Download presentation
Presentation is loading. Please wait.
Published by峙女 滕 Modified over 6 years ago
1
Cyber Attacks Cryptography Terminology Secret-Key Encryption
2
Reading Assignment Recommended: Reading assignments for this lecture
Required: Pfleeger: Ch 2 Recommended: C. Dupuis, A Short History of Cryptography, Navajo Code Talkers: World War II Fact Sheet, CSCE Farkas
3
Insecure communications
Sender Snooper Recipient Insecure channel Confidential CSCE Farkas
4
Cryptographic Protocols
Messages should be transmitted to destination Only the recipient should see it Only the recipient should get it Proof of the sender’s identity Message shouldn’t be corrupted in transit Message should be sent/received once only CSCE Farkas
5
Terminology Plaintext (cleartext): a message in its original form
Ciphertext (cyphertext): an encrypted message Encryption: transformation of a message to hide its meaning Cipher: cryptographic algorithm. A mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm). CSCE Farkas
6
Terminology Decryption: recovering meaning from ciphertext
Cryptography: art and science of keeping messages secure Cryptanalysis: art and science of breaking ciphertext Cryptology: study of both cryptography and cryptanalysis CSCE Farkas
7
Encryption and Decryption
Ciphertext Plaintext Plaintext Additional requirements: Authentication Between communicating parties Third-party authentication Non-repudiation Integrity verification Key distribution Secret key (secure distribution) Public key (reliable distribution) CSCE Farkas
8
Conventional (Secret Key) Cryptosystem
Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel CSCE Farkas
9
Public Key Cryptosystem
Recipient’s public Key (Kpub) Recipient’s private Key (Kpriv) Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient C=E(Kpub,M) M=D(Kpriv,C) Kpub needs reliable channel CSCE Farkas
10
How can cryptography support these objectives?
Security Objectives Confidentiality Integrity Availability Authenticity Non-repudiation How can cryptography support these objectives? CSCE Farkas
11
Cryptography and Security Objectives
Secret key (fast) Public key (slow) Hash Confidentiality Integrity Availability Authentication (peers only) (third party) Non-repudiation CSCE Farkas
12
Security Objectives Confidentiality: Hiding message/file content
Secret key, public key encryption Integrity: Detecting modification Hash function Availability: Not much – hiding existence of data Authenticity: Verify origin Public key encryption Non-repudiation: Verify activity CSCE Farkas CSCE Farkas 12
13
Cryptanalysis Cryptanalyst’s goal: Break message Break key
Break algorithm CSCE Farkas
14
Taxonomy of Attacks Ciphertext-only attack: attacker has ciphertext for messages encrypted with K. Deduce keys and/or plaintext messages. Known plaintext attack: attacker additionally knows the plaintext of the messages. Deduce keys or a decryption algorithm. Chosen plaintext attack: attacker can obtain the ciphertext for selected plaintext messages. Deduce as above. Chosen ciphertext attack: attacker can obtain decrypted (plaintext) versions of selected ciphertext. Deduce as above. CSCE Farkas
15
Breakable versus Practically breakable
Unconditionally secure: impossible to decrypt. No amount of ciphertext will enable a cryptanalyst to obtain the plaintext Computationally secure: an algorithm that is not breakable in practice based on worst case scenario Breakable: all algorithms (except one-time pad) are theoretically breakable CSCE Farkas
16
What makes a good cryptosystem?
