8. Cryptography
1
ISA 562
Information Security Theory & Practice
Introduction to Cryptography
8. Cryptography
2
Agenda
• Basics & Definitions
• Classical Cryptography
• Symmetric (Secret Key) Cryptography
• DES (Data Encryption Standard)
• Multiple Encryptions
• Modes of Block Cipher Operations
• Math Essential
• Asymmetric (Public Key) Cryptography
8. Cryptography
3
Basic Definitions
Cryptography
–
Crypt = secret
–
Graph = writing
•
science / art of transforming meaningful
information into unintelligible text
Relies on mathematics (number theory, algebra)
Cryptanalysis
•
science / art of breaking cryptographic codes
Cryptology
•
science / art / study of cryptography and
cryptanalysis
8. Cryptography
4
Applications of Cryptography
• Assuring document integrity
• Assuring document confidentiality
• Authenticating parties
• Document signature
• Non

repudiation
• Secure transactions
• Exchanging keys
• Sharing Secrets
• Digital cash
• Preserving anonymity
• Copyright protection …
8. Cryptography
5
Cryptographic Services (I)
Starting from Basics
A
B
A
B
C
a) Source Integrity
b) Data Confidentiality
Normal Flow
Eavesdropping
A
B
A
B
C
C
c) Data Integrity
d) Source Authentication
Modification
Fabrication
8. Cryptography
6
Cryptographic Services (II)
A
B
A
B
c
e)
Drop
f) Replay
A
B
C
f) Denial of Service
8. Cryptography
7
Encryption/Decryption
Plaintext
ciphertext
Plaintext
encryption
decryption
key
key
• Plaintext:
message in original form
• Ciphertext:
message in the transformed, unrecognized form
• Encryption:
process that transforms a plaintext into a ciphertext
• Decryption:
process that transforms a ciphertext back to plaintext
• Key:
value used to control encryption/decryption.
8. Cryptography
8
Cryptanalytic Attack
Attacker only knows Ciphertext
–
Tries to reveal plaintext and/or key
• Attacker Knows Plaintext, Ciphertext Pairs <plaintext , ciphertext>
–
Cryptanalysis tries to reveal the key
–
Relevant when plaintext is known or can be obtained
• Attacker chooses a Plaintext
–
and receives the Ciphertext
–
Cryptanalysis tries to reveal the key
–
Relevant when attacker can “inject” a plaintext message
8. Cryptography
9
Classical Cryptography
Cryptography used by early civilizations (including
Egyptians, Greeks, Romans) for
Secrecy
Confidentiality
now includes Integrity,
Authentication & Authenticity, and in sometimes
Non

Repudiation.
• Early cryptography mainly encryption by
substitution and/or transposition methods
–
They were simple because of the lack of computing
engines
–
Could easily be attacked
• Same ideas in use today but with stronger properties
and powerful computing engines
8. Cryptography
10
Substitution Ciphers (1)
Caesar Cipher
: fixed permutation (move 3 up in
the alphabet)
a b c d e f g h i j k l m n o p q r s t u v w x y z
d e f g h i j k l m n o p q r s t u v w x y z a b c
Algorithm is:
C = ENC( P ) = P + 3 (mod 26)
For example: GMU →JPX
•
The secrecy is in the algorithm !
• There is one key (fixed permutation)
• Easy to break
8. Cryptography
11
Substitution Ciphers (2)
Shift Cipher
similar to Caesar Cipher, but there is a cyclic shift of the 26
letters of the alphabet by key K, where
0 ≤ K < 26.
• Algorithm:
C = ENCK( P ) = P + K (mod 26)
There are 26 different keys
• Easy to break
–
check which of 26 possible keys returns the
a meaningful plaintext
• Decipher HAL (the computer from the movie 2001: A Space
Odyssey) using a shift cipher of one.
–
So the shift variable n=1.
•
• HAL ?
8. Cryptography
12
Mono

Alphabetic Ciphers
Generalization: arbitrary mapping of one letter to
another
• One of N! permutations on N letters of the alphabet
• The key is the index of the permutation
• Key is secret (one of N! options)
• Example:
–
N = 26 letters of the English alphabet
–
N! = 26! ≈ 4 • 1026 ≈ 288 permutations or 309 Septillion
–
≈ 309,485,009,821,345,000,000,000,000 permutations
• IS IT SECURE?
Not with Frequency Analysis
8. Cryptography
13
Cryptanalysis
A
ttacking Mono

Alphabetic Ciphers
Began in later part of the first millennium AD in the
Middle East.
• Frequency analysis is the study of the frequency
of occurrence of letters. (statistics) • First
treatise on it was written by
•
Ab‾uY‾us‾uf Ya‘q‾ub ibn Is

h‾aq ibn as

Sabb‾ah
•
ibn ‘omr‾an ibn Isma‾il al

Kind‾i, the “philosopher
•
of the Arabs.”
8. Cryptography
14
Letter Frequency
Western Languages are redundant, they have a
non

uniform distribution of about 26 letters.
• Each symbol of ciphertext depends on only one
symbol of plaintext and one value of the
permutation key, so guessing part of the key
gives part of the plaintext.
• Attack proceeds by guessing parts of key
corresponding to most common letters, which
makes it possible to decipher an entire
message.
8. Cryptography
15
Letter frequency in English
8. Cryptography
16
Attacking Mono

