CIT 480: Securing Computer Systems
Transcript of CIT 480: Securing Computer Systems
![Page 1: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/1.jpg)
CIT 480: Securing Computer Systems
Symmetric Cryptography
![Page 2: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/2.jpg)
Topics 1. Modular Arithmetic 2. What is Cryptography? 3. Transposition Ciphers 4. Substitution Ciphers
1. Cæsar cipher 2. Vigènere cipher
5. Cryptanalysis: frequency analysis 6. Block Ciphers 7. AES and DES 8. Stream Ciphers
![Page 3: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/3.jpg)
Modular Arithmetic Congruence
– a = b (mod N) iff a = b + kN – ex: 37=27 mod 10
b is the residue of a, modulo N – Integers 0..N-1 are the set of residues mod N
Modulo 12 number system
![Page 4: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/4.jpg)
What is Cryptography?
Cryptography: The art and science of keeping messages secure.
Cryptanalysis: the art and science of
decrypting messages. Cryptology: cryptography + cryptanalysis
![Page 5: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/5.jpg)
Terminology Plaintext: message P to be
encrypted. Also called cleartext.
Encryption: altering a
message to keep its contents secret.
Ciphertext: encrypted
message C.
Plaintext
Ciphertext
Encryption Procedure
![Page 6: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/6.jpg)
Cæsar cipher
Plaintext is HELLO WORLD Change each letter to the third letter following
it (X goes to A, Y to B, Z to C) – Key is 3, usually written as letter ‘D’
Ciphertext is KHOOR ZRUOG
![Page 7: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/7.jpg)
ROT 13
Cæsar cipher with key of 13 13 chosen since encryption
and decryption are same operation
Used to hide spoilers, punchlines, and offensive material online.
![Page 8: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/8.jpg)
Kerckhoff’s Principle
Security of cryptosystem should only depend on 1. Quality of shared encryption algorithm E 2. Secrecy of key K
Security through obscurity tends to fail ex: DVD Content Scrambling System
![Page 9: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/9.jpg)
Cryptanalysis Goals
1. Decrypt a given message. 2. Recover encryption key.
Threat models vary based on
1. Type of information available to adversary 2. Interaction with cryptosystem.
![Page 10: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/10.jpg)
Cryptanalysis Threat Models
ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key.
known plaintext: adversary has ciphertext,
corresponding plaintext; goal is to find key. chosen plaintext: adversary may supply plaintexts
and obtain corresponding ciphertext; goal is to find key.
![Page 11: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/11.jpg)
Brute Force Attack Exhaustive search of keyspace by decrypting ciphertext C with all possible keys K.
– Must determine if DK(C) is a likely plaintext – Requires some knowledge of format (language,
doc type) For N possible keys,
– Worst case is N decryptions. – Mean case is N/2 decryptions.
Example: DES has 56-bit keys – Average time to find key is 255 decryptions.
![Page 12: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/12.jpg)
Is 128 bits enough? 128-bit keyspace permits 2128 keys
– 340,282,366,920,938,463,463,374,607,431,768,211,456 or
– 3.4 x 1038 keys
Cracking 1 trillion (1012) keys per second requires – 3.4 x 1026 seconds or – 1.08 x 1019 years
Cracking 1 trillion keys per second on 1 billion CPUs – requires 1.08 x 1010 years = 10.8 billion years
![Page 13: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/13.jpg)
Classical Cryptography
Sender and receiver share common key – Keys may be the same, or be trivial to derive from
one another. – Sometimes called symmetric cryptography.
C P P encrypt
K
decrypt
K
![Page 14: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/14.jpg)
Brute Force vs. Cæsar Cipher
Brute Force attack – Only 26 possible keys. – PC can try all in <1s.
Decryption key (26-K)
Candidate plaintext
0 exxegoexsrgi
1 dwwdfndwrqfh
2 cvvcemcvqpeg
3 buubdlbupodf
4 attackatonce
5 zsszbjzsnmbd
6 yrryaiyrmlac
...
23 haahjrhavujl
24 gzzgiqgzutik
25 fyyfhpfytshj
![Page 15: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/15.jpg)
General Simple Substitution Cipher
Keys: All permutations of alphabet (26! keys) Encryption:
Replace each plaintext letter x with K(x)
Decryption: Replace each ciphertext letter y with K-1(y)
Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K= F U B A R D H G J I L K N M P O S Q Z W X Y V T C E
CRYPTO BQCOWP
![Page 16: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/16.jpg)
General Simple Substitution Security
Exhaustive search impossible – Key space size is 26! =~ 4 x 1026
– Historically thought to be unbreakable.
However, languages have different frequencies of letters digraphs (groups of 2 letters) trigraphs (groups of 3 letters) etc.
