i nformation s ecurity : c ryptography ( part 2) dr. shahriar bijani shahed university

INFORMATION SECURITY:

CRYPTOGRAPHY (PART 2)

Dr. Shahriar Bijani

Shahed University

2

SLIDES REFERENCES Matt Bishop, Computer Security: Art and

Science, the author homepage, 2002-2004. Addam Schroll, Cryptography, Purdue

university. Nikita Borisov, Cryptography, Illinois university,

CS461, 2007.

VIGENERE CIPHER

A different caesar cipher per letter

MORESECURETHANCAESAR (Ciphertext)

+ SECRETSECRETSECRETSE (Key)

= FTUWXYVZUWYBTSFSJMTW

M (13) + A (19) = F (6) mod 26

O (15) + E (5) = T (20) mod 26

...

VIGENERE ANALYSIS

Key space?

26Length(Key)

Frequency analysis?

Doesn’t work because of different keys

For many years, the Vigenère cipher was

considered unbreakable!

Slide #9-5

USEFUL TERMS period: length of key

In earlier example, period is 3 tableau: table used to encipher and decipher

Vigènere cipher has key letters on top, plaintext letters on the left

polyalphabetic: the key has several different letters Caesar cipher is monoalphabetic

VIGENERE ANALYSIS Guess period of the cipher= p Construct p frequency tables

Cryptanalyze each onehttp://math.ucsd.edu/~crypto/java/EARLYCIPHERS/Vigenere.html

Better yet, recover period Look for repeated n-grams

VIGENERE ANALYSIS

The index of coincidence measures the differences in the frequencies of the

letters in the ciphertext. the probability that two randomly chosen letters from

the ciphertext will be the same. Fc = frequency of cipher character c, N = length of the ciphertext

Indices of coincidences for different periods:

8

VIGENÈRE TABLEAU The key letters on top, plaintext letters on the

left

RELEVANT PARTS OF TABLEAU

G I VA G I VB H J WE L M ZH N P CL R T GO U W JS Y A NT Z B OY E H T

Tableau shown has relevant rows, columns only

Example encipherments: key V, letter T: follow V column down to T row

(giving “O”) Key I, letter H: follow I column down to H row

(giving “P”)

10

VIGENÈRE ANALYSIS Ciphertext:

Could this be a Caesar cipher? We find that the index of coincidence is

0.043, which indicates a key of length 5 or more.

So we assume that the key is of length greater than 1, and apply the Kasiski method

ADQYS MIUSB OXKKT MIBHK IZOOO EQOOG IFBAG KAUMF

VVTAA CIDTW MOCIO EQOOG BMBFV ZGGWP CIEKQ HSNEW

VECNE DLAAV RWKXS VNSVP HCEUT QOIOF MEGJS WTPCH

AJMOC HIUIX

11

VIGENÈRE ANALYSIS Repetitions of 2 letters or more The only factors that occur more in the gaps are 2 (in eight

gaps) and 3 (in seven gaps). As a first guess, let us try 6.

Letters Start End Gap length

Factors of gap length

MI 5 15 10 2, 5

OO 22 27 5 5

OEQOOG 24 54 30 2, 3, 5

FV 39 63 24 2, 2, 2, 3

AA 43 87 44 2, 2, 11

MOC 50 122 72 2, 2, 2, 3, 3

QO 56 105 49 7, 7

PC 69 117 48 2, 2, 2, 2, 3

NE 77 83 6 2, 3

SV 94 97 3 3

CH 118 124 6 2, 3

12

VIGENÈRE ANALYSIS To verify this guess, we compute

the index of coincidence for each alphabet. We first arrange the message into 6 columns.

Each column represents one alphabet. The indices of coincidence are:

All ICs indicate a single alphabet except for the ICs of alphabets #4 (period between 1 and 2) and #6 (period between 5 and 10).

A D Q Y S M

I U S B O X

K K T M I B

H K I Z O O

O E Q O O G

I F B A G K

A U M F V V

T A A C I D

T W M O C I

O E Q O O G

B M B F V Z

G G W P C I

E K Q H S N

E W V E C N

E D L A A V

R W K X S V

N S V P H C

E U T Q O I

O F M E G J

S W T P C H

A J M O C H

I U I X    

Alphabet #1: IC = 0.069 Alphabet #4: IC = 0.056

Alphabet #2: IC = 0.078 Alphabet #5: IC = 0.124

Alphabet #3: IC = 0.078 Alphabet #6: IC = 0.043

13

VIGENÈRE ANALYSIS Counting characters in each column (alphabet) :

An unshifted alphabet has the characteristics in the last row (L=low frequency, M = moderate frequency, H =high frequency)

now compare the frequency counts in the six alphabets with the frequency count of the unshifted alphabet.

The first alphabet matches the characteristics of the unshifted alphabet (note the values for A, E, and I in particular).

