CSCE 790 Lecture 4 Cryptography - PowerPoint PPT Presentation

1 / 56
About This Presentation
Title:

CSCE 790 Lecture 4 Cryptography

Description:

Cryptography: art and science of keeping messages secure. Cryptanalysis: art and ... Needs initialization vector. Adv: can encipher one character at a time ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 57
Provided by: far1
Category:

less

Transcript and Presenter's Notes

Title: CSCE 790 Lecture 4 Cryptography


1
CSCE 790Lecture 4Cryptography
2
Reading Assignment
  • Reading assignments for January 25
  • Required
  • Oppliger Ch 5.1, 5.2, 5.3
  • Recommended
  • NIST Cryptographic Toolkit (http//csrc.nist.gov/e
    ncryption )
  • Reading assignments for January 29
  • Required
  • Oppliger Ch 5.4, 5.5, 5.6,5.7,5.8

3
Insecure communications
Confidential
Insecure channel
Sender
Recipient
4
Secure communications
confidential
Insecure channel
Sender
Recipient
5
Terminology
  • Plaintext, cleartext an unhidden message
  • Encryption transform a message to hide its
    meaning
  • Ciphertext, cyphertext an encrypted message
  • Cipher cryptographic algorithm. Mathematical
    function used for encryption (encryption
    algorithm) and decryption (decryption algorithm).
  • Decryption recovering plaintext from ciphertext
  • Cryptography art and science of keeping messages
    secure
  • Cryptanalysis art and science of breaking
    ciphertext
  • Cryptology study of both cryptography and
    cryptanalysis

6
Cryptosystem requirements
  • Enciphering and deciphering algorithms must be
    efficient for all keys
  • Coding and decoding at the time of transmission ?
    may be bottleneck
  • System must be easy to use
  • Ease of finding key with an invertible
    transformation
  • Security should depend on the the secrecy of the
    keys not on the secrecy of the algorithms
  • Algorithms must be inherently strong, i.e.,
    encryption cannot be broken by simply knowing the
    method of encryption

7
What makes a good cryptosystem?
  • A good cryptosystem is one whose security does
    not depend upon the secrecy of the algorithm.
    This is why cryptographers are so unhappy about
    NSA's refusal to release details of SkipJack
    (Clipper).
  • From Schneier
  • Good cryptographers rely on peer review to
    separate the good algorithms from the bad.''

8
Breakable v.s. Practically Breakable
  • Unconditionally secure impossible to decrypt.
    No amount of ciphertext will enable a
    cryptanalyst to obtain the plaintext without
    restrictions on technology
  • Computationally secure an algorithm that is not
    breakable in practice based on worst case
    scenario (based on the best known methods) and
    current technology
  • Breakable all algorithms (except one-time pad)
    are theoretically breakable

9
Cryptanalysis
  • Cryptanalysts goal
  • Break message
  • Break key
  • Break algorithm

10
Security requirements
  • Computationally infeasible to systematically
    determine the deciphering transformation for a
    given cipher, even if the corresponding plaintext
    is known
  • Prevents decoding additional ciphertexts
  • Computationally infeasible to systematically
    determine plaintext for a given cipher
  • Prevents decoding the given ciphertext

11
Authenticity requirements
  • Computationally infeasible to systematically
    determine enciphering transformation for a given
    cipher, even if the corresponding plaintext is
    known
  • Prevents creating false ciphertext
  • Computationally infeasible to find ciphertext
    such that it deciphers into a valid plaintext
  • Prevents cipher substitution

12
Taxonomy of Attacks
  • Ciphertext-only attack attacker has ciphertext
    for messages encrypted with E.
  • Known plaintext attack attacker additionally
    knows the plaintext of the messages.
  • Chosen plaintext attack attacker can select the
    encrypted plaintext for at least some messages.
  • Chosen ciphertext attack attacker can obtain
    decrypted (plaintext) versions of selected
    ciphertext.

