CHPCGHAPH

CrypIography s Ihc sIudy oI sccrcI (crypIo)

wrIng (graphy) conccrncd wIh dcvclopng al-
gorIhms whch may bc uscd Io
s conccal Ihc conIcxI oI somc mcssagc Irom
all cxccpI Ihc scndcr and rccpcnI (prvacy
or sccrccy), and/or
s vcrIy Ihc corrccIncss oI a mcssagc Io Ihc
rccpcnI (auIhcnIcaIon)
s Iorm Ihc bass oI many Icchnologcal so-
luIons Io compuIcr and communcaIons
sccurIy problcms
1
CIPHEHS IN HISCH
CrypIology could bc bc consdcrcd as onc oI
humanIy's oldcsI proIcssons.
havc a hsIory oI aI lcasI 4000 ycars
anccnI EgypIans cncphcrcd somc oI Ihcr h-
croglyphc wrIng on monumcnIs
hc clay oI IhasIos (CrcIan-lnoan, 17Ih
ccnIury EC), sIll uncphcrcd.
HcrodoIus dcscrbcs how cncrypIcd mcssagcs
wcrc IrasporIcd by mcssangcrs
anccnI Hcbrcws cncphcrcd ccrIan words n
Ihc scrpIurcs
2000 ycars ago Julus Ccasar uscd a smplc
subsIIuIon cphcr, now known as Ihc Cacsar
cphcr
Hogcr Eacon dcscrbcd scvcral mcIhods n Ihc
1200s
2
GcoIrcy Chauccr ncludcd scvcral cphcrs n hs
works
Icon /lbcrI dcvscd a cphcr whccl, and dc-
scrbcd Ihc prncplcs oI Ircqucncy analyss n
Ihc 1460s
Elasc dc \gcncrc publshcd a book on cryp-
Iology n 15B5, dcscrbcd Ihc polyalphabcIc
subsIIuIon cphcr
Incrcasng usc, csp n dplomacy, war ovcr ccn-
Iurcs
Cne-time pads: Vdcly uscd n dplomacy
Lavd lahn n hs bcauIIul book hc Codc-
brcakcrs' has numcrous such cxamplcs.
3
SEGANCGHAPH
lcIhods oI conccalng IcxI.
Character marking: SclccIcd lcIIcrs oI IcxI
arc ovcrwrIIcn n pcncl. hc marks arc noI
vsblc unlcss Ihc papcr s hcld aI an anglc Io
brghI lghI.
InvisibIe ink: SubsIanccs can bc uscd IhaI
lcavc no vsblc Iracc unIl hcaI or somc chcm-
cal s applcd.
Pin punctures: Small pn puncIurcs on sc-
lccIcd lcIIcrs arc noI ordnarly vsblc unlcss
papcr s hcld n IronI oI lghI.
ypewriter correction ribbon: Uscd bcIwccn
lncs Iypcd wIh a black rbbon; rcsulIs oI Iyp-
ng vsblc only undcr a sIrong lghI.
hcsc Icchnqucs havc modcrn analogcs (c.g.
pxcl IransIormaIons). UnIorIunaIcly, sIcganog-
raphy n gcncral rcqurcs a loI oI ovcrhcad. Scc
hIIp://cacr.maIh.uwaIcrloo.ca/ dsInson/vsual.hIml
Ior an nIcrcsIng magc.
4
SIcganography has bccomc a modcrn subjccI
wIh applcaIons Io sccurIy. Somc mporIanI
Iopcs ncludc
1. lmcry (rcadng bcIwccn Ihc lncs, com-
prcsson and dccomprcsson Icchnqucs, cn-
dodng and dccodng algorIhms)
2. /nonymous rcmalcrs
3. SccrcI broadcasIng (Lnng CrypIographcrs
problcm)
5
NACHINE CIPHEHS
JeHerson cyIinder: dcvclopcd n 1790s, com-
prscd 36 dsks, cach wIh a random alphabcI,
ordcr oI dsks was kcy, mcssagc was scI, Ihcn
anoIhcr row bccamc cphcr
Vheatstone disc: nvcnIcd by VadsworIh n
1B17, buI dcvclopcd by VhcaIsIonc n 1B60's,
comprscd Iwo conccnIrc whccls uscd Io gcn-
craIc a polyalphabcIc cphcr
HageIin machine: / Iruly ponccrng machnc.
