Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Set of slides 2 Dr Alexei Vernitski.

Similar presentations


Presentation on theme: "Computer Security Set of slides 2 Dr Alexei Vernitski."— Presentation transcript:

1 Computer Security Set of slides 2 Dr Alexei Vernitski

2 Cryptography Codes Ciphers (read more in the textbooks)

3 Example of code: Morse code

4 For discussion In what circumstances would one want to use Morse code? For example: – Is Morse code suitable for storing data? – Is Morse code suitable for protecting data confidentiality?

5 Example of code: ASCII code 97 is a 98 is b 99 is c 100 is d 101 is e 102 is f 103 is g 104 is h 105 is i 106 is j 107 is k 108 is l 109 is m 110 is n 111 is o 112 is p 113 is q 114 is r 115 is s 116 is t 117 is u 118 is v 119 is w 120 is x 121 is y 122 is z

6 Example of code: ASCII code is a is b is c is d is e is f is g is h is i is j is k is l is m is n is o is p is q is r is s is t is u is v is w is x is y is z

7 For discussion In what circumstances would one want to use ASCII code? For example: – Is ASCII code suitable for storing data? – Is ASCII code suitable for protecting data confidentiality?

8 Encoding data in computers Characters are encoded as numbers Numbers are encoded as binary numbers – why? Binary numbers are stored as sequences of bits Memory for storing numbers is allocated in blocks of a standard length, for example, 1 byte = 8 bits Each ASCII code is 7 bits A byte contains 8 bits – why?

9 Example of cipher: Dorabella cipher This note was sent by the composer Elgar to his young friend Dora Penny It is still unknown what is written in the note

10 Cryptography Codes Ciphers Examples of codes: Morse code ASCII code Example of cipher: Dorabella cipher

11 Example: letter to John Trevanion Worthie Sir John:- Hope, that is ye beste comfort of ye afflicted, cannot much, I fear me, help you now. That I would saye to you, is this only: if ever I may be able to requite that I do owe you, stand not upon asking me. 'Tis not much that I can do: but what I can do, bee ye verie sure I wille. I knowe that, if dethe comes, if ordinary men fear it, it frights not you, accounting it for a high honor, to have such a rewarde of your loyalty. Pray yet that you may be spared this soe bitter, cup. I fear not that you will grudge any sufferings; only if bie submission you can turn them away, 'tis the part of a wise man. Tell me, an if you can, to do for you anythinge that you wolde have done. The general goes back on Wednesday. Restinge your servant to command. - R.T.

12 Example: letter to John Trevanion Worthie Sir John:- Hope, that is ye beste comfort of ye afflicted, cannot much, I fear me, help you now. That I would saye to you, is this only: if ever I may be able to requite that I do owe you, stand not upon asking me. 'Tis not much that I can do: but what I can do, bee ye verie sure I wille. I knowe that, if dethe comes, if ordinary men fear it, it frights not you, accounting it for a high honor, to have such a rewarde of your loyalty. Pray yet that you may be spared this soe bitter, cup. I fear not that you will grudge any sufferings; only if bie submission you can turn them away, 'tis the part of a wise man. Tell me, an if you can, to do for you anythinge that you wolde have done. The general goes back on Wednesday. Restinge your servant to command. - R.T.

13 Cryptography Steganography Example of cryptography: Dorabella cipher Example of steganography: John Trevanion’s letter

14 Digital steganography Information can be hidden in picture files or video files We shall look at one example: – 24-bit BMP file format

15 24-bit BMP file format Each pixel of the picture is defined individually by three bytes Each of the three bytes corresponds to one colour component of the pixel: – Red – Green – Blue Thus, the intensity of each of these three colours is in the range

16 24-bit BMP file format I am showing you a very simple example (based on a black square) The code I used is taken from here:

17 For discussion Suppose you plan to use steganography. Would you also consider using cryptography in combination with steganography?

18 Symmetric block ciphers Ciphers Blocks Keys Attacks (read more in the textbooks) (note that today we shall consider only very simple examples, not useful in practice)

19 Caesar cipher without key Today, in all examples, a block is a letter Each block is encrypted separately, using exactly the same algorithm Encryption: A → B → C → … → Y → Z → A Decryption: A → Z → Y → … → C → B → A

20 “Cipher” without key Encryption algorithm plaintext ciphertext Decryption algorithm ciphertext plaintext

21 Caesar cipher without key Encryption: A → B → C → … → Y → Z → A Decryption: A → Z → Y → … → C → B → A It is a block cipher (in this case, block=letter) Is this cipher secure?

