Cryptography and Its Applications

Cryptography and Its ApplicationsITBP 301Fall-20151OutlineIntroduction to EncryptionSecret Key Encryption PrinciplesSecret Key Encryption AlgorithmsCipher Block Modes of OperationPublic Key Encryption

2Cryptography

3 Benefits of Cryptographic ProtocolsThe use of cryptographic protocols can help us with some of the issues in e-mail security:messages should be transmitted to destinationonly the recipient should see itonly the recipient should get itproof of the senders identitymessage should not be corrupted in transitmessage should be sent/received once onlyNotice: help, not solve.4Historical Encryption

An ancient art - update over time with newtechnologyJulius Caesar used a consistent cipher that todaybears his nameEvidence that it was used over 4000 years ago by theEgyptians.The Arabs in the 7th Century AD were the first towrite down methods of cryptanalysis

5Caesar/Shift CipherExample:K = 3 A D, B E , C F, , X A , Y B Z C

HELLO KHOOR

Click here to try the Java Applet6Caesar Cipher CryptanalysisAssume a Hacker caught this Cipher message:

GB OR BE ABG GB OR: GUNG VF GUR DHRFGVBA:JURGURE 'GVF ABOYRE VA GUR ZVAQ GB FHSSREGUR FYVATF NAQ NEEBJF BS BHGENTRBHF SBEGHAR,BE GB GNXR NEZF NTNVAFG N FRN BS GEBHOYRF,NAQ OL BCCBFVAT RAQ GURZ? GB QVR: GB FYRRC;AB ZBER; NAQ OL N FYRRC GB FNL JR RAQGUR URNEG-NPUR NAQ GUR GUBHFNAQ ANGHENY FUBPXFGUNG SYRFU VF URVE GB, 'GVF N PBAFHZZNGVBAQRIBHGYL GB OR JVFU'Q. GB QVR: GB FYRRC;GB FYRRC: CREPUNAPR GB QERNZ: NL, GURER'F GUR EHO;SBE VA GUNG FYRRC BS QRNGU JUNG QERNZF ZNL PBZR JURA JR UNIR FUHSSYRQ BSS GUVF ZBEGNY PBVY,ZHFG TVIR HF CNHFR: GURER'F GUR ERFCRPG GUNG ZNXRF PNYNZVGL BS FB YBAT YVSR;

What is the key?7Caesar Cipher Cryptanalysis GB OR BE ABG GB OR: GUNG VF GUR DHRFGVBA:JURGURE 'GVF ABOYRE VA GUR ZVAQ GB FHSSREGUR FYVATF NAQ NEEBJF BS BHGENTRBHF SBEGHAR,BE GB GNXR NEZF NTNVAFG N FRN BS GEBHOYRF,NAQ OL BCCBFVAT RAQ GURZ? GB QVR: GB FYRRC;AB ZBER; NAQ OL N FYRRC GB FNL JR RAQGUR URNEG-NPUR NAQ GUR GUBHFNAQ ANGHENY FUBPXFGUNG SYRFU VF URVE GB, 'GVF N PBAFHZZNGVBAQRIBHGYL GB OR JVFU'Q. GB QVR: GB FYRRC;GB FYRRC: CREPUNAPR GB QERNZ: NL, GURER'F GUR EHO;SBE VA GUNG FYRRC BS QRNGU JUNG QERNZF ZNL PBZR JURA JR UNIR FUHSSYRQ BSS GUVF ZBEGNY PBVY,ZHFG TVIR HF CNHFR: GURER'F GUR ERFCRPG GUNG ZNXRF PNYNZVGL BS FB YBAT YVSR;

N could be I or A key is 5 or 13Comparing Letter frequency between Cipher and English texts8Caesar Cipher Cryptanalysis

Try the shift:1, 6, 13, or 17

The common shift is 139Monoalphabetic CipherPlain: abcdefghijklmnopqrstuvwxyz Cipher Key:DKVQFIBJWPESCXHTMYAUOLRGZNEXAMPLEPlaintext: ifwewishtoreplacelettersCiphertext:WIRFRWAJUHYFTSDVFSFUUFYA

Click here to try the Java Applet10Playfair Ciphera 5X5 matrix of letters based on a keyword fill in letters of keyword (sans duplicates) fill rest of matrix with other letterseg. using the keyword CHARLES

Click here to try the Java AppletLRAHCFDBSENMKIGUTQPOZYXWV11Playfair Cipher- Cont..Plaintext is encrypted two letters at a time according to the following rules:Repeating plaintext letters that fall in the same pair are separated with a filter letter, such as x.Plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right.Plaintext letters that fall in the same column are each replaced by the letter beneathOtherwise, each plaintext letter is replaced by the letter that lies in its own row and the column occupied by the other letter plaintext letter.