Enigma Hotor machine: onc oI a vcry mpor-
IanI class oI cphcr machncs, hcavly uscd dur-
ng 2nd world war, comprscd a scrcs oI roIor
whcclswIh nIcrnal cross-connccIons, provd-
ng a subsIIuIon usng a conInuosly changng
alphabcI
Scc my wcb pagc Ior pcIurcs.
6
HASIC CCNCEPS
cryptography: Ihc arI or sccncc cncompass-
ng Ihc prncplcs and mcIhods oI IransIormng
an nIcllgblc mcssagc nIo onc IhaI s unnIcl-
lgblc, and Ihcn rcIransIormng IhaI mcssagc
back Io Is orgnal Iorm
pIaintext: Ihc orgnal nIcllgblc mcssagc
ciphertext: Ihc IransIormcd mcssagc
cipher: an algorIhm Ior IransIormng an n-
Icllgblc mcssagc nIo onc IhaI s unnIcllgblc
by IransposIon and/or subsIIuIon mcIhods
key: somc crIcal nIormaIon uscd by Ihc c-
phcr, known only Io Ihc scndcr rcccvcr
encipher (encode): Ihc proccss oI convcrIng
planIcxI Io cphcrIcxI usng a cphcr and a kcy
7
HASIC CCNCEPS
decipher (decode): Ihc proccss oI convcrIng
cphcrIcxI back nIo planIcxI usng a cphcr
and a kcy
cryptanaIysis: Ihc sIudy oI prncplcs and mcIh-
ods oI IransIormng an unnIcllgblc mcssagc
back nIo an nIcllgblc mcssagc wIhouI knowl-
cdgc oI Ihc kcy. /lso callcd codebreaking
cryptoIogy: boIh crypIography and crypIanal-
yss
code: an algorIhm Ior IransIormng an nIcl-
lgblc mcssagc nIo an unnIcllgblc onc usng
a codc-book
B
CCNNONICAICN SECOHI
/s nIormaIon hghways cxpand crypIographc
Icchnqucs wll play an mporIanI rolc n saIs-
Iyng uscr-prvacy' rcqurcmcnIs. ImporIanI
aspccIs oI sccurIy ncludc
s Authentication
s Communication Security
s Lata Listribution
s LigitaI Cash
s EIectronic NaiI
s EIectronic Uoting
9
HEOIHENENS
In communication security I s Ihc sccurIy
oI rcal-Imc clccIronc lnks, local and wdc
arca ncIworks, lnk cncrypIon, ccllular and or-
dnary Iclcphony, and Iaxcs.
In data distribution I s condIonal acccss
(c.g., \), soIIwarc dsIrbuIon, nIormaIon
bullcIn boards.
In digitaI cash I s Ihc crcaIon oI an clcc-
Ironc sysIcm IhaI rcplaccs papcr moncy and
s morc Icxblc Ihan crcdI cards.
In eIectronic voting I s sccurc dsIrbuIcd
compuIaIon, clccIons n sharcholdcrs mccI-
ngs.
10
GCALS
In communication security Ihcy ncludc: mcs-
sagc prvacy, scndcr and rccpcnI auIhcnIca-
Ion, and nonrcpudaIon.
In data distribution Ihcy ncludc broadcasI
and mulIcasI opcraIons, mcssagc prvacy, and
sclccIvc rcccpIon.
In digitaI cash Ihcy ncludc anonymIy, un-
IraccablIy, IransIcrablIy, Iarncss, oI-lnc op-
craIons, and unvcrsalIy.
In eIectronic voting Ihcy ncludc anonymIy,
Iarncss, and accounIablIy.
11
ooIs ncludc: kcy-agrccmcnI proIocols, prvaIc-
kcy crypIosysIcms, publc-kcy crypIosysIcms,
dgIal sgnaIurcs, ccrIIcaIcs, sccurc hardwarc,
unIraccablIy proIocols,..., and beautiIuI math-
ematics.
