Professional Documents
Culture Documents
1 Symmetric
1 Symmetric
ã J. Posegga, 52
Symmetric key encryption
A B
encrypt decrypt
plaintext ciphertext plaintext
ã J. Posegga, 53
Symmetric Encryption System
random
number
key
K
generation
ã J. Posegga, 54
Cryptanalysis
ã J. Posegga, 55
Defining Security with Games
ã J. Posegga, 56
Model of Attack
ã J. Posegga, 57
Attacks
1. Cyphertext Attack
Given: eK(x1), eK(x2) …
Goal: deduce x1, x2 ,…, or K
2. Known Plaintext Attack
Given: (x1, eK(x1)), x2, eK(x2)), …
Goal: deduce K
3. Chosen Plaintext Attack
like 2, but the attacker can choose xi
4. Adaptive Chosen Plaintext Attack
can not only choose plaintext, but can modify the
plaintext based on encryption results
5. Chosen ciphertext
Attacker can chose different ciphertexts to be decrypted
and gets access to the decrypted plaintext.
ã J. Posegga, 58
Cryptographic Security
ã J. Posegga, 59
Example: Conventional Encryption
Idea:
n In case 2, adversary gets completely useless data.
n If he cannot tell this apart from correct encryptions, he cannot
do any damage in the real world (case 1) either.
ã J. Posegga, 60
Definitions
ã J. Posegga, 61
Encryption/decryption
ã J. Posegga, 62
Example
Let M = {m1, m2, m3} and C = {c1, c2, c3}. There are 3! = 6
bijections from M to C. The key space
K = {K1, K2, K3, K4, K5, K6} specifies these
transformations:
eK1 eK2 eK3
ã J. Posegga, 64
Block Ciphers vs. Stream Ciphers
Word Code
The 701
secret 5603
mischiefs 4008
that 3790
I 2879
set 0524
... ...
ã J. Posegga, 65
Caesar Cipher (n=3)
ã J. Posegga, 66
Mono-alphabetic substitution ciphers
dK(c) = (eK(x))-1
ã J. Posegga, 67
Security of such substitution
Idea:
n Map groups of letters into new groups
n Expand the alphabet (numbers, special characters)
Important:
n Try to find a mapping that results in an equal distribution of
characters; this reduces the risks of attacks based on a
letter frequency analysis
Problem:
n If an attacker gets access to plain and cipher text of
one message: Game Over....
u N.B.: The plain text is in many cases partly known
ã J. Posegga, 69
Vigenère-Cyphers
EFFENBERGEFFENBERGEFF (Key)
VORLESUNGSICHERHEITIN (plain text)
ZTWPRTYEMWNHLRSLVOXNS (cipher text)
More formally:
ã J. Posegga, 70
Attacking Vigenère
Example: length = 4
n take 1., 5., 9., etc. character and attack with a letter
frequency analysis
n Continue with 2., 6., 10., ...
ã J. Posegga, 71
One-time Pads
ã J. Posegga, 72
One-time pad
ã J. Posegga, 73
Security of the One-time Pad
ã J. Posegga, 74
Proof Sketch
0 x 0 0.5 0 0.5 · x
0 x 1 0.5 1 0.5 · x
1 1-x 0 0.5 1 0.5 · (1-x)
1 1-x 1 0.5 0 0.5 · (1-x)
ã J. Posegga, 75
Transposition Ciphers
THISI
SASIM
PLEEX à TSPAHALMISEPSIELIMXE
AMPLE
ã J. Posegga, 76
Historic Version (500 b.C.)
ã J. Posegga, 77
Composite Ciphers
But:
n Two substitutions are actually only another substitution,
n Two transpositions are actually only one transposition,
ã J. Posegga, 78
ã J. Posegga, 79
The Enigma
Position determines
the encryption key
Rotor
Display for the
cipher text Lamps
keyboard
Input of
plain text
wiring
Additional
permutations
current
ã J. Posegga, 82
The Enigma Machine: Beyond Caesar Ciphers
(Source: Andrew Hodges: Alan Turing: The Enigma; Simon and Schuster; 1983)
ã J. Posegga, 83
https://spectrum.ieee.org/the-scandalous-history-of-the-last-rotor-cipher-machine
ã J. Posegga, 84
Properties of the Enigma
ã J. Posegga, 85
Cyptanalysis of the Enigma
plus:
n The adversary spend enormous effort on breaking the scheme
(Bletchley Park, Polish Scientists)
n Lots of cipher text was available
Examples:
ã J. Posegga, 86
ã J. Posegga, 87
ã J. Posegga, 88
Loss of Machines and Code Books
ã J. Posegga, 89
Specifics of the Enigma Scheme
ã J. Posegga, 90
Block ciphers & stream ciphers
ã J. Posegga, 91
WLAN Security Threat Model
Wireless Link
User
Authentication LAN
AP Rogue AP
Fake AP
Eves dropping
2. Evesdropping
ã J. Posegga, 92
Wired Equivalence Privacy
No key management
n Shared key entered manually into
u Stations
u Access points
u Key management nightmare in large wireless LANs
ã J. Posegga, 93
Properties of Vernam Ciphers (1)
Pseudo-random
Encryption Key K number generator
Random byte b
Plaintext data byte Ciphertext data byte
Å
p c
ã J. Posegga, 94
IEEE 802.11b Encryption
XOR
Plain
Text Checksum
(CRC 32)
Data + Checksum
ã J. Posegga, 95