computer...
TRANSCRIPT
Computer Security- Classical Encryption Techniques
Howon Kim
2019.3
2
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
3
Review: Cryptology
◼ Cryptology
❑ Cryptography
◼ designing systems to do secure communication over insecure channels
❑ Cryptanalysis
◼ breaking such systems
4
Review: Threats
Alice Bob
Normal Flow
Eavesdropping
Modification
Impersonation
Confidentiality(기밀성으로방지)
Integrity (무결성으로방지혹은확인)
Authentication(인증으로확인)
5
Review: Security Services◼ Confidentiality or Privacy 기밀성
❑ Eve should not be able to read Alice’s message to Bob.
◼ (Data) Integrity 무결성❑ Bob wants to be sure that Alice’s message has not been altered.
❑ i.e., contain no modification, insertion or deletion
◼ Authentication 인증❑ Bob wants to be sure that his communication partner is Alice.
◼ Non-repudiation 부인방지❑ Alice cannot claim that she did not send the message,
if she actually sent it.
❑ This service is particularly important in electronic commerce applications, where it is important that a consumer cannot deny the authorization of a purchase.
6
Review: Security Services
◼ Access Control 접근제어❑ Prevention of unauthorized use of a resource
❑ This service controls
◼ who can have access to a resource,
◼ under what conditions access can occur,
◼ and what those accessing the resource are allowed to do.
◼ Availability 가용성❑ A system or a system resource should be accessible and
usable
◼ upon demand by an authorized system entity,
◼ according to performance specifications for the system.
7
Review: Cryptographic Mechanisms
Confidentiality
Integrity
Authentication
Encryption algorithm 암호알고리즘
Digital Signature 전자서명
Message Authentication Code 메시지인증코드
- Classical cryptosystems
- Symmetric key algorithms (DES, AES)
- Public key algorithms
(RSA, ElGamal)
- RSA signature
- DSA
8
Review: Confidentiality Model
Alice Bob
Eve
sender receiver
attacker
message message
transform transform
secure
message
secret
information
secret
information
?
9
Review: Confidentiality Model
Alice Bob
Eve
sender receiver
attacker
plaintext plaintext
encrypt decrypt
ciphertext
encryption
key
decryption
key
?
plaintext: 평문
encrypt: 암호화
ciphertext: 암호문
decrypt: 복호화
10
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
11
Classical Cryptosystems
◼ In this chapter we shall cover some of the older cryptosystems that were primarily used before the advent of the computer.
◼ These cryptosystems are too weak to be of much use today.
◼ But they give good illustrations of several of the important ideas of cryptology.
12
Classical Cryptosystems
◼ Classical Cryptosystems
❑ Shift ciphers
❑ Substitution ciphers
❑ Transposition ciphers
❑ Playfair / Enigma
◼ Problems of the classical systems
◼ Ideal solution
◼ Practical solutions
13
Classical Cryptosystems:Our convention
◼ plaintext will be written in lowercase letters.
◼ CIPHERTEXT will be written in capital letters.
◼ The letters of the alphabet are assigned numbers as follows:
◼ Spaces and punctuation are omitted.
a b c d e … x y z
0 1 2 3 4 … 23 24 25
14
1. Shift Ciphers
◼ Julius Caesar’s cryptosystem
◼ Suppose
❑ Caesar wants to send a plaintext such as
◼ gaul is divided into three parts
❑ But he doesn’t want Brutus to read it.
Gaul 지역: Aquitani, Belgae, Celtae
15
1. Shift Ciphers:Encryption and Decryption
◼ Encryption❑ Eliminate all spaces.
◼ gaulisdividedintothreeparts
❑ Shift each letter by three places◼ a becomes D, b becomes E, c becomes F, etc.
◼ The end of the alphabet wrapped around to the beginning, so x becomes A, y becomes B, and z becomes C.
