View
214
Download
0
Tags:
Embed Size (px)
Citation preview
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 11
FNNC LNQMHMF !
FNNC LNQMHMF !Sghr kdbstqd hr
zants dmbqxoshnm
Sghr kdbstqd hr zants
dmbqxoshnm
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 22
The Caesar Cipher (Suetonius)
The Caesar Cipher (Suetonius)“If Caesar had anything
confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.”
“If Caesar had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.”
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 33
Caesar cipherCaesar cipher
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S R U V W X Y Z A B C
Replace each letter by the letter that comes some fixed distance before or after it in the alphabet.
Replace each letter by the letter that comes some fixed distance before or after it in the alphabet.
Shift = 3
Gallia est omnis divisa in partes tres
JDOOLD HVW RPQLV GLYLVD LQ SDUWHV WUHV
encryptiondecryption
Cryptography and National Security
February 22, 2011February 22, 2011 44Harvard BitsHarvard Bits
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 55
Unless the issue of encryption is resolved soon, criminal conversations over the telephone … will become indecipherable by law enforcement. This, as much as any issue, jeopardizes the public safety and national security of this country.
FBI Director Louis Freeh, March 30, 1995
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 66
The Stakes Rise After 9/11
The Stakes Rise After 9/11
Sept. 13, 2001: Sen. Judd Gregg (NH) calls for encryption regulations, saying encryption makers should be required to include decryption methods for government agents.
US market force would be used to constrain foreign makers of encryption products
Sept. 13, 2001: Sen. Judd Gregg (NH) calls for encryption regulations, saying encryption makers should be required to include decryption methods for government agents.
US market force would be used to constrain foreign makers of encryption products
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 77
A month later, encryption is OK!
A month later, encryption is OK!
October 24, 2001: USA PATRIOT Act passes
Vastly enhanced authorization for government surveillance in the interest of national security
Not one word about encryption!Why did US Congress drop its
efforts to control encryption, barely a month after the attack on the US?
October 24, 2001: USA PATRIOT Act passes
Vastly enhanced authorization for government surveillance in the interest of national security
Not one word about encryption!Why did US Congress drop its
efforts to control encryption, barely a month after the attack on the US?
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 88
Electronic Commerce!Electronic Commerce!
Treatise on the Astrolabe, 1391 (once attributed to Chaucer)February 22, 2011February 22, 2011 99Harvard BitsHarvard Bits
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 1010
Letter Frequencies Letter Frequencies
Source: Wikipedia
February 22, 2011February 22, 2011 1111Harvard BitsHarvard Bits
February 22, 2011February 22, 2011 1212Harvard BitsHarvard Bits
ee
ee
e
e
e
e
e
ee
e
February 22, 2011February 22, 2011 1313Harvard BitsHarvard Bits
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
e t
February 22, 2011February 22, 2011 1414Harvard BitsHarvard Bits
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
te
h
h
h
h
h
February 22, 2011February 22, 2011 1515Harvard BitsHarvard Bits
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
te
h
h
h
h
h
oo
o
o
oo
o
o
February 22, 2011February 22, 2011 1616Harvard BitsHarvard Bits
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
te
h
h
h
h
h
oo
o
o
oo
o
o
isi
i
i
i
s
si
February 22, 2011February 22, 2011 1717Harvard BitsHarvard Bits
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
t
h
eh
h
h
h
oo
o
o
oo
o
o
isi
i
i
i
s
si
r
r
r
r
February 22, 2011February 22, 2011 1818Harvard BitsHarvard Bits
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
t
h
eh
h
h
oo
o
o
oo
o
o
isi
i
i
i
s
si
r
r
r
r
h
f aa b
a b
l
l
f
v
nn
nn
n
fc
uq
d
m
February 22, 2011February 22, 2011 1919Harvard BitsHarvard Bits
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2020
Substitution cipherSubstitution cipher
Replace each character of the message by another character
In generalOriginal message is called the plaintextEncrypted result is called the ciphertext
Substitution ciphers easily cracked by frequency analysis
Replace each character of the message by another character
In generalOriginal message is called the plaintextEncrypted result is called the ciphertext
Substitution ciphers easily cracked by frequency analysis
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2121
CryptosystemsCryptosystems
ATTACKER
key
encrypt plaintext message
retreat at dawn
key
decrypt
ciphertext
plaintext message
retreat at dawn
SENDERciphertext
sb%6x*cmf
RECEIVER
Alice Bob
Eve
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2222
Yaqub Ibn Ishaq al-Kindi (801-873)
Cracking ciphersCracking ciphers
Frequency analysis has been known since the 9th century.
Al Kindi’s Manuscript on Deciphering Cryptographic Messages
Frequency analysis has been known since the 9th century.
Al Kindi’s Manuscript on Deciphering Cryptographic Messages
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2323
Mary Stuart, 1587Mary Stuart, 1587
Russian monoalphabetic substitution key, recovered by England’s Decyphering Branch, 1728
From David Kahn, The Codebreakers
Russian monoalphabetic substitution key, recovered by England’s Decyphering Branch, 1728
From David Kahn, The Codebreakers
February 22, 2011February 22, 2011 2424Harvard BitsHarvard Bits
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2525
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2626
“If Caesar had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.”
“If Caesar had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.”
