# Goals of this lecture

:

to introduce basic concepts & terminology of encryption to prepare us for studying modern cryptography

SCYTALE , is an example for a really old tech that was used to cipher (encrypt) information . The concept of operation is so simple . Get a long strip of leather and wind it over a rode like the picture , write the clear data on the leather over the rod and then unwind it . h l h h d d h i di

“ HELP ME I AM UNDER ATTACK “ will be "HENTEIDTLAEAPMRCMUAK“ , and it totally depends on the diameter of the rod , which is the key to decipher the message .

Plaintext: original message to be encrypted Ciphertext: the encrypted message Enciphering or encryption: the process of converting plaintext into ciphertext Encryption algorithm: performs encryption oTwo inputs: a plaintext and a secret key

3

Deciphering or decryption: recovering p g yp g plaintext from ciphertext Decryption algorithm: performs decryption oTwo inputs: ciphertext and secret key Secret key: same key used for encryption and decryption oAlso referred to as a symmetric key y y 4 .

Cipher or cryptographic system : a scheme p yp g p y for encryption and decryption Cryptography: science of studying ciphers Cryptanalysis: science of studying attacks against cryptographic systems i t t hi t Cryptology: cryptography + cryptanalysis 5 .

y p y Symmetric cipher: same key used for encryption and decryption oBlock cipher: encrypts a block of plaintext at p yp p a time (typically 64 or 128 bits) oStream cipher: encrypts data one bit or one byte at a time Asymmetric cipher: different keys used for encryption and decryption 6 .

or conventional / secret-key / single-key sender and recipient share a common key all classical encryption algorithms are symmetric The Th only type of ciphers prior to the l f i h i h invention of asymmetric-key ciphers in 1970’s 1970 s by far most widely used 7 .

only Bob can decipher with his secret key (shared w/ Alice) .Goal: Confidentiality Alice Ali “My account number is 485853 and my PIN is 4984 4984” Bob Eve Message “sent in clear”: Eve can overhear Encryption unintelligible to Eve.

Notations mathematically: Y = EK(X) X = DK(Y) or or Y = E(K. Y) X = plaintext Y = ciphertext K = secret key E = encryption algorithm D = decryption algorithm D i th i f is the inverse of E Both E and D are known to public p 9 . X) X = D(K.

Alice M EK1(M) K1 C DK2(C) K2 M Bob M – message K1 – encryption key EK1(M) – message M is encrypted using key K1 C – ciphertext K2 – decryption key DK2(C) – ciphertext C is decrypted using key K2 If K1=K2 this is symmetric i (secret key) encryption If K1≠K2 this is asymmetric (public key) encryption .

Alice 1. Construct m 2.k) 3. Eve can see c. Compute c= F(m. Receive c from Alice 5.k) 6 m=d 6.Alice encrypts (algorithm F) a message (m) y with the same key (k) that Bob uses to decrypt. but cannot compute m because k is only known to Alice and Bob . Send c to Bob Bob c 4. Compute d=F-1(c.

key Two general approaches: obrute-force attack onon-brute-force attack (cryptanalytic attack) 12 . more typically.Objective: to recover the plaintext of a ciphertext or. to recover ll the secret key. Kerkhoff’s principle: the adversary knows all details about a cryptosystem except the secret key.

2 × 1016 72 2128 = 3.9 × 1030 years 6.8 minutes = 1142 years = 5.4 × 106 years 2 × 1026 µs = 6. need to try half of all possible keys average Time needed proportional to size of key space Key Size (bits) K Si (bit ) 32 56 128 168 26 characters (permutation) Number f N b of Alternative Keys 232 = 4.4 × 1038 2168 = 3. On average.15 milliseconds 10.01 10 01 hours 5.3 × 109 256 = 7.4 × 1018 years 5.4 × 1012 years 13 .4 × 1024 = 5.7 × 1050 26! = 4 × 1026 Time required at 1 Ti i d t decryption/µs 231 µs 255 µs 2127 µs years 2167 µs years = 35.9 × 1036 Time required at 106 Ti i d t decryptions/µs 2.Try every key to decipher the ciphertext.

y y May be classified by how much information needed by the attacker: oCiphertext-only attack Ciphertext only oKnown-plaintext attack oChosen-plaintext attack Chosen plaintext oChosen-ciphertext attack 14 .

tt k 15 .Given: a ciphertext c Q: what is the plaintext m? An encryption scheme is completely insecure if it cannot resist ciphertext-only attacks.

Alice M EK(M) K C DK(C) K M Bob Eve Cyphertext-only attack: C h t t l tt k Eve can gather and analyze C’s to learn K How does Eve know she got the right key? g g y Eve has to have enough ciphertext .

