920 likes | 931 Views
Explore the fundamental concepts of encryption, the DES and AES algorithms, RSA algorithm, key exchange protocols, digital signatures, and cryptographic hash functions in the field of computer security.
E N D
Security in Computing, 4th Ed, Pfleeger Chapter 2 Elementary Cryptography
In this chapter • Concepts of encryption • Cryptanalysis: how encryption systems are "broken" • Symmetric (secret key) encryption and the DES and AES algorithms • Asymmetric (public key) encryption and the RSA algorithm • Key exchange protocols and certificates • Digital signatures • Cryptographic hash functions
Cryptography • Cryptography (secret writing) is the strongest tool for controlling against many kinds of security threats. • Well-disguised data cannot be read, modified, or fabricated easily. • Cryptography is rooted in higher mathematics • Group and field theory, computational complexity, and even real analysis, not to mention probability and statistics. • Fortunately, it is not necessary to understand the underlying mathematics to be able to use cryptography.
Terminology and Background • Consider the steps involved in sending messages • from a sender, S • to a recipient, R • If S entrusts the message to T, who then delivers it to R, T then becomes the transmission medium. • If an outsider, O, wants to access the message (to read, change, or even destroy it), we call O an interceptor or intruder. • Encryption is a means of maintaining secure data in an insecure environment.
Terminology • Encryption is the process of encoding a message so that its meaning is not obvious • Decryption is the reverse process, transforming an encrypted message back into its normal, original form. • Alternatively, the terms encode and decode or encipher and decipher are used instead of encrypt and decrypt • A system for encryption and decryption is called a cryptosystem.
Terminology • The original form of a message is known as plaintext, and the encrypted form is called ciphertext.
Terminology • The original form of a message is known as plaintext, and the encrypted form is called ciphertext.
Terminology • For convenience, we denote a plaintext message P as a sequence of individual characters • P = <p1, p2, …, pn>. • Similarly, ciphertext is written as • C = <c1, c2, …, cm>. • We write C = E(P) and P = D(C), where C represents the ciphertext, E is the encryption rule, P is the plaintext, and D is the decryption rule. • What we seek is a cryptosystem for which P = D(E(P)). In other words, we want to be able to convert the message to protect it from an intruder, but we also want to be able to get the original message back so that the receiver can read it properly.
Encryption Algorithms • The cryptosystem involves a set of rules for how to encrypt the plaintext and how to decrypt the ciphertext. • The encryption and decryption rules, called algorithms, often use a device called a key, denoted by K, so that the resulting ciphertext depends on the original plaintext message, the algorithm, and the key value. • C = E(K, P)
Encryption Algorithms • It would be very expensive for you to contract with someone to invent and make a lock just for your house. • Also, you would not know whether a particular inventor's lock was really solid or how it compared with those of other inventors. • A better solution is to have a few well-known, well-respected companies producing standard locks that differ according to the (physical) key • Then, you and your neighbor might have the same model of lock, but your key will open only your lock. • In the same way, it is useful to have a few well-examined encryption algorithms that everyone could use, but the differing keys would prevent someone from breaking into what you are trying to protect.
Encryption Algorithms • Sometimes the encryption and decryption keys are the same, so P = D(K, E(K,P)). This form is called symmetric encryption because D and E are mirror-image processes. • At other times, encryption and decryption keys come in pairs. Then, a decryption key, KD, inverts the encryption of key KE so that P = D(KD, E(KE,P)). Encryption algorithms of this form are called asymmetric • An encryption scheme that does not require the use of a key is called a keyless cipher.
cryptology • Cryptography means hidden writing, and it refers to the practice of using encryption to conceal text. • Cryptanalyst studies encryption and encrypted messages, hoping to find the hidden meanings.
cryptology • Both a cryptographer and a cryptanalyst attempt to translate coded material back to its original form. Normally, a cryptographer works on behalf of a legitimate sender or receiver, whereas a cryptanalyst works on behalf of an unauthorized interceptor. • Cryptology is the research into and study of encryption and decryption; it includes both cryptography and cryptanalysis.
Cryptanalysis • A cryptanalyst's chore is to break an encryption. • cryptanalyst attempts to deduce the original meaning of a ciphertext message. • Better yet, he or she hopes to determine which decrypting algorithm matches the encrypting algorithm so that other messages encoded in the same way can be broken.
