520 likes | 532 Views
Learn about basic encryption techniques like substitution and transposition in cryptography, emphasizing their advantages and vulnerabilities. Dive into concepts such as the Vigenere tableau and the Kasiski method to understand the practical applications and challenges in encryption methods.
E N D
Cryptography 2 Substitution Transposition
Secret Key Cryptosystem Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel CSCE 522 - Farkas
Basic Encryption Techniques • Substitution (confusion) • Permutation (diffusion) • Combinations and iterations of these CSCE 522 - Farkas
Simple Alphabetic Substitution • Assign a new symbol to each plain text symbol randomly or by key, e.g., C k, A h, B l M=CAB C =k h l • Advantages: large key space 26! • Disadvantages: trivially broken for known plaintext attack, repeated pattern, letter frequency distributionsunchanged How about multiple substitutions? CSCE 522 - Farkas
Polyalphabetic Substitution • Frequency distribution: reflects the distribution of the underlying alphabet cryptanalysts find substitutions • E.g., English: e – 14 %, t – 9.85%, a – 7.49%, o- 7.37%, … • Need: flatten the distribution • E.g., combine high and low distributions: t a (odd position), b (even position) x a (even position) , b (odd position) CSCE 522 - Farkas
Vigenere Tableu Use the Vigenere Tableau to encrypt Plain text: HOPE YOU ARE HAVING FUN With key: I think this cipher is hard to break CSCE 522 - Farkas
Cryptanalysis of Polyalphabetic Substitution • Determine the number of alphabets used • Solve each piece as monoalphabetic substitution. Kasiski Method: • Uses regularity of English: letters, letter groupings, full words • e.g., endings: -th, -ing, -ed, -ion, -ation, -tion,… beginnings: im-, in-, re-, un-, ... patterns: -eek-, -oot-, -our-, … words: of, end, to, with, are, is, … CSCE 522 - Farkas
One-Time Pad Recommend a practical approach for generating a large key • Perfect Secrecy! • Large, non-repeating set of keys • Key is larger than the message • Advantages: immune to most attacks • Disadvantages: • Need total synchronization • Need very long, non-repeating key • Key cannot be reused • Key management: printing, storing, accounting for CSCE 522 - Farkas
Summary of Substitution • Advantages: • Simple • Easy to encrypt • Disadvantages: • Easy to break!!! CSCE 522 - Farkas CSCE 522 - Farkas 9
Transposition • Letters of the message are rearranged • Break patterns, e.g., columnar transposition Plaintext: this is a test t h i s i s a t tiehssiatst! e s t ! • Advantages: easy to implement • Disadvantages: • Trivially broken for known plaintext attack • Easily broken for cipher only attack CSCE 522 - Farkas
Cryptanalysis • Rearrange the letters • Digrams, Trigrams, Patterns • Frequent digrams: -re-, -th-, -en-, -ed-, … • Cryptanalysis: • Compute letter frequencies subst. or perm. • Compare strings of ciphertext to find reasonable patterns (e.g., digrams) • Find digram frequencies CSCE 522 - Farkas
Double Transposition • Two columnar transposition with different number of columns • First transposition: breaks up adjacent letters • Second transposition.: breaks up short patterns CSCE 522 - Farkas
Product Ciphers One encryption applied to the result of the other En(En-1(…(E1(M)))), e.g., • Double transposition • Substitution followed by permutation, followed by substitution, followed by permutation… • Broken for • Chosen plaintext CSCE 522 - Farkas
Shannon’s Characteristics of “Good” Ciphers The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption The set of keys and the enciphering algorithm should be free from complexity The implementation of the process should be simple and possible CSCE 522 - Farkas
Shannon’s Characteristics of “Good” Ciphers (cont.) Errors in ciphering should not propagate and cause corruption of further information in the message The size of the enciphered text should be no larger than the original message CSCE 522 - Farkas
Trustworthy Encryption Systems Based on sound mathematics Has been analyzed by experts Has stood the test of time Examples: Data Encryption Standard (DES), Advanced Encryption Standard (AES), River-Shamir-Adelman (RSA) CSCE 522 - Farkas