….c2). Q: what is the plaintext of new ciphertext c? f Q: h is h Q what i the secret k in use? key i ? 17 .c1). (m2.Given: (m1.ck) and a new ciphertext c. (mk.

Alice M EK(M) K C DK(C) K M Bob Eve Known-plaintext attack: Eve can attempt to learn K by observing many ciphertexts C for known messages M How does Eve obtain the plaintext? .

(mk. mk are chosen by the adversary.Given: (m1.c1).c2). where c ) c ) c) m1. or what is the p . ….ck). secret key? 19 . m2. Q Q: what is the plaintext of c. and a new ciphertext c. (m2. ….

Alice M EK(M) K C DK(C) K M Bob Mallory Chosen-plaintext attack: Mallory can feed chosen messages M into encryption algorithm and look at resulting ciphertexts C. Assumption is that extremely few messages M can produce same C. Learn either K or messages M that produce C. .

AF . US intercepted a Japanese ciphertext saying th t “AF” was l t that low on water. US Navy cryptanalysts discovered that Japan was planning an attack on “AF”. 21 . They believed that “AF” means Midway island. didn’t so US forces in Midway sent a plain message that their freshwater supplies were low low.In 1942. This proved that “AF” is Midway. Pentagon didn t think so. Shortly.

Q: what is the plaintext of c.Given: (m1. and a new ciphertext c. ck are chosen by the adversary. (m2. (mk.c2).c1). where c1. ….ck). or what is the secret key? 22 . c2. ….

Alice

M

EK(M) K

C

DK(C) K

M

Bob

Man-in-the-middle attack: o Mallory can substitute messages o Mallory can modify messages o So that they have different meaning o So that they are scrambled oMallory can drop messages l o M ll Mallory can replay messages t Ali to Alice, B b or Bob the third party

Mallory

Alice

M

EK(M) K

C

DK(C) K

M

Bob

Eve

Brute-force attack: Eve has caught a ciphertext and will try every possible key to try to decrypt it. This can be made infinitely hard by choosing a large keyspace. y p

Plaintext is viewed as a sequence of elements (e.g., bits or characters) l ( bi h ) Substitution cipher: replacing each element of the plaintext with another element. Transposition (or permutation) cipher: rearranging the order of the elements of the plaintext. Product cipher: using multiple stages of substitutions and transpositions
25

Substitution oGoal obscure relationship bet een Goal: obsc re between plaintext and ciphertext oSubstitute parts of plaintext with parts of ciphertext i h Transposition (shuffling) oGoal: dissipate redundancy of the plaintext by spreading it over ciphertext oThis way changing one bit of plaintext affects many bits of the ciphertext (if we have rounds of encryption) .

g. K=3) • Plain: abcdefghi j k lmnopqrst uvwxyz Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C p Example: ohio state HELLO b becomes KHOOR RKLR VWDWH 27 .Earliest known substitution cipher Invented by Julius Caesar Each letter is replaced by the letter K positions further down the alphabet. (e.

x. 28 . ...Mathematically. 24. map letters to numbers: a. b. c. 25 Then the general Caesar cipher is: c = EK(p) = (p + k) mod 26 d p = DK(c) = (c – k) mod 26 Can be generalized with any alphabet. 23... y.. z 0.. 2. 1. .

. K would be our key How can we break this cipher? o Vulnerable to brute-force attacks. 25} Instead of using number k=3 we could use I d f i b k 3 ld k ∈[1..Key space: {0.g. E..25].. . break ciphertext "UNOU YZGZK“ Need to recognize it when have the plaintext What if the plaintext is written in Swahili? 29 . 1.

o HELLO becomes AMKKY b Monoalphabetic: each character is replaced p p with another character How can we break this cipher? frequency of symbols stays the same and f f b l h d can be used to break the cipher . E is M.Z) : for example. This is monoalphabetic cipher..We can also choose a mapping for each letter W l h i f h l tt (A . (H is A.. This mapping would be our key. O is Y). L is K.

Shuffle the letters and map each plaintext letter to a d ff l different random ciphertext l d h letter: Plain letters: ab cd efghi jk lmno pq r s t uvw xyz Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN p Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA What does a key look like? 31 .

32 . it is secure against brute-force attacks brute force attacks. k Problem is language characteristics. But not secure against some cryptanalytic attacks.Now we have a total of 26! = 4 x 1026 keys. keys With so many keys.

J. i b far th I E li h E is by f the most common t letter.Human languages are not random. A. R. I. followed by T. N. In English. O. Letters are not equally frequently used. X are fairly rare. Other letters like Z. double & triple g . There are tables of single. S. Q. K. p letter frequencies for various languages 33 .

34 .

