480 likes | 658 Views
An Introduction to Cryptology & Steganography. Mgr. Tomas Foltynek , Ph.D. Department of Informatics Faculty of Business and Economics Mendel University in Brno Czech republic. Introduction. Secure communication problem is as old as mankind
E N D
An Introduction to Cryptology & Steganography Mgr. Tomas Foltynek, Ph.D. Department of Informatics Faculty of Business and Economics Mendel University in Brno Czech republic
Introduction • Secure communication problem is as old as mankind • people want privacy (=nobody reads their messages) • people are curious (=want to read others’ messages) • More communication => more need of security • We often hear about • Hackers, crackers, attackers, • Viruses, worms, Trojan horses • E-banking breakthroughs • Breaking ciphers and secret codes • Hidden messages, watermarks • How are these topics related?
Content • What is cryptology • Symmetric cryptology • Basic principles • Asymmetric cryptology • Digital signature • Steganography
What is cryptology • Science of cryptography and cryptanalysis • Cryptography • science of secret codes, enabling the confidentiality of communication through an insecure channel • e.i. how to make a message uncomprehensible for unauthorised persons • Cryptanalysis • theory of (in)security analysis of cryptographic systems • e.i. how to break ciphers and read secret messages • Also includes Steganography & Steganalysis • how to hide a message • how to find a hidden message • Word origin from Greek: crypto = hidden
The Paradigms of Cryptography • Confidentiality • the content of a message remains secret • information should’n leak to third party • Data integrity • to avoid any malicious data manipulation • insertion, deletion, substitution • Authentication • identification of the author • signature authentication, access control, etc.
Other Goals of Cryptography • Authorisation • confirmation about data origin • Non-repudiation • nobody can deny previous action • Practical notions • Anonymity, electronic payment, electronic votes, zero-knowledge protocol,…
Cryptographic methods • Transposition • change the position of characters • Characters remain the same • Substitution • position of characters remain the same • characters in the message are changed
Transposition • The position of letters is changed • Example: IWSAYNMNAERG – TAMNADAYYAAO IAIGOBTEE – NKNDMYHSA TAAADNHRLVDHMOMYNW – HTMIETEEIEWOYUAKO BTEAEFNAELE – YHNMOANBLE • Solution: It was many and many a year ago In a kingdom by the sea That a maiden there lived whom you may know By the name of Annabel Lee
Scytale (Sparta) • First military cipher in history • Leather tape wound on a pole of given thickness
Substitution • The letters are changed • Codes • binary code • Morse code • Ciphers • Alphabet shifting (Caesar cipher) • Polyalfabetic substitution (Vigenère cipher)
Denotion of Communication Parties • A – Alice – sender of the message • B – Bob – recipient of the message • E – Eve – eavesdropper – tries to break the message • E – encoding/enciphering algorithm • D – decoding/deciphering algorithm • M – message (plaintext) • K – key • C – ciphertext • C = E(M, K); M = D(C, K)
General encryption process • Sender applies encryption algorithm to a plain text • S/he gains a cipher text, sends it to the recipient • Recipient applies decryption algorithm to the cipher text • S/he gains the plain text again
Division of Cryptography • Symmetric cryptography • both sender and recipient have the same key • deciphering is an inversion of enciphering • Asymmetric cryptography • sender and recipient have different keys • mathematic relation • algorithms are generally different • useful for both encryption and digital signature
Modular arithmetics • Arithmetics on a cyclic set • 2 + 3 = 5 (mod 7) • 5 + 4 = 2 (mod 7) • 5 · 4 = 6 (mod 7) • because 20/7 = 2, remainder 6 • 11 · 9 = 1 (mod 7) • because 99/7 = 14, remainder 1 • 35 = 5 (mod7)
XOR operation • eXclusive OR • Logical OR, only one of two given expression can be true • 0 0 = 0 • 0 1 = 1 • 1 0 = 1 • 1 1 = 0 • Sum modulo 2 • Simple enciphering and deciphering C = M K, M = C K
Kerckhoffs’ principle • Basic cryptographic principle • Dutch lingvist Auguste Kerckhoffs von Nieuwenhoff (1883) “A cryptosystem is secure even if everything about the system, except the key, is public knowledge” • Security shouldn’t depend on the secrecy of algorithm, but on the secrecy of the key
Caesar Cipher • Alphabet shifted by 3 abcdefghijklmnopqrstuvwxyz DEFGHIJKLMNOPQRSTUVWXYZABC • Example • veni, vidi, vici YHQL, YLGL, YLFL • Algorithm: alphabet shift • Key: by how many letters • 25 possible keys (English)
Classical Ciphers • Monoalphabeticsubstitutioncipher abcdefghijklmnopqrstuvwxyz JULISCAERTVWXYZBDFGHKMNOPQ • Kryptanalysisvia frequencyanalysis • found by arabictheologists • Zeroletters, codewords, homomorficsubstitution • Vigenère (polyalphabetic) cipher • Key length by Kasiski examination • Frequency analysis • Vernam cipher (one-time pad) • Theoretically unbreakable
Why Was a Computer Invented? • New inventions mostly come of • human laziness • wars • First computer • 1943 Colossus • Great Britain, Bletchley Park • Breaking German ENIGMA code
Breaking the Enigma • Poland – Marian Rejewski • codebooks for day key inference from repeated message key • mechanical decipherer – “bomb” • Alan Turing (1912 – 1954) • Inventor of Turing machine, founder of the theory of computation • Analysed plenty of messages • given structure (weather info) • New type of “bomb” guessing the key from ciphertext and supposed plaintext
Computers in Cryptology • Breaking ciphers = trying huge amount of possibilities • computer does this in quite short time • the end of “classical” ciphers • One-way functions • computation of every input in polynomial time • computation of inverse in exponential time • P != NP problem
Symmetric encryption algorithms • DES, 3DES, AES, IDEA • Block ciphers • Many rounds consisting of transpositions, permutations, substitutions, XOR with key, etc. • Security depends on the key length • Let’s consider 128 bit key • 2128 possible values • 1GHz processor: 230 operations per second • Breaking time: 298 seconds • The age of the Universe: 260 seconds • 1 more bit => breaking time doubles • Problem: How to distribute the key?
