Week 4. Classical Encryption Techniques Week 5. Symmetric key cryptography / Block cipher design principles / Data Encryption Standard (DES)) / Triple DES (DES) Week 6. Advanced Encryption Standard (AES) / Modes of operation — [ I I I 1 Data Data snticati A confidentiality integrity atianteatiae | control, Nonrepudiation Peer entity — Data origin (See —Encipherment Data intensity ae —] Aushcntication exchanue J LLewssimaniion " . Traitic padding J {Routing controt__} { Raeeaae 1 Se 1 ‘Security Services and Mechanisms Security Service Security Mechanism + Bata Confidentiality outing controt + Datatntegrity ipherment a Data integrity +Encipherment Digital sigmazie *Authentieation exchanges + Man -supatiaaioon snigiealsignarure Data integrity syorrization| = Access control pee any There is no single mechanism that will provide all the services to overcome the last mentioned attacks. However, encipherment is the most common way of providing securityEncipherment : Overview © Cryptography - © Is usually referred to as “the study of hiding secret”. Nowadays is most attached to the definition of encryption. © Encryption: = J the process of converting plain text “unhidden “toa cryptic text “hidden’’ to intext message before transmi + Encryption uses a method and a key to convert plaintext to cipher text and cipher text back to plaintext. + The key must be kept secret + To be secure, keys must be quite long. +An interceptor cannot read the message as it flows over network. + However, the receiver knows how to decrypt (descramble) the encrypted message, making it readable again. +Encryption provides privacy, and confidentiality, + Both terms mean that messages can be transmitted without fear of being read by adversaries. *Messages can be transmitted without fear of being read by adversari Note: Whatever is to be encrypted is called the plaintext. Encryption can work with all type of data, including graphics. video, and database -_w@ Security Components All the techniques for providing security have two components: © A security-related transformation on the information to be sent e.g., encryption of the messages. © Secret information shared by the two principals, e.g., encryption key. A trusted third party may be responsible for distributing the secret information.“A Model for Network Security Principal neipal ~ Encryption: Methodology and Key ‘There are two elements : an encryption method and a key. +The encryption method specifies the mathematical process that will be used in the encryption. «In practice, it is very difficult to keep the method secret. + Methods are easy to identify because there are only a few encryption methods in use +Each encryption method uses a special string of bits called a key. *Different key values will give different results with the same encryption method *To maintain secrecy, it is necessary to keep only the key secret, not the encryption method itself. +Encryption provides confidentiality ( from x.800 security service def.) is the protection of transmitted data from passive attacks, and the protection of traffic flow from analys | Conventional Encryption conventional eneryption, also re secret key, or single key encryption. © An encryption scheme has five ingredients: = Plaintext (P): this is the original me: sneryption Algorithm (FE): performs various transformation and substitution on the plaintext + Secret Key (K): The exact substitution and transformations performs by the algorithm depends on the Key + Cipher Text (C): this is the scrambled message produced as output. It depends on the plaintext and the secret key. For a iven message, two different keys will produce two different hertexts: * Decryption Algorithm (1D): this is the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the orisinal plaintext.ential Elements of a Conventional Encryption ource for a message which produces a message in plaintext” "DT Pp P| © A key of the form: is generated at the source and is deli ered to the destination y the mean of secure channel. K [AS pe gan, © The cipher text generated by this equation: se CH= ERC) © The intended receiver, in possession of the key is able to invert the transformation BY this equation: P D(C) ie Encryption =—Conventional encryption Requirements © A strong encryption algorithm: an opponent who knows the algorithms and has access to one or more cipher text would be unable to decipher the cipher text or recover the key © Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key The security of conventional encryption depends on the secrecy of the key not the secrecy of the algorithm to