1. Cryptography and Network Security 1 Roadmap of Cryptography  classical cryptography (--- 1920s) m secret writing required only pen and paper m Mostly: transposition, substitution ciphers m Easily broken by statistics analysis (e.g., frequency)  mechanical devices invented for encryption m Rotor machines (e.g. Enigma cipher) 1930s-1950s m featured in films, such as in the James Bond adventure From Russia with Love  specification of DES and the invention of RSA (1970s) --- modern ciphers m Public key system, most notably m AES replaces DES m Hash functions being sort of broken  Quantum Cryptography (future?)

2. Cryptography and Network Security 2 Roadmap of Cryptography (cont)  Quantum cryptography currently has two aspects. m quantum key exchange (also known as quantum key distribution), a method for secure communications based on quantum mechanics m conjectured effect of quantum computing on cryptanalysis, although it is currently, like quantum computing itself, only a theoretical concept.  Basic idea of quantum key exchange is to use the "noisy" properties of light to render incoherent an image that acts to complement a secret key. m This image can be represented in a number of ways, but the ability to decode that image rests upon an understanding of how it was made. No way to intercept the transmission without changing it is possible, so key information can be exchanged with great confidence it has been transmitted secretly. m quantum computing will considerably extend the reach of cryptanalysis, making brute force key space searches much more effective -- if such computers ever become possible in actual practice

3. Cryptography and Network Security 3 Cryptography and Network Security History and classical cryptography

4. Cryptography and Network Security 4 History  Ancient ciphers m Have a history of at least 4000 years m Ancient Egyptians enciphered some of their hieroglyphic writing on monuments m Ancient Hebrews enciphered certain words in the scriptures m 2000 years ago Julius Caesar used a simple substitution cipher, now known as the Caesar cipher m Roger bacon described several methods in 1200s

5. Cryptography and Network Security 5 History  Ancient ciphers m Geoffrey Chaucer included several ciphers in his works m Leon Alberti devised a cipher wheel, and described the principles of frequency analysis in the 1460s m Blaise de Vigenère published a book on cryptology in 1585, & described the polyalphabetic substitution cipher m Increasing use, esp in diplomacy & war over centuries

6. Cryptography and Network Security 6 Classical Cryptographic Techniques  Two basic components of classical ciphers: m Substitution: letters are replaced by other letters m Transposition: letters are arranged in a different order  These ciphers may be: m Monoalphabetic: only one substitution/ transposition is used, or m Polyalphabetic:where several substitutions/ transpositions are used  Product cipher: m several ciphers concatenated together

7. Cryptography and Network Security 7 Encryption and Decryption Plaintext ciphertext Encipher C = E (K) (P) Decipher P = D (K) (C) Key source

8. Cryptography and Network Security 8 Key Management  Using secret channel  Encrypt the key  Third trusted party  The sender and the receiver generate key m The key must be same m We will talk more about how we can generate keys for two parties who are “unknown” of each other before, and want secure communication

9. Cryptography and Network Security 9 Attacks  Recover the message  Recover the secret key m Thus also the message  Thus the number of keys possible must be large!

10. Cryptography and Network Security 10 Possible Attacks  Ciphertext only m Algorithm, ciphertext  Known plaintext m Algorithm, ciphertext, plaintext-ciphertext pair  Chosen plaintext m Algorithm, ciphertext, chosen plaintext and its ciphertext  Chosen ciphertext m Algorithm, ciphertext, chosen ciphertext and its plaintext  Chosen text m Algorithm, ciphertext, chosen plaintext and ciphertext

11. Cryptography and Network Security 11 Steganography  Conceal the existence of message m Character marking m Invisible ink m Pin punctures m Typewriter correction ribbon  Cryptography renders message unintelligible!

12. Cryptography and Network Security 12 Contemporary Equiv.  Least significant bits of picture frames m 2048x3072 pixels with 24-bits RGB info m Able to hide 2.3M message  Drawbacks m Large overhead m Virtually useless if system is known  Improvement m Using some “random” sequence of the last bit for storing the data m Challenge: produce such random sequence such that the attacker cannot figure out the sequence!

13. Cryptography and Network Security 13 Caesar Cipher  Replace each letter of message by a letter a fixed distance away m Reputedly used by Julius Caesar  Example: L FDPH L VDZ L FRQTXHUHG I CAME I SAW I CONGUERED m The mapping is ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC

14. Cryptography and Network Security 14 Mathematical Model  Description  Assume all letters are mapped to integers [0,25]  A:-  0, B-  1, ….., Z  25 m Encryption E (k) : i  i + k mod 26 m Decryption D (k) : i  i - k mod 26

15. Cryptography and Network Security 15 Cryptanalysis: Caesar Cipher  Key space: 26 m Exhaustive key search  Example m GDUCUGQFRMPCNJYACJCRRCPQ HEVDVHRGSNQDOKZBDKDSSDQR m Plaintext: JGXFXJTIUPSFQMBDFMFUUFSTKHYGYKUJV GRNCEGNGVVGTU m Ciphertext: LIZHZLVKWRUHSODFHOHWWHUVMJAIAMWX SVITPEGIPIXXIVW

