Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit II – Communication Security

Published byPhebe Fletcher Modified over 6 years ago

Similar presentations

Presentation on theme: "Unit II – Communication Security"— Presentation transcript:

1 Unit II – Communication Security

2 Introduction to Cryptography
cryptography - process of making and using codes to secure the transmission of information cryptology - science of encryption, which encompasses cryptography and cryptanalysis. cryptanalysis - process of obtaining the plaintext message from a cipher text message without knowing the keys used to perform the encryption.

3 Basic Terminology plaintext - original message
ciphertext (cryptogram)- coded message cipher - algorithm for transforming plaintext to ciphertext Key (cryptovariable) - info used in cipher known only to sender/receiver , can be a series of bits used by a computer program or it can be a passphrase used by people Keyspace - The entire range of values that can be used to construct an individual key encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis Briefly review some terminology used throughout the course.

4 Terminology ● Algorithm: The steps used to convert an unencrypted message into an encrypted sequence of bits ● Bit stream cipher: encryption method that involves converting plaintext to ciphertext one bit at a time. ● Block cipher: An encryption method that involves dividing the plaintext into blocks or sets of bits and then converting the plaintext to ciphertext one block at a time. ● Cipher or cryptosystem: An encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption. ● Code: The process of converting components (words or phrases) of an unencrypted message into encrypted components.

5 Terminology Link encryption: A series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts the message using different keys and sends it to the next neighbor. This process continues until the message reaches the final destination. Steganography: The hiding of messages—for example, within the digital encoding of a picture or graphic. Work factor: The amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key, the algorithm, or both are unknown.

6 Cipher Methods Two basic methods- bit stream cipher and block cipher
Bit stream methods – bit by bit tranformation – use algorithm functions like the exclusive OR operation (XOR) block methods – block of bits (8,16,32,64 etc) transformation in to block of encrypted data- can use substitution, transposition, XOR, or some combination of above

7 Substitution Cipher exchanges one value for another
Example - exchange a letter in the alphabet with the letter three values to the right or substitute one bit for another bit four places to its left.

8 Caesar Cipher earliest known substitution cipher by Julius Caesar
first attested use in military affairs replaces each letter by 3rd letter on example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB Substitution ciphers form the first of the fundamental building blocks. The core idea is to replace one basic unit (letter/byte) with another. Whilst the early Greeks described several substitution ciphers, the first attested use in military affairs of one was by Julius Caesar, described by him in Gallic Wars (cf. Kahn pp83-84). Still call any cipher using a simple letter shift a caesar cipher, not just those with shift 3.

9 Caesar Cipher can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C c = E(p) = (p + 3) mod (26) mathematically each letter is given a number a b c d e f g h i j k l m n o p q r s t u v w x y z Caesar cipher : c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26) This mathematical description uses modulo (clock) arithmetic. Here, when you reach Z you go back to A and start again. Mod 26 implies that when you reach 26, you use 0 instead (ie the letter after Z, or goes to A or 0). Example: howdy (7,14,22,3,24) encrypted using key f (ie a shift of 5) is MTBID

10 Monoalphabetic Cipher
Arbitrary substitution, instead of shifting each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key space can be achieved by allowing an arbitrary substitution, where the translation alphabet can be any permutation of the 26 alphabetic characters. See example translation alphabet, and an encrypted message using it.

11 Polyalphabetic Ciphers
Different monoalphabetic substitution ciphers improve security using multiple cipher alphabets make cryptanalysis harder with more alphabets to guess and flatter frequency distribution use a key to select which alphabet is used for each letter of the message Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ Substitution cipher 1: DEFGHIJKLMNOPQRSTUVWXYZABC Substitution cipher 2: GHIJKLMNOPQRSTUVWXYZABCDEF Substitution cipher 3: JKLMNOPQRSTUVWXYZABCDEFGHI Substitution cipher 4: MNOPQRSTUVWXYZABCDEFGHIJKL One approach to reducing the "spikyness" of natural language text is used the Playfair cipher which encrypts more than one letter at once. We now consider the other alternative, using multiple cipher alphabets in turn. This gives the attacker more work, since many alphabets need to be guessed, and because the frequency distribution is more complex, since the same plaintext letter could be replaced by several ciphertext letters, depending on which alphabet is used. The general name for this approach is a polyalphabetic substitution cipher. All these techniques have the following features in common: A set of related monoalphabetic substitution rules is used. 2. A key determines which particular rule is chosen for a given transformation.

