760 likes | 981 Views
Dr. Igor Santos. Security of Information Systems Cryptology. Contents. Historical Evolution Definitions Classic cipher Symmetric cryptography Asymmetric cryptography Cryptanalysis Steganography. Perspectiva histórica. Historical Evolution. Historical Evolution.
E N D
Dr. Igor Santos • Security of InformationSystemsCryptology
Contents • Historical Evolution • Definitions • Classic cipher • Symmetric cryptography • Asymmetric cryptography • Cryptanalysis • Steganography
Perspectiva histórica HistoricalEvolution
HistoricalEvolution «When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he replaced every A in his messages with a D, every B with an E, and so on through the alphabet. Only someone who knew the "shift by 3" rule could decipher his messages.» And so we begin. Phill Zimmerman, "An Introduction to Cryptography"
HistoricalEvolution • Cryptology has always had a great interest in military and political • Egyptian and Babylonian hieroglyphs • Escítala of Sparta • Julius Caesar, Charlemagne, Philip II, Napoleon • San Bernardino already used usaba homophonic substitution • WW1: ADFGVX Code. Jefferson Cylinder • WW2: Enigma machines, Lorenz SZ-40/42: Bombe, Colossus • WW2: PURPLE Machine: Magic • Machines SIGABA and Typex ; Navajo Code
HistoricalEvolution • Key of sector such as: • Banking • ATMs, wire transfers, electronic banking, … • Communication Networks • VPNs, secure email, … • E-Commerce • Mobile Phones • Pay TV and satellite TV • Digital Rights Management (DRM)…
PORTADA DEFINICIONES ¿WhatisCryptology?
Definitions • Cryptology • From Greek krypto, "hidden" and logos, "word" • Science of secure communications (usually secret)
Definitions • Secure Communication, 4 requirements • Confidentiality • The message can not be accessed or disclosed to individuals, entities or processes unauthorized • Authentication • Ensures the identities of the participants in a communication
Definitions • Integrity • Ensures that the message has not been altered or destroyed in an unauthorized manner • Non-Repudiation • Allows to test the involvement of the parties to a communication, not being able to deny having sent or received a message
Definitions • Cryptography • From Greek krypto, "hidden", and graphein "write“ • Literally meaning "hidden writing“ • Concepts • Text "clear" text that you want to hide • Text "encrypted" or "cipher" unreadable gibberish • Encryption Algorithm: converts text "clear" in "encrypted" and viceversa • Key: secret that enables the encryption algorithm to convert
Definitions • Goal • Maintain the privacy of the communication between two entities altering the original message so that it is incomprehensible to anyone other than the addressee
Definitions • Encryption y De-cryption
Definitions • Cryptanalysis • From Greek Kryptos, "hidden" and analýein, "loose“ • It is the study of methods for obtaining the meaning of encrypted information, without access to the secret information required • Cryptology = Cryptography + Cryptanalysis
Definitions • Criptosistema • {M, C, K, E, D} set, where: • M represents the set of all messages unencrypted or clear • Crepresents the set of all possible encrypted messages, or cryptograms • Krepresents the set of keys that can be used in the cryptosystem
Definitions • E is the set of cryptographic transformations applied to each elem. M to become elem. of C • There is a transformation Ek for each key K • D is the set of decryption transformations analogous to E • Necessary condition for every cryptosystem • Dk( Ek (m) ) = m (reversibility)
Definitions • Basictypesofcryptosystems • Symmetric or private key cryptosystems • They use the same key k to encrypt and decrypt • Asymmetric or public key cryptosystems • They use a key pair { kpub, kpr}, so that one is used to encrypt and one to decrypt • Hybridcryptosystems • They combine the two previous cryptosystems
Definitions • Kerckhoffs’ principle (1883) • “The security of a cryptosystem must not depend on keeping secret the crypto algorithm. Safety depends only on keeping secret the key.” • True security is: • Public availability of cryptographic algorithms • To demonstrate theoretical and practical resistance • The opposite to “Security through obscurity” • ¿Windows is secure? • DVD protection • GSM algorithm • Wide range of potential keys
Classiccipher • Substitution cipher • Aims to introduce confusion into the cryptosystem • Simple substitution • Polyalphabeticsubstitution • Homophonic substitution • E.g.: Caesar chiper • Transposition cipher • Aims to introduce diffusion in the cryptosystem • E.g.: Escítala • Combination • E.g.: ADFGVX
Cifrado por sustitución simple • Sustitución simple(Ej: CifradoCésar) • Claro: GALLIA EST OMNIS DIVISA... • Clave • ABCDEFGHIJKLMNOPQRSTUVWXYZ • DEFGHIJKLMNOPQRSTUVWXYZABC • Cifrado: JDOOLD HVW RPQLV GLYLVD... • ¿Qué clave está usando? • ¿Cuántas claves posibles hay?
Simple substitutioncipher • Caesarcipherattack • Frequencyanalysis • Charactertypicaldistribution • Bruteforce • Only25 possiblekeys
Simple substitutioncipher • Simplesubstitution (E.g.: Kamasutra) • Clear • ENCONTREMONOS A MEDIANOCHE • Key • A D H I K M O R S U W Y Z • V X B G J C Q L N E F P T • Encrypted • USMQSZLUCQSQN V CUXGVSQMBU
Polyalphabeticsubstitutioncipher • Polyalphabeticsubstitution • Set of simple monoalphabetic ciphers • E.g.: Alberti • Use two or more cipher alphabets, switching between them during encoding • clear: aquello • encrypted: FENFPAD Plainalphabet Encryptedalphabet 1 Encryptedalphabet 2
Polyalphabeticsubstitutioncipher Key character • E.g.: Vigènere • clear: VIGENERE • key: CHIFFRE • encrypted: XPOJSVVG Plaincharacter Encryptedcharacter
Polyalphabeticsubstitutioncipher • AttacktoVigènere • Kasiski test • Search words repeated in the ciphertext • Determine key length • Frequency Analysis • Problem: longer key than the ciphertext
Homophonicsubstitutioncipher • Homophonicsubstitution • Using different symbols depending on the frequency of occurrence of letters in a language • Example • A (50%) → 1, 2, 3, 4 • B (12.5%) → 5 • C (12.5%) → 6 • D (25%) → 7, 8 • When you encrypt an A, you choose 1, 2, 3 or 4 depending on the criteria to be (random, sequential, etc.)
