1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.
-
Upload
elisabeth-oliver -
Category
Documents
-
view
219 -
download
0
Transcript of 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.
![Page 1: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/1.jpg)
1
ISA 562 Information Security Theory &
Practice
CryptographyCryptographyChapter 9 of Bishop’s Book
![Page 3: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/3.jpg)
3
Cryptography Cryptology means hidden writing Comes from the Greek words
(hidden or secret) and (writing) A mechanism for
Confidentiality Integrity (authentication, non-repudiation)
In the face of passive, and active attacks
![Page 4: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/4.jpg)
4
Terminology Encryption: the process of coding a message to conceal its
meaning Decryption: The process of transforming an encrypted message
into the original form Often we use encode or encipher instead of encrypt, and decode or
decipher instead of decrypt Plaintext or Cleartext: A message in its original form Ciphertext: A message in the encrypted form
Cryptography: The practice (or art) of using encryption to conceal text
Cryptosystem: A system for encryption and decryption
Cryptographer: Invents encryption algorithms (“Good Guys”) Cryptanalyst: Attempts to break encryption algorithms (“Bad
Guys”)
![Page 5: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/5.jpg)
5
Cryptosystems
SECRET KEY
Symmetric Key
Single Key
Conventional
PUBLIC KEY
Asymmetric Key
Two Keys
![Page 6: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/6.jpg)
6
Secret Key Cryptosystem
EncryptionAlgorithm
DecryptionAlgorithm
Plain-text
Plain-textCiphertext
INSECURE CHANNEL
K KSecret Keyshared byA and B
SECURE CHANNEL
AA BB
![Page 7: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/7.jpg)
7
Public Key Cryptosystem
B's Public Key B's Private Key
RELIABLE CHANNEL
EncryptionAlgorithm
DecryptionAlgorithm
Plain-text
Plain-textCiphertext
INSECURE CHANNEL
AA BB
B's Public Key
![Page 8: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/8.jpg)
8
Notation for a Cryptosystem Quintuple (E, D, M, K, C)
M set of plaintexts K set of keys C set of ciphertexts E set of encryption functions e: M K C
c = e(k,m) D set of decryption functions d: C K M
m = d(k’,c)
Is k=k’? Who keeps k and k’?
![Page 9: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/9.jpg)
9
Example Example: Caesar cipher
M = { all sequences of letters } K = { i | i is an integer and 0 ≤ i ≤ 25 } E = { Ek | k K, where Ek(m) = (m + k) mod
26 for any letter m} E0 (a) = a, E2 (b) = ?, E2 (y) = ?
D = { Dk | k K, where Dk(c) = (26 + c – k) mod 26 for any letter c}
D0 (a) = a, D2 (b) = ?, D2 (y) = ?
C = M
a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
m ck
![Page 10: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/10.jpg)
10
Cryptanalysis Adversary ’s goal is to break the
cryptosystem Knows e and d but not k
Knows how the lock works, but don’t’ know the combination
Break the cryptosystem = get the key Real objective might be to discover the
plaintext message, but this is generally assumed to be equivalent to discovering the key
Unlock the cabinet (and use the remote control)
![Page 11: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/11.jpg)
11
Cryptanalysis (Cont’d) Types of attacks:
ciphertext only: adversary has only ciphertext The enemy intercepted encrypted messages
known plaintext: adversary has some plaintext-ciphertext pairs
The enemy later learned the content of those messages chosen plaintext: adversary has plaintext-
ciphertext pairs for plaintext of the cryptanalyst's choice
A spy submit fake messages for encryption chosen ciphertext: adversary has plaintext-
ciphertext pairs for ciphertext of the cryptanalyst's choice
A spy submit fake encrypted messages for decryption
![Page 12: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/12.jpg)
12
Basis for Attacks Mathematical attacks
Based on analysis of underlying mathematics Statistical attacks
Natural language contains particular distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. , in a natural language
Called models of the language In English, ‘e’ appears the most frequently (65 times
more frequently than the least frequent ‘z’ and ‘q’) In this handout: ‘e’ 1769, ‘z’ 27, ‘q’ 68
