i nformation s ecurity : c ryptography ( part 2) dr. shahriar bijani shahed university
TRANSCRIPT
INFORMATION SECURITY:
CRYPTOGRAPHY (PART 2)
Dr. Shahriar Bijani
Shahed University
2
SLIDES REFERENCES Matt Bishop, Computer Security: Art and
Science, the author homepage, 2002-2004. Addam Schroll, Cryptography, Purdue
university. Nikita Borisov, Cryptography, Illinois university,
CS461, 2007.
VIGENERE CIPHER
A different caesar cipher per letter
MORESECURETHANCAESAR (Ciphertext)
+ SECRETSECRETSECRETSE (Key)
= FTUWXYVZUWYBTSFSJMTW
M (13) + A (19) = F (6) mod 26
O (15) + E (5) = T (20) mod 26
...
VIGENERE ANALYSIS
Key space?
26Length(Key)
Frequency analysis?
Doesn’t work because of different keys
For many years, the Vigenère cipher was
considered unbreakable!
Slide #9-5
USEFUL TERMS period: length of key
In earlier example, period is 3 tableau: table used to encipher and decipher
Vigènere cipher has key letters on top, plaintext letters on the left
polyalphabetic: the key has several different letters Caesar cipher is monoalphabetic
VIGENERE ANALYSIS Guess period of the cipher= p Construct p frequency tables
Cryptanalyze each onehttp://math.ucsd.edu/~crypto/java/EARLYCIPHERS/Vigenere.html
Better yet, recover period Look for repeated n-grams
VIGENERE ANALYSIS
The index of coincidence measures the differences in the frequencies of the
letters in the ciphertext. the probability that two randomly chosen letters from
the ciphertext will be the same. Fc = frequency of cipher character c, N = length of the ciphertext
Indices of coincidences for different periods:
8
VIGENÈRE TABLEAU The key letters on top, plaintext letters on the
left
RELEVANT PARTS OF TABLEAU
G I VA G I VB H J WE L M ZH N P CL R T GO U W JS Y A NT Z B OY E H T
Tableau shown has relevant rows, columns only
Example encipherments: key V, letter T: follow V column down to T row
(giving “O”) Key I, letter H: follow I column down to H row
(giving “P”)
10
VIGENÈRE ANALYSIS Ciphertext:
Could this be a Caesar cipher? We find that the index of coincidence is
0.043, which indicates a key of length 5 or more.
So we assume that the key is of length greater than 1, and apply the Kasiski method
ADQYS MIUSB OXKKT MIBHK IZOOO EQOOG IFBAG KAUMF
VVTAA CIDTW MOCIO EQOOG BMBFV ZGGWP CIEKQ HSNEW
VECNE DLAAV RWKXS VNSVP HCEUT QOIOF MEGJS WTPCH
AJMOC HIUIX
11
VIGENÈRE ANALYSIS Repetitions of 2 letters or more The only factors that occur more in the gaps are 2 (in eight
gaps) and 3 (in seven gaps). As a first guess, let us try 6.
Letters Start End Gap length
Factors of gap length
MI 5 15 10 2, 5
OO 22 27 5 5
OEQOOG 24 54 30 2, 3, 5
FV 39 63 24 2, 2, 2, 3
AA 43 87 44 2, 2, 11
MOC 50 122 72 2, 2, 2, 3, 3
QO 56 105 49 7, 7
PC 69 117 48 2, 2, 2, 2, 3
NE 77 83 6 2, 3
SV 94 97 3 3
CH 118 124 6 2, 3
12
VIGENÈRE ANALYSIS To verify this guess, we compute
the index of coincidence for each alphabet. We first arrange the message into 6 columns.
Each column represents one alphabet. The indices of coincidence are:
All ICs indicate a single alphabet except for the ICs of alphabets #4 (period between 1 and 2) and #6 (period between 5 and 10).
A D Q Y S M
I U S B O X
K K T M I B
H K I Z O O
O E Q O O G
I F B A G K
A U M F V V
T A A C I D
T W M O C I
O E Q O O G
B M B F V Z
G G W P C I
E K Q H S N
E W V E C N
E D L A A V
R W K X S V
N S V P H C
E U T Q O I
O F M E G J
S W T P C H
A J M O C H
I U I X
Alphabet #1: IC = 0.069 Alphabet #4: IC = 0.056
Alphabet #2: IC = 0.078 Alphabet #5: IC = 0.124
Alphabet #3: IC = 0.078 Alphabet #6: IC = 0.043
13
VIGENÈRE ANALYSIS Counting characters in each column (alphabet) :
An unshifted alphabet has the characteristics in the last row (L=low frequency, M = moderate frequency, H =high frequency)
now compare the frequency counts in the six alphabets with the frequency count of the unshifted alphabet.
The first alphabet matches the characteristics of the unshifted alphabet (note the values for A, E, and I in particular).