Data Encryption Standard • Block symmetric cipher • 1973 – 1974 Horst Fiestel • 16 rounds, Fiestel funciton • expansion, XOR, substitution, permutation • Better methods than brute force attack are known • 3DES • good for thepresent
Asymmetric Cryptography: RSA • A pair of keys is needed • Public key • Private key • Try to • count 13*37 • factorize 527 • Security relies on infeasible factorization of p*q (p,q are primes) • The secret key is derived from a product
Using RSA for Encryption and Digital Signature • Using RSA for encryption • Sender encrypts the message with receiver’s public key (everyone can do this) • Only receiver is able to decrypt the message (s/he is the only one having private key) • Using RSA for digital signature • Author encrypts the message (hash) with his own private key (only he can do this) • Anybody can examine his/her authorship by decrypting the message by author’s public key • Combination (encryption and signature) • Sender encrypts the message both with receiver’s public key and his own private key • Only receiver can decrypt the message and examine authorship
Bypassing cryptography • Cryptanalysis stands behind cryptography • “Unbreakable” ciphers are known • Meant unbreakable in reasonable time • Electromagnetic tapping • Messages are captured before encryption • Tapping can be shielded; In USA special permission from FBI is required • Viruses, Trojan horses
Steganography • Hiding the existence of the message • Hiding messages to almost all file types is possible • Images, Music, Video, Executables, Text, … Source: Wikipedia
Why to use Steganography • Cryptography may be illegal in some countries • We want to hide a message itself • Security by obscurity • Enciphered message arouse suspicion • Protection of communication parties • Not only of a message
Steganography in Antiquity and in the Middle Ages • The battle of Salamis (480 BC) • message hidden under wax on empty tables • The revolt against Persians • The message tattooed to the shaved head of a slave, hidden by regrown hair • China • message written on silk in a wax bullet, messenger swallowed the bullet… • Italy • Secret inks
Steganography in the WW2 • Hiding messages into toys, dolls, flowers… • Sending these things was later banned in UK and USA • Microdots • Text reduced onto size of 1mm • Pasted instead of period • Text covered by post stamp
Second letters • „Apparentlyneutral's protest isthoroughlydiscounted and ignored. Isman hard hit. Blockadeissueaffects pretext for embargo on by-products, ejectingsuets and vegetableoils.“ • Used by Germanspy • PERSHING SAILS FROM NY JUNE 1
Digital Steganography • Hiding messages into data files • Terminology: • Plaintext – message to be hid • Text or a file • Enciphered plaintext (ciphertext) • Covertext – carrier of a message – file we hide in • Stegotext – carrier containing a message
Usage of Steganography • WTC attacks on Sep 11 2001 • Al Quaeda – maps and instruction hidden in images on sport chats and porn sites • Software watermarks • Microsoft’s patent – information about license is hidden into executable • Printer steganography • Yellow tracking dots • Intelligence services • Communication with illegal agents
Steganographic methods for text • Any message is a sequence of 0 and 1 • We need to encode 2 different symbols/states • Plain text • White characters at the end of line • Similar characters (I-1, O-0, etc.) • Formatted text • Similar fonts • Move of lines (by 1/300 inch)
Steganographic methods for images • The most often transferred multimedia • Attracts less attention • LSB = Least Significant Bit • Serves for carrying the information • Image data is changed slightly • Human eye cannot recognize any change • Color palette • Order of colors encodes message • JPEG matrix • Less significant positions in hue matrix
Steganographic methods for audio • LSB (same as images) • Parity coding • Uses parity bit as a carrier • Phase movement (WAV) • DCT decomposes signal to (co)sines • Phase movement encodes message • Composition of sines to “original” sound • Totally different data • Encoding to noise • Echo coding
Steganography in executables • Executable = sequence of instructions • Interchangable instructions • A := 3; B := 5; S := A + B; • Positive / negative conditions • Content of unused variables • Jump over part with message
Steganalysis • Trying known methods • Comparing with known originals • Statistical analysis • Data from the same source • Noise analysis • Data may be changed before hiding • Compression, adding prefixes/suffixes
Steganographic software • www.stegoarchive.com • www.spammimic.com • JPHS (JPEG Hide and Seek)
Sources • Literature • Simon Singh: The Code Book • David Kahn: The Codebreakers • Serge Vaudenay: A Classical Introduction to Cryptography: Applications for Communications Security • Internet • computer.howstuffworks.com/computer-internet-security-channel.htm • en.wikipedia.org/wiki/Category:Computer_security • www.stegoarchive.com
The end • Thank you for your attention • Questions?