340 likes | 443 Views
CS 5950/6030 Network Security Class 6 (W, 9/ 14 /05). Leszek Lilien Department of Computer Science Western Michigan University [Using some slides prepared by: Prof. Aaron Striegel, U. of Notre Dame Prof. Barbara Endicott-Popovsky , U. Washington, Prof. Deborah Frincke , U. Idaho
E N D
CS 5950/6030 Network SecurityClass 6 (W, 9/14/05) Leszek Lilien Department of Computer Science Western Michigan University [Using some slides prepared by: Prof. Aaron Striegel, U. of Notre Dame Prof. Barbara Endicott-Popovsky, U. Washington, Prof. Deborah Frincke, U. Idaho and Prof. Jussipekka Leiwo, Vrije Universiteit, Amsterdam, The Netherlands]
Section 2 – Class 6 Class 5: 2A.2-cont. - Basic Terminology and Notation Cryptanalysis Breakable Encryption 2A.4. Representing Characters 2B. Basic Types of Ciphers 2B.1. Substitution Ciphers a. The Ceasar Cipher b. Other Substitution Ciphers — PART 1 Class 6: b. Other Substitution Ciphers — PART 2 c. One-Time Pads 2B.2. Transposition Ciphers 2B.3. Product Ciphers 2C. Making „Good” Ciphers 2C.1. Criteria for „Good” Ciphers
2A.2.-CONT- Basic Terminology and Notation (2A.2 addendum) • Cryptanalysis • Breakable Encryption
2A.4. Representing Characters • Letters (uppercase only) represented by numbers 0-25 (modulo 26). A B C D ... X Y Z 0 1 2 3 ... 23 24 25 • Operations on letters: A + 2 = C X + 4 = B (circular!) ...
2B. Basic Types of Ciphers • Substitution ciphers—PART 1 • Substitution ciphers—PART 2 • Transposition (permutation) ciphers • Product ciphers
2B.1. Substitution Ciphers • Substitution ciphers: • Letters of P replacedwithother letters by E • Outline: a. The Caesar Cipher b. Other Substitution Ciphers — PART 1 b. Other Substitution Ciphers — PART 2 c. One-time Pads
a. The Caesar Cipher (1) • ci=E(pi)=pi+3 mod 26(26 letters in the English alphabet) Change each letter to the third letter following it (circularly) A D, B E, ... X A, Y B, Z C • Can represent as a permutation : (i) = i+3 mod 26 (0)=3, (1)=4, ..., (23)=26 mod 26=0, (24)=1, (25)=2 • Key = 3, or key = ‘D’ (bec. D represents 3)
Attacking a Substitution Cipher • Exhaustive search • If the key space is small enough, try all possible keys until you find the right one • Cæsar cipher has 26 possible keys from A to Z OR: from 0 to 25 • Statistical analysis (attack) • Compare to so called 1-gram (unigram) model of English • It shows frequency of (single) characters in English [cf. Barbara Endicott-Popovsky, U. Washington]
Cæsar’s Problem • Conclusion: Key is too short • 1-char key – monoalphabetic substitution • Can be found by exhaustive search • Statistical frequencies not concealed well by short key • They look too much like ‘regular’ English letters • Solution: Make the key longer • n-char key (n 2) – polyalphabetic substitution • Makes exhaustive search much more difficult • Statistical frequencies concealed much better • Makes cryptanalysis harder [cf. Barbara Endicott-Popovsky, U. Washington]
b. Other Substitution Ciphers n-char key • Polyalphabetic substitution ciphers • Vigenère Tableaux cipher — PART 1 • Vigenère Tableaux cipher — PART 2
Note: Row A – shift 0 (a->a) Row B – shift 1 (a->b) Row C – shift 2 (a->c) ... Row Z – shift 25 (a->z) Vigenère Tableaux (1) • P [cf. J. Leiwo, VU, NL]
Vigenère Tableaux (2) • Example Key: EXODUS Plaintext P: YELLOW SUBMARINE FROM YELLOW RIVER Extended keyword (re-applied to mimic words in P): YELLOW SUBMARINE FROM YELLOW RIVER EXODUS EXODUSEXO DUSE XODUSE XODUS Ciphertext: cbxoio wlppujmks ilgq vsofhb owyyj • Question: How derived from the keyword and Vigenère tableaux? [cf. J. Leiwo, VU, NL]
Vigenère Tableaux (3) • Example ... Extended keyword (re-applied to mimic words in P): YELLOW SUBMARINE FROM YELLOW RIVER EXODUS EXODUSEXO DUSE XODUSE XODUS Ciphertext: cbzoio wlppujmks ilgq vsofhb owyyj • Answer: c from P indexes row c from extended key indexes column e.g.: row Y and column e ‘c’ row E and column x ‘b’ row L and column o ‘z’ ... [cf. J. Leiwo, VU, NL]
