.

Terminology


5 1435/1436

Figure 2.1. Encryption

using the following formal notation to describe the transformations between plaintext and ciphertext.

For example, we write C = E(P) and P = D(C), where:C represents the ciphertext,E is the encryption rule, P is the plaintext, D is the decryption rule.

What we seek is a cryptosystem for which P = D(E(P)). In other words, we want to be able to convert the message to protect it from an intruder, but we also want to be able to get the original message

Terminology


6 1435/1436

The cryptosystem involves a set of rules for how to encrypt the plaintext and how to decrypt the ciphertext

Algorithms: The encryption and decryption rules K (key) is a device used by the algorithm The resulting ciphertext depends on the original

plaintext message, the algorithm, and the key value.dependence : C = E(K, P).

E is a set of encryption algorithmskey K selects one specific algorithm from the set

Encryption Algorithms


7 1435/1436

Symmetric encryptionThe encryption and decryption keys are the sameP = D(K, E(K,P)) D and E are mirror-image processes

Asymmetric encryptionThe encryption and decryption keys come in pairsA decryption key, KD, inverts the encryption of key KE P = D(KD, E(KE,P))

Encryption Algorithms


8 1435/1436

An encryption scheme that does not require the use of a key is called a keyless cipher.

Encryption with Keys


9 1435/1436

Fig2.2. Encryption with Keys

A key gives us flexibility in using an encryption scheme

We can create different encryptions of one plaintext message just by changing the key

Cryptography: means hidden writing, and it refers to the practice of using encryption to conceal text

Cryptology


10 1435/1436

Encryption has been used for centuries to protect diplomatic and military communications, sometimes without full success

a cryptographer and a cryptanalyst attempt to translate coded material back to its original form.

a cryptographer works on behalf of a legitimate sender or receiver

a cryptanalyst works on behalf of an unauthorized interceptor (A cryptanalyst is an expert in cryptanalysis)

cryptology is the research into and study of encryption and decryption; it includes both cryptography and cryptanalysis.

Cryptology


11 1435/1436

Cryptology = cryptography+ cryptanalysis

break a single messagerecognize patterns in encrypted messages, to be able to

break subsequent ones by applying a straightforward decryption algorithm

infer some meaning without even breaking the encryption (communication was short or long)

deduce the key, to break subsequent messages easilyfind weaknesses in the implementation or environment

of use of encryptionfind general weaknesses in an encryption algorithm,

without necessarily having intercepted any messages

Cryptanalysis


12 1435/1436

The Caesar Cipher:Rules => Ci = E(pi)= pi + k mod 26

Pi = D(ci) = ci– k mod 26Examples:

1) k=3 (Rot 3)P= TREATY IMPOSSIBLEC= w u h d w b l p s r v v l e o h2) ROT13: Why did the chicken cross the road? Gb trg gb gur bgure fvqr!

Substitution : Shift (Caesar) Cipher


13 1435/1436

Letter: A B …… Y ZCode : 0 1 …… 24 25Can we do arithmetic on

letters?Example: A+2=C, N+1=O Y-1=X, etc.Rot 3: “rotate by 3 places”

Outer: plaintextInner: ciphertext

The Caesar cipher


14 1435/1436

K=3

The Caesar cipher


15 1435/1436

Rule1) pick a keyword2) spell it without duplicates3) then, fill in the rest of the alphabet in order

Example: keyword VACATIONP: A B C D E F G H I J K L M N O P Q R S T U V W X Y ZC: V A C T I O N B D E F G H J K L M P Q R S U W X Y ZQ: Encrypt “I should be sailing” as: DQBK SGTAIQVD GDJN

Substitutions :Keyword Mixed Alphabet


16 1435/1436

a type of one-time pad devised by Gilbert Vernam The basic encryption involves an arbitrarily long non

repeating sequence of numbers that are combined with the plaintext.

Substitutions : Vernam Cipher


17 1435/1436

The encryption is done by adding the key to the message modulo 2, bit by bit.

This process is often called exclusive or (XOR).



18 1435/1436

Example: Key : XMCKL Message: HELLO



19 1435/1436

H E L L O message (plaintext)

+7(H) 4(E) 11(L) 11(L) 14(O) message

23(X) 12(M) 2(C) 10(K) 11(L) Key

30 16 13 21 25 Message+key

4(E) 16(Q) 13(N) 21(V) 25(Z) Message+key (mod 26)

E Q N V Z Ciphertext

Substitution : Vigenere Cipher


20 1435/1436

Vigenere cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword.

The Vigenere square or Vigenere table

Example: The person sending the message chooses a keyword and repeats it until it matches the length of the plaintext.

P= ATTACKATDAWNkeyword :LEMON

Substitution : Vigenere Cipher


21 1435/1436

Plaintext: ATTACKATDAWNKey: LEMONLEMONLECiphertext: LXFOPVEFRNHR

Method

A:the first letter of the plaintext,

L: the first letter of the keyA is paired with Luse row L and column A of the

Vigenere squareX? : the first letter of the

CiphertextX= row L ∩ column A

Transpositions (Permutations)


22 1435/1436

A transposition is an encryption in which the letters of the message are rearranged

With transposition, the cryptography aims for diffusion, widely spreading the information from the message or the key across the ciphertext

A transposition is also known as a permutation.