Homophonicsubstitutioncipher • E.g., HomophonicsubstitutioncipherforEnglish
Transpositioncipher • Clutter the "clear“ text • Outline • Split the“clear”text in blocks of N characters • Example, N=6: • “clear” text: WE WILL ATTACK AT DAWN • Bloques: WEWILL ATTACK ATDAWN • Choose a permutation of N elements • {1, 2, 3, 4, 5, 6} → {4, 3, 5, 1, 2, 6} • Shuffleeach block accordingtothepermutation: • IWLWEL ATCATK WAWATDN
Transpositioncipher • E.g.: Escítala • Clear: ASI CIFRABAN CON LA ESCITALA • Encrypted: AAC SNI ICT COA INL FLA RA AE BS
Combinationcipher • Substitution + trasposition(E.g.: ADFGVX) • Monoalphabeticsubstituation • 6x6 table • Random disposition of the 26 characters and the 10 digits • Message: Come at 10 pm
Combinationcipher • Transpositionphase • Key word (rows) • Transpositition byalphabeticorder • Cypheredtext (bycolumns) • DDAD GXDA GVXX GDVG FXDG
Combinationcipher • E.g.: Enigma (electromechanicdevice) • http://enigmaco.de/enigma/enigma.swf
Combinationcipher • Rotors / modifiers (26 possible positions) • 3 rotors -> 26 x 26 x 26 = 17576 • Disposition of the rotors / modifiers • 3! = 6 • Pegbox • 6 cables, exchange 6 pairs of letters between 26 • Total multiple of keys = 3> 10,000,000,000,000,000
Symmetriccryptography • Mainfeature característica • Keyencrypt = keydecrypt • Transmitter and receiver must hide a “shared secret” • Many drawbacks • Key Distribution • Keeping the key secret • Advantage • The process of encryption / decryption is very fast
Symmetriccryptography • Security depends on: • Keeping the key secret • How good the algorithm is • You do not need to keep it secret • It is assumed that it is virtually impossible to decrypt a message by just knowing the algorithm
Symmetriccryptography- DES • DES (Data Encryption Standard) • Adopted as the standard for secure communications in the U.S. in 1976 • Designed by IBM in collaboration with the NSA • Backdoor?? • Unsafe • Key Size 56 bits • Possibility to break it in 24 hours by brute force
Symmetriccryptography- DES • Based on a mathematical mechanism known as "The Feistel Network" • Block ciphering • Basic operations transformed by N-bit plain text into N-bits ciphered text • Block = 64 bits • 64-bit key, but 8 bits are used for parity, so that the algorithm uses 56 bits
Symmetriccryptography- DES • Basic structure DES • Entrance • Plaintext (64bits) • Key (56 bits) • Initial Permutation (IP) • 16 rounds (Feistel function) • Final Permutation (PF)
Symmetriccryptography- DES • Feistel function • Expansion • Shuffle • Substitution • Permutation Semiblock (32 bits) Subkey (48 bits)
Symmetriccryptography– Triple DES • Triple DES • Algorithm that performs triple DES encryption • Powered by IBM in 1998 • Standard on credit cards and other forms of electronic payment • Variants • 2 keys -> resulting key 112 bits (56 x 2) • 3 keys -> resulting key 168 bits (56 x 3)
Symmetriccryptography - AES • AES (Advanced Encryption Standard) • Also known as Rijndael • New U.S. encryption standard in 2002 • Due to the replacement of the standard DES, the U.S. Institute of Standards (NIST) organized in 1996 the AES contest • Requirements of the new algorithm • Public • Symmetric block cipher algorithm • Variable key length (which can grow) • Easily implementable in hardware and software
Symmetriccryptography - AES • Criteria • Strength against cryptanalysis • Computational efficiency (time) • Efficiency of implementation (memory) • Software and hardware adaptation • Simplicity of design • Flexibility • public License • Supporting 128-bit block and key sizes of 128, 192 and 256 bits
Symmetriccryptography - AES • Variable block and key length • 128, 192, and 256 • During the encryption process, it maintains an internal status array • Based on round schemas • 9 rounds for block for 128-bit key • 11 rounds for blockfor 192bits key • 13 rounds for block for 256-bit key
Symmetriccryptography - AES • In each round, four transformations are applied to the matrix of state • Nonlinear byte substitution, independent for each byte of the status matrix • Transposing the state rows cyclically with different offsets • Shuffling the columns based on polynomial operations • Adding the subkey of the round (of course, key expansion) using XOR
Symmetriccryptography • FromDEStoAES: • “A Stick Figure Guide to the Advanced Encryption Standard (AES)”, byJeffMoser
Asymmetriccryptography • In 1976, Diffie and Hellman developed a secure way to transfer a key • Two different but complementary keys • What key A encrypts, is only decrypted by key B • What key B encrypts, is only decrypted by key A • A key will be secret, and must be kept safely • The other will be public, and it should be shared for communication