“The so-called Binnu code assigns a number in order to each letter in the Italian alphabet and adds three to that number in the ciphertext so that "A" is 4, "B" is 5 and so on.” -- The Register
“The so-called Binnu code assigns a number in order to each letter in the Italian alphabet and adds three to that number in the ciphertext so that "A" is 4, "B" is 5 and so on.” -- The Register
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2727
The Koan of the YogiThe Koan of the Yogi
“In theory there is no difference between theory and practice. In practice, there is.”
“In theory there is no difference between theory and practice. In practice, there is.”
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2828
Cryptologic lessonsCryptologic lessons
Breakthroughs can render previously reliable cryptographic methods insecure
News of cryptanalytic breakthroughs travels slowly
Making strong encryption systems available does not guarantee they will be used
Breakthroughs can render previously reliable cryptographic methods insecure
News of cryptanalytic breakthroughs travels slowly
Making strong encryption systems available does not guarantee they will be used
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 2929
Vigenère EncryptionVigenère Encryption Use several
Caesar substitutions and cycle through them
Sequence of substitutions determined by a secret key
Use several Caesar substitutions and cycle through them
Sequence of substitutions determined by a secret key
Blaise de Vigenere (1523-1596)
a b c d e f g h i j k l m n o p q r s t u v w x y z
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Fight fiercely, Harvard! Fight! Fight! Fight!
H JQRR ZPRU NOEJ GQXK LTVM IBWL YVGXWTNU NZ
February 22, 2011February 22, 2011
3030Harvard BitsHarvard Bits
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3131
An Actual Vigenère Cipher Used for corresponsence between a businessman and a lawyer ca. 1900
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3232
Breaking Vigenère – (1)Breaking Vigenère – (1)
If the key has length K, then the ciphertext letters K positions apart are specified by the same character in the key …
And thus is the result of a simple substitution And thus can be attacked by frequency
analysis Example: Suppose the key length is three:
If the key has length K, then the ciphertext letters K positions apart are specified by the same character in the key …
And thus is the result of a simple substitution And thus can be attacked by frequency
analysis Example: Suppose the key length is three:
DJBK FJWO VJSW FKDS GFJD RKEM CNEJ JKSJ FKDJ SJSS
So the decryption reduces to doing frequency analysis K times – provided we know K
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3333
Breaking Vigenère – (2)Breaking Vigenère – (2)
To find the length of the key: Try different values for K, looking at every Kth
letter of the ciphertext, and pick the one for which the frequency distribution looks like the frequency distribution for English.
Clever methods to do this by hand: Babbage, Kasiski: counting double letters
(1850s, 1860s) Friedman: Index of Coincidence (1920s)
With computers, we don’t need to be clever: Can do brute-force statistics (let’s try it)
To find the length of the key: Try different values for K, looking at every Kth
letter of the ciphertext, and pick the one for which the frequency distribution looks like the frequency distribution for English.
Clever methods to do this by hand: Babbage, Kasiski: counting double letters
(1850s, 1860s) Friedman: Index of Coincidence (1920s)
With computers, we don’t need to be clever: Can do brute-force statistics (let’s try it)
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3434
Theory vs.
Practice
1917
Theory vs.
Practice
1917
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3535
One-Time Pad: Key as long as plaintext
One-Time Pad: Key as long as plaintext
The Only Provably Secure CryptosystemNo patterns, so nothing to analyzeBut getting the keys from Alice to Bob
securely is just as hard as getting an unencrypted message!
Unsuitable for e-commerce“Meet” Amazon to get a key?
The Only Provably Secure CryptosystemNo patterns, so nothing to analyzeBut getting the keys from Alice to Bob
securely is just as hard as getting an unencrypted message!
Unsuitable for e-commerce“Meet” Amazon to get a key?
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3636
Beware Security Through Obscurity
Beware Security Through Obscurity
Kerckhoffs’ Principle (1883): “The system must not require secrecy, and it
could fall into the hands of the enemy without causing trouble. If a system requiring secrecy were to find itself in the hands of too many individuals, it could be compromised upon each engagement in which any of them take part.”
Still regularly violated by Internet security start-ups and their credulous investors
Kerckhoffs’ Principle (1883): “The system must not require secrecy, and it
could fall into the hands of the enemy without causing trouble. If a system requiring secrecy were to find itself in the hands of too many individuals, it could be compromised upon each engagement in which any of them take part.”
Still regularly violated by Internet security start-ups and their credulous investors
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3737
DES: The Data Encryption Standard
DES: The Data Encryption Standard
A 1976 public standard 56 bit keyLong enough in 1976With today’s more powerful computers
a brute force search through possible keys takes only a day
Superceded by Advanced Encryption Standard or “AES”: 128, 192, or 256 bit key
AES not cracked as far as we know
A 1976 public standard 56 bit keyLong enough in 1976With today’s more powerful computers
a brute force search through possible keys takes only a day
Superceded by Advanced Encryption Standard or “AES”: 128, 192, or 256 bit key
AES not cracked as far as we know
February 22, 2011February 22, 2011 Harvard BitsHarvard Bits 3838
But the Big Problem Remains:
But the Big Problem Remains:
How to Get the Key securely from Alice to Bob?
How to Get the Key securely from Alice to Bob?
??
To be continued …