Example:

Plaintext: kill Step # 1: Kill becomes kI lx lxStep # 2: KI becomes EK; lx becomes SU.Ciphertext: EKSUSU12Vigenre CipherAn improvement over the PlayfairIt is a polyalphabetic substitution cipherEffectively multiple Caesar ciphers Key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use Use each alphabet in turn Repeat from start after d letters in messageDecryption simply works in reverse13Vigenre Cipher

KEY14Vigenre Cipherwrite the plaintext out write the keyword repeated above ituse each key letter as a caesar cipher key encrypt the corresponding plaintext lettereg using keyword deceptivekey: deceptivedeceptivedeceptiveplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Click here to try the Java Applet15Vigenre Cipher Autokey CryptanalysisIdeally, we need a key as long as the messageVigenre proposed the autokey cipherExample:key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

knowing keyword can recover the first few letters

Click here to try the Java Applet16Transposition CiphersHiding the message by rearranging the letter order without altering the actual letters used

Still can be recognised since ciphertext have the same frequency distribution as the original text 17Transposition Ciphers form the second basic building block of ciphers. The core idea is to rearrange the order of basic units (letters/bytes/bits) without altering their actual values. Rail Fence cipherwrite message letters out diagonally over a number of rows then read off cipher row by roweg. write message out as:m e m a t r h t g p r y e t e f e t e o a a tgiving ciphertextMEMATRHTGPRYETEFETEOAAT18Example message is: "meet me after the toga party" with a rail fence of depth 2.

Row Transposition Ciphersa more complex schemewrite letters of message out in rows over a specified number of columnsthen reorder the columns according to some key before reading off the rows M = attackpostponeduntiltwoam

Key: 4 3 1 2 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z

C: TTNAAPTMTSUOAODWCOIXKNLYPETZ19The key is wrong in the book.Terminologies

Encryption The process of coding a message so that its meaning is concealedDecryption The process of transforming anencrypted message into the original form Often we use encode or encipher instead of encrypt, and decode or decipher instead of decryptCryptosystem A system for encryption anddecryption20Terminologies

Plaintext or Cleartext A message in its original formCiphertext A message in the encrypted formCryptography The practice (or art) of using encryption to conceal textCryptographer Invents/discovers encryption algorithms (Good Guys)Cryptanalyst Attempts to break encryption algorithms (Bad Guys)

21Encryption and Decryption

22Cryptographic Services

ConfidentialityContent cannot be revealedAuthentication Message cannot be forgedIntegrityMessage cannot be alteredNon-repudiationOnly sender could have produced the message

23Different types of Algorithms

Restricted AlgorithmThe security of a restricted algorithm requires keeping the algorithm secret.Key-Based AlgorithmThe security of key-based algorithms is based on the secrecy of the algorithm, the secrecy of the key (s), or both.

24Stream and Block Ciphers

Stream ciphers convert each symbol ofplaintext into a symbol of ciphertext

For block ciphers, break the plaintextinto strings (called blocks) of fixedlength and encrypt one block at a time

Most well-known symmetric key encryption schemes are block ciphers25Block Ciphers Sizes & key Sizes

64 bit data block sizeKey sizesData Encryption Standard DES: 56 bit keyDouble DES: 112 bit keyTriple DES 168IDEA: 128 bit keySkipjack (Clipper): 80 bitalso RC2 and Advanced Encryption Standard

26Block Size (cont.)