13
Cryptosystems
  • Conventional (symmetric-key) cryptosystem
  • Public-key (asymmetric-key) cryptosystem
  • Quantum cryptosystem
  • Hash Functions

14
Conventional (Secret Key) Cryptosystem
Plaintext M
Ciphertext C
Plaintext M
Encryption
Decryption
Sender
Recipient
K
K
Secure channel
CE(K,M) MD(K,C)
Key source
15
Secret Key Cryptosystem Vulnerabilities (1)
  • Passive Attacker (Eavesdropper)
  • Obtain and/or guess key and cryptosystem use
    these to decrypt messages
  • Capture text in transit and try a ciphertext-only
    attack to obtain plaintext.

16
Secret Key Cryptosystem Vulnerabilities (2)
  • Active Attacker
  • Break communication channel (denial of service)
  • Obtain and/or guess key and cryptosystem and use
    these to send false messages

17
Inherent Weaknesses of Symmetric Cryptography
  • Key distribution must be done secretly (difficult
    when parties are geographically distant, or don't
    know each other)
  • Need a key for each pair of users
  • n users need n(n-1)/2 keys
  • If the secret key (and cryptosystem) is
    compromised, the adversary will be able to
    decrypt all traffic and produce fake messages

18
Classical Encryption Techniques
  • Steganography
  • Substitution
  • Permutation
  • Combinations and iterations of these

19
Steganography
  • Conceals the existence of secret message
  • Needs
  • Carrier medium text, picture, etc.
  • Encoding schema defines how to insert message
    into the carrier medium
  • Not efficient good for small messages only

20
Steganography Examples
  • Before computers
  • Character markings selected letters of printed
    or typewritten text are overwritten in pencil
  • Invisible ink not visible until some chemical
    reactions take place
  • Pin punctures tiny punctures on selected letters
  • Computer aided
  • Modification of digital carrier, e.g., digital
    image, sound, etc.
  • Supported by secret key
  • Digital watermarking

21
Substitution Techniques
  • Simple substitution
  • Monoalphabetic cipher
  • Multiple letter encryption
  • Polyalphabetic cipher

22
Simple Substitution Caesar Cipher
  • CE(K,M), e.g., C(Mn) mod 26
  • plaintext A B C D E
  • ciphertext A B C D E F
  • e.g., MCAB
  • C ECD
  • Advantages simple to implement
  • Disadvantages easy to break (25 possibilities
    for English alphabet)

23
Monoalphabetic Substitution
  • Arbitrary substitution for each plaintext symbol,
    e.g.,
  • C ?E, A ?C, B ? D
  • MCAB
  • C ECD
  • Advantages large key space 26!
  • Disadvantages trivially broken for known
    plaintext attack

24
Multiple-Letter Encryption
  • Playfair (Sir Charles Wheatstone, 1854)
  • Plaintext is encrypted as 2 letter blocks to
    create 2 letter cipher blocks
  • Secret key is written into a 5x5 matrix and
    filled up by the remaining alphabet (i/j
    together)
  • Repeating plaintext letters are separated by a
    filler (.e.g., by X)
  • Encoding
  • Letters in the same row are substituted with
    their neighbors on the right
  • Letters in the same column are substituted with
    their neighbors underneath
  • Otherwise each letter is replaced with the
    letter in its row and in the column of the other
    letter

25
Multiple-Letter Encryption
  • MAR ? CRM
  • MMU ? CCM
  • MHS ? CBP

26
Polyalphabetic Substitution
  • A set of related monoalphabetic substitution
    rules is used
  • A key determines which particular rule is chosen
    for a given transformation
  • Example Vigenere cipher based on 26 Caesar
    ciphers
  • Advantages there are multiple ciphertext for a
    plaintext letter
  • Disadvantages periodic nature of key makes it
    breakable with statistical cryptanalysis