Simple substitution ciphers preserve letter frequencies.
![Page 17: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/17.jpg)
English Letter Frequencies
![Page 18: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/18.jpg)
Additional Frequency Features
Digraph frequencies – Common digraphs: EN, RE, ER, NT
Trigraph frequencies – Common trigraphs: THE, AND, ING – Digraph and trigraph tables can be found at
http://www.sttmedia.com/syllablefrequency-english
The letter Q is followed only by U.
![Page 19: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/19.jpg)
Countering Frequency Analysis
Primary weakness of simple substitution: – Each ciphertext letter corresponds to only one
letter of plaintext.
Solution: polyalphabetic substitution – Use multiple cipher alphabets. – Switch between cipher alphabets from
character to character in the plaintext.
![Page 20: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/20.jpg)
Letter Frequency Distributions
![Page 21: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/21.jpg)
Vigènere Cipher Use phrase instead of letter as key. Example
– Message THE BOY HAS THE BALL – Key VIG – Encipher using Cæsar cipher for each letter:
key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG
Reproduction of CSA Cipher Disk
![Page 22: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/22.jpg)
Rotor Machines (1920s-1970s) Observation: If Vigènere key is very long, frequency
analysis won’t work. Implement: multiple rounds of Vigènere substitution.
– Machine contains multiple cylinders. – Each cylinder has 26 states (ciphers.) – Cylinders rotate to change states on different schedules. – m-cylinder machine has 26m substitution ciphers.
![Page 23: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/23.jpg)
One-Time Pad • A Vigenère cipher with a random key at least as
long as the message. • Provably unbreakable.
• Example ciphertext: DXQR. • Equally likely to correspond to
– plaintext DOIT (key AJIY) – plaintext DONT (key AJDY) – and any other 4 letters.
![Page 24: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/24.jpg)
Binary One Time Pad Encrypt a message M with pad P to produce ciphertext
C = M ⊕ P where ⊕ is the exclusive OR operator. Decrypt a ciphertext C with the same pad P
M = C ⊕ P
![Page 25: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/25.jpg)
One Time Pad Problems
1. The one-time pad must be random. Software pseudo-random number generators are not random. Pad needs hardware randomness.
2. Transmission of long pads is difficult. The pad is just as long as all the messages you’ll ever send with it, so you’ve just moved the problem of transmitting secret messages to transmitting a secret pad.
3. Pad must always be kept secret. If pad is ever discovered, then attacker can decrypt old messages. Pads must be securely destroyed at end of use.
![Page 26: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/26.jpg)
Block Ciphers
Encrypt groups (blocks) of chars at once. Improvement over single char substitution
– Cryptanalysis must use digraph frequencies for two-char blocks.
– Longer blocks are more difficult to analyze. – Modern ciphers are block ciphers.
Example: Playfair Cipher, 1854
![Page 27: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/27.jpg)
SP-Networks Combine Substitution+Permutation (transposition)
– Confusion: adding unknown key values will confuse attacker about value of plaintext symbol.
– Diffusion: Spread plaintext data throughout ciphertext.
Designing for Security – Block Size – Number of rounds
• Each input bit is XOR of several output bits from previous round.
– Substitution algorithm
![Page 28: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/28.jpg)
Substitution Boxes
Substitution can be done using a matrix, which acts as a lookup table for substituting one set of bits with another. Such tables are called substitution boxes, or S-boxes.
![Page 29: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/29.jpg)
Overview of the DES Block cipher (64 bit blocks)
– 64-bit key is actually a – 56-bit key + 8 parity bits
Product cipher – substitution + transposition
16 rounds (iterations) of encryption – round key generated from user key
![Page 30: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/30.jpg)
Feistel Function (F)
![Page 31: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/31.jpg)
Differential Cryptanalysis A chosen ciphertext attack
– Biham and Shamir rediscovered in late 1980s – Examines pairs of plaintext with particular differences. – Requires 247 plaintext, ciphertext pairs. – Only 214 pairs required with 8 round DES.
Revealed several properties – S-box designed to resist differential cryptanalysis. – IBM revealed knowledge of technique at design time.
Linear cryptanalysis improves result – Linear approximation of DES. – Requires 243 plaintext, ciphertext pairs. – DES not designed to resist this technique.
![Page 32: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/32.jpg)
Electronic Code Book Mode Encrypt each block independently.
E(block) = Cblock each time block appears
Therefore attacker can build dictionary of blocks.
ECB encryption of bitmap hides colors but image is still discernible.
![Page 33: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/33.jpg)
Cipher Block Chaining Mode
XOR each block with previous ciphertext block. Random initialization vector (IV) used for 1st.
CBC encryption of bitmap looks random.
