Professional Documents
Culture Documents
LECTURE 3
Computer and Information
Security Fundamentals
(CSE 2203)
SEMESTER II (2021 -2022)
- Tutorial 3 Presentations –
next week (5%)
- Assignment 1 (10%)
- Write up due
April 21st, 2022
- BONUS MARKS!!! Up to 5% for
participation in the Online
Tutorial Forum
practical security
● Discuss the methods of substitution and transposition when
and Asymmetric
(Martin, 2009)
a) ciphertext
b) Secret-text
c) Plaintext
d) None of the above
http://novella.mhhe.com/sites/844815617x/student_view0/chapter30/multiple_choice_quiz.html
a) Symmetric-key
b) Asymmetric-key
c) Both a) and b)
d) Neither a) nor b)
http://novella.mhhe.com/sites/844815617x/student_view0/chapter30/multiple_choice_quiz.html
Interception
Interruption
• Blocking msgs
Modification
Fabrication
“A threat is blocked by control of a vulnerability”
[Pfleeger & Pfleeger]
[cf. B. Endicott-Popovsky, U. Washington]
[Lilien, 2007]
[Lilien, 2007]
[Lilien, 2007]
DECRYPTION original
hostile ciphertext DECODING plaintext
environment C DECIPHERING P
[Lilien, 2007]
D
LECTURE 3 / CSE2203 / 2022 / Lecturer: Sandra Khan
Keyed Cryptosystem
The University of Guyana
Faculty of Natural Sciences
Encryption Decryption
KE KD
Key Key
P C P
E D
◼ C = E(KE, P)
◼ E = set of encryption algorithms / KE selects Ei E
◼ P = D(KD, C)
◼ D = set of decryption algorithms / KD selects Dj D
• Asymmetric cryptosystems: KE ≠ KD
• A.k.a. a public key system
• Encipher and decipher using different keys [Lilien, 2007]
• Computationally infeasible to derive one key from other
LECTURE 3 / CSE2203 / 2022 / Lecturer: Sandra Khan
Theoretical vs Practical
The University of Guyana
Faculty of Natural Sciences
Security
• Theoretically, it is possible to devise
unbreakable cryptosystems
• Based on Shannon’s theory of information
• Practical cryptosystems almost always are
breakable, given adequate time and computing
power
• The trick is to make breaking a cryptosystem
hard enough for the intruder
[Lilien, 2007]
Cryptanalysts goals:
• Break a single msg
• Recognize patterns in encrypted msgs, to be able to break the
subsequent ones
• Infer meaning w/o breaking encryption
• Unusual volume of msgs between enemy troops may indicate a coming attack
• Busiest node may be enemy headquarters
• Deduce the key, to facilitate breaking subsequent msgs
• Find vulnerabilities in implementation or environment of an
encryption algorithm
• Find a general weakness in an encryption algorithm [Lilien, 2007]
Cryptanalyst approaches
1)Ciphertext-only attack
• All that the cryptanalyst has is ciphertext
• See cryptanalysis of Caesar’s cipher, columnar transposition cipher
Cryptanalyst approaches
4)Chosen plaintext attack
• Analyst able to fabricate encrypted msgs
• Then observe effects of msgs on adversary’s actions
• This provides further hints
Operations on letters:
A + 2 = C
X + 4 = B(circular!)
[Lilien, 2007]
...
LECTURE 3 / CSE2203 / 2022 / Lecturer: Sandra Khan
Basic Types of Ciphers
The University of Guyana
Faculty of Natural Sciences
Substitution ciphers
• Letters of P replaced with other letters by E
Product ciphers
• E = ” E1 “+” E2 “+” ... “+” En
• Combine two or more ciphers to enhance the security of the
cryptosystem
[Lilien, 2007]
...
LECTURE 3 / CSE2203 / 2022 / Lecturer: Sandra Khan
Substitution Ciphers
The University of Guyana
Faculty of Natural Sciences
Substitution ciphers:
• Letters of P replaced with other letters by E
[Lilien, 2007]
[Lilien, 2007]
n-char key
[Lilien, 2007]
...
