Download presentation
Presentation is loading. Please wait.
1
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Cryptanalysis of the SIGABA and Related Cryptosystems Michael S. Lee Master’s Thesis Defense June 11 th, 2003
2
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Thesis Committee Alan Konheim, Chair Richard Kemmerer Giovanni Vigna
3
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Overview Introduction Rotors Rotor-based Cryptosystems Previous Work Cryptanalysis Conclusion Introduction
4
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Overview Introduction Rotors Rotor-based Cryptosystems Previous Work Cryptanalysis Conclusion Rotors
5
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Overview Introduction Rotors Rotor-based Cryptosystems Previous Work Cryptanalysis Conclusion Rotor Systems
6
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Overview Introduction Rotors Rotor-based Cryptosystems Previous Work Cryptanalysis Conclusion Previous Work
7
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Overview Introduction Rotors Rotor-based Cryptosystems Previous Work Cryptanalysis Conclusion Cryptanalysis
8
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Overview Introduction Rotors Rotor-based Cryptosystems Previous Work Cryptanalysis Conclusion
9
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Introduction Feel free to ask questions Use the handout Introduction
10
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Cryptography in 3 Minutes Cryptography –Encryption –Decryption –Transposition –Substitution Monoalphabetic Polyalphabetic Cryptanalysis Introduction ABCDEFGHIJKLMNOPQRSTUVWXYZ 012345678910111213141516171819202122232425 x transposition_ y rtnapssotioi_n x substitution y vxevwlwxwlrq
11
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Rise of the Machines A lot of arithmetic People are bad at arithmetic Machines are developed for –Speed –Accuracy Introduction
12
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense State of the Art – 1400s Cryptographic machines –Mechanical Introduction Jefferson’s Cipher Machine
13
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense State of the Art – 1930s Cryptographic machines –Electromechanical Introduction German Enigma American SIGABA
14
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Tangent: Cryptographic Rotors Rotors Disc Axis Teeth Contacts Internal Wiring A Rotor
15
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Rotor Wiring Rotors are wired using a 1-to-1 mapping Rotors
16
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Rotor Wiring This substitution is denoted y i = (x i ) Rotors Substitution Table xixi 0123456789101112 (xi)(xi) 111310242022259237480 xixi 13141516171819202122232425 (xi)(xi) 146181521219317116512 ABCDEFGHIJKLMNOPQRSTUVWXYZ 012345678910111213141516171819202122232425
17
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Polyalphabetic Substitutions If the rotor moves, it could describe different substitutions as it advances Rotors
18
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Polyalphabetic Substitutions The encryption equation using the shift: y i = (x i – A i ) + A i y i = ( D – 4) + 4 y i = (25) + 4 y i = 12 + 4 The original can be used regardless of the shift. Rotors ABCDEFGHIJKLMNOPQRSTUVWXYZ 012345678910111213141516171819202122232425 y i = (3 – 4) + 4 = Q Substitution Table xixi 012 … 101112 (xi)(xi) 111310480 xixi 131415 … 232425 (xi)(xi) 1461816512
19
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Polyalphabetic Substitutions If the rotor moves, it could describe different substitutions as it advances Rotors
20
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Multiple Rotors Using more than one rotor gives: –Longer Period –Greater Complexity Rotors must move independently, intelligently Rotors
21
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Multiple Rotors Encryption equation with multiple rotors: y i = n ( … 2 ( 1 (x i – A i ) + A i – B i ) + B i … – N i ) + N i Rotors
22
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Interval Wiring Rotors should produce many different substitutions Straight-through wiring Interval method wiring Rotors
23
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense SIGABA v. Enigma Problems with the Enigma –Reflecting rotor –Predictable rotor movements –Key Exchange Problem Rotor Systems
24
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Cipher Rotors Rotor Systems Plaintext Letter From Keyboard Ciphertext Letter to Printer Control Signals
25
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Stepping Maze – Index Rotors Rotor Systems
26
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Stepping Maze – Control Rotors Rotor Systems Active Signals Stepping Signals
27
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense SIGABA Usage Insert Index (small) Rotors (from key list) Insert the 10 big rotors (line up O s) Check for errors in rotor placement Line up O s again Set Control Rotors to message indicator Begin encryption During encryption, Z is treated as a space Rotor Systems
28
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Previous Work Savard-Pekelney Cryptanalysis [1999] –Exhaustive Key Trial log 2 (10! × 2 10 × 26 5 × 10 5 ) = 71.9 –Multiple Ciphertext Cryptanalysis Intercept many (10-15) ciphertexts such that… Every ciphertext uses the same key Isolate movements of the outer rotors (C 1 and C 5 ) Recover substitutions of outer rotors Continue with inner rotors Previous Work
![IntroConcAnalysisPreviousSystemsRotors Michael Lee – Thesis Defense Previous Work Savard-Pekelney Cryptanalysis [1999] –Exhaustive Key Trial log 2 (10.](http://images.slideplayer.com./20/6040238/slides/slide_28.jpg "× 2 10 × 26 5 × 10 5 ) = 71.9 –Multiple Ciphertext Cryptanalysis Intercept many (10-15) ciphertexts such that… Every ciphertext uses the same key Isolate movements of the outer rotors (C 1 and C 5 ) Recover substitutions of outer rotors Continue with inner rotors Previous Work.")
