22
Chapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected] A. Cryptography Topic List: 1. Introduction to Cryptography 2. Substitution Ciphers 3. Transposition Ciphers 4. One-Time Pads 5. Two Fundamental Cryptographic Principles Need for Security: Some people who cause security problems and why. 1. Introduction: Cryptography • Network security problems can be divided roughly into four closely intertwined areas: secrecy, authentication, Non-repudiation, and integrity control. • Secrecy: Confidentiality, keeping information out of hands of unauthori zed users. • Authentication: Determine whom you are talking to before revealing sensitive information. • Non-repudiation: Deals with signatures. How would u prove that customer placed an order. What if he deny later? • Integrity Control: Finally, how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified at transit? • Cryptography comes from the Greek words for ''secret writing.'‘ Encryption + Decryption = Cryptography. • Types: Cipher : cipher is a character-for-character or bit-for-bit transformation, without regard to the linguistic structure of the message. Code : a code replaces one word with another word or symbol. • Used with U.S. Armed forces during World War II in Pacific against Japan.

A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected] A. Cryptography

  • Upload
    ngoanh

  • View
    224

  • Download
    7

Embed Size (px)

Citation preview

Page 1: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

A. Cryptography Topic List: 1. Introduction to Cryptography

2. Substitution Ciphers

3. Transposition Ciphers

4. One-Time Pads

5. Two Fundamental Cryptographic Principles

Need for Security:

Some people who cause security problems and why.

1. Introduction: Cryptography • Network security problems can be divided roughly into four closely intertwined areas:

– secrecy,

– authentication,

– Non-repudiation, and

– integrity control.

• Secrecy: Confidentiality, keeping information out of hands of unauthorized users.

• Authentication: Determine whom you are talking to before revealing sensitive information.

• Non-repudiation: Deals with signatures. How would u prove that customer placed an order. What if he

deny later?

• Integrity Control: Finally, how can you be sure that a message you received was really the one sent and

not something that a malicious adversary modified at transit?

• Cryptography comes from the Greek words for ''secret writing.'‘

Encryption + Decryption = Cryptography.

• Types:

– Cipher : cipher is a character-for-character or bit-for-bit transformation, without regard to the

linguistic structure of the message.

– Code : a code replaces one word with another word or symbol.

• Used with U.S. Armed forces during World War II in Pacific against Japan.

Page 2: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

2 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• U.S broke Japanese code but the Japanese never broke Navajo code(Cipher and Code) which played a

crucial role in American victories in Pacific.

• Four group of people contributed to cryptography: the military, the diplomatic corps, diarists, and

lovers.

• The messages to be encrypted, known as the plaintext, are transformed by a function that is

parameterized by a key.

• The output of the encryption process, known as the cipher-text, is then transmitted, often by

messenger or radio.

• We assume that the enemy, or intruder, hears and accurately copies down the complete cipher-text.

• But, he does not know what the decryption key is and so cannot decrypt the ciphertext easily.

• Intruder is needed to break this code.

• The art of breaking ciphers, called cryptanalysis, and the art devising them (cryptography) is

collectively known as cryptology.

• What is the relation between plaintext, ciphertext, and keys? See next fig.

• We will use C = EK(P) to mean that the encryption of the plaintext P using key K gives the ciphertext C.

• Similarly, P = DK(C) represents the decryption of C to get the plaintext again.

Dk(Ek(P)) = P

• Secrecy lies exclusively in the keys is called Kerckhoff's principle, named after the Flemish military

cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883).

• Kerckhoff's principle: All algorithms must be public; only the keys are secret.

• Trying to keep the algorithm secret is known in the trade as security by obscurity.

• The longer the key, the higher the work factor the cryptanalyst has to deal with.

• Newspaper cryptograms could be broken trivially if the cryptanalyst were allowed to ask such

questions as: What is the encryption of ABCDEFGHIJKL?

• Encryption Methods:

– Substitution Ciphers

– Transposition Ciphers

An Introduction to Cryptography

• The encryption model (for a symmetric-key cipher) is shown in the figure.

Page 3: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

3 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

2. Substitution Cipher • In a substitution cipher each letter or group of letters is replaced by another letter or group of letters

to disguise it.

• Caesar Ciphers:

– One of the oldest known ciphers is the Caesar cipher, attributed to Julius Caesar.

