CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Classical Cryptography

CIT 380: Securing Computer SystemsSlide #2 Perfect Security: The One-Time Pad A Vigenère cipher with a random key at least as long as the message. Provably unbreakable. Example ciphertext: DXQR. Equally likely to correspond to –plaintext DOIT (key AJIY ) –plaintext DONT (key AJDY ) –and any other 4 letters.

CIT 380: Securing Computer SystemsSlide #3 One-Time Pad Warning: keys must be random, or you can attack the cipher by trying to regenerate the key. Approximations, such as using computer pseudorandom number generators to generate keys, are not random.

CIT 380: Securing Computer SystemsSlide #4 Block Ciphers Encrypt groups (blocks) of chars at once. Improvement over single char substitution –Cryptanalysis must use digraph frequencies for two-char blocks. –Longer blocks are more difficult to analyze. –Modern ciphers are block ciphers. Example: Playfair Cipher, 1854

CIT 380: Securing Computer SystemsSlide #5 Playfair Cipher Create 5x5 table –Fill in spaces with letters of key, dropping duplicate letters. –Fill remaining spaces with unused letters of alphabet in order Drop Q … or I = J PLAYF I|JREXM BCDGH KNOQS TUVWZ

CIT 380: Securing Computer SystemsSlide #6 Playfair Cipher Encryption Algorithm 1.If letters of pair are identical (or only one letter remains), add an “X” after first letter. 2.If two letters are in same row or column, replace them with the succeeding letters. 3.Otherwise, two letters form a rectangle, and we replace them with letters on the same row respectively at the other pair of corners.

CIT 380: Securing Computer SystemsSlide #7 Playfair Cipher Example Plaintext is HELLO WORLD –Pair HE is rectangle, replace with DM –Pair LX (X inserted) is rectangle, YR –Pair LO is rectangle, replace with AN –Pair WO is rectangle, replace with VQ –Pair RL is in column, replace with CR –Pair DX is rectangle, replace with GE Ciphertext is DMYRANVQCRGE

CIT 380: Securing Computer SystemsSlide #8 Transposition Cipher Cryptanalysis Anagramming –If 1-gram frequencies match English frequencies, but other n-gram frequencies do not, –then, message likely ciphered via transposition. –Rearrange letters to form n-grams with highest frequencies.

CIT 380: Securing Computer SystemsSlide #9 Cryptanalysis Example Rail Fence Ciphertext: HLOOLELWRD Frequencies of 2-grams beginning with H –HE –HO –HL, HW, HR, HD < Frequencies of 2-grams ending in H –WH –EH, LH, OH, RH, DH ≤ Implies E follows H

CIT 380: Securing Computer SystemsSlide #10 Cryptanalysis Example Arrange so the H and E are adjacent HE LL OW OR LD Read across, then down, to recover plaintext.

CIT 380: Securing Computer SystemsSlide #11 Shannon Criteria 1.Kerchoff’s Principle –The only secret should be the key. –Cipher should be secure if mechanism known but not the key. 2.Use both substitution + permutation –Substitution: hide local patterns of language. –Permutation: hide large-scale patterns by mixing different parts of plaintext.

CIT 380: Securing Computer SystemsSlide #12 SP-Networks Combine Substitution+Permutation (transposition) –Substitution: adding unknown key values will confuse attacker about value of plaintext symbol. –Permutation: Transposing text to ensure nothing is left in its original position. Designing for Security –Block Size –Number of Rounds Each input bit is XOR of several output bits from previous round. –Choice of S-boxes

CIT 380: Securing Computer SystemsSlide #13 Overview of the DES 1.Block cipher: encrypts blocks of 64 bits –56-bit key + 8 parity bits 2.Product cipher –substitution + transposition 3.16 rounds (iterations) of encryption –Round key generated from user key –Each round is a Feistel network.

CIT 380: Securing Computer SystemsSlide #14 DES Modes Electronic Code Book Mode (ECB) –Encipher each block independently. Insecure. Cipher Block Chaining Mode (CBC) –XOR each block with previous ciphertext block. –Requires an initialization vector for the first one.

Triple DES :Encrypt-Decrypt-Encrypt Mode (3 keys: k, k´, k´´) –c = DES k (DES k´ –1 (DES k’’ (m))) –Double-encryption vulnerable to meet-in- middle attack, reducing difficulty from to CIT 380: Securing Computer SystemsSlide #15

CIT 380: Securing Computer SystemsSlide #16 CBC Mode Encryption  init. vector m1m1 DES c1c1  m2m2 c2c2 sent … … …

CIT 380: Securing Computer SystemsSlide #17 Current Status of DES Design for computer system, associated software that could break any DES-enciphered message in a few days published in Several challenges to break DES messages solved using distributed computing.

Advanced Encryption Standard NIST selected Rijndael as Advanced Encryption Standard, successor to DES. –128-bit block product cipher. –Designed to withstand attacks that succeeded on DES. –Keys: 128, 192, or 256 bits. CIT 380: Securing Computer SystemsSlide #18

CIT 380: Securing Computer SystemsSlide #19 Key Points 1.Cryptography is the art of securing messages. 2.Types of ciphers 1.Substitition 2.Transposition (permutation) 3.Product

Key Points 3.Cryptanalysis 1.Language features can be used to break ciphers. 2.Frequency analysis: Kaski test, Index of Coincidence. 4.Block ciphers 1.DES CIT 380: Securing Computer SystemsSlide #20

Public Key Cryptography Bob’s Key Pair – Public Bob, Private Bob Alice’s Key Pair –Public Alice, Private Alice Bob and Alice know each other’s public key, in fact everyone may know their public keys CIT 380: Securing Computer SystemsSlide #21

Encryption/Decryption Bob to Alice –Encryption by Bob CipherText = Public Alice (Message) –Decryption by Alice Message = Private Alice (CipherText ) Confidentiality is ensured because only Alice knows her private key CIT 380: Securing Computer SystemsSlide #22

Integrity/Non-repudiation Bob to Alice –Bob signs his message SignedDoc= Private Bob (Doc ) – Alice verifies the signature Doc = Public Bob (SignedDoc) CIT 380: Securing Computer SystemsSlide #23

Confidentiality + Integrity Bob to Alice –Encryption + Signing by Bob CipherText = Private Bob (Public Alice (Message)) –Decryption + Verifying by Alice Message = Private Alice (Public Bob ( CipherText )) CIT 380: Securing Computer SystemsSlide #24

RSA Key generation Encryption Decryption A worked example CIT 380: Securing Computer SystemsSlide #25

CIT 380: Securing Computer SystemsSlide #26 References 1.Matt Bishop, Introduction to Computer Security, Addison-Wesley, Paul Garrett, Making, Breaking Codes: An Introduction to Cryptology, Prentice Hall, David Kahn, The Codebreakers, MacMillan, Wenbo Mao, Modern Cryptography: Theory and Practice, Prentice Hall, Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.Alfred J. MenezesPaul C. van OorschotScott A. Vanstone 6.NIST, FIPS Publication 46-3: Data Encryption Standard (DES), 1999, 7.Bruce Schneier, Applied Cryptography, 2 nd edition, Wiley, US Government Dept of the Army, FM FIELD MANUAL, 1990, 9.John Viega and Gary McGraw, Building Secure Software, Addison- Wesley, 2002.