Columnar Transpositions


23 1435/1436

Figure 2.4. Columnar Transposition

The following set of characters is a five-column transposition

The plaintext characters arewritten in rows of five and arranged one row after another

c1 c2 c3 c4 c5c6 c7 c8 c9 c10c11 c12 etc

Plaintext : THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS

Columnar Transpositions- Example


24 1435/1436

T H I S I

S A M E S

S A G E T

O S H O W

H O W A C

O L U M N

A R T R A

N S P O S

I T I O N

W O R K S

Ciphertext:tssoh oaniw haaso lrsto imghwutpir seeoa mrook istwc nasns

Note : if the message length is not a multiple of the length of a row, the last columns will be one or more letters short. When this happens, we sometimes use an infrequent letter, such as X, to fill in any short

Two basic kinds of encryptions are: Symmetric

Secret keySymmetric algorithms use one key, which works for both

encryption and decryption Authenticity is ensuredn users who want to communicate in pairs need n * (n - 1)/2 keys.key distribution Asymmetric

Two keys: -public key -private key

Symmetric and Asymmetric Encryption Systems


25 1435/1436

DES: Data Encryption Standarda system developed for the U.S. government DES algorithm: key is 64 bits Uses basic techniques of encryption

confusion (substitutions)diffusion (permutations)

Same process 16 times/blockUses standard arithmetic and logical operators

DES


26 1435/1436

DES algorithm


27 1435/1436

The DES algorithm

Fractioning of the text into 64-bit (8 octet) blocks

Initial permutation of blocks

Breakdown of the blocks into two parts: left and right, named L

and R

Permutation and substitution steps repeated 16 times (called

rounds)

Re-joining of the left and right parts then inverse initial

permutation. The function expects a 64-bit key as input. However, only 56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set arbitrarily.


28 1435/1436Fig 2..General Depiction of DES Encryption Algorithm

Left-hand side:

The processing of the plaintext proceeds in three phases

First, the plaintext (64-bit) passes through an initial

permutation (IP) that rearranges the bits to produce the

permuted input

This is followed by a phase consisting of 16 rounds of the

same function (permutation and substitution functions)

The output of the last (sixteenth) round consists of 64 bits

that are a function of the input plaintext and the key.

DES


29 1435/1436

The left and right halves of the output are swapped to

produce the preoutput

Finally, the preoutput is passed through a permutation (IP-1)

that is the inverse of the initial permutation function, to

produce the 64-bit ciphertext

The right-hand:

The key is passed through a permutation function for each of

the 16 rounds, a subkey (Ki) is produced by the combination of

a left circular shift and a permutation

DES


30 1435/1436

The key is ciphered on 64 bits and made of 16 blocks of 4 bits,

generally denoted k1 to k16 . Given that "only" 56 bits are actually

used for encrypting, there can be 2^56 (or 7.2*10^16 ) different

keys

The permutation function is the same for each round, but a

different subkey is produced

DES


31 1435/1436

The First phase: Initial Permutation

DES: Initial Permutation


32 1435/1436

Description :put bit 58 into the 1st position,put 50 into the 2nd position,………….

After round 16: Inverse Initial Permutation (IP-1)

At the end of the iterations, the two blocks L16 and R16 are re-joined, then subject to inverse initial permutation


33 1435/1436

Figure 2.. Single Round of DES Algorithm

DES-Expansion Permutation (E)


34 1435/1436

DES-Calculation of F(R, K)


35 1435/1436

DES: S Boxes


36 1435/1436

Each box defines a substitution– 6-bit input– 4-bit output

Example: S box 1bit 1 and 6 define the row.bit 2-5 define col.

Example: 010011 bit 1,6 = 01 → row 1 bit 2,3,4,5 = 1001 → col 9

output = 6, i.e. 0110

DES: S Boxes


37 1435/1436

Permutation function (P)


38 1435/1436

16 7 20 21 29 12 28 17

1 15 23 26 5 18 31 10

2 8 24 14 32 27 3 9

19 13 30 6 22 11 4 25

DES: Keys


39 1435/1436

28 28PC1: just a simple permutation(output = 56 bit) selected by Pc1

key split in half each half 28 bits

Both halves are shifted lift either 1 or 2 bits (depending on round)

result of shift fed to PC2 bits are permuted and 48 of

the 56 bits chosen for Subkey 1

Triple DES Operation For each block:

encrypt with key 1 decrypt with key 2 encrypt with key 1

i.e. C= E(K3, D(K2, E(K1, P)))• C: ciphertext•P: plaintext•E[K, X] encryption of X using key K•D[K, Y] decryption of Y using key K

The Triple Data Encryption Standard (Triple DES)


40 1435/1436

The Triple Data Encryption Standard (Triple DES)


41 1435/1436

Key Length (3DES) = 3*56 = 168


42 1435/1436

Security in Computing, Fourth Edition By Charles P. Pfleeger - Pfleeger Consulting Group, Shari Law rence Pfleegercryptography-and-network-security-principles-and-practices-4th-ed-william-stallings

Bibliography


43 1435/1436

elementary cryptography chapter 2 computer security systems lecturer : h.ben othmen department of...

Documents

encryption systems

encryption rule

encryption scheme

encryption of key ke

plaintext message p

keyscomputer security

ciphertext message c

original plaintext message