1. Chapter 2: Crypto Basics
MXDXBVTZWVMXNSPBQXLIMSCCSGXSCJXBOVQXCJZMOJZCVC
TVWJCZAAXZBCSSCJXBQCJZCOJZCNSPOXBXSBTVWJC
JZDXGXXMOZQMSCSCJXBOVQXCJZMOJZCNSPJZHGXXMOSPLH
JZDXZAAXZBXHCSCJXTCSGXSCJXBOVQX
 plaintext from Lewis Carroll, Alice in Wonderland
The solution is by no means so difficult as you might
be led to imagine from the first hasty inspection of the characters.
These characters, as any one might readily guess,
form a cipher  that is to say, they convey a meaning…
 Edgar Allan Poe, The Gold Bug
Part 1  Cryptography

2. Crypto
Cryptology  The art and science of making and breaking “secret codes”
Cryptography  making “secret codes”
Cryptanalysis  breaking “secret codes”
Crypto  all of the above (and more)
A cryptographer  is someone who uses and studies secret codes
A cryptanalyst  is someone who can hack secret codes and read other people’s encrypted messages
Part 1  Cryptography

3. How to Speak Crypto
cipher or cryptosystem is used to encrypt the plaintext
The result of encryption is ciphertext
We decrypt ciphertext to recover plaintext
key is used to configure a cryptosystem
symmetric key cryptosystem uses the same key to encrypt as to decrypt
public key cryptosystem uses a public key to encrypt and a private key to decrypt
So, a cipher is a set of rules (algorithm) for converting between plaintext and ciphertext
Part 1  Cryptography

4. Problems Addressed by Encryption
Suppose a sender wants to send a message to a recipient. An attacker may attempt to
Block the message
Intercept the message
Modify the message
Fabricate an authentic-looking alternate message
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

5. Encryption Terminology
Sender
Recipient
Transmission medium
Interceptor/intruder
Encrypt, encode, or encipher
Decrypt, decode, or decipher
Cryptosystem
Plaintext
Ciphertext
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

6. Crypto Basic assumptions This is known as Kerckhoffs’ Principle
The system is completely known to the attacker
Only the key is secret
That is, crypto algorithms are not secret
This is known as Kerckhoffs’ Principle
Why do we make such an assumption?
Experience has shown that secret algorithms tend to be weak when exposed !
Secret algorithms never remain secret !
Better to find weaknesses beforehand !!
Part 1  Cryptography

7. Encryption/Decryption Process
Crypto as Black Box
Encryption/Decryption Process
key
key
plaintext
encrypt
decrypt
plaintext
ciphertext
A generic view of symmetric key crypto
Part 1  Cryptography

8. Symmetric vs. Asymmetric

9. Symmetric vs. Asymmetric
The same key
The critical difference between symmetric and asymmetric is that symmetric uses a single key for both encryption and decryption, whereas asymmetric uses complementary keys.
two separate keys
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

11. Sender
Recipient

13. Stream vs. Block
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

14. Classification of the Field of Cryptology
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

15. Stream Ciphers Stream Ciphers
In stream ciphers, each byte of the data stream is encrypted separately. This is as opposed to block ciphers, which are shown on the next slide.
Stream Ciphers
Encrypt bits individually (bit-by-bit; sometimes byte-by-byte !?)
Usually small and fast  common in embedded devices
e.g., A5/1 for GSM phones
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

16. Block Ciphers Block Ciphers: Always encrypt a full block
several bits,
DES: i.e. 64 bits = 8 bytes == one block
AES: i.e. 128 bits = 16 bytes = one block
Are common for Internet applications
Unlike a stream cipher, a block cipher encrypts a group of plaintext symbols as a single block. The pros and cons of each model are discussed on the next slide.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

17. Block Cipher Primitives: Confusion vs. Diffusion
Claude Shannon: There are two primitive operations with which strong encryption algorithms can be built:
Confusion: An encryption operation where the relationship between key and ciphertext is obscured (مشوشة).
A common element for achieving confusion is substitution, which is found in both AES and DES.
Diffusion: An encryption operation where the influence of one plaintext symbol is spread over many ciphertext symbols with the goal of hiding statistical properties of the plaintext.
A simple diffusion element is the bit permutation, which is frequently used within DES.
Both operations by themselves cannot provide security.
The idea is to concatenate confusion and diffusion elements to build so called product ciphers.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