Cryptanalyst can attempt to do … • Break a single message • Recognize patterns in encrypted messages, to be able to break subsequent ones by applying a straightforward decryption algorithm • Infer some meaning without even breaking the encryption, such as noticing an unusual frequency of communication or determining something by whether the communication was short or long
Cryptanalyst can attempt to do …(cont.) • Deduce the key, to break subsequent messages easily • Find weaknesses in the implementation or environment of use of encryption • Find general weaknesses in an encryption algorithm, without necessarily having intercepted any messages
Information needed by a cryptanalyst • A cryptanalyst works with a variety of pieces of information: encrypted messages, known encryption algorithms, intercepted plaintext, data items known or suspected to be in a ciphertext message, mathematical or statistical tools and techniques, properties of languages, computers, and plenty of ingenuity and luck. • Each piece of evidence can provide a clue, and the analyst puts the clues together to try to form a larger picture of a message's meaning in the context of how the encryption is done.
Attack models • Attack models for the cryptanalysis • Ciphertext-only: • is an attack model for cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts. • The attack is completely successful if the corresponding plaintexts can be deduced, or even better, the key. • Known-plaintext • is an attack model for cryptanalysis where the attacker has samples of both the plaintext and its encrypted version (ciphertext). These can be used to reveal further secret information such as secret keys. • Chosen-plaintext • is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.[1] The goal of the attack is to gain some further information which reduces the security of the encryption scheme.
Breakable Encryption • An encryption algorithm is called breakable when, given enough time and data, an analyst can determine the algorithm. • However, an algorithm that is theoretically breakable may in fact be impractical to try to break. • Ex., consider a 25-character message that is expressed in just uppercase letters. A given cipher scheme may have 2625 (approximately 1035) possible decipherments • If your computer could perform on the order of 1010 operations per second, finding this decipherment would require on the order of 1025 seconds. • Infeasible to compute
Breakable Encryption • Two other important issues must be addressed when considering the breakability of encryption algorithms. • First, the cryptanalyst cannot be expected to try only the hard, long way. • ingenious approach might require only 1015 operations. => 1015 operations take slightly more than one day • Second, estimates of breakability are based on current technology. • Things that were infeasible in 1940 became possible by the 1950s • A conjecture known as "Moore's Law" asserts that the speed of processors doubles every 1.5 years, and this conjecture has been true for over two decades. • It is risky to pronounce an algorithm secure just because it cannot be broken with current technology, or worse, that it has not been broken yet.
Representing Characters • We begin with the encryption of messages written in the standard 26-letter English-alphabet, A through Z. • Convention: plaintext is written in UPPERCASE letters, and ciphertext is in lowercase letters • Because most encryption algorithms are based on mathematical transformations, they can be explained or studied more easily in mathematical form.
Representing Characters • Consider performing arithmetic on the "letters" of a message • Expressions such as A + 3 = D or K - 1 = J have their natural interpretation. • Arithmetic is performed as if the alphabetic table were circular (modular arithmatic) • every result of an arithmetic operation is between 0 and 25 • Ex. Y + 3 = B (and B – 3 = Y) • Two simple forms of encryption: • substitutions, in which one letter is exchanged for another • transpositions, in which the order of the letters is rearranged
Substitution Ciphers • The Caesar Cipher • ci = E(pi) = pi + 3 • A full translation chart of the Caesar cipher is shown here. • Using this encryption, the message • TREATY IMPOSSIBLE • would be encoded as T R E A T Y I M P O S S I B L E w u h d w b l p s r v v l e o h • The pattern pi + 3 was easy to memorize and implement, however, it is easy break
Cryptanalysis of the Caesar Cipher • Many clues on the "TREATY IMPOSSIBLE” ciphertext • the space between the two words is preserved in the ciphertext • double letters are preserved: The SS is translated to vv • when a letter is repeated, it maps again to the same ciphertext as it did previously. So the letters T, I, and E always translate to w, l, and h. • These clues make this cipher easy to break.
Cryptanalysis of the Caesar Cipher • Suppose you are given the following ciphertext message, and you want to try to determine the original plaintext. • Ciphertext: “wklv phvvdjh lv qrw wrr kdug wr euhdn” • 27-symbol alphabet: A through Z plus the "blank" character • Start with small words: English has relatively few small words, such as am, is, to, be, he, we, and, are, you, she, and so on. • substitute known short words at appropriate places in the ciphertext until you have something that seems to be meaningful. • Once the small words fall into place, you can try substituting for matching characters at other places in the ciphertext. • There is a strong clue in the repeated r of the word wrr. • two very common three-letter words having the pattern xyy are see and too. other less common possibilities are add, odd, and off
Cryptanalysis of the Caesar Cipher • Note that the combination wr appears in the ciphertext • if wrr is SEE, wr would have to be SE, which is unlikely • However, if wrr is TOO, wr would be TO, which is quite reasonable. • Substituting T for w and O for r, the message becomes • The OT could be cot, dot, got, hot, lot, not, pot, rot, or tot; a likely choice is not. Unfortunately, q = N does not give any more clues because q appears only once in this sample. • The word lv is also the end of the word wklv, which probably starts with T. • Likely two-letter words that can also end a longer word include so, is, in, etc. • However, so is unlikely because the form T-SO is not recognizable; • IN is ruled out because of the previous assumption that q is N • A more promising alternative is to substitute IS for lv throughout, and continue to analyze the message in that way. • By now, you might notice that the ciphertext letters uncovered are just three positions away from their plaintext counterparts.
