r r r cse870: advanced software engineering: cheng (sp 2003)1 encryption a brief overview

CSE870: Advanced Software Engineering: Cheng (Sp 2003)

1

R

R

R

Encryption

A Brief Overview


2

R

R

RAcknowledgements

• Charles Pfleedger

• E. Spafford

• William A. Stein

• FOLDOC

• Sunit Chauhan

• Jim Xu, et al.

• Shawn Hillis


3

R

R

ROutline

• Basic concepts

• Stream ciphers

• Block ciphers

• Summary of Stream and Block ciphers

• Public key encryption


4

R

R

RWhy do we need encryption

• Scenario: – S wants to send the message T to R, where an outsider, O, wants the

message and tries to access it. – S: Sender– R: Receiver– T: Transmission Medium– O: Interceptor or Intruder.

• 4 ways O might try to access message.– Block it: prevent T from reaching R (availability)– Intercept it: read or listen to message (secrecy)– Modify it: obtaining message and changing it– Fabricate: generate an authentic-looking message to be delivered to R

appearing to come from S


5

R

R

RBasic Concepts

• Encryption: – Definition: mechanisms to disguise the

message so that if the intermission is intercepted/diverted, the content of the message will not be understood.

– Impact: foundational building block to security-based computing


6

R

R

RBasic Concepts – cont’d

• Cryptosystem– 5-tuple <E, D, M, K, C>

• M: set of plain text• C: set of cipher text• K: set of keys• E: M x K -> C• D: C x K -> M


7

R

R

R Basic Concepts – cont’d• Encryption: process of encoding a message so that its

meaning is not obvious• Decryption: transforming encrypted message back to its

normal form• Encode/decode: translating phrases to other words or phrases• Encipher/decipher: translating letters or symbols individually. • Plaintext: original form of message: P = (p1,p2,…, pn)

• Ciphertext: encrypted form of message: C = (c1,c2,…, cn)

• Encryption/decryption relationships: – C = E(P); P = D(C); P = D(E(P))


8

R

R


• Some encryption algs use a key K– C = E(K,P)– E is a SET of encryption algs– Key K selects specific one

• Symmetric Encryption: P = D(K,E(K,P))– encryption/decryption keys are the same

• Asymmetric Encryption: P = D(KD,E(KE,P))


9

R

R

RPictorial Representation

Key

Plaintext Ciphertext

OriginalPlaintext

Encryption Decryption

Encryption Key

Plaintext Ciphertext

OriginalPlaintext

Encryption Decryption

Decryption KeyKDKE

Symmetric Encryption:

Asymmetric Encryption:


10

R

R


• Cryptography: (hidden writing) – Practice of using encryption to conceal text

• Cryptanalyst:– Person who studies encryption and encrypted messages– Intent: find hidden meaning

• Cryptographer and Cryptanalyst:– Both attempt to translate coded material to original form– Cryptographer: works on behalf of legitimate sender or receiver. – Cryptanalyst: Works on behalf of unauthorized interceptor

• Cryptology: research/study into encryption/decryption– Includes cryptography and cryptanalysis.


11

R

R


• Cryptanalysis– Objective: Break an encryption

• Deduce the meaning of a ciphertext mesg• Determine decrypting algorithm that matches an encrypting algorithm

– Possible techniques:• break single message• Recognize patterns in encrypted mesgs

– break subsequent mesgs with straightforward decryption alg

• Find general weaknesses in encryption alg– Without necessarily intercepting any mesgs

– Tools:• Encrypted mesgs, known encryption algs, intercepted plaintext, data elements

known/suspected of being in ciphertext, mathematical/statistical techniques, props of languages, computers, and luck


12

R

R


• Breakability– Encryption algorithm is BREAKABLE:

• Given enough time and data, an analyst could determine the algorithm• Practicality is issue• For given cipher scheme, may have 1030 possible decipherments

– Select one from 1030

• Current technology: perform 1010 ops/sec– Require 1020 secs – 1012 years

– Reality Check:• Cryptanalyst won’t just try the “hard” ways

– Ex: more clever approach, might only take 1015 ops• 1010 ops/sec, 1015 ops will take about one day