c. One-Time Pads (1) • OPT - variant of using Vigenère Tableaux • Fixes problem with VT: key used might be too short • Above: ‘EXODUS’ – 6 chars • Sometimes considered a perfect cipher • Used extensively during Cold War • One-Time Pad: • Large, nonrepeating set of long keys on pad sheets/pages • Sender and receiver have identical pads • Example: • 300-char msg to send, 20-char key per sheet => use & tear off 300/20 = 15 pages from the pad
One-Time Pads (2) • Example – cont.: • Encryption: • Sender writes letters of consecutive 20-char keys above the letters of P (from the pad 15 pages) • Sender encipher P using Vigenère Tableaux (or other prearranged chart) • Sender destroys used keys/sheets • Decryption: • Receiver uses Vigenère Tableaux • Receiver uses the same set of consecutive 20-char keys from the same 15 consecutive pages of the pad • Receiver destroys used keys/sheets
One-Time Pads (3) • Note: • Effect: a key as long as the message • If only key length ≤ the number of chars in the pad • The key is always changing (and destroyed after use) • Weaknesses • Perfect synchronization required between S and R • Intercepted or dropped messages can destroy synchro • Need lots of keys • Needs to distribute pads securely • No problem to generate keys • Problem: printing, distribution, storing, accounting • Frequency distribution not flat enough • Non-flat distribution facilitates breaking
Types of One-Time Pads • Vernam Cipher • = (lttr + random nr) mod 26 (p.48) • Need (pseudo) random nr generator • E.g., V = 21; (V +76) mod 26 = 97 mod 26 = 19; 19 = t • Book Ciphers(p.49) • Book used as a pad • need not destroy – just don’t reuse keys • Use common Vigenère Tableaux • Details: textbook • Incl. example of breaking a book cipher • Bec. distribution not flat
Question: Does anybody know other ciphers using books? Or invent your own cipher using books?
Page 52 from a book: ever, making predictions in ten letter seven of those secret positi gorithm 52 • Question: ...other ciphers using books? • My examples: • Use any agreed upon book • P: SECRET • Example 1: Use: (page_nr, line_nr, letter_in_line) C: 52 2 1 52 1 1 52 1 16 ... Better: use different pages for each char in P • Example 2: Use: (page_nr, line_nr, word_nr) C: 52 2 4 • Computer can help find words in a big electronic book quickly!
2B.2. Transposition Ciphers (1) • Rearrange letters in plaintext to produce ciphertext • Example 1a and 1b: Columnar transposition • Plaintext: HELLO WORLD • Transposition onto: (a) 3 columns: HEL LOW ORL DXX XX - padding • Ciphertext (read column-by column): (a) hlodeorxlwlx (b) hloolelwrd • What is the key? • Number of columns: (a) key = 3 and (b) key = 2 • (b) onto 2 columns: • HE • LL • OW • OR • LD
Transposition Ciphers (2) • Example 2: Rail-Fence Cipher • Plaintext: HELLO WORLD • Transposition into 2 rows (rails) column-by-column: HLOOL ELWRD • Ciphertext:hloolelwrd(Does it look familiar?) • What is the key? • Number of rails key = 2 [cf. Barbara Endicott-Popovsky, U. Washington]
Attacking Transposition Ciphers • Anagramming • n-gram – n-char strings in English • Digrams (2-grams) for English alphabet are are: aa, ab, ac, ...az, ba, bb, bc, ..., zz(262 rows in digram table) • Trigrams are: aaa, aab, ...(263 rows) • 4-grams(quadgrams?) are: aaaa, aaab, ...(264 rows) • Attack procedure: • If 1-gram frequencies in C match their freq’s in Englishbut other n-gram freq’s in C do not match their freq’s in English, then it is probablya transposition encryption • Find n-grams with the highest frequencies in C • Start with n=2 • Rearrange substringsin C to form n-grams with highest freq’s [cf. Barbara Endicott-Popovsky, U. Washington]
Example: Step 1 Ciphertext C: hloolelwrd(from Rail-Fence cipher) • N-gram frequency check • 1-gram frequencies in Cdomatch their frequencies in English • 2-gram(hl, lo, oo, ...) frequenciesin C do notmatchtheir frequencies in English • Question: How frequency of „hl” in C is calculated? • 3-gram (hlo, loo, ool, ...)frequenciesin C do notmatch their frequencies in English • ... =>it is probablya transposition • Frequencies in Englishfor all2-grams from C starting with h • he 0.0305 • ho 0.0043 • hl, hw, hr, hd < 0.0010 • Implies that in hloolelwrdefollows h as table of freq’s of English digrams shows [cf. Barbara Endicott-Popovsky, U. Washington]