Cryptanalysis of the Caesar Cipher • The cryptanalysis described here is ad hoc, using deduction based on guesses instead of solid principles. • But you can take a more methodical approach, considering • which letters commonly start words • which letters commonly end words • which prefixes and suffixes are common • Cryptanalysts have compiled lists of common prefixes, common suffixes, and words having particular patterns. • (For example, sleeps is a word that follows the pattern abccda.)
Other Substitutions • In substitutions, the alphabet is scrambled, and each plaintext letter maps to a unique ciphertext letter. • mathematical way description: • permutation is a reordering of the elements of a sequence • For instance, we can permute the numbers l to 10 in many ways, including: • π1 = 1, 3, 5, 7, 9, 10, 8, 6, 4, 2; and π2 = 10, 9, 8, 7, 6, 5, 4, 3, 2, 1 • A permutation is a function, so we can write expressions such as π1(3) = 5 • meaning that the letter in position 3 is to be replaced by the fifth letter • If the set is the first ten letters of the alphabet, π1(3) = 5 means that C is transformed into e
Other Substitutions • Alternative to using the permutation (π) • One way to scramble an alphabet is to use a key • a word that controls the permutation • For instance, if the key is word, the sender or receiver first writes the alphabet and then writes the key under the first few letters of the alphabet. • The sender or receiver then fills in the remaining letters of the alphabet, in some easy-to-remember order, after the keyword.
Complexity of Substitution Encryption and Decryption • An important issue in using any cryptosystem is the time it takes to turn plaintext into ciphertext, and vice versa. • it is essential that the scrambling and unscrambling not deter the authorized parties from completing their missions • The timing is directly related to the complexity of the encryption algorithm • encryption and decryption with substitution ciphers can be performed by direct lookup in a table illustrating the correspondence • Transforming a single character can be done in a constant amount of time, so we express the complexity of the algorithm by saying that the time to encrypt a message of n characters is proportional to n ( O(n) )
Cryptanalysis of Substitution Ciphers • The techniques described for breaking the Caesar cipher can also be used on other substitution ciphers • Short words, words with repeated patterns, and common initial and final letters all give clues for guessing the permutation. • breaking the code is a lot like working a crossword puzzle. You try a guess and continue to work to substantiate that guess until you have all the words in place or until you reach a contradiction • Using brute force attack, the cryptanalyst could try all 26! permutations of a particular ciphertext message • We can use our knowledge of language to simplify this problem. For example, in English, some letters are used more often than others. The letters E, T, O, and A occur far more often than J, Q, X, and Z, for example. • Encryption, even in a simple form, will deter the casual observer.
The Cryptographer's Dilemma • An encryption algorithm must be regular for it to be algorithmic and for cryptographers to be able to remember it. Unfortunately, the regularity gives clues to the cryptanalyst • There is no solution to this dilemma
One-Time Pads • A one-time pad is sometimes considered the perfect cipher • large, nonrepeating set of keys is written on sheets of paper, glued together into a pad. • if the keys are 20 characters long and a sender must transmit a message 300 characters in length • the sender would tear off the next 15 pages of keys • The sender would write the keys one at a time above the letters of the plaintext and • encipher the plaintext with a prearranged chart (called a Vigenère tableau) that has all 26 letters in each column, in some scrambled order
One-Time Pads • The one-time pad method has two problems: • the need for absolute synchronization between sender and receiver, and • the need for an unlimited number of keys. key Plaintext ciphertext because row M column i is u, row A column a is a, and so on.
Transpositions (Permutations) • The goal of substitution is confusion • the encryption method is an attempt to make it difficult for a cryptanalyst or intruder to determine how a message and key were transformed into ciphertext. • A transposition (permutation) is an encryption in which the letters of the message are rearranged. • the cryptography aims for diffusion
Columnar Transpositions • rearrangement of the characters of the plaintext into columns • The following set of characters is a five-column transposition.