16. Cryptography and Network Security 16 Character Frequencies  In most languages letters are not equally common m in English e is by far the most common letter  Have tables of single, double & triple letter frequencies  Use these tables to compare with letter frequencies in ciphertext, m a monoalphabetic substitution does not change relative letter frequencies m do need a moderate amount of ciphertext (100+ letters)

17. Cryptography and Network Security 17 Letter Frequency Analysis  Single Letter m A,B,C,D,E,…..  Double Letter m TH,HE,IN,ER,RE,ON,AN,EN,….  Triple Letter m THE,AND,TIO,ATI,FOR,THA,TER,RES,…

18. Cryptography and Network Security 18 Letter Frequencies

19. Cryptography and Network Security 19 Letter Frequencies

20. Cryptography and Network Security 20 N-gram Frequencies  Digraph Frequency m th he an in er on re ed nd ha at en es of nt ea ti to io le is ou ar as de rt ve  Trigraph Frequency m the and tha ent ion tio for nde has nce tis oft men m For more, see http://www.letterfrequency.org

21. Cryptography and Network Security 21 Modular Arithmetic Cipher  Use a more complex equation to calculate the ciphertext letter for each plaintext letter  E (a,b) : i  a  i + b mod 26 m Need gcd(a,26) = 1 m Otherwise, not reversible m So, a  2, 13, 26 m Caesar cipher: a=1, b=3

22. Cryptography and Network Security 22 Cryptanalysis  Key space:12*26 m Brute force search  Use letter frequency counts to guess a couple of possible letter mappings m frequency pattern not produced just by a shift  But it is still a substitution, thus we can use frequency analysis m use these mappings to solve 2 simultaneous equations to derive above parameters

23. Cryptography and Network Security 23 Playfair Cipher  The Playfair cipher or Playfair square is a manual symmetric encryption technique and was the first literal digraph substitution cipher. m The scheme was invented in 1854 by Charles Wheatstone, but bears the name of Lord Playfair who promoted the use of the cipher.

24. Cryptography and Network Security 24 Playfair Cipher si/jmpl eabcd fghkn oqrtu vwxyz Key: simple Used in WWI and WWII

25. Cryptography and Network Security 25 Playfair Cipher  Use filler letter to separate repeated letters  Encrypt two letters together m Same row– followed letters  ac--bd m Same column– letters under  qw--wi m Otherwise—square’s corner at same row  ar--bq

26. Cryptography and Network Security 26 Analysis  Size of diagrams: 25! m But the actual different diagrams are not 25! m Two diagrams are the same if they derive the same encryption and decryption method m Then what is the number of difference diagrams in playfair cipher?  25!/25=24!  Difficult using frequency analysis m But it still reveals the frequency information  Frequency of 2-gram (bi-gram, two-letters)

27. Cryptography and Network Security 27 Playfair Cryptanalysis  Like most pre-modern era ciphers, the Playfair cipher can be easily cracked if there is enough text. m Obtaining the key is relatively straightforward if both plaintext and ciphertext are known. m When only the ciphertext is known, brute force cryptanalysis of the cipher involves searching through the key space for matches between the frequency of occurrence of digrams (pairs of letters) and the known frequency of occurrence of digrams in the assumed language of the original message.

28. Cryptography and Network Security 28 Playfair, cont  A different approach to tackling a Playfair cipher is the shotgun hill climbing method. m This starts with a random square of letters. Then minor changes are introduced (i.e. switching letters, rows, or reflecting the entire square) to see if the candidate plaintext is more like standard plaintext than before the change (perhaps by comparing the trigrams to a known frequency chart). m If the new square is deemed to be an improvement, then it is adopted and then further mutated to find an even better candidate. m Eventually, the plaintext or something very close is found to achieve a maximal score by whatever grading method is chosen. m Computers can adopt this algorithm to crack Playfair ciphers with a relatively small amount of text.

29. Cryptography and Network Security 29 Hill Cipher  Hill cipher is a polygraphic substitution cipher based on linear algebra. m Invented by Lester S. Hill in 1929, it was the first polygraphic cipher in which it was practical (though barely) to operate on more than three symbols at once. m Each letter is treated as a digit in base 26: A = 0, B =1, and so on. A block of n letters is then considered as a vector of n dimensions, and multiplied by a n × n matrix, modulo 26. The components of the matrix are the key, and should be random provided that the matrix is invertible in (to ensure decryption is possible). m The Hill cipher has achieved Shannon's diffusion, and an n- dimensional Hill cipher can diffuse fully across n symbols at once.diffusion

30. Cryptography and Network Security 30 Hill Cipher Machine  With fixed Key and patented  Triple encryption was recommended for security: m a secret nonlinear step, followed by the wide diffusive step from the machine, followed by a third secret nonlinear step. m Such a combination was actually very powerful for 1929, and indicates that Hill apparently understood the concepts of a meet-in-the-middle attack as well as confusion and diffusion. m Unfortunately, his machine did not sell.

31. Cryptography and Network Security 31 Hill Cipher  Encryption m Assign each letter an index m C=KP mod 26 m Matrix K is the key  Decryption m P=K -1 C mod 26 m Thus, we can decrypt iff gcd(det(K), 26) =1.