– In this method,

• a becomes D,

• b becomes E,

• c becomes F,

• ... , and

• z becomes C.

– For example, ‘attack’ becomes ‘DWWDFN’.

– Plaintext will be given in lower case letters, and ciphertext in upper caseletters.

– Caesar cipher allows the ciphertext alphabet to be shifted by k letters, instead of always 3.

– In this case k becomes a key to the general method of circularly shifted alphabets.

– Disadvantage: Can’t fool everyone. Easy to convert to plaintext. Predictable key.

• Mono-alphabetic substitution:

– The next improvement is to have each of the symbols in the plaintext, say, the 26 letters for simplicity,

map onto some other letter.

– For example,

– plaintext:

a b c d e f g h i j k l m n o p q r s t u v w x y z

– ciphertext:

Q W E R T Y U I O P A S D F G H J K L Z X C V B N M

– The general system of symbol-for-symbol substitution is called a mono-alphabetic substitution

– key being the 26-letter string corresponding to the full alphabet.

– ‘attack’ would be transformed into the cipher text ‘QZZQEA’.

– 26! = 4 x 1026 possible keys can be used.

– Even at 1 nsec per solution, a computer would take 1010 years to try all the keys.

– Disadvantage:

• How to carry 26 lettered key? CD? Written? How? Risky.

• Predicting is possible.

• e is the most common letter, followed by t, o, a, n, i, etc.

• The most common two-letter combinations, or diagrams, are th, in, er, re, and an.

• The most common three-letter combinations, or trigrams, are the, ing, and, and Ion.

– Conclusion? If ‘thYt’ stands for that, means ‘a’ has code ‘Y’. substitution of ‘Y’ to ‘a’ would predict

many digraphs and trigraphs such as ‘aWZ’ stands for ‘and’. Cryptanalyst would try hard, he can predict

the key.

Page 4: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

4 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

3. Transposition Ciphers

• Transposition cipher reorder the letters but do not disguisethem.

• The cipher is keyed by a word or phrase not containing any repeated letters.

• In this example, MEGABUCK is the key.

• The purpose of the key is to number the columns.

• Plaintext is written horizontally, in rows, padded to fill the matrix if need be.

• The ciphertext is read out by columns, starting with the column whose key letter is the lowest.

• Every letter represents itself, keeping the frequency distribution intact.

• How to break the cipher as cryptanalyst?

– Suppose ‘million dollars’ occurs somewhere in message.

– Observes digrams MO, IL, LL, LA, IR by wrapping around.

– For k columns, k(k-1) columns can be examined.

• Advantage: tough to determine the column sequence.

4. One-Time Pad • Step 1: First choose a random bit string as the key.

• Step 2: Then convert the plaintext into a bit string, for example by using its ASCII representation.

• Step 3: Finally, compute the XOR (eXclusive OR) of these two strings, bit by bit.

• Bit based computation. And so....

• This method, known as the one-time pad, is immune to all present and future attacks no matter how

much computational power the intruder has.

• Disadvantage:

– the key cannot be memorized, so both sender and receiver must carry a written copy with them.

– total amount of data that can be transmitted is limited by the amount of key available.

– Sensitivity is lost, If the sender and receiver get out of synchronization, all data from then on will

appear garbled.

• Solution?

Page 5: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

5 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• Quantum Cryptography.

One-Time Pads

• The use of a one-time pad for encryption and the possibility of getting any possible plaintext from the

cipher text by the use of some other pad.

Quantum Cryptography • Alice and Bob wants to communicate who is also known as the Principals.

• Trudy (Jealous) is intruder.

• This algorithm is called BB84 (Bennet & Brassard, 1984)

• Quantum cryptography is based on fact that light comes in little packets called Photons.

• Photons can be polarized using polarizing filters.

• After passing through second filter, intensity of light is proportional to square of cosine of angle

between axes.

• To generate one-time pad, Alice needs two sets of polarizing filters.

• Two filters, vertical and horizontal is called rectilinear basis.

• Two filters running 45 degrees is called diagonal basis.

• To transform original one time pad to different one for Trudy’s misinterpretation is called privacy

amplification.

• See bit 7, 10, 11, 14.

• Observe next figure.

Page 6: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

6 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

5. Two Fundamental Cryptography Principles 1. Redundancy

Cryptographic principle 1: “Messages must contain some redundancy”

• User large size of message

• Use CRC, Cryptographic Hash, Hamming Code for error detection and correction.