… Triple letters: the and ent ion tio for nde. … 35 .In decreasing order of frequency Double letters: th he an in er re es on.

we ocalculate letter frequencies for ciphertext ocompare this distribution against the known one 36 .Key concept: omonoalphabetic substitution does not change relative letter frequencies To attack.

ZW has highest frequency. Z} = {e. t} Of double letters. so guess ZW = th and h f d hence ZWP = the Proceeding with trial and error finally get: g yg it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ 37 .Given ciphertext: Count relative letter frequencies (see next page) Guess {P.

83 5.33 8 33 8.P Z S U O M 13.67 1 67 0.50 2 50 2.17 4 17 4.67 8.83 0.33 3.33 2.33 7.00 0 00 0.50 7 50 6.67 B G Y I J 1.00 38 .00 0 00 0.83 0 83 C K L N R 0.67 H D E V X 5.67 1.50 1 67 1.00 5 00 5.00 0.17 F W Q T A 3.33 11.67 1.00 4.00 0.

but named after his friend Baron Playfair.Not even the large number of keys in a p p y monoalphabetic cipher p provides security. y 39 . yp p The Playfair Cipher is the best known such cipher. One approach to improving security is to encrypt multiple letters at a time. p Invented by Charles Wheatstone in 1854.

matrix Fill in letters of the key (w/o duplicates). E. M C E L U O H F P V N Y G Q W A B I/J S X R D K T Z 40 .. Fill the rest of matrix with other letters letters. key = MONARCHY.g.Use a 5 x 5 matrix.

Plaintext is encrypted two letters at a time. each letter is replaced by the letter in the same row but in the column of the other letter of the pair. Otherwise. insert filler like 'X’. b th l tt f ll i th 2 If both letters fall in the same row. 2. 1. replace each l h with the letter to its right (circularly). replace each with the the letter below it (circularly). 4. 3. 41 . If both letters fall in the same column. If a pair is a repeated letter.

l h b ti i h Was widely used for many decades oeg. l h b f h Security is much improved over the simple monoalphabetic cipher. because it still leaves some structure of plaintext intact.Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters. b US & British military in WW1 and early WW2 by S h l d l 2 Once thought to be unbreakable. Actually. it can be broken. 42 .

Keyword “Infosec” I/J E G P V N C H Q W F A K R X O B L T Y S D M U Z 43 .

Rules recall: oGroup plaintext letters two at a time oSeparate repeating letters with an x oT k a pair of l Take i f letters f from plaintext l i oPlaintext letters in the same row are replaced by letters t th right (cyclic manner) l tt to the i ht ( li ) by letters below (cyclic manner) oPlaintext letters in the same column are replaced oPlaintext letters in different row and column are replaced by the letter in the row corresponding to the column of the other letter and vice versa 44 .

g. the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the same rules as for encryption 45 .E.. Plaintext: “CRYPTO IS TOO EASY” Keyword is “INFOSEC” Grouped text: CR YP TO IS TO XO EA SY Ciphertext: AQ VT YB NI YB YF CB OZ To decrypt.

Each plaintext letter has multiple corresponding ciphertext letters. Mk) is used in turn to encrypt letters.. .A sequence of monoalphabetic ciphers (M1. M2. M3. A key d t k determines which sequence of i hi h f ciphers to use. This makes cryptanalysis harder since the letter frequency distribution will be flatter. 46 ...

47 . Cr. security Encrypt each letter using Cs. Decryption simply works in reverse. Cc..g. Ct. Cc. Repeat from start after Cy.. Ce. Cz } Key: e. E hl i Ci. Cb. Cy in turn. .. Cu.Simplest and most common polyalphabetic substitution cipher Consider the set of all Caesar ciphers: { Ca.

.

.E.g. Message = SEE ME IN MALL Take keyword as INFOSEC Vigenère cipher works as follows: SEEMEI NMALL INFOSEC I NFO ------------------------------------ARJAWMPUNQZ 49 .

To decrypt. the receiver places the keyword characters below each ciphertext character h b l h i h h Using the table. choose the row table corresponding to the keyword character and look for the ciphertext character in that row Plaintext character is then at the top of that column 50 .

51 ..Decryption of ciphertext: A RJ AWMPUNQZ I NFO S EC I NFO ---------------------------------S E EMEIN MALL Best feature is that same plaintext character is substituted by different ciphertext characters (i e polyalphabetic) (i.e.