12 Vigenère Cipher simplest polyalphabetic substitution cipher
Multiple(26) caesar ciphers key is multiple (26) letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use decryption simply works in reverse Vigenere square or vigenere table or tabular recta The best known, and one of the simplest, such algorithms is referred to as the Vigenère cipher, where the set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers, with shifts of 0 through 25. Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the plaintext letter ‘a’, and which are each used in turn, as shown next.

13 Modern Vigenere Table

14 Example of Vigenère Cipher
write the plaintext write the keyword repeated above it use each key letter as a caesar cipher key encrypt the corresponding plaintext letter eg using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself Discuss this simple example from text Stallings section 2.2.

15 ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

16 Transposition Ciphers
classical transposition or permutation ciphers hide the message by rearranging the letter order without altering the actual letters used can be recognised, since the same frequency distribution as the original text All the techniques examined so far involve the substitution of a ciphertext symbol for a plaintext symbol. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher, and form the second basic building block of ciphers. The core idea is to rearrange the order of basic units (letters/bytes/bits) without altering their actual values.

17 Rail Fence cipher write message letters diagonally over a number of rows then read off cipher row by row eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t giving ciphertext MEMATRHTGPRYETEFETEOAAT The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows. The example message is: "meet me after the toga party" with a rail fence of depth 2. This sort of thing would be trivial to cryptanalyze.

18 Row Transposition Ciphers
a more complex transposition write letters of message in rows over a specified number of columns then reorder the columns according to some key before reading off the rows Key: Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ A more complex transposition cipher is to write the message in a rectangle, row by row, and read the message off shuffling the order of the columns in each row. A pure transposition cipher is easily recognized because it has the same letter frequencies as the original plaintext. For the type of columnar transposition just shown, cryptanalysis is fairly straightforward and involves laying out the ciphertext in a matrix and playing around with column positions. Digram and trigram frequency tables can be useful.

19 Exclusive OR XOR - A function within Boolean algebra used as an encryption function in which two bits are compared. Easy to encrypt and decrypt XOR Table

20 EX-OR Encryption Example

21 XOR with a block cipher

22 Vernam Cipher generates a random substitution matrix between letters and numbers that is used only one time. Also called as one-time pad Introduced by Gilbert Vernam in 1918 Keyword is as long as the plain text, but no statistical relationship System works with numeric or binary data

23 Vernam Cipher pad values (key) added to numeric values representing the plaintext character of the plaintext - turned into a number & pad value for that position is added to it. resulting sum for that character - converted back to a ciphertext letter for transmission. If the sum exceeds 26, then 26 is subtracted from the total. (called a modulo) - all numbers be in the range of 1–26 is referred to as modulo 26. a number larger than 26 has 26 sequentially subtracted from it until the number is in the proper range.

24 Vernam Cipher Example

25 Vernam Cipher Decryption
Decryption generated from a one-time pad - requires either knowledge of the pad values or the use of elaborate and very difficult cryptanalysis Previous Example “y” becomes the number 25, - subtract the pad value for the first letter of the message, yields a value of 19, or the letter “S.” fourth ciphertext letter is “C” and the pad value is 18. Subtracting 18 from 3 yields negative 15. Because of modulo 26, which requires that all numbers are in the range of 1–26, add 26 to the negative 15. yields a sum of 11, which means the fourth letter of the message is “K.”

26 Book-Based Ciphers Two related encryption methods made popular by spy movies - involve using the text in a book as the key to decrypt a message. The book cipher and the running key cipher. A third method, the template cipher

27 Book Cipher ciphertext - consists of a list of codes representing the page number, line number, and word number of the plaintext word. algorithm - mechanical process of looking up the references from the ciphertext and converting each reference to a word by using the ciphertext’s value and the key (the book). Example - a copy of a particular popular novel, one may send the message 259,19,8; 22,3,8; 375,7,4; 394,17,2.- turns to page 259, finds line 19 and selects the eighth word in that line (which is “sack”) and so dictionaries and thesauruses - the most popular sources

28 Running Key Cipher Similar in concept to the book cipher- uses a book for passing the key to a cipher - similar to the Vigenère cipher. sender provides an encrypted message - a short sequence of numbers - indicate the page, line, and word number from a predetermined book to be used as the key or indicator block. Unlike the Vigenère cipher, don’t repeat the key., continue the text from the indicator block. follow the same basic method as the Vigenère cipher Reversing the processes deciphers the ciphertext, using the ciphertext letter and key. mirrored layout of the table - selection of rows or columns during encryption and decryption.