18. Product Ciphers
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

19. Stream vs. Block
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

20. Common Symmetric Encryption Methods
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

21. DES: The Data Encryption Standard
Symmetric block cipher
Developed in 1976 by IBM for the US National Institute of Standards and Technology (NIST)
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

22. AES: Advanced Encryption System
Symmetric block cipher
Developed in 1999 by independent Dutch cryptographers
Still in common use
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

23. DES vs. AES
AES has become the dominant symmetric encryption algorithm in use today. We discuss DES in this book both for historical purposes and because it is a relatively simple algorithm to use to explain how cryptographic primitives work.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

24. Public Key (Asymmetric) Cryptography
Instead of two users sharing one secret key:
each user has two keys:
one public key and one private key
public key is made public for others to use, while the private key is known only to its owner.
A general-purpose public-key cryptographic algorithm relies on one of the keys for encryption and a different but related key for decryption.
Messages encrypted using the user’s public key can only be decrypted using the user’s private key, and vice versa
As the names suggest, the public key of the pair is made public for others to use while the private key is known only to its owner
The use of two keys has profound consequences in the areas of confidentiality, key distribution, and authentication.
i.e. some form of protocol is needed for key distribution
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

25. Asymmetric Encryption Algorithms
RSA (Rivest, Shamir, Adleman)
Developed in 1977
Most widely accepted and implemented approach to public-key encryption
Block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.
Diffie-Hellman key exchange algorithm
Enables two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages
Limited to the exchange of the keys
Digital Signature Standard (DSS)
Provides only a digital signature function with SHA-1
Cannot be used for encryption or key exchange
Elliptic Curve Cryptography (ECC)
Security like RSA, but with much smaller keys
RSA One of the first public-key schemes was developed in 1977 by Ron Rivest, Adi
Shamir, and Len Adleman at MIT and first published in 1978 [RIVE78]. The RSA
scheme has since reigned supreme as the most widely accepted and implemented
approach to public-key encryption. RSA is a block cipher in which the plaintext and
ciphertext are integers between 0 and n – 1 for some n.
In 1977, the three inventors of RSA dared Scientific American readers to decode
a cipher they printed in Martin Gardner’s “Mathematical Games” column. They
offered a $100 reward for the return of a plaintext sentence, an event they predicted
might not occur for some 40 quadrillion years. In April of 1994, a group working over
the Internet and using over 1600 computers claimed the prize after only eight months
of work [LEUT94]. This challenge used a public-key size (length of n) of 129 decimal
digits, or around 428 bits. This result does not invalidate the use of RSA; it simply
means that larger key sizes must be used. Currently, a 1024-bit key size (about 300
decimal digits) is considered strong enough for virtually all applications.
DIFFIE-HELLMAN KEY AGREEMENT The first published public-key algorithm
appeared in the seminal paper by Diffie and Hellman that defined public-key
cryptography [DIFF76] and is generally referred to as Diffie-Hellman key exchange,
or key agreement. A number of commercial products employ this key exchange
technique.
The purpose of the algorithm is to enable two users to securely reach agreement
about a shared secret that can be used as a secret key for subsequent symmetric
encryption of messages. The algorithm itself is limited to the exchange of the keys.
DIGITAL SIGNATURE STANDARD The National Institute of Standards and Technology
(NIST) has published Federal Information Processing Standard FIPS PUB 186,
known as the Digital Signature Standard (DSS). The DSS makes use of SHA-1
and presents a new digital signature technique, the Digital Signature Algorithm
(DSA).  The DSS was originally proposed in
1991 and revised in 1993 in response to public feedback concerning the security of the
scheme. There were further revisions in 1998, 2000, 2009, and most recently in 2013 as
FIPS PUB 186–4. The DSS uses an algorithm that is designed to provide only the digital
signature function. Unlike RSA, it cannot be used for encryption or key exchange.
ELLIPTIC CURVE CRYPTOGRAPHY The vast majority of the products and standards
that use public-key cryptography for encryption and digital signatures use RSA.
The bit length for secure RSA use has increased over recent years, and this has put
a heavier processing load on applications using RSA. This burden has ramifications,
especially for electronic commerce sites that conduct large numbers of secure
transactions. Recently, a competing system has begun to challenge RSA: elliptic
curve cryptography (ECC). Already, ECC is showing up in standardization efforts,
including the IEEE (Institute of Electrical and Electronics Engineers) P1363
Standard for Public-Key Cryptography.
The principal attraction of ECC compared to RSA is that it appears to offer
equal security for a far smaller bit size, thereby reducing processing overhead. On
the other hand, although the theory of ECC has been around for some time, it is
only recently that products have begun to appear and that there has been sustained
cryptanalytic interest in probing for weaknesses. Thus, the confidence level in ECC
is not yet as high as that in RSA.

