tmk 264: computer security chapter two: cryptography 1
TRANSCRIPT
TMK 264: COMPUTER SECURITY
CHAPTER TWO: CRYPTOGRAPHY
1
INTRODUCTION
• Cryptography provides many mechanisms on which security techniques and technologies are built.
• Cryptography is a deep mathematical subject. • The word cryptography comes from two Greek words
meaning ‘secret writing’ and is the art and science of concealing meaning.
• The goal of cryptography is to keep enciphered information secret.
2
3
WHAT IS CRYPTOGRAPHY
• Cryptography is the study of transforming information into an encoded or scrambled format.
• Cryptography is a secret writing which is the strongest tool for controlling against many kinds of security threats.
• Well-disguised data cannot be read, modified or fabricated easily.
• Cryptography is rooted in higher mathematics: group and field theory, computational complexity, and even real analysis, not to mention probability and statistics.
44
ENCRYPTION TERMINOLOGYENCRYPTION TERMINOLOGY
Encryption is the process of encoding a message so Encryption is the process of encoding a message so that its meaning is not obvious.that its meaning is not obvious.
Decryption is the reverse process which is Decryption is the reverse process which is transforming an encrypted message back into transforming an encrypted message back into normal.normal.
Encipher, decipher, encode, decode is the same Encipher, decipher, encode, decode is the same word for encryption and decryption.word for encryption and decryption.
Cryptography is the art of keeping messages secureCryptography is the art of keeping messages secure Cryptosystem is referring to a system for Cryptosystem is referring to a system for
encryption and decryption. encryption and decryption. Cryptanalysis is the art of breaking cipher-textCryptanalysis is the art of breaking cipher-text
ENCRYPTION TERMINOLOGYENCRYPTION TERMINOLOGY
Four ways cryptanalysis can do:Four ways cryptanalysis can do: Attempt to break a single messageAttempt to break a single message Attempt to recognize patterns in encrypted Attempt to recognize patterns in encrypted
message.message. Attempt to deduce the key.Attempt to deduce the key. Attempt to find weakness in the Attempt to find weakness in the
implementation or environment of use of implementation or environment of use of encryption.encryption.
55
66
TYPES OF ENCRYPTIONTYPES OF ENCRYPTION
Two main types of encryption: Two main types of encryption: Asymmetric encryption (public-key encryption)Asymmetric encryption (public-key encryption) Symmetric encryption (secret-key encryption).Symmetric encryption (secret-key encryption).
Two simple encryption method are:Two simple encryption method are: Substitution - One letter is change for another Substitution - One letter is change for another
letter.letter. Transposition – The order of the letter is Transposition – The order of the letter is
rearranged.rearranged.
Encryption is the method to make sure that the Encryption is the method to make sure that the message didn’t access by illegal person. message didn’t access by illegal person.
77
Figure Encryption with KeysFigure Encryption with Keys
88
99
Figure: Symmetric EncryptionFigure: Symmetric Encryption
1010
Table: Comparing Secret Key and Public Key Table: Comparing Secret Key and Public Key EncryptionEncryption
1111
REPRESENTING CHARACTERSREPRESENTING CHARACTERS
ENGLISH ALPHABETENGLISH ALPHABET Also known as a modular arithmeticAlso known as a modular arithmetic We want to study ways of encrypting any We want to study ways of encrypting any
computer material, whether it is written as ASCII computer material, whether it is written as ASCII or EBCDIC characters.or EBCDIC characters.
However, to simplify the explanations, we begin However, to simplify the explanations, we begin with the encryption of message written in the with the encryption of message written in the standard 26 letter English alphabet: standard 26 letter English alphabet:
12
ENGLISH ALPHABET
13
ENGLISH ALPHABETENGLISH ALPHABET
► The letters A represented by a zero, B by The letters A represented by a zero, B by one and so on.one and so on.
► This representation allows us to consider This representation allows us to consider performing arithmetic on the “letters” of a performing arithmetic on the “letters” of a message.message.
► That is, we can perform addition and That is, we can perform addition and subtraction on letters by adding and subtraction on letters by adding and subtracting the corresponding code subtracting the corresponding code numbers. numbers.
► Every result of an arithmetic operation is Every result of an arithmetic operation is between 0 and 25.between 0 and 25.
14
ENGLISH ALPHABETENGLISH ALPHABET►Example:Example:
A + 3 = DA + 3 = D K – 1 = JK – 1 = J Y + 3 = BY + 3 = B
►Exercises:Exercises: By using modular arithmetic, decode the By using modular arithmetic, decode the
following statements:following statements: (5 - 5) , (22 - 11), (5 * 2 + 4), (55 % 8), (5 - 5) , (22 - 11), (5 * 2 + 4), (55 % 8),
(8 * 1 * 0)(8 * 1 * 0)►Answer: ALOHAAnswer: ALOHA
1515
SUBSTITUTION CIPHERSSUBSTITUTION CIPHERS THE CAESAR CIPHERTHE CAESAR CIPHER
– Julius Caesar is said to have been the Julius Caesar is said to have been the first to use this scheme, in which each first to use this scheme, in which each letter is translated to a letter a fixed letter is translated to a letter a fixed number of places after it in the number of places after it in the alphabet.alphabet.
