Confidential Channels, Encryption, and Ciphers

• Readings

– Sections 2.1 – 2.4, 3.1 – 3.2

1

Cryptography

• Greek for “hidden writing”

• “The art and science of keeping messages secure”

• A field of study relating to the above

• Note: Cryptology is often defined to include the fields of:

–Cryptography

–Cryptanalysis

–Steganography

2

What is encryption?

• Encryption is used to

achieve confidentiality

• Alice and Bob, wish to

communicate secretly.

• Curious Carl wants to

listen into their private

chat.

3

01001110…

As root, try:

tcpdump -a -s 0

Ciphers

• Plaintext

• Ciphertext

• Encipher: transform plaintext into ciphertext (encrypt)

• Decipher: transform ciphertext into plaintext (decrypt)

• Key: used in the transformation between plaintext and

ciphertext.

• Cipher: an encryption (and decryption) algorithm

– Symmetric or secret key

– Asymmetric or public/private key

• Goal of good ciphers: make the ciphertext look like

“random bits”

4

Ciphers

• Ciphers operate to “garble” their input to make it

unintelligible. The output of a cipher (ciphertext)

does not bear any clear relation to the input (clear-

text or plaintext).

– The earliest recorded example of the use of a cipher is by

Julius Caesar to his generals: He would shift each letter to

the third letter following it in the alphabet.

• Example: Attack now Dwwdfn qrz

• How can you cryptanalyze this cipher?

5

Generalizing the Caesar Cipher

(a substitution cipher)

• Caesar: given plaintext p, use s, where

s = E(p + 3) mod 26

• Can obviously use s = E(p + k) mod 26 for arbitrary k.

How many keys are there?

• Mono-alphabetic cipher: use an arbitrary permutation

of the 26 letters.

– N! permutations or keys

– Many more keys – how much harder to analyze?

6

Assumptions about cipher design

• The adversary knows the cipher algorithm.

– also the design process, the implementation, etc.

• To achieve secrecy, ciphers use keys.

• A key is an auxiliary input to the algorithm that must be

kept private.

– Only the key value is private. It is assumed that the enemy

knows how keys are generated.

7

Example: Vigenere cipher

Courtesy of Giuseppe Ateniese

)17,14,19,2,4,21(VECTORKey

W E W I L L M E E T A T M I D N I G H T

22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 1921

4

2

19

14

17

21

4

2

19

14

17

21

4

2

19

14

17

21

4

17 8 24 1 25 2 7 8 6 12 14 10 7 12 5 6 22 23 2 23

R I Y B Z C H I G M O K H M F G W X C X

Vigenere Cipher

• Normally the key of Vigenere cipher is given as a

“keyword” instead of a vector of integer values, for

example an English word or even a sentence

– For example, if a keyword is “leg”, then the corresponding

values of “leg” are repeated applied to plaintext to obtain

ciphertext

– Easy to remember

9

Breaking the Vigenere Cipher

• The probability distribution of characters

Courtesy of Giuseppe Ateniese

0

0.02

0.04

0.06

0.08

0.1

0.12

0.14

A C E G I K M O Q S U W Y

Strategy for breaking this cipher

• We start with the above distribution of letters in the alphabet. Notice how the letter E is so more frequent than other characters that it can always be identified given enough ciphertext, if the cipher preserves character probabilities.

• Moreover, it is not shown here, but E tends to appear in patterns, such as following H or preceding R. H, a common letter, tends to follow T. The letter I, also very frequent, tends to be followed by N, and so on. (digrams)

• Suppose that the adversary guesses the key length to be equal to 4 in our Vigenere example. Will get each fourth character and create four collections:

11

Looking at the example again

12

K VECTOR (21,4,2,19,14,17)

W E W I L L M E E T A T M I D N I G H T

22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 1921

4

2

19

14

17

21

4

2

19

14

17

21

4

2

19

14

17

21

4

17 8 24 1 25 2 7 8 6 12 14 10 7 12 5 6 22 23 2 23

R I Y B Z C H I G M O K H M F G W X C X

Computing Distributions for various

• By computing the distribution of each fourth letter, and comparing with the distribution of English, the adversary can check if there is a match.

• With enough ciphertext, the adversary will be able to find the key length when the distributions match. Here the adversary would find that the correct key length is six.

