Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ciphering and the Theory of Secrecy Systems

Published byDouglas Harmon Modified over 6 years ago

Similar presentations

Presentation on theme: "Ciphering and the Theory of Secrecy Systems"— Presentation transcript:

1 Ciphering and the Theory of Secrecy Systems
Network Security Design Fundamentals ET-IDA-082 Lecture-6 Ciphering and the Theory of Secrecy Systems v29 Prof. W. Adi

2 And Fundamentals of ciphering
Secrecy Theory And Fundamentals of ciphering Outlines Historical Overview Basic Definitions Shannon’s Secrecy Theorem Perfect Secrecy „Vernam Cipher“ Unicity Distance Secret Key Cipher Principle

3 Two interesting statements around security!
„The only system which is truly secure is one which is switched off , unplugged, locked in a titanium lined safe, buried in a concrete bunker, surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it ....“ Gene Spafford - Computer Operations, Audit and Security Technology (COAST), Purdue University „If I am asked to stake my life on a cryptographic function, I would not trust any function related to known mathematics“ Ulli Maurer – ETH Zürich, Swisserland

4 Scientific History of Cryptography
Cryptography (Greek: hidden word): is it Art or Science ? The scientific story has three epochs: I. Conventional Cryptography as Art till 1949 Julius Caesar Cipher Kaisiski “ The Art of Deciphering” 1863, ... Gauss Vernam (AT&T) 1926, first unbreakable system II world ware 1945, Enigma, Hagelin .... Alan Turing يقوب بن اسحق الكندي رسائل في استخراج المعمى Not widely known in convectional public literature: Alkindi Bagdad (801–873): "father of Islamic or Arabic philosophy“, Mathematician physician and musician. Presented mathematical tools for cryptanalysis: “Treaties on Extracting Cryptograms”, (Doc 4832 Sulaimania Library Istambul Turky)

5 Akindi’s Cipher Classification (استخراج المعمى)
(873 AD) From the year 873

6 Akindi’s Contribution in Crytoanalysis (استخراج المعمى)
(scientific treatment 1000 years before Shannon’s modern entropy techniques) Introduced for the first time Determining the statistics of the frequency of letters in a particular language and made use of letter statistics to break a cipher by comparing the letter frequency in the cryptogram (showed an example of a text with 3667 letters) He indicated the importance that the cryptogram must be sufficiently long to get more accuracy. Classified different ciphering/deciphering techniques using a tree diagram Showed techniques for hiding information in an existing natural text as Steganography Alkindi’s treatise were dedicated to the government (Calif. In Bagdad Abu Al-abbas) Use of Cryptography was mainly to transfer confidential reports to the Caliph from the different wide spread areas of the Islamic rules territories (called “Bareed “ service) Ref.:

7 Scientific Epoch and Breakthrough in Cryptography
2. Modern scientific epoch: (1949) Shannon (AT&T) “A Mathematical Theory of Communication” Shannon’s Breakthrough in Communication: Error-free transmission is possible on noisy channels! C= B log2 (1 + S/N) Shannon (AT&T) 'Communication Theory of Secrecy Systems‘ proved mathematically that Vernam cipher is unbreakable !Just new Scientific methodology but NO breakthrough in Cryptography! 3. Breakthrough to Modern Cryptology in 1976 Diffie and Hellman 1976 Public key Cryptography (Stanford University) Diffie Hellman ‘s Breakthrough in Cryptography: Secured transmission is possible on unsecured channels! Any new Breakthrough expected ? !

8 2. Is Security a Science, Art or Magic ?
BIG OPEN QUESTIONS 1. Is Security Measurable? 2. Is Security a Science, Art or Magic ? Question raised by James L. Massey Cryptography - Science or Magic? MIT, October 1, 2001, Running Time: 00:57:10

9 Two Major Security Tasks
Authentication Securely identify an entity Secrecy Keep data safe against illegal users Security tasks require to deploy Cryptographic mechanisms to be realized Cryptography is the science dealing with hiding information and data security questions

10 Secret Key Cryptography in Use
Conventional Secret Key Cryptography in Use Fundamental Concepts

11 Cryptography : Basic definetions
Attacker Crypto-analyser Channel Y = E (Ze,X) Cryptogram/Cipher text Message Clear text D (Zd,Y) Decryption Key Deciphering X Receiver Message X Sender Clear text Ciphering Encryption-Key E (Ze,X) Intruder Attacker Ze Zd

12 Cryptographic Attacks: Basic definetions
Type of attacks: Cipher text only attack Known plaintext attack Chosen plaintext attack Chosen ciphertext attack Chosen Cipher/Plain Text Attack: is mostly assumed as a basis to evaluate the quality of a cipher Kerckhoff’s Principle: A General system security evaluation assumption: Attacker knows everything but not the key !