❑ Ciphertext◼ JDXOLVGLYLGHGLQWRWKUHHSDUWV
◼ Decryption❑ Shift back by three spaces (and figure out how to
put the spaces back in.)
16
1. Shift Ciphers: Generalization
◼ Use modular arithmetic.
◼ Encryption with key κ.
❑ x +κ (mod 26) ➔ y
◼ Decryption
❑ y –κ (mod 26) ➔ x
◼ Caesar used key = 3.
17
1. Shift Ciphers: Real Implementation
◼ For uppercase letters▪ Enc: y=65 + (x -65 +κ) (mod 26)
▪ Dec: x=65 + (y -65 -κ) (mod 26)
◼ For lowercase letters▪ Enc: y=65 + (x -97 +κ) (mod 26)
▪ Dec: x=65 + (y -97 -κ) (mod 26)
◼ Caesar used key = 3.
18
1. Shift Ciphers:Attack
◼ Attack❑ Recover the key.
◼ Attack types❑ Ciphertext only
◼ Eve has only a copy of the ciphertext.
❑ Known plaintext◼ Eve has a copy of a ciphertext and the corresponding plaintext.◼ For example, if Eve knows that Alice always starts her message
with “Dear Bob,” then Eve has a small piece of ciphertext and corresponding plaintext.
❑ Chosen plaintext◼ Eve gains temporary access to the encryption machine.◼ She cannot open it to find the key, but she can encrypt a large
number of suitably chosen plaintexts and try to use the resulting ciphertexts to deduce the key.
❑ Chosen ciphertext◼ Eve obtains temporary access to the decryption machine.
19
1. Shift Ciphers:Attack 1. Ciphertext Only Attack
◼ Eve has only the ciphertext.
❑ Y M W J J U F W Y X
◼ Her best strategy is an exhaustive search.
❑ There are only 26 possible keys.
❑ If the message is longer than a few letters, it is unlikely that there is more than one meaningful message that could be the plaintext.
◼ Try to decrypt it!
20
1. Shift Ciphers:Attack 2. Known Plaintext Attack
◼ It’s trivial.
❑ If Eve knows just one letter of the plaintext along with the corresponding letter of ciphertext, she can deduce the key.
◼ In this above example…
❑ Ciphertext: Y M W J J U F W Y X
❑ Plaintext: ? ? ? ? ? p ? ? ? ?
21
1. Shift Ciphers:Other Attacks
◼ Attack 3: Chosen plaintext attack
❑ Choose the letter a as the plaintext.
❑ The ciphertext gives the key itself.
❑ Example: a ➔ F (= 5)
◼ Attack 4: Chosen ciphertext attack
❑ Choose the letter A as the ciphertext.
❑ The plaintext is the negative of the key.
22
◼ Cipher Text Only Attack (Exhaustive Attack)
Example of Cryptanalysis of Caesar Cipher
◼ given ciphertext, just try all shifts of letters
◼ do need to recognize when have plaintext
23
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
24
2. Monoalphabetic Substitution Ciphers: Modification of Shift Ciphers
◼ Each letter in the alphabet is replaced by another letter (Monoalphabetic Cipher)❑ A permutation of the alphabet is chosen and
applied to the plaintext.
❑ The permutation being used is the key.
◼ Example.❑ Encryption Key
❑ Plaintext:
❑ Ciphertext:
a b c d e f g h i j k l m
W M D A J L X Q Y B R C Sn o p q r s t u v w x y z
E I H P F T K O N Z G U V
cryptology
DFUHKICIXU
25
2. Monoalphabetic Substitution Ciphers
◼ Encryption key
◼ Decryption key
◼ Decryption
a b c d e f g h i j k l m
W M D A J L X Q Y B R C Sn o p q r s t u v w x y z
E I H P F T K O N Z G U V
A B C D E F G H I J K L M
d j l c n r x p o e t f b
N O P Q R S T U V W X Y Z
v u q h k m s y z a g i w
DFUHKICIXU cryptology
26
◼ Key space
❑ Large key space: 26! = 403291461126605635584000000 ≈ 4 * 1026
❑ Much larger than that of shift ciphers, which is 26.
