# March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework: Chapter 5, exercises E6-E17Homework: Chapter 5, exercises E6-E17.

## Presentation on theme: "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework: Chapter 5, exercises E6-E17Homework: Chapter 5, exercises E6-E17."— Presentation transcript:

March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework: Chapter 5, exercises E6-E17Homework: Chapter 5, exercises E6-E17 RecapRecap Keystream reuseKeystream reuse File EncryptionFile Encryption

March 2005 2R. Smith - University of St Thomas - Minnesota Recap Trojan horse – a reason for file encryptionTrojan horse – a reason for file encryption –Bob’s defense –What about Chain of Control? Encryption termsEncryption terms –Algorithm, plaintext, ciphertext, key

March 2005 3R. Smith - University of St Thomas - Minnesota Bob’s defense of his files Block everyones’ accessBlock everyones’ access Allow his own accessAllow his own access What does the game do?What does the game do?

March 2005 4R. Smith - University of St Thomas - Minnesota The attack on Bob Game does the work under Bob’s processGame does the work under Bob’s process

March 2005 5R. Smith - University of St Thomas - Minnesota The Encryption Process Convert plaintext to ciphertext with a keyConvert plaintext to ciphertext with a key

March 2005 6R. Smith - University of St Thomas - Minnesota Cryptanalysis Known ciphertext attackKnown ciphertext attack –a.k.a. ciphertext-only attack – classic attack –Newspaper cryptograms –You have ciphertext, no plaintext Known plaintext attackKnown plaintext attack –You have some plaintext for some intercepted ciphertext –The attack used against ENIGMA to reduce the problem

March 2005 7R. Smith - University of St Thomas - Minnesota Looking more at Stream Ciphers Same for streams and one time padsSame for streams and one time pads

March 2005 8R. Smith - University of St Thomas - Minnesota The One Time Pad “Provably secure”“Provably secure” We use 1 bit of random key for EVERY BIT of data we transmit.We use 1 bit of random key for EVERY BIT of data we transmit. Use XOR to encrypt and decryptUse XOR to encrypt and decrypt Sender and recipient must share exactly the same stream of random bits, and use them in exactly the same orderSender and recipient must share exactly the same stream of random bits, and use them in exactly the same order –NO REUSE!!

March 2005 9R. Smith - University of St Thomas - Minnesota One time pads in Decimal To Encrypt:To Encrypt: –Put plaintext in numeric form –Write decimal numbers from pad underneath –Encrypt by doing add-without-carry We discard the carry without changing the neighboring digit.We discard the carry without changing the neighboring digit. To decrypt:To decrypt: –Write ciphertext digits in a row –Write decimal numbers from pad underneath –Decrypt by doing subtract-without-borrow We ‘pretend’ to borrow but don’t change the neighboring digit when we do.We ‘pretend’ to borrow but don’t change the neighboring digit when we do.

March 2005 10R. Smith - University of St Thomas - Minnesota The XOR Reuse Problem If a xor k = AIf a xor k = A and b xor k = Band b xor k = B then A xor B = a xor bthen A xor B = a xor b We can do this with Matlab...We can do this with Matlab...

March 2005 11R. Smith - University of St Thomas - Minnesota Using Matlab im = imread(‘file.gif);im = imread(‘file.gif); –reads the gif file and converts it to a matrix –Assigns the matrix to variable ‘im’ –the “;” at the end prevents Matlab from printing the matrix image(im)image(im) –Displays the image. Enable plot tools from the toolbar Especially the ‘property editor’Especially the ‘property editor’ –Colormap setting – First choose HSV. Then choose custom Under custom, change the arrow to increase bit contrastUnder custom, change the arrow to increase bit contrast eiv = xor (im, key);eiv = xor (im, key); –xors the iv matrix with the key matrix – both same size –eiv gets the result – the ‘;’ suppresses printing the matrix

March 2005 12R. Smith - University of St Thomas - Minnesota Remember this example: Use 128x128 image to hold the messageUse 128x128 image to hold the message XOR with 128x128 random set of bitsXOR with 128x128 random set of bits SC xor KEY = SCESC xor KEY = SCE

March 2005 13R. Smith - University of St Thomas - Minnesota Let’s reuse the bits Trust me, it’s the same key streamTrust me, it’s the same key stream SM xor KEY = SMESM xor KEY = SME

March 2005 14R. Smith - University of St Thomas - Minnesota Look what happens... We combine the 2 ciphertexts with XORWe combine the 2 ciphertexts with XOR Not so secure, eh?Not so secure, eh? SME xor SCE == SM xor SCSME xor SCE == SM xor SC

March 2005 15R. Smith - University of St Thomas - Minnesota File encryption issues Entropy in the passphrasesEntropy in the passphrases –No truncation –Don’t waste bits Reusing the same passwordReusing the same password –All things being equal, if we use the same password twice as the encryption key, we generate an identical keystream –Don’t want that problem again

March 2005 16R. Smith - University of St Thomas - Minnesota File Encryption Process Here’s the perimeterHere’s the perimeter

March 2005 17R. Smith - University of St Thomas - Minnesota Simple password handling

March 2005 18R. Smith - University of St Thomas - Minnesota Using a hash – better Makes longer passphrases effectiveMakes longer passphrases effective

March 2005 19R. Smith - University of St Thomas - Minnesota Nonce and Hash Lets us reuse the same passwordLets us reuse the same password

March 2005 20R. Smith - University of St Thomas - Minnesota Trying file encryption Let’s download some stuffLet’s download some stuff –Sourceforge.net Neocrypt – file encryptionNeocrypt – file encryption Frhed – binary file editorFrhed – binary file editor

March 2005 21R. Smith - University of St Thomas - Minnesota Fundamentals of Crypto Here is a basic example of a ‘crypto protocol’

March 2005 22R. Smith - University of St Thomas - Minnesota Elements of crypto protocols Encryption functionsEncryption functions Hash functionsHash functions Random values (encryption keys)Random values (encryption keys) NoncesNonces Apply the functions to inputsApply the functions to inputs Save extra data with the protected outputSave extra data with the protected output Use the extra data to retrieve or verify the protected outputUse the extra data to retrieve or verify the protected output

March 2005 23R. Smith - University of St Thomas - Minnesota Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by- sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

Download ppt "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework: Chapter 5, exercises E6-E17Homework: Chapter 5, exercises E6-E17."

Similar presentations