290 likes | 431 Views
Week 2 - Friday. CS363. Last time. What did we talk about last time? Substitution ciphers Vigenère ciphers One-time pad. Questions?. Project 1. Security Presentation. Michael Franzese. Secure Encryption Algorithms. How do you define good?.
E N D
Week 2 - Friday CS363
Last time • What did we talk about last time? • Substitution ciphers • Vigenère ciphers • One-time pad
Security Presentation Michael Franzese
How do you define good? • Claude Shannon is the guy that invented Shannon secrecy and is considered the father of information theory • He proposed 5 characteristics for a good cipher: • The amount of secrecy needed should determine the amount of labor appropriate for encryption and decryption • The set of keys and the enciphering algorithm should be free from complexity • The implementation of the process should be as simple as possible • Errors in ciphering should not propagate and cause corruption of further information in the message • The size of the enciphered text should be no larger than the text of the original message
A more modern view • Shannon was focused on hand encryption • Modern commercial users of cryptography want the following characteristics for their cryptosystems: • Based on sound mathematics • Analyzed by competent experts and found to be sound • Stood the test of time
Stream and block ciphers • A common way of dividing ciphers is into stream ciphers and block ciphers • Block ciphers divide messages into fixed length parts (or blocks) and encipher each part with the same key • Stream ciphers encipher each message character by character • Some other authors define a stream cipher to be like a block cipher except that the key changes with each block based on the message
Self-synchronous stream ciphers • Self-synchronous ciphers are stream ciphers that get the key from the message itself • The simplest such cipher is an autokey cipher that uses the message itself for the key • Essentially, this is similar to the Vigenère cipher with the key coming from the message • Example: • Message: THISISTHEREMIX • Key: QTHISISTHEREMI • Alternatively, the key can be drawn from the ciphertext • Message: THEBOYHASTHECAT • Key: XQXBCQOVVNGNRTT • Ciphertext: QXBCQOVVNGNRTTM
Confusion and Diffusion • Confusion is the property of a cryptosystem that changing a single character in the plaintext should not have a predictable effect • Diffusion is the property of a cryptosystem that each character in the plaintext should impact many characters in the ciphertext • Examples: • Caesar cipher has poor confusion and no diffusion • One time pad has good confusion but no diffusion • Auto-key ciphers may have poor confusion but good diffusion • AES and DES have good confusion and diffusion within a block
Attacks • We measure a cryptosystem based on its resistance to an adversary or attacker • Kinds of attacks: • Ciphertext only • Full or partial plaintext • Chosen plaintext • Chosen ciphertext • Ciphertext and plaintext pairs
Ciphertext only • Attacker only has access to an encrypted message, with a goal of decrypting it • This is the assumption we have made so far when cryptanalyzing the classical ciphers • The world is filled with ciphertext data • This model gives the attacker very little to work with
Full or partial plaintext • Attacker has access to a plaintext and its matching ciphertext, with a goal of discovering the key • It is possible that the full or partial plaintext is available because it is an encrypted broadcast of public (or soon to be public) information • Perhaps a secret transmission informed everyone of a new policy • Then, the policy is made public • Some messages are very common • “Nothing to report.” • If these messages are predictable, the ciphertext could be intercepted and the plaintext guessed
Chosen plaintext • Attacker may ask to encrypt any plaintext, with a goal of discovering the key • This model seems unusual, but it comes up in practice • Military forces seize a transmission room and start transmitting messages • Perhaps they don’t have enough knowledge to learn the encryption settings, but the known messages could be analyzed later • All public key cryptosystems allow this kind of attack, since anyone can generate encrypted messages
Chosen ciphertext • It is unusual that an attacker can pick a ciphertext and ask for it to be decrypted • Why not just ask for any particular ciphertext that you’re interested in? • If you have access to code that can encrypt huge amounts of plaintext quickly, it is possible to attempt a brute force encryption that will approximate choosing the ciphertext
Ciphertext and plaintext pairs • As an extension of known plaintext, it may be the case that you have many ciphertext/plaintext pairs that are encrypted with the same key
Human error • Humans allow some of the scenarios described above through error • Operators transmit the same message with two different keys • Operators transmit some information in the clear • Operators transmit a repeat of a message but make small mistakes the second time • As usual, humans are a problem
Block ciphers • A block cipher is a symmetric key cipher that works on a block of data of a given size • For compatibility with hardware, block sizes are often powers of two: 64 bits, 128 bits, 256 bits, etc. • Block ciphers are a fundamental part of many modern cryptosystems • To encrypt a message longer than a single block: • First break the message into blocks • Then, each block could be encrypted individually • Or data from the first block can be used in the encryption of the second, and so on
DES • Data Encryption Standard • DES is a typical block cipher • It was chosen as the government's standard for encryption in 1976 (but has since been deprecated) • DES works on blocks 64 bits in size • DES uses a 56 bit key • NSA helped design it… amidst some controversy
History • In the 1970’s, the National Bureau of Standards (NBS) saw the need for a publicly available encryption standard • They called for proposals that met the following criteria: • High level of security • Easy to understand • Publishable (no security through obscurity) • Available to everyone • Adaptable for many applications • Economical to implement in hardware • Efficient to use • Able to be validated • Exportable • A cryptosystem called Lucifer developed by IBM was adapted into the resulting DES • NBS was reorganized into the National Institute of Standards and Technology in 1988
Exportability • After WWII (the birth of modern cryptography), many governments saw the immense value of crypto • Countries like the US with good crypto didn’t want their enemies to have it • Strong encryption was listed as an Auxiliary Weapons Technology on the US Munitions List • 40 bit or weaker encryption could be exported • 240 possibilities can be brute forced in days (or hours) • In 1996, Bill Clinton signed an executive order that moved commercial encryption from the Munitions List to the Commerce Control List • It is still technically possible to be arrested for exporting software that can perform strong encryption and decryption • But it is no longer illegal arms trafficking • Although DES is longer than 40 bits, its 56 bits seem to be in the range that never really posed a problem for the feds
DES internals • DES has 16 rounds • The book calls them cycles • In each round, the input is broken into 2 halves, manipulated, and combined with part of the key Input Permutation f Left0 Right0 Key1 Left1 Right1 + Left0 Right0
Next time… • More on DES • Maybe start on AES • Yuki Gage presents
Reminders • Read Section 2.5 • Start working on Assignment 1 • Due next Friday by midnight