Security Module Introduction - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Security Module Introduction

Description:

the art of breaking into such communications. cryptology ... Frontier Foundation cracked the contest message (secured by 56-bit single DES) in 22 hours ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 22
Provided by: GregPh4
Category:

less

Transcript and Presenter's Notes

Title: Security Module Introduction


1
Security Module Introduction Classical and
Modern Cryptology AMS I-3.1.1 Fall 2005
  • Greg Phillips
  • greg.phillips_at_rmc.ca
  • Royal Military College of Canada
  • Electrical and Computer Engineering

2
Overview and todays class
  • classical and modern cryptology
  • cryptology?
  • cipher basics
  • techniques and attacks
  • digital ciphers
  • example DES
  • public key cryptology and public key
    infrastructure
  • computer security (COMPUSEC)
  • network security (NETSEC)
  • assurance
  • computer security demonstration

3
What the heck is Cryptology?
  • cryptography
  • the art of providing secure communication over
    insecure channels
  • cryptanalysis
  • the art of breaking into such communications
  • cryptology
  • the combined art of cryptography and cryptanalysis

4
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
  • Every letter is substituted with the third letter
    alphabetically following belongs to a class of
    ciphers called substitution ciphers
  • The plaintext gregphillips becomes the ciphertext
    juhjskloolsv
  • This is called a restricted cryptosystem because
    it relies on keeping the nature of the algorithm
    secret


5
Generalized Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
NOPQRSTUVWXYZABCDEFGHIJKLM
  • Every letter is substituted with the nth letter
    alphabetically following, where n is the secret
    key
  • Here, n is 13 and gregphillips becomes
    tertcuvyyvcf
  • Since there are only 25 interesting keys, a
    cryptanalyst could easily search the entire key
    space using a brute-force search


6
More Generalized Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
SFBHIXZJLTYKGWUMRPVEDONACQ
  • Every letter is substituted with another letter,
    randomly chosen. The order of the substituted
    letters becomes the the secret key
  • Here, the key is sfbhixzjltykgwumrpvedonacq and
    gregphillips becomes zpizmjlkklmv
  • Since there are 26! (41026 or 288) keys,
    brute-force search is impractical without
    automated assistance


7
Categories of Attacks
  • Ciphertext only
  • The cryptanalyst has only a number of intercepted
    ciphertexts.
  • Known plaintext.
  • The cryptanalyst has a number of ciphertexts with
    corresponding plaintexts.
  • Chosen plaintext
  • The cryptanalyst gets to choose plaintext
    messages and is given the corresponding
    ciphertext.

The goal of an attack is either to recover the
secret key, or to be able to decipher the next
message without the key.
8
Information Theory Attacks
  • Rely on the typical frequency distribution of
    letters, digrams, trigrams and words in natural
    languages.
  • For example, in English
  • letters e (13.05), t (9.02), o (8.21), etc.
  • digrams th (3.16), in (1.54), etc.
  • trigrams the (4.72), ing (1.42), etc.
  • words the (6.42), of (4.02), etc.
  • Knowing the original language of the plaintext,
    and with enough plaintext samples, it is
    typically short work to break almost any
    substitution cipher

9
The One-time Pad
G R E G P H I L L I P S
10 5 7 22 17 2 2 19 4 12 1
6....
Q W L C G J K E P U Q Y
  • A perfectly secure substitution cipher
  • Letters are encoded as in the generalized Caesar
    cipher but using a different key for each letter
  • This requires a key-string as long as the
    original plaintext
  • If the key-string is reused the system becomes
    prone to attack thus one-time pad

10
Visual One-time Pad
http//www.cl.cam.ac.uk/Research/DTG/fms27/vck/
11
Transposition
  • reorder the letters but do not disguise them the
    new ordering is the key
  • e.g., with a key of 12 5 4 9 7 8 6 1 11 10 2 3,
    gregphillips would become spglilhgpire
  • typically the key is shorter
  • than the message, e.g.,
  • with a key of 3 1 2 4,
  • gregphillips becomes
  • egrgiphlplis
  • not particularly secure by itself, however it
    obscures digrams, trigrams and words