![Page 34: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/34.jpg)
Cipher Block Chaining Mode
Formula for CBC encryption (i=1 is 1st block)
Formula for CBC decryption
![Page 35: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/35.jpg)
Triple DES Encrypt-Decrypt-Encrypt Mode (3 keys: k, k´, k´´)
– c = DESk(DESk´–1(DESk’’(m)))
– Middle decrypt allows backward compatibility if all keys are equal: k = k´= k´´
– Double-encryption vulnerable to meet-in-middle attack, reducing difficulty from 2112 to 257.
![Page 36: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/36.jpg)
DES is Insecure Brute force attacks can be completed in <1 day.
– Distributed computing attacks. – RIVYERA FPGA-based parallel computer breaks
DES in <1 day for a hardware cost of <$10,000. Linear cryptanalysis faster than brute force
– Need 241 known plaintexts
![Page 37: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/37.jpg)
Advanced Encryption Standard (AES)
Winner of open NIST competition (1997-2000) – Rijndael, designed by Joan Daemen and Vincent Rijmen. – Published as FIPS 197 in November 2001.
128-bit block cipher – 128-, 192-, or 256-bit keys. – 10, 12, or 14 rounds, depending on key size.
Replacement for DES – DES vulnerable to brute force attacks due to 56-bit keys. – Triple DES is very slow.
![Page 38: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/38.jpg)
AES Round Structure Round keys derived from user key using AES key schedule. Each round transforms 128-bit state, Xi in 4 steps:
1. SubBytes: S-box substitution. 2. ShiftRows: permutation. 3. MixColumns: matrix
multiplication. 4. AddRoundKey: XOR with round
key for this round.
![Page 39: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/39.jpg)
AES Round Steps
![Page 40: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/40.jpg)
AES Cryptanalysis
Biclique attack (2011) – Faster than brute force by a factor of 4 – So can break AES-128 with 2126.1 operations.
Related key attacks (2009) – Requires 299.5 operations to break AES-256 – Requires 2176 operations to break AES-192 – Due to weak key scheduling for AES-256 – AES-128 is more secure than AES-256!
![Page 41: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/41.jpg)
Modern Block Ciphers Blowfish
– 64-bit block cipher designed in 1993 – Variable key length: 32 to 448 bit – Weak key attacks exist
Twofish (AES finalist) – 128-bit block cipher with up to 256 bit keys – Designed by Blowfish team, no known breaks
Serpent (AES finalist) – 32-round 128-bit block cipher with up to 256 bit keys – Known attacks against reduced round versions
![Page 42: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/42.jpg)
Stream Ciphers Combine plaintext with cipher bitstream
– Cipher generates stream of pseudo-random bits – Loosely inspired by one time pad.
RC4 is most widely used stream cipher – Variable length key: 40 to 128 bits – Aircrack breaks 104-bit RC4 used in WEP in 1min – No known practical attacks against 128-bit, but – Much speculation that NSA can crack 128-bit RC4.
Block cipher to stream cipher – Using block cipher in Counter Mode. – XOR counter mode data with plaintext.
![Page 43: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/43.jpg)
Key Points Types of ciphers
– Substitution (monoalphabetic and polyalphabetic) – Transposition (permutation) – Product (Substitution + Permutation)
Cryptanalysis – Kerchoff’s principle – Brute force attack
• Find key in at most n tries, for n possible keys. • Find key in an average of n/2 tries. • A cryptosystem with x-bit keys has 2x possible keys.
– Frequency analysis. – One-time pad is provably secure
Block ciphers – ECB mode insecure; need to use CBC for block ciphers. – DES obsolete due to small 56-bit keys. 3DES=112 bit key. – AES current standard, best symmetric cipher is AES-128.
![Page 44: CIT 480: Securing Computer Systems](https://reader030.fdocuments.in/reader030/viewer/2022012506/6181d552cfaaf46d9244d611/html5/thumbnails/44.jpg)
References 1. Ross Anderson, Security Engineering, 2nd edition, Wiley, 2008. 2. Matt Bishop, Introduction to Computer Security, Addison-Wesley,
2005. 3. Neil Daswani et. al., Foundations of Security, Apress, 2007. 4. Goodrich and Tammasia, Introduction to Computer Security, Pearson,
2011. 5. David Kahn, The Codebreakers, MacMillan, 1967. 6. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone,
Handbook of Applied Cryptography, http://www.cacr.math.uwaterloo.ca/hac/, CRC Press, 1996.
7. NIST, FIPS Publication 46-3: Data Encryption Standard (DES), 1999, http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
8. Bruce Schneier, Applied Cryptography, 2nd edition, Wiley, 1996. 9. US Government Dept of the Army, FM 34-40-2 FIELD MANUAL, 1990,
http://www.umich.edu/~umich/fm-34-40-2/