Encryption may not fully destroy the distribution, so observe the ciphertext for related properties
![Page 14: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/14.jpg)
14
Secret Key Cryptography Sender, receiver share common key
Keys may be the same, or trivial to derive from one another
Also called symmetric key cryptography Two basic types
Transposition ciphers Substitution ciphers Combinations are called product ciphers
![Page 15: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/15.jpg)
15
Transposition Cipher Rearrange letters in plaintext to produce
ciphertext Example (Rail-Fence Cipher)
Plaintext is HELLO WORLD Rearrange as HLOOL ELWRD Ciphertext is HLOOL ELWRD
Permutation Does not alter frequency of single characters Called a 1-gram
![Page 16: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/16.jpg)
16
Attacking the Transposition Cipher
Anagramming If 1-grams of ciphertext match English
frequencies, but other n-grams (that is, frequency of n-tuple of characters) do not, probably transposition
Rearrange letters to form n-grams with highest frequencies
HELLO WORLD
HLOOL
ELWRD
HLOOL ELWRD
Permutations do not change frequency of single characters, but do change frequency of pairs of characters
![Page 17: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/17.jpg)
17
Example Ciphertext: HLOOLELWRD In English, frequencies of 2-grams starting
w/ H HE 0.0305 the winner! HO 0.0043 HL, HW, HR, HD < 0.0010
Frequencies of 2-grams ending in H WH 0.0026 EH, LH, OH, RH, DH ≤ 0.0002
Implies E follows H
![Page 18: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/18.jpg)
18
Example Arrange so the H and E are adjacent
HE
LL
OW
OR
LD Read off across, then down, to get original
plaintext
HLOOL ELWRD
![Page 20: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/20.jpg)
20
Substitution Ciphers - Caesar cipher
Change characters in plaintext to produce ciphertext
Example (Caesar cipher) Plaintext is HELLO WORLD Change each letter to the third letter following
it (X goes to A, Y to B, Z to C) Key is 3, usually written as letter ‘D’
Ciphertext is KHOOR ZRUOG
a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
HELLO WORLDKHOOR ZRUOG
![Page 21: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/21.jpg)
21
Attacking the Caesar Cipher Exhaustive search
If the key space is small enough, try all possible keys until you find the right one
Caesar cipher has 26 possible keys Statistical analysis
The right key should let decrypted message match the 1-gram model of English
![Page 22: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/22.jpg)
22
Statistical Attack on Caesar Cipher
1-grams of the ciphertext KHOOR ZRUOGg 0.1 h 0.1 k 0.1 o 0.3
r 0.2 u 0.1 z 0.1 1-grams of English p:
Question: how to choose the right key such that the two 1-grams match the best?
a 0.080 h 0.060 n 0.070 t 0.090b 0.015 i 0.065 o 0.080 u 0.030c 0.030 j 0.005 p 0.020 v 0.010d 0.040 k 0.005 q 0.002 w 0.015e 0.130 l 0.035 r 0.065 x 0.005f 0.020 m 0.030 s 0.060 y 0.020g 0.015 z 0.002
![Page 23: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/23.jpg)
23
Correlation of Frequency ‘Match the best’ means… The right key 0i 25 should maximize
(i) = 0.1• p (6 – i) + 0.1 • p (7 – i) + 0.1 • p (10 – i) + 0.3 • p (14 – i) + 0.2 • p (17 – i) + 0.1 • p (20 – i) + 0.1 • p (25 – i)
0.3 • p ( 14 – i )
a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
frequency of ‘o’ in ciphertext
frequency of decrypted ‘o’ in english
(k) is maximum iff the two sides match (having similar relative percentage)
![Page 24: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/24.jpg)
24
(i) for 0 ≤ i ≤ 25i (i) i (i) i (i) i (i)
0 0.0482 7 0.0442 13 0.0520 19 0.03151 0.0364 8 0.0202 14 0.0535 20 0.03022 0.0410 9 0.0267 15 0.0226 21 0.05173 0.0575 10 0.0635 16 0.0322 22 0.03804 0.0252 11 0.0262 17 0.0392 23 0.03705 0.0190 12 0.0325 18 0.0299 24 0.03166 0.0660 25 0.0430
![Page 25: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/25.jpg)
25
Who is the Winner? Most probable keys, based on :
i = 6, (i) = 0.0660 plaintext EBIIL TLOLA
i = 10, (i) = 0.0635 plaintext AXEEH PHKEW
i = 3, (i) = 0.0575 plaintext HELLO WORLD
i = 14, (i) = 0.0535 plaintext WTAAD LDGAS
Only English phrase is for i = 3 That’s the key Why ranked #3?