◼ with so many keys, might think it is secure
◼ but would be WRONG!
◼ problem is language characteristics
2. Monoalphabetic Substitution Ciphers
27
◼ Cyphertext
2. Monoalphabetic Substitution Ciphers: Ciphertext Only Attack
28
◼ Observation
❑ The distribution of letters in English is not uniform.
❑ The approximate frequencies of letters in English is:
◼ A frequency count for our ciphertext
❑ out of the 520 letters in the ciphertext
We can guess with reasonable confidence that W represents e.
2. Monoalphabetic Substitution
Ciphers: Ciphertext Only Attack
29
◼ What about the other letters?
❑ Simple frequency count is not enough to decide which is which.
◼ That is, English e is by far the most common letter. then T,R,N,I,O,A,S
◼ other letters are fairly rare (cf. Z,J,K,Q,X)
B R S I V A P N
t a o i n s h r
?
2. Monoalphabetic Substitution
Ciphers: Ciphertext Only Attack
30
2. Monoalphabetic Substitution Ciphers: English Letter Frequencies
31
◼ key concept - monoalphabetic substitution ciphers do not change relative letter frequencies
◼ discovered by Arabian scientists in 9th century
◼ calculate letter frequencies for ciphertext
◼ compare counts/plots against known values
◼ if Caesar cipher look for common peaks/troughs
❑ peaks at: A-E-I triple, NO pair, RST triple
❑ troughs at: JK, X-Z
◼ for monoalphabetic must identify each letter
❑ tables of common double/triple letters help
2. Substitution Ciphers:Ciphertext Only Attack
32
◼ given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
◼ count relative letter frequencies (see text)
◼ guess P & Z → e and t
◼ guess ZW is th and hence ZWP is the
◼ proceeding with trial and error finally get:it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
2. Substitution Ciphers:
Ciphertext Only Attack
33
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
34
Playfair Cipher
◼ not even the large number of keys in a monoalphabetic cipher provides security
◼ one approach to improving security was to encrypt multiple letters
◼ the Playfair Cipher is an example
◼ invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair
35
Playfair Key Matrix◼ a 5X5 matrix of letters based on a keyword
◼ fill in letters of keyword
◼ fill the rest of matrix with other letters
◼ eg. using the keyword MONARCHY
◼ Composition of the “Key Matrix table”
RANOM
DBYHC
KI/JGFE
TSQPL
ZXWVU
- I & J are treated as the same
- B,C,D,E,F…
C was already used in the keyword
“MONARCHY”
36
Encrypting and Decrypting
◼ plaintext encrypted two letters at a time:
1. if a pair is a repeated letter, insert a filler like ‘x', eg.