29
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Preliminaries – Cribbing A crib is a segment of text believed to appear in the plaintext Cribbing is the search for the crib within the ciphertext Choosing good cribs is not difficult Cryptanalysis
30
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Preliminaries – Rotorstreams The SIGABA uses the stepping maze We can simulate stepping maze outputs A rotorstream, denoted a, is defined as: a = (a 0, a 1, …, a n-2 ), a i {0,1} A i = A 0 if i=0 A i = A i-1 + a i-1 otherwise Breaking this model is at least as difficult as breaking the SIGABA Cryptanalysis
31
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense One-Rotor – Overview Given –ciphertext enciphered with 1 rotor –a crib in the ciphertext Find –internal wiring –the position of the crib Potential work: 2 s, where s is length of y Cryptanalysis
32
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense One-Rotor – Strategy Assume the crib is at a certain position Generate a bitstream Check the bitstream against the guessed position by looking for inconsistencies Consistency test: y i – A i = (x i – A i ) y i – A i = y j – A j x i – A i = x j – A j Cryptanalysis
33
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense One-Rotor – Strategy 01 00011011 000001010011100101110111 Extend the rotorstream bit by bit, and discard candidates that have associated contradictions Cryptanalysis
34
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense One-Rotor – Contradiction! Cryptanalysis i 012345678910 aiai 0110011011 AiAi 00122234456 xixi COMPUTERCOM x i -A i COLNSRBNYJG y i -A i EGKHASWHNPH yiyi EGLJCUZLRUN
35
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense One-Rotor – Success! Cryptanalysis i 012345678910111213141516171819 aiai 0110011010001111001 AiAi 001222344555567899910 xixi COMPUTERCOMMUNICATIO x i -A i COLNSRBNYJHHPHBURKZE y i -A i EGKHASWHNPIIFIWXSLMT yiyi EGLJCUZLRUNNKODFBUVD
36
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense One-Rotor – Finding the Crib Cryptanalysis CribCrib Position Length012345678910111213141516 221222222222222221 422234444344444222 66648 88881216 66668 8426241725125310378 5421266116423571614 122432438537831117 14213143 162573 1887 20101 2230 2442 2624 2812 304 ::
37
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense One-Rotor – Results After running the algorithm with a sufficiently long crib (~20 chars), we find: –The location of the crib in the ciphertext –A portion of the rotor’s internal wiring With a longer crib (~60 chars), the internal wiring can be fully determined. Cryptanalysis
38
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Overview Previous attack needs too much crib. (~60 chars even for the single-rotor case) New attack model assumes that a machine has been captured. Given rotor wirings and a ciphertext, find –Plaintext –The order of the cipher rotors –The rotors’ positions and rotorstreams Cryptanalysis
39
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Strategy First, find the position of the crib in the ciphertext. Find the positions of the cipher rotors at that point in the ciphertext. Extend the crib from that position to recover the entire plaintext. Cryptanalysis
40
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Cribbing Previous attack: –We knew a long crib –Looked for inconsistencies in the substitution Current attack: –We know the substitution –Look for rotor movements that contradict the known substitution Cryptanalysis
41
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – More Cribbing Assume the crib starts at a certain point Consider the first letter pair (x 0,y 0 ) Find positions (A 0, B 0 ) that could produce that pair (one position per rotor) For each set of positions, try the next pair (A i+1, B i+1 ) { (A i, B i ), (A i, B i +1), (A i +1, B i ), (A i +1, B i +1) } Cryptanalysis
42