26. Public Key Essentials The essential steps are the following: Example:
Each user generates a pair of keys to be used for the encryption and decryption of messages.
Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private.
each user maintains a collection of public keys obtained from others.
Example:
If Bob wishes to send a private message to Alice, Bob encrypts the message using Alice’s public key. When Alice receives the message, she decrypts it using her private key.
No other recipient can decrypt the message because only Alice knows Alice’s private key.
Confidentiality is Served :
Only the intended recipient should be able to decrypt the ciphertext because only the intended recipient is in possession of the required private key.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

27. Plaintext Encryption algorithm Public and private key Ciphertext
Readable message or data that is fed into the algorithm as input
Encryption algorithm
Performs transformations on the plaintext
Public and private key
Pair of keys, one for encryption, one for decryption
Ciphertext
Scrambled message produced as output
Decryption key
Produces the original plaintext
A public-key encryption scheme has six ingredients (Figure 2.6a):
• Plaintext: This is the readable message or data that is fed into the algorithm as
input.
• Encryption algorithm: The encryption algorithm performs various transformations
on the plaintext.
• Public and private key: This is a pair of keys that have been selected so that
if one is used for encryption, the other is used for decryption. The exact
transformations performed by the encryption algorithm depend on the public
or private key that is provided as input.
Ciphertext: This is the scrambled message produced as output. It depends on
the plaintext and the key. For a given message, two different keys will produce
two different ciphertexts.
• Decryption algorithm: This algorithm accepts the ciphertext and the matching
key and produces the original plaintext.
As the names suggest, the public key of the pair is made public for others to
use, while the private key is known only to its owner. A general-purpose public-key
cryptographic algorithm relies on one key for encryption and a different but related
key for decryption.
The essential steps are the following:
1. Each user generates a pair of keys to be used for the encryption and decryption
of messages.
2. Each user places one of the two keys in a public register or other accessible
file. This is the public key. The companion key is kept private. As Figure 2.6a
suggests, each user maintains a collection of public keys obtained from others.
3. If Bob wishes to send a private message to Alice, Bob encrypts the message
using Alice’s public key.
4. When Alice receives the message, she decrypts it using her private key. No
other recipient can decrypt the message because only Alice knows Alice’s private
key.
With this approach, all participants have access to public keys, and private keys
are generated locally by each participant and therefore need never be distributed.
As long as a user protects his or her private key, incoming communication is secure.
At any time, a user can change the private key and publish the companion public
key to replace the old public key.
Note that the scheme of Figure 2.6a is directed toward providing confidentiality:
Only the intended recipient should be able to decrypt the ciphertext because only
the intended recipient is in possession of the required private key. Whether in fact
confidentiality is provided depends on a number of factors, including the security of
the algorithm, whether the private key is kept secure, and the security of any protocol
of which the encryption function is a part.

28. Bob encrypts data using his own private key
Figure 2.6b illustrates another mode of operation of public-key cryptography.
In this scheme, a user encrypts data using his or her own private key.
Anyone who knows the corresponding public key will then be able to decrypt the
message.
The scheme of Figure 2.6b is directed toward providing authentication
and/or data integrity. If a user is able to successfully recover the plaintext from
Bob’s ciphertext using Bob’s public key, this indicates that only Bob could have
encrypted the plaintext, thus providing authentication. Further, no one but
Bob would be able to modify the plaintext because only Bob could encrypt the
plaintext with Bob’s private key. Once again, the actual provision of authentication
or data integrity depends on a variety of factors. This issue is addressed
primarily in Chapter 21, but other references are made to it where appropriate in
this text.
Bob encrypts data using his own private key
Alice who knows the corresponding public key will be able to decrypt the message
This indicates that only Bob could have encrypted the plaintext,
This can be used in providing authentication (Authenticity is served)