29 Template Cipher perforated page cipher – not an encryption cipher, an example of steganography. Involves the use of a hidden message in a book, letter, or other message. receiver must use a page with a specific number of holes cut into it and place it over the book page or letter to extract the hidden message. Commonly shown in movies where an inmate sends coded messages from prison cipher is both difficult to execute and easy to detect, provided either party is physically searched. presence of the perforated page is a clear indicator much simpler method- a variation of acrostics -the first letter of each line of a message (or every nth letter) - spell out a hidden message

30 Hash functions mathematical algorithms - to confirm the identity of a specific message and confirm that the content has not been changed. do not create ciphertext, confirm message identity and integrity, (critical functions in e-commerce)

31 Hash algorithms to create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value. message digest – fingerprint of the author’s message -compared with the recipient’s locally calculated hash of the same message - If both hashes are identical -message arrived without modification. Hash functions -one-way operations – same message always provides the same hash value hash value - cannot be used to determine the contents of the message.

32 Hash Algorithms no use of keys, but attach a message authentication code (MAC) -to access the message digest. used in password verification systems to confirm the identity of the user. the hash value, or message digest, - calculated based on the original password - message digest stored for later comparison.

33 Hash Function condenses arbitrary message to fixed size
h = H(M) usually assume hash function is public used to detect changes in message

34 HASH and MAC Message encrypted b) Message unencrypted

35 Secure Hash Standard (SHS)
issued by the National Institute of Standards and Technology (NIST). SHA-1 (Secure Hash Algorithm 1)- a secure algorithm for computing a condensed representation of a message or data file. SHA-1 produces a 160-bit message digest - an input to a digital signature algorithm. SHA-1 is based on principles modeled after MD4, (part of the MDx family) New hash algorithms -SHA-256, SHA-384, and SHA standards for 128, 192, and 256 bits, respectively. number of bits used - measurement of the algorithm’s strength against collision attacks.

36 SHA-1

37 Security of Hash Algorithm
Rainbow cracking-Dictionary of passwords or poorly constructed –rainbow table – list of hashed passwords – reads the text version – no brute force required --- time memory trade off attack To protect – protect the file of hashed passwords and strict the no. of attempts/login session Password hash salting - providing a random piece of data to the hashing function when the hash is first calculated -creates a different hash a large set of salt values - rainbow cracking fails, salt value – not kept a secret, stored with the account identifier - hash value can be recreated during authentication. Additional techniques - key stretching and key strengthening. Key stretching - repeating the hashing algorithm up to several thousand times to continuously inject the password, salt value, and interim hash results back into the process. Key strengthening - extends the key with the salt value, but then deletes the salt value

38 Cryptographic Algorithms
two broad categories—symmetric and asymmetric Based on types of keys Cryptographic Notation E(M) = C: D[C] = D[E(M)] = M: E(M,K) = C: (If more than one key (K) is used in a multiple-round encryption, the keys are numbered K1, K2, and so on). D(C,K) = D[E(M,K),K] = M;

39 Symmetric Encryption or conventional / private-key / single-key / secret key sender and recipient share a common key all classical encryption algorithms are private-key was only type prior to invention of public-key in 1970’s most widely used primary challenge - getting the key to the receiver, a process that must be conducted out of band to avoid interception. Separate channel for safe distribution of key Opening quote.

40 Symmetric Cipher Model
Detail the five ingredients of the symmetric cipher model, shown in Stallings Figure 2.1: plaintext - original message encryption algorithm – performs substitutions/transformations on plaintext secret key – control exact substitutions/transformations used in encryption algorithm ciphertext - scrambled message decryption algorithm – inverse of encryption algorithm

41 Data Encryption Standard (DES)
most widely used block cipher in world adopted in 1977 by NBS (now NIST) encrypts 64-bit data using 56-bit key IBM developed Lucifer cipher team led by Feistel in late 60’s used 64-bit data blocks with 128-bit key Revised Lucifer – DES The most widely used private key block cipher, is the Data Encryption Standard (DES). It was adopted in 1977 by the National Bureau of Standards as Federal Information Processing Standard 46 (FIPS PUB 46). DES encrypts data in 64-bit blocks using a 56-bit key. The DES enjoys widespread use. It has also been the subject of much controversy its security.

42 DES

43

44 Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values brute force search looks hard With recent advances, possibility of attack in 1997 on Internet in a few months in 1998 on dedicated h/w in a few days in 1999 above combined in 22hrs! Possible analytic and timing attacks by gathering information about encryption and time of calculation, recovering all/ some of the key bits. Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES in two areas: key size and the nature of the algorithm. With a key length of 56 bits, there are 2^56 possible keys, which is approximately 7.2*10^16 keys. Thus a brute-force attack appeared impractical. However DES was finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000. The attack took less than three days. The EFF has published a detailed description of the machine, enabling others to build their own cracker [EFF98]. There have been other demonstrated breaks of the DES using both large networks of computers & dedicated h/w, including: on a large network of computers in a few months on dedicated h/w (EFF) in a few days above combined in 22hrs! It is important to note that there is more to a key-search attack than simply running through all possible keys. Unless known plaintext is provided, the analyst must be able to recognize plaintext as plaintext. Clearly must now consider alternatives to DES, the most important of which are AES and triple DES.