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Yet More Cribbing Many of the new (A i+1, B i+1 ) will not lead to positions consistent with (x i+1, y i+1 ) Continue with the survivors and process the other crib letters Now for an SSH Example! Cryptanalysis
43
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Finding the Crib Cryptanalysis CribCrib Position Length012345678910111213141516171819 1272423 242729 301827152729243223222720 23625284671442828242 3112111221 41 51 61 :: CribRotor Order Length 1R 2R 2R 1R 1500516538507500538516507 28074859375878273 3129169 1113 4111121 511 61 ::
44
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Results of Cribbing After cribbing, we know –The order of the cipher rotors –The position of the crib within the text –The rotational positions of the rotors at the crib The next step uses this information to recover the rest of the plaintext Cryptanalysis
45
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Extending the Crib There are 2 n ways that n rotors can move after each letter is encrypted. To decipher m letters, the total number of possible rotorstreams is (2 n ) m. Strategy: –Generate rotorstreams of increasing length –Test for and discard bad rotorstreams Cryptanalysis
46
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Test 1 – Markov Model Markov models statistical models that can be applied to languages The model is created from statistical properties of a sample of text The sample used in this project is the text of English novels totaling 6MB Cryptanalysis
47
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Test 1 – Markov Model First count all the 2-grams and 3-grams count 2 (i,j) count 3 (i,j,k) Compute relative probability of 2-grams twograms = count 2 (i,j) (i,j) = count 2 (i,j) / twograms Compute conditional probability of 3-grams P(k / (i,j)) = count 3 (i,j,k) / count 2 (i,j) (i,j) and P(k / (i,j)) form the Markov model Cryptanalysis i,j
48
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Test 1 – Markov Model Test a string S=(s 0,s 1,…,s m-1 ) with the model X : Pr(X 0 =s 0,X 1 =s 1,…,X m-1 =s m-1 ) = (s 0,s 1 ) P(s i / (s i-2,s i-1 )) Higher scores are more likely to be English A cutoff can be used to eliminate low scores Problems: –False positives –False negatives Cryptanalysis i=2 m-1
49
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Test 2 – aspell/pspell Standard spell checking utilities in Unix A “word” is any group of letters between spaces Every word is checked using pspell Problems: –False positives –False negatives Custom word lists can be developed Cryptanalysis
50
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Test 3 – Manual Removal When 3 or more rotors are used, there are still too many strings that pass The user can be asked to weed out bad strings Another SSH example! Cryptanalysis
51
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense n-Rotor – Conclusion Each of the three steps filters out a huge number of possible plaintexts Even so, there is a lot of computation Adding more rotors will make the problem harder, but still manageable Cryptanalysis
52
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Conclusion The SIGABA represents advanced rotor- based cryptosystem design Methods have been proposed that will compromise SIGABA and similar cryptosystems where rotors are advanced by pseudorandom bitstreams Conclusion
53
IntroConcAnalysisPreviousSystemsRotors 111000010100001000101100101101001001111001101010100100101000011101101011100000100111000011011101001000110100101010001110011010011111100100100 111000111100111001001011010000111001111011010101010111000100111110011111011000110101001110001101101000011010001110101010101010111011101000010 Michael Lee – Thesis Defense Thank You for Coming! Note stereotypical use of “random” bits for decoration Sponsored by Alpha Team – F’02 “We 0wn3d gorbels and cdidit” I’ve only used PPT twice in my life … both times were for Dr. Konheim … he hates Powerpoint … so do I Conclusion Curby
Similar presentations