2. Freshness

Cryptographic principle 2: “Some method is needed to foil replay attacks”

• Include timestamp in every message.

• Suppose after 10 sec, message must be thrown out of the network.

B. SYMMETRIC-KEY ALGORITHMS (Topic List:) 1. DES –The Data Encryption Standard

2. AES –The Advanced Encryption Standard

3. Cipher Modes

4. Other Ciphers

5. Cryptanalysis

Page 7: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

7 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

Symmetric Key Algorithms • They use same key for encryption and decryption, that’s why called symmetric key algorithms.

• Block Ciphers: which take an n-bit block of plaintext as input and transform it using the key into n-bit

block of ciphertext.

• Cryptographic algorithms can be implemented using Hardware's (speed) or Software's (flexibility).

• P Box:

– P = Permutation.

– Follows Kerckhoff’sprinciple (algo’sare public, key is private).

– Done by appropriate internal wiring using simple electrical circuit.

– Used in transposition ciphers.

– Eg: 01234567 is input, gives output 36071245.

Product Ciphers Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product.

• S-Box:

– a 3-bit plaintext is entered and a 3-bit ciphertext is output.

– The 3-bit input selects one of the eight lines exiting from the first stage and sets it to 1.

– The second stage is a P-box.

– The third stage encodes the selected input line in binary again.

– 01234567 is input then output would be 24506713.

• Product Cipher:

– Powerful tool in which p-box and s-box is cascaded forming whole series of boxes to form a product

cipher.

– 12 input lines in p-box.

– 212 = 4096 crossed wires are needed in middle stage.

– Input is broken into 3 bits, each substituted independently.

– K bit input to produce k bit output, k is 64 to 256.

– Less general, more powerful, becoming complicated function.

1. DES, Data Encryption Standard • The data encryption standard. (a) General outline.(b) Detail of one iteration.

The circled + means exclusive OR.

Page 8: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

8 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• DES (Data Encryption Standard), was widely adopted by the industry for use in security products.

• DES procedure:

– Enciphering a 64-bit data block and a

– 56-bit key

– Step 1: Stage 1: An initial transposition (permutation)

– Step 2: Iteration 1 to 16: rounds of a complex key dependent calculation.

– Step 3: Stage ‘second last’:32 bit exchange of leftmost 32 bits with rightmost 32 bits.

– Step 4: Stage ‘last’: A final transposition, obtained by just reversing the obtained transposition.

– Output: 64 bit cipher text.

• Iteration 1 to 16 procedure:

– Each stage takes two 32-bit inputs and produces two 32-bit outputs.

– Each of 16 iterations uses different key.

– The left output is simply a copy of the right input.

– The right output is the bitwise XOR of the left input and a function of the right input and the key

for this stage, Ki.

– All the complexity lies in this function.

• Whitening:

Page 9: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

9 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

– Technique used to make DES sronger.

– XORing random 64bit key with each plaintext block before feeding it into DES.

– And then again XORing a second 64 bit key with resulting ciphertext before transmitting it.

– It can be removed easily by running reverse operation.

– It adds more bits to the key length.

– Time consuming.

• In 1977, standford cryptography researchers Diffie and Hellman designed a machine

that breaks DES within 1 day.

Triple DES

• (a) Triple encryption using DES.

• (b) Decryption.

• IBM realized that DES key length was too short and developed: : triple DES.

• Here,

– 2 keys,

– 3 stages

• Procedure:

– Step 1: the plaintext is encrypted using DES in the usual way with K1.

– Step 2: DES is run in decryption mode, using K2 as the key.

– Step 3: Finally, another DES encryption is done with K1.

• Why 2 keys are used instead of 3?

– Another key would just add overhead for little benefit. So 2 keys are enough.

• Why EDE instead of EEE?

– Backward compatibility with single encryption decryption algorithm by just replacing k1 = k2.

2. AES –The Advanced Encryption Standard • DES began approaching the end of its useful life, even with triple DES.

• NIST (National Institute of Standards and Technology), the agency of the U.S. Dept. of Commerce

charged with approving standards for the U.S. Federal Government, decided that the government

needed a new cryptographic standard for unclassified use as there were problems with DES to be

standardized.