Hcscarch n crypIography s a dvcrsc and maIh-
cmaIcally sophsIcaIcd pracIcc. opcs n-
cludc
s Lcsgn and /nalyss oI CrypIographc /l-
gorIhms
s Lcsgn and /nalyss oI CrypIographc Iro-
Iocols
s Hardwarc and SoIIwarc ImplcmcnIaIons
s /pplcaIons oI CrypIography
12
CAOSES CF SSEN UOLNEHAHILI
In Iypcal applcaIons worksIaIons arc aIIachcd
Io I/Ns. hc uscr can rcach oIhcr hosIs,
worksIaIons, and scrvcrs n Ihc samc I/N
IhaI arc nIcrconnccIcd va brdgcs and rouIcrs.
ransmssons Irom sIaIon Io sIaIon s vsblc
on Ihc I/N Io all sIaIons. LaIa s Irans-
mIIcd n Ihc Iorm oI packcIs whch conIan
sourcc/dcsInaIon ILs, and oIhcr nIormaIon.
Cn Ihs bass, an cavcsdroppcr can monIor
and capIurc IraIc packcIs. Eavcsdroppcr nccd
noI bc a local I/N uscr; I could bc anyonc Io
whom Ihc I/N oIcrs a dal-up capablIy.
Eavcsdroppng may also occur n any oI Ihc
communcaIons lnks whch provdc connccIv-
Iy Io Ihc sysIcm, c.g., by Iappng wrcs uscd
Ior Iransmsson, aIIachng a low-powcr rado
IransmIIcr and pck up rcsulIng sgnals. hs
problcm bccomcs worsc n V/Ns.
13
VC HASIC APPHCACHES C SECOHI
Link Encryption: Each vulncrablc coomun-
caIon lnk s cquppcd on boIh cnds wIh an
cncrypIon dcvcc. hc man dsadvanIagc s
IhaI I s cIccIvc only I all poIcnIal wcak
lnks Irom sourcc Io dcsInaIon arc sccurcd.
End-to End Encryption: LaIa s cncrypIcd
only aI Ihc sourcc nodc and dccrypIcd aI Ihc
dcsInaIon nodc.
ProbIem: LaIa conssIs oI packcIs. IackcIs
havc a hcadcr porIon and a conIcnI porIon.
ou cannot encrypt the header! (bccausc
I would bc mpossblc Io rouIc Ihc daIa). II
Iollows IhaI alIhough uscr daIa s sccurc Ihc
IraIc paIIcrn s noI!
SoIution: Usc a combnaIon oI Ink and End-
Io-End cncrypIon.
14
PLACENEN CF SECOHI FONCICN
In Ihc communcaIon hcrarchy, Ink sccurIy
s aI a low lcvcl, whlc End-Io-End sccurIy s
hgh lcvcl.
Ink cncrypIon occurs aI Ihc physcal or lnk
laycrs oI Ihc CpcrarIng SysIcm.
End-Io-End cncrypIon occurs aI a IronI End
Iroccssng unI and Ihc hcadcr bypasscs cn-
crypIon n nIcrmcdaIc sIagcs.
RANDOM
BITS
ENCRYPTION
KEY
PLAINTEXT CIPHERTEXT
15
HAFFIC SECOHI
II s usually ncccssary Io conccal
s IdcnIIcs oI parIncrs,
s How IrcqucnIly Iwo uscrs communcaIc,
s lcssagc paIIcrns, c.g., lcngIh, quanIIy,
Imc, cIc.
s EvcnIs IhaI corrclaIc wIh spccal commu-
ncaIons.
Ink cncrypIon conccals hcadcrs Ihus rcduc-
ng Ihc probablIy oI cIccIvc IraIc analyss.
End-Io-End cncrypIon lmIs dcIcncc possbl-
Ics.
16
LISHIHOING PES
In convcnIonal cncrypIon a kcy musI bc sharcd
by Ihc Iwo communcaIng uscrs. hcrcIorc
any convcnIonal crypIographc sysIcm s as
good Ihc mcIhod cmploycd Ior dsIrbuIng kcys.
s / kcy can bc dclvcrcd by onc uscr Io Ihc
oIhcr cIhcr drccIly (c.g., physcally) or n-
drccIly (c.g., physcally by an nIcrmcd-
ary).
s / ncw kcy can bc dclvcrcd by cncrypIng
I wIh an oldcr kcy and cIhcr usng a d-
rccI sccurc connccIon or an ndrccI sccurc
connccIon va an nIcrmcdary.
hc IrsI opIon s awkward. Somc Iorm oI Ihc
sccond opIon us wdcly acccpIcd.
17
PE CCNHCL
HierarchicaI: / hcrarchy oI lcy ConIrol Ccn-
Icrs s csIablshcd. Each ccnIcr rcsponsblc lo-
cally Ior a small sysIcm. ConIrol s passcd Io
a hghcr lcvcl Ior cxIcrnal communcaIon.