13 Secret Key Crypto-System : mechanical analog
Key = Z Secret key agreement Key = Z Z SENDER RECEIVER Z Lock Message Message Z

14 Conventional Cryptography till 1976 : Secret Key systems
Known locks as Standard Ciphers Security rests on the Cipher Ciphering De-Ciphering Sender Receiver Y = E (Z,X) X E ( Z,X ) X D ( Z,Y ) Message Channel Message Secret Key = Z Z Secret Key Channel Z

15 Is Cryptographic Security Measurable ?
Yes and No ! Security measures adopted today: System is unconditionally secure (perfect) : System impossible to break with any means (whatever) One not very practical system is known ! Non-sceientific statement System is practically secure: System possible to break but with very huge means All modern practical systems fall under this category!

16 The Theory of “System Secrecy”
“The opposite of a correct statement is a false statement. But the opposite of a profound truth may well be another profound truth.” Niels Bohr ( ) InformationSOURCE Output Example: P : Probability function

17 The Theory of “System Secrecy”
Based on the Concept of Information Entropy: Shannon 1949 The measure of information I(p) is a function which fulfils the following properties: Non- negative quantity: If an event has probability 1 , we get no information In case of two independent events, then In general, Defined, b is called the base. Log2 units are bits (from “Binary”) and Log3 units are trits (from “trinary”)

18 The Theory of “System Secrecy”
Example for calculating information entropy The probability of Head is 0.5 and the probability of Tail is 0.5 too. If you get either head or tail you will get 1 bit of information : For instance, 0 denotes Head and 1 denotes Tail : vice versa The experience of flipping a fair coin

19 The Theory of “System Secrecy”
Based on the Concept of Information Entropy: Shannon 1949 Amount of information in a message M is defined by Shannon as “Entropy” H(M) where: over all possible messages Mi Example 1: M = months of the year H(M) = log2 12  3.6 bits Example 2: 2k equally probable keys H(M) = log2 2k = k bits If there are n equally probable messages, then Prob(Mi) = 1/n for any i, that is: = n  ( 1/n log2 n ) = log2 n where n is the number of possible meanings

20 0  H (X)  log2 t (for t possibilities for message X)
The Theory of Secrecy Systems Shannon 1949 If the entropy function for information X: H (X) = -  pr(xi) . log2 pr(xi) {x} 0  H (X)  log2 t (for t possibilities for message X) Shannon Perfect Security condition is H (Z)  H (X) The key entropy (H(Z) for a key with k-bits if all key combinations are equally used: H(Z) = - 2k [ ( 1/2k ) . Log2 (1/2k) ] H (Z) = k In that case the necessary condition for Perfect Security is : k  H (X)

21 The only known Perfect Cipher: One-time-Pad OTP (Vernam Cipher)
Invented by Vernam (AT&T 1926) Proved later to be impossible to break by Shannon (AT&T 1949) Gilbert Vernam 1890 – 1960 (AT&T) Cipher Text X+Z Clear Text X Z + Clear Text X+Z+Z=X + Z !Addition in GF(2)! key-tape Use key just one time!! Random One Time secret Key Unconditional Secrecy if : Key length = Clear text length (Shannon 1949) H(z) > H(X)

22 Generalised One-Time Pad
System is also perfect for any Group < G, * > Cipher Text X*Z Clear Text X * Z * Z-1 =X Z-1 Clear Text X * * Z Key-tape One Time secret Key Key length = Clear text length !!! No key is repeatedly used!!

