Date post: | 24-Feb-2018 |
Category: |
Documents |
Upload: | yazanalomari |
View: | 225 times |
Download: | 0 times |
of 54
7/25/2019 Ch2 Classical Encryption
1/54
Classical Encryption
Techniques
Information System Security
Lecture 1
7/25/2019 Ch2 Classical Encryption
2/54
Classical encryption techniques
As opposed to moderncryptography
Goals:
to introduce basic concepts & terminology of
encryption
to prepare us for studying moderncryptography
2
7/25/2019 Ch2 Classical Encryption
3/54
Basic terminology
Plaintext: original message to beencrypted
Ciphertext: the encrypted message nciphering or encryption: the process of
con!erting plaintext into ciphertext
ncryption algorithm: performs encryption
"#o inputs: a plaintextand a secret $ey
3
7/25/2019 Ch2 Classical Encryption
4/54
%ymmetric Cipher odel
4
7/25/2019 Ch2 Classical Encryption
5/54
'eciphering or decryption: reco!ering
plaintext from ciphertext 'ecryption algorithm: performs decryption
"#o inputs: ciphertext and secret $ey
%ecret $ey: same $ey used for encryption
and decryption
Also referred to as a symmetric $ey
5
7/25/2019 Ch2 Classical Encryption
6/54
Cipher orcryptographic system : a scheme
for encryption and decryption Cryptography: science of studying ciphers
Cryptanalysis:science of studying attac$s
against cryptographic systems
Cryptology: cryptography ( cryptanalysis
6
7/25/2019 Ch2 Classical Encryption
7/54
Ciphers
%ymmetric cipher: same $ey used forencryption and decryption
Bloc$ cipher: encrypts a bloc$ of plaintext at a
time )typically *+ or ,-. bits/
%tream cipher: encrypts data one bit or one byte
at a time
Asymmetric cipher: different $eys used forencryption and decryption
7
7/25/2019 Ch2 Classical Encryption
8/54
%ymmetric ncryption
or con!entional 0 secret1$ey 0 single1$ey
sender and recipient share a common $ey
all classical encryption algorithms aresymmetric
only type of ciphers prior to the in!ention
of asymmetric1$ey ciphers in ,2345s by far most #idely used
7/25/2019 Ch2 Classical Encryption
9/54
%ymmetric Cipher odel
!
7/25/2019 Ch2 Classical Encryption
10/54
%ymmetric ncryption
athematically: Y 6 K)X/ or Y6 )K7X/
X 6 'K)Y/ or X6 ')K7 Y/
X6 plaintext Y 6 ciphertext K6 secret $ey
6 encryption algorithm ' 6 decryption algorithm Both and ' are $no#n to public
1"
7/25/2019 Ch2 Classical Encryption
11/54
Cryptanalysis
Objective: to recover the plaintext of a ciphertextor, more typically, to recover the secret key.
Kerkhoffs principle: the adversary knows alldetails about a cryptosystem except the secret key.
