network securitynetwork securityailab.cs.nchu.edu.tw/course/networksecurity/101/ns02.pdf · –...
TRANSCRIPT
Network SecurityNetwork Security 網路安全網路安全
L 2Lecture 2February 25, 2013eb u y ,
洪國寶
1
Outline• Review• CryptologyCryptology
– Introduction and terminologies – Definition of cryptosystem and cryptanalysis
Types of encryption– Types of encryption • operations• the number of keys used• the way the plaintext processed• the way the plaintext processed
– Symmetric encryption -- Classical techniques• substitution:
monoalphabetic: Caesar Playfair Hill– monoalphabetic: Caesar, Playfair, Hill– polyalphabetic: Vigenere tableau
• transposition
2
Review
• Grading• Motivation• Definitions• Definitions• Security services, mechanisms, and attacks
(X800)• Basic network concept• Basic network concept• Security models
3
Review
• Grading (Tentative)H k 15%Homework 15%
(You may collaborate when solving the homework, however when writing up the solutions you must dohowever when writing up the solutions you must do so on your own. No typed or printed assignments.)
Project 20% (Presentation and/or paper required)Project 20% (Presentation and/or paper required) Midterm exam 25% (Open book and notes)Final exam 30% (Open book and notes)Final exam 30% (Open book and notes)Class participation 10%
4
Review: Motivation
• Hacker intrusion• Password compromise (access control)• Spam (data integrity)• Spam (data integrity)• Program security• Virus
D i l f i• Denial of service
5
Review: Definitions
• Computer Security - generic name for the ll ti f t l d i d t t t d tcollection of tools designed to protect data
and to thwart hackers• Network Security - measures to protect
data during their transmissiong• Internet Security - measures to protect
data during their transmission over adata during their transmission over a collection of interconnected networks
6
Review: Security GoalsSecurity Goals
• The goal of security is to institute controls that preserve– secrecy: assets are accessible only bysecrecy: assets are accessible only by
authorized parties;– integrity: assets can be modified only by– integrity: assets can be modified only by
authorized parties;a ailabilit t il bl t th i d– availability: assets are available to authorized parties.
7
Review: Services, Mechanisms, Attacks
• three aspects of information security:– security attack– security mechanismsecurity mechanism– security service
8
Review: Security Services (X.800)
• Authentication - assurance that the communicating entity is the one claimedcommunicating entity is the one claimed
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
• Data Integrity - assurance that data received is as sent by an authorized entityN R di ti i i d i l b• Non-Repudiation - protection against denial by one of the parties in a communication
9
Review: Security Mechanisms (X.800)
• Specific security mechanisms: May be incorporated into the appropriate protocol layer inincorporated into the appropriate protocol layer in order to provide some of the OSI security services.– encipherment, digital signatures, access controls, data
i i h i i h ffi ddiintegrity, authentication exchange, traffic padding, routing control, notarization
• Pervasive security mechanisms: MechanismsPervasive security mechanisms: Mechanisms that are not specific to any particular OSI security service or protocol layer.– trusted functionality, security labels, event detection,
security audit trails, security recovery
10
Review: Classify Security Attacks as
• Passive attacks - eavesdropping on, or monitoring f i iof, transmissions to:– obtain message contents, or– monitor traffic flows
• Active attacks – modification of data stream to:– masquerade of one entity as some other– replay previous messages– modify messages in transit– denial of service
11
Review: Network concepts
• Terminology: node, host, link, terminal• Media: cable, optical fiber, microwave• Protocol: ISO reference model TCP/IP• Protocol: ISO reference model, TCP/IP• Addressing: IP address, port, socket• Type of network: LAN, WAN, internet
T l b t h b i• Topology: common bus, star or hub, ring
12
Review: Internet Protocols vs OSI
Application 7
Presentation
Session
Application4 6
5Session
TransportTCPIP2
