260 likes | 487 Views
Introduction to Cryptography Techniques. How secure is that banking network traffic?. Social and Computing Implications of Cryptography. The internet is a collection of networks designed to deliver data packets. Packets are easy to sniff.
E N D
Introduction to Cryptography Techniques How secure is that banking network traffic?
Social and ComputingImplications of Cryptography • The internet is a collection of networks designed to deliver data packets. • Packets are easy to sniff. • The internet is not secure, but is used to connect banks, the power grid, pipelines, transportation systems, etc.
Terms • Plaintext – the readable message • Ciphertext – the coded message key key plaintext ciphertext plaintext Encryption Decryption
Types of Attacks • Ciphertext Only– adversary uses just the ciphertext to gain either the key or the plaintext (really bad encryption) • Known Plaintext– adversary gets the key using some ciphertext and its plaintext • Chosen Plaintext– adversary introduces some plaintext to generate some ciphertext
Symmetric Key Encryption • Both parties share a secret key • The single key is used for both encryption and decryption • Encryption and decryption are equal efforts
Shift Ciphers key = amount to shift each character Example: Rotate13 ‘A’ + 13 = 1 + 13 = 14 = ‘N’ So, the message “aardvark” becomes “nneqinex”.
Shift Ciphers Advantage of Rot13: Easy to implement. Rot13('A') = 'N' (1 + 13)%26 = 14 Rot13('N') = 'A' (14 + 13)%26 = 1 So, one function does both encoding and decoding. Disadvantage of Any Rotation: Very easy to break – just try all 26 possibilities. aka - Brute Force attack.
Substitution Cipher Key = list of character substitutions Example: Key = “Chair” A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Y Z c h a i r B D E F G J K L M N O P Q S T U V W X Disadvantage: Susceptible to Character Frequency Analysis
Polyalphbetic Ciphers Key is repeated and used to shift characters. Example plaintext now is the time for all + key aar dv ark aard var kaa Ciphertext opo mo uzp ujei bpj lmm
Polyalphbetic Ciphers Advantage: Thwarts character frequency analysis. For example, an “e” will encrypt to several different letters. Disadvantage: Statistics can still be used to break the code.
Polyalphbetic Ciphers How to Break Them: 1 - Look for repeated strings. For example, if the characters “thi” appear together frequently, then it could be because the key is hitting a common word. Text = and we need to test and retest Key = ste ve stev es teve ste vestev Sum = thi sj gyjz yh njoy thi njmyxp
Polyalphbetic Ciphers How to Break Them: 2 – Determine Probable Key Length The start of strings “thi” are frequently separated by distances that are multiples of 5. So, key length is probably five. 3A – Try keys of that length. 3B – Use CharFreqAnal on characters separated by that length.
One-Time Pad • Key is used to shift the plaintext. • Key is used only once. • Key has same length as the message. • Advantage: Unbreakable! • Disadvantage: Requires lots of keys.
DES History • Data Encryption Standard • Solicited in 1973 by the National Bureau of Standards (National Institute of Standards and Technology) • Developed by IBM and the NSA • Adopted in 1977
DES Design Principles • Confusion – complicate the relationship between key and ciphertext • Diffusion – spread structure of plaintext around the ciphertext
DES Design Overview • http://www.itl.nist.gov/fipspubs/fip46-2.htm • Key = 56 bits plus 8 parity bits • 70,000,000,000,000,000 possible keys of 56 bits • Key generates 16 subkeys • 16 rounds of functions
Breaking DES • 1993 – design of $1M machine to search entire key space in one day • 1997 – design of $1M machine to search entire key space in one hour • 1999 - “DES Challenge” prize claimed in 22 hours by distributed.net • 2006 - University of Bochum and Kiel, Germany, uses $10,000 hardware cost to get average time of 6.4 days. • triple DES is much less breakable
Unix Crypt “man 3 crypt” #include <unistd.h> char *crypt(const char *key, const char *salt); crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.
Password Salt • Based on time when password created • First two letters in the passwd field • Used to discourage a brute force attack Encrypting every dictionary word then comparing that list to passwd entries will not work since every dictionary word can yield 4096 different possibilities. • Even if my password is the same for two systems, they have different salts so they look different
Public Key Encryption • Two Keys : encryption and decryption • Encryption key is public • Decryption key is private • Once sender encrypts a message, even they can’t decrypt it
Public Key Encryption • Receiver sends their public key to the sender • Sender encrypts message using that public key • Sender sends encrypted message • Receiver decrypts message using their private key
Summary Nothing on a public network is completely safe.