Week 5

1
158212

• Week 5
• Strings and Encryption

2
ASCAsc, AscW Functions  Returns an Integer
value representing the character code
corresponding to a character.

• Dim CodeInt As Integer
• 'sets CodeInt to 65.
• CodeInt Asc("A")
• 'sets CodeInt to 97.
• CodeInt Asc("a")
• 'sets CodeInt to 65.
• CodeInt Asc("Apple")

3

• Asc returns the code point, or character code,
  for the input character. This can be 0 through
  255 for single-byte character set (SBCS) values
  and -32768 through 32767 for double-byte
  character set (DBCS) values

4
(No Transcript)
5
Chr

• Returns the character associated with the
  specified character code.
• Dim associatedChar As Char
• ' Returns "A".
• associatedChar Chr(65)
• ' Returns "a".
• associatedChar Chr(97)
• ' Returns "gt".
• associatedChar Chr(62)
• ' Returns "".
• associatedChar Chr(37)

6
Filter Function

• Returns a zero-based array containing a subset of
  a String array based on specified filter
  criteria.

7

• Function Filter( ByVal Source() As Object
  String ,
• ByVal Match As String,
• Optional ByVal Include As Boolean True,
• Optional ByVal Compare
• As CompareMethod CompareMethod.Binary ) As
  String()
• Parameters
• Source
• Required. One-dimensional array of strings to be
  searched.
• Match
• Required. String to search for.
• Include
• Optional. Boolean value indicating whether to
  return substrings that include or exclude Match.
• If Include is True, the Filter function returns
  the subset of the array that contains Match as a
  substring.
• If Include is False, the Filter function returns
  the subset of the array that does not contain
  Match as a substring.
• Compare
• Optional. Numeric value indicating the kind of
  string comparison to use.

8
The Compare argument

• can have the following values.
• CompareMethod.Binary
• Performs a binary comparison
• CompareMethod.Text
• Performs a textual comparison

9
When to Use Binary

• You might need to compare string elements based
  on their true binary value, particularly if the
  strings can contain characters that are not to be
  interpreted as text.
• In such a case you do not want to bias
  comparisons with alphabetic equivalences such as
  case insensitivity. To specify a pure binary
  comparison, set Option Compare to Binary.

10
Aside - What is binary?

• Decimal
• The binary system represents numeric values using
  two symbols, Zero and One.
• Owing to its relatively straightforward
  implementation in electronics, the binary system
  is used internally by virtually all modern
  computers.
• Hexadecimal

11
But..

• If no matches of Match are found within Source,
  the Filter function returns an empty array.
• An error occurs if Source is set to Nothing or is
  not a one-dimensional array.
• The array returned by the Filter function
  contains only enough elements to contain the
  number of matched items.

12
This Is It - Find all occurences of is
Dim TestStrings(2) As String TestStrings(0)
"This" TestStrings(1) "Is" TestStrings(2)
"It Dim subStrings() As String ' Returns
"This", "Is". subStrings Filter(TestStrings,
"is", True, CompareMethod.Text) ' Returns
"This". subStrings Filter(TestStrings, "is",
True, CompareMethod.Binary) ' Returns "Is",
"It". subStrings Filter(TestStrings, "is",
False, CompareMethod.Binary)
13
Format

• Returns a string formatted according to
  instructions contained in a format String
  expression.
• Dim TestDateTime As Date 1/27/2001 50423 PM
• Dim TestStr As String
• ' Returns current system time in the
  system-defined long time format.
• TestStr Format(Now(), "Long Time")
• ' Returns current system date in the
  system-defined long date format.
• TestStr Format(Now(), "Long Date")
• ' Also returns current system date in the
  system-defined long date
• ' format, using the single letter code for the
  format.
• TestStr Format(Now(), "D")

14

• ' Returns the value of TestDateTime in
  user-defined date/time formats.
• ' Returns "5423".
• TestStr Format(TestDateTime, "hms")
• ' Returns "050423 PM".
• TestStr Format(TestDateTime, "hhmmss tt")
• ' Returns "Saturday, Jan 27 2001".
• TestStr Format(TestDateTime, "ddd, MMM, yyyy")
• ' Returns "170423".
• TestStr Format(TestDateTime, "HHmmss")
• ' Returns "23".
• TestStr Format(23)

15
' User-defined numeric formats.