enable the development of low-cost chip implementation of the algorithm © Is the process © Inrely on: = Nature of the algorithm = Some knowledge of the general characteristics of the plaintext » Some sample plaintext-ciphertext pairs. [attempting to discover the plaintext or key. Exploits the characteristics of the algorithm to attempt to deduce a speci plaintext or the key being used. Tf successful all future and past messages enerypted with that key are compromised.2- Brute-Force Attack © Try all possible keys on some ciphertext until an intelligible translation into plaintext is obtained © Onaverage half of all possible keys must be tried to achieve success. Average Time Required for Key Exchange = Key Size bit) Te ria required att eneryptionfes 2 aaa 2 ps = 358 mines 25 wnasoad s 2H <72<108 28 po = 1142 peers 1001 bows is 20% = 34108 2127 px = Se 10% yours + 108 years lise at 37108 2167 ps = 59x 108 years 59% 10% years 26 churacen Bt =4x10% 2 10% pe =6-4 x 1002 year8 64x08 yee © An encryption scheme is computationally secure if : © ‘The cost of breaking the cipher text exceeds the value of the encrypted information. © Thetime required to break the cipher exceeds the life time of the information. \@eryptography Techniques Classification Three independent classifications: |. The type of operations used for transforming plaintext to cipher text in the technique: (substitution, and transposition ) 2. The way in which the plaintext data is processed : * Block cipher (cipher one block at a time) * Stream cipher (cipher the input continuously) 3. The number of keys used ° Single key (symmetric encryption) © Two keys ( Asymmetric encryption) substitution & Transposition Téenniques _ The two ba: are substitu building blocks of all encryption techniques jon and permutation. A. Substitution tech: axe: the letters of plaintext are replaced by other letters or by numbers B. Permutation (transposition) techniques: performing some rearrangement on the plaintext letters. C. Product Cipher technique = Consider using several ciphers in succession to make it harder, like: two substitutions.== A> Substitution Techniques Substitution Encryption: A substitution cipher replaces one symbol or letter with another. Substitution ciphers can be categorized as cither monoalphabetic ciphers or polyalphabetic ciphers. In monoalphabetic substitution, the relationship between a symbol in the plaintext to a symbol in the ciphertext is always one-to-one Techniques : ze 2 4. Te Caesar cipher Mono-alphabetic Playfair Vigenere cipher esar Cipher Technique © Caesar Cipher is a special form of additive cipher (Shift cipher) with key = 3 © Each letter of the alphabet is replaced by the letter standing three places further down the alphabet: © Note that the alphabet is wrapped around, so that the letter following, abcdelghijkimnopagrstuy A. WXYZ Continue. © The important characteristics of Caesar technique: ‘The encryption and decryption algorithms are known, There are only 25 key to try which is far from security. The language of the plaintext is known Then having Caesar’s Cipher as: C= E(P) = (P+ k) mod (26) P= D(C) = (C ~ k) mod (26) Plaintext Plaintext Alice CipheriextUse the additive cipher with key = 15 to encrypt the message “hello”. cipnewent ba pe fe paper fe pape pe pe teatetote fa ets phoebe ete Seven 7 snaffle maa eas eae Teas] We apply the encryption algorithm to the plaintext, character by character: iantet Ta Tee [ae] [el]? [a ]e] [==>] e fas] =] [|= [= =] >] = Plaintext: h > 07 Encryption: (07 + 15) mod 26 Ciphertext: 22 3 W. Plaintext: © > 04 Encryption: (04 + 15) med 26 Ciphertext: 19 > T Plaintext: 1 —> 11 Encryption: (11 + 13) mod 26 Ciphertext: 00 A Plaintext: 1 —> 11 neryption: (11 + 15) mod 26. Ciphertext: 00 A Plaintext: 0 14 Encryption: (14+ 15) mod 26 Ciphertext: 03 > D ———=“— Use the additive cipher with key = 15 to decrypt the message SWTAAD®. Phintext fe Toe [a] [ee Te [=f lr fale [= [|= sp [2 oxt—falafe|p rf falas -x[e[M[Nfoprfofe[s}rlufwlwix|y| a Solution We apply the decryption algorithm to the plaintext character by characte Ciphertext: W — 22 Decryption: (22 — 15) mod 26 Plaimtext: 07 > hy Ciphentext: T > 19 Decryption: (19 ~ 15) mod 26 Plaimtext: 04 — Ciphertext: A —> 00 Decryption: (00 ~ 15) mod 26 Plaimtext: 11 —> 1 Ciphertext: A —> 00 Decryption: (00 ~ 15) Plaintext: 11 —> 1 Ciphertext: D —> 03 Decryption: (03 = 15) Plaintext: 14 0Sh Darth has intercepted the ciphertext “UVACLY FZLJIBYL™. Show how she can use a brute-force attack to break the additive cipher. Solution Darth tries keys from 1 to 26. With a key of 7, the