Professional Documents
Culture Documents
May 7, 2020
11:31am
c
2020 Avinash Kak, Purdue University
Goals:
• To introduce the rudiments of the vocabulary of computer and network
security and that of encryption/decryption.
• Simple Python and Perl scripts that give you pretty good se-
curity for confidential communications. Only good for fun,
though.
CONTENTS
Section Title Page
2
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
I’ll start this section with some basic vocabulary of encryption and
decryption, since that’s the primary focus of the beginning lectures
in this series. Subsequently, I’ll also review some of the basic
vocabulary of computer and network security from a more systems
perspective.
3
Computer and Network Security by Avi Kak Lecture 2
testing and scrutiny that a public algorithm is. And, assuming that a secret algorithm is used for all
communications within an organization, what if a disgruntled employee posted the algorithm anonymously on
WikiLeaks?]
secret key: A secret key is used to set some or all of the various parameters
used by the encryption algorithm. The important thing to note is
that, in classical cryptography, the same secret key is used for
encryption and decryption. It is for this reason that classical
cryptography is also referred to as symmetric key cryptography. On
the other hand, in the more recently developed cryptographic
algorithms, the encryption and decryption keys are not only
different, but also one of them is placed in the public domain.
Such algorithms are commonly referred to as asymmetric key
cryptography, public key cryptography, etc.
4
Computer and Network Security by Avi Kak Lecture 2
block cipher: A block cipher processes a block of input data at a time and
produces a ciphertext block of the same size.
stream cipher: A stream cipher encrypts data on the fly, usually one byte
at at time.
All forms of cryptanalysis for classical encryption exploit the fact that
some aspect of the structure of plaintext may survive in the ciphertext.
key space: The total number of all possible keys that can be used in a
cryptographic system. For example, DES uses a 56-bit key. So the key
space is of size 256, which is approximately the same as 7.2 × 1016.
5
Computer and Network Security by Avi Kak Lecture 2
recorded mappings between the plaintext bit blocks and the ciphertext bit blocks. As a trivial example,
consider an 8-bit block cipher that scans the plaintext in blocks of 8 bits. If we can construct a codebook
with mappings for all 256 different possible bit blocks, we have broken the cipher.]
6
Computer and Network Security by Avi Kak Lecture 2
store intermediate results obtained from the current computational steps (assuming they can help us avoid
unnecessary search later during the computations). You will see examples of such tradeoffs in Lecture 24
***********
So here we go:
7
Computer and Network Security by Avi Kak Lecture 2
1. sms fraud: An application that charges users to send premium SMS without
consent, or tries to disguise its SMS activities by hiding disclosure agreements or
SMS messages from the mobile operator notifying the user of charges or
confirming subscription. [The text messages normally used by most of us typically cost little to
nothing. However, there is another category of text messages — for downloading ringtones, music clips,
adult content, games, etc., and also for voting in TV shows based on performance competition — that
are used for what are known as Mobile Premium SMS/MMS services. Using such services leads to
noticeable charges on your phone bill. By law, the phone numbers for such services must begin with
“19”.]
Some apps, even though they technically disclose SMS sending behavior introduce
additional tricky behavior that accommodates sms fraud. Examples of this
include hiding any parts of disclosure agreement from the user, making them
unreadable, conditionally suppressing SMS messages the mobile operator sends to
inform user of charges or confirm subscription.
8
Computer and Network Security by Avi Kak Lecture 2
providers of directory services, adult chat lines, and other business organization to provide services for
which the charges appear on your phone bill. The phone company sends a portion of what is charged to
the service provider.]
3. toll fraud: An application that tricks users to subscribe or purchase content via
their mobile phone bill.
Toll Fraud includes any type of billing except Premium SMS and premium calls.
Examples of this include: Direct Carrier Billing, WAP (Wireless Access Point), or
Mobile Airtime Transfer.
WAP fraud is one of the most prevalent types of Toll fraud. WAP fraud can
include tricking users to click a button on a silently loaded transparent WebView.
Upon performing the action, a recurring subscription is initiated, and the
confirmation SMS or email is often hijacked to prevent users from noticing the
financial transaction.