– Caesar used a shift of 3.Caesar used a shift of 3.– Each letter of the alphabet is Each letter of the alphabet is
represented by some other letter.represented by some other letter.– The correspondence may be random or The correspondence may be random or
systematic.systematic.– 26! possible substitution ciphers26! possible substitution ciphers
1616
THE CAESAR CIPHERTHE CAESAR CIPHER
17
THE CAESAR CIPHER Exercises:
Encrypt the following statements by using Caesar Cipher method.
GOOD LUCK TO YOU Advantages
Easy to memorize and implement. The pattern was easy to memorize and implement. Simple to write and protected.
Disadvantages
Easy to predict by other users. The pattern of words is easy to break. A secure encryption should not allow an interceptor to
use a small piece of the ciphertext to predict the entire pattern of the encryption.
18
STREAM CIPHERSTREAM CIPHER
Implement the secret key encryption.Implement the secret key encryption. Is a method to encrypting text (to produce cipher text) in which a Is a method to encrypting text (to produce cipher text) in which a
cryptographic key and algorithm are applied to each binary digit in a data cryptographic key and algorithm are applied to each binary digit in a data stream.stream.
Usually used in old cryptography system.Usually used in old cryptography system. Designed to be exceptionally fast, much faster than any block cipher.Designed to be exceptionally fast, much faster than any block cipher. Most stream cipher designs are for synchronous stream cipher.Most stream cipher designs are for synchronous stream cipher. Are often used in application where plaintext comes in quantities of Are often used in application where plaintext comes in quantities of
unknowable length. unknowable length. Advantages:Advantages:
The secret key is short.The secret key is short. Very high speed (Gigabyte/per second)Very high speed (Gigabyte/per second) Low error propagation.Low error propagation.
Disadvantages:Disadvantages: Do not satisfy the perfect secrecy condition.Do not satisfy the perfect secrecy condition. Easily to encrypt from the intelligent fraud.Easily to encrypt from the intelligent fraud. Sender and receiver must be synchronized.Sender and receiver must be synchronized. Low diffusion.Low diffusion.
19
VERNAM CIPHERVERNAM CIPHER
Also known as one-time pad.Also known as one-time pad. Invented by Gilbert Vernam and patented in 1917.Invented by Gilbert Vernam and patented in 1917. Advantages:Advantages:
• This cipher is unbreakable in a very strong sense.This cipher is unbreakable in a very strong sense.• Any message can be transformed into any cipher by Any message can be transformed into any cipher by
using a pad.using a pad.• All transformation are equally likely.All transformation are equally likely.• More simple compared than other types of cryptographic More simple compared than other types of cryptographic
algorithms.algorithms. Example of using Vernam Cipher:Example of using Vernam Cipher:
• Vernam encoded “++---“ as A, B as “+--++”, G as “-+-++”, combining Vernam encoded “++---“ as A, B as “+--++”, G as “-+-++”, combining G + B are “++---“.G + B are “++---“.
2020
21
SUMMARY OF SUBSTITUTIONS
Substitution is effective cryptography devices. In fact, they were the basis of many cryptographic algorithm used
for diplomatic communication through the first half of the twentieth century.
But substitution is not the only kind of encryption technique. In the next section, we introduce the other basic cryptographic
invention; the transposition (permutation). Substitution and permutation together form a basis for some
widely used commercial grade encryption algorithms that we discuss later in this chapter.
22
TRANSPOSITIONS METHOD (PERMUTATIONS)
The goal of substitution is confusion; the encryption method is an attempt to make it difficult for an cryptanalyst or intruder to determine how a message and key were transformed into ciphertext.
A transposition is an encryption in which the letters of the message are rearranged.
With transposition, the cryptography aims for diffusion, widely spreading the information from the message or the key across the ciphertext.
Transposition tries to break established pattern. Because a transposition is a rearrangement of the
symbols of a message, it is also known as a permutation.
23
24
COLUMNAR TRANSPOSITION
Columnar transposition is rearrangement of the characters of the plaintext into columns.
The set of characters are arranged in n-column transposition according the situation.
25
EXERCISES• Encrypt the following message by using permutation technique
WHERE ARE WE FOR THE TIME BEING RIGHT NOW!
