cs457 – introduction to information systems security cryptography 1a

CS457 – Introduction to Information Systems Security

Cryptography 1a

Elias [email protected]

Elias Athanasopoulos 2

Cryptography Elements

Symmetric Encryption- Block Ciphers- Stream Ciphers

Asymmetric EncryptionCryptographic Hash FunctionsApplications

CS-457


Computer Security“The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software,

firmware, information/ data, and telecommunications). ”

CS-457


CIA Confidentiality

- Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.

- Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Integrity- Data integrity: Assures that information and programs are changed only in a

specified and authorized manner. - System integrity: Assures that a system performs its intended function in an

unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Availability- Assures that systems work promptly and service is not denied to authorized users.

CS-457


An Example

CS-457

Confidentiality: Bad guys cannot

see messages

Integrity: Bad guys cannot change

messages

Availability: The system is

operational

System/ServiceCommunication


How to achieve CIA?

Crypto algorithms- “Hide” messages, sign messages, provide

guarantees about sent/received messages, etc.Secure systems

- Apply Crypto concepts in protocols, systems, etc.Software defenses

- Ensure that software is not manipulated

CS-457


The need to remain secret

CS-457


Cryptographic Jargon Plaintext

- This is the original intelligible message or data that is fed into the algorithm as input.

Encryption algorithm - The encryption algorithm performs various substitutions and transformations on

the plaintext. Secret key

- The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time.

Ciphertext:- This is the scrambled message produced as output. It depends on the plaintext

and the secret key. Decryption algorithm

- This is essentially the encryption algorithm run in reverse.

CS-457


NOT Security via Obscurity

The encryption/decryption algorithm is assumed to be known

Security is based on- Secrecy of the key- Hard to infer the plaintext via the ciphertext by

just knowing the keyCryptanalysis

- Infer the plaintext from ciphertext without knowing the key

CS-457


Symmetric Encryption

CS-457


Caesar Cipher

CS-457


C = E(3, p) = (p + 3) mod 26

CS-457

Key: 3


Or…

Plain: abcdefghijklmnopqrstuvwxyz Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC

CS-457


Encrypting a message

Plain: meet me after the toga party Cipher: PHHW PH DIWHU WKH WRJD SDUWB

CS-457


Is this secure?

CS-457

Simple Brute Force attack: we need to try

25 different keys.


Increase the key space

Permutations: {a, b, c}- abc, acb, bac, bca, cab, cba

Size: 6 (or 3! ~ 1*2*3)- In general the size is n! (n is the size of the set)

For the alphabet: 26!

CS-457


Is this secure?

CS-457

Frequency Analysis


Example

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

CS-457


Count Frequencies

CS-457


Compare with English

CS-457


And try…

CS-457


Voila!

CS-457


One-Time PadCiphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih plaintext: mr mustard with the candlestick in the hall

Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih plaintext: miss scarlet with the knife in the library

Key = Size of message

CS-457


Transposition

CS-457


Modern Symmetric Ciphers

DES, 3DES, and AES- AES is the dominant one, today

Based on- Substitutions and transpositions

Very complexType

- Block- Stream

CS-457


Block vs Stream

Block cipher - one in which a block of plaintext is treated as a

whole and used to produce a ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used.

Stream cipher- one that encrypts a digital data stream one bit or

one byte at a time.

CS-457


Block Cipher

CS-457


Stream Cipher

CS-457


Block cipher

Plaintext of n bits produces a ciphertext of n bits- Block size: n bits

Space of different plaintext blocks: 2^n- Each block must be unique

CS-457


Encryption should be reversible

CS-457


General n-bit-n-bit Block (n = 4)

CS-457


Decryption/Encryption

CS-457


Problems

Vulnerable to statistical attacks - Small blocks can take limited transformations- Increase n

Key size: 4 bits * 16 rows- In general: n * 2^n- Approximate the ideal case

CS-457


Feistel Cipher

Goal- Approximate the ideal cipher- Reduce statistical properties between plaintext,

ciphertext, and key(s) Difussion

- Each plaintext digit affect the value of many ciphertext digits

Confusion- The statistics of the ciphertext and the value of the

encryption key is as complex as possible CS-457


Feistel Cipher

CS-457

Substitution: right part is transformed by F(Ki) and

XORed with left part.

Permutation: right part swapped with left part.


Properties

Block size: - Larger block sizes mean greater security but reduced

encryption/decryption speed for a given algorithm. A block size of 64 bits is reasonable tradeoff. AES uses a 128-bit block size.

Key size: - Larger key size means greater security but may decrease

encryption/ decryption speed. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size.

CS-457


Properties

Number of rounds:- The essence of the Feistel cipher is that a single round

offers inadequate security but that multiple rounds offer increasing security. A typical size is 16 rounds.

Subkey generation algorithm: - Greater complexity in this algorithm should lead to

greater difficulty of cryptanalysis. Round function F:

- Again, greater complexity generally means greater resistance to cryptanalysis.

CS-457


Extra (desired) properties

Fast software encryption/decryption: - In many cases, encryption is embedded in applications

or utility functions in such a way as to preclude a hardware implementation.

Ease of analysis: - There is great benefit in making the algorithm easy to

analyze. It is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. DES, for example, does not have an easily analyzed functionality.

CS-457


Block modes

CS-457

Mode Description Typical Application

Electronic Codebook (ECB) Each block of 64 plaintext bits is encoded independently using the same key.

• Secure transmission of single values (e.g., an encryption key)

Cipher Block Chaining (CBC)

The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext.

• General-purpose block- oriented transmission • Authentication

cs457 – introduction to information systems security cryptography 1a

Documents