![Page 27: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/27.jpg)
27
Caesar Cipher’s Problem Key is too short
Can be found by exhaustive search (13 tries) Statistical frequencies not concealed well
1-grams are not changed (only shifted)
So make key longer Use a sequence as key: k1 k2 k3… kn(key space 26n)
Conceal statistical frequencies through diffusion Use ki to encrypt the ith letter of plaintext Statistical patterns average out
![Page 28: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/28.jpg)
28
Vigenère Cipher Example
Message THE BOY HAS THE BALL Key VIG repeating
Period of the key is 3 Encipher using Caesar cipher for each letter:
key VIGVIGVIGVIGVIGV
plain THEBOYHASTHEBALL
Cipher OPKWWECIYOPKWIRG
![Page 29: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/29.jpg)
29
Relevant Parts of Tableau
G I VA G I VB H J WE L M ZH N P CL R T GO U W JS Y A NT Z B OY E H T
Tableau shown has relevant rows, columns only (full version: Figure 9-3 in textbook)
a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
plaintext
key
key VIGVIGVIGVIGVIGV
plain THEBOYHASTHEBALL
Cipher OPKWWECIYOPKWIRG
![Page 30: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/30.jpg)
30
Attacking the Cipher Approach
Establish period; call it n Break message into n parts, each part being
enciphered using the same key letter Solve each part
We will show each step
key VIGVIGVIGVIGVIGV
plain THEBOYHASTHEBALL
Cipher OPKWWECIYOPKWIRG
![Page 31: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/31.jpg)
31
The Target Cipher We want to break this cipher:
ADQYS MIUSB OXKKT MIBHK IZOOO
EQOOG IFBAG KAUMF VVTAA CIDTW
MOCIO EQOOG BMBFV ZGGWP CIEKQ
HSNEW VECNE DLAAV RWKXS VNSVP
HCEUT QOIOF MEGJS WTPCH AJMOC
HIUIX
![Page 32: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/32.jpg)
32
First Tool: Kaskski’s Method Kaskski: if characters of the key appear
over the same characters in the plaintext, repetitions in the ciphertext will occur
key VIGVIGVIGVIGVIGVplain THEBOYHASTHEBALL
cipher OPKWWECIYOPKWIRG Distance between repetitions is 9, so the
period must be a factor of 9 (that is, 1, 3, or 9) Will the ciphertext contain the same repetition
in the following two cases?