22 Caesar cipher with key Key k is a number between 1 and 25 Encryption: each letter is moved k positions to the right in the alphabet Decryption: each letter is moved k positions to the left in the alphabet

23 Cipher with key Encryption algorithm plaintext ciphertext Decryption algorithm ciphertext plaintext key

24 Kerckhoffs's principle One must assume that everything about the cipher, including the encryption and decryption algorithms, are known to the attacker Only the key is not known to the attacker, and confidentiality must be based on this assumption

25 Symmetric cipher Both to encrypt and to decrypt you need a key, and this is the same key in both cases Such a cipher is called symmetric (the same key for both encryption and decryption) Most ciphers are symmetric

26 Attack The algorithm is known Find the plaintext Find the key

27 Caesar cipher with key: an attack Key k is a number between 1 and 25 Because there are not so many keys, we can build a table of all possible keys, or simply try all possible keys one after another This attack is called exhaustive key search, or brute force attack

28 Substitution cipher A table of correspondences is prepared Letters in the second row are placed in a random order (Note that the table is not likely to be stored as a table with two rows when you implement the cipher) ABC…XYZ KUDHMY

29 Substitution cipher Encryption: find the letter in the first row and replace by the corresponding letter in the second row Decryption: find the letter in the second row and replace by the corresponding letter in the first row ABC…XYZ KUDHMY

30 Substitution cipher: attack? Now, there are many keys How many? 26  25  24  …  2  1 This is what is denoted by 26! We cannot use exhaustive key search

31 Substitution cipher: attack 1 However, we have not so many blocks (26). We can successfully use the known plaintext attack See a separate example

32 Substitution cipher: attack 2 We can use frequency analysis Example from E. A. Poe Example from A. Conan Doyle A more realistic example Example: Dorabella cipher

33 Frequency analysis: example This is the substitution cipher from Edgar Allan Poe’s story ‘The Gold-Bug’ (1843). 53‡‡†305))6*;4826)4‡.)4‡);806*;48†8 “Now, in English, the letter which most frequently occurs is e. Afterwards, the succession runs thus: a o i d h n r s t u y c f g l m w b k p q x z.” Then the character successfully decrypts the cipher

34 Frequency analysis: example This is the substitution cipher from Arthur Conan Doyle’s story ‘The Adventure of the Dancing Men’ (1903)

35 The Adventure of the Dancing Men Having once recognised, however, that the symbols stood for letters, and having applied the rules which guide us in all forms of secret writings, the solution was easy enough. The first message submitted to me was so short that it was impossible for me to do more than to say with some confidence that the symbol stood for E. As you are aware, E is the most common letter in the English alphabet, and it predominates to so marked an extent that even in a short sentence one would expect to find it most often. Out of fifteen symbols in the first message four were the same, so it was reasonable to set this down as E.

36 A more realistic example It is a truth universally acknowledged that a single man in possession of a good fortune, must be in want of a wife. ot os i trmtn mhoversiddc ipkhafdelwel tnit i sohwde yih oh gassessoah au i waal uartmhe ymst be oh fiht au i foue The second fragment is produced by applying a substitution cipher and then breaking it with frequency analysis

37 Frequency analysis Simple frequency analysis based only on frequency of individual letters is unlikely to be very successful It is possible to use more advanced statistical techniques to analyse the ciphertext, assuming we know the statistical properties of the plaintext Example of a more advanced solver

38 Dorabella cipher

39 1, 12, 4, 0, 2, 7, 20, 0, 11, 22, 3, 16, 17, 5, 16, 6, 16, 16, 7, 12, 12, 16, 5, 20, 22, 23, 8, 3, 15 20, 16, 20, 7, 20, 0, 11, 10, 0, 4, 16, 16, 4, 7, 8, 17, 20, 16, 3, 16, 7, 19, 15, 17, 5, 23, 11, 11, 23, 3, 15 4, 15, 7, 19, 15, 4, 5, 19, 18, 8, 15, 4, 16, 7, 19, 17, 15, 8, 0, 12, 8, 15, 7, 0, 8, 23, 0

40 Frequency of letters in English language

41 Symbol frequencies in Dorabella cipher and in an average English text

42 ‘Decryption’ of Dorabella cipher This is an example of what a simple frequency analysis produces and a ‘decryption’: wlioytsodfheurepeetllersfmnha sestsodboieeitnusehetcaurmddmha iatcaircgnaietcuanolnatonmo More advanced versions of frequency analysis also cannot break Dorabella cipher Probably, in this cipher not only substitutions, but also permutations are used.

43 What we have considered today: Examples of ciphers Caesar cipher without key Caesar cipher with key Substitution cipher

44 What we have considered today: Types of attack Unknown plaintext Known plaintext Known statistical properties of plaintext

45 Sample exam questions Explain briefly the difference between a code and a cipher. Give one example of a code and one example of a cipher, explaining briefly why these examples demonstrate well the difference between codes and ciphers.

46 Sample exam questions Describe an example of a technology which can be classified as steganography. Explain why you would classify it as steganography.

47 Sample exam questions Give a short definition of how the brute force attack works. Explain briefly why Caesar’s cipher can be attacked using the brute force attack, whereas the substitution cipher cannot. More generally, explain which types of ciphers are vulnerable to the brute force attack, and which are not.

48 Sample exam questions Explain why frequency analysis can be successfully used for attacking the substitution cipher. Suggest one parameter of a cipher which is likely to make it less vulnerable to frequency analysis.


Download ppt "Computer Security Set of slides 2 Dr Alexei Vernitski."

Similar presentations


Ads by Google