Cryptography
Lynn Ackler
Southern Oregon University
Information Assurance
Keep information in a known and trusted
state that can be used appropriately.
NSA Information Security Model
Confidentiality
Integrity
Availability
Information States
Cryptography
–
Introduction
Chapter 1
Cryptography

Services
–
Confidentiality
–
Authentication
–
Integrity
–
Nonrepudiation
Encryption/Decryption
Render text unreadable
–
Plaintext
–
message to be scrambled
–
Encryption
–
scrambling the message
–
Ciphertext
–
scrambled message
–
Decryption
–
unscrambling the ciphertext
Cryptography
Cryptography
•
Art and science of encryption techniques
•
Cryptographers
Cryptanalysis
•
Art and science of braking encryption
•
Cryptanalysts
Cryptology
•
Branch of mathematics studing both
cryptography and cryptanalysis
Encryption/Decryption
Encryption
Decryption
Plaintext
Ciphertext
Original
Plaintext
M
E(M) = C
D(C) = M
C
M
D(E(M)) = M
Keys
(Magic decoder rings)
Secrecy by obscurity
•
Secret algorithm
Secrecy via a secret
•
Keys, usually a number kept secret
•
Algorithm is public and studied
Keyspace
•
Set of all possible keys
•
Should be big
Symmetric Key Cryptography
Key to encrypt is the same as to decrypt
•
Usually very fast
•
Problem is to distribute the key
Block ciphers/algorithms
Stream ciphers/algorithms
Encryption/Decryption
Encryption
Decryption
Plaintext
Ciphertext
Original
Plaintext
M
E
K
(M) = C
D
K
(C) = M
C
M
D
K
(E
K
(M)) = M
Key
Key
Asymmetric Key Cryptography
Key to encrypt is different from the key to
decrypt
•
Usually very slow
•
Distribution is not a problem
Block algorithm only
Encryption/Decryption
Encryption
Decryption
Plaintext
Ciphertext
Original
Plaintext
M
E
K1
(M) = C
D
K2
(C) = M
C
M
D
K2
(E
K1
(M)) = M
Encryption
Key
Decryption
Key
Public

Key Cryptography
Two keys:
–
Public key
–
Private key
If one is used to encrypt the other must be
used to decrypt.
Cryptanalysis
Break the encryption
•
Attack: a cryptanalysis attempt
•
Compromise: loss of a key
Standard Attacks
Cryptanalytic attacks
•
Ciphertext
–
only attack
•
Known
–
plaintext attack
•
Chosen
–
plaintetxt attack
•
Adaptive
–
chosen
–
plaintext attack
•
Chosen
–
ciphertext attacks
•
Rubber
–
hose attack
Ciphertext

only Attack
Ciphertext of several messages
•
Same key, hopefully
•
Same algorithm
Goals
•
Recover plaintext and/or key/keys
Example:
•
Encrypted hard drive
Known

plaintext Attack
Plaintext and Ciphertext of several messages are
known
•
Same key, hopefully
•
Same algorithm
Goals
•
Recover key/keys
•
At least recover the next messasge
Example
•
A collection of e

mails
Chosen

plaintext Attack
Plaintext and Ciphertext of several messages are
known
Can have ciphertext for any chosen plaintext
•
Same key and algorithm
Goals
•
Recover the key
•
At least recover the next message
Example
•
Encrypted bank deposits to your account
Chosen

ciphertext Attack
Any Ciphertext can be decrypted
•
Same key and algorithm
Goals
•
Recover the key
Example
•
Breaking a tamper proof crypto box
Rubber Hose Attack
Uncooperative person
Goals
•
Recover the key
•
Recover password
Example
•
Any one with a secret
Technique
•
Sex, Money and Pain
Security of Algorithms
If the cost to break is greater than the value
of the data, you are probably safe.
Not always though.
Seti at home
Categories of Breaks
Total break
Algorithm and key is deduced
Global deduction
An alternative algorithm is found
Local deduction
The plaintext is found for a single intercepted
ciphertext
Information deduction
Format of plaintext, a few bits of the key, etc.
Security Levels
Unconditionally secure
•
One time pad
Conditionally secure
•
Brute force attack
•
Computationally secure
Steganography
Data hiding in plain sight.
Often is not invariant under data
compression.
Substitution Ciphers
Alphabet substitution
•
Monoalphabetic
–
letter for letter
•
Homophonic
–
one or more for a letter
•
Polygram
–
block for block
•
Polyalphabetic
–
multiple simple substitutions
Substitution algorithms
•
Caeser Cipher
–
rotate
n
mod 26
•
Modulo arithmetic
•
Lookup tables
Transposition Cipher
Plaintext in rows
Ciphertext from the columns
t
h
e
q
u
i
c
k
b
r
o
w
n
f
o
x
j
u
m
e
d
o
v
e
r
t
h
e
l
a
z
y
d
o
g
Ciphertext:
t hfteoh xeq ujliuacmz key d b d rooovgwe nr
Simple XOR
XOR: '^' in C,
in mathematics
0
0 = 0
0
1 = 1
1
0 = 1
1
1 = 0
Note:
a
0 = a
a
a = 0
(
a
b
)
b = a
Simple XOR Encryption
Key: K
Messag: M
Ciphertext: C = M
K
Message: M = C
K = (M
K)
K
= M
(K
K) = M
One

Time Pads
The one time pad is a substitution cipher
with a very very long random substitution
key.
Statistically it is perfectly secure.
One

Time Pads
Problems
The key must be a
random
sequence of
characters.
The pad can be used only once.
Both parties must have the exact same pad.
If one character is dropped everything
afterward is lost.
One

Time Pads
Uses
Low bandwidth communication.
Ultra secure communication.
Forever secure.
Comments 0
Log in to post a comment