• They conducted a conference which had following rules for computing cryptography algorithm:

• Rules for AES proposals:

1. The algorithm must be a symmetric block cipher.

2. The full design must be public.

Page 10: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

10 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

3. Key lengths of 128, 192, and 256 bits supported.

4. Both software and hardware implementations required

5. The algorithm must be public or licensed on nondiscriminatory terms.

• Out of 16 proposals, 5 were sort listed and 1 was awarded as the best

solution/ algorithm so far provided.

• Name: Rijndael (from: Joan Daelmen and Vincent Rijnmen, 86 votes).

• Let us see that in detail.

• Three parameters:

– Plaintext (16 bytes)

– Ciphertext (encrypted data is returned)

– Key (16 byte key)

• State (data is maintained in byte array).

• Size: NROWS X NCOLS.

Page 11: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

11 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• Byte by byte substitution is performed.

• At the end, contents of state are returned as ciphertext.

• Expanding key into 11 arrays, stored in rk.

• Done through repeated rotation and XORing of various groups of key bits.

• How to copy plaintext to state array? During individual round, copied in column order. First 4 bytes to

column 0, next 4 bytes to column 1.

• Column and row number starts with 0 and round number starts with 1.

• Then, rk[0] is XORed into state byte.

• 12 byte array of size 4x4 is illustrated in next to next figure.

• Suppose loop executes 10 iterations.

• Each round consist of 4 steps, see next slide.

• Step 1: does a byte-for-byte substitution on state. Each byte in turn is used as an index into an S-box to

replace its value by the contents of that S-box entry. This step is a straight mono-alphabetic substitution

cipher. Unlike DES, which has multiple S-boxes, Rijndael has only one S-box.

• Step 2: rotates each of the four rows to the left. Row 0 is rotated 0 bytes (i.e., not changed), row 1 is

rotated 1 byte, row 2 is rotated 2 bytes, and row 3 is rotated 3 bytes. This step diffuses the contents of

the current data around the block, analogous to the permutations.

• Step 3: mixes up each column independently of the other ones. The mixing is done using matrix

multiplication in which the new column is the product of the old column and a constant matrix, with the

multiplication done using the finite Galois field, GF(28).

• Step 4: XORs the key for this round into the state array.

• Decryption?

– Decryption can be done just by running the algorithm backward.

– However, there is also a trick available in which decryption can be done by running the encryption

algorithm, using different tables.

• Advantages:

– Great speed

– Great security

– Good software implementation on 2GHz machine, achieve 700Mbps encryption rate and encrypt over

100 MPEG-2 videos in real time.

– Hardware implementation is also faster.

3. Cipher Modes A. Electronic Code Book Mode

B. Cipher Block Chaining Mode

C. Cipher Feedback Mode

D. Stream Cipher Mode

E. Counter Mode

Page 12: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

12 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

A. Electronic Code Book Mode

• Step 1: Break it up into consecutive 8 byte (64 bits) blocks.

• Step 2: Encrypt them one after another with the same key.

• Step 3: Last piece of plaintext is padded out to 64bits, if need be.

• Also called ECB mode.

• Intruder Enjoys by: making a copy of the 12th ciphertext block (which contains Kim's bonus) and use it

to replace the 4th ciphertext block (which contains Leslie's bonus) even without knowing what the 12th

block says.

B. Cipher Block Chaining Mode

• Cipher block chaining. (a) Encryption. (b) Decryption.

• Overcomes the disadvantage of ECB mode.

• Each plaintext block is XORed with previous cipher text block before being encrypted.

• Step 1: The first block is XORed with a randomly chosen IV (Initialization Vector), which

is transmitted (in plaintext) along with the cipher text.

• C0 = E(P0 XOR IV)

• Step 2: Then we compute C1 = E(P1 XOR C0), and so on….

• Decryption ?

– also uses XOR to reverse the process, with P0 = IV XOR D(C0), and so on.

• Advantage:

– Same plaintext block will not result in the same ciphertext block, making cryptanalysis more difficult.

• Disadvantage:

– Have to wait until an entire 64-bit block to arrive before decryption can begin.

Page 13: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

13 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

C. Cipher Feedback Mode

• (a) Encryption. (b) Decryption.

• Overcome the disadvantage of Cipher Block Chaining Mode.

• Use Triple(DES), Only 128 bit shift register is used.