Keyword: deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ 52 .

etc. 53 . are encoded by the same cipher. Plaintext letters at positions k. So. Attack each individual cipher as before. the cipher consists of N Caesar 3. 3N+k. To break Vigenere cipher: 1. N+k..There are multiple (how many?) ciphertext letters corresponding to each plaintext letter letter. 1 Try to guess the key length How? length. If key length is N. 2N+k. letter frequencies are obscured but not totally lost. ciphers. 2.

repeated “VTW” in the previous example suggests a key length of 3 or 9: i h ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ Of course. In our example. 54 . the repetition could be a random fluke.Main idea: Plaintext words separated by multiples of the key length are encoded in the same way. So look at the ciphertext for repeated p p p patterns. E. if plaintext = “…thexxxxxxthe…” then “the” will be encrypted thexxxxxxthe the to the same ciphertext words.g.

K = 263 =17. l h Widely used in WW2. Used U d a series of rotating cylinders. With 3 cylinders. 6 0 What is a key? o If the adversary has a machine o If the adversary d th d doesn’t h ’t have a machine hi 55 .Before modern ciphers. K = 265 =12 x 106. rotor machines were most common complex ciphers in use.576. i f i li d Implemented a polyalphabetic substitution cipher of period K. With 5 cylinders. t cy de s.

56 .

57 .

58 .

59 .

Also called permutation ciphers. without altering the actual letters used. Example: Row Transposition Ciphers 60 . Shuffle the plaintext.

Plaintext is written row by row in a rectangle. Key: 3 4 2 1 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a mx y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ 61 . Ciphertext: write out the columns in an order specified by a key.

62 .Uses a sequence of substitutions and transpositions oHarder to break than just substitutions or t a spos t o s transpositions This is a bridge from classical to modern ciphers.

space) the attacker has.g. A cipher is computationally secure if the best algorithm for breaking it will require so much resources (e. 1000 years) th t h ( ) that practically the cryptosystem is secure. All the ciphers we have examined are not unconditionally secure.A cipher is unconditionally secure if it is secure no matter how much resources (time.. 63 .

64 . used one-time only) y ( . y • Plaintext = m1m2m3m4 K • Ciphertext = c1c2c3c4 K where ci = mi ⊕ ki • Can be proved to be unconditionally secure.Vernam’s one-time pad cipher • Key = k1k2 k3k4 K (random.

.g.g g Hide a message in another message. hide your plaintext in a graphic image oEach pixel has 3 bytes specifying the RGB color p y p y g oThe least significant bits of pixels can be changed w/o greatly affecting the image quality oSo can hide messages in these LSBs Advantage: hiding existence of messages D b k high h d Drawback: hi h overhead 65 . E.

7200) pixel image. • Using 4 LSBs.200 characters LSB.800 characters. 115 200 • Using only 1 LSB can hide 115. 66 .• Take a 640x480 (=30. can hide 460.

Blockade issue affect pretext for embargo on by products. neutral’s protest is thoroughly A utral s discounted and ignored.An actual message from a German spy oread second letter in each word “Apparently. Isman hard hit.” “Pershing Sails from NY June 1” 67 . ejecting suets and vegetable oils.

Have considered: oclassical cipher techniques and terminology omonoalphabetic substitution ciphers ocryptanalysis using letter frequencies oPlayfair cipher opolyalphabetic ciphers otransposition ciphers oproduct ciphers and rotor machines ostenography 68 .

D.C. Julius Caesar uses cryptographic technique 400 A.50 B. Kama Sutra in India mentions yp g p q cryptographic techniques 1250 British monk Roger Bacon describes simple ciphers 1466 Leon Alberti develops a cipher disk 1861 U i i h during Union f forces use a cipher d i Civil War 69 .

Father of U.1914 1917 1917 1919 World War I – British. and German forces use encryption technology William Friedman. French.S. encryption efforts starts a school ff h l for teaching cryptanalysis in Illinois AT&T employee Gilbert Vernam invents polyalphabetic cipher G l hi Germans d develop th E i the Engima machine for encryption 70 .

1937 1942 1948 1976 1976 1977 key Japanese design the Purple machine for encryption Navajo windtalkers help with secure communication during World War II Claude Shannon d l d h develops statistical l l methods for encryption/decryption IBM develops DES Diffie – Hellman develop public key / private key cryptography Ri t Shamir Adleman d l Rivest – Sh i – Adl develop th the RSA algorithm for public key / private 71 .

72 . Ciphers. Domain of Protection. Intrusion Detection Systems.y Outline Syllabus oConcept of Secure Computing. Defenses Defining Security Policy Classical Policy. Middleware. Databases). Holes Application Security (Web e-mail (Web. Viruses. Attacks and Defenses. and Digital Rights Management. Privacy. e mail. Protection. Encryption and Decryption. Secure Protocols Security of Middleware Software Protocols. Social Engineering. Symmetric and Asymmetric Ciphers. Operating System Holes. Web Security and Wireless Network Security.