Columnar Transpositions • For instance, suppose you want to write the plaintext message THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS. We arrange the letters in five columns • The resulting ciphertext would then be read down the columns as
Encipherment/Decipherment Complexity • This cipher involves no additional work beyond arranging the letters and reading them off again. • Therefore, the algorithm requires a constant amount of work per character, and the time needed to apply the algorithm is proportional to the length of the message. • we cannot produce output characters until all the message's characters have been read. This restriction occurs because all characters must be entered in the first column before output of the second column can begin, but the first column is not complete until all characters have been read. • Thus, the delay associated with this algorithm also depends on the length of the message, as opposed to the constant delay we have seen in previous algorithms
Digrams, Trigrams, and Other Patterns • Just as there are characteristic letter frequencies, there are also characteristic patterns of pairs of adjacent letters, called digrams. • Letter pairs such as -re-, -th-, -en-, and -ed- appear very frequently.
Cryptanalysis by Digram Analysis • The first step in analyzing the transposition is computing the letter frequencies. • If we find that in fact all letters appear with their normal frequencies, we can infer that a transposition has been performed. • The problem is to find where in the ciphertext a pair of adjacent columns lies and where the ends of the columns are
Cryptanalysis by Digram Analysis • Assume the block being compared is seven characters • The first comparison is c1 to c8, c2 to c9, …, c7 to c14. Then, we try a distance of eight characters, and so the window of comparison shifts and c1 is compared to c9, c2 to c10, and continuing.. • For each window position, we ask two questions. First, do common digrams appear, and second, do most of the digrams look reasonable? Figure 2-5 Moving Comparisons.
Combinations of Approaches • Substitution and transposition can be considered as building blocks for encryption. • A combination of two ciphers is called a product cipher. • Product ciphers are typically performed one after another, as in E2(E1(P,k1), k2)
Making "Good" Encryption Algorithms • What Makes a "Secure" Encryption Algorithm? • What does it mean for a cipher to be "good"? • The meaning of good depends on the intended use of the cipher • A cipher to be used by military personnel in the field has different requirements from one to be used in a secure installation with substantial computer support • In this section, we look more closely at the different characteristics of ciphers
Shannon's Characteristics of "Good" Ciphers • The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption. • reiteration of the principle of timeliness from Chapter 1 • The set of keys and the enciphering algorithm should be free from complexity • If the process is too complex, it will not be used • we should restrict neither the choice of keys nor the types of plaintext on which the algorithm can work • For instance, an algorithm that works only on plaintext having an equal number of A's and E's is useless. • Similarly, it would be difficult to select keys such that the sum of the values of the letters of the key is a prime number. • Furthermore, the key must be transmitted, stored, and remembered
Shannon's Characteristics of "Good" Ciphers • The implementation of the process should be as simple as possible • formulated with hand implementation in mind • A complicated algorithm is prone to error or likely to be forgotten • With the development and popularity of digital computers, algorithms far too complex for hand implementation became feasible • Still, the issue of complexity is important. People will avoid an encryption algorithm whose implementation process severely hinders message transmission • And a complex algorithm is more likely to be programmed incorrectly.
Shannon's Characteristics of "Good" Ciphers • Errors in ciphering should not propagate and cause corruption of further information in the message • One error early in the process should not throw off the entire remaining ciphertext • For example, dropping one letter in a columnar transposition throws off the entire remaining encipherment • The size of the enciphered text should be no larger than the text of the original message • ciphertext that expands dramatically in size cannot possibly carry more information than the plaintext • it gives the cryptanalyst more data from which to infer a pattern • longer ciphertext implies more space for storage and more time to communicate
Properties of "Trustworthy" Encryption Systems • When we say that encryption is "commercial grade," or "trustworthy," we mean that it meets these constraints: • It is based on sound mathematics • It has been analyzed by competent experts and found to be sound • It has stood the "test of time.“ • Three algorithms are popular in the commercial world and meet the above criteria: DES (data encryption standard), RSA (Rivest Shamir Adelman, named after the inventors), and AES (advanced encryption standard).
Symmetric and Asymmetric Encryption Systems • Two basic kinds of encryptions: symmetric (also called "secret key") and asymmetric (also called "public key") • Symmetric • One key for enrcyption and decryption • Usually, the decryption algorithm is closely related to the encryption one • Ex., Caesar cipher: encryption: Pi + 3; decryption Ci - 3 • provide a two-way channel to their users • A and B share a secret key, and they can both encrypt information to send to the other as well as decrypt information from the other • the system also provides authentication proof that a message received was not fabricated by someone other than the declared sender
Symmetric Encryption Systems • The symmetry of this situation is a major advantage of this type of encryption • But, has key distribution problem • How do A and B obtain their shared secret key? • In general, n users who want to communicate in pairs need • n * (n - 1)/2 keys • By the nature of the public key approach, you can send a public key in an e-mail message or post it in a public directory • Only the corresponding private key, which presumably is kept private • So, for all encryption algorithms, key management is a major issue • involves storing, safeguarding, and activating keys