Answer:
W H E R E
A R E W E
F O R T H
E T I M E
B E I N G
R I G H T
N O W ! X
X X X X X
X X X X X
X X X X X
The cipher text are:
wafeb rnxxx hrote ioxxx eerii
gwxxx rwtmn h!xxx eeheg txxxx
26
CHARACTERISTICS OF GOOD CIPHER
• In 1949, Claude Shannon proposed several characteristics that identify a good cipher:– The amount of secrecy needed should determine the amount of
labor appropriate for the encryption and decryption.– The set of keys and the enciphering algorithm should be free from
complexity.– The implementation of the process should be as simple as possible.– Errors in ciphering should not propagate and cause corruption of
further information in the message.– The size of the enciphered text should be no longer than the text of
the original message.• These principles were developed before the ready availability of digital
computers, even though Shannon was aware of computers and the computational power they represented.
27
28
DATA ENCRYPTION DATA ENCRYPTION STANDARD (DES)STANDARD (DES)
• Developed for the U.S government and was Developed for the U.S government and was intended for use by the general public.intended for use by the general public.
• It has been officially accepted as a cryptographic It has been officially accepted as a cryptographic standard both in the United State and abroad.standard both in the United State and abroad.
• Moreover, many hardware and software systems Moreover, many hardware and software systems have been designed with the DES.have been designed with the DES.
• The DES algorithm is careful and complex The DES algorithm is careful and complex combination of two fundamental building blocks of combination of two fundamental building blocks of encryption which is substitutions and transposition.encryption which is substitutions and transposition.
• DES uses only standard arithmetic and logical DES uses only standard arithmetic and logical operations on number up to 64 bits long, so it is operations on number up to 64 bits long, so it is suitable for implementation in software on most suitable for implementation in software on most current computers current computers
29
DATA ENCRYPTION STANDARD (DES)
Characteristics for DES algorithm: Able to provide a high level of security. Specified and easy to understand. Available to all users. Efficient to use. Able to validate.
30
ADVANCES ENCRYPTION STANDARD (AES) The AES is likely to be the commercial-grade
symmetric algorithm of choice for years, if not decades.
Characteristics of AES algorithm: Available royalty-free for use worldwide. Symmetric block cipher algorithm. Publicly disclosed.
Example of the best AES algorithm – Rijndael The algorithm’s name derived from the creator’s name,
Vincent Rijmen and Joan Daemen.
3131
ADVANCES ENCRYPTION ADVANCES ENCRYPTION STANDARD (AES)STANDARD (AES)
– Advantages:Advantages:•Fast algorithm that can be implemented Fast algorithm that can be implemented
easily on a simple processor.easily on a simple processor.
•Strong mathematical function and much Strong mathematical function and much secure compare than DES.secure compare than DES.
•Simple to describe and understood.Simple to describe and understood.
32
Table: Comparison of DES and AES
DES AES
Date 1976 1999
Block Size 64 bits 128 bits
Key Length 56 bits 128, 192, 256
Encryption Primitives
Substitution, permutation Substitution, shift, bit mixing
Cryptographic Primitives
Confusion, Diffusion Confusion, Diffusion
Design Open Open
Design Rationale Closed Open
Selection Process Secret Secret, but accepted open public comment
Source IBM, enhanced by NSA Independent Dutch cryptographers
3333
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION With public key security systems, each user of the With public key security systems, each user of the
system has one public key and one private key (only system has one public key and one private key (only two keys).two keys).
The system is asymmetric which means that when a The system is asymmetric which means that when a message is encrypted with the public key, it cannot be message is encrypted with the public key, it cannot be decrypted by using the public key again. decrypted by using the public key again.
The same is true of encryption with the private key.The same is true of encryption with the private key. A message encrypted using the public key can only A message encrypted using the public key can only
be decrypted using the private key and a message be decrypted using the private key and a message encrypted using the private key can only be decrypted encrypted using the private key can only be decrypted using the public key.using the public key.
3434
Rivest-Shamir-Adelman Rivest-Shamir-Adelman (RSA(RSA) ) EncryptionEncryption
Introduced in 1978 and to date remains secure.Introduced in 1978 and to date remains secure. Combines results from number theory with the Combines results from number theory with the
degree of difficulty in determining the prime factors degree of difficulty in determining the prime factors of a given number.of a given number.
Two keys used, d and e, are used for decryption and Two keys used, d and e, are used for decryption and encryption.encryption.
The RSA algorithm has become the de facto standard The RSA algorithm has become the de facto standard for industrial-strength encryption, especially for data for industrial-strength encryption, especially for data sent over the Internet.sent over the Internet.
It is built into many software products, including It is built into many software products, including Netscape Navigator and Microsoft Internet Explorer.Netscape Navigator and Microsoft Internet Explorer.