Column A B C D E F G H I J K L MN OP QR S T U V WX Y Z

#1 3 1 0 0 4 0 1 1 3 0 1 0 0 1 3 0 0 1 1 2 0 0 0 0 0 0

#2 1 0 0 2 2 2 1 0 0 1 3 0 1 0 0 0 0 0 1 0 4 0 4 0 0 0

#3 1 2 0 0 0 0 0 0 2 0 1 1 4 0 0 0 4 0 1 3 0 2 1 0 0 0

#4 2 1 1 0 2 2 0 1 0 0 0 0 1 0 4 3 1 0 0 0 0 0 0 2 1 1

#5 1 0 5 0 0 0 2 1 2 0 0 0 0 0 5 0 0 0 3 0 0 2 0 0 0 0

#6 0 1 1 1 0 0 2 2 3 1 1 0 1 2 1 0 0 0 0 0 0 3 0 1 0 1

unshifted H M M M H M M H H M M M M H H M L H H H M L L L L L

14

VIGENÈRE ANALYSIS the 3rd alphabet seems to be shifted with I

mapping to A. in the 6th alphabet : V maps to A.

15

VIGENÈRE ANALYSIS

16

VIGENÈRE ANALYSIS With proper spacing and punctuation, we

haveA LIMERICK PACKS LAUGHS ANATOMICAL INTO SPACE THAT IS QUITE ECONOMICAL BUT THE GOOD ONES I'VE SEEN SO SELDOM ARE CLEAN, AND THE CLEAN ONES SO SELDOM ARE COMICAL.

The key is ASIMOV.

17

VIGENERE ANALYSIS Here is a ciphertext message

18

DES: DATA ENCRYPTION STANDARD

A block cipher:

encrypts blocks of 64 bits using a 64 bit key

Key: 8 bits for parity, so the effective key length is 56

bits.

outputs 64 bits of ciphertext

performs both substitution and transposition

(permutation) on the bits.

19

GENERAL STRUCTURE OF DES

Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key

DES: INITIAL AND FINAL PERMUTATIONS

Example

Find the output of the final permutation box when the input is given in hexadecimal as:

Only bit 25 and bit 64 are 1s; the other bits are 0s. In the final permutation, bit 25 becomes bit 64 and bit 63 becomes bit 15. The result is

Solution

DES: INITIAL AND FINAL PERMUTATIONS

22

DES: INITIAL AND FINAL PERMUTATIONS The initial and final permutations are straight

P-boxes that are inverses of each other.

They have no cryptography significance in DES.

23

DES: ROUNDS DES uses 16 rounds. Each round of DES has a 48 bit

key.

A round in DES

24

THE DES FUNCTION The heart of DES is the DES function.

The DES function applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output.

Expansion P-box Since RI−1 is a 32-bit input and KI is a 48-

bit key, we first need to expand RI−1 to 48

bits.

K1

(48 bit)

25

THE DES FUNCTION: S-BOXES

The S-boxes do the real mixing (confusion). DES uses 8

S-boxes, each with a 6-bit input and a 4-bit output.

26

S-box 1 Table

THE DES FUNCTION: S-BOXES

27

S-BOX EXAMPLE

The input to S-box 1 is 100011. What is the output?

If we write the first and the sixth bits together, we get 11 in binary, which is 3 in decimal. The remaining bits are 0001 in binary, which is 1 in decimal. We look for the value in row 3, column 1, in Table 6.3 (S-box 1). The result is 12 in decimal, which in binary is 1100. So the input 100011 yields the output 1100.

Solution

28

THE DES FUNCTION:STRAIGHT PERMUTATION

Straight permutation table

DIFFERENTIAL CRYPTANALYSIS A chosen ciphertext attack

Requires 247 plaintext, ciphertext pairs

CURRENT STATUS OF DES

Design for computer system, associated

software that could break any DES-enciphered

message in a few days published in 1998

Several challenges to break DES messages

solved using distributed computing

NIST selected Rijndael as Advanced Encryption

Standard, successor to DES

Designed to withstand attacks that were successful

on DES

PUBLIC KEY CRYPTOGRAPHY

Two keys

Private key known only to individual

Public key available to anyone

Public key, private key inverses

Idea

Confidentiality: encipher using public key, decipher

using private key

Integrity/authentication: encipher using private key,

decipher using public one 31

REQUIREMENTS

1. It must be computationally easy to encipher or

decipher a message given the appropriate key

2. It must be computationally infeasible to derive the

private key from the public key

3. It must be computationally infeasible to determine

the private key from a chosen plaintext attack32

DIFFIE-HELLMAN

Compute a common, shared key

Called a symmetric key exchange protocol

Based on discrete logarithm problem

Given integers n and g and prime number p, compute k

such that n = gk mod p

Solutions known for small p

Solutions computationally infeasible as p grows large

33

ALGORITHM

Constants: prime p, integer g ≠ 0, 1, p–1

Known to all participants

Anne chooses private key kAnne, computes public

key KAnne = gkAnne mod p

To communicate with Bob, Anne computes Kshared

= KBobkAnne mod p

To communicate with Anne, Bob computes Kshared

= KAnnekBob mod p

It can be shown these keys are equal

34

EXAMPLE Assume p = 53 and g = 17 Alice chooses kAlice = 5

Then KAlice = 175 mod 53 = 40 Bob chooses kBob = 7

Then KBob = 177 mod 53 = 6 Shared key:

KBobkAlice mod p = 65 mod 53 = 38 KAlicekBob mod p = 407 mod 53 = 38

35

36

RSA Asymmetric cryptographic algorithm

published in 1978 The most popular asymmetric algorithm used

today Now free to use – patent expired in 2000 Relies on the hardness of factoring a number

consisting of two primes

BACKGROUND

Totient function (n)Number of positive integers less than n

and relatively prime to n Relatively prime means with no factors in

common with n

Example: (10) = 41, 3, 7, 9 are relatively prime to 10

Example: (21) = 121, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are

relatively prime to 21

ALGORITHM Choose two large prime numbers p, q

Let n = pq; then (n) = (p–1)(q–1) Choose e < n such that e is relatively prime to

(n). Compute d such that ed mod (n) = 1

Public key: (e, n); private key: d Encipher: c = me mod n Decipher: m = cd mod n

THE RSA ALGORITHM – KEY GENERATION Choose two large prime numbers p, q Let n = pq; then (n) = (p–1)(q–1) Choose e < n such that gcd(e, (p – 1)(q – 1)) = 1

e is relatively prime to (n). Compute d such that ed mod ((p – 1)(q – 1)) = 1

The public key is the pair (e, n) The private key is the pair (d, n)

Message m – number 0 < m < n Encryption E(m) = me mod n Decryption D(m) = md mod n

Exercise – check that D(E(m)) = m.

EXAMPLE: CONFIDENTIALITY Take p = 7, q = 11, so n = 77 and (n)

= 60 Alice chooses e = 17, making d = 53

Bob wants to send Alice secret message HELLO (07 04 11 11 14)0717 mod 77 = 280417 mod 77 = 161117 mod 77 = 441117 mod 77 = 441417 mod 77 = 42

Bob sends 28 16 44 44 42

EXAMPLE Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to

decrypt message:2853 mod 77 = 071653 mod 77 = 044453 mod 77 = 114453 mod 77 = 114253 mod 77 = 14

Alice translates message to letters to read HELLONo one else could read it, as only Alice

knows her private key and that is needed for decryption

EXAMPLE: INTEGRITY/AUTHENTICATION Take p = 7, q = 11, so n = 77 and (n) = 60 Alice chooses e = 17, making d = 53 Alice wants to send Bob message HELLO (07

04 11 11 14) so Bob knows it is what Alice sent (no changes in transit, and authenticated) 0753 mod 77 = 35 0453 mod 77 = 09 1153 mod 77 = 44 1153 mod 77 = 44 1453 mod 77 = 49

Alice sends 35 09 44 44 49

EXAMPLE Bob receives 35 09 44 44 49 Bob uses Alice’s public key, e = 17, n = 77, to decrypt

message: 3517 mod 77 = 07 0917 mod 77 = 04 4417 mod 77 = 11 4417 mod 77 = 11 4917 mod 77 = 14

Bob translates message to letters to read HELLO Alice sent it as only she knows her private key, so no one

else could have enciphered it If (enciphered) message’s blocks (letters) altered in

transit, would not decrypt properly

EXAMPLE: BOTH Alice wants to send Bob message HELLO both

enciphered and authenticated (integrity-checked) Alice’s keys: public (17, 77); private: 53 Bob’s keys: public: (37, 77); private: 13

Alice enciphers HELLO (07 04 11 11 14): (0753 mod 77)37 mod 77 = 07 (0453 mod 77)37 mod 77 = 37 (1153 mod 77)37 mod 77 = 44 (1153 mod 77)37 mod 77 = 44 (1453 mod 77)37 mod 77 = 14

Alice sends 07 37 44 44 14

SECURITY SERVICES

Confidentiality

Only the owner of the private key knows it, so

text enciphered with public key cannot be read

by anyone except the owner of the private key

Authentication

Only the owner of the private key knows it, so

text enciphered with private key must have been

generated by the owner

MORE SECURITY SERVICES

Integrity

Enciphered letters cannot be changed

undetectably without knowing private key

Non-Repudiation

Message enciphered with private key came from

someone who knew it

RSA Asymmetric cryptographic algorithm

published in 1978 The most popular asymmetric algorithm used

today Now free to use – patent expired in 2000 Relies on the hardness of factoring a number

consisting of two primes

WARNINGS

Encipher message in blocks considerably

larger than the examples here

If 1 character per block, RSA can be broken using

statistical attacks (just like classical

cryptosystems)

Attacker cannot alter letters, but can rearrange

them and alter message meaning

Example: reverse enciphered message of text ON to

get NO

KEY POINTS Two main types of cryptosystems:

classical and public key Classical cryptosystems encipher and

decipher using the same keyOr one key is easily derived from the other

Public key cryptosystems encipher and decipher using different keysComputationally infeasible to derive one

from the other