Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIT 480: Securing Computer Systems

Published byChrystal Townsend Modified over 6 years ago

Similar presentations

Presentation on theme: "CIT 480: Securing Computer Systems"— Presentation transcript:

1 CIT 480: Securing Computer Systems
Symmetric Cryptography

2 Topics Modular Arithmetic Transposition Ciphers Substitution Ciphers
Cryptanalysis: frequency analysis Block Ciphers AES and DES Stream Ciphers Random Number Generation

3 Modular Arithmetic Congruence b is the residue of a, modulo N
a = b (mod N) iff a = b + kN ex: 37=27 mod 10 b is the residue of a, modulo N Integers 0..N-1 are the set of residues mod N Modulo 12 number system

4 Terminology Plaintext: message P to be encrypted. Also called cleartext. Encryption: altering a message to keep its contents secret. Ciphertext: encrypted message C. Plaintext Ciphertext Encryption Procedure

5 Cæsar cipher Plaintext is HELLO WORLD
Change each letter to the third letter following it (X goes to A, Y to B, Z to C) Key is 3, usually written as letter ‘D’ Ciphertext is KHOOR ZRUOG

6 ROT 13 Cæsar cipher with key of 13
13 chosen since encryption and decryption are same operation Used to hide spoilers, punchlines, and offensive material online.

7 Kerckhoff’s Principle
Security of cryptosystem should only depend on Quality of shared encryption algorithm E Secrecy of key K Security through obscurity tends to fail ex: DVD Content Scrambling System

8 Cryptanalysis Goals Decrypt a given message. Recover encryption key.
Threat models vary based on Type of information available to adversary Interaction with cryptosystem.

9 Cryptanalysis Threat Models
ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key. known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key. chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key.

10 Brute Force Attack Example: DES has 56-bit keys
Exhaustive search of keyspace by decrypting ciphertext C with all possible keys K. Must determine if DK(C) is a likely plaintext Requires some knowledge of format (language, doc type) For N possible keys, Worst case is N decryptions. Mean case is N/2 decryptions. Example: DES has 56-bit keys Average time to find key is 255 decryptions.

11 Is 128 bits enough? 128-bit keyspace permits 2128 keys
340,282,366,920,938,463,463,374,607,431,768,211,456 or 3.4 x 1038 keys Cracking 1 trillion (1012) keys per second requires 3.4 x 1026 seconds or 1.08 x 1019 years Cracking 1 trillion keys per second on 1 billion CPUs requires 1.08 x 1010 years = 10.8 billion years

12 Classical Cryptography
Sender and receiver share common key Keys may be the same, or be trivial to derive from one another. Sometimes called symmetric cryptography. C P encrypt K decrypt

13 Brute Force vs. Cæsar Cipher
Brute Force attack Only 26 possible keys. PC can try all in <1s. Decryption key (26-K) Candidate plaintext exxegoexsrgi 1 dwwdfndwrqfh 2 cvvcemcvqpeg 3 buubdlbupodf 4 attackatonce 5 zsszbjzsnmbd 6 yrryaiyrmlac ... 23 haahjrhavujl 24 gzzgiqgzutik 25 fyyfhpfytshj

14 General Simple Substitution Cipher
Keys: All permutations of alphabet (26! keys) Encryption: Replace each plaintext letter x with K(x) Decryption: Replace each ciphertext letter y with K-1(y) Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K= F U B A R D H G J I L K N M P O S Q Z W X Y V T C E CRYPTO BQCOWP

15 General Simple Substitution Security
Exhaustive search impossible Key space size is 26! =~ 4 x 1026 Historically thought to be unbreakable. However, languages have different frequencies of letters digraphs (groups of 2 letters) trigraphs (groups of 3 letters) etc. Simple substitution ciphers preserve letter frequencies.

16 English Letter Frequencies

17 Additional Frequency Features
Digraph frequencies Common digraphs: EN, RE, ER, NT Trigraph frequencies Common trigraphs: THE, AND, ING Digraph and trigraph tables can be found at The letter Q is followed only by U.

18 Countering Frequency Analysis
Primary weakness of simple substitution: Each ciphertext letter corresponds to only one letter of plaintext. Solution: polyalphabetic substitution Use multiple cipher alphabets. Switch between cipher alphabets from character to character in the plaintext.

19 Vigènere Cipher Use phrase instead of letter as key. Example
Message THE BOY HAS THE BALL Key VIG Encipher using Cæsar cipher for each letter: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG Reproduction of CSA Cipher Disk

20 Letter Frequency Distributions

21 One-Time Pad A Vigenère cipher with a random key at least as long as the message. Provably unbreakable. Example ciphertext: DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) plaintext DONT (key AJDY) and any other 4 letters.

22 Binary One Time Pad Encrypt a message M with pad P to produce ciphertext C = M ⊕ P where ⊕ is the exclusive OR operator. Decrypt a ciphertext C with the same pad P M = C ⊕ P

23 One Time Pad Problems The one-time pad must be random.
Software pseudo-random number generators are not random. Pad needs hardware randomness. Transmission of long pads is difficult. The pad is just as long as all the messages you’ll ever send with it, so you’ve just moved the problem of transmitting secret messages to transmitting a secret pad. Pad must always be kept secret. If pad is ever discovered, then attacker can decrypt old messages. Pads must be securely destroyed at end of use.

