Computer Security Set of slides 3 Dr Alexei Vernitski

Another useful example of a Cipher Vigenere’s cipher (16 th century) It is like Caesar’s cipher However, instead of one number acting as a key, a sequence of numbers is used, one for each letter of the plaintext When you come to the end of the sequence, you start using it from the beginning again

For discussion Is Vigenere’s cipher more secure than Caesar’s cipher? How does Vigenere’s cipher make the attacker’s statistical analysis of the cipher text difficult? What statistical analysis can be applied to Vigenere’s cipher? As to the key length of Vigenere’s cipher, what would you consider the safe length of the key?

The key length The general conclusions: If the key is longer, it is used fewer times in the encryption process, therefore, the attacker can obtain less useful statistics from the cyphertext. The ultimate case of this is the one-time pad, which is a key that is at least as long as the message.

One-time pad By a one-time pad we mean a Vigenere cipher whose key sequence (known as key stream) is as long as the message, and never reused. A one-time pad cipher is unbreakable. Why?

One-time pad Venona project is an example of breaking incorrectly used one-time pads Cryptanalysis by American and British code- breakers revealed that some of the one-time pad material had incorrectly been reused by the Soviets (specifically, entire pages, although not complete books), which allowed decryption (sometimes only partial) of a small part of the traffic.

Example: optical encryption This is an unusual example of a one-time pad This cipher is unbreakable It can be used e.g. if one half is shown on the computer screen and the other is printed on a transparent film

To encrypt a black pixel: and The first slideThe second slide and either or

To encrypt a white pixel: and The first slideThe second slide and either or

Towards ciphers in computers Caesar’s cipher Substitution cipher Vigenere’s cipher One-time pad (Vernam’s cipher) In computers data is stored as bits, not as letters How can one re-apply the principles of these classical ciphers to binary data?

Substitution as XOR Each bit of a block is either 0 or 1 When you encrypt, one of two possible substitutions can be used: – Either 0 → 0, 1 → 1, – Or 0 → 1, 1 → 0. Each of these two substitution can be produced by XORing this bit with 0 or 1

Bitwise XOR The same idea as in Vigenere’s cipher The key is a binary array The message is split in blocks The length of the block is the same as the length of the key Each bit of the block is XORed with the corresponding bit of the key

Bitwise XOR: example block key XOR

Each computer cipher uses – either XOR (typically, so-called stream ciphers) – or bit-wise XOR (typically, so-called block ciphers) In your opinion, what is the main design problem of stream ciphers? In your opinion, what is the main design problem of block ciphers?

Block cipher A message is a sequence of bits, for example: … We split the message in blocks of a fixed length Each block is encrypted in exactly the same way, until the whole message is encrypted

Block cipher Each block is encrypted in exactly the same way, until the whole message is encrypted Therefore, to make cryptoanalysis more difficult… Each block should be sufficiently long (why?) The encryption of each block should be good

Permutation Also called transposition (but is NOT the same as substitution) This is a rule directing how the order of bits should be changed, for example:

Permutation Permutation makes ciphers stronger For example, probably nobody can break the Dorabella cipher because it uses both substitution and permutation However, there are techniques designed to break ciphers based on substitution and permutation: for example, differential cryptanalysis

Differential cryptanalysis It is called ‘differential’ because the attacker studies how a small change in the plaintext block affects the encrypted block It can be attempted against every cipher, but is especially successful against ciphers based on substitution and permutation We present it in the scenario of a known plaintext attack For the sake of an example, we consider a cipher with block length merely 4 bits

Example of differential cryptanalysis We shall apply differential cryptanalysis against a block cipher based only on applying a fixed permutation to each block and XOR of each block with a fixed binary array. Suppose the following known plaintext blocks correspond to the following ciphertext blocks Break the cipher by determining exactly what permutation was applied and what binary array was used to XOR with each block.

S-box S-box or a substitution box is a function producing a highly non-linear substitution of bits in a binary array In books, S-boxes are normally represented as look-up tables

S-box: an example (in the form of a table as S-boxes are often represented in books) *00**01**10**11* 0** ** ** **

S-box: non-linearity *00**01**10**11* 0** ** ** ** For example, does the first bit of the output depend on the third bit of the input? Yes in a half of the cases, No in the other half of the cases

Famous block ciphers DES Triple DES AES

A round in a Feistel cipher Left-hand part of the block Right-hand part of the block XORF

Rounds in a Feistel cipher Left-hand part of the block Right-hand part of the block XORF Right-hand part of the blockLeft-hand part of the block F

DES DES stands for Data Encryption Standard This is a block cipher with the block size 64 and the key size 56 Number of S-boxes: 8 Number of rounds: 16 Which of these parameters make DES an insecure cipher?

Breaking DES In 1998, a purpose-built computer Deep Crack decrypted a DES-encrypted text in only 56 hours In 2012, a cloud computing tool allows members of the general public to recover a DES key from a known plaintext-ciphertext pair in about 24 hours.

Triple DES The algorithm is easy: – Encrypt with DES using key 1 – Decrypt with DES using key 2 – Encrypt with DES using key 3 Why is Triple DES stronger than DES?

AES AES has been created in the 1990s to provide the businesses worldwide with a new common secure cryptosystem instead of DES It has been tested by many cryptologists and is very good AES can work with keys consisting of 128 or 192 or 256 bits (which is much better than the 56-bit keys of DES) A cute cartoon guide to AES:

Modes of operation (of block ciphers) What if blocks repeat because of the peculiar nature of your data? What if you are sending the same message again? How can we improve security in these scenarios?

Homework 1.You might read that triple DES is ‘too slow’. For example: In what sense and in what context can one be saying that triple DES is too slow? 2.Some experts think that the block length of DES is too short and, therefore, is insecure (why?). What is the block length of Triple DES? What is the block length of AES?

Sample exam questions Describe how an attack based on differential cryptanalysis can be organised against a block cipher Explain briefly what an S-box is and how it contributes to security

Sample exam questions You work as a computer consultant. Your customer asks you which vulnerabilities were discovered in DES that made it necessary to invent new ciphers to replace DES. What will you reply? You work as a computer consultant. Your customer asks you about a computer cipher called Triple AES. What will you reply?

Sample exam questions Explain how the short key length makes DES a weak cipher Explain how the short block length might make DES a weak cipher

Sample exam questions Explain the difference between DES, Triple DES and AES. State which one of them you would recommend to use.