CSE484/CSEM584

ComputerSecuritySec4onWeek4:Cryptography

TA:ThomasCrosleytcrosley@cs

ThankstoFranziRoesnerandAdrianShamforpreviousslides

[Examples/ImagesthankstoWikipedia.]

Administrivia

•  Lab1Finalduenextweek(Friday4/29,8pm)•  Today– FunHistoricalCiphers– CryptoReview– CryptoPrac4ce– CBC-MACIssue

FunHistoricalCiphers

CaesarCipher(ShiYCipher)

•  PlaintextleZersare replacedwithleZers afixedshiYawayin thealphabet.

•  Example:–  Plaintext:The quick brown fox jumps over the lazy dog.–  Key:ShiY3

ABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC

–  Ciphertext:WKHTX LFNEU RZQIR AMXPS VRYHU WKHOD CBGRJ

CaesarCipher(ShiYCipher)

•  ROT13:shiY13(encryp4onanddecryp4onaresymmetric)

•  Whatisthekeyspace?– 26possibleshiYs.

•  HowtoaZackshiYciphers?– Bruteforce.

Subs4tu4onCipher

•  SupersetofshiYciphers:eachleZerissubs4tutedforanotherone.

•  Monoalphabe4csubs4tu4oncipher:fixedsubs4tu4onovertheen4remessage.

•  Example:– Plaintext:ABCDEFGHIJKLMNOPQRSTUVWXYZ– Cipher:ZEBRASCDFGHIJKLMNOPQTUVWXY

Subs4tu4onCipher

•  Whatisthekeyspace?•  HowtoaZack?– Frequencyanalysis.

Trigrams:1. the2. and3. tha4. ent5. ing

Bigrams:th 1.52% en 0.55% ng 0.18% he 1.28% ed 0.53% of 0.16% in 0.94% to 0.52% al 0.09% er 0.94% it 0.50% de 0.09% an 0.82% ou 0.50% se 0.08% re 0.68% ea 0.47% le 0.08% nd 0.63% hi 0.46% sa 0.06% at 0.59% is 0.46% si 0.05% on 0.57% or 0.43% ar 0.04% nt 0.56% ti 0.34% ve 0.04%ha 0.56% as 0.33% ra 0.04% es 0.56% te 0.27% ld 0.02% st 0.55% et 0.19% ur 0.02%

6. ion7. tio8. for 9. nde10. has

11.  nce12.  edt13.  tis 14.  oft15.  sth

26!~=2^88

Transposi4onCipher

•  Ciphertextispermuta4onofplaintext.•  Example:Routecipher– Plaintext:WE ARE DISCOVERED, FLEE AT ONCE– Arrangement:

W R I O R F E O EE E S V E L A N JA D C E D E T C X

– Key:“spiral inwards, clockwise, starting from top right”– Ciphertext:EJXCTEDECDAEWRIORFEONALEVSE

Whatisthis?Scytale(usedbyancientGreeks/Spartans)

Howisitusedtodotransposi4on?1.  Wrap2.  Writehorizontally3.  Encrypt=unwrap4.  Decrypt=rewrap

Transposi4on/Subs4tu4on

•  Howtotellifciphertextwasencryptedusingsubs4tu4onortransposi4oncipher?–  IfleZerfrequenciesarenormal,it’stransposi4on.

•  Whathappensifyoucombinesubs4tu4onandtransposi4on?– Subs4tu4onpreventsanagramfinding,transposi4onpreventsdigram/trigramanalysis.

VigenèreCipher(~1467)

•  Polyalphabe4csubs4tu4oncipher:usemul4plesubs4tu4onalphabets.

•  Example:–  Plaintext: ATTACKATDAWN–  Key: LEMONLEMONLE–  Ciphertext: LXFOPVEFRNHR

•  Encrypt:–  (Key-Row,Msg-Col)–  Orjustaddi4onmod26

VigenèreCipher(~1467)

•  Doesthisdefeatfrequencyanalysis?– Notifyouknowthelengthofthe(repea4ng)key(e.g.,ifkeylength=5,dofrequencyanalysisonsetofevery5thleZer).

– Evenifyoudon’tknowthekeylength,justiteratewithlength=1…nun4ldecryp4onlookssensible.

•  Whatifthekeydoesn’trepeat(i.e.,lengthofkey>=lengthofplaintext)?– One-4mepad.(Samecaveats:fullyrandomkey,useonlyonce…)

EnigmaMachineUsesrotors(subs4tu4oncipher)thatchangeposi4onaYereachkey.

Key=ini4alseqngofrotors

Keyspace?26^nfornrotors

Steganography

•  Hiddenmessages(securitythroughobscurity)

[Figurefrom“HideandSeek:AnIntroduc4ontoSteganography”byNielsProvosandPeterHoneyman]

SecretMessagesinVideoGames

•  Castle:programthatencodessecretmessagesinvideogamecommunica4ons– StonyBrookUniversity– AvoidingsurveillanceandfirewallsinChina– S4lllookslikeanormalgamefromtheoutside

•  Encode:message->playermovements•  Decode:playermovements->message

Source:hZp://www.wired.com/2015/04/app-hides-secret-messages-starcraY-style-games/

CryptoReview

FlavorsofCryptography

•  Symmetriccryptography– Bothcommunica4ngpar4eshaveaccesstoasharedrandomstringK,calledthekey.

•  Asymmetriccryptography– Eachpartycreatesapublickeypkandasecretkeysk.

AchievingPrivacy(Symmetric)

AchievingPrivacy(Asymmetric)

Keyexchange

•  Diffie-HellmanKeyAgreementalgorithm•  RSAkeyexchangeprocess(Nextweek!)

hZps://technet.microsoY.com/en-us/library/cc962035.aspx

AchievingIntegrity(Symmetric)

•  Messageauthen4ca4onschemes:Atoolforprotec4ngintegrity.(Alsocalledmessageauthen4ca4oncodesorMACs)

AchievingIntegrity(Asymmetric)

Digitalsignatureschemes:Atoolforprotec4ngintegrityandauthen4city.

PseudoRandomNumberGenerator(PRNG)

•  Algorithmforgenera4ngasequenceofnumberswhoseproper4esapproximatetheproper4esofsequencesofrandomnumbers.

•  Inotherword,sortofrandom,butnotREALLY…

CryptoPrac4ce

Diffie-HelmanProtocol

•  AliceandBobnevermeetandsharenosecret•  Publicinfo:pandg– Pisalargeprime(publicinfo)– Gisagenerator(publicinfo)

•  Alicesends->Bobgxmodp•  Bobsends->Alicegymodp

•  k=(gx)y=(gy)x=gxymodp(sharedsecret)

DiffieHelmanPrac4ceProblem

•  P=11•  G=7•  Alice’sPrivateKey(x=4)•  Bob’sPrivateKey(y=8)

•  Whatistheirsharedkey?

Prac4ceProblemSolu4on

•  Alicecomputes74mod11=3•  Bobcomputes78mod11=9•  Sharedsecretis38=94mod11=5

CBC-MACProblem

Integritydoesnotworkherewithvariablelengthmessages

CBC-MACProblem

BC(MxorO)=T

BC(BC(MxorO)xor(MxorT))=BC(TxorMxorT)=B(M)=T