29. Public Key to Exchange Secret Keys
Unfortunately, the public key cryptographic protocols involve several sequences of messages and replies, which can be time consuming if either party is not immediately available to reply to the latest request
This is a great example of asymmetric and symmetric encryption being used together. We need asymmetric to perform the initial exchange securely, but thereafter we can benefit from the speed of a symmetric algorithm.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

30. Key Exchange:Man In the Middle Attack (MIMA)
This exchange is the same as on the previous slide, but with an attacker in the middle. This attack can be defeated using the simple tweak described on pp. 107–108 of the textbook. This is an interesting problem to have students brainstorm or work on for homework.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

31. Public-key : Common Misconceptions
First misconception is that public-key encryption is more secure from cryptanalysis point of view than symmetric encryption.
In fact, the security of any encryption scheme depends on
(1) the length of the key and (2) the computational work involved in breaking a cipher.
There is nothing in principle about either symmetric or public-key that makes one superior to another
A second misconception is that public-key encryption is a general-purpose technique that has made symmetric encryption obsolete.
On the contrary, because of the computational overhead of current public-key encryption schemes, there seems no foreseeable likelihood that symmetric encryption will be abandoned.
Finally, there is a feeling that key distribution is trivial when using public-key encryption, compared to the rather cumbersome handshaking involved with key distribution centers for symmetric encryption.
For public-key key distribution, some form of protocol is needed, often involving a central agent, and the procedures involved are no simpler or any more efficient than those required for symmetric encryption.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

32. Secret Key vs. Public Key Encryption
Symmetric and asymmetric algorithms have complementary strengths and weaknesses and are therefore used both for different purposes and in concert with each other.
(independent channel)
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

33. Cryptanalysis
If the attack is not carried by a brute-force approach, then it is based on one way of Cryptanalysis Methods?!
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

34. Methods of Cryptanalysis
Break (decrypt) a single message
Recognize patterns in encrypted messages
Infer some meaning without even breaking the encryption
such as from the length or frequency of messages
Easily deduce/infer the key to break one message and perhaps subsequent ones
Find weaknesses (error, bug, flaw) in the implementation or environment of use of encryption by the sender
Find general weaknesses in an encryption algorithm
We start with a brief discussion of cryptanalysis because an understanding of what attackers are trying to accomplish (and how they are trying to accomplish it) informs the study of how to protect data from them. The methods listed here are not mutually exclusive, and which ones are applied will depend on a number of factors:
Expertise of the attacker
What information is available to the attacker
What access is available to the attacker
Other constraints, such as time
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

35. Cryptanalysis Inputs Ciphertext only
Look for patterns, similarities, and discontinuities among many messages that are encrypted alike
Plaintext and ciphertext, so the cryptanalyst can see what transformations occurred
Known plaintext—the analyst has an exact copy of the plaintext and ciphertext
Probable plaintext—message is very likely to have certain content, such as a date header
Chosen plaintext—the attacker gains sufficient access to the system to generate ciphertext from arbitrary plaintext inputs
Known plaintext—the analyst has an exact copy of the plaintext and ciphertext
Probable plaintext—message is very likely to have certain content, such as a date header
Chosen plaintext—the attacker gains sufficient access to the system to generate ciphertext from arbitrary plaintext inputs
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

36. From Security in Computing, Fifth Edition, by Charles P
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

37. From Security in Computing, Fifth Edition, by Charles P
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

38. How many keys do we need?
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

39. Examples of Encryption Methods
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

40. Cryptographic Primitives
Substitution
One set of bits is exchanged for another
Transposition
Rearranging the order of the ciphertext to break any repeating patterns in the underlying plaintext
Confusion
A good confusion provides a complex functional/algorithm relationship between the plaintext/key pair and the ciphertext,
changing one character in the plaintext causes unpredictable changes to the resulting ciphertext
Diffusion
Distributes the information from single plaintext characters over the entire ciphertext,
i.e. a small changes to the plaintext result in broad changes to the ciphertext
These are the basic techniques that make up cryptographic algorithms. As we study some algorithms in depth later in the chapter, we’ll see these again and again. The first two—substitution and transposition—are simple mathematical operations used within complex cryptosystems. The latter two—confusion and diffusion—are more conceptual and may be accomplished in a number of different ways depending on the cryptographic algorithm.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