3 4
5
Network
Data Link
IP
Network Interface1
2
2
3
PhysicalHardware1
1
13
R i M d l f N kReview: Model for Network Communication Securityy
14
Review: Model for Network AccessReview: Model for Network Access Securityy
15
Outline• Review• CryptologyCryptology
– Introduction and terminologies – Definition of cryptosystem and cryptanalysis
Types of encryption– Types of encryption • operations• the number of keys used• the way the plaintext processed• the way the plaintext processed
– Symmetric encryption -- Classical techniques• substitution:
monoalphabetic: Caesar Playfair Hill– monoalphabetic: Caesar, Playfair, Hill– polyalphabetic: Vigenere tableau
• transposition
16
Cryptology
• Introduction and terminologies• Definition of cryptosystem and cryptanalysis• Types of encryption
i– operations– the number of keys used– the way the plaintext processedy p p
• Symmetric encryption -- Classical techniques – substitution:
• monoalphabetic: Caesar, Playfair, Hill• polyalphabetic: Vigenere tableau
– transposition
17
Steganography vs Cryptography
• Types of transformation (in model for network communication security model)– Steganography: conceal the existence of theSteganography: conceal the existence of the
secret message (watermarking / data hiding)– Cryptography: render the secret message– Cryptography: render the secret message
unintelligible to outsiders
18
Steganography
• hides existence of message– using only a subset of letters/words in a longer
message marked in some wayg y– using invisible ink
hiding in LSB in graphic image or sound file– hiding in LSB in graphic image or sound file• has drawbacks
– high overhead to hide relatively few info bits
19
Steganography
20
The Bible Code
The Bible Codeby Michael Drosniny
21
紀曉嵐 / 蘇東玻
• 鳳遊禾蔭鳥飛去
馬走蘆邊草不生
• 日落香殘 去了凡心一點
火盡爐寒 來把一馬栓牢
22
Basic Terminology• plaintext - the original message • ciphertext - the coded message
i h l i h f f i l i i h• cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext• encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext• cryptography - study of encryption principles/methodsyp g p y y yp p p• cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key• cryptology the field of both cryptography and cryptanalysis• cryptology - the field of both cryptography and cryptanalysis
23
Cryptology
• Introduction and terminologies • Definition of cryptosystem and cryptanalysis• Types of encryption
i– operations– the number of keys used– the way the plaintext processedy p p
• Symmetric encryption -- Classical techniques– substitution:
• monoalphabetic: Caesar, Playfair, Hill• polyalphabetic: Vigenere tableau
– transposition
24
Definition of cryptosystems
A cryptosystem is a five-tuple (P,C,K,E,D), where the following conditions are satisfied:the following conditions are satisfied:
1. P is a finite set of possible plaintexts2 C i fi i f ibl i h2. C is a finite set of possible ciphertexts3. K, the key space, is a finite set of possible keys4. For each k K, there is an encryption rule eKE
and a corresponding decryption rule dK D. E h P C d d C P f iEach eK :P C and dK : C P are functions such that dK(eK(x)) = x for every plaintext x P.
25
Attacking a cryptosystem
• Cryptanalysis approach: this type of attack l i h h i i f h l i h lexploits the characteristics of the algorithm plus
perhaps some knowledge of the general h i i f h l icharacteristics of the plaintext or even some
sample plaintext-ciphertext pairs.• Brute force approach: an attacker tries every
possible key on a piece of ciphertext until intelligible translation into plaintext is obtained.
26
Types of Cryptanalytic Attacks• ciphertext only
– only know algorithm / ciphertextk l i• known plaintext– know/suspect plaintext & ciphertext to attack cipher
• chosen plaintext• chosen plaintext– select plaintext and obtain ciphertext to attack cipher
• chosen ciphertext• chosen ciphertext– select ciphertext and obtain plaintext to attack cipher
• chosen textchosen text– select either plaintext or ciphertext to en/decrypt to attack
cipher
27
Kerkhoff’s principle (1/4)• Why did people publish their cryptoystem (DES, . . . )?• Better: don’t publish your system but keep it secret!• Better: don t publish your system but keep it secret!