Pey LiIetime: Samc kcy s uscd only Ior a
lmIcd lIcImc.
LecentraIized Pey ControI: Iull dcccnIral-
zaIon s noI pracIcal. Howcvcr somc Iorm
oI dcccnIralzaIon lmIs abuscs by a ccnIral
auIhorIy.
Pey Osage: II s uscIul Io classIy kcys on Ihc
bass and Iypc oI usagc. E.g., LaIa EncrypIon
kcys (Ior gcncral communcaIon), IIN kcys
(Ior Icrsonal IdcnIIcaIon Numbcrs), Ilc kcys
(Ior cncrypIng Ilcs). hs mcIhod lmIs po-
IcnIal damagc causcd by compromscs n Iypc
oI Iransmsson.
1B
PSEOLC HANLCN GENEHAICN
Handom numbcrs Ind numcrous uscs n cryp-
Iography, cspccally n auIhcnIcaIon schcmcs,
scsson kcy gcncraIon, n convcnIonal as wcll
as publc-kcy crypIography.
IcrIccI random gcncraIon s mpossblc by a
dcIcrmnsIc dcvcc, lkc a compuIcr. Usually
wc havc Io gcncraIc pscudorandom numbcrs
wIh a dcIcrmnsIc sourcc. HcsulIng num-
bcrs musI bc unprcdcIablc, ndcpcndcnI, and
unIormly dsIrbuIcd.
Linear Congruence Generator:
[ D[ E mod P
HIum-HIum-Shub Generator S u T u 3 mod 4
arc dsIncI prmcs.
[ [
2
mod ST
19
UICLAICNS CF SECOHI
/s busncss and govcrnmcnI dcpcnd morc on
compuIcrs and ncIworks so grows Ihc IhrcaI
oI commpuIcr crmc.
In 1994, \. I. Icvn, a Hussan compuIcr hackcr
Irom SI. IcIcrsburgh, managcd Io nIIraIc
CIbank and IransIcr 10 mllon US dolars ovcr
Ivc monIhs Io bank accounIs n CalIorna,
Inland, and Gcrmany.
20 ycars ago compuIcr sysIcms wcrc rclaIvcly
unavalablc. Now Ihc Iaxonomy oI uscrs n-
cludcs mcmbcrs oI crmc syndcaIcs, ndusIral
csponagc Icams, nIormaIons Ihcvcs, cIc.
Cnly 5, oI vcIm sIcs arc cvcn awarc Ihcy
havc bccn nIIraIcd.
20
LEECING ANCNALCOS PAEHNS
LcIccIng anomalcs can bc uscd Ior cnhanc-
ng' sccurIy.
CIbank wll noI rcvcal how Icvn was caughI.
Howcvcr, morc s known abouI IEl's Iraud
and /busc lanagcmcnI SysIcm (I/lS).
I/lS scparaIcs bllng paIIcrns Irom unusual
oncs by proIlng provdcrs agansI onc anoIhcr
and chcckng Ior unusual paIIcrns IhaI ponIcd
Io Iraud n Ihc pasI.
Eluc Cross/Eluc Shcld caughI a docIor who
bllcd Ihcm 1.4 mllon dollars Ior bronchoscopcs
IhaI wcrc ncvcr pcrIormcd. hc program no-
Iccd IhaI Ihc docIor clamcd Io pcrIorm onc
opcraIon pcr paIcnI pcr wcck (normally Ihs
s pcrIormcd oncc or Iwcc n a paIcnI's lIc-
Imc).
21
LEECING ANCNALCOS PAEHNS
/ Iypcal compuIcr uscr cxccuIcs a sIandard
paIIcrn oI commands.
Ior cxamplc, hcrc s a scqucncc oI commands
I normally cxccuIc n my UNI accounI
cd work;
ls -laI;
cd publcaIons;
ls *.Icx;
v myIlc.Icx;
laIcx myIlc.Icx;
dvps myIlc;
lpr -IIaculIy myIlc.ps;
hs scqucncc oI commands could bc rccordcd
as parI oI a uscr's proIlc. Cncc crcaIcd, an
anomaly dcIccIor conInuously comparcs I Io
Ihc known proIlc Io obIan a smlarIy' scorc.
22
ALAPING CUEH INE
/ sysIcm can cvcn bc IaughI Io adapI ovcr-
Imc. II lcarns Ihc usagc' paIIcrns oI a uscr
and adapIs.