• Step 1: The leftmost byte of that ciphertext is extracted and XORed with P10.

• Step 2: That byte is transmitted on the transmission line.

• Step 3: In addition, the shift register is shifted left 8 bits, causing C2 to fall off the left end, and C10 is

inserted in the position just vacated at the right end by C9.

• Need: initialization vector to start the ball rolling.

• Decryption? Decryption with cipher feedback mode just does the same thing as encryption. (not

decryption).

• Disadvantage? One bit transmission error may exist. if one bit of the ciphertext is accidentally inverted

during transmission, the 8 bytes that are decrypted while the bad byte is in the shift register will be

corrupted.

D. Stream Cipher Mode

• A stream cipher. (a) Encryption. (b) Decryption.

• Overcome the disadvantage of 1 bit error.

• Step 1: It works by encrypting an initialization vector, using a key to get an output block.

Page 14: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

14 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• Step 2: The output block is then encrypted, using the key to get a second output block.

• Step 3: This block is then encrypted to get a third block, and so on.

• Step 4: The (arbitrarily large) sequence of output blocks, called the key stream, is treated like a one-

time

pad and XORed with the plaintext to get the ciphertext.

• Note:

– IV is used only on the first step.

– Key-stream is independent of the data,

– so it can be computed in advance, if need be, and

– It is completely insensitive to transmission errors.

• Decryption? Decryption occurs by generating the same keystream at the receiving side.

• Disadvantage:

– Never to use same (key,IV) pair twice otherwise may result to keystream reuse attack.

– Decrypting all the blocks ahead of it, an expensive proposition.

E. Counter Mode

• Encryption using counter mode.

• Overcome the disadvantage of Stream Cipher mode.

• Problem: What if notebook computer is stolen stored within important critical files?

• Solution? Storing all critical files in encrypted form greatly reduces the damage due to

secret information leaking out.

• Disk files are often accessed in non-sequential order. Solution? Counter Mode.

• Here the plaintext is not encrypted directly.

• Step 1: the initialization vector plus a constant is encrypted, and

• Step 2: the resulting ciphertext XORed with the plaintext.

• Note: By stepping the initialization vector by 1 for each new block, it is easy to decrypt a block

anywhere in the file without first having to decrypt all of its predecessors.

• Disadvantage: Same pair of (key, IV) may result to keystream reuse attack.

• Solution? Use random function to select both and its pair.

4. Other Ciphers: • DES and Rijndael are the best-known symmetric-key, cryptographic algorithms.

• Numerous other symmetric-key ciphers have been devised listed below.

Page 15: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

15 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

5. Cryptanalysis • Important Development in Cryptanalysis.

1. Differential Cryptanalysis

– Biham and Shamir, 1993.

– Used to attack any block cipher.

– Observation leads to a probabilistic attack.

2. Linear Cryptanalysis

– Matsui, 1994.

– It can break DES with only 243 known plaintexts.

– It works by XORing certain bits in the plaintext and ciphertext together and examining the result for

patterns.

3. Analysis of Electrical Power Consumption

– Computers typically use 3 volts to represent a 1 bit and 0 volts to represent a 0 bit.

– Thus, processing a 1 takes more electrical energy than processing a 0.

– Deducing the key is easy.

4. Timing Analysis

– Cryptographic algorithms are full of if statements that test bits in the round keys.

– If the then and else parts take different amounts of time, by slowing down the clock and seeing how

long various steps take.

– It may also be possible to deduce the round keys.

– Once all the round keys are known, the original key can usually be computed.

• Power and timing analysis can also be employed simultaneously.

PUBLIC KEY ALGORITHM : RSA • Weakness: Distribution of keys.

• No matter how strong a cryptosystem was, if an intruder could steal the key, the system was

worthless.

• Keys has to be protected and distributed also.

Page 16: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

16 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• Stanford University, Diffie and Hellman (1976) proposed new kind of cryptosystem : Public Key

Algorithm.

– Encryption and Decryption keys are different.

– Decryption key could not feasibly be derived from encryption key.

– Meet three requirements:

• 1. D(E(P)) = P

• 2. It is exceedingly difficult to deduce D from E.

• 3. E cannot be broken by a chosen plaintext attack.

• Publish One key (for E) and keep another Private (for D).

• Disadvantage:

– Slow in processing as key is very large.