Variable data block sizeRC532, 64, or 128 block sizeVariable key sizeVariable number of roundsnew Advanced Encryption Standardmust support key-block combinations of 128-128,192-128, 256-128 (may support other ones)

27Cryptosystems

28Secret Key Cryptosystem

29Notation

C = E(K,M)M = D(K,C)

K: KeyE: Encryption AlgorithmD: Decryption AlgorithmM: Plaintext MessageC: Ciphertext Message

30Cryptanalysis

Cryptanalyst is assumed to know E and DObjective of the cryptanalyst is to discover the secret key K(The real objective might be to discover the plaintext message M, but this is generally assumed to be equivalent to discovering K)

31Secret Key

Confidentiality depends only on the secrecy of the keySecret key systems do not scale well:With N parties, it is necessary to generate and distribute N*(N-1)/2 keysLong-term keysProlonged use increases the exposureSession keysShort-term keys communicated using the long-term key

32Cryptanalysis Attacks

Ciphertext OnlyCryptanalyst only knows ciphertextKnown PlaintextCryptanalyst knows some plaintext-ciphertext pairsChosen PlaintextCryptanalyst knows some plaintext-ciphertext pairs for plaintext of the cryptanalyst's choiceChosen CiphertextCryptanalyst knows some plaintext-ciphertext pairs for ciphertext of the cryptanalyst's choice

33Basic Encryption Techniques

Substitution Permutation (or transposition) Product Cipher: Combinations and iterations of these

34SIMPLE ALIPHABETIC SUBSTITUTIONExample Key:Plaintext ABCDEFGHIJKLMNOPQRSTUVWXYZCiphertext PZQSGIMBWXDFKJVCHAOLUTERYNTrivially broken for known plaintext attackEasily broken for ciphertext only attack (or natural language plaintext)Multiple encipherment does not help (No point in doing two substitutions in sequence)35SIMPLE PERMUTATIONExample key:Plaintext 1234Ciphertext 4312Easily broken for ciphertext only attack (or natural language plaintext)Multiple encipherment does not help (No point in doing two substitutions in sequence)

36PRODUCT CIPHERSubstitution followed by permutation followed by substitution.Best known example is DESFor known plaintext/chosen plaintext/chosen ciphertext breakable by exhaustive search of key spaceTherefore security is based on computational complexity37Average time required for exhaustive key search Key Size (bits)Number of Alternative KeysTime required at 106 Decryption/s32232 = 4.3 x 1092.15 milliseconds56256 = 7.2 x 101610 hours1282128 = 3.4 x 10385.4 x 1018 years1682168 = 3.7 x 10505.9 x 1030 years38PERFECT SECRECYVERNAM ONE-TIME PADEach component of the encrypting key is XORed with the each bit of the plaintextExample: Keystream bits 10110110 Plaintext bits 11000011 Ciphertext bits 01110101Is the ultimate cipher but is impractical for most situationsYou need as many bits in the key as in the message39PERFECT SECRECYVERNAM ONE-TIME PADKey cannot be reusedKnown plaintext reveals the portion of the key that has been used, but does not reveal anything about the future bits of the key40Secret-Key Cryptographic AlgorithmsData Encryption Standard (DES)The most widely used encryption schemeThe algorithm is reffered to the Data Encryption Algorithm (DEA)DES is a block cipherThe plaintext is processed in 64-bit blocksThe key is 56-bits in length

41DES Overview

42Data Encryption Standard (DES)Has stood up remarkably well against 15 year of public cryptanalysisAdopted as ANSI DEA (Data Encryption Algorithm)Considered by IOS as a standard but abandoned due to concern that it may become too widespread and becomes a target43DES ControversiesMajor weakness is the key size of 56 bit ( it has been broken)In 1997 researchers using over 3500 machines in parallel were able to infer a DES key in four months workIn 1998 researchers built a special DES cracker machine for approximately $100,000 that could find a DES key in approx. four days.Does this mean the DES is insecure? No, not yet!The 1997 attack required a great deal of corporationThe 1998 machine is still rather expensive.