• ' Returns "5,459.40".
• TestStr Format(5459.4, ",0.00")
• ' Returns "334.90".
• TestStr Format(334.9, "0.00")
• ' Returns "500.00".
• TestStr Format(5, "0.00")

16
GetChar Function

• Returns a Char value representing the character
  from the specified index in the supplied string
• Dim TestString As String "ABCDE"
• Dim TestChar As Char
• ' Returns "D"
• TestChar GetChar(TestString, 4)
• Note Index is 1-based

17
InStr Function

• Returns an integer specifying the start position
  of the first occurrence of one string within
  another.

18
InStr Example

• ' String to search in.
• Dim SearchString As String "XXpXXpXXPXXP"
• ' Search for "P".
• Dim SearchChar As String "P"
• Dim TestPos As Integer
• ' A textual comparison starting at position 4.
  Returns 6.
• TestPos InStr(4, SearchString, SearchChar,
  CompareMethod.Text)
• ' A binary comparison starting at position 1.
  Returns 9.
• TestPos InStr(1, SearchString, SearchChar,
  CompareMethod.Binary)
• ' If Option Compare is not set, or set to Binary,
  returns 9.
• ' If Option Compare is set to Text, returns 3.
• TestPos InStr(SearchString, SearchChar)
• ' Returns 0.
• TestPos InStr(1, SearchString, "W")

19
Compare in reverse

• Dim TestString As String
• "the quick brown fox jumps over the lazy dog"
• Dim TestNumber As Integer
• ' Returns 32.
• TestNumber InStrRev(TestString, "the")
• ' Returns 1.
• TestNumber InStrRev(TestString, "the", 16)

20
Len Function

• Returns an integer containing either the number
  of characters in a string or the nominal number
  of bytes required to store a variable.

21
Len Function

• ' Initializes variable.
• Dim TestString As String "Hello World"
• ' Returns 11.
• Dim TestLen As Integer Len(TestString)

22
UCase LCase Functions

• Returns a string or character converted to
  lowercase or uppercase
• ' String to convert.
• Dim LowerCase As String "Hello World 1234
• ' Returns "HELLO WORLD 1234".
• Dim UpperCase As String UCase(LowerCase)
• ' Returns "hello world 1234".
• Dim LowerCase As String LCase(UpperCase)

23
Trim, LTrim, and RTrim Functions

• Returns a string containing a copy of a specified
  string with no leading spaces (LTrim), no
  trailing spaces (RTrim), or no leading or
  trailing spaces (Trim).

24
' Initializes string. Dim TestString As String
" lt-Trim-gt " Dim TrimString As String '
Returns "lt-Trim-gt ". TrimString
LTrim(TestString) ' Returns "
lt-Trim-gt". TrimString RTrim(TestString) '
Returns "lt-Trim-gt". TrimString
LTrim(RTrim(TestString)) ' Using the Trim
function alone achieves the same result. '
Returns "lt-Trim-gt". TrimString Trim(TestString)
25
String Manipulation Summary 
26

• Encryption/Cryptography

27
Topics

• Basic Concepts Terminology
• Types of Algorithm
• Cryptanalysis
• Practical exercise using string functions

28
Encryption

• Foundation technology
• Underlies almost everything in Information
  Security
• Ensures or supports
• Confidentiality
• Control and possession
• Integrity
• Authenticity
• Non-repudiation

29
Basic Concepts Terminology

• Plaintext (aka cleartext) original, readable
  data
• Ciphertext scrambled form of plaintext
• Encryption reversible conversion of plaintext
  into ciphertext
• Decryption conversion of ciphertext back into
  plaintext
• Crack (aka break) code decrypt ciphertext
  without knowing key

30
Basic Concepts Terminology (contd)

• Key secret allowing encryption and decryption
  to be restricted to possessors of key
• Symmetric encryption encryption requiring a
  shared key for both encryption and decryption
• Asymmetric encryption algorithm using a
  different key for decryption than for encryption

31
Basic Concepts Terminology

• Keylength number of bits in key
• Keyspace number of possible keys
• Keyspace 2keylength
• 2n ? 10 n(log102)
• ? 10 0.30103n

