Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 03 Cryptanalysis Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec.

Published byVille Toivonen Modified over 6 years ago

Similar presentations

Presentation on theme: "Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 03 Cryptanalysis Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec."— Presentation transcript:

1 Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec
03 Cryptanalysis Kai Bu

2 Cryptanalysis? What’s cryptanalysis? Dissect the word

3 Cryptanalysis the science and art of breaking ciphers

4 Cryptography the science and art of designing ciphers

5 Cryptology Cryptography Cryptanalysis
Together they are the focus of cryptology (crypto)

6 Cryptology Cryptography Cryptanalysis
Cryptography was covered in previous lectures; Today we’ll be focusing on cryptanalysis.

7 Cryptanalysis Mentioned this comic as an example
Kinda illustrate the goal of cryptanalysis

8 Cryptanalysis is hard Obviously, cryptanalysis is hard

9 Cryptanalysis is hard 2-to-4096 possibilities 24096!

10 Cryptanalysis password cracking 24096!
Consider it as your password of 4096 bits 24096!

11 Cryptanalysis password cracking 24096! – Try them all!
brute force attack

12 Cryptanalysis password cracking 24096! – Try them all!
brute force attack…meh

13 Cryptanalysis password cracking 24096! – Try only 3 of them!
strategic random guessing

14 Cryptanalysis password cracking 24096! – Try only 3 of them!
What strategies to use to boost attacking success rate? 24096! – Try only 3 of them! strategic random guessing?

15 Cryptanalysis password cracking 24096! – Try only 3 of them!
strategic random guessing: dictionary attack

16 Cryptanalysis password cracking nah… 24096! – Try only 3 of them!
strategic random guessing: dictionary attack

17 Cryptanalysis password cracking nah…
List of commonly used passwords A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. Adictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document. 24096! – Try only 3 of commonly used ones strategic random guessing: dictionary attack

18 Cryptanalysis password cracking
List of commonly used passwords A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document. 24096! – Try only 3 of commonly used ones! strategic random guessing: dictionary attack

19 Cryptanalysis other attacks? other strategies?

20 Cryptanalysis warm up with simple one time pad

21 OTP: One-Time Pad Example OTP
Both encryption and decryption require XOR computation;

22 OTP: One-Time Pad Key: a secret bit string s of length n
When Alice sends a message m of length n to Bob, Alice generates ciphertext c as: forall i = 1 to n: ci = mi⊕si Formal definition How to crack s?

23 OTP: One-Time Pad Key: a secret bit string s of length n
When Alice sends a message m of length n to Bob, Alice generates ciphertext c as: forall i = 1 to n: ci = mi⊕si How to crack s? given c?

24 OTP: One-Time Pad Key: a secret bit string s of length n
When Alice sends a message m of length n to Bob, Alice generates ciphertext c as: forall i = 1 to n: ci = mi⊕si How to crack s? given c? know m!

25 OTP: One-Time Pad Key: a secret bit string s of length n
When Alice sends a message m of length n to Bob, Alice generates ciphertext c as: forall i = 1 to n: ci = mi⊕si Discussion: cases of knowing plaintext messages m; How to crack s? given c? exercise m=0

26 OTP: One-Time Pad Key: a secret bit string s of length n
When Alice sends a message m of length n to Bob, Alice generates ciphertext c as: forall i = 1 to n: ci = mi⊕si How to crack s? given c? exercise m=0 How to know plaintexts? How to know OTP in use?

27 OTP: One-Time Pad Key: a secret bit string s of length n
When Alice sends a message m of length n to Bob, Alice generates ciphertext c as: forall i = 1 to n: ci = mi⊕si Discussion: cases of knowing plaintext messages m; How to crack s? given c? exercise m=0 How to know plaintexts? How to know OTP in use? all security should reside in the key, not the alg

28 Known-Plaintext Attack
Given ciphertext and plaintext of the corresponding messages; P1, C1 = Ek(P1),…,Pi, Ci=Ek(Pi) Task Find key k; Or algorithm to infer Pi+1 from Ci+1

29 Chosen-Plaintext Attack
Given plaintext and ciphertext pairs; can choose plaintext: P1, C1 = Ek(P1),…,Pi, Ci=Ek(Pi) with chosen P1…Pi; Task Find key k; Or algorithm to infer Pi+1 from Ci+1

30 Adaptive Chosen-Plaintext Attack
Given plaintext and ciphertext pairs; can choose plaintext; can modify choice depending on results of previous encryption: P1, C1 = Ek(P1),…,Pi, Ci=Ek(Pi) Task Find key k; Or algorithm to infer Pi+1 from Ci+1

31 Chosen-Ciphertext Attack
Given ciphertext and plaintext pairs; can choose ciphertext; C1, P1 = Dk(C1),…,Ci, Pi=Dk(Ci) Task Find key k; Or algorithm to infer Pi+1 from Ci+1

32 emm, you can’t always get what you want

33 Ciphertext-Only Attack
Known-Ciphertext Attack The attacker has access only to a set of ciphertexts The attack is completely successful if the corresponding plaintexts or the key can be deduced  In cryptography, a ciphertext-only attack (COA) or known ciphertext attack is an attack model for cryptanalysis where the attacker is assumed to have access onlyto a set of ciphertexts. The attack is completely successful if the corresponding plaintexts can be deduced (extracted) or, even better, the key.