• Auguste Kerkhoffs “La Cryptographie Militaire”• Auguste Kerkhoffs, La Cryptographie Militaire , 1883Cryptographic systems should be designed in such aCryptographic systems should be designed in such a way that they are not compromised if the opponent learns the technique being used.
• In other words, the security should reside in thechoice of key rather than in obscure design features.
28
Kerkhoff’s principle (2/4)
• It is hard (and often impossible), to keep a cryptosystem in use secret!
• What if you fail to keep it secret?What, if you fail to keep it secret?
29
Kerkhoff’s principle (3/4)
• Designing a good cryptosystem is hard! Even i i f Mexperts get it wrong quite often: Most
cryptosystems are broken after publication. Use a i !survivor!
• “. . . nothing substitutes for extensive peer review and years of analysis.” – B. Schneier
• If you don’t publish, nobody will analyze your y p , y y yscheme . . . except for the bad guys!
30
Kerkhoff’s principle (4/4)
• Distinguish system itself (= algorithm), from key:– Key: secret, easy to change, chosen at randomKey: secret, easy to change, chosen at random
from large set of possible keys.• Assume: Bad guys know system but• Assume: Bad guys know system but
don’t know key!
31
Types of attacks on encrypted messagesyp yp g
32
Brute Force Search
• always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext• assume either know / recognise plaintext
33
Brute Force Search
• Input: C, KOutput: M or k
loop until an intelligible translation into p gplaintext is obtained (M is meaningful)
k Kk KM D(C)
output M or k• Complexity: |K|/2 (expected number of iterations)
34
p y | | ( p )
More Definitions
• unconditional security– no matter how much computer power is
available, the cipher cannot be broken since the i h t t id i ffi i t i f ti tciphertext provides insufficient information to
uniquely determine the corresponding plaintext t ti l it• computational security
– given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
35
Modern cryptology
• Use computational complexity theory to design cryptosystems which provide good diffusion and confusion– diffusion – dissipates statistical structure of
plaintext over bulk of ciphertextplaintext over bulk of ciphertext– confusion – makes relationship between
ciphertext and key as complex as possibleciphertext and key as complex as possible
36
Cryptology
• Introduction and terminologies • Definition of cryptosystem and cryptanalysis• Types of encryption
i– operations– the number of keys used– the way the plaintext processedy p p
• Symmetric encryption -- Classical techniques– substitution:
• monoalphabetic: Caesar, Playfair, Hill• polyalphabetic: Vigenere tableau
– transposition
37
Cryptographic systems
• can characterize by:– type of encryption operations used
• substitution / transposition / productp p
– number of keys used• single-key or private / two-key or publicsingle-key or private / two-key or public
– way in which plaintext is processedbl k / t• block / stream
38
Type of operations
• Fundamental requirement: no information is lost (all operations are reversible)
• Substitution: each element in the plaintextSubstitution: each element in the plaintext (bit, letter, group of bits or letters) is mapped into another elementmapped into another element
• Transposition: elements in the plaintext are rearranged.
39
Cryptographic systems
• can characterize by:– type of encryption operations used
• substitution / transposition / productp p
– number of keys used• single-key or private / two-key or publicsingle-key or private / two-key or public
– way in which plaintext is processedbl k / t• block / stream
40
Symmetric Encryption
• AKA conventional/private-key/single-key• sender and recipient share a common key• all classical encryption algorithms are• all classical encryption algorithms are
private-key• was only type prior to invention of public-
key in 1970’skey in 1970 s
41
Symmetric Cipher Model
42
43
Requirements
• two requirements for secure use of t i tisymmetric encryption:
– a strong encryption algorithm– a secret key known only to sender / receiver
Y = EK(X)K( )X = DK(Y)
• assume encryption algorithm is knownassume encryption algorithm is known• implies a secure channel to distribute key
44
Public-Key Cryptography
• probably most significant advance in the 3000 hi t f t h3000 year history of cryptography
• uses two keys – a public & a private keyy p p y• asymmetric since parties are not equal • uses clever application of number theoretic• uses clever application of number theoretic
concepts to functionl th th l i• complements rather than replaces private
key crypto45
Public-Key Cryptography
• public-key/two-key/asymmetric cryptography involves the use of two keys:involves the use of two keys: – a public-key, which may be known by anybody, and
can be used to encrypt messages, and verifycan be used to encrypt messages, and verify signatures
– a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
• is asymmetric because– those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
46
Public-Key Cryptography
47
Why Public-Key Cryptography?