Stream Ciphers • Convert one symbol of plain text into a symbol of ciphertext based on the symbol (plain), key, and algorithm • Advantages: • Speed of transformation • Low error propagation • Disadvantages: • Low diffusion • Vulnerable to malicious insertion and modification CSCE 522 - Farkas
Block Ciphers • Encrypt a group of plaintext as one block and produces a block of ciphertext • Advantages: • Diffusion • Immunity to insertions • Disadvantages: • Slowness of encryption • Error propagation CSCE 522 - Farkas
Secret Key Cryptosystem Vulnerabilities (1) Passive Attacker (Eavesdropper) • Obtain and/or guess key and cryptosystem use these to decrypt messages • Capture text in transit and try a ciphertext-only attack to obtain plaintext. CSCE 522 - Farkas
Secret Key Cryptosystem Vulnerabilities (2) Active Attacker • Break communication channel (denial of service) • Obtain and/or guess key and cryptosystem and use these to send fake messages • No third party authentication CSCE 522 - Farkas
Inherent Weaknesses of Symmetric Cryptography • Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) • Need a key for each pair of users • n users need n*(n-1)/2 keys • If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages CSCE 522 - Farkas
Data Encryption Standards DES CSCE 522 - Farkas
Background and History • Developed by the U.S. government • Intended for general public • 1970s: NBS (National Bureau of Standards) — now named NIST (National Institute of Standards and Technology) — need for standard for encrypting unclassified, sensitive information • 1974: IBM’s candidate: Lucifer • November 1976 : DES was approved as a federal standard in CSCE 522 - Farkas
DES Versions • Jan. 15, 1977: DES was published as FIPS PUB 46 (Federal Information Processing Standard), authorized for use on all unclassified data • 1988 (revised as FIPS-46-1) and 1993 (FIPS-46-2): DES is reaffirmed • Jan. 1999: DES key is broken in 22 hours and 15 minutes • 1999 (FIPS-46-3): DES, containing Triple DES, is reaffirmed • Nov. 26, 2001: The Advanced Encryption Standard (AES) is published in FIPS 197 • May 26, 2002: The AES standard becomes effective • May 19, 2005: FIPS 46-3 was officially withdrawn but Triple DES is approved by NIST until 2030 for sensitive government information CSCE 522 - Farkas
Data Encryption Standard • Mathematics to design strong product ciphers is classified • Breakable by exhaustive search on 56-bit key size for known plaintext, chosen plaintext and chosen ciphertext attacks • Security: computational complexity of computing the key under the above scenarios (22 hours) CSCE 522 - Farkas
Data Encryption Standard • DES is a product cipher • 56 bit key size • 64 bit block size for plaintext and cipher text • Developed by IBM and adopted by NIST with NSA approval • Encryption and decryption algorithms are public but the design principles are classified CSCE 522 - Farkas
DES Controversies • Key size 56 bits – threshold of allowing exhaustive-search known plaintext attack • Built in trapdoor – allegations The US Senate Select Committee of Intelligence exonerated NSA from tampering with the design of DES in any way CSCE 522 - Farkas
DES Algorithm (review) 64 bit plaintext 56 bit key Initial permutation Permuted choice K1 Iteration 1 Permuted choice 1 Left circular shift K2 Iteration 2 Permuted choice 2 Left circular shift K16 Iteration 16 Permuted choice 16 Left circular shift 32 bit swap Inverse initial permutation 64 bit ciphertext CSCE 522 - Farkas
+ + S-box Permutation L i DES Cycle (review) 32 bits 32 bits R i-1 Li-1(= R i-2) Expansion permutation 48 bits 48 bits Permuted key 48 bits 32 bits 32 bits R i CSCE 522 - Farkas
DES Multiple Encryption • 1992: proven that DES is not a group: multiple encryptions by DES are not equivalent to a single encryption CSCE 522 - Farkas
DES Multiple Encryption Double DES P EK1(P) EK2[EK1(P)] Intermediate Ciphertext Ciphertext Plaintext Encryption Encryption K1 K2 Known-plaintext: meet-in-the-middle attack Effective key size: 57 bit -- Why not 112? CSCE 522 - Farkas
DES Multiple Encryption Triple DES P EK1(P) DK2[EK1(P)] EK1[DK2[EK1(P)]] E E D K1 K2 K3 Tuchman: avoid meet-in-the-middle attack CSCE 522 - Farkas