key VIGVIGVIGVIGVIGVI
plain THEBOOYHASTHEBALL
key VIGJVIGJVIGJVIGJ
plain THEBOYHASTHEBALL
![Page 33: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/33.jpg)
33
Repetitions in ExampleLetters Star
tEnd Distan
cePrime Factors
MI 5 15 10 2, 5
OO 22 27 5 5
OEQOOG 24 54 30 2, 3, 5
FV 39 63 24 2, 2, 2, 3
AA 43 87 44 2, 2, 11
MOC 50 122 72 2, 2, 2, 3, 3
QO 56 105 49 7, 7
PC 69 117 48 2, 2, 2, 2, 3
NE 77 83 6 2, 3
SV 94 97 3 3
CH 118 124 6 2, 3
![Page 34: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/34.jpg)
34
Estimate of Period The longest repetition OEQOOG is
probably not a coincidence Distance is 30
The second longest is MOC Distance is 72
GCD of 30 and 72 is 6 Others
(7/10) have 2 in their factors (6/10) have 3 in their factors
6 is a probable period
![Page 35: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/35.jpg)
35
Second Tool: Index of Coincidence
Index of coincidence (IC) The probability that any two randomly chosen
letters from ciphertext are the same A measure of variation in frequencies of letters
IC of aaaaaaaabc (> or <) IC of aabcdefghi ? This variation depends on the period of key
Longer key tends to average out statistical patterns that exist in English (and thus in plaintext)
Known result of period - IC1 - 0.066 3 - 0.047 5 - 0.0442 - 0.052 4 - 0.045 10 - 0.041 larger-
0.038
![Page 36: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/36.jpg)
36
Compute IC of Our Ciphertext
IC = 0≤i≤25 (Fi (Fi – 1))
(n (n – 1)) where n is length of ciphertext and Fi the
number of times character i occurs in ciphertext
aaaaa aaabb Here, IC = 0.043
Indicates a period of slightly more than 5 Agrees with the previous estimate 6 Step 1 done; now we have the key period
![Page 37: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/37.jpg)
37
Splitting Into Alphabetsalphabet 1: AIKHOIATTOBGEEERNEOSAI IC 0.069
alphabet 2: DUKKEFUAWEMGKWDWSUFWJU IC 0.078
alphabet 3: QSTIQBMAMQBWQVLKVTMTMI IC 0.078
alphabet 4: YBMZOAFCOOFPHEAXPQEPOX IC 0.056
alphabet 5: SOIOOGVICOVCSVASHOGCC IC 0.124
alphabet 6: MXBOGKVDIGZINNVVCIJHH IC 0.043 1,2,3,5 indicate period 1 4 and 6 don’t (well, statistics) Step 2 done; now we are dealing with 6 Caesar
ciphers! ADQYS MIUSB OXKKT MIBHK IZOOO
EQOOG IFBAG KAUMF VVTAA CIDTW
MOCIO EQOOG BMBFV ZGGWP CIEKQ
HSNEW VECNE DLAAV RWKXS VNSVP
HCEUT QOIOF MEGJS WTPCH AJMOC
HIUIX
![Page 38: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/38.jpg)
38
Frequency Examination
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1 31004011301001300112000000
2 10022210013010000010404000
3 12000000201140004013021000
4 21102201000010431000000211
5 10500021200000500030020000
6 01110022311012100000030101 Letter frequencies in English
HMMMHMMHHMMMMHHMLHHHMLLLLL
#1 matches – the key is a
(H high, M medium, L low)
![Page 39: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/39.jpg)
39
Begin Decryption #3 matches if I shifted to A #6 matches if V shifted to A Substitute into ciphertext (bold are
substitutions)ADIYS RIUKB OCKKL MIGHK AZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKI HSSEW NECSE DDAAA RWCXS ANSNP HHEUL QONOF EEGOS WLPCM AJEOC MIUAX
![Page 40: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/40.jpg)
40
Look For Clues AJE in last line suggests “are”, meaning
#2 key is s :ALIYS RICKB OCKSL MIGHS AZOTO
MIOOL INTAG PACEF VATIS CIITE
EOCNO MIOOL BUTFV EGOOP CNESI
HSSEE NECSE LDAAA RECXS ANANP
HHECL QONON EEGOS ELPCM AREOC
MICAX
a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
![Page 41: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/41.jpg)
41
Next Alphabet MICAX in last line suggests “mical” (a
common ending for an adjective), meaning #2 key is O :ALIMS RICKP OCKSL AIGHS ANOTO MICOL INTOG PACET VATIS QIITE ECCNO MICOL BUTTV EGOOD CNESI VSSEE NSCSE LDOAA RECLS ANAND HHECL EONON ESGOS ELDCM ARECC MICAL
a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