• developed to address two key issues:– key distribution – how to have secure
communications in general without having to t t KDC ith ktrust a KDC with your key
– digital signatures – how to verify a message i t t f th l i d dcomes intact from the claimed sender
• public invention due to Whitfield Diffie & Martin Hellman at Stanford U. in 1976– known earlier in classified community
48
Public-Key Characteristics
• Public-Key algorithms rely on two keys ith th h t i ti th t it iwith the characteristics that it is:
– computationally infeasible to find decryption k k i l l i h i kkey knowing only algorithm & encryption key
– computationally easy to en/decrypt messages h h l ( /d ) k i kwhen the relevant (en/decrypt) key is known
– either of the two related keys can be used for i i h h h d f d iencryption, with the other used for decryption
(in some schemes)
49
Public-Key Cryptosystems
50
Cryptographic systems
• can characterize by:– type of encryption operations used
• substitution / transposition / productp p
– number of keys used• single-key or private / two-key or publicsingle-key or private / two-key or public
– way in which plaintext is processedbl k / t• block / stream
51
Block vs Stream Ciphers
• block ciphers process messages in into bl k h f hi h i th /d t dblocks, each of which is then en/decrypted
• like a substitution on very big charactersy g– 64-bits or more
• stream ciphers process messages a bit orstream ciphers process messages a bit or byte at a time when en/decrypting
• man c rrent ciphers are block ciphers• many current ciphers are block ciphers• hence are focus of course
52
Cryptology
• Introduction and terminologies • Definition of cryptosystem and cryptanalysis• Types of encryption
i– operations– the number of keys used– the way the plaintext processedy p p
• Symmetric encryption -- Classical techniques– substitution:
• monoalphabetic: Caesar, Playfair, Hill• polyalphabetic: Vigenere tableau
– transposition
53
Classical Substitution Ciphers
• where letters of plaintext are replaced by other letters or by numbers or symbols
• or if plaintext is viewed as a sequence ofor if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bitplaintext bit patterns with ciphertext bit patterns
54
Caesar Cipher
• earliest known substitution cipher• by Julius Caesar • first attested use in military affairs• first attested use in military affairs• replaces each letter by 3rd letter on• example:
meet me after the toga partymeet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWB
55
Caesar Cipher
• can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• mathematically give each letter a numbery ga b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
• then have Caesar cipher as:C ( ) ( k) d (26)C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
56
Cryptanalysis of Caesar Cipher
• only have 26 possible ciphers – A maps to A,B,..Z
• could simply try each in turn p y y• a brute force search• given ciphertext just try all shifts of letters• given ciphertext, just try all shifts of letters• do need to recognize when have plaintext• eg. break ciphertext “PHHW PH DIWHU
WKH WRJD SDUWB"57
58
Monoalphabetic Cipher
• rather than just shifting the alphabet ld h ffl (j bl ) h l bi il• could shuffle (jumble) the letters arbitrarily
• each plaintext letter maps to a different random i h lciphertext letter
• hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz i hCipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplacelettersCipherte t WIRFRWAJUHYFTSDVFSFUUFYA
59
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Security
• now have a total of 26! = 4 x 1026 keys • with so many keys, might think is secure • but would be !!!WRONG!!!• but would be !!!WRONG!!!• problem is language characteristics
60
Language Redundancy and Cryptanalysis
• human languages are redundant• letters are not equally commonly used • in English e is by far the most common letter g y• then T,R,N,I,O,A,S • other letters are fairly rare• other letters are fairly rare • cf. Z,J,K,Q,X • have tables of single, double & triple letter
frequencies
61
English Letter Frequencies
62
Frequencies in Cryptanalysis• key concept - monoalphabetic substitution ciphers do