9
Computer and Network Security by Avi Kak Lecture 2
Privilege escalation apps that root devices without user permission are
classified as rooting apps.
Non-malicious rooting apps let the user know in advance that they are
going to root the device and they do not execute other potentially
harmful actions.
10
Computer and Network Security by Avi Kak Lecture 2
Malicious rooting apps do not inform the user that they will root the
device, or they inform the user about the rooting in advance but also
execute other harmful actions.
• contact list
• call log
• SMS log
• web history or browser bookmarks of the default browser
SSL/TLS: More than anything else, it is the certificate based client and
server authentication made possible by the SSL/TLS protocol that
11
Computer and Network Security by Avi Kak Lecture 2
TCP/IP: TCP and IP are two different foundational protocols that govern
how information is exchanged between two different hosts in the
internet. You can think of TCP as sitting on top of IP. Whereas IP
specifies how a host may use the IP addressing scheme to send data
packets to another host, the TCP protocol adds handshaking to this
interaction in order to make sure that every data packet sent by a host was
actually received by the other host.
tor: Tor is a route anonymizing protocol that makes it easier for folks in
countries with heavy censorship and controls to access foreign websites
like Google and Facebook.
VPN: VPN (for Virtual Private Network) is an overlay network that allows
a set of hosts to communicate with one another confidentially using
IPSec, which is a secure version of the IP protocol.
12
Computer and Network Security by Avi Kak Lecture 2
***********
Before leaving this section, I’d like to draw the reader’s attention to
the following websites:
1. Krebs On Security Blog Entry on Who’s Attacking Whom? Realtime Attack Trackers
The first is a blog entry by Brian Krebs who is one of the most
famous and influential bloggers in the computer security area. He
was a reporter for Washington Post from 1995 to 2009. This
particular blob entry is about the different trackers out there for
visualizing in real-time the ongoing attacks on a world-wide basis.
And the second link above shows one of the trackers in action. The
attacks displayed in this manner are usually detected with the help
of honeypots that are typically installed all around the globe. [As
described in Section 22.6 of Lecture 22, a honeypot is a specially configured machine — often a virtual machine
13
Computer and Network Security by Avi Kak Lecture 2
these days — that presents a specific network profile to the rest of the internet for the purpose of attracting
malware. Consider an attacker who wants to exploit a particular vulnerability in the HTTPD servers for the
purpose of installing his malware. The attacker, not really caring where exactly he finds such server hosts, chooses
to scan large blocks of IP addresses more or less randomly. In order to capture the attacker’s malware, a honeypot
would act exactly like the HTTPD server the attacker is hoping to find. The honeypot would download the
14
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
15
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
c = E(3, p) = (p + 3) mod 26
where E() stands for encryption. If you are not familiar with
modulo division, the mod operator returns the integer
remainder when p + 3 is divided by 26, the number of letters in
the English alphabet. We are obviously assuming
case-insensitive encoding with the Caesar cipher.
16
Computer and Network Security by Avi Kak Lecture 2
• A more general version of this cipher that allows for any degree
of shift would be expressed by
c = E(k, p) = (p + k) mod 26
p = D(k, c) = (c − k) mod 26
17
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
18
Computer and Network Security by Avi Kak Lecture 2
19
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
• Let’s now consider what one would think would be a very strong
monoalphabetic cipher. We will make our substitution letters a
random permutation of the 26 letters of the alphabet:
21
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
size of a number by a factor of 10, you are increasing the size by one order of magnitude. So when we say
that the keyspace is 10 orders of magnitude larger, that means that the keyspace is larger by a factor of 1010 .