Column A B C D E F G H I J K L MN OP QR S T U V WX Y Z
#1 3 1 0 0 4 0 1 1 3 0 1 0 0 1 3 0 0 1 1 2 0 0 0 0 0 0
#2 1 0 0 2 2 2 1 0 0 1 3 0 1 0 0 0 0 0 1 0 4 0 4 0 0 0
#3 1 2 0 0 0 0 0 0 2 0 1 1 4 0 0 0 4 0 1 3 0 2 1 0 0 0
#4 2 1 1 0 2 2 0 1 0 0 0 0 1 0 4 3 1 0 0 0 0 0 0 2 1 1
#5 1 0 5 0 0 0 2 1 2 0 0 0 0 0 5 0 0 0 3 0 0 2 0 0 0 0
#6 0 1 1 1 0 0 2 2 3 1 1 0 1 2 1 0 0 0 0 0 0 3 0 1 0 1
unshifted H M M M H M M H H M M M M H H M L H H H M L L L L L
14
VIGENÈRE ANALYSIS the 3rd alphabet seems to be shifted with I
mapping to A. in the 6th alphabet : V maps to A.
15
VIGENÈRE ANALYSIS
16
VIGENÈRE ANALYSIS With proper spacing and punctuation, we
haveA LIMERICK PACKS LAUGHS ANATOMICAL INTO SPACE THAT IS QUITE ECONOMICAL BUT THE GOOD ONES I'VE SEEN SO SELDOM ARE CLEAN, AND THE CLEAN ONES SO SELDOM ARE COMICAL.
The key is ASIMOV.
17
VIGENERE ANALYSIS Here is a ciphertext message
18
DES: DATA ENCRYPTION STANDARD
A block cipher:
encrypts blocks of 64 bits using a 64 bit key
Key: 8 bits for parity, so the effective key length is 56
bits.
outputs 64 bits of ciphertext
performs both substitution and transposition
(permutation) on the bits.
19
GENERAL STRUCTURE OF DES
Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key
DES: INITIAL AND FINAL PERMUTATIONS
Example
Find the output of the final permutation box when the input is given in hexadecimal as:
Only bit 25 and bit 64 are 1s; the other bits are 0s. In the final permutation, bit 25 becomes bit 64 and bit 63 becomes bit 15. The result is
Solution
DES: INITIAL AND FINAL PERMUTATIONS
22
DES: INITIAL AND FINAL PERMUTATIONS The initial and final permutations are straight
P-boxes that are inverses of each other.
They have no cryptography significance in DES.
23
DES: ROUNDS DES uses 16 rounds. Each round of DES has a 48 bit
key.
A round in DES
24
THE DES FUNCTION The heart of DES is the DES function.
The DES function applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output.
Expansion P-box Since RI−1 is a 32-bit input and KI is a 48-
bit key, we first need to expand RI−1 to 48
bits.
K1
(48 bit)
25
THE DES FUNCTION: S-BOXES
The S-boxes do the real mixing (confusion). DES uses 8
S-boxes, each with a 6-bit input and a 4-bit output.
26
S-box 1 Table
THE DES FUNCTION: S-BOXES
27
S-BOX EXAMPLE
The input to S-box 1 is 100011. What is the output?
If we write the first and the sixth bits together, we get 11 in binary, which is 3 in decimal. The remaining bits are 0001 in binary, which is 1 in decimal. We look for the value in row 3, column 1, in Table 6.3 (S-box 1). The result is 12 in decimal, which in binary is 1100. So the input 100011 yields the output 1100.
Solution
28
THE DES FUNCTION:STRAIGHT PERMUTATION
Straight permutation table
DIFFERENTIAL CRYPTANALYSIS A chosen ciphertext attack
Requires 247 plaintext, ciphertext pairs
CURRENT STATUS OF DES
Design for computer system, associated
software that could break any DES-enciphered
message in a few days published in 1998
Several challenges to break DES messages
solved using distributed computing
NIST selected Rijndael as Advanced Encryption
Standard, successor to DES
Designed to withstand attacks that were successful
on DES
PUBLIC KEY CRYPTOGRAPHY
Two keys
Private key known only to individual
Public key available to anyone
Public key, private key inverses
Idea
Confidentiality: encipher using public key, decipher
using private key
Integrity/authentication: encipher using private key,
decipher using public one 31
REQUIREMENTS
1. It must be computationally easy to encipher or
decipher a message given the appropriate key
2. It must be computationally infeasible to derive the
private key from the public key
3. It must be computationally infeasible to determine
the private key from a chosen plaintext attack32
DIFFIE-HELLMAN
Compute a common, shared key
Called a symmetric key exchange protocol
Based on discrete logarithm problem
Given integers n and g and prime number p, compute k
such that n = gk mod p
Solutions known for small p
Solutions computationally infeasible as p grows large
33
ALGORITHM
Constants: prime p, integer g ≠ 0, 1, p–1
Known to all participants
Anne chooses private key kAnne, computes public
key KAnne = gkAnne mod p
To communicate with Bob, Anne computes Kshared
= KBobkAnne mod p
To communicate with Anne, Bob computes Kshared
= KAnnekBob mod p
It can be shown these keys are equal
34
EXAMPLE Assume p = 53 and g = 17 Alice chooses kAlice = 5