not change relative letter frequencies h• discovered by Arabian scientists in 9th century
• calculate letter frequencies for ciphertext• compare counts/plots against known values • if Caesar cipher look for common peaks/troughs p p g
– peaks at: A-E-I triple, NO pair, RST triple– troughs at: JK, X-Z
• for monoalphabetic must identify each letter– tables of common double/triple letters help
63
Example Cryptanalysis
• given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZUZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• count relative letter frequencies• guess P & Z are e and t• guess ZW is th and hence ZWP is the• proceeding with trial and error fially get:p g y g
it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the viet cong in moscow
64
representatives of the viet cong in moscow
Playfair Cipher
• not even the large number of keys in a monoalphabetic cipher provides security
• one approach to improving security was toone approach to improving security was to encrypt multiple letters h i l• the Playfair Cipher is an example
• invented by Charles Wheatstone in 1854,invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair
65
Playfair Key Matrix
• a 5X5 matrix of letters based on a keyword • fill in letters of keyword (sans duplicates) • fill rest of matrix with other letters• fill rest of matrix with other letters• eg. using the keyword MONARCHY
MONARCHYBDEFGIKLPQST
66UVWXZ
Encrypting and Decrypting• plaintext encrypted two letters at a time:
1 if a pair is a repeated letter insert a filler like 'X'1. if a pair is a repeated letter, insert a filler like X , eg. "balloon" encrypts as "ba lx lo on"
2. if both letters fall in the same row, replace each with l i h ( i b k f d)letter to right (wrapping back to start from end),
eg. “ar" encrypts as "RM" 3. if both letters fall in the same column, replace each , p
with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"
4 otherwise each letter is replaced by the one in its row4. otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
67
Security of the Playfair Cipher
• security much improved over monoalphabetici h 26 26 676 di• since have 26 x 26 = 676 digrams
• would need a 676 entry frequency table to analyse ( 26 f l h b i )(verses 26 for a monoalphabetic)
• and correspondingly more ciphertext • was widely used for many years (eg. US & British
military in WW1) • it can be broken, given a few hundred letters • since still has much of plaintext structure
68
Hill cipher
• Hill 1929• The encryption algorithm takes m
successive plaintext letters and substitutessuccessive plaintext letters and substitutes for them m ciphertext letters.
{ i ibl i }• K = {m m invertible matrices over Z26 }• Example: m = 3Example: m 3
69
Hill cipher
• Hill cipher completely hides single letter frequencies (i.e. Hill cipher is strong against ciphertext only attack.)p y )
• Hill cipher can be easily broken with a known plaintext attack (only needknown plaintext attack (only need mplaintext-ciphertext pairs).
• Example: m = 3
70
Polyalphabetic Ciphers
• another approach to improving security is to use multiple cipher alphabetsmultiple cipher alphabets
• called polyalphabetic substitution ciphersk l i h d i h l h b• makes cryptanalysis harder with more alphabets to
guess and flatter frequency distribution k l hi h l h b i d f h• use a key to select which alphabet is used for each
letter of the message h l h b i• use each alphabet in turn
• repeat from start after end of key is reached
71
Vigenère Cipher
• simplest polyalphabetic substitution cipher is the Vi è Ci hVigenère Cipher
• effectively multiple caesar ciphers • key is multiple letters long K = k1 k2 ... kd • ith letter specifies ith alphabet to usei letter specifies i alphabet to use • use each alphabet in turn
f f d l i• repeat from start after d letters in message• decryption simply works in reverse
72
Example
• write the plaintext out
• eg using keyword deceptive• eg using keyword deceptivekey:l i t t di d lfplaintext: wearediscoveredsaveyourself
ciphertext:
73
Example
• write the plaintext out • write the keyword repeated above it