12
Being Digital
  • Most electronic cryptosystems operate at the
    level of bits rather than letters
  • The general principles of substitution and
    transposition are still used
  • Additional operations
  • circular shift
  • exclusive or, normally written

1
13
Data Encryption Standard (DES)
  • Originally proposed by IBM revised by the
    National Security Agency (NSA) and published as
    FIPS 46 by the National Bureau of Standards

plaintext
DES encipher and decipher are the same operation,
which makes hardware implementation of DES simple
and cheap.
DES encipher
56-bit key
ciphertext
DES decipher
plaintext
http//www.nist.gov/itl/div897/pubs/fip46-2.htm
14
DES Overview
Input
Initial Permutation
Permuted Input
L0
R0
K0
f
L1 R0
K1
f
...
L2 R1
Pre-output
L16 R15
Inverse Permutation
Output
15
Initial and Inverse Permutations(transposition)
Initial Permutation 58 50 42
34 26 18 10 2 60 52 44 36
28 20 12 4 62 54 46 38 30 22
14 6 64 56 48 40 32 24 16
8 57 49 41 33 25 17 9 1 59
51 43 35 27 19 11 3 61 53
45 37 29 21 13 5 63 55 47
39 31 23 15 7
Inverse Permutation 40 8 48
16 56 24 64 32 39 7 47 15
55 23 63 31 38 6 46 14 54 22
62 30 37 5 45 13 53 21 61
29 36 4 44 12 52 20 60 28 35
3 43 11 51 19 59 27 34 2
42 10 50 18 58 26 33 1 41
9 49 17 57 25
16
Key Schedule
Permuted Choice 1 57 49 41 33 25
17 9 1 58 50 42 34 26
18 10 2 59 51 43 35 27 19 11
3 60 52 44 36 63 55 47 39
31 23 15 7 62 54 46 38 30
22 14 6 61 53 45 37 29 21 13
5 28 20 12 4
Left Shifts 1 1 2 1 3 2
4 2 5 2 6 2 7 2 8
2 9 1 10 2 11 2 12
2 13 2 14 2 15 2 16 1
Permuted Choice 2 14 17 11 24 1
5 3 28 15 6 21 10 23 19
12 4 26 8 16 7 27 20 13
2 41 52 31 37 47 55 30 40 51
45 33 48 44 49 39 56 34 53 46
42 50 36 29 32
17
The Function
f
E bit-selection table 32 1 2 3
4 5 4 5 6 7 8
9 8 9 10 11 12 13 12 13 14
15 16 17 16 17 18 19 20 21 20
21 22 23 24 25 24 25 26 27
28 29 28 29 30 31 32 1
Permutation P 16 7 20 21 29 12 28
17 1 15 23 26 5 18 31 10 2
8 24 14 32 27 3 9 19 13 30
6 22 11 4 25
18
How Secure Is DES?
  • in an RSA Labs contest, July 1999, a
    special-purpose computer built by the Electronic
    Frontier Foundation cracked the contest message
    (secured by 56-bit single DES) in 22 hours
  • used a fast, brute-force attack, searching the
    key space at about 245 billion keys/second
  • time to exhaust 56-bit key space 2.4 days
  • time to exhaust 40-bit key space 4.5 seconds
  • total system cost was 210,000 of which about
    80,000 was RD
  • complete plans are freely available on the
    Internet
  • as of 2004, estimated cost to build is about
    15,000

http//www.eff.org/Privacy/Crypto/Crypto_misc/DESC
racker/
19
EFF DES Cracker
20
What Can We Do?
  • use longer keys
  • use longer keys
  • use longer keys
  • use other algorithms
  • Triple-DES
  • CAST
  • IDEA
  • Advanced Encryption Standard (Rijndael)
  • NSA/CSE developed mil-grade crypto
  • and longer keys!

http//csrc.nist.gov/CryptoToolkit/aes/ http//en.
wikipedia.org/wiki/Aes
21
Next class
  • Public Key Cryptology
  • and
  • Public Key Infrastructure
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security Module Introduction" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!