Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Published byKevin Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use."— Presentation transcript:

1 General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use this presentation to promote computer science education in the U.S. and around the world. For more information about the Bridges Program, please visit our website at: http://bridges.brooklyn.cuny.edu/http://bridges.brooklyn.cuny.edu/ Disclaimers: IMAGES : All images in this presentation were created by our Bridges to Computing staff or were found online through open access media sites and are used under the Creative Commons Attribution-Share Alike 3.0 License. If you believe an image in this presentation is in fact copyrighted material, never intended for creative commons use, please contact us at http://bridges.brooklyn.cuny.edu/ so that we can remove it from this presentation.http://bridges.brooklyn.cuny.edu/ LINKS : This document may include links to sites and documents outside of the "Bridges to Computing" domain. The Bridges Program cannot be held responsible for the content of 3 rd party sources and sites. Bridges To Computing

2 Introduction to Cryptology I Cryptography & Cryptanalysis M. Meyer Bridges To Computing 2010

3 Table of Contents Resources Defined History Purpose of Cryptography Types of Cryptography Trust and Trust Models

4 Resources For detailed information: o An Overview of Cryptography - by Gary C. Kessler: http://www.garykessler.net/library/crypto.html http://www.garykessler.net/library/crypto.html o Wikipedia actually has a good entry for cryptography: http://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cryptography o Free PGP software can be gotten from the GNU-PG: http://www.gnupg.org/ http://www.gnupg.org/ Limited but easier/fun resources: o Build some secret coding devices: http://www.unmuseum.org/excoded.htm http://www.unmuseum.org/excoded.htm o Creating & breaking substitution ciphers: http://www.physicspost.com/articles.php?articleId=174 http://www.physicspost.com/articles.php?articleId=174

5 Definitions Cryptography : (from the Greek kryptos, "hidden, secret"; and gráphō, "I write") the practice and study of hiding information. Cryptanalysis : the study of methods for obtaining the meaning of encrypted information. Cryptology :... basically, the study of both of the items above. Code : An alternate expression of some unit of information, designed to condense and/or obfuscate that information. Cipher : An algorithm used to encode information.

6 SPARTA!!! One of the earliest encryption devices was the Spartan Scytale (c 500 B.C.) which consisted of a ribbon wrapped around a dowel of a particular diameter and length. The secret message was written on the ribbon while the ribbon was wrapped on the dowel. The ribbon was then removed and transported to the other field commander who had an identical dowel. If the ribbon was intercepted it look like jumble of letters. Officially this kind of encryption would be called a "transposition" cipher.

7 THIS IS A SCYTALE!!!

8 Cryptanalysis - 1 Question 1: If you didn't have the dowel and intercepted the message, could you still break the code? How? Question 2: What were (and are) the limitations of the Scytale cipher? More information on (and examples of) transposition ciphers can be found here: http://www.counton.org/explorer/codebreaking/transpositi on-ciphers.php http://www.counton.org/explorer/codebreaking/transpositi on-ciphers.php NOTE: A Russian spy ring, broken up in 2008 was sending messages embedded in letters (first letter of each row) using a form of transposition cipher (rail-fence).

9 Hail Caesar!!! One of the simplest examples of a substitution cipher is the Caesar cipher, which is said to have been used by Julius Caesar. Caesar decided that shifting each letter in a message would be his standard algorithm, and so he informed all of his generals of his decision, and was then able to send them secured messages.

10 Caesar Cipher Using the Caesar Shift (3 to the right), the message, "RETURN TO ROME" would be encrypted as, "UHWXUA WR URPH" Technically the Caesar cipher is a shift cipher, since the cipher-text is derived from the plain-text alphabet by shifting each letter a certain number of spaces. Other substitution ciphers such as the St. Cyr Cipher are also substitution ciphers.

11 Cryptanalysis (2) Question 1: If you don't have the "shift" and intercepted the message, could you still break the code? How? Question 2: How could the Caesar cipher be made stronger?

12 Brute Force The Caeser cipher was successful because it was used in a time when most people couldn’t read regular text, much less understand the concept of encoded text. Question: Given an message, how many different encodings are possible using the Caeser cipher (hint how many letters are in the alphabet). Break this code if you can: FG EGJW LZSF LOWFLQ XANW LJAWK SJW FWUUWKSJQ http://www.secretcodebreaker.com/caesar- cipher.html http://www.secretcodebreaker.com/caesar- cipher.html

13 Letter Frequency Heuristics refers to experience-based techniques for problem solving and discovery. In most languages certain letters are used far more frequently than other letters. For English letters (most too least common): e t a o i n s r h l d c u m f p g w y b v k x j q z You can use letter frequency to help you crack a Caesar Ciphered message by counting the frequency of encrypted letters. The most popular encrypted letter is likely to translate to 'e' 't' or 'a'.

14 Word Frequency Just as certain letters are more popular then other letters in a given language, certain words are more likely to appear than other words. For example the top 20 most common words in the English Language are: The of and a to in is you that it he was for on are as with his they I If a coded message still has spaces in it word frequency is especially easy to use!! Example: VLR XKA F HKLT QEB PBZOBQ. Note: Another “frequency heuristic” is repeated letter frequency: KWW TWW TGGC ZGGC

15 Organized Cryptanalysis In the 9th century a Muslim scholar named Al-Kindi wrote his "Manuscript for the Deciphering of Cryptographic Messages", Among his many contributions was the observation that the frequency of the letters in languages, make most substitution ciphers a very weak form of encryption. In his book he also described a wide variety of cryptanalysis techniques, including some that could be used for polyalphabetic ciphers.

16 Polyalphabetic ciphers From the 9th century on, most serious cryptography attempts moved into the realm of polyalphabetic ciphers. A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. Polyalphabetic ciphers were used as far back as the 8 th century and were in widespread use well into the 1960’s. The Enigma machine a famous cryptographic device used by the Nazi’s in WWII was a very complex machine but still fundamentally at its core it used a polyalphabetic substitution cipher.

17 Vigenère cipher The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case. Just like a Caesar cipher I am going to shift letters. But for each letter, I might use a different shift. Example: Vigenere cipher with shift keys (1,2,3) DOG becomes: EQJ Rather than using numbers (like 1,2,3) Vigener ciphers often used a “key phrase” that is a word or phrase that was used to make the shift, letter by letter.

18 Vigenère Table

19 Vigenère Example First line is the original message. Second line is the cipher key phrase. Third line is encrypted message. Online Resource: http://sharkysoft.com/misc/vigenere/ SECRETMESSAGE KEYPHRASEKEYP CIAGLKMWWCEET

20 Cryptanalysis (3) For many years the Vigenère Cipher was considered unbreakable! It was finally cracked by the British cryptographer Charles Babbage in 1854. You may remember Babbage from the lecture on the History of Computer Science. Babbage identified a series of steps that could be taken to break a message encoded using a Vigenère cipher, provided that: 1.The key use was shorter than the message enciphered! 2.The message itself is long enough that the key is used repeatedly (even better would be multiple message encoded with they key)!

21 Babbage's Method 1.Search for sequences of letters that appear more than once in the encoded text. o The most likely reason for such repetitions is that the same sequence of letters in the plaintext has been enciphered using the same part of the keyword. 2.Graph all of the repeated letter sequence by how many letter separate the repetition. 3.Try and find the least common denominators (factors) used by the repeated sequences. 4.Find the most common factor among all repeated sequences. 5.This is most likely the length of the key used to encode the message!!!

22 Babbage's Method (2)

23 Babbage's Method (3) With the key length in hand the message can be broken up into columns the width of the key. Letter frequency analysis can then be applied to each column! With a little bit of work the message can be translated and then the key itself can be derived for future use. Resource Link: http://www.simonsingh.net/The_Black_Chamber/cr acking_example.html http://www.simonsingh.net/The_Black_Chamber/cr acking_example.html

24 Babbage's Method (4)

25 One Time Pass But what about Vigenère Ciphers that don't repeat their keys (where key is as long as the message)? Believe it or not, such ciphers, (provided that the key is random, the same length as the message, and never used again) ARE unbreakable. The one time key, or one time pass, cipher is unbreakable because you can, with time, find a key for such a message that will generate any phrase that you wish. Example: The coded text-> optsqkles Could mean ->surrender Or ->attacknow

26 Enigma During WWII Alan Turing helped create a electromechanical machine (computer) to help break Enigma codes. The computer age completely changed our approach to cryptology. "Nazis. I hate these guys." - Indiana Jones

27 Computers "The development of digital computers and electronics after WWII made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any data represent able in any binary format, unlike classical ciphers which only encrypted written language texts." Computer use has thus supplanted linguistic cryptography, both for cipher design and cryptanalysis. Modern cryptography is largely mathematically based.

28 General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use this presentation to promote computer science education in the U.S. and around the world. For more information about the Bridges Program, please visit our website at: http://bridges.brooklyn.cuny.edu/http://bridges.brooklyn.cuny.edu/ Disclaimers: IMAGES : All images in this presentation were created by our Bridges to Computing staff or were found online through open access media sites and are used under the Creative Commons Attribution-Share Alike 3.0 License. If you believe an image in this presentation is in fact copyrighted material, never intended for creative commons use, please contact us at http://bridges.brooklyn.cuny.edu/ so that we can remove it from this presentation.http://bridges.brooklyn.cuny.edu/ LINKS : This document may include links to sites and documents outside of the "Bridges to Computing" domain. The Bridges Program cannot be held responsible for the content of 3 rd party sources and sites. Bridges To Computing

29 Introduction to Cryptology I Cryptography & Cryptanalysis M. Meyer Bridges To Computing 2010

30 The End

31 Modern Cryptography - Purpose Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) Non-repudiation: A mechanism to prove that the sender really sent this message.

32 Cryptographic Algorithms There are several ways of classifying cryptographic algorithms. We will categorized them by the number of keys that are employed for encryption and decryption o Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption. o Public Key Cryptography (PKC): Uses one key for encryption and another for decryption. o Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information.

33

34 SKC - Secret Key With secret key cryptography, a single key is used for both encryption and decryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key. SKC algorithms fall into two general groups: Block Ciphers and Stream Ciphers.

35 SKC - Block Ciphers

36 Modern PKC Standards Data Encryption Standard (DES) and it's replacement Triple-DES (3DES) are the two most well known PKC standards. They are used for creating passwords for computers and for low-level security protocols for network communication. They are breakable and vulnerable to specific kinds of attacks. o If I can get enough of the messages that are encoded with the key. o If the text I am looking to find is an English word of phrase.

37 The problem of the key Even if I am going to use a one-time pass encryption key (in theory, unbreakable) to send you a message, I have a problem.... namely, you will need the key yourself, to decode the message. How then, can I get you the key safely? This problem was unanswerable until the late 1970's and the world had the problem that if a spy managed to steal the codebook from you, then all of your messages could then be read.

38 PKC - Public Key "Public-key cryptography has been said to be the most significant new development in cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key. PKC depends upon the existence of so-called one-way functions, or mathematical functions that are easy to computer whereas their inverse function is relatively difficult to compute. Let me give you two simple examples:"

39 PKC continued Multiplication vs. factorization: Suppose I tell you that I have two numbers, 9 and 16, and that I want to calculate the product; it should take almost no time to calculate the product, 144. Suppose instead that I tell you that I have a number, 144, and I need you tell me which pair of integers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer because you first need to find the 8 pair of integer factors and then determine which one is the correct pair.

40 PKC continued Exponentiation vs. logarithms: o Suppose I tell you that I want to take the number 3 to the 6th power; again, it is easy to calculate 3^6=729. o But if I tell you that I have the number 729 and want you to tell me the two integers that I used, x and y so that log(x) 729 = y, it will take you longer to find all possible solutions and select the pair that I used. o There may in fact be more then one pair.

41 PKC - Standards The first, and still most common, PKC implementation, is named for the three MIT mathematicians who developed it — Ronald R ivest, Adi S hamir, and Leonard A dleman. RSA today is used in hundreds of software products and can be used for key exchange, digital signatures, or encryption of small blocks of data. The main idea, is that each of the keys is derived from the factoring of an extremely large prime number. AND what is encoded with one key, can only be decoded with the other.

42 Hash Algorithms Hash functions, also called message digests and one- way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file. Popular Hash Algorithm MD5.

43 Why 3 types?

44 Trust Models (1) Secure use of cryptography requires trust. SKC can ensure message confidentiality and hash codes can ensure integrity, but none of this works without trust. In SKC, Alice and Bob had to share a secret key. PKC solved the secret distribution problem, but how does Alice really know that Bob is who he says he is? Just because Bob has a public and private key, and purports to be "Bob," doesn't mean that he is Bob.

45 Trust Models There are a number of trust models employed by various cryptographic schemes: PGP- The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys. Kerberos- a secret key distribution scheme using a trusted third party. Certificates- which allow a set of trusted third parties to authenticate each other and, by implication, each other's users

46 The End

Download ppt "General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
A Presentation by: ~Ksenia Potapov ~Amariah Condon ~Janette Fong ~Janice Lau CRYPTOGRAPHY.

A Presentation by: ~Ksenia Potapov ~Amariah Condon ~Janette Fong ~Janice Lau CRYPTOGRAPHY.
Cryptography The science of writing in secret code.

Cryptography The science of writing in secret code.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Cryptography CS-103 Chapter 8. History Humans have been devising systems to encode information for at least 4000 years.Humans have been devising systems.

Cryptography CS-103 Chapter 8. History Humans have been devising systems to encode information for at least 4000 years.Humans have been devising systems.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.

What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques

Similar presentations

Ads by Google