• eg using keyword deceptive• eg using keyword deceptivekey: deceptivedeceptivedeceptivel i t t di d lfplaintext: wearediscoveredsaveyourself
ciphertext:
74
Example
• write the plaintext out • write the keyword repeated above it• use each key letter as a caesar cipher key y p y
encrypt the corresponding plaintext letter• eg using keyword deceptive• eg using keyword deceptive
key: deceptivedeceptivedeceptivel i t t di d lfplaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
75
Aids
• simple aids can assist with en/decryption • expand into a Vigenère Tableau (see text
Table 2 3)Table 2.3)
76
77
Security of Vigenère Ciphers
• have multiple ciphertext letters for each l i t t l ttplaintext letter
• hence letter frequencies are obscuredq• but not totally lost• start with letter frequencies• start with letter frequencies
– see if look monoalphabetic or notif h d d i b f• if not, then need to determine number of alphabets, since then can attach each
78
Kasiski Method
• method developed by Babbage / Kasiski i i i i h i l i d• repetitions in ciphertext give clues to period
• so find same plaintext an exact period apart which results in the same ciphertext of course, could also be random fluke
• eg repeated “VTW” in previous example– suggests size of 3 or 9gg– then attack each monoalphabetic cipher individually
using same techniques as before
79
Example
• write the plaintext out • write the keyword repeated above it• use each key letter as a caesar cipher key y p y• encrypt the corresponding plaintext letter• eg using keyword deceptive• eg using keyword deceptive
key: deceptivedeceptivedeceptivel i t t di d lfplaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
80
One-Time Pad (1/3)• If a truly random key as long as the message is used, the
cipher will be securecipher will be secure. • It is called a One-Time pad (OTP)
P=C=K=(Z2)n, n ≥1( ) , ≥k = (k1, k2, …, kn ) x = (x1, x2, …, xn )( 1 2 n )y = (y1, y2, …, yn )
ek(x) = (x1 k1, x2 k2, …, xn kn)dk(y) = (y1 k1, y2 k2, …, yn kn)
81
One-Time Pad (2/3)
• One-Time pad is unbreakable since if k is d h i d ( h i i hrandom then y is random too (that is, ciphertext
bears no statistical relationship to the plaintext) d f l i t t & i h t t hand for any plaintext & any ciphertext there
exists a key mapping one to other.• In practice, two fundamental difficulties
– Supplying truly random keys of large volumn is a significant task
– Key distribution and protection are problematic
82
One-Time Pad (3/3)
• One-Time pad is of limited utility, and is useful primarily for low bandwidth channels requiring very high security. q g y g y
83
Cryptology
• Introduction and terminologies • Definition of cryptosystem and cryptanalysis• Types of encryption
i– operations– the number of keys used– the way the plaintext processedy p p
• Symmetric encryption -- Classical techniques– substitution:
• monoalphabetic: Caesar, Playfair, Hill• polyalphabetic: Vigenere tableau
– transposition
84
Transposition Ciphers
• now consider classical transposition or permutation ciphers
• these hide the message by rearranging thethese hide the message by rearranging the letter order
i h l i h l l d• without altering the actual letters used
85
Rail Fence cipher
• write message letters out diagonally over a number of rows
• eg. write message out as:m e m a t r h t g p r ye t e f e t e o a a t
86
Rail Fence cipher
• write message letters out diagonally over a number of rows
• then read off cipher row by rowthen read off cipher row by row• eg. write message out as:
m e m a t r h t g p r ye t e f e t e o a a t
• giving ciphertextMEMATRHTGPRYETEFETEOAAT
87
Row Transposition Ciphers
• a more complex schemeit l tt f t i• write letters of message out in rows over a
specified number of columnsh d h l di• then reorder the columns according to some
key before reading off the rowsK 3 4 2 1 5 6 7Key: 3 4 2 1 5 6 7Plaintext: a t t a c k p
o s t p o n ed u n t i l tw o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
88
Product Ciphers
• ciphers using substitutions or transpositions are b f l h i inot secure because of language characteristics
• hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a
new much harder cipher
• this is bridge from classical to modern ciphers89
g p
Question?
90