The technology is so powerful that the U.S. The technology is so powerful that the U.S. government has restricted exporting it to foreign government has restricted exporting it to foreign countries.countries.
35
THE USES OF ENCRYPTION
• Digital Signatures – Digital signature is a protocol that produces the
same effect as real signature.– It is a mark that only the sender can make, but
other people can easily recognize as belonging to the sender.
– Just like a real signature, a digital signature is used to confirm agreement to a message.
– Only the owner can create the digital signature, hence it can be used to verify who created a message.
36
Sign the entire/whole document Public key encryption can be used to sign a
document. The sender uses her private key to encrypt
(sign) the message. The receiver uses the public key of the
sender to decrypt the message. The private key is used for encryption and
the public key for decryption
3737
Figure: Signing the whole documentFigure: Signing the whole document
3838
SIGNING THE DIGESTSIGNING THE DIGEST The sender creates a miniature version The sender creates a miniature version
of the document and signs it.of the document and signs it. The receiver checks the signature on the The receiver checks the signature on the
miniature.miniature. To create a digest of the message, use To create a digest of the message, use
HASH FUNCTIONHASH FUNCTION Hash function creates a fixed-size digest Hash function creates a fixed-size digest
from a variable-length message.from a variable-length message. 2 most common :- MD5 ( Message Digest 2 most common :- MD5 ( Message Digest
5), 120-bit and SHA-1 (Secure Hash 5), 120-bit and SHA-1 (Secure Hash Algorithm 1), 160-bitAlgorithm 1), 160-bit
39
Figure: Signing the Digest
40
Figure: Signing the Digest (Sender site)
41
Figure: Signing the Digest (Receiver Site)
42
DIGITAL SIGNATURE• Digital signature must meet two primary
conditions:– It must be unforgeable.
• If person P signs message M with signature S (P, M), it is impossible for anyone else to produce the pair.
– It must be authentic.• If a person R receives the message from P, R can
check that the signature is really from P. Only P could have created this signature, and the signature is firmly attached to M.
4343
DIGITAL SIGNATUREDIGITAL SIGNATURE
Two more properties are added:Two more properties are added: It is not alterableIt is not alterable
After being transmitted, the message’s After being transmitted, the message’s content cannot be changed.content cannot be changed.
It is not reusableIt is not reusable A previous message presented again will be A previous message presented again will be
instantly detected by the receiver. instantly detected by the receiver.
Digital SignatureDigital Signature
4444
45
Key Exchange• Suppose you send a protected message to someone
you do not know and who does not know you. • This situation is more common than you may think. For
instances:– How you send an income tax return to the government?– You want the information to be protected, but you do not
necessarily know the person who is receiving the in formations. Are the information protected?
• This situation depends on being able to exchange an encryption key in such a way that nobody else can intercept it.
• To establish an encrypted session, you need an encrypted means to exchange keys.
46
Figure: The idea behind key exchange
47
WHY ENCRYPTION IS NECESSARY?WHY ENCRYPTION IS NECESSARY?
To make sure the message are safe and To make sure the message are safe and secured.secured.
To make the message is difficult to read/ To make the message is difficult to read/ write or modify by unauthorized person.write or modify by unauthorized person.
E-commerce requires strong, unbreakable E-commerce requires strong, unbreakable encryption; otherwise, money could not be encryption; otherwise, money could not be safely exchanged over the Internet.safely exchanged over the Internet.
Encryption process is used to block the Encryption process is used to block the outsider to outsider to Block the important message.Block the important message. Intercept the message.Intercept the message. Modify the contents of the message.Modify the contents of the message.
48
WEAKNESS IN CRYPTOGRAPHYWEAKNESS IN CRYPTOGRAPHY
A cryptanalyst works against humans, who A cryptanalyst works against humans, who can be hurried, lazy, careless, naïve or can be hurried, lazy, careless, naïve or uninformed.uninformed.
Below are some of the weakness of having Below are some of the weakness of having the cryptography:the cryptography: Human fails to change cryptographic keys Human fails to change cryptographic keys
when needed.when needed. Choose key in predictable mannerChoose key in predictable manner Humans can be bribed or coerced.Humans can be bribed or coerced. Hardware and software fails.Hardware and software fails. The only rule that applies to the attacker is The only rule that applies to the attacker is
that there are no rules.that there are no rules.
49
WEAKNESS IN CRYPTOGRAPHYWEAKNESS IN CRYPTOGRAPHY
All of the weakness has been settle All of the weakness has been settle by using the three most widely used by using the three most widely used encryption scheme today, which is:encryption scheme today, which is: Data Encryption Standard (DES)Data Encryption Standard (DES) Advances Encryption Standard (AES)Advances Encryption Standard (AES) Rivest Shamir Adelman (RSA)Rivest Shamir Adelman (RSA)
CONCLUSIONCONCLUSION
50