32
Monoalphabetic Substitution Ciphers

• Secret decoder ring or Caesar cipher
• Algorithm uses key offset and algorithm
  transposition
• e.g., if offset 3, then A becomes D, B E etc.
• Subject to cryptanalysis using known letter
  frequencies in specific languages
• English etaionshrdlu. . . .
• For English alphabet, only 25 possible offsets
  therefore maximum 25 tries to find the key

33
Monoalphabetic Substitution Cipher Example
34
Polyalphabetic Substitution Ciphers

• Can use different offsets for each position in
  plaintext
• E.g., Vigenère cipher is like 26 Caesar ciphers
• Use key indicating which offset to use for which
  position in sequence of 26 letters

35
One-Time Pad

• Use a fixed and shared secret to determine
  offsets
• In theory, is only cipher impossible to break IF
• Pad kept secret
• Key data truly random
• Key data never re-used
• In practice, people use natural language (e.g.,
  novels) and reduce strength of algorithm
• Major problem how to distribute the pad
  securely?

36
Secure Key Distribution

• The problem of distributing a key securely is
  completely general to all secret key algorithms
• A shared secret is essential for both enciphering
  and deciphering data
• Therefore both sender and receiver must share the
  secret securely
• But if it were secure to transmit the key, you
  could transmit the plaintext message too
• So how do you get the secret from one to the
  other securely?
• Need an alternate communications channel with
  higher security

37
Cryptanalysis

• Kerchoffs Principle
• Cryptanalytical Methods
• Types of Cryptanalytical Attacks

38
Kerchoffs Principle

• The strength of an encryption algorithm does not
  reside in the secrecy of the algorithm
• Corollary
• The strength of an encryption algorithm is not
  measurable unless the algorithm is known

39
Dangers of Proprietary Algorithms

• Therefore beware of secret, proprietary
  algorithms
• Many amateurs have failed utterly to defeat
  cryptanalysis
• Must demonstrate that even with knowledge of the
  algorithm and even knowledge of a plaintext
  ciphertext sample, still too expensive to decrypt
  general ciphertext to make cryptanalysis
  worthwhile

40
Cryptanalytical Methods

• Frequency-Based Cryptanalysis
• Brute-Force Cracking
• Attacking Weak Algorithms

41
Frequency-Based Cryptanalysis

• Possible to use frequency of single letters and
  digraphs (pairs of letters) to analyze ciphertext
• But this technique works only for plaintext based
  on natural language
• Must know (or guess) which language is used
• Need large amounts of data
• Does not help with cryptanalysis of purely
  numerical data unless there are regularities in
  the plaintext

e.g., frequency of single letters in plain
English follows sequence ETAOINSHRDLU
42
Brute-Force Cracking

• Try every possible key
• Facilitated by massively parallel computing
• Dictionary attacks narrow the range of keys
• Helpful when one suspects that the target user
  has chosen bad key
• Names of pets, friends, sports teams, hobbies,
  objects on desk
• Password-cracking programs use dictionaries
• Try every word and combination
• Can also introduce numbers and symbols
• If your password is a valid dictionary word it
  can be cracked in less than 1 second

43
Defending Against Password-Cracking Programs

• How can you choose passwords that are hard to
  crack?
• Dont use real words
• Introduce numbers and symbols into the password
  sequence
• Change your password periodically
• Dont use the same password on public Web sites
  as on important / secure production sites

44
Interfering with Brute-Force Cracking

• Need to know the algorithm used for encryption
• Must be able to recognize successful decryption
• Superencryption of plaintext makes brute-force
  cracking more difficult but not impossible
• Suppose adversary uses two algorithms, E1 and E2
  using keys k1 and k2 respectively
• Thus must crack E2k2((E1k1(P)) which has a
  keyspace that is the product of k1 and k2
• Using different data encoding schemes can confuse
  cryptanalyst (e.g., use EBCDIC ASCII)

45
Stronger Encryption

• Transposition Ciphers
• Product Ciphers
• Triple DES (3DES)
• AES
• PKC

46
Stronger Encryption

• Substitution ciphers are generally weak (i.e.,
  cheap or quick to crack)
• Stronger ciphers include
• Transposition ciphers
• Block ciphers chaining
• Product ciphers

47
Transposition Ciphers

• Change order of plaintext
• Use specific algorithm (rule)
• Example matrix rotation
• Matrix dimensions can serve as key e.g., 6 x 8
  then read as 8 x 6
• Read text in opposite direction of matrix
• Interferes with expected frequencies of digraphs,
  trigraphs etc.