A good cryptosystem is one whose security does not depend upon the secrecy of the algorithm. From Bruce Schneier: “Good cryptographers rely on peer review to separate the good algorithms from the bad.'' CSCE Farkas
17
Secret Key Cryptosystem
Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel CSCE Farkas
18
Secret Key Cryptosystem Vulnerabilities (1
Passive Attacker (Eavesdropper) Obtain and/or guess key and cryptosystem use these to decrypt messages Capture text in transit and try a ciphertext-only attack to obtain plaintext. CSCE Farkas
19
Secret Key Cryptosystem Vulnerabilities
Active Attacker Break communication channel (denial of service) Obtain and/or guess key and cryptosystem and use these to send fake messages CSCE Farkas
20
Inherent Weaknesses of Symmetric Cryptography
Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) Need a key for each pair of users n users need n*(n-1)/2 keys If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages CSCE Farkas
21
Basic Encryption Techniques
Substitution Permutation Combinations and iterations of these CSCE Farkas
22
Simple Alphabetic Substitution
Assign a new symbol to each plain text symbol randomly or by key, e.g., C k, A h, B l M=CAB C =k h l Advantages: large key space 26! Disadvantages: trivially broken for known plaintext attack, repeated pattern, letter frequency distributions unchanged How about multiple substitutions? CSCE Farkas
23
Polyalphabetic Substitution
Frequency distribution: reflects the distribution of the underlying alphabet cryptanalysts find substitutions E.g., English: e – 14 %, t – 9.85%, a – 7.49%, o- 7.37%, … Need: flatten the distribution E.g., combine high and low distributions: t a (odd position), b (even position) x a (even position) , b (odd position) CSCE Farkas
24
Cryptanalysis of Polyalphabetic Substitution
Determine the number of alphabets used Solve each piece as monoalphabetic substitution. Kasiski Method: Uses regularity of English: letters, letter groupings, full words e.g., endings: -th, -ing, -ed, -ion, -ation, -tion,… beginnings: im-, in-, re-, un-, ... patterns: -eek-, -oot-, -our-, … words: of, end, to, with, are, is, … CSCE Farkas
25
One-Time Pad Recommend a practical approach for generating a large key
Perfect Secrecy! Large, non-repeating set of keys Key is larger than the message Advantages: immune to most attacks Disadvantages: Need total synchronization Need very long, non-repeating key Key cannot be reused Key management: printing, storing, accounting for CSCE Farkas
26
Summary of Substitution
Advantages: Simple Easy to encrypt Disadvantages: Easy to break!!! CSCE Farkas CSCE Farkas 26
27
Transposition Letters of the message are rearranged
Break patterns, e.g., columnar transposition Plaintext: this is a test t h i s i s a t tiehssiatst! e s t ! Advantages: easy to implement Disadvantages: Trivially broken for known plaintext attack Easily broken for cipher only attack CSCE Farkas
28
Cryptanalysis Rearrange the letters Digrams, Trigrams, Patterns
Frequent digrams: -re-, -th-, -en-, -ed-, … Cryptanalysis: Compute letter frequencies subst. or perm. Compare strings of ciphertext to find reasonable patterns (e.g., digrams) Find digram frequencies CSCE Farkas
29
Double Transposition Two columnar transposition with different number of columns First transposition: breaks up adjacent letters Second transposition.: breaks up short patterns CSCE Farkas
30
Product Ciphers One encryption applied to the result of the other En(En-1(…(E1(M)))), e.g., Double transposition Substitution followed by permutation, followed by substitution, followed by permutation… Broken for Chosen plaintext CSCE Farkas
31
Shannon’s Characteristics of “Good” Ciphers
The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption The set of keys and the enciphering algorithm should be free from complexity The implementation of the process should be simple and possible CSCE Farkas
32
Shannon’s Characteristics of “Good” Ciphers (cont.)
Errors in ciphering should not propagate and cause corruption of further information in the message The size of the enciphered text should be no larger than the original message CSCE Farkas
33
Trustworthy Encryption Systems
Based on sound mathematics Has been analyzed by experts Has stood the test of time Examples: Data Encryption Standard (DES), Advanced Encryption Standard (AES), River-Shamir-Adelman (RSA) CSCE Farkas
34
Stream Ciphers Convert one symbol of plain text into a symbol of ciphertext based on the symbol (plain), key, and algorithm Advantages: Speed of transformation Low error propagation Disadvantages: Low diffusion Vulnerable to malicious insertion and modification CSCE Farkas
35
Block Ciphers Encrypt a group of plaintext as one block and produces a block of ciphertext Advantages: Diffusion Immunity to insertions Disadvantages: Slowness of encryption Error propagation CSCE Farkas
36
Secret Key Cryptosystem Vulnerabilities (1)
Passive Attacker (Eavesdropper) Obtain and/or guess key and cryptosystem use these to decrypt messages Capture text in transit and try a ciphertext-only attack to obtain plaintext. CSCE Farkas
37
Secret Key Cryptosystem Vulnerabilities (2)
Active Attacker Break communication channel (denial of service) Obtain and/or guess key and cryptosystem and use these to send fake messages No third party authentication CSCE Farkas