27
One-Time Pad
  • Perfect Secrecy!
  • Large, non-repeating set of keys
  • Key is larger than the message
  • Advantages immune to most attacks
  • Disadvantages
  • Need total synchronization
  • Need very long, non-repeating key
  • Key cannot be reused

28
Transposition
  • Letters of the message are rearranged
  • Break patterns
  • e.g., columnar transposition
  • Plaintext this is a test
  • t h i s
  • i s a t tiehssiatst!
  • e s t !
  • Advantages easy to implement
  • Disadvantages
  • Easy to recognize same letter frequency as the
    original plaintext
  • Trivially broken for known plaintext attack
  • Easily broken for cipher only attack
  • Multiple encipherment does not help

29
Product Ciphers
  • Substitution followed by permutation, followed by
    substitution, followed by permutation
  • One encryption applied to the result of the other
    En(En-1((E1(M)))
  • Broken for
  • Chosen plaintext

30
Data Encryption Standard
  • Mathematics to design strong product ciphers is
    classified
  • Breakable by exhaustive search for known
    plaintext, chosen plaintext and chosen ciphertext
    attacks
  • Security computational complexity of computing
    the key under the above scenarios

31
Data Encryption Standard (DES)
  • DES is a product cipher
  • 56 bit key size
  • 64 bit block size for plaintext and cipher text
  • Developed by IBM and adopted by NIST with NSA
    approval
  • Encryption and decryption algorithms are public
    but the design principles are classified

32
DES Controversies
  • Key size 56 bits threshold of allowing
    exhaustive-search known plaintext attack
  • Built in trapdoor allegations
  • The US Senate Select Committee of Intelligence
    exonerated NSA from tampering with the design of
    DES in any way

33
DES Multiple Encryption
  • Group Multiple encryptions are equivalent to a
    single encryption
  • 1992 proven that DES is not a group

34
DES Multiple Encryption
P
EK1(P)
EK2EK1(P)
Intermediate Ciphertext
Ciphertext
Plaintext
Encryption
Encryption
K1
K2
Known-plaintext meet-in-the-middle
attack Effective key size 57 bit
35
DES Multiple Encryption
P
EK1(P)
DK2EK1(P)
EK1DK2EK1(P)
E
E
D
K1
K2
K1
Tuchman avoid meet-in-the-middle attack If
K1K2 single encryption
36
DES Multiple Encryption
  • Tuchmans technique is part of NIST standard
  • Can be broken in 256 operations if one has 256
    chosen plaintext blocks (Merkle, Hellman 1981)
  • Could use distinct K1,K2,K3 to avoid this attack

37
DES Algorithm
64 bit plain
56 bit key
Permuted choice 1
Initial permutation
K1
Left circular shift
Permuted choice 2
Iteration 1
K2
Left circular shift
Permuted choice 2
Iteration 2
K3
Left circular shift
Permuted choice 2
Iteration 16
32 bit swap
Inverse initial permutation
64 bit ciphertext
38
DES Cycle
32 bits
32 bits
L i-1
R i-1
Expansion permutation
48 bits
48 bits
Permuted key
48 bits
32 bits
32 bits
R i
39
Modes of DES
  • ECB Electronic Code Book
  • CBC Cipher Block Chaining
  • CFB Cipher FeedBack
  • OFB Output FeedBack
  • Part of NIST standard

40
ECB Mode
64 bit data
56 bit key
56 bit key
E
D
64 bit data
Good for small messages Identical data block will
be identically encrypted
41
CBC Mode
64 bit data
64 bit previous Ciphertext block

56 bit key
56 bit key
E
D
64 bit previous Ciphertext block

CnEkCn-1 ? Pn
64 bit data
Need initiation vector
42
CFB Mode
Needs initialization vector Adv can encipher one
character at a time Error propagation current
transf. next 8 characters
8, 8 bit blocks
8, 8 bit blocks
Left shift
56 bit key
56 bit key
E
D
Left shift