Recall, as mentioned in Section 2.1, the keyspace of DES is 256 since the key size is 56 bits. And
22
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
23
Computer and Network Security by Avi Kak Lecture 2
24
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
frequency are:
26
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
2.7 MULTIPLE-CHARACTER
ENCRYPTION TO MASK PLAINTEXT
STRUCTURE: THE PLAYFAIR CIPHER
27
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
• You fill the rest of the cells of the matrix with the remaining
characters in the alphabet and do so in alphabetic order. The
letters I and J are assigned the same cell. In the following
example, the key is “smythework”:
28
Computer and Network Security by Avi Kak Lecture 2
S M Y T H
E W O R K
A B C D F
G I/J L N P
Q U V X Z
Back to TOC
29
Computer and Network Security by Avi Kak Lecture 2
30
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
32
Computer and Network Security by Avi Kak Lecture 2
33
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
k11 k12 k13
K =
k21 k22 k23
k31 k32 k33
34
Computer and Network Security by Avi Kak Lecture 2
~ = [K] P
C ~ mod 26
~ = ~ mod 26
−1
P K C
~ = ~ mod 26 = P
~
−1
P K [K] P
35
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
36
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
37
Computer and Network Security by Avi Kak Lecture 2
key: abracadabraabracadabraabracadabraab
plaintext: canyoumeetmeatmidnightihavethegoods
ciphertext: CBEYQUPEFKMEBK.....................
38
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
the most likely choice for the keylength. [Obviously, character sequences
that repeat in the plaintext will create character sequences that repeat in the
ciphertext if the plaintext distance between the repetitions is a multiple of the
keylength. With Vigenere, the plaintext characters separated by multiples of the key
length are encoded in exactly the same way. ]
Wikipedia has a wonderful article on “Rotor Machines” that traces the history of their development. To
appreciate the idea of a rotor in this context, a monoalphabetic cipher requires that the electrical signals
generated by hitting, say, any of the 26 letter keys on a typewrite-like device be routed to a sequence of 26
permuted outputs. If the connections between the input signals and the output is through a rotor that has 26
electrical pass-through points on it, by simply turning the rotor by one position, you’ll be able to change the
mapping between the incoming 26 signals and the corresponding outputs. Using multiple rotors and turning
each rotor to a different position specified by an encryption key allows a Vigenere mapping to be created
between the input and the output. Rotor machines were used extensively by the militaries of the different
40
Computer and Network Security by Avi Kak Lecture 2
41
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
key: 2 5 3 1 6 4
plaintext: m e e t m e
a t m i d n
i g h t f o
r t h e g o
d i e s x y
ciphertext: ETGTIMDFGXEMHHEMAIRDENOOYTITES
42
Computer and Network Security by Avi Kak Lecture 2
43
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
44
Computer and Network Security by Avi Kak Lecture 2
Perl: https://metacpan.org/pod/Algorithm::BitVector
So here we go:
[A ⊕ B] ⊕ C = A ⊕ [B ⊕ C ]
A ⊕ A = 0
A ⊕ 0 = A
• Since differential XORing means that the output for the current
block must depend on the output that was produced for the
previous block, that raises the question of what to do for the
first bit block in a file. Typically, this problem is solved by using
an initialization vector (IV) for the differential XORing needed
for the first bit block in a file. We derive the needed
initialization vector from the passphrase in lines (F) through (I).
• For encryption, each bit block read from the message file is first
XORed with the key in line (Y), and then, in line (Z), with the
output produced for the previous bit block. The step in line (Z)
constitutes differential XORing.
#!/usr/bin/env python
### EncryptForFun.py
### Avi Kak (kak@purdue.edu)
### January 21, 2014, modified January 11, 2016
import sys
from BitVector import * #(A)
47
Computer and Network Security by Avi Kak Lecture 2
BLOCKSIZE = 64 #(D)
numbytes = BLOCKSIZE // 8 #(E)
48
Computer and Network Security by Avi Kak Lecture 2
#!/usr/bin/env python
### DecryptForFun.py
### Avi Kak (kak@purdue.edu)
### January 21, 2014, modified January 11, 2016
49
Computer and Network Security by Avi Kak Lecture 2
import sys
from BitVector import * #(A)
BLOCKSIZE = 64 #(D)
numbytes = BLOCKSIZE // 8 #(E)
50
Computer and Network Security by Avi Kak Lecture 2
bv ^= key_bv #(a)
msg_decrypted_bv += bv #(b)
• To exercise these scripts, enter some text in a file and let’s call
this file message.txt. Now you can call the encrypt script by
EncryptForFun.py message.txt output.txt
The script will place the encrypted output, in the form of a hex
string, in the file output.txt. Subsequently, you can call
DecryptForFun.py output.txt recover.txt
• What follows are the Perl versions of the two Python script
shown above. For at least those of you who would like to be
proficient in both Perl and Python, it would be educational to
51
Computer and Network Security by Avi Kak Lecture 2
compare the syntax used for doing the same things in the two
versions. Since the flow of logic in the two versions is identical,
such a comparison should be straightforward.