![Page 42: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/42.jpg)
42
Got It! QI means that U maps into I, as Q is
always followed by U:ALIME RICKP ACKSL AUGHS ANATO MICAL INTOS PACET HATIS QUITE ECONO MICAL BUTTH EGOOD ONESI VESEE NSOSE LDOMA RECLE ANAND THECL EANON ESSOS ELDOM ARECO MICAL
A LIMERICK PACKS LAUGHS ANATOMICAL INTO SPACE THAT IS QUITE ECONOMICAL BUT THE GOOD ONES IVE SEEN SO SELDOM ARE CLEAN AND THE CLEAN ONES SO SELDOM ARE COMICAL
![Page 43: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/43.jpg)
43
One-Time Pad A Vigenère cipher with a random key at least
as long as the message Perfectly secure (textbook 32.3.3) Why? Look at ciphertext DXQR. Equally likely to
correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters
Impractical Remember the key must be transmitted via a secure
channel
![Page 44: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/44.jpg)
44
Key Points Two basic types of ciphers
Transposition ciphers and substitution ciphers Product ciphers combine them
Caesar cipher uses one key Vigenère cipher uses a sequence of keys Cryptanalysis
Exhaustive search Statistical analysis
![Page 47: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/47.jpg)
47
Naive Use of Cipher Just encrypt each message (if message is
too long, divide it into blocks and encrypt each block) and transmit the ciphertext’
What can go wrong?
![Page 48: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/48.jpg)
48
Attack #1: Forward Search Set of all possible messages is small
{buy, sell} Public key cryptosystem used
Encryption key is public Idea: precompute all (message, ciphertext) pairs
(buy, cbuy ), (sell, csell)
When ciphertext csell is intercepted, the adversary knows the message is sell even without decryption
Digitized sound Seems like far too many possible plaintexts (232)
Redundancy in human speech reduces this to 100,000 (≈ 217) This is small enough to worry about
![Page 49: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/49.jpg)
49
Attack #2: Misordered Blocks Alice sends Bob message
Message LIVE is too long to be encrypted, so divide into blocks and encrypt each letter
Plaintext 11 08 21 04 and Ciphertext is 44 57 21 16
A man-in-the-middle Eve intercepts the ciphertext Rearranges blocks to be 16 21 57 44
Bob gets modified ciphertext and deciphers it He sees EVIL
![Page 50: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/50.jpg)
50
Attack #3: Statistical Regularities
Encrypting repeated plaintext with the same key produces the same ciphertext
Recall the Kasiski method
![Page 52: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/52.jpg)
52
Stream Cipher vs Block Cipher E encipherment function
Ek(b) encipherment of message b with key k In what follows, m = b1b2 …, each bi of fixed
length Block cipher
Ek(m) = Ek(b1)Ek(b2) …
Stream cipher k = k1k2 … Ek(m) = Ek1(b1)Ek2(b2) … If k1k2 … repeats itself, cipher is periodic For example, Vigenère cipher
![Page 54: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/54.jpg)
54
Block Ciphers Encipher, decipher a block (multiple bits) at
once ECB (electronic code book): each block is
enciphered independently Problem: identical plaintext blocks produce
identical ciphertext blocks Example: two database records
MEMBER: HOLLY INCOME $100,000 MEMBER: HEIDI INCOME $100,000
Encipherment: ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN
![Page 55: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/55.jpg)
55
Solutions Insert information about block’s position
into the plaintext block, then encipher Cipher block chaining (CBC):
Exclusive-or current plaintext block with previous ciphertext block:
c0 = Ek(m0 I) ci = Ek(mi ci–1) for i > 0
where I is the initialization vector
![Page 56: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/56.jpg)
56
Cipher Block Chaining
E
current plaintext block
keyD
key
+
+
previous ciphertext block
previousciphertext block