RSA:

• RSA –Rivest –Shamir –Adelman

• Used for both, Encryption and Signing.

• Has long keys. i.e 1024 bits which makes is secure.

• Key advantage: difficulty of factoring large integers.

• General Algorithm:

1. Generate two large random prime numbers, p and q, equal in size such that n=pq and φ= (p-1)(q-1).

2. Compute n = pq and φ= (p-1)(q-1)

3. Choose an integer e such that 1 < e < φgcd(e, φ) = 1.

4. Compute secret exponent d, 1 < d < φsuch that ed=1(mod φ).

5. The public key is (n,e) and private key (n,d). Keep secret p, q, φ.

• Note:

– ‘n’ is modulus

– ‘e’ is public exponent or encryption.

– ‘d’ is secret exponent of decryption.

• Encryption (A sender B receiver)

1. Obtains the recipient B’s public key (n, e).

2. Represents the plaintext message as a positive integer m.

3. Computes the ciphertext c = me mod n.

4. Sends the ciphertext c to B.

• Decryption

1. Uses his private key (n, d) to compute m = cd mod n.

2. Extracts the plaintext from the integer representative m.

• Advantage?

– Easy to distribute keys keeping few secret.

– 2 key make it secure.

– Large key size makes it more difficult to break.

– Algorithm is also complex to be depicted.

– Widely accepted and used.

• Disadvantage?

Page 17: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

17 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

– Too slow in computing as keys are large and algorithm is complex.

• An example of the RSA algorithm.

Digital Signatures (Subtopics): A. Symmetric-Key Signatures

B. Public-Key Signatures

C. Message Digests

D. The Birthday Attack

Digital Signature Introduction • The authenticity of many legal, financial, and other documents is determined by the presence or

absence of an authorized handwritten signature.

• And photocopies do not count.

• The problem of devising a replacement for handwritten signatures is a difficult one.

• Needed is a system by which one party can send a signed message to another party in such a way that

the following conditions hold:

– The receiver can verify the claimed identity of the sender. Eg: bank has to authenticate customer.

– The sender cannot later repudiate the contents of the message. Eg: Protect bank against fraud.

– The receiver cannot possibly have concocted the message himself. Eg: bank do not cheat customer.

A. Symmetric-Key Signatures • Digital signatures authority is with trust worthy Big Brother(BB).

• Suppose Alice wants to send a signed plaintext message, P, to her banker, Bob.

Page 18: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

18 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• She generates KA(B, RA, t, P), where

– B is Bob's identity,

– RA is a random number chosen by Alice,

– t is a timestamp to ensure freshness, and

– KA(B, RA, t, P) is the message encrypted with her key, KA.

• BB sees that the message is from Alice, decrypts it, and sends a message to Bob as shown.

• The message to Bob contains the plaintext of Alice's message and also the signed message

KBB (A, t, P).

• Bob now carries out Alice's request.

• Disadvantage: Everybody has to trust Big Brother. He is not God.

B. Public-Key Signatures:

• Digital signatures using public-key cryptography.

• Public key Encryption and Decryption has property: E(D(P)) = P also D(E(P)).

• Alice can send signed message to Bob by transmitting EB(DA(P)).

• Still its not perfect, and may be broken.

• Then NIST proposed, DSS (Digital Signature Standard), but was not accepted widely because it was

– Too slow

– Too secret

– Too new

– Too insecured.

Page 19: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

19 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

Message Digests:

• Previously defined algorithms provide two functions: authentication and secrecy.

• Authentication is needed but secrecy is not needed. Lets see below.

• This scheme has the idea of a one-way hash function that takes an arbitrarily long piece of plaintext

and from it computes a fixed-length bit string.

• This hash function, MD, often called a message digest, has four important properties:

– Given P, it is easy to compute MD(P).

– Given MD(P), it is effectively impossible to find P.

– Given P no one can find P' such that MD (P') = MD(P).

– A change to the input of even 1 bit produces a very different output.

•Hash should be at least 128 bits long.

• If Trudy replaces P underway, Bob will see this when he computes MD(P) himself.

• Variations: (a) MD5, (b) SHA-1

(a) MD5: •Most widely used MD5 (Ronald Rivest, 1992).

•It operates by bits in a sufficiently complicated way such that every o/p bit is affected by every i/p bit.

•Pad message of length modulo 512.

•Last pre-computation step is initialized 128 bit buffer.