8 bit cipher text
8 bit plain text
8 bit plain text
43
OFB Mode
Needs initialization vector Adv can encipher one
character at a time Error propagation current
transfer only
8, 8 bit blocks
8, 8 bit blocks
Left shift
56 bit key
56 bit key
E
D
Left shift


8 bit cipher text
8 bit plain text
8 bit plain text
44
Advanced Encryption Standard (AES)
  • Adopted by NIST to replace DES
  • January 2, 1997 NIST announces the initiation
    of an effort to develop the AES (62 FR 93)
  • Based on Rijndael algorithm

45
International Data Encryption Algorithm (IDEA)
  • Designed by X. Lai and J. Massey Swiss Federal
    Institute of Technology, 1990
  • 64 bit block cipher
  • Key size 128 bits
  • Used by Pretty Good Privacy (PGP) to encrypt
    electronic mail

46
Design Principles
  • Cryptographic strength
  • Block size deter statistical analysis but easy
    to implement encryption
  • Key length prevent exhaustive key search
  • Confusion ciphertext should depend on the
    plaintext and key in a complicated way
  • Diffusion each plaintext should influence every
    ciphertext bit to prevent statistical analysis

47
Other Secret Key Algorithms
  • DESX modification of DES
  • Blowfish fast, compact and simple block cipher.
    Variable key length up to 448 bits
  • RC2 block cipher. Variable key length up to 2048
    bits
  • RC4 stream cipher. Variable key length up to 448
    bits
  • RC5 block cipher. Allows user defined key
    length, data block size, and number of encryption
    rounds.

48
Hash Functions
  • Hash function h maps an input x of arbitrary
    length to a fixed length output h(x)
    (compression)
  • Given h and x, h(x) is easy to compute (ease of
    computation)

49
Hash functions
  • Preimage resistant (one-way) if for all
    specified outputs, it is computationally
    infeasible to find any input that hashes to that
    output
  • Second-preimage resistent (weak collision
    resistant) if it is computationally infeasible
    to find any second input which has the same
    output as any specified input
  • Collision resistant (strong collision resistant)
    if it is computationally infeasible to find any
    distinct inputs that has the same output

50
Hash Functions
  • Message digest
  • Used for authenticity and integrity purposes
  • Algorithms
  • SHA-1MD2,MD4,
  • MD5

51
MD5 Message Digest Algorithm
  • Input of arbitrary length
  • Output 128 bits
  • Block size 512 bits

52
MD5 Processing
  • Append padding bits so length ? 448 mod 512
    (padded message 64 bits less than an integer
    multiplied by 512)
  • Append length a 64-bit representation of the
    length of the original message (before the
    padding) ? total length of message k512 bits
  • Initialize MD buffer 128-bit buffer holds
    intermediate and final results (4 32-bit
    registers, ABCD)

53
MD5 Processing
  • Process message in 512-bit blocks
  • 4 rounds of processing
  • Similar structure but different logical function
  • Each round takes the 512-bit input and values of
    ABCD and modifies ABCD
  • Output from the last stage is a 128-bit digest

54
Strength of MD5
  • Every bit of plain text influences every bit of
    the the hash code
  • Complex repetition of the basic functions ?
    unlikely that two random messages would have
    similar regularities
  • MD5 is as strong as possible for 128-bit digest
    (Rivests conjecture)
  • Hasnt been disproved yet

55
Secure Hash Algorithm
  • SHA was developed by National Institute of
    Standards and Technology
  • 1993 Published as Federal Information Processing
    Standard (FIPS PUB 180)
  • Input maximum length 264 bits
  • Output 160-bit digest
  • Block size 512-bit

56
MD5 v.s. SHA
  • Very similar
  • Security SHAs digest is 32 bits longer ?
    without algorithm flows SHA is more secure
  • SpeedSHA has more steps and produces 160-bit
    buffer ? SHA slower
  • Simplicity and compactness MD5 has more internal
    steps with varying buffer modification ? SHA is
    simplier
Write a Comment
User Comments (0)
About PowerShow.com