current plaintext block
![Page 57: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/57.jpg)
57
Multiple Encryption Double encipherment: c = Ek (Ek(m))
Expected key length is 2n, if k, k are length n Problem: known plaintext attack needs 2n+1
encryptions, not 22n encryptions; so effective key length is only n+1
Triple encipherment: EDE mode: c = Ek (Dk (Ek (m))
Chosen plaintext attack takes O(2n) time using 2n ciphertexts
Triple encryption mode: c = Ek (Ek (Ek (m)) Best attack requires O(22n) time, O(2n) memory
![Page 58: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/58.jpg)
58
Overview Background Secret Key Cryptography
Caesar cipher Vigenère cipher DES
![Page 59: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/59.jpg)
59
Overview of the DES A product cipher
Both substitution and transposition on the bits A block cipher:
encrypts plaintext blocks of 64 bits using a 56 bit key, and outputs 64 bits of ciphertext
Developed by IBM; in 1977 adopted by NIST, with NSA approval for unclassified information
Also widely used by the public sector E and D are public, but the design
principles are classified
![Page 60: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/60.jpg)
60
Generation of Round Keys
key
PC-1
C0 D0
LSH LSH
D1
PC-2 K1
K16LSH LSH
C1
PC-2
Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key
Round keys are 48 bits each
![Page 61: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/61.jpg)
61
Encipherment
input
IP
L0 R0
f K1
L1 = R0 R1 = L0 f(R0, K1)
R16 = L15 f (R15, K16) L16 = R15
IPŠ1
output
![Page 62: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/62.jpg)
62
The f Function
RiŠ1 (32 bits)
E
RiŠ1 (48 bits)
Ki (48 bits)
S1 S2 S3 S4 S5 S6 S7 S8
6 bits into each
P
32 bits
4 bits out of each
![Page 63: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/63.jpg)
63
DES Modes Electronic Code Book Mode (ECB)
Encipher each block independently Cipher Block Chaining Mode (CBC)
XOR each block with previous ciphertext block Requires an initialization vector for the first
one Double DES Mode (2 keys: k, k)
c = DESk(DESk–1(DESk(m)))
Triple DES Model (3 keys: k, k, k) c = DESk(DESk (DESk(m)))
![Page 64: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/64.jpg)
64
Controversy Considered too weak
Major weakness is key size of 56 bits (on the threshold of allowing exhaustive-search known-plaintext attacks)
Design decisions not public S-boxes may have backdoors
![Page 65: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/65.jpg)
65
Lifetime of DES 1977 Approved as a Federal standard with 5 year
cycle of re-certification 1987 Reluctantly reapproved for 5 years 1993 Approved for another 5 years 1999 NIST could no longer support the use of DES
Phase out use of Single DES (use permitted in legacy systems only)
Use Triple DES October 2, 2000 A new encryption standard was
announced, but Triple DES will remain an approved algorithm (for US Government use) for the foreseeable future
![Page 66: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/66.jpg)
66
Advanced Encryption Standard (AES)
NIST selected DRijndael as Advanced Encryption Standard (AES), successor to DES Developers are Vincent Rijmen & Joan Daeman Designed to withstand attacks successful on
DES Also a product cipher Keys of 128/192/256 bits
Key space: 3.4 x 1038 for 128-bit key, 6.2 x 1057 for 192-bit key and 1.1 x 1077 for 256-bit key
In comparison, key space for DES is 7.2 x 1016
1021 times more keys in 128-bit AES keys than DES with 56-bit keys
Blocks of 128 bits
![Page 67: 1 ISA 562 Information Security Theory & Practice Cryptography Chapter 9 of Bishop ’ s Book.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649d145503460f949e857b/html5/thumbnails/67.jpg)
67
Key Points Naive use of ciphers creates problems Stream cipher
How to generate a long key Block cipher
ECB, CBC, Double-encryption, Triple-encryption DES