38
Inherent Weaknesses of Symmetric Cryptography
Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) Need a key for each pair of users n users need n*(n-1)/2 keys If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages CSCE Farkas
39
Data Encryption Standards
DES CSCE Farkas
40
Background and History
Developed by the U.S. government Intended for general public 1970s: NBS (National Bureau of Standards) — now named NIST (National Institute of Standards and Technology) — need for standard for encrypting unclassified, sensitive information 1974: IBM’s candidate: Lucifer November 1976 : DES was approved as a federal standard in CSCE Farkas
41
DES Versions Jan. 15, 1977: DES was published as FIPS PUB 46 (Federal Information Processing Standard), authorized for use on all unclassified data 1988 (revised as FIPS-46-1) and 1993 (FIPS-46-2): DES is reaffirmed Jan. 1999: DES key is broken in 22 hours and 15 minutes 1999 (FIPS-46-3): DES, containing Triple DES, is reaffirmed Nov. 26, 2001: The Advanced Encryption Standard (AES) is published in FIPS 197 May 26, 2002: The AES standard becomes effective May 19, 2005: FIPS 46-3 was officially withdrawn but Triple DES is approved by NIST until 2030 for sensitive government information CSCE Farkas
42
Data Encryption Standard
Mathematics to design strong product ciphers is classified Breakable by exhaustive search on 56-bit key size for known plaintext, chosen plaintext and chosen ciphertext attacks Security: computational complexity of computing the key under the above scenarios (22 hours) CSCE Farkas
43
Data Encryption Standard
DES is a product cipher 56 bit key size 64 bit block size for plaintext and cipher text Developed by IBM and adopted by NIST with NSA approval Encryption and decryption algorithms are public but the design principles are classified CSCE Farkas
44
DES Controversies Key size 56 bits – threshold of allowing exhaustive-search known plaintext attack Built in trapdoor – allegations The US Senate Select Committee of Intelligence exonerated NSA from tampering with the design of DES in any way CSCE Farkas
45
DES Multiple Encryption
1992: proven that DES is not a group: multiple encryptions by DES are not equivalent to a single encryption CSCE Farkas
46
DES Multiple Encryption Double DES
EK1(P) EK2[EK1(P)] Intermediate Ciphertext Ciphertext Plaintext Encryption Encryption K1 K2 Known-plaintext: meet-in-the-middle attack Effective key size: 57 bit -- Why not 112? CSCE Farkas
47
DES Multiple Encryption Triple DES
EK1(P) DK2[EK1(P)] EK3[DK2[EK1(P)]] E D E K1 K2 K3 Tuchman: avoid meet-in-the-middle attack If K1=K2: single encryption CSCE Farkas
48
Triple DES Tuchman’s technique is part of NIST standard
Can be broken in 2^56 operations if one has 2^56 chosen plaintext blocks (Merkle, Hellman 1981) Could use distinct K1,K2,K3 to avoid this attack -- 2^112 bit key CSCE Farkas
49
Modes of DES (review) ECB – Electronic Code Book
CBC – Cipher Block Chaining CFB – Cipher FeedBack OFB – Output FeedBack Part of NIST standard CSCE Farkas
50
ECB Mode (review) E D 64 bit data 56 bit key 56 bit key 64 bit data
Good for small messages Identical data block will be identically encrypted CSCE Farkas
51
CBC Mode (review) E D Cn=Ek[Cn-1 Pn] 64 bit data 64 bit data
64 bit previous Ciphertext block + 56 bit key 56 bit key E D 64 bit previous Ciphertext block + Cn=Ek[Cn-1 Pn] 64 bit data + XOR Need initiation vector CSCE Farkas
52
Advanced Encryption Standard (AES)
Federal Information Processing Standard (FIPS) to be used by U.S. Government organizations Effective since May 26, 2002 Replaces DES (triple DES remains) Rijndael ([Rhine Dhal]) algorithm (Joan Daemen and Vincent Rijmen) CSCE Farkas
53
AES Origin Started in 1997 and lasted for several years
Requirements specified by NIST: Algorithm unclassified and publicly available Available royalty free world wide Symmetric key Operates on data blocks of 128 bits Key sizes of 128, 192, and 256 bits Fast, secure, and portable Active life of years Provides full specifications CSCE Farkas
54
AES Finalists 1999: Algorithm name Complexity Speed Security margin
MARS (IBM- USA) Complex Fast High Serpent (Anserson, Biham, & Knudsen - U.K.) Simple - clean Slow Rijndael (Joan Daemen/V. Rijmen – Belgium) Simple -clean Good RC6 (RSA Data Security, Ins. - USA) Very simple Very fast Low Twofish (Bruse Schneier and others - USA) CSCE Farkas
55
Rijndael Algorithm Chosen for: security, performance, efficiency, ease of implementation, and flexibility Block cipher (variable block and key length) Federal Information Processing Standard (FIPS) CSCE Farkas
56
Rijndael Symmetric, block cipher Key size: 128, 192, or 256 bits
Block size: 128 Processed as 4 groups of 4 bytes (state) Operates on the entire block in every round Number of rounds depending on key size: Key=128 9 rounds Key=192 11 rounds Key=256 13 rounds CSCE Farkas
57
Strength of Algorithm New – little experimental results
Cryptanalysis results Few theoretical weakness No real problem No relation to government agency no allegations of tampering with code Has sound mathematical foundation CSCE Farkas
58
Next Class Key distribution Public key encryption CSCE Farkas
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.