Alphabetic Ciphers
in English
Appearance frequency of letters (in long texts) in a
language is well known. Appearance frequency of pairs
of letters in a language is also well known:
th, ee, oo, tt, qu, is, ae, . . . Not zq, kv, etc
Appearance frequency of certain words is also well defined:
the ≈ 6.4% a ≈ 2.1% i ≈ 0.9%
of ≈ 4.0% in ≈ 1.8% it ≈ 0.9%
and ≈ 3.2% that ≈ 1.2% for ≈ 0.8%
to ≈ 2.4% is ≈ 1.0% as ≈ 0.8%
8. Cryptography
17
Attacking Mono

Alphabetic Ciphers
Using the appearance frequencies of letters, words,
and pairs

of

letters
–
accelerates the identification of
certain letter substitutions (part of the key)
• Identification of word patterns, vowels, and consonants helps in finding
parts of the text
• The identification of the remaining parts of the key now reduces the
search space dramatically (from N!)
• Using heuristics and associative word

completions, the rest of the key
can be easily revealed
–
In English
the most common letters: are E, T, A, O, I, N, S, H. more than
half of all words end in E, T, D, S. Q is always followed by U.
–
most common word is “THE.” and most common doublets are EE, TT,
OO, SS, LL, FF.
–
most common 2

letter combos: HE, RE, AN, TH, ER,IN.
–
most common 3

letter combos: ION, AND, ING, THE, ENT.
8. Cryptography
18
Possible solutions
•
Do not use redundant letters, like the letter
e
–
Done by French writer Georges Perec in 1969. He
published a 300

page novel La Disparition (The
Disappearance)…translated into English by Gilbert
Adair and called “A Void”
•
Or use different Mono

Alphabetic Ciphers in
different parts of the plaintext:“Poly

Alphabetic
Ciphers”.
Quite strong
•
• Or group plaintext into blocks that go through a
transformation
8. Cryptography
19
Vig`enere Cipher (I)
Blaise de Vig`enere: (1523) Created the cipher but unused
almost 200 years.
•
One type of Poly

Alphabetic Cipher The collection of
Mono

Alphabetic Ciphers consists of the 26 options for
Caesar Cipher (with K = 0, 1, 2, . . ., 25) where each of
the 26 is given a letter, which is the ciphertext letter that
replaces the letter ‘a’
In practice:
•
A table of 26 rows by 26 columns is built. Row i in the
table contains the 26 letters of the alphabet circularly
shifted by i.
•
A keyword is used (over and over again) to select which
of the mono

alphabetic ciphers to use. The cipher used
is selected by the current letter in the keyword.
8. Cryptography
20
The Cipher
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
8. Cryptography
21
Class Exercise using Vig`enere
Cipher
•
Keyword:
GMU
•
• Plaintext:
SECURITY
•
• Ciphertext:
8. Cryptography
22
Attacking Vig`enere Cipher
Check whether the cipher is Mono

Alphabetic
–
Check whether the appearance frequency of letters in the ciphertext
complies with that of a Mono

Alphabetic cipher
Determine the length of the keyword
–
If two identical sequences of plaintext letters occur at a distance that
is an integer multiple of the keyword length
–
than the two
corresponding sequences of ciphertext letters will be identical
–
Detect identical sequences of ciphertext letters
–
Conjecture that the keyword length is the GCD (greatest common
divisor) of distances between identical sequences of ciphertext
• Neutralize shifts and break each of the suspected Mono

Alphabetic
Ciphers independently
8. Cryptography
23
Running Key Cipher
One Time Pads
Running Key
Does not use mathematical
formula, instead uses everyday item such
as a set of books
–
Numbers give the book, page number, line
number, and word number
One Time Pad
•
Cipher only used for a small message and
then destroyed
8. Cryptography
24
Transposition Methods
Letters rearranged in particular fashion
Plaintext buffered in size N bufer
Plaintext scrambled to a defiined order in buffer
Key is the transposition mapping
8. Cryptography
25
Spartan Scytale
8. Cryptography
26
Rail

Fence Cipher
Method:
•
Plaintext written as a sequence of diagonals and
read as a sequence of rows
m
e
m
t
d
y
t
e
t
e
o
a
a
9
8. Cryptography
27
Row

Column Cipher
Key is
2
4
1
5
3
A
T
T
A
C
K
F
R
O
M
E
A
S
T
A
T
D
A
W
N
Ciphertext is TRSAAKETCMANTFADAOTW
8. Cryptography
28
Attacking Transposition Methods
Pure Transposition Cipher easily
recognized: it has same letter frequencies
as original text
Di

grams and tri

grams also are visible
Arrange text in rectangle and move rows
and columns
8. Cryptography
29
Rotor Machines
Combine Substitution and Transposition
Methods
• produce ciphers that are very difficult to
break
Rotor Machines in World War II: German
“Enigma” and Japanese “Purple”
• Breaking by the Allies was a significant
factor in the outcome of the war (Turing)
8. Cryptography
30
Example of Rotor Machine
Enter the password to open this PDF file:
File name:

File size:

Title:

Author:

Subject:

Keywords:

Creation Date:

Modification Date:

Creator:

PDF Producer:

PDF Version:

Page Count:

Preparing document for printing…
0%
Comments 0
Log in to post a comment