23 Improving Security by Message Compression
Enhance security by reducing redundancy Perfect security always possible iff: Key length = Clear text length that is K=N Idea: make K=N if N > K by reducing N trough data compression Compressed to k Bits Clear text X N Bits / N > K K / K / Ideal Compressor Cipher Cipher text / K Unconditionally Secure! Key

24 Unicity Distance: Minimum required ciphertext to break a cipher
Key equivocation function: H (Z|y1, y2, y3...yn) for non-randomized cipher Cipher Unicity Distance Information Redundancy Unicity Distance nu : is the minimum amount of ciphertext symbols which in principle can determin the secret key in a ciphertext only attack Or: Expected minimum amount of ciphertext needed for brute-force to break a cipher

25 (by increasing the unicity distance) Original Clear text N-Bits
Plain Text Padding technique to improve security (by increasing the unicity distance) As larger uniucity distance means higher security, therefore a technique is proposed to increase the unicity distance by appending random unknown clear text as follows: Original Clear text N-Bits How to reduce r without compression? N Bits Random pattern L Random Bits New clear text N+L Bits H(X) N‘= N +L New unicity distance: u n N N + L =

26 Compute the cipher‘s unicity distance nu and the clear text entropy.
Example: A block cipher having a key size of 128 bits is encrypting a clear text with a block length of 128 bits. The clear text redundancy is r=0.8. Compute the cipher‘s unicity distance nu and the clear text entropy. The „unicity distance was doubled by appending L random bits to the clear text block. Compute L and the new clear text entropy. After all the above cipher changes an observer was able to watch 1000 cipher text bits. Would the observer with unlimited resources theoretically be able to uniquely break the cipher in that case ? Give a reasoning for your answer. SDF2009

27 Solution: K= 128 Bits, H(x)=? Bits, r = 0.8 K
before 128 bits Data K= 128 Bits, H(x)=? Bits, r = 0.8 after 128 bits Data 128 random bits K r 1. Unicity distance nu = = 128/0.8 = 160 Bits (the cipher can be theoretically broken after 160 cipher bits) As r = [ N – H(x) ] / N => N . r = N – H(x) => entropy H(x) = N · (1-r) => H(x) = 128 · (1-0.8) = 25.6 Bits n‘u = [ ( N + L ) / N ] · nu 2 ∙ 160 = [( L ) / 128] · 160 => L = 128 Bits H‘(x) = L + H(x) = ,6 = bits 3. The observer can theoretically break the cipher as the number of the observed cryptogram bits (1000 bits) is more than the unicity distance (320 bits) of the cipher. 27

Download ppt "Ciphering and the Theory of Secrecy Systems"

Similar presentations

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
Ref. Cryptography: theory and practice Douglas R. Stinson

Ref. Cryptography: theory and practice Douglas R. Stinson
Shannon ’ s theory part II Ref. Cryptography: theory and practice Douglas R. Stinson.

Shannon ’ s theory part II Ref. Cryptography: theory and practice Douglas R. Stinson.
CryptographyPerfect secrecySlide 1 Today What does it mean for a cipher to be: –Computational secure? Unconditionally secure? Perfect secrecy –Conditional.

CryptographyPerfect secrecySlide 1 Today What does it mean for a cipher to be: –Computational secure? Unconditionally secure? Perfect secrecy –Conditional.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques
Cryptography Week-6.

Cryptography Week-6.
EE5552 Network Security and Encryption block 4 Dr. T.J. Owens CEng MIET Dr T. Itagaki MIET, MIEEE, MAES.

EE5552 Network Security and Encryption block 4 Dr. T.J. Owens CEng MIET Dr T. Itagaki MIET, MIEEE, MAES.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
Lecture 2 Overview.

Lecture 2 Overview.
Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.

Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.
Chapter 1 Introduction Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li

Chapter 1 Introduction Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.

One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Lec. 5 : History of Cryptologic Research II

Lec. 5 : History of Cryptologic Research II
Based on Applied Cryptography by Schneier Chapter 1: Foundations Dulal C. Kar.

Based on Applied Cryptography by Schneier Chapter 1: Foundations Dulal C. Kar.
1 Chapter 2-1 Conventional Encryption Message Confidentiality.

1 Chapter 2-1 Conventional Encryption Message Confidentiality.
Symmetric-Key Cryptography

Symmetric-Key Cryptography
Network Security Lecture 10 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 10 Presented by: Dr. Munam Ali Shah.

Similar presentations

Ads by Google