Example: Step 2 • Arrange so the h and e are adjacent Since 2-gram suggests a solution, cut C into 2 substrings – the 2nd substring starting with e: hloolelwrd Put them in 2columns: he ll ow or ld • Read row by row, to get original P: HELLO WORLD [cf. Barbara Endicott-Popovsky, U. Washington]
2B.3. Product Ciphers • A.k.a. combination ciphers • Built of multiple blocks, each is: • Substitution or: • Transposition • Example: two-block product cipher • E2(E1(P, KE1), KE2) • Product cipher might not be stronger than its individual components used separately! • Might not be even as strong as individual components
Survey of Students’Backgroundand Experience (1) Background Survey CS 5950/6030 Network Security - Fall 2005 Please print all your answers. First name: __________________________ Last name: _____________________________ Email _____________________________________________________________________ Undergrad./Year________OR:Grad./Year or Status (e.g., Ph.D. student) ________________ Major _____________________________________________________________________ PART 1. Background and Experience 1-1) Please rate your knowledge in the following areas (0 = None, 5 = Excellent). UNIX/Linux/Solaris/etc. Experience (use, administration, etc.) 0 1 2 34 5 Network Protocols (TCP, UDP, IP, etc.) 0 1 2 34 5 Cryptography (basic ciphers, DES, RSA, PGP, etc.) 0 1 2 34 5 Computer Security (access control, security fundamentals, etc.) 0 1 2 34 5 Any new students who did not fill out the survey?
2C. Making „Good” Ciphers Cipher = encryption algorithm • Outline 2C.1. Criteria for „Good” Ciphers 2C.2. Stream and Block Ciphers 2C.3. Cryptanalysis 2C.4. Symmetric and Asymmetric Cryptosystems
2C.1. Criteria for „Good” Ciphers (1) • „Good” depends on intended application • Substitution • C hides chars of P • If > 1 key, C dissipates high frequency chars • Transposition • C scrambles text => hides n-grams for n > 1 • Product ciphers • Can do all of the above • What is more important for your app? What facilities available to sender/receiver? • E.g., no supercomputer support on the battlefield
Criteria for „Good” Ciphers (2) • Claude Shannon’s criteria (1949): 1. Needed degree of secrecy should determine amount of labor • How long does the data need to stay secret? (cf. Principle of Adequate Protection) 2. Set of keys and enciphering algorithm should be free from complexity • Can choose any keys or any plaintext for given E • E not too complex (cf. Principle of Effectiveness) 3. Implementation should be as simple as possible • Complexity => errors(cf. Principle of Effectiveness) [cf. A. Striegel]
Criteria for „Good” Ciphers (3) • Shannon’s criteria (1949) – cont. 4. Propagation of errors should be limited • Errors happen => their effects should be limited • One error should not invlidate the whole C (None of the 4 Principles — Missing? — Invent a new Principle?) 5. Size / storage of C should be restricted • Size (C) should not be > size (P) • More text is more data for cryptanalysts to work with • Need more space for storage, more time to send (cf. Principle of Effectiveness) • Proposed at the dawn of computer era – still valid! [cf. A. Striegel]
Criteria for „Good” Ciphers (4) • Characteristics of good encryption schemes • Confusion: interceptor cannot predict what will happen to C when she changes one char in P • E with good confusion: hideswell relationship between P”+”K, and C • Diffusion: changes in P spread out over many parts of C • Good diffusion => attacker needs access to much of C to infer E
Criteria for „Good” Ciphers (5) • Commercial Principles of Sound Encryption Systems 1. Sound mathematics • Proven vs. not broken so far 2. Verified by expert analysis • Including outside experts 3. Stood the test of time • Long-term success is not a guarantee • Still. Flows in many E’s discovered soon after their release • Examples of popular commercial E’s: • DES / RSA / AES DES = Data Encryption Standard RSA = Rivest-Shamir-Adelman AES = Advanced Encryption Standard (rel. new) [cf. A. Striegel]