• Breakability estimates are based on CURRENT technology


13

R

R

RStream Ciphers and Block Ciphers

• Stream Ciphers– Letter by letter– E.g. substitution-based cipher

• Block cipher– Block by block– E.g. transposition based cipher


14

R

R

RCharacter Representations

• Study ways to encrypt any computer material:– ASCII/EBCDIC chars– Binary data or Object code– Control stream

A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25


15

R

R

RSubstitution-based Encryption

• Monoalphabetic Ciphers– Caesar Cipher: ci = E(pi) = pi + k– Cryptosystem

• K: {k| 0<=k<=25}• E: (m+k) mod 26• D: (26+c-k) mod 26• C = M = {all sequence of roman letters}

– Examples ( k=3)• wuhdwb lpsrvvleoh, • wklv phvvdjh lv qrw wrr kdug wr euhdn

– Evaluation• Easy to perform in field (no written instructions)• Too simple, very easy to break


16

R

R

R

Substitution-based Encryption – cont’d

– Weakness: study frequency distribution

[Jim Xu, et al.]


17

R

R

RSubstitution-based Encryption-cont’d

• Polyalphabetic Substitution Ciphers– Desire flat distribution– Combine distributions that are high with low ones

• Encipher T as a and sometimes as b• Also encipher X as a and sometimes as b

– Use two separate encryption alphabets• Tables for odd and even positions

mod 26

mod 26TREAT YIMPO SSIBL EFumnf dyvtf czysh h

– Weaknesses• Break by studying patterns (digram, trigram)


18

R

R

RSubstitution Discussion

• Major weakness: – frequency distribution

• (index of coincidence: measure of variation between frequencies in a distribution)

– Some letters are just used more frequently than others– Numerous enciphering techniques still can make it difficult to hide

these patterns– Kasiski Method: find number of alphabets used

• Identify repeated patterns of 3 or more chars• For each pattern, write down position at which each instance of pattern begins• Compute difference between start points of success instances• Determine all factors of each difference• If polyalphabetic subst used, key length will be one of the factors that appears

often in previous step.


19

R

R

RTranspositions (Permutations)

• Definition: encryption where letters are rearranged.

• Goal: diffusion, spread info from message or key out widely across the ciphertext.

• Try to break established patterns. – Digram or trigram: patterns of adjacent letters.

• Study 2 and 3 letter combinations of adj letters• E.g. th, en, ing, etc.


20

R

R

RTransposition Techniques

• Columnar Transpositions:– Rearrangement of

chars of plaintext into cols

C1 C2 C3 C4 C5

C6 C7 C8 C9 C10

C11 C12 Etc.

T H I S I

S A M E S

S A G E T

O S H O W

H O W A C

O L U M N

A R T R A

N S P O S

I T I O N

W O R K Stssoh oaniw haaso lrsto imghwutpir seeoa mrook istwc nasns


21

R

R

RTransposition

• Double Transposition Alg:– Involves 2 columnar transpositions– With different number of columns, applied

sequentially.

• Fractionated Morse:– keyed mono-alphabetic cipher– Result is subsequently blocked (clustered)– Morse code is used as its basis


22

R

R

RSummary

• Stream Ciphers (substitution based)– Mono and poly-alphabetic encryptions– Since they convert one symbol of plaintext

immediately into a symbol of ciphertext– Features include: a) speed of

transformation, b) low error propagation– Disadvantages are: a) low diffusion, b)

susceptible to malicious insertions


23

R

R

RSummary – cont’d

• Block Ciphers – Columnar transposition algorithm and

fractionated Morse– Since a group of plaintext symbols are

encrypted as one block– Features include: a) diffusion, b) immunity

to insertions– Disadvantages are: a) slowness of

encryption, b) error propagation


24

R

R

RSummary – cont’d

• Combination of stream cipher and block cipher can be very powerful– DES– Will go into details

r r r cse870: advanced software engineering: cheng (sp 2003)1 encryption a brief overview

Documents

message t

message secrecymodify

encrypted form of message

encryption algwithout

sameasymmetric encryption

original form of message

set of encryption algskey

encrypted messagesintent