In Iurn, a malcous nIrudcr can Iry Io Iool'
Ihc sysIcm by Icachng I Io acccpI' an n-
crcasngly aggrcssvc ncw' usagc paIIcrn.
hs s oI courcc hypoIhcIcal, buI hosIlc Iran-
ng s a dangcr.
LcIccIng anomalcs can also bc uscd Ior brcak-
ng' sccurIy.
In 1996, I. lrchcr dcmonsIraIcd how Io dc-
Icrmnc a prvaIc kcy by kccpng Irack oI how
long Iakcs Ihc compuIcr Io dccphcr mcssagcs.
23
SECOHI IN PHACICE: 3 NEHCLS
1. FIHEVALLS:
Cnly ccrIan compuIcrs arc acccssblc Io Ihc
gcncral publc (ouIsdc Ihc company) Iormng
a spccal dcmlIarzcd zonc' or LlZ.
IoIcnIally dangcrous daIa (c.g. nIcrncI, c-
mal, cIc) arc IlIcrcd n a proxy scrvcr. hcsc
arc Ihcn IransIcrcd Io proxy programs IhaI can
run saIcly and subscqucnIly dclvcrcd Io com-
pany cmployccs.
/ largc company or organzaIon may rcqurc
morc Ihan onc Ircwall. /s Ihc company grows
addIonal Ircwalls may nccd Io bc nsIallcd.
Ircwalls also nvolvc packcI IlIcrng, Ihus pos-
sbly rcjccIng packcIs comng Irom ccrIan n-
IcrncI addrcsscs. InIrudcrs may oI coursc Iry
Io Iorgc IrusIcd sourcc addrcsscs, hcncc au-
IhcnIcaIon prncplcs play an mporIanI rolc.
24
2. LIGIAL CEHIFICAES:
o scnd and rcccvc mcssagcs uscrs musI havc
a prvaIc as wcll as a publc kcy (sIrngs oI
lcngIh abouI 1,000 bIs).
LgIal sgnaIurcs arc crcaIcd Irom Ihc mcs-
sagc and Ihc prvaIc kcy and accompany Ihc
mcssagc.
SgnaIurc s vcrIcd by usng publc kcy.
/ IrusIcd auIhorIy s bcng uscd Io crcaIc a
dgIal ccrIIcaIc IhaI ccrIIcs IhaI a ccrIan
publc kcy bclongs Io a ccrIan pcrson.
3. JAUA SANLHC:
Unscrupulous dcvcloppcrs could crcaIc applcIs
IhaI would nIcrIcrc wIh a uscr's compuIcr
sysIcm.
Java has a laycr oI soIIwarc (callcd Java \rIual
lachnc) whch cxccuIcs any applcI wrIIcn n
Ihc languagc.
hc vrIual machnc prcvcnIs Ihc program Irom
gcIIng acccss Io Ihc compuIcr's hard drvc.
II s lkc Ihc applcI sIIng n a chld's sand-
box (whcrc I can do no damagc). II gcIs ouI
only whcn Ihc vrIual machnc vcrIcs IhaI Ihc
applcI can bc IrusIcd.
25
LEFINIICN CF CHPCSSEN
/ crypIosysIcm conssIs oI Ihc Iollowng InIc
scIs
P: planIcxI spacc
C: cphcrIcxI spacc
P: kcyspacc
Encryption Function (: Ior cach N .,
(
N
: 3 &
Lecryption Function ': Ior cach N .,
'
N
: & 3
Nain Property: hc IuncIons (
N
'
N
arc n-
vcrscs oI cach oIhcr, .c. Ior all S 3 and
N .,
'
N
((
N
(S)) = S
26
INPCHAN PHCPEHIES
s Ihc cncrypIon and dccrypIon IuncIons arc
cIccnIly compuIablc Ior all kcys N, .c., I
should bc rclaIvcly casy boIh Io cncrypI
and dccrypI, gvcn Ihc kcy, and
s I should compuIaIonally nIcasblc Io dc-
cphcr Ihc cphcrIcxI, .c., an opponcnI upon
sccng a cphcrIcxI should bc unablc Io dc-
Icrmnc cIhcr Ihc kcy N IhaI was uscd or
Ihc orgnal planIcxI sIrng.
s Usually assumc Ihc crypIographc sysIcm
s publc, and only Ihc kcy s sccrcI nIor-
maIon
27