32. Cryptography and Network Security 32 How to Decrypt?  Compute K -1 m Compute det(K) m Check if gcd(det(K), 26) =1 m If not, then K -1 do not exist m Else K -1 is

33. Cryptography and Network Security 33 cont

34. Cryptography and Network Security 34 Hill Cipher Cryptanalysis  Difficult to use frequency analysis  But vulnerable to known-plaintext attack m Give simple method to attack hill cipher under the known-plaintext assumption? m How to attack under the chosen plaintext assumption? m The security could be greatly enhanced by combining with some non-linear step to defeat this attack.

35. Cryptography and Network Security 35 Key Sizes  How may good keys? m One might naïvely think that the key size, in bits, is n 2 log 2 26 or about 4.7n 2.bits  In fact, it is slightly less than this because not all randomly selected matrices are usable. m A slightly less naïve view might guess that 1/2 + 1/26 of candidate keys would be unusable, reducing the keyspace by about 54%.  In fact, determinants are not uniformly distributed, and the key space reduction is closer to 70%. m Additionally it seems to be prudent to avoid too many zeroes in the key matrix, since they reduce diffusion.  The net effect is that the effective keyspace of a basic Hill cipher is about 4.64n 2.  For a 5 × 5 Hill cipher, that is about 114 bits. Of course, key search is not the most efficient known attack

36. Cryptography and Network Security 36 Polyalphabetic Substitution  Use more than one substitution alphabet  Makes cryptanalysis harder m since have more alphabets to guess m and flattens frequency distribution  same plaintext letter gets replaced by several ciphertext letter, depending on which alphabet is used

37. Cryptography and Network Security 37 Vigenère Cipher  Basically multiple Caesar ciphers  key is multiple letters long m K = k 1 k 2... k d m ith letter specifies ith alphabet to use m use each alphabet in turn, repeating from start after d letters in message  Plaintext THISPROCESSCANALSOBEEXPRESSED Keyword CIPHERCIPHERCIPHERCIPHERCIPHE Ciphertext VPXZTIQKTZWTCVPSWFDMTETIGAHLH

38. Cryptography and Network Security 38 Enigma Machine  Enigma was a portable cipher machine used to encrypt and decrypt secret messages. m a family of related electro-mechanical rotor machines German military Japan commercial

39. Cryptography and Network Security 39 Enigma Machine Enigma encryption for two consecutive letters — current is passed into set of rotors, around the reflector, and back out through the rotors again. Letter A encrypts differently with consecutive key presses, first to G, and then to C. This is because the right hand rotor has stepped, sending the signal on a completely different route.

40. Cryptography and Network Security 40 Enigma  the actual encipherment of a letter is performed electrically. m When a key is pressed, the circuit is completed; current flows through the various components and ultimately lights one of many lamps, indicating the output letter. m Current flows from a battery through the switch controlled by the depressed key into a fixed entry wheel. This leads into the rotor assembly (or scrambler), where the complex internal wiring of each rotor results in the current passing from one rotor to the next along a convoluted path. After passing through all the rotors, current enters the reflector, which relays the signal back out again through the rotors and the entry wheel — this time via a different path — and, finally, to one of the lamps (the earliest Enigma models do not have the reflector).

41. Cryptography and Network Security 41 Rotors  performs a very simple type of encryption m a simple substitution cipher

42. Cryptography and Network Security 42 World War II Era Encryption Devices  A few here m Sigaba (United States) m Typex (Britain) m Lorenz cipher (Germany) m Geheimfernschreiber (Germany)  For more, see m http://w1tp.com/enigma/

43. Cryptography and Network Security 43 One-time Pad  theoretically unbreakable (Claude Shannon) m the plaintext is combined with a random "pad" the same length as the plaintext.  Patent by m Gilbert Vernam (AT&T) and Joseph Mauborgne  Encryption m C=P  K  Decryption m P=C  K  Claude Shannon's work can be interpreted as m that any information-theoretically secure cipher will be effectively equivalent to the one-time pad algorithm. Hence one-time pads offer the best possible mathematical security of any encryption scheme, anywhere and anytime.

44. Cryptography and Network Security 44 One-time pad--cont  Drawbacks m it requires secure exchange of the one-time pad material, which must be as long as the message m pad disposed of correctly and never reused  In practice m Generate a large number of random bits, m Exchange the key material securely between the users before sending an one-time enciphered message, m Keep both copies of the key material for each message securely until they are used, and m Securely dispose of the key material after use, thereby ensuring the key material is never reused. It requires a perfect random numbers as key  We will learn how to generate pseudo-random numbers

45. Cryptography and Network Security 45 Random numbers needed  If the key material is generated by a deterministic program then it is not actually random m should never be used in an one-time pad cipher. m If so used, the method becomes a stream cipher; these usually employ a short key that is used to generate a long pseudorandom stream, which is then combined with the message using some such mechanism as those used in one-time pads. Stream ciphers can be secure in practice, but they cannot be absolutely secure in the same provable sense as the one-time pad