Two eneral approaches:brute!forceattack
non!brute!forceattack "cryptanalytic attack#
11
7/25/2019 Ch2 Classical Encryption
12/54
Brute18orce Attac$
"ry e!ery $ey to decipher the ciphertext9
n a!erage7 need to try half of all possible $eys
"ime needed proportional to si;e of $ey space
Key Size (bits) Number of AlternativeKeys
Time required at 1decryption/s
Time required at 1$decryptions/s
%& &%& ' (.% )*+ &%)s ' %-. minutes &.)- milliseconds
-$ &-$ ' /.& )*)$ &--s ' ))(& years )*.*) hours
)& &)& ' %.( )*% &)&/s ' -.( )*&(years -.( )*)years
)$ &)$ ' %./ )*-* &)$/s ' -.+ )*%$years -.+ )*%*years
&$ characters"permutation#
&$0 ' ( )*&$ & )*&$s ' $.( )*)&years $.( )*$years
12
7/25/2019 Ch2 Classical Encryption
13/54
13
Cryptanalytic Attac$s
ay be classified by ho# much
information needed by the attac$er:
Ciphertext1only attac$
7/25/2019 Ch2 Classical Encryption
14/54
14
Ciphertext1only attac$
Gi!en: a ciphertext c
=: #hat is the plaintext m>
An encryption scheme is completelyinsecure if it cannot resist ciphertext1only
attac$s9
7/25/2019 Ch2 Classical Encryption
15/54
15
=: #hat is the secret $ey in use>
7/25/2019 Ch2 Classical Encryption
16/54
16
Chosen1plaintext attac$
Gi!en: )m,7c,/7 )m-7c-/7 ?7 )m$7c$/7 #here
m,7m-7 ?7 m$are chosen by the
ad!ersary@ and a ne# ciphertext c9
=: #hat is the plaintext of c7 or #hat is the
secret $ey>
7/25/2019 Ch2 Classical Encryption
17/54
17
xample: chosen1plaintext attac$
n ,2+-7 % a!y cryptanalysts disco!ered that
Dapan #as planning an attac$ on EA8F9
"hey belie!ed that EA8F means id#ay island9
Pentagon didn5t thin$ so9
% forces in id#ay sent a plain message that their
fresh#ater supplies #ere lo#9
%hortly7 % intercepted a Dapanese ciphertext sayingthat EA8F #as lo# on #ater9
"his pro!ed that EA8F is id#ay9
7/25/2019 Ch2 Classical Encryption
18/54
1
Chosen1ciphertext attac$
Gi!en: )m,7c,/7 )m-7c-/7 ?7 )m$7c$/7 #here
c,7c-7 ?7 c$are chosen by the ad!ersary@
and a ne# ciphertext c9
=: #hat is the plaintext of c7 or #hat is the
secret $ey>
7/25/2019 Ch2 Classical Encryption
19/54
Classical Ciphers
Plaintext is !ie#ed as a sequence of
elements )e9g97 bits or characters/
%ubstitution cipher:replacing each element
of the plaintext #ith another element9
"ransposition )or permutation/ cipher:
rearranging the order of the elements of the
plaintext9 Product cipher: using multiple stages of
substitutions and transpositions
1!
7/25/2019 Ch2 Classical Encryption
20/54
Caesar Cipher
arliest $no#n substitution cipher
n!ented by Dulius Caesar
ach letter is replaced by the letter threepositions further do#n the alphabet9
Plain: a b c d e f g h i $ l m n o p q r s t u ! # x y ;
Cipher: ' 8 G H D < I P = J % " K L M N O A B C
xample: ohio stateJ
7/25/2019 Ch2 Classical Encryption
21/54
Caesar Cipher
athematically7 map letters to numbers:
a# $# c# %%%# y# '
"# 1# 2# %%%# 23# 24# 25
"hen the general Caesar cipher is:
c 6 K)p/ 6 )p ( k/ mod -*
p 6 'K)c/ 6 )c k/ mod -*
Can be generali;ed #ith any alphabet9
21
7/25/2019 Ch2 Classical Encryption
22/54
Cryptanalysis of Caesar Cipher
7/25/2019 Ch2 Classical Encryption
23/54
onoalphabetic %ubstitution Cipher
%huffle the letters and map each plaintext letter to a
different random ciphertext letter:
Plain letters: abcdefghi$lmnopqrstu!#xy;Cipher letters: '
7/25/2019 Ch2 Classical Encryption
24/54
onoalphabetic Cipher %ecurity
o# #e ha!e a total of -*T 6 + x ,4-*$eys9
Lith so many $eys7 it is secure against
brute1force attac$s9 But not secure against some cryptanalytic
attac$s9
Problem is language characteristics9
24
7/25/2019 Ch2 Classical Encryption
25/54
Ianguage %tatistics and Cryptanalysis
Human languages are not random9
Ietters are not equally frequently used9
n nglish7 is by far the most common letter7follo#ed by "7 J7 7 7 7 A7 %9
ther letters li$e O7 D7
7/25/2019 Ch2 Classical Encryption
26/54
nglish Ietter 8requencies
26
7/25/2019 Ch2 Classical Encryption
27/54
%tatistics for double & triple letters
n decreasing order of frequency
'ouble letters: th he an in er re es on7 ?