45 3DES (Triple DES) DES-Broken in 56 hours
To strengthen the level of security-3 times repeated an overall key length of 192 bits. 3 operations encrypts the message with key 1, decrypts it with key 2, and then encrypts it again with key 1. [E{D[E(M,K1)],K2},K1]. encrypts the message with key 1, encrypts it again with key 2, and then encrypts it a third time with key 1 again, or [E{E[E(M,K1)],K2},K1]. encrypts the message three times with three different keys: [E{E[E(M,K1)],K2},K3]. - the most secure level of encryption

46 AES Successor of 3DES implements a block cipher called the Rijndael Block Cipher with a variable block length and a key length of 128, 192, or 256 bits. Electronic Frontier Foundation to crack DES within a couple of days - require approximately 4,698,864 quintillion years (4,698,864,000,000,000,000,000) to crack AES. multiple round-based system. Depending on the key size - the number of rounds varies from 9 to 13: 128-bit key -- nine rounds plus one end round 192-bit key --11 rounds plus one end round 256-bit key rounds plus one end round

47 Rijndael Round (128 bit block)
1. “The Byte Sub step. Each byte of the block - replaced by its substitute in an S-box (substitution box). 2. The Shift Row step. Considering the block to be made up of bytes 1 to 16, these bytes are arranged in a rectangle and shifted as follows: from to Other shift tables are used for larger blocks. 3. The Mix Column step. Matrix multiplication is performed; each column is multiplied by the matrix 4. The Add Round Key step. This simply XORs in the subkey for the current round. (The extra final round omits the Mix Column step, but is otherwise the same as a regular round.)

48 Public-Key Cryptography Principles
public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures one-way functions, meaning they are simple to compute in one way and complex to compute in opposite way

49 Public-Key Cryptography
Stallings Fig 9-1.

50 RSA by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme based on exponentiation in a finite (Galois) field over integers modulo a prime C=Me mod n; M=Cd mod n=(Me)d mod n =Medmod n. uses large integers (eg bits) security due to cost of factoring large numbers RSA is the best known, and by far the most widely used general public key encryption algorithm.

51 Encryption Key Size strength of many encryption applications and cryptosystems is measured by key size. length of the key - increases the number of random guesses to break the code security of any cryptosystem – not dependant on algorithm, but depends on keeping some or all elements of the cryptovariable(s) or key(s) secret, effective security - manipulating the size (bit length) of the keys and following proper procedures and policies for key management.

52 Encryption Key Power

Download ppt "Unit II – Communication Security"

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
1 Day 04- Cryptography Acknowledgements to Dr. Ola Flygt of Växjö University, Sweden for providing the original slides.

1 Day 04- Cryptography Acknowledgements to Dr. Ola Flygt of Växjö University, Sweden for providing the original slides.
Chapter 2 – Classical Encryption Techniques. Classical Encryption Techniques Symmetric Encryption Or conventional / private-key / single-key sender and.

Chapter 2 – Classical Encryption Techniques. Classical Encryption Techniques Symmetric Encryption Or conventional / private-key / single-key sender and.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CSE 651: Introduction to Network Security

CSE 651: Introduction to Network Security
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Overview of Cryptographic Techniques Hector M Lugo-Cordero CIS 4361 Secure Operating System Administration 1.

Overview of Cryptographic Techniques Hector M Lugo-Cordero CIS 4361 Secure Operating System Administration 1.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Chapter 12 Cryptography (slides edited by Erin Chambers)

Chapter 12 Cryptography (slides edited by Erin Chambers)
Cryptography Week-6.

Cryptography Week-6.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester 2008-2009.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Chapter 2 Classical Encryption Techniques. Symmetric Encryption n conventional / private-key / single-key n sender and recipient share a common key n.

Chapter 2 Classical Encryption Techniques. Symmetric Encryption n conventional / private-key / single-key n sender and recipient share a common key n.
Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.

Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.
Hill Cipher Developed by the mathematician Lester Hill in 1929. The encryption algorithm takes m successive plain text and substitute for them m cipher.

Hill Cipher Developed by the mathematician Lester Hill in The encryption algorithm takes m successive plain text and substitute for them m cipher.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Similar presentations

Ads by Google