security in computing cryptography (introduction) derived from greek words: ‘kruptos’ (hidden)...
TRANSCRIPT
Security in ComputingSecurity in Computing
Cryptography (Introduction)
Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing
I.I. Terms and ConceptsTerms and ConceptsA. Encryption: transform a message
so its meaning in not obvious
B. Decryption: remove the transformation
C. Plaintext: unencrypted version of a message (i.e. original message)
D. Ciphertext: encrypted versions of a message
E. Cipher: Encryption algorithm
I.I. Terms and ConceptsTerms and ConceptsD. Key: object (string) that
personalises an encryption algorithm (in the same way that a key personalises a physical lock)
E. Types of encryption
1. Symmetric: same key performs both encryption and decryption
2. Asymmetric: distinct keys, very different keys, one for encryption only and the other for decrypting only
I.I. Terms and ConceptsTerms and Concepts
F. Processes
1. Cryptography: performing encryption and decryption
2. Cryptology: designing encryption algorithms
3. Cryptanalysis: analyzing algorithms and encrypted text with the objective of breaking the encryption
I.I. Terms and ConceptsTerms and Concepts
G. Breaking encryption
1. Determining the content of an encrypted message without the use of the key
2. Almost any encryption can be broken in theory; in practice the amount of work (time) to do so may be prohibitive
3. “Work factor” is the estimate of amount of time sufficient to break an encryption; work factor may depend on speed of computers
I.I. Terms and ConceptsTerms and Concepts4. The attacker can use any tools,
techniques and approaches ...
‘All is fair in love, war and cryptanalysis’!
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
A. According to Shannon(1949) characteristics of good ciphers:
1. Desired amount of secrecy should determine the amount of labour for encryption and decryption
a) Low sensitivity items should not be protected under a cipher that is very difficult to implement
b) For high sensitivity items, it is worth paying a price in difficulty to encrypt
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
2. Keys and algorithms should not be complex
a) Applying a complex algorithm or allowing only particular keys is error-prone
b) A complex algorithm may be avoided in the field
3. The implementation of the process should be as simple as possible
a) Hand implementation or complex computer programs are error-prone
4. Error in ciphering should not propagate and corrupt further cipher text – e.g. acknowledges the possibility of error
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
5. Size of ciphertext should be no be larger than the size of the plaintext
a) a larger ciphertext size cannot carry more information (because that depends on the plaintext)
b) Longer ciphertext required more space and time to decrypt
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
B. Properties of trustworthy encryption
1. Based on sound mathematicsa) Has a strong theoretical underpinning
to justify its strength
2. Analysed by competent expertsa) Has been scrutinized objectively
3. Has stood the test of timea) Has been used without problem and
continues to undergo expert review
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
C. More terms and concepts1. Key distribution: problem of
establishing shared secret keys between sender and receiver
2. Key management: problem of storing and changing keys over time
3. Stream Vs block ciphersa) Stream cipher: plaintext converted
immediately to ciphertextb) Block cipher: plaintext queued up until a
full block is ready, then encrypted as a block
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
4. Confusion and diffusiona) Confusion: complex relationship between
a plaintext unit and its ciphertextb) Diffusion: effect of changing a plaintext
character to ciphertext is spread widely through the ciphertext
4. Types of Cryptanalysis 1. Ciphertext only: common case,
ciphertext intercepted without contextNote: The algorithm used may be known but not the key
II.II. ““Secure” Encryption Secure” Encryption CharacteristicsCharacteristics
2. Known plaintext: some plaintext and corresponding (matched) ciphertext
a) the goal is to figure out how the plaintext was transformed to that ciphertext
b) use the same approach to break the ciphertext for which the plaintext is not available
3. Chosen plaintext: a) ability to force the system to encrypt
anything (“chosen plaintext”) and see the effect
b) deduce what algorithm (or key was used)c) to break other ciphertext
A. Building Blocks1. Substitution – change one symbol
(or unit) into anothera) Achieves confusion: obscures the
meaning of a symbol
2. Transposition (or permutation): move symbols (or units) around in ciphertext
a) Achieves diffusion: spreads effects of encryption throughout ciphertext
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
B. Caesar Cipher (a form of substitution)1. Shifts all letters of alphabet n positions
forward. original cipher used n = 32. Easily implemented, can be done easily
in the head, required no paper or other physical resources
3. Also easy to break
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
For each plaintext letter p, substitute the ciphertext letter C:
C = E(3, p) = (p + 3) mod 26
P = D(k, C) = (C – 3) mod 26
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
C. One-Time Pad (next week)D. Multiple Substitutions (next
week)E. Columnar Transposition (next
week)F. Other (next week)
III.III. Simple (Traditional) Simple (Traditional) CiphersCiphers
A. Brute Force1. Try all the possible keys
a) E.g.: Cesar Cipher – there are only 25 possible keys to try - try all 25 possible keys and the plaintext leaps out
2. Cryptanalysisa) the art of breaking ciphers based on
nature of algorithm or plaintextb) Based on letter frequency distributions
of written language, e.g.: English
IV.IV. Types of AttacksTypes of Attacks