34 do I have to crack the key?

35 secure communication against adversaries hack to secure
Cryptanalysis is the study of analyzing information systems in order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. For example, two entities secretly meet up at lab; Every time using the same key, and thus get the same ciphertext; Initially (at the first several rounds), the adversary may not know what the ciphertext means; mrj ??? jzk txh meet at lab meet at lab asdfghjkl

36 secure communication against adversaries hack to secure
However, by coincidences, the adversary notices that every time after two entities say “a-l”, they’ll both appear at the lab; The adversary then speculates that the ciphertext “a-l” from entity A to entity B syncs their meetup in lab; mrj : see both in lab : each time a-l jzk txh meet at lab meet at lab asdfghjkl

37 secure communication against adversaries hack to secure
Replay Attack secure communication against adversaries hack to secure Replay attack: Based on that observation, the adversary can simply replay the same message/ciphertext “a-l” to entity B, Making B believes that the message is from entity A, and goes to the lab; mrj : Replay *&#!%$ jzk txh asdfghjkl meet at lab

38 secure communication against adversaries how to defend?
Replay Attack secure communication against adversaries how to defend? How to secure the communication against the replay attack? Discussion mrj : Replay *&#!%$ jzk txh asdfghjkl meet at lab

39 Replay Attack Defense: Limit Message Freshness Timestamp
One-time session key

40 do I have to crack the key?

41 can I own the key?

42 secure communication against adversaries
shared secret key mrj jzk txh hello, txh

43 what if the attacker hijacks key-channel?
shared secret key mrj jzk txh hello, txh

44 Man-In-The-Middle Attack
what if the attacker hijacks key-channel? hijacked shared secret key key1 key2 mrj jzk txh hello, txh

45 Man-In-The-Middle Attack
MITM Defense: Guarantee Connection Authenticity

46 again, do I have to crack the key?

47

48 Relay Attack

49 Relay Attack how to defend?

50 Relay Attack Defense: Distance Bounding?

51 Relay Attack Defense: Distance Bounding
is response time impractically long? RTT = 2*distance/velocity

52 Relay Attack Defense: Distance Bounding
is response time impractically long? RTT = 2*distance/velocity additional transmission delay

53 finally, can I crack the key w/o tangling w/ messages?

54 Program: Control Flow Graph

55 Program: Control Flow Graph
build CFG over memory access patterns

56 Program: Control Flow Graph
keybit=0 keybit=1 build CFG over memory access patterns

57 Side Channel Attack keybit=0 keybit=1 use CFG to infer key bits

58 Side Channel Attack defense: obfuscate memory access patterns keybit=0

59 Review Cryptanalysis Terminology Replay Attack MITM Attack
Relay Attack Side Channel Attack

60 ?

61 emm, project…

62 Announcement Project Proposal: 05% 2019.03.05, 14:05 – 17:30
~ 5 min / group Requirements Grading Topic? Why important? C Existing solutions? B Limitations? Your solution? A

63 Thank You be on the road Run your own race.

64 Reading Cryptanalysis by Sourav Mukhopadhyay

Download ppt "Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 03 Cryptanalysis Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec."

Similar presentations

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  
Chapter 1 Introduction Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li

Chapter 1 Introduction Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.

One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
National Institute of Science & Technology Cryptology and Its Applications Akshat Mathur [1] Cryptology and Its Applications Presented By AKSHAT MATHUR.

National Institute of Science & Technology Cryptology and Its Applications Akshat Mathur [1] Cryptology and Its Applications Presented By AKSHAT MATHUR.
Network Security Lecture 10 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 10 Presented by: Dr. Munam Ali Shah.
Classical Crypto By: Luong-Sorin VA, IMIT Dith Nimol, IMIT.

Classical Crypto By: Luong-Sorin VA, IMIT Dith Nimol, IMIT.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
CRYPTOGRAPHY & NETWORK SECURITY Introduction and Basic Concepts Eng. Wafaa Kanakri Computer Engineering Umm Al-Qura University.

CRYPTOGRAPHY & NETWORK SECURITY Introduction and Basic Concepts Eng. Wafaa Kanakri Computer Engineering Umm Al-Qura University.
Overview of Cryptography & Its Applications

Overview of Cryptography & Its Applications
CSCI 391: Practical Cryptology Introduction. Definitions Digital encryption techniques are used to protect data in two ways: to maintain privacy and to.

CSCI 391: Practical Cryptology Introduction. Definitions Digital encryption techniques are used to protect data in two ways: to maintain privacy and to.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
INCS 741: Cryptography Overview and Basic Concepts.

INCS 741: Cryptography Overview and Basic Concepts.

Similar presentations

Ads by Google