Cryptography and Cryptography and Network Security Network - PowerPoint PPT Presentation

Cryptography and Cryptography and Network Security Network Security Chapter Chapter 2 2 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lawrie Brown Lecture slides by Lawrie Brown

Symmetric Encryption Symmetric Encryption � � or conventional / or conventional / private private-key key / single single-key key � � sender and recipient share a common key sender and recipient share a common key � � all classical encryption algorithms are all classical encryption algorithms are private private-key key � was only type prior to invention of public was only type prior to invention of public- � key in key in 1970 1970’s ’s � � and by far most widely used and by far most widely used

Some Basic Terminology Some Basic Terminology � plaintext plaintext - original message � original message � ciphertext ciphertext - coded message coded message � � cipher cipher - algorithm algorithm for transforming plaintext to for transforming plaintext to ciphertext ciphertext � � � key key - info used in cipher, known only to sender/receiver info used in cipher, known only to sender/receiver � encipher (encrypt) encipher (encrypt) - converting plaintext to � converting plaintext to ciphertext ciphertext � decipher (decrypt) decipher (decrypt) - recovering � recovering ciphertext ciphertext from plaintext from plaintext � cryptography cryptography - study of encryption principles/methods study of encryption principles/methods � � cryptanalysis ( cryptanalysis (codebreaking codebreaking) - study of principles/ study of principles/ � methods of deciphering methods of deciphering ciphertext ciphertext without without knowing key knowing key � � cryptology cryptology - field of both cryptography and cryptanalysis field of both cryptography and cryptanalysis

Symmetric Cipher Model Symmetric Cipher Model

Requirements Requirements � � two requirements for secure use of two requirements for secure use of symmetric encryption: symmetric encryption: � a a strong encryption strong encryption algorithm algorithm � � a a secret key secret key known only to sender / receiver known only to sender / receiver � � � mathematically have: mathematically have: Y Y = E = E K ( X ) X X = D = D K ( Y ) � � assume encryption assume encryption algorithm is known algorithm is known � � implies a implies a secure channel secure channel to distribute key to distribute key

Cryptography Cryptography � � characterize cryptographic system by: characterize cryptographic system by: � type of encryption type of encryption operations operations used used � • substitution / substitution / transposition / product transposition / product � number of keys used number of keys used � • single single-key or private / two key or private / two-key or public key or public � way in which plaintext is processed way in which plaintext is processed � • block / stream block / stream

Cryptanalysis Cryptanalysis � � objective to objective to recover key recover key not not just message just message � general approaches: � general approaches: � cryptanalytic attack cryptanalytic attack � � brute brute-force attack force attack �

Model of Symmetric Model of Symmetric Cryptosystem Cryptosystem

Cryptanalytic Attacks Cryptanalytic Attacks � ciphertext ciphertext only only � � only know algorithm & only know algorithm & ciphertext ciphertext, , is statistical, is statistical, � know or can identify plaintext know or can identify plaintext � known plaintext known plaintext � � know/suspect plaintext & know/suspect plaintext & ciphertext ciphertext � � chosen plaintext chosen plaintext � � select plaintext and obtain select plaintext and obtain ciphertext ciphertext � � chosen chosen ciphertext ciphertext � � select select ciphertext ciphertext and obtain plaintext and obtain plaintext � � chosen text chosen text � � select plaintext or select plaintext or ciphertext ciphertext to en/decrypt to en/decrypt �

More Definitions More Definitions � unconditional security unconditional security � � no matter no matter how much how much computer power computer power or or time time � is available, the cipher is available, the cipher cannot cannot be broken be broken since the since the ciphertext ciphertext provides provides insufficient insufficient information to uniquely determine the information to uniquely determine the corresponding plaintext corresponding plaintext � computational security computational security � � given limited given limited computing resources computing resources (eg eg time time � needed for calculations is greater than age of needed for calculations is greater than age of universe), the cipher cannot be broken universe), the cipher cannot be broken

Brute Force Search Brute Force Search � always possible to simply try every key always possible to simply try every key � � most basic attack, proportional to key size most basic attack, proportional to key size � � assume either know / recognise plaintext assume either know / recognise plaintext � Time required at 10 6 Key Size (bits) Number of Alternative Time required at 1 Keys decryption/µs decryptions/µs 2 31 µs 2 32 = 4.3 × 10 9 32 = 35.8 minutes 2.15 milliseconds 2 55 µs 2 56 = 7.2 × 10 16 56 = 1142 years 10.01 hours 2 128 = 3.4 × 10 38 2 127 µs = 5.4 × 10 24 years 5.4 × 10 18 years 128 2 168 = 3.7 × 10 50 2 167 µs = 5.9 × 10 36 years 5.9 × 10 30 years 168 2 × 10 26 µs = 6.4 × 10 12 years 6.4 × 10 6 years 26! = 4 × 10 26 26 characters (permutation)

Classical Substitution Classical Substitution Ciphers Ciphers � � where where letters of plaintext are replaced by letters of plaintext are replaced by other letters or by numbers or symbols other letters or by numbers or symbols � or if plaintext is or if plaintext is viewed as a sequence of viewed as a sequence of � bits, then substitution involves replacing bits, then substitution involves replacing plaintext bit patterns with ciphertext bit plaintext bit patterns with ciphertext bit patterns patterns

Caesar Cipher Caesar Cipher � � earliest known substitution cipher earliest known substitution cipher � by Julius Caesar by Julius Caesar � � first attested use in military affairs first attested use in military affairs � � � replaces each letter by replaces each letter by 3 3rd letter on rd letter on � � example: example: meet me after the toga party meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB PHHW PH DIWHU WKH WRJD SDUWB

Caesar Cipher Caesar Cipher � � can define transformation as: can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C � � mathematically give each letter a number mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 � then have Caesar cipher as: then have Caesar cipher as: � c c = E( = E( p ) = ( ) = ( p p + + k ) ) mod ( mod (26 26) p p = = D(c) D(c) = (c = (c – k ) mod ( ) mod (26 26)

Cryptanalysis of Caesar Cryptanalysis of Caesar Cipher Cipher � � only have only have 26 26 possible ciphers possible ciphers � A maps to A,B,..Z A maps to A,B,..Z � � could simply try each in turn could simply try each in turn � � a a brute force search brute force search � � given ciphertext, given ciphertext, just try all shifts of letters just try all shifts of letters � � do need to recognize when have plaintext do need to recognize when have plaintext � � eg. break ciphertext "GCUA VQ DTGCM" eg. break ciphertext "GCUA VQ DTGCM" �

Monoalphabetic Cipher Monoalphabetic Cipher � rather than just shifting the alphabet rather than just shifting the alphabet � � could shuffle (jumble) the letters arbitrarily could shuffle (jumble) the letters arbitrarily � � each plaintext letter maps to a different random each plaintext letter maps to a different random � ciphertext letter ciphertext letter � hence key is hence key is 26 26 letters long letters long � Plain: abcdefghijklmnopqrstuvwxyz Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher Monoalphabetic Cipher Security Security � � now have a total of now have a total of 26 26! = ! = 4 4 x x 1026 1026 keys keys � � with so many keys, might think is secure with so many keys, might think is secure but would be !!!WRONG!!! !!!WRONG!!! � � but would be � � problem is language characteristics problem is language characteristics