computer security secon week 4: cryptography · secon week 4: cryptography ta: thomas crosley...
TRANSCRIPT
CSE484/CSEM584
ComputerSecuritySec4onWeek4:Cryptography
TA:ThomasCrosleytcrosley@cs
ThankstoFranziRoesnerandAdrianShamforpreviousslides
[Examples/ImagesthankstoWikipedia.]
Administrivia
• Lab1Finalduenextweek(Friday4/29,8pm)• Today– FunHistoricalCiphers– CryptoReview– CryptoPrac4ce– CBC-MACIssue
FunHistoricalCiphers
CaesarCipher(ShiYCipher)
• PlaintextleZersare replacedwithleZers afixedshiYawayin thealphabet.
• Example:– Plaintext:The quick brown fox jumps over the lazy dog.– Key:ShiY3
ABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC
– Ciphertext:WKHTX LFNEU RZQIR AMXPS VRYHU WKHOD CBGRJ
CaesarCipher(ShiYCipher)
• ROT13:shiY13(encryp4onanddecryp4onaresymmetric)
• Whatisthekeyspace?– 26possibleshiYs.
• HowtoaZackshiYciphers?– Bruteforce.
Subs4tu4onCipher
• SupersetofshiYciphers:eachleZerissubs4tutedforanotherone.
• Monoalphabe4csubs4tu4oncipher:fixedsubs4tu4onovertheen4remessage.
• Example:– Plaintext:ABCDEFGHIJKLMNOPQRSTUVWXYZ– Cipher:ZEBRASCDFGHIJKLMNOPQTUVWXY
Subs4tu4onCipher
• Whatisthekeyspace?• HowtoaZack?– Frequencyanalysis.
Trigrams:1. the2. and3. tha4. ent5. ing
Bigrams:th 1.52% en 0.55% ng 0.18% he 1.28% ed 0.53% of 0.16% in 0.94% to 0.52% al 0.09% er 0.94% it 0.50% de 0.09% an 0.82% ou 0.50% se 0.08% re 0.68% ea 0.47% le 0.08% nd 0.63% hi 0.46% sa 0.06% at 0.59% is 0.46% si 0.05% on 0.57% or 0.43% ar 0.04% nt 0.56% ti 0.34% ve 0.04%ha 0.56% as 0.33% ra 0.04% es 0.56% te 0.27% ld 0.02% st 0.55% et 0.19% ur 0.02%
6. ion7. tio8. for 9. nde10. has
11. nce12. edt13. tis 14. oft15. sth
26!~=2^88
Transposi4onCipher
• Ciphertextispermuta4onofplaintext.• Example:Routecipher– Plaintext:WE ARE DISCOVERED, FLEE AT ONCE– Arrangement:
W R I O R F E O EE E S V E L A N JA D C E D E T C X
– Key:“spiral inwards, clockwise, starting from top right”– Ciphertext:EJXCTEDECDAEWRIORFEONALEVSE
Whatisthis?Scytale(usedbyancientGreeks/Spartans)
Howisitusedtodotransposi4on?1. Wrap2. Writehorizontally3. Encrypt=unwrap4. Decrypt=rewrap
Transposi4on/Subs4tu4on
• Howtotellifciphertextwasencryptedusingsubs4tu4onortransposi4oncipher?– IfleZerfrequenciesarenormal,it’stransposi4on.
• Whathappensifyoucombinesubs4tu4onandtransposi4on?– Subs4tu4onpreventsanagramfinding,transposi4onpreventsdigram/trigramanalysis.
VigenèreCipher(~1467)
• Polyalphabe4csubs4tu4oncipher:usemul4plesubs4tu4onalphabets.
• Example:– Plaintext: ATTACKATDAWN– Key: LEMONLEMONLE– Ciphertext: LXFOPVEFRNHR
• Encrypt:– (Key-Row,Msg-Col)– Orjustaddi4onmod26
VigenèreCipher(~1467)
• Doesthisdefeatfrequencyanalysis?– Notifyouknowthelengthofthe(repea4ng)key(e.g.,ifkeylength=5,dofrequencyanalysisonsetofevery5thleZer).
– Evenifyoudon’tknowthekeylength,justiteratewithlength=1…nun4ldecryp4onlookssensible.
• Whatifthekeydoesn’trepeat(i.e.,lengthofkey>=lengthofplaintext)?– One-4mepad.(Samecaveats:fullyrandomkey,useonlyonce…)
EnigmaMachineUsesrotors(subs4tu4oncipher)thatchangeposi4onaYereachkey.
Key=ini4alseqngofrotors
Keyspace?26^nfornrotors
Steganography
• Hiddenmessages(securitythroughobscurity)
[Figurefrom“HideandSeek:AnIntroduc4ontoSteganography”byNielsProvosandPeterHoneyman]
SecretMessagesinVideoGames
• Castle:programthatencodessecretmessagesinvideogamecommunica4ons– StonyBrookUniversity– AvoidingsurveillanceandfirewallsinChina– S4lllookslikeanormalgamefromtheoutside
• Encode:message->playermovements• Decode:playermovements->message
Source:hZp://www.wired.com/2015/04/app-hides-secret-messages-starcraY-style-games/
CryptoReview
FlavorsofCryptography
• Symmetriccryptography– Bothcommunica4ngpar4eshaveaccesstoasharedrandomstringK,calledthekey.
• Asymmetriccryptography– Eachpartycreatesapublickeypkandasecretkeysk.
AchievingPrivacy(Symmetric)
AchievingPrivacy(Asymmetric)
Keyexchange
• Diffie-HellmanKeyAgreementalgorithm• RSAkeyexchangeprocess(Nextweek!)
hZps://technet.microsoY.com/en-us/library/cc962035.aspx
AchievingIntegrity(Symmetric)
• Messageauthen4ca4onschemes:Atoolforprotec4ngintegrity.(Alsocalledmessageauthen4ca4oncodesorMACs)
AchievingIntegrity(Asymmetric)
Digitalsignatureschemes:Atoolforprotec4ngintegrityandauthen4city.
PseudoRandomNumberGenerator(PRNG)
• Algorithmforgenera4ngasequenceofnumberswhoseproper4esapproximatetheproper4esofsequencesofrandomnumbers.
• Inotherword,sortofrandom,butnotREALLY…
CryptoPrac4ce
Diffie-HelmanProtocol
• AliceandBobnevermeetandsharenosecret• Publicinfo:pandg– Pisalargeprime(publicinfo)– Gisagenerator(publicinfo)
• Alicesends->Bobgxmodp• Bobsends->Alicegymodp
• k=(gx)y=(gy)x=gxymodp(sharedsecret)
DiffieHelmanPrac4ceProblem
• P=11• G=7• Alice’sPrivateKey(x=4)• Bob’sPrivateKey(y=8)
• Whatistheirsharedkey?
Prac4ceProblemSolu4on
• Alicecomputes74mod11=3• Bobcomputes78mod11=9• Sharedsecretis38=94mod11=5
CBC-MACProblem
Integritydoesnotworkherewithvariablelengthmessages
CBC-MACProblem
BC(MxorO)=T
BC(BC(MxorO)xor(MxorT))=BC(TxorMxorT)=B(M)=T