44Triple DESUse three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)

C = ciphertextP = PlaintextEK[X] = encryption of X using key KDK[Y] = decryption of Y using key KEffective key length of 168 bits

C = EK3[DK2[EK1[P]]]45

Triple DES46Private-Key Cryptography (summary)traditional private/secret/single key cryptography uses one key shared by both sender and receiver Secret key systems do not scale well:With N parties, it is necessary to generate and distribute N*(N-1)/2 keysif this key is disclosed communications are compromised also is symmetric, parties are equal hence does not protect sender from receiver forging a message & claiming is sent by sender 47So far all the cryptosystems discussed have been private/secret/single key (symmetric) systems. All classical, and modern block and stream ciphers are of this form. Public-Key Cryptographyprobably most significant advance in the 3000 year history of cryptography Each user has two keys a public & a private keyThe user may publish the public key freely because each key does only half of the encryption and decryption processThe keys operate as inverses, meaning that one key undoes the encryption provided by the other key

complements rather than replaces private key crypto

48Will now discuss the radically different public key systems, in which two keys are used. Anyone knowing the public key can encrypt messages or verify signatures, but cannot decrypt messages or create signatures, counter-intuitive though this may seem. It works by the clever use of number theory problems that are easy one way but hard the other. Note that public key schemes are neither more secure than private key (security depends on the key size for both), nor do they replace private key schemes (they are too slow to do so), rather they complement them. Public-Key Cryptographyasymmetric because parties are not equalCryptography involves the use of two keys: a public-key (may be known by anybody), can be used to encrypt messages, and verify signatures. a private-key (known only to the recipient), can be used to decrypt messages, and sign (create) signatures.How it works?EncryptionAuthenticationboth 49Encryption using Public-Key system

50Authentication using Public-Key System

51Why Public-Key Cryptography?developed to address two key issues:key distribution how to have secure communications in general without having to trust a KDC with your keydigital signatures how to verify a message comes intact from the claimed senderpublic invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in 1976known earlier in classified community52The idea of public key schemes, and the first practical scheme, which was for key distribution only, was published in 1977 by Diffie & Hellman. The concept had been previously described in a classified report in 1970 by James Ellis (UK CESG) - and subsequently declassified in 1987. See History of Non-secret Encryption (at CESG). Its interesting to note that they discovered RSA first, then Diffie-Hellman, opposite to the order of public discovery! Public-Key CharacteristicsPublic-Key algorithms rely on two keys with the characteristics that it is:computationally infeasible to find decryption key knowing only algorithm & encryption keycomputationally easy to en/decrypt messages when the relevant (en/decrypt) key is knowneither of the two related keys can be used for encryption, with the other used for decryption (in some schemes)

53Public key schemes utilise problems that are easy (P type) one way but hard (NP type) the other way, eg exponentiation vs logs, multiplication vs factoring. Consider the following analogy using padlocked boxes: traditional schemes involve the sender putting a message in a box and locking it, sending that to the receiver, and somehow securely also sending them the key to unlock the box. The radical advance in public key schemes was to turn this around, the receiver sends an unlocked box to the sender, who puts the message in the box and locks it (easy - and having locked it cannot get at the message), and sends the locked box to the receiver who can unlock it (also easy), having the key. An attacker would have to pick the lock on the box (hard). Public-Key Cryptosystems

54Stallings Fig 9.4

Here see various components of public-key schemes used for both secrecy and authentication. Note that separate key pairs are used for each of these receiver owns and creates secrecy keys, sender owns and creates authentication keys.Public-Key Applicationscan classify uses into 3 categories:encryption/decryption (provide secrecy)digital signatures (provide authentication)key exchange (of session keys)some algorithms are suitable for all uses, others are specific to one55Security of Public Key Schemeslike private key schemes brute force exhaustive search attack is always theoretically possible but keys used are too large (>512bits) security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalyst) problemsmore generally the hard problem is known, its just made too hard to do in practise requires the use of very large numbershence is slow compared to private key schemes 56Public key schemes are no more or less secure than private key schemes - in both cases the size of the key determines the security. Note also that you can't compare key sizes - a 64-bit private key scheme has very roughly similar security to a 512-bit RSA - both could be broken given sufficient resources. But with public key schemes at least there's usually a firmer theoretical basis for determining the security since its based on well-known and well studied number theory problems.Public-Key Cryptographic AlgorithmsRSA and Diffie-Hellman RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977.RSA is a block cipherThe most widely implementedDiffie-Hellman Exchange a secret key securelyCompute discrete logarithms57RSA useRSA algorithm is for key generation (find public and private keys) Public Key KU={e,n} Private key KR={d,n}to encrypt a message M, the sender:obtains public key of recipient KU={e,N} computes: C=Me mod N, where 0M