48
Transposition Ciphers Example
The quick brown fox jumped over the lazy
dogs. Tioxerlohcw d ageeknj tzs uohy.qbfmve
urope d
49
Cryptanalytical Attacks on Transposition Ciphers

• Susceptible to combination of brute-force and
  frequency-based analysis
• Try different offsets looking for familiar /
  frequent digraphs
• This helps to determine the original matrix and
  its rotation
• Nonetheless, transposition is an important part
  of more complex encryption schemes

50
Triple DES (3DES)

• C Ek1Dk2Ek1(P)
• Where
• Ek1(P) means encrypt plaintext using key 1
• C means ciphertext
• Keylength 110 bits
• Keyspace 2110 ? 1036
• Much used for key management

51
AES Advanced Encryption Standard

• 1997 NIST requested new encryption algorithm
• Protect sensitive unclassified US government
  information
• Competition among candidate algorithms
• Winner Rijndael (Rhine doll)
• Drs Joan Daeman Vincent Rijmen from Belgium
• Block cipher with variable block length
  variable key length (easily extendible)
• Easy to implement in hardware (e.g., smart cards)
  as well as software

52
The Public Key Cryptosystem (PKC)

• Protecting confidentiality
• Assuring integrity
• Demonstrating authenticity
• Using PGP

53
Encryption Using PKC

• Key generation produces 2 keys
• Each can decrypt the ciphertext produced by the
  other
• One is defined as public
• Other is kept as private

54
Sending a Ciphertext to Multiple Recipients

• What if you have to send a message securely to
  many people?
• Obvious way is to encrypt the message separately
  for each recipient
• Thus generate as many ciphertexts as recipients

Public Key for Recipient 2
55
Multiple Recipients (contd)

• However, e-mail normally makes it easy to send
  one message to multiple recipients
• Dont want to send a different ciphertext to each
  recipient
• PKC algorithms are computationally demanding
• Can take significant time to encrypt messages
• Encrypting same message n times could take a long
  time

56
Multiple Recipients contd

• Use a one-time symmetric key to create ciphertext
  -- the session key
• Prepare as many copies of this symmetric key as
  necessary to reach all the recipients
• Encrypt a copy of the symmetric key with the
  public key of a specific recipient
• Do this step for each recipient

Session Key encrypted for each recipient
57
Multiple Recipients (contd)

• Send both the ciphertext and the encrypted
  decryption keys to all the recipients

58
Exam Review Questions

• Why did cryptographers develop transposition,
  block and product ciphers?
• How do transposition ciphers manage to strengthen
  a ciphertext compared with substitution ciphers?
• How does the recipient of a message encrypted
  solely for that person using the PKC decrypt the
  received message?
• How do we manage to encrypt a message only once
  using the PKC when we have multiple recipients?

59
Exam Review Questions

• Distinguish between plaintext and ciphertext.
• Explain the difference between symmetric and
  asymmetric encryption.
• What is the keyspace of a 128-bit key expressed
  in powers of 2? In powers of 10?
• How much bigger is the keyspace of a 64-bit key
  than the keyspace of a 40-bit key?
• Why is the Caesar cipher no longer used in real
  cryptography?
• Why was the Caesar cipher effective when it was
  invented if it is no longer useful today?

60
Exam Review Questions

• What is the significance of etaionshrdlu?
• Why is useful to know etaionshrdlu ?
• What kind of encryption algorithm is the Caesar
  cipher?
• What kind of encryption is the Vigenère cipher?
• Why is a polyalphabetic substitution cipher
  inherently harder to crack than a monoalphabetic
  substitution cipher?
• What is the only cipher that is theoretically
  impossible to crack?

61
Exam Review Questions

• Why do dictionary-based brute-force attacks work
  so well against bad passwords chosen by
  poorly-trained computer users?
• Why is it not necessary to find the exact matches
  to passwords to be able to break security using a
  password-cracking program?
• Explain how to defend your passwords against
  password-cracking programs.