plaintext is “not very secure”, which makes sense. Ciphertext: UVACLYPZLIBYL tuzbkxeykiaxk styajwaxjhzw) rsxzivewigyvi arwyhubvhfxuh Pavxgtaugewte opuwtszitdyst notverysecure '"2=Monoalphabetic Cip © Rather than just shifting the alphabet © Could shuffle (jumble) the letters arbitrarily © Each plaintext letter maps to a different random cipher text letter. © Hence key is 26 letters long Example: Plain text key: abcde fahiikimnoparstuvwxvz Cipher key: DKVQF IBJWPESCXHTMYAUOLRG? Lydd Plaintext ifwewishtorepiac: Cliphertext: WIRPRWAJUNYFTSDVE: ‘We can use the key below to encrypt the message this message is easy to encrypt but hard to find the key Plaintext Ciphertex The ICFVQRV VNEFVRNVSIYRGAHSLIOJICNHTIYBFGTICRXRS = IMonoalphabetic Cipher Sccurity = Now we nave a total of 261 keys ws = But would be NIWRONGE!!! = Problem is the regularities of the language“Language Redundancy and Cryptanalysis * Human languages are redundant = Letters are not equally commonly used © The English letter cis by far the most common letters, then TRNLOAS letters © Other letters are fairly rare : Z, J. K, Q. x © Key concept — mono alphabetic substitution ciphers do not change relative letter frequencies. © Discovered by Arabian scientists in 9 century. © Calculate letter frequencies for cipher text. © Compare counts against known values: | Frequency of charactersia Expl ET | S| LESTE | E 127 H ro W 23 K 0.08 T o1 R 60 F 33 7 0.02 A 32 D 43 G 20 @ Dor o 75 i a0 ¥ x our T 70 c 28 P Z Our N 67 u 28 B 5 ea M 2a v Frequency of digrams und trigrams Digram TH. HE, IN, ER, AN, RE, ED, ON_ES, ST, EN, ATO. NT HA, ND, OU, EA,NG.AS. OR TLIS. ELIT AR. TE, SE. HILO Tigra THE, ING. AND. HER, ERE, ENT. THA. NTH. WAS. ETI FOR. DTH, 7 pc SSS | Example Cryptanalysis © Given cipher text: 1929S OVUOHXMOPVGPO2 PEVSG2WS2Z0PFPESKUDBMRTSXA TS VUEPHZHMD2SHZOWS FPA SPD ISY POULWYMXUZUHSX, EPYEPOPDZ5ZUF POMBZW2 FU PZEMDIUDTMOHMQ © Count relative letter frequencies (see text) * The most common letters are P & Z and are equivalent to ¢ and / © The most common t which may be equiv: to: fhe © Proceeding with trial and error finally get: ‘igram (three letter combination) is ZW ent to th and hence 2 1/7 is equivalent it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscowDarth has intercepted the fol attack for an additive cipher, find the plaintext. XLILSYWIMWRSAIJSV WEPUS VISY VQMPPMSRHSPPEVWMXMWASVX-LQSVILY- VVCFISVIXLIWIPPIVVIGIMZIWOSVISJITVW Solution When Darth tabulates the frequency of letters in this ciphertext, he gets: I =14, V =13, S =12, and so on. The most common character is I with 14 occurrences. This means key = 4. now for sale for four million dollars it is worth more hurry before the seller receives more offers —S@=Playtair Cipt ae the house © Not even the large number of keys in a mono-alphabetic cipher provides security © One approach to improving security was to encrypt multiple letters. © The Playfair Cipher is an example , invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair . Playfair Key Matrix © A5XS matrix of letters based on a keyword is prepared M |O |N JA R © eg. using the keyword MONARCHY © Fill in letters of the keyword (start from top left, if keyword contain repeated letters, do not iE F repeat letters and write cach letter once) © Fill the rest of matrix with C Pp other letters (except keyword letters and in ascending alphabetic order, I/J share same |p VV cell) s/o log oa 4Lr ‘ypting an © Plaintext is divided into letter pairs and encrypted two letters at a time: eg. computer co mp ut er + if pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba Ix lo on’ + Inspect the matrix, if both letters in the pair fall in the same row of the matrix, replace each with letter to right (wrapping back to start from end), eg. “ar” encrypts as "RM" + If both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu” encrypts to "CM" + Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea” to "IM" or "JM" Security of the Playfair Ciphér © Security much improved over moncalphabetic since it has 26 x 26 = 676 digrams © Would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic) and correspondingly more ciphertext © Was widely used for many years (eg. US & British military in WW1) © It can be broken, given a few hundred letters since still has much of plaintext structure Matrix 6X6 contain all alphabetic letters and the numbers 0 to 9 (| and J have their ow cells), works in the same way as before © Ex: Enerypt and Decrypt the word “MATRIX2014™ where the keyword is :” ENJOY LIFE” * MA —->kb * TR us \kbusg43ix7 — dec. + abedefghi jkimnopgrs tuvwxyZ01234567399