24 Block Ciphers Encrypt groups (blocks) of chars at once.
Improvement over single char substitution Cryptanalysis must use digraph frequencies for two-char blocks. Longer blocks are more difficult to analyze. Modern ciphers are block ciphers. Example: Playfair Cipher, 1854

25 DES is Insecure Brute force attacks can be completed in <1 day.
Distributed computing attacks. RIVYERA FPGA-based parallel computer breaks DES in <1 day for a hardware cost of <$10,000. Linear cryptanalysis faster than brute force Need 241 known plaintexts is RIVYERA’s predecessor

26 Triple DES Encrypt-Decrypt-Encrypt Mode (3 keys: k, k´, k´´)
c = DESk(DESk´–1(DESk’’(m))) Middle decrypt allows backward compatibility if all keys are equal: k = k´= k´´ Double-encryption vulnerable to meet-in-middle attack, reducing difficulty from 2112 to 257.

27 Advanced Encryption Standard (AES)
Winner of open NIST competition ( ) Rijndael, designed by Joan Daemen and Vincent Rijmen. Published as FIPS 197 in November 2001. 128-bit block cipher 128-, 192-, or 256-bit keys. 10, 12, or 14 rounds, depending on key size. Replacement for DES DES vulnerable to brute force attacks due to 56-bit keys. Triple DES is very slow.

28 Electronic Code Book Mode
Encrypt each block independently. E(block) = Cblock each time block appears Therefore attacker can build dictionary of blocks. ECB encryption of bitmap hides colors but image is still discernible.

29 Cipher Block Chaining Mode
XOR each block with previous ciphertext block. Random initialization vector (IV) used for 1st. CBC encryption of bitmap looks random.

30 Stream Ciphers Combine plaintext with cipher bitstream
Cipher generates stream of pseudo-random bits Loosely inspired by one time pad. RC4 is most widely used stream cipher Variable length key: 40 to 128 bits Aircrack breaks 104-bit RC4 used in WEP in 1min No known practical attacks against 128-bit, but Much speculation that NSA can crack 128-bit RC4. Block cipher to stream cipher Using block cipher in Counter Mode. XOR counter mode data with plaintext.

31 Importance of RNGs We need all those brilliant Belgian cryptographers to go "alright we know that these encryption algorithms we are using today work, typically it is the random number generators that are attacked as opposed to the encryption algorithms themselves. How can we make them [secure], how can we test them?“ -- Ed Snowden at SXSW

32 Key Generation Goal: Ensure best attack against cipher is brute force.
Solution: Given set of K potential keys, choose one randomly. Selecting a random number between 0 and K–1. Ex: For a 128-bit key, select number between 0 and Difficulty: generating random numbers Hardware random number generators gather entropy from physical world but are expensive and limited in how many bits/second they product. Software generated numbers are pseudo-random (PRNGs), that is, generated by an algorithm. If starting with same seed, then PRNGs will produce the same sequence of numbers each time.

33 Secure PRNGs Cryptographically Secure PRNGs (CSPRNGs) must:
Statistically appear random. Difficult to predict next member of sequence from previous members. Difficult to extract internal state of PRNG from observing output. May be re-seeded at runtime, unlike PRNGs.

34 Yarrow Yarrow is named after plant whose leaves are used in I Ching divination. Used for /dev/random in FreeBSD and Mac OS X. Steps Accumulates entropy from system sources. Pools are SHA-1 hash contexts, 160 bits maximum. Reseeds generator with key made from pool entropy to limit state compromise attacks. Generates numbers using Triple-DES in counter mode.

35 Ivy Bridge RNG Added with Ivy Bridge Core iN CPUs in 2012.
One RNG per die, not per core. Entropy source is thermal noise.

36 Key Points: Cryptography
Types of ciphers Substitution (monoalphabetic and polyalphabetic) Transposition (permutation) Product (Substitution + Permutation) Cryptanalysis Kerchoff’s principle Brute force attack Find key in at most n tries, for n possible keys. Find key in an average of n/2 tries. A cryptosystem with x-bit keys has 2x possible keys. Frequency analysis. One-time pad is provably secure Block ciphers ECB mode insecure; need to use CBC for block ciphers. DES obsolete due to small 56-bit keys. 3DES=112 bit key. AES current standard, best symmetric cipher is AES-128.

37 Key Points: RNGs Secure keys must be randomly generated. RNG types
Hardware: physical entropy software, which is often used as a seed for the software RNGs. PRNG: algorithmic generation of predictable but statistically random number sequences. Example: LCG. CSPRNG: PRNG where it is difficult to predict next number of extract PRNG state. Example: Yarrow. PRNG features Periodic: sequence will eventually repeat. Seed-dependent: seed determines starting point of sequence; if seed is identical in two runs, sequence is identical.

38 References Ross Anderson, Security Engineering, 2nd edition, Wiley, 2008. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. Neil Daswani et. al., Foundations of Security, Apress, 2007. Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011. David Kahn, The Codebreakers, MacMillan, 1967. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996. NIST, FIPS Publication 46-3: Data Encryption Standard (DES), 1999, Bruce Schneier, Applied Cryptography, 2nd edition, Wiley, 1996. US Government Dept of the Army, FM FIELD MANUAL, 1990,

Download ppt "CIT 480: Securing Computer Systems"

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.

What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
L1.1. An Introduction to Classical Cryptosystems Rocky K. C. Chang, February 2013.

L1.1. An Introduction to Classical Cryptosystems Rocky K. C. Chang, February 2013.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
symmetric key cryptography

symmetric key cryptography
Contact Information Cryptography 8/10/2015 | pag. 2 Professor Assistant Office Webpage Course Text Ann Dooms Adriaan Barri

Contact Information Cryptography 8/10/2015 | pag. 2 Professor Assistant Office Webpage Course Text Ann Dooms Adriaan Barri
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Similar presentations

Ads by Google