41. Shannon’s Characteristics of Good Ciphers
The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption
The set of keys and the enciphering algorithm should be free from complexity
The implementation of the process should be as simple as possible
Errors in ciphering should not propagate and cause corruption of further information in the message
The size of the enciphered text should be no larger than the text of the original message
The degree of secrecy required factors into questions such as key length and number of rounds and should be based on implementation of the algorithm, current and predicted speeds of computers, and resources of likely attackers.
The process has to work on any kind of plaintext input, and keys should be easy for users to generate, transmit, and store.
As we saw earlier in the book, complexity is the enemy of good security analysis. It is easier to identify flaws in, and to correctly implement, a simpler algorithm, and a simpler algorithm is therefore more likely to be free of flaws.
Communication errors do happen, and when they do, the need for retransmission should be as limited as possible.
A ciphertext that expands dramatically in size cannot possibly carry more information than the source plaintext, yet it gives the cryptanalyst more data from which to infer a pattern. Larger messages also require more transmission time and storage and are therefore less practical for users.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

42. Properties of a Trustworthy Cryptosystem
It is based on sound mathematics
It has been analyzed by competent experts and found to be sound
It has stood the test of time
Good cryptographic algorithms are derived from sound principles and have security properties that are proven by expert mathematicians. Historically, algorithms that have not met this standard have been easily broken. Because cryptographic algorithms are complex, it can take years of analysis before serious flaws are identified.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

43. Simple Substitution Plaintext: fourscoreandsevenyearsago Key:h i j k l m n o p q r s t u v w x y D E F G H I J K L M N O P Q R S T U V W X Y Z A B z C
Plaintext
Ciphertext
Ciphertext:
IRXUVFRUHDQGVHYHQBHDUVDJR
Shift by 3 is “Caesar’s cipher”
Part 1  Cryptography

44. Caesar’s Cipher Decryption
Suppose we know a Caesar’s cipher is being used:
Given ciphertext:
VSRQJHEREVTXDUHSDQWV a b c d e f g h i j k l m n o p q r s t u v w x y D E F G H I J K L M N O P Q R S T U V W X Y Z A B z C
Plaintext
Ciphertext
Plaintext: spongebobsquarepants
Part 1  Cryptography

45. Not-so-Simple Substitution
Shift by n for some n  {0,1,2,…,25}
Then key is n
Example: key n = 7 a b c d e f g h i j k l m n o p q r s t u v w x y H I J K L M N O P Q R S T U V W X Y Z A B C D E F z G
Plaintext
Ciphertext
Part 1  Cryptography

46. Cryptanalysis I: Try Them All
A simple substitution (shift by n) is used
But the key is unknown
Given ciphertext: CSYEVIXIVQMREXIH
How to find the key?
Only 26 possible keys  try them all!
Exhaustive key search
Solution: key is n = 4
Part 1  Cryptography

47. Simple Substitution: General Case
In general, simple substitution key can be any permutation of letters
Not necessarily a shift of the alphabet
For example a b c d e f g h i j k l m n o p q r s t u v w x y J I C A X S E Y V D K W B Q T Z R H F M P N U L G z O
Plaintext
Ciphertext
Then 26! ≈ 288 possible keys
Part 1  Cryptography

48. Cryptanalysis II: Be Clever
We know that a simple substitution is used
But not necessarily a shift by n
Find the key given the ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Part 1  Cryptography

49. Cryptanalysis II Cannot try all 288 simple substitution keys
Can we be more clever?
English letter frequency counts…
Part 1  Cryptography

50. Cryptanalysis II Ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Analyze this message using statistics below
Ciphertext frequency counts: A B C D E F G H I J K L M N O P Q R S T U V W X Y 21 26 6 10 12 51 25 9 3 1 15 28 42 27 4 24 22 Z 8
Part 1  Cryptography

51. Cryptanalysis: Terminology
Cryptosystem is secure if best know attack is to try all keys
Exhaustive key search
Cryptosystem is insecure if any shortcut attack is known
But then insecure cipher might be harder to break than a secure cipher!
What the … ?
Part 1  Cryptography

52.  Double Transposition Plaintext: attackxatxdawn
Permute rows
and columns 
Ciphertext: xtawxnattxadakc
Key is matrix size and permutations: (3,5,1,4,2) and (1,3,2)
Part 1  Cryptography