• The adversary would collect every sixth letter and, given enough ciphertext, be able to determine which letter corresponds to „E‟ in each distribution. That determines the key character for the distribution, decrypting that collection.

13

Index of coincidence

14

Another Class of Ciphers:

Transposition ciphers

• Plaintext

– attackatdawn

• Cipher

– Put plaintext in a n by m

matrix (example 3 by 4)

– Re-arrange the column

according to the key. For

example, put column 1 in

original matrix to column 3

– Output letters vertically from

top using key number order

• Ciphertext

– TKAATNACDTAW15

3 1 4 2 - the key

a t t a

c k a t

d a w n

Choosing a Cipher

• Ciphers are vulnerable to many known analysis

techniques, and one must count on new attacks

being discovered

• General advice:

– Avoid proprietary commercial ciphers whose design has not

been publicly scrutinized.

– Do not develop your own if good alternatives exist: Adopt

standards.

• Why? Standardization process ensures that many

experts have explored the cipher for weaknesses

• Fundamental Tenet of Cryptography

– If lots of smart people have failed to solve a problem, then it

probably won’t be solved (soon)

16

General Encryption Schemes

17

Symmetric vs. Asymmetric

• If the encryption and decryption keys are equal, the

scheme is said to be symmetric

• If the encryption and decryption keys differ, and

moreover the decryption key cannot be computed

from knowledge of the algorithm and encryption key,

the scheme is asymmetric

• Note: “cannot be computed” really means

“computationally infeasible”

18

Security of ciphers

From the Vigenere cipher to the Vernam one-

time pad

19

Attacks on Encryption Schemes

• PASSIVE

– Ciphertext only

• Only the ciphertext is available. Use statistical methods and

correlations

– Known-plaintext

• One or more pairs of (plaintext, ciphertext) available

• Analyst could likely have this

• ACTIVE

– Chosen plaintext (CPA)

• Adversary can obtain encrypted versions of (chosen) plaintext

– Adaptive CPA

• Can obtain encrypted versions based on analysis of previous versions

– Chosen ciphertext (CCA1)

• Given ciphertext, can get plaintext

– Adaptive CCA (CCA2)20

Outcomes of Attacks (Goals)

• Total Break (key recovery) - most ambitious– This is the worst outcome possible

• Recovery of plaintext - less ambitious– less bad an outcome

• Distinguishability between two possible decryptions of a given ciphertext - even less ambitious– may even be willing to settle for this

Note: IND (indistinguishability) is used to denote “not distinguishability”

• Most stringent security: IND-CCA2

21

Perfect Cipher

• If the Vigenere cipher has key at least as long as the

plaintext, is chosen at random, and used only once:

– The scheme is called the Vernam One-Time Pad

– It is provably unbreakable, even if the adversary has infinite

computational power

• Reasoning: Given some ciphertext, any message of the same

size would encrypt to the observed ciphertext under some key.

22

One Time Pad

• Plaintext is xor'ed with a string of random bits

• The result is a random bit string

• Problems

– Key must be same size as plaintext

– Generating random bits

23

Example of a One-Time Key

• Plaintext: T E D

• ASCII of plaintext: 0101 0100 0100 0101 0100 0100

• Key (random): 0110 0110 0111 0011 0001 0010

• Ciphertext: 0011 0010 0011 0110 0101 0110

• ASCII of Ciphertext: 2 6 V

24

Perfect Secrecy

• Shannon proved that the only cipher that is secure

against an all-powerful adversary

– Has key length equal to, or larger than the message

– The key is random

– Used only once

– As inefficient as the Vernam one-time pad

25

Modern Ciphers

• Operate on binary plaintext

• Use binary keys of fixed length

• Different types of ciphers:

– Public key/asymmetric ciphers

– Symmetric ciphers

• Stream ciphers (RC4, A5/x, Helix, SEAL)

• Block ciphers (Triple-DES, Blowfish, AES)

26

Modern Cipher Operations

• Two basic operations– Substitution: substitute a code symbol (for instance bit

octets) for another.

• Example: shifts (Vigenere cipher), xor

• 10110111 11001010

– Permutation: transpose or reorder the symbols (bits) present in the code

• 10110111 11111100

• Both steps are needed for security

27

Reading Assignments

• Sections 3.3, 4.1, 4.2

• Paper 2

28