Triple DES NIST, July 19, 2018: 3DES is officially being retired • Tuchman’s technique is part of NIST standard • Can be broken in 2^56 operations if one has 2^56 chosen plaintext blocks (Merkle, Hellman 1981) • Could use distinct K1,K2,K3 to avoid this attack -- 2^112 bit key CSCE 522 - Farkas
Modes of DES (review) • ECB – Electronic Code Book • CBC – Cipher Block Chaining • CFB – Cipher FeedBack • OFB – Output FeedBack Part of NIST standard CSCE 522 - Farkas
ECB Mode (review) 64 bit data 56 bit key 56 bit key E D 64 bit data Good for small messages Identical data block will be identically encrypted CSCE 522 - Farkas
XOR + CBC Mode (review) 64 bit data 64 bit previous Ciphertext block + 56 bit key 56 bit key E D 64 bit previous Ciphertext block + Cn=Ek[Cn-1 Pn] 64 bit data Need initiation vector CSCE 522 - Farkas
CFB Mode (review) Needs initialization vector Adv: can encipher one character at a time Error propagation: current transf. + next 8 characters 8, 8 bit blocks 8, 8 bit blocks Left shift 56 bit key 56 bit key E D Left shift + + 8 bit cipher text 8 bit plain text 8 bit plain text CSCE 522 - Farkas
OFB Mode (review) Needs initialization vector Adv: can encipher one character at a time Error propagation: current transfer only 8, 8 bit blocks 8, 8 bit blocks Left shift 56 bit key 56 bit key E D Left shift + + 8 bit cipher text 8 bit plain text 8 bit plain text CSCE 522 - Farkas
Advanced Encryption Standard (AES) • Federal Information Processing Standard (FIPS) to be used by U.S. Government organizations • Effective since May 26, 2002 • Replaces DES (triple DES remains) • Rijndael ([Rhine Dhal]) algorithm (Joan Daemen and Vincent Rijmen) CSCE 522 - Farkas
AES Origin • Started in 1997 and lasted for several years • Requirements specified by NIST: • Algorithm unclassified and publicly available • Available royalty free world wide • Symmetric key • Operates on data blocks of 128 bits • Key sizes of 128, 192, and 256 bits • Fast, secure, and portable • Active life of 20-30 years • Provides full specifications CSCE 522 - Farkas
AES Finalists • 1999: CSCE 522 - Farkas
Rijndael Algorithm • Chosen for: security, performance, efficiency, ease of implementation, and flexibility • Block cipher (variable block and key length) • Federal Information Processing Standard (FIPS) CSCE 522 - Farkas
Rijndael • Symmetric, block cipher • Key size: 128, 192, or 256 bits • Block size: 128 • Processed as 4 groups of 4 bytes (state) • Operates on the entire block in every round • Number of rounds depending on key size: • Key=128 9 rounds • Key=192 11 rounds • Key=256 13 rounds CSCE 522 - Farkas
Rijndael – Basic Steps (review) • Byte Substitution: Non-linear function for confusion • S-box used on every byte (table look-up) • Shift Rows: Linear mixing function for diffusion • Permutes bytes between columns • Different for different block sizes (128, 192 same, 256 different) • Mix columns: Transformation -- diffusion • Shifting left and XOR bits • Effect: matrix multiplication • Add Round Key: incorporates key and creates confusion • XOR state with unique key All operations can be combined into XOR and table look-ups Very fast and efficient CSCE 522 - Farkas
Strength of Algorithm • New – little experimental results • Cryptanalysis results • Few theoretical weakness • No real problem • No relation to government agency no allegations of tampering with code • Has sound mathematical foundation CSCE 522 - Farkas
AES Decryption • Non-identical to encryption • Steps done in reverse • Different key schedule CSCE 522 - Farkas
Key Distribution Secret key methods
Plaintext M Ciphertext C Plaintext M Encryption Decryption Sender Recipient Conventional Encryption K K Secure channel R knows that: • Message was sent by S • Message hasn’t been altered Key source CSCE 522 - Farkas
Summary: Secret-Key Encryption • Single, secret key • Key distribution problem of secret key systems • Establish key before communication • Need n(n-1)/2 keys with n different parties • Do NOT provide electronic signatures (no third party authentication) • Faster than public-key encryption CSCE 522 - Farkas
Symmetric-Key Distribution without Server • Change encryption key E(Knew,K), where Knew is the session key, K is the master key New key Ciphertext C New key Encryption Decryption Sender Recipient K CSCE 522 - Farkas