53. One-Time Pads
This is a diagram of the Vernam cipher, a type of one-time pad. A one-time pad is often used as an example of the perfect cipher, but it is only useful as a concept, as it is completely impractical. A one-time pad is a substitution cipher that uses an arbitrarily large, nonrepeating set of keys for substitution (in the diagram of the Vernam cipher, XOR is used instead of pure substitution), and requires both an unlimited set of completely random keys and absolute synchronization between sender and receiver, both of which are impractical. In terms of resistance to cryptanalysis, the one-time pad is the gold standard against which other encryption algorithms are measured, as it offers no patterns for attackers to analyze.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

54. One-Time Pad: Encryption (OTP)
e= h= i= k= l= r= s= t=111
Encryption: Plaintext  Key = Ciphertext h e i l t r
001
000
010
100
111
101
Plaintext:
Key:
111
101
110
100
000
001 s r l h t
Ciphertext:
Part 1  Cryptography

55. One-Time Pad: Decryption
e= h= i= k= l= r= s= t=111
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Decryption: Ciphertext  Key = Plaintext s r l h t
110
101
100
001
111
Ciphertext:
Key:
111
101
110
100
000
001
010 h e i l t r
Plaintext:
Part 1  Cryptography

56. One-Time Pad Double agent claims following “key” was used: s r l h t k
110
101
100
001
111
Ciphertext:
“key”:
101
111
000
100
110
011
010
001 k i l h t e r
“Plaintext”:
e= h= i= k= l= r= s= t=111
Part 1  Cryptography

57. One-Time Pad Or claims the key is… s r l h t h e l i k s 110 101 100
001
111
Ciphertext:
“key”:
111
101
000
011
110
001
100
010 h e l i k s
“Plaintext”:
e= h= i= k= l= r= s= t=111
Part 1  Cryptography

58. One-Time Pad Summary Provably secure BUT, only when be used correctly
Ciphertext gives no useful info about plaintext
All plaintexts are equally likely
BUT, only when be used correctly
Pad must be random, used only once
Repeating the key is problematic
C1 = P1  K,
C2 = P2  K,
C1  C2 = P1  K  P2  K = P1  P2
Pad is known only to sender and receiver
Note: pad (key) is same size as message
So, why not distribute msg. instead of pad?
Part 1  Cryptography

59. Real-World One-Time Pad
Project VENONA
Soviet Union spies encrypted messages from U.S. to Moscow in 30’s, 40’s, and 50’s
Nuclear espionage, etc.
Thousands of messages
Spy carried one-time pad into U.S.
Spy used pad to encrypt secret messages
Repeats within the “one-time” pads made cryptanalysis possible
Part 1  Cryptography

60. Codebook Cipher Literally, a book filled with “codewords”
Zimmerman Telegram encrypted via codebook
Februar
fest
finanzielle
folgender
Frieden
Friedenschluss
: :
Modern block ciphers are codebooks!
More about this later…
Part 1  Cryptography

61. Codebook Cipher: Additive
Codebooks also (usually) use additive
Additive  book of “random” numbers
Encrypt message with codebook
Then choose position in additive book
Add in additives to get ciphertext
Send ciphertext and additive position (MI)
Msg Indicator: any info needed by the recipient to decrypt the msg.
Recipient subtracts additives before decrypting
Why use an additive sequence?
Part 1  Cryptography

62. Zimmerman Telegram Perhaps most famous codebook ciphertext ever
A major factor in U.S. entry into World War I
Part 1  Cryptography

63. Zimmerman Telegram Decrypted
British had recovered partial codebook
Then able to fill in missing parts
Part 1  Cryptography

64. Authenticity, Integrity & Identity Verification
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

65. Data Integrity: Error Detecting Codes
Data can be corrupted in transmission or storage by a variety of undesirable phenomenon.
It is useful to have a way to detect (and sometimes correct) such data corruption.
Error Detecting Codes:
Finds out whether a block of data has been modified or not?
Techniques for simple error detecting codes:
Parity checks
Cyclic redundancy checks (CRC)
Techniques for cryptographic error detecting codes:
One-way hash functions
Cryptographic checksums
Digital Signatures
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

66. Parity Check: Parity bit or Check bit
An extra bit (fingerprint) is added to an existing group of data bits
It ensure the total number of 1-bits in the string is even or odd.
The simplest form of error detecting code.
There are two variants of parity bits: even parity bit and odd parity bit.
i.e. this data stream would have an even parity bit of 1 and an odd parity bit of 0)
7 bits of data
(count of 1-bits)
8 bits including parity
even
odd 3 4 7
With even parity the fingerprint is 0 if the sum of the data bits (1-bits) is even, and 1 if the sum is odd; that is, the parity bit is set so that the sum of
all data bits plus the parity bit is even.
With odd parity is the same except the overall sum is odd.
For example, the data stream would have an even parity bit of 1 (and an
odd parity bit of 0) because = = 6 (or = 5 for odd parity).
Note: One parity bit can reveal the modification of a single bit.
parity does not detect two-bit errors cases (if two bits in a group are changed)
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