Example:
A B C D E F G H I J K L M
Key1: a d g j m p s v y b e h k
Key2: n s x c h m r w b g l q v
N O P Q R S T U V W X Y Z
Key1: n q t w z c f i l o r u x
Key2: a f k p u z e j o t y d i
◼ Answer:
Key1 – start with ‘a’, skip 2, take next, skip 2, take next letter, ... (circular)
Key2 - start with ‘n’ (2nd half of alphabet), skip 4, take next, skip 4,
take next, ... (circular) [Lilien, 2007]
◼ Example
Key:
EXODUS
Plaintext P:
YELLOW SUBMARINE FROM YELLOW RIVER
Extended keyword (re-applied to mimic words in P):
YELLOW SUBMARINE FROM YELLOW RIVER
EXODUS EXODUSEXO DUSE XODUSE XODUS
Ciphertext:
cbxoio wlppujmks ilgq vsofhb owyyj
▪ Question: How derived from the keyword and
the Vigenère tableaux? [Lilien, 2007]
◼ Example
...
Extended keyword (re-applied to mimic words in P):
YELLOW SUBMARINE FROM YELLOW RIVER
EXODUS EXODUSEXO DUSE XODUSE XODUS
Ciphertext:
cbxoio wlppujmks ilgq vsofhb owyyj
▪ Answer:
c from P indexes row
c from extended key indexes column
e.g.: row Y and column e → ‘c’
row E and column x → ‘b’
row L and column o → ‘z’
... [Lilien, 2007]
◼ One-Time Pad:
◼ Large, nonrepeating set of long keys on pad sheets/pages
◼ Sender and receiver have identical pads
◼ Example:
◼ 300-char msg to send, 20-char key per sheet
[Lilien, 2007]
=> use & tear off 300/20 = 15 pages from the pad
LECTURE 3 / CSE2203 / 2022 / Lecturer: Sandra Khan
One-time Pads
The University of Guyana
Faculty of Natural Sciences
◼ Example – cont.:
▪ Encryption:
▪ Sender writes letters of consecutive 20-char keys above the
letters of P (from the pad 15 pages)
▪ Sender enciphers P using Vigenère Tableaux (or other pre-
arranged chart)
▪ Sender destroys used keys/sheets
▪ Decryption:
▪ Receiver uses Vigenère Tableaux
▪ Receiver uses the same set of consecutive 20-char keys
from the same 15 consecutive pages of the pad
▪ Receiver destroys used keys/sheets [Lilien, 2007]
◼ Note:
◼ Effect: a key as long as the message
◼ If only key length ≤ the number of chars in the pad
◼ The key is always changing (and destroyed after use)
◼ Weaknesses
◼ Perfect synchronization required between S and R
◼ Intercepted or dropped messages can destroy synchro
◼ Vernam Cipher
◼ = (lttr + random nr) mod 26
◼ Need (pseudo) random nr generator
◼ E.g., V = 21; (V +76) mod 26 = 97 mod 26 = 19; 19 = t
◼ Book Ciphers
◼ Book used as a pad
◼ need not destroy – just don’t reuse keys
◼ Use common Vigenère Tableaux
◼ Details: textbook
◼ Incl. example of breaking a book cipher
◼ Bec. distribution not flat [Lilien, 2007]
[Lilien, 2007]
▪ Attack procedure:
▪ If 1-gram frequencies in C match their freq’s in English but other n-gram freq’s
in C do not match their freq’s in English, then it is probably a transposition
encryption
▪ Find n-grams with the highest frequencies in C
▪ Start with n=2
▪ Rearrange substrings in C to form n-grams with highest freq’s
[Lilien, 2007]
◼ Substitution
◼ C hides chars of P
◼ If > 1 key, C dissipates high frequency chars
◼ Transposition
◼ C scrambles text => hides n-grams for n > 1
◼ Product ciphers
◼ Can do all of the above
Diffusion (Transposition)
• Order of the letters is rearranged
• Basis for some widely used commercial-grade encryption algorithms
• Goal - widely spread the information from the message or the key
across the ciphertext (diffusion)
• Also known as permutation (rearrangement of symbols of a message)
Confusion (Substitution)
• As against, diffusion which can be achieved
through using transpositional techniques.
Block ciphers rely on confusion as well as diffusion
while stream cipher only uses confusion.
[Lilien, 2007]
[Lilien, 2007]
Required Readings:
Recommended Reading(s)
Stallings, W. (2007). Network security essentials: applications
and standards. Pearson Education India.
https://www.sans.org/security-resources/glossary-of-terms/
Department of Computer Science / CSE2203 / 2022 / Lecturer: Sandra Khan
The University of Guyana REFERENCES
Faculty of Natural Sciences