230 likes | 339 Views
CISC 210 - Class Today. Homework: Chapter 5, exercises E6-E17 Recap Keystream reuse File Encryption. Recap. Trojan horse – a reason for file encryption Bob’s defense What about Chain of Control? Encryption terms Algorithm, plaintext, ciphertext, key. Bob’s defense of his files.
E N D
CISC 210 - Class Today • Homework: Chapter 5, exercises E6-E17 • Recap • Keystream reuse • File Encryption R. Smith - University of St Thomas - Minnesota
Recap • Trojan horse – a reason for file encryption • Bob’s defense • What about Chain of Control? • Encryption terms • Algorithm, plaintext, ciphertext, key R. Smith - University of St Thomas - Minnesota
Bob’s defense of his files • Block everyones’ access • Allow his own access • What does the game do? R. Smith - University of St Thomas - Minnesota
The attack on Bob • Game does the work under Bob’s process R. Smith - University of St Thomas - Minnesota
The Encryption Process • Convert plaintext to ciphertext with a key R. Smith - University of St Thomas - Minnesota
Cryptanalysis • Known ciphertext attack • a.k.a. ciphertext-only attack – classic attack • Newspaper cryptograms • You have ciphertext, no plaintext • Known plaintext attack • You have some plaintext for some intercepted ciphertext • The attack used against ENIGMA to reduce the problem R. Smith - University of St Thomas - Minnesota
Looking more at Stream Ciphers • Same for streams and one time pads R. Smith - University of St Thomas - Minnesota
The One Time Pad • “Provably secure” • We use 1 bit of random key for EVERY BIT of data we transmit. • Use XOR to encrypt and decrypt • Sender and recipient must share exactly the same stream of random bits, and use them in exactly the same order • NO REUSE!! R. Smith - University of St Thomas - Minnesota
One time pads in Decimal • To Encrypt: • Put plaintext in numeric form • Write decimal numbers from pad underneath • Encrypt by doing add-without-carry • We discard the carry without changing the neighboring digit. • To decrypt: • Write ciphertext digits in a row • Write decimal numbers from pad underneath • Decrypt by doing subtract-without-borrow • We ‘pretend’ to borrow but don’t change the neighboring digit when we do. R. Smith - University of St Thomas - Minnesota
The XOR Reuse Problem • If a xor k = A • and b xor k = B • then A xor B = a xor b • We can do this with Matlab... R. Smith - University of St Thomas - Minnesota
Using Matlab • im = imread(‘file.gif); • reads the gif file and converts it to a matrix • Assigns the matrix to variable ‘im’ • the “;” at the end prevents Matlab from printing the matrix • image(im) • Displays the image. Enable plot tools from the toolbar • Especially the ‘property editor’ • Colormap setting – First choose HSV. Then choose custom • Under custom, change the arrow to increase bit contrast • eiv = xor (im, key); • xors the iv matrix with the key matrix – both same size • eiv gets the result – the ‘;’ suppresses printing the matrix R. Smith - University of St Thomas - Minnesota
Remember this example: • Use 128x128 image to hold the message • XOR with 128x128 random set of bits • SC xor KEY = SCE R. Smith - University of St Thomas - Minnesota
Let’s reuse the bits • Trust me, it’s the same key stream • SM xor KEY = SME R. Smith - University of St Thomas - Minnesota
Look what happens... • We combine the 2 ciphertexts with XOR • Not so secure, eh? • SME xor SCE == SM xor SC R. Smith - University of St Thomas - Minnesota
File encryption issues • Entropy in the passphrases • No truncation • Don’t waste bits • Reusing the same password • All things being equal, if we use the same password twice as the encryption key, we generate an identical keystream • Don’t want that problem again R. Smith - University of St Thomas - Minnesota
File Encryption Process • Here’s the perimeter R. Smith - University of St Thomas - Minnesota
Simple password handling R. Smith - University of St Thomas - Minnesota
Using a hash – better • Makes longer passphrases effective R. Smith - University of St Thomas - Minnesota
Nonce and Hash • Lets us reuse the same password R. Smith - University of St Thomas - Minnesota
Trying file encryption • Let’s download some stuff • Sourceforge.net • Neocrypt – file encryption • Frhed – binary file editor R. Smith - University of St Thomas - Minnesota
Fundamentals of Crypto Here is a basic example of a ‘crypto protocol’ R. Smith - University of St Thomas - Minnesota
Elements of crypto protocols • Encryption functions • Hash functions • Random values (encryption keys) • Nonces • Apply the functions to inputs • Save extra data with the protected output • Use the extra data to retrieve or verify the protected output R. Smith - University of St Thomas - Minnesota
Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. R. Smith - University of St Thomas - Minnesota