• In case you are puzzled by the statement in line (C), the call to
split with an empty regex as its first argument returns an array
of characters for the passphrase. This was done to establish
parity with line (C) of the Python version of the encryption
script with regard to how we may subsequently process the
passphrase in the rest of the scripts. You see, in Python, a
string is directly an iterable object, which allows for compact
code to be written for substring access and slicing. The call in
line (C) of the script shown below allows us to write similar
substring access and string slicing code in Perl with the help of
Perl’s range operator.
#!/usr/bin/perl -w
### EncryptForFun.pl
### Avi Kak (kak@purdue.edu)
### January 11, 2016
52
Computer and Network Security by Avi Kak Lecture 2
###
### The encrypted output is deposited in the file ‘output.txt’
use strict;
use Algorithm::BitVector; #(A)
die "Needs two command-line arguments, one for the name of " .
"message file and the other for the name to be used for " .
"encrypted output file"
unless @ARGV == 2; #(B)
53
Computer and Network Security by Avi Kak Lecture 2
#!/usr/bin/perl -w
### DecryptForFun.pl
### Avi Kak (kak@purdue.edu)
54
Computer and Network Security by Avi Kak Lecture 2
use strict;
use Algorithm::BitVector; #(A)
die "Needs two command-line arguments, one for the name of " .
"message file and the other for the name to be used for " .
"encrypted output file"
unless @ARGV == 2; #(B)
55
Computer and Network Security by Avi Kak Lecture 2
56
Computer and Network Security by Avi Kak Lecture 2
Back to TOC
If you are using Python 3, make sure you prefix the argument to the b64encode() function by the character
‘b’ to indicate that it is of type bytes as opposed to of type str. Several string processing functions in
Python 3 require bytes type arguments and often return results of the same type. Educate yourself on the
difference between the string str type and bytes type in Python 3. ]
hello
hexdump -C myfile.txt
you are likely to see the following bytes (in hex) in the file:
68 65 6C 6C 6F 0A
Looks like there are six bytes in the file whereas the word
“hello” has only five characters. What do you think is going on?
Do you know why your editor might want to place that extra
byte in the file and how to prevent that from happening?
3. As you know, you can easily find the XOR of two bit patterns
or two decimal integers through a terminal interactive session
with Python or Perl. For example, with Python:
>>> 16 ^ 1
17
>>> 0x10 ^ 0x01
17
4. Write your own Python or Perl script that carries out Base64
encoding. If you use the BitVector module, your solution should
not take more than half a dozen lines of code.
58
Computer and Network Security by Avi Kak Lecture 2
7. True or false: The larger the size of the key space, the more
secure a cipher? Justify your answer.
11. What makes Vigenere cipher more secure than, say, the Playfair
cipher?
12. Let’s say you have used the encryption and decryption scripts
shown in Section 2.11 through the following calls
EncryptForFun.py message.txt output.txt
you are likely to see the following message returned by the diff
command:
Binary files message.txt and recover.txt differ
and, yet, if you print out the contents of the two files by
cat message.txt
cat recover.txt
60
Computer and Network Security by Avi Kak Lecture 2
all in one line. (You can copy-and-paste this hex ciphertext into
your own script. However, make sure that you delete the
backslash at the end of the first line. You can also see the same
output in the file named output5.txt in the code archive for
Lecture 2.) Your job is to both recover the original quote and
the encryption key used by mounting a brute-force attack on the
encryption/decryption algorithms. [HINT: The logic used in the scripts
implies that the effective key size is only 16 bits when the BLOCKSIZE variable is set to
16. So your brute-force attack need search through a keyspace of size only 216 .]
62
Computer and Network Security by Avi Kak Lecture 2
CREDITS
.
http://jnicholl.org/Cryptanalysis/Data/EnglishData.php
That site also shows a complete digram table for all 676 pairings of
the letters of the English alphabet.
63