"riple letters:the and ent ion tio for nde7 ?
27
7/25/2019 Ch2 Classical Encryption
28/54
se in Cryptanalysis
7/25/2019 Ch2 Classical Encryption
29/54
xample Cryptanalysis
Gi!en ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relati!e letter frequencies )see next page/ Guess P7 OR 6 e7 tR
f double letters7 OL has highest frequency7 soguess OL 6 th and hence OLP 6 the
Proceeding #ith trial and error finally get:it was disclosd !st"da! t#at s$"al i%&o"'al ()t
di"ct co%tacts #a$ (% 'ad wit# *olitical
"*"s%tati$s o& t# $it co%+ i% 'oscow
2!
7/25/2019 Ch2 Classical Encryption
30/54
Ietter frequencies in ciphertext
P ,U9UU H Q9.U 8 U9UU B ,9*3 C 4944
O ,,9*3 ' Q944 L U9UU G ,9*3 < 4944
% .9UU Q944 = -9Q4 N ,9*3 I 4944
.9UU K +9,3 " -9Q4 49.U 4944
39Q4 M +9,3 A ,9*3 D 49.U J 4944
*9*3
3"
7/25/2019 Ch2 Classical Encryption
31/54
Playfair Cipher %ubstitution Cipher
ot e!en the large number of $eys in amonoalphabetic cipher pro!ides security9
ne approach to impro!ing security is toencrypt multiple letters at a time9
"hePlayfair Cipheris the best $no#nsuch cipher9
n!ented by Charles Lheatstone in ,.Q+7but named after his friend Baron Playfair9
31
7/25/2019 Ch2 Classical Encryption
32/54
Playfair
7/25/2019 Ch2 Classical Encryption
33/54
ncrypting and 'ecrypting
Plaintext is encrypted t#o letters at a time9
,9 f a pair is a repeated letter7 insert filler li$e VM59
-9 f both letters fall in the same ro#7 replace
each #ith the letter to its right )circularly/9
U9 f both letters fall in the same column7 replace
each #ith the the letter belo# it )circularly/9
+9 ther#ise7 each letter is replaced by the letterin the same ro# but in the column of the other
letter of the pair9
33
7/25/2019 Ch2 Classical Encryption
34/54
ncrypting and decrypting #ith Playfair
"he plaintext is encrypted two letters at a time:
,9Brea$ the plaintext into pairs of t#o consecuti!e letters-9f a pair is a repeated letter7 insert a filler li$e VMW in the plaintext7 eg9 SballoonS
is treated as Sba lx lo onS
U9f both letters fall in the same ro# of the $ey matrix7 replace each #ith the
letter to its right )#rapping bac$ to start from end/7 eg9 EAJS encrypts as SJS
+9f both letters fall in the same column7 replace each #ith the letter belo# it
)again #rapping to top from bottom/7 eg9 ES encrypts to SCSQ9ther#ise each letter is replaced by the one in its ro# in the column of the
other letter of the pair7 eg9 EH%S encrypts to SBPS7 and EAS to SS or SDS )as
desired/
X"he examples abo!e are based on this $ey matrix:
7/25/2019 Ch2 Classical Encryption
35/54
%ecurity of Playfair Cipher
qui!alent to a monoalphabetic cipher #ith analphabet of -* x -* 6 *3* characters9
%ecurity is much impro!ed o!er the simple
monoalphabetic cipher9
Las #idely used for many decades eg9 by % & British military in LL, and early LL-
nce thought to be unbrea$able9
Actually7 it canbe bro$en7 because it still lea!essome structure of plaintext intact9
35
7/25/2019 Ch2 Classical Encryption
36/54
Polyalphabetic %ubstitution Ciphers
A sequence of monoalphabetic ciphers ),7 -7
U7 9997 $/ is used in turn to encrypt letters9
A $ey determines #hich sequence of ciphers to
use9 ach plaintext letter has multiple corresponding
ciphertext letters9
"his ma$es cryptanalysis harder since the letterfrequency distribution #ill be flatter9
36
7/25/2019 Ch2 Classical Encryption
37/54
KigenYre Cipher
%implest polyalphabetic substitutioncipher