67. One-Way Hash Function
A one-way function can be useful in creating a change detection algorithm.
Often, elements or components of the file are not bound together in any way ! (parity bit not useful any more)
Cryptography can be used to seal a file, encasing it so that any change becomes apparent.
One technique for providing the seal is to compute a function, sometimes called a hash or checksum or message digest of the file.
i.e. the MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to authenticate the original message, verify data integrity, and detect unintentional data corruption..
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

68. Digital Signature
One of the most powerful technique to demonstrate authenticity
A digital signature often uses asymmetric or public key cryptography
Digital Signature:
is a useful way to seamlessly apply public key exchange
a technique by which one party could reliably precompute some protocol steps and leave them in a safe place so that the protocol could be carried out even if only one party were active.
Used for authenticating both source and data integrity
Can be created by encrypting hash code with private key
Note: Digital Signature does not ensure confidentiality ???
Even in the case of complete encryption
Message is safe from alteration but not eavesdropping (passive attack)
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

69. Digital Signatures NIST FIPS PUB 186-4 defines a digital signature as:
“The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity and signatory non-repudiation.”
Thus, a digital signature is a data-dependent bit pattern, generated by an agent as a function of a file, message, or other form of data block
Algorithms:
Digital Signature Algorithm (DSA)
RSA Digital Signature Algorithm (Based on the RSA public-key algorithm)
Elliptic Curve Digital Signature Algorithm (ECDSA)
 Public-key encryption can be used for authentication with a technique known as the
digital signature. NIST FIPS PUB [Digital Signature Standard (DSS) , July 2013]
defines a digital signature as follows: The result of a cryptographic transformation
of data that, when properly implemented, provides a mechanism for verifying origin
authentication, data integrity and signatory non-repudiation.
Thus, a digital signature is a data-dependent bit pattern, generated by an agent
as a function of a file, message, or other form of data block. Another agent can access
the data block and its associated signature and verify (1) the data block has been
signed by the alleged signer, and (2) the data block has not been altered since the
signing. Further, the signer cannot repudiate the signature.
FIPS specifies the use of one of three digital signature algorithms:
• Digital Signature Algorithm (DSA):  The original NIST-approved algorithm,
which is based on the difficulty of computing discrete logarithms.
• RSA Digital Signature Algorithm:  Based on the RSA public-key algorithm.
• Elliptic Curve Digital Signature Algorithm (ECDSA):  Based on elliptic-curve
cryptography.

70. Certificates: Trustable Identities and Public Keys
A certificate is a public key and an identity bound together and signed by a certificate authority (CA)
A certificate authority is an authority that users trust to accurately verify identities before generating certificates that bind those identities to keys
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: ). Copyright 2015 by Pearson Education, Inc. All rights reserved.

71. Summary

72. Claude Shannon The founder of Information Theory
1949 paper: Comm. Thy. of Secrecy Systems
Fundamental concepts
Confusion  obscure relationship between plaintext and ciphertext
Diffusion  spread plaintext statistics through the ciphertext
Proved One-Time Pad (OTP) is secure
One-Time Pad is confusion-only, while double transposition is diffusion-only
Part 1  Cryptography

73. Taxonomy of Cryptography
Symmetric Key
Same key for encryption and decryption
Modern types: Stream ciphers, Block ciphers
Public Key (or “asymmetric” crypto)
Two keys, one for encryption (public), and one for decryption (private)
And digital signatures  nothing comparable in symmetric key crypto
Hash algorithms
Can be viewed as “one way” crypto
Part 1  Cryptography

74. Taxonomy of Cryptanalysis
From perspective of info available to Trudy…
Ciphertext only  Trudy’s worst case scenario
Known plaintext
Chosen plaintext
“Lunchtime attack”
Some protocols will encrypt chosen data
Adaptively chosen plaintext
Forward search (public key crypto)
Expecting a msg., encrypting it (with the public key of the recipient), and comparing the result with the intercepted msg.
Part 1  Cryptography