Then KAlice = 175 mod 53 = 40 Bob chooses kBob = 7
Then KBob = 177 mod 53 = 6 Shared key:
KBobkAlice mod p = 65 mod 53 = 38 KAlicekBob mod p = 407 mod 53 = 38
35
36
RSA Asymmetric cryptographic algorithm
published in 1978 The most popular asymmetric algorithm used
today Now free to use – patent expired in 2000 Relies on the hardness of factoring a number
consisting of two primes
BACKGROUND
Totient function (n)Number of positive integers less than n
and relatively prime to n Relatively prime means with no factors in
common with n
Example: (10) = 41, 3, 7, 9 are relatively prime to 10
Example: (21) = 121, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are
relatively prime to 21
ALGORITHM Choose two large prime numbers p, q
Let n = pq; then (n) = (p–1)(q–1) Choose e < n such that e is relatively prime to
(n). Compute d such that ed mod (n) = 1
Public key: (e, n); private key: d Encipher: c = me mod n Decipher: m = cd mod n
THE RSA ALGORITHM – KEY GENERATION Choose two large prime numbers p, q Let n = pq; then (n) = (p–1)(q–1) Choose e < n such that gcd(e, (p – 1)(q – 1)) = 1
e is relatively prime to (n). Compute d such that ed mod ((p – 1)(q – 1)) = 1
The public key is the pair (e, n) The private key is the pair (d, n)
Message m – number 0 < m < n Encryption E(m) = me mod n Decryption D(m) = md mod n
Exercise – check that D(E(m)) = m.
EXAMPLE: CONFIDENTIALITY Take p = 7, q = 11, so n = 77 and (n)
= 60 Alice chooses e = 17, making d = 53
Bob wants to send Alice secret message HELLO (07 04 11 11 14)0717 mod 77 = 280417 mod 77 = 161117 mod 77 = 441117 mod 77 = 441417 mod 77 = 42
Bob sends 28 16 44 44 42
EXAMPLE Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to
decrypt message:2853 mod 77 = 071653 mod 77 = 044453 mod 77 = 114453 mod 77 = 114253 mod 77 = 14
Alice translates message to letters to read HELLONo one else could read it, as only Alice
knows her private key and that is needed for decryption
EXAMPLE: INTEGRITY/AUTHENTICATION Take p = 7, q = 11, so n = 77 and (n) = 60 Alice chooses e = 17, making d = 53 Alice wants to send Bob message HELLO (07
04 11 11 14) so Bob knows it is what Alice sent (no changes in transit, and authenticated) 0753 mod 77 = 35 0453 mod 77 = 09 1153 mod 77 = 44 1153 mod 77 = 44 1453 mod 77 = 49
Alice sends 35 09 44 44 49
EXAMPLE Bob receives 35 09 44 44 49 Bob uses Alice’s public key, e = 17, n = 77, to decrypt
message: 3517 mod 77 = 07 0917 mod 77 = 04 4417 mod 77 = 11 4417 mod 77 = 11 4917 mod 77 = 14
Bob translates message to letters to read HELLO Alice sent it as only she knows her private key, so no one
else could have enciphered it If (enciphered) message’s blocks (letters) altered in
transit, would not decrypt properly
EXAMPLE: BOTH Alice wants to send Bob message HELLO both
enciphered and authenticated (integrity-checked) Alice’s keys: public (17, 77); private: 53 Bob’s keys: public: (37, 77); private: 13
Alice enciphers HELLO (07 04 11 11 14): (0753 mod 77)37 mod 77 = 07 (0453 mod 77)37 mod 77 = 37 (1153 mod 77)37 mod 77 = 44 (1153 mod 77)37 mod 77 = 44 (1453 mod 77)37 mod 77 = 14
Alice sends 07 37 44 44 14
SECURITY SERVICES
Confidentiality
Only the owner of the private key knows it, so
text enciphered with public key cannot be read
by anyone except the owner of the private key
Authentication
Only the owner of the private key knows it, so
text enciphered with private key must have been
generated by the owner
MORE SECURITY SERVICES
Integrity
Enciphered letters cannot be changed
undetectably without knowing private key
Non-Repudiation
Message enciphered with private key came from
someone who knew it
RSA Asymmetric cryptographic algorithm
published in 1978 The most popular asymmetric algorithm used
today Now free to use – patent expired in 2000 Relies on the hardness of factoring a number
consisting of two primes
WARNINGS
Encipher message in blocks considerably
larger than the examples here
If 1 character per block, RSA can be broken using
statistical attacks (just like classical
cryptosystems)
Attacker cannot alter letters, but can rearrange
them and alter message meaning
Example: reverse enciphered message of text ON to
get NO
KEY POINTS Two main types of cryptosystems:
classical and public key Classical cryptosystems encipher and
decipher using the same keyOr one key is easily derived from the other
Public key cryptosystems encipher and decipher using different keysComputationally infeasible to derive one
from the other