"balloon" encrypts as "ba lx lo on"
2. if both letters fall in the same row, replace each with letter to
right (wrapping back to start from end), eg. “ar" encrypts
as "RM"
3. if both letters fall in the same column, replace each with the
letter below it (again wrapping to top from bottom), eg. “mu"
encrypts to "CM"
4. otherwise each plaintext letter in a pair is replaced by the
letter that lies in its own row and the column occupied by
the other letter. That is, “hs“ becomes "BP", and “ea"
becomes "IM" or "JM" (as desired)
P
Bh
s
37
Security of the Playfair Cipher
◼ The level of security is much improved over monoalphabetic since have 26 x 26 = 676 cases
◼ It would need a 676 entry frequency table to analyze (verses 26 for a monoalphabetic)
◼ and correspondingly more ciphertext
◼ It was widely used for many years (eg. US & British military in WW1)
◼ it can be broken, given a few hundred letters since it still has much of plaintext structure
38
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
39
Polyalphabetic Ciphers
◼ another approach to improving security is to use multiple cipher alphabets
◼ called polyalphabetic substitution ciphers
◼ makes cryptanalysis harder with more alphabets to guess and flatter frequency distribution
◼ use a key to select which alphabet is used for each letter of the message
◼ use each alphabet in turn
◼ repeat from start after end of key is reached
40
Vigenère Cipher
◼ simplest polyalphabetic substitution cipher is the Vigenère Cipher
◼ effectively multiple caesar ciphers
◼ key is multiple letters long K = k1 k2 ... kd
◼ ith letter specifies ith alphabet to use
◼ use each alphabet in turn
◼ repeat from start after d letters in message
◼ decryption simply works in reverse
41
Example – Vigenere Table
Key=d
Plaintext = w
Ciphertext = Z
42
Example
◼ write the plaintext out
◼ write the keyword repeated above it
◼ use each key letter as a caesar cipher key
◼ encrypt the corresponding plaintext letter “we are discovered save yourself”
◼ eg using keyword deceptivekey: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
43
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
44
Transposition Ciphers
◼ now consider classical transpositionor permutation ciphers
◼ these hide the message by rearranging the letter order
◼ without altering the actual letters used
◼ can recognise these since have the same frequency distribution as the original text
45
Rail Fence cipher
◼ write message letters out diagonally over a number of rows
◼ then read off cipher row by row
◼ eg. write message out as:m e m a t r h t g p r y
e t e f e t e o a a t
◼ giving ciphertextMEMATRHTGPRYETEFETEOAAT
46
Row Transposition Ciphers
◼ a more complex scheme
◼ write letters of message out in rows over a specified number of columns
◼ then reorder the columns according to some key before reading off the rowsKey: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
“attack postponed until two am”
47
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
48
Rotor Machines
◼ before modern ciphers, rotor machines were most common product cipher
◼ were widely used in WWII❑ German Enigma, Allied Hagelin, Japanese Purple
◼ implemented a very complex, varying substitution cipher
◼ used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted
◼ with 3 cylinders have 263=17,576 alphabets
49
Rotor Machines
◼ In next figure,❑ If an operator depresses the key for the letter ‘A’,
an electric signal is applied to the first pin (#24) of the first cylinder & flows through the internal connection to the 25th output pin (#24)
❑ This 25th pin is electrically connected to 25th pin (#24) of the second cylinder.
❑ After a key stroke, the first cylinder (fast rotor) is rotated by one position
50
Rotor Machines
A → BB → IC → E
Fast rotor is rotated by 1 position.So, the connection to #24 (of the medium rotor) is
now to be from #6 (of fast rotor)
A → YB → DC → O
내부연결은 바뀌지않음
51
Rotor Machines◼ Example of Rotor Machine (source: Scientific American 1966)
12 1719
1318
20
One key stroke…
12
Fast rotor
Fast rotor
Fast rotor is rotated by 1
position
◼ Set “code of the day” on dials.
◼ Later models: Set additional code with plugs and wires.
◼ Press a button with the letter to encrypt; the encrypted letter lights up.
◼ Each key press advances the dials
German Enigma Machine
◼ http://www.math.miami.edu/~harald/enigma/enigma.gif
Inside the Enigma
◼ Academia largely disinterested
◼ NSA Largest Employer of mathematicians in the world.
Cryptography after WW2
55
Agenda
◼ Review
◼ Classical Encryption Techniques
❑ Shift Cipher & its Cryptanalysis
❑ Monoalphabetic Cipher & its Cryptanalysis
❑ Multiple-Letter Encryption(Playfair cipher)
❑ Polyalphabetic cipher(Vigenere)
❑ Transposition Technique
❑ Rotor Machines
◼ Next…
56
Next… ◼ Most classical cryptosystems are based on the two
operations on alphabets.❑ Substitution
❑ Transposition
◼ These cryptosystems are weak against exhaustive searches and statistical attacks.
◼ Modern cryptosystem will be a solution !
◼ We will study on the private key cryptosystem…