•Each round takes a 512-bit block of input and mixes it thoroughly with the 128-bit buffer.

•For good measure, a table constructed from the sine function is also thrown in to avoid suspicion.

•There remains suspicion that the designer built in a clever back door through which only he can enter.

• Rivest wanted to avoid this suspicion.

• Four rounds are performed per input block.

Page 20: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

20 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

• This process continues until all the input blocks have been consumed.

• Some vulnerabilities have been found, but certain internal steps prevent it from being broken.

(b) SHA-1 • Use of SHA-1 and RSA for signing non-secret.

A message padded out to a multiple of 512

•NIST in FIPS 180-1.

•Processes input data in 512 bit blocks.

•Unlike MD5, it generates 160 bit Message Digest.

•In example, we can see that Alice sends non secret but signed message to Bob.

•Here her plaintext message is fed into the SHA-1 algorithm to get a 160-bit SHA-1 hash.

•Alice then signs the hash with her RSA private key and sends both the plaintext message and the signed

hash to Bob.

•After receving the message, Bob computes the SHA-1 hash himself and also applies Alice's public key to

the signed hash to get the original hash, H.

•If the two match and agree, the message is considered valid.

•Since there is no way for Trudy to modify also, Bob can easily detect any changes Trudy has made to

the message.

•Widely used for whose integrity is important but whose contents are not secret.

•SHA-1 Procedure:

- pad the message by adding a 1 bit to the end, followed by as many 0 bits as are needed to

make the length a multiple of 512 bits.

Page 21: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

21 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

- Then, ORed into the low-order 64 bits.

- SHA-1 maintains five 32-bit variables, H0 through H4, where the hash accumulates.

- Each of the blocks M0 through Mn -1 is now processed in turn.

- For the current block, the 16 words are first copied into the start of an auxiliary 80-word

array, W. Then the other 64 words in W are filled in using the formula

- The actual calculation can be expressed in pseudo-C as - for (i = 0; i < 80; i++) { - temp = S5(A) + fi (B, C, D) + E + Wi +Ki;

- E=D; D=C; C=S30(B); B = A; A = temp; - }

- When all 80 iterations of the loop are completed, A through E are added to H 0 through H 4,

respectively.

- Now that the first 512-bit block has been processed, the next one is started. The W array is

reinitialized from the new block, but H is left as it was.

•When the last block has been finished, the five 32-bit words in the H array are output as the 160-bit

cryptographic hash.

•New versions of SHA-1 are under development for hashes of 256, 384, and 512 bits, respectively.

Page 22: A. Cryptography Topic List - · PDF fileChapter 8: Network Security 1 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: bhargavigoswami@gmail.com A. Cryptography

Chapter 8: Network Security

22 By: Bhargavi Goswami, Sunshine Group of Institutions| SUB: FON Email: [email protected]

University Questions : (From June 2011 to Dec 2012, 4 papers)

1. What is meant by security by obscurity?[1]

2. Differentiate between symmetric and asymmetric ciphers.[1]

3. Differentiate between a cipher and a code.[1]

4. Replay attack[1]

5. Privacy amplification[1]

6. Substitution cipher[1]

7. Explain terms, cryptology and cryptanalysis[2]

8. Define Message Digest or give an example of message digest[2]

9. Explain terms Initialization Vector and substitution cipher[2]

10. Why stream cipher is needed when one already have a block cipher?[2]

11. Explain the working of Mono-alphabetic cipher with example.[3]

12. Explain the problem with DES. How triple DES solve the problem?[3]

13. Write a short note on substitution ciphers.[3]

14. Write what is counter mode and why it is useful[3]

15. What is a digital signature? How it is different from conventional signature?[3]

16. Write two important reasons in favor or public key algorithms vs symmetric key algorithm for

encryption.[3]

17. Two important principles of cryptography are redundancy and freshness, explain both.[3]

18. Explain the working of Transposition or Columnar Cipher.[4]

19. Explain encryption method of transposition cipher.[4]

20. What is digital signature? Explain symmetric key signature.[4]

21. What is Data Encryption Standard? Give steps of encryption using DES. Give significance of

cipher block chaining mode using DES.[7]

22. How does substitution cipher work for cryptography? Give classification of substitution cipher

methods with examples.[7]

23. What is Public key algorithm? Write a note on RSA.[7]