dig 3563 – information management cryptography lecture 12 based in part on a lecture by sarah...
TRANSCRIPT
DIG 3563 – Information Management
CryptographyLecture 12
Based in part on a lecture by Sarah Adams (Olin College) and Gordon Prichett (Babson College)
What will you be responsible for?
Specific SKILLS will be called out and
Marked with !! During the lecture notes.
Communication System
Source Destination
Source Encoding
Source Decoding
Encryption Decryption
Error Control Encoding
Error Control Decoding
Modulation Channel Demodulation
Cryptology
Cryptography Inventing cipher systems; protecting
communications and storage
Cryptanalysis Breaking cipher systems
What is used in Cryptology?
Cryptography: Linear algebra, abstract algebra, number
theory – efficient hiding of information Cryptanalysis:
Probability, statistics, combinatorics, computing – ways to find information
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ Key = 3 DEFGHIJKLMNOPQRSTUVWXYZABC
Example Plaintext: OLINCOLLEGE Encryption: Shift by KEY = 3 Ciphertext: ROLQFROOHJH Decryption: Shift backwards by KEY = 3
Caesar Cipher
!! Use a +4 letter offset Caesar Cipher to
encrypt (or decrypt) a message. Example:
Attack Gaul tomorrow at dawn.
step 0: Table: ABCDE FGHIJ KLMNO PQRST UVWXY Z DEFGH IJKLM NOPQR STUVW XYZAB
C
step 1: ATTACKGAULTOMORROWATDAWN
step 2: A-> D, T-> W, etc.
step 3: Break into 5 letter code groups
Answer: DWWDF NJDXO WRPRU URZDW GDZQ
Cryptanalysis of Caesar
Try all 26 possible shifts
Frequency analysis
Most frequent English
Letters are e t a o i n
s h r d l u, etc….
Frequency Analysis You need a good-sized body of cyphertext +
knowledge (or guess) about which language it's in. Find most frequent letters in cyphertext Line up with most freq letters in language See if they match.
(Short cyphertexts … bad news …)
(Look for "e" in Caesar's message on Gaul.)
Substitution Cipher(Slightly stronger than Caesar Cypher)
Permute A-Z randomly:
A B C D E F G H I J K L M N O P… becomes
H Q A W I N F T E B X S F O P C… Substitute H for A, Q for B, etc. Example
Plaintext: OLINCOLLEGE Key: PSEOAPSSIFI
Cryptanalysis of Substitution Ciphers
Try all 26! permutations – TOO MANY! Bigger than Avogadro's Number!
Frequency analysis Crib analysis
What's a crib?
A piece of known plaintext.
Example: If we know that every morning's
encrypted weather report begins with 'Weather Report", we can immediately crack w e a t h r p o from a substitution cypher, and detect if it's a Caesar cypher.
!! Use a crib to crack a code
Assume that the phrase "Heil Hitler" is encrypted in the following text. Determine if (a) it's a substitution or Caesar cypher. (b) If Caesar, what's the offset?
GDHKG HSKDQ
!! How to do it?
GDHKG HSKDQ HE I L H I T LE R
We see
H->G and E->D and I->H and L->K So it's a Caesar Cypher with offset -1
If crib is not at beginning?
You would have to try lots of combinations.
You might even invent a COMPUTER
to help you do it.
One-Time Pads
Assign a number to each letter A B … M N … T U … Z 0 1 … 13 14 … 20 21 … 25 Plaintext: MATHISUSEFULANDFUN Key: NGUJKAMOCTLNYBCIAZ Encryption: “Add” key to message mod 26 