Consider the set of all Caesar ciphers:
Ca7 Cb7 Cc7 9997 C;R
7/25/2019 Ch2 Classical Encryption
38/54
xample of KigenYre Cipher
7/25/2019 Ch2 Classical Encryption
39/54
7/25/2019 Ch2 Classical Encryption
40/54
%ecurity of KigenYre Ciphers
"here are multiple )ho# many>/ ciphertext letterscorresponding to each plaintext letter9
%o7 letter frequencies are obscured but not totally lost9
"o brea$ Kigenere cipher:
,9 "ry to guess the $ey length9 Ho#>
-9 f $ey length is 7 the cipher consists of Caesar ciphers9
Plaintext letters at positions $7 ($7 -($7 U($7 etc97 are
encoded by the same cipher9
U9 Attac$ each indi!idual cipher as before9
4"
7/25/2019 Ch2 Classical Encryption
41/54
Guessing the
7/25/2019 Ch2 Classical Encryption
42/54
Jotor Cipher achines
Before modern ciphers7 rotor machines #ere most commoncomplex ciphers in use9
Lidely used in LL-9
sed a series of rotating cylinders9
mplemented a polyalphabetic substitution cipher of period f the ad!ersary has a machine
f the ad!ersary doesn5t ha!e a machine
42
A i t
7/25/2019 Ch2 Classical Encryption
43/54
43
Assignment
'ecryption
7/25/2019 Ch2 Classical Encryption
44/54
"he Jotors
44
7/25/2019 Ch2 Classical Encryption
45/54
nigma Jotor achine
45
7/25/2019 Ch2 Classical Encryption
46/54
"ransposition Ciphers
Also called permutationciphers9
%huffle the plaintext7 #ithout altering the
actual letters used9 xample: Jo# "ransposition Ciphers
46
7/25/2019 Ch2 Classical Encryption
47/54
Jo# "ransposition Ciphers
Plaintext is #ritten ro# by ro# in a rectangle9
Ciphertext: #rite out the columnsin an order
specified by a $ey9
7/25/2019 Ch2 Classical Encryption
48/54
Product Ciphers
ses a sequence of substitutions andtranspositions
Harder to brea$ than ust substitutions or
transpositions "his is a bridge from classical to modern ciphers9
4
diti l & C t ti l
7/25/2019 Ch2 Classical Encryption
49/54
nconditional & Computational
%ecurity
A cipher is unconditionally secure if it issecure no matter ho# much resources)time7 space/ the attac$er has9
A cipher is computationally secure if thebest algorithm for brea$ing it #ill require somuch resources )e9g97 ,444 years/ that
practically the cryptosystem is secure9 All the ciphers #e ha!e examined are not
unconditionally secure9
4!
7/25/2019 Ch2 Classical Encryption
50/54
An unconditionally %ecure Cipher
5"
) & % (
) & % (
) & % (
Key ' "random, #
1laintext '
2ipherte
3ernams one!time pad cip
used one!time only
xt '
where
2an be proved to be unconditionally sec
her
ur .e
i i i
k k k k
m m m m
c c c c
c m k=
+
+
+
7/25/2019 Ch2 Classical Encryption
51/54
%teganography
Hide a message in another message9
9g97 hide your plaintext in a graphic image ach pixel has U bytes specifying the JGB color
"he least significant bits of pixels can bechanged #0o greatly affecting the image quality
%o can hide messages in these I%Bs
Ad!antage: hiding existence of messages
'ra#bac$: high o!erhead
51
7/25/2019 Ch2 Classical Encryption
52/54
52
"a$e a *+4x+.4 )6U473-44/ pixel image9
sing only , I%B7 can hide ,,Q7-44 characterssing + I%Bs7 can hide +*47.44 characters9
7/25/2019 Ch2 Classical Encryption
53/54
53
7/25/2019 Ch2 Classical Encryption
54/54
%ummary
Ha!e considered:
classical cipher techniques and terminology
monoalphabetic substitution ciphers
cryptanalysis using letter frequencies
Playfair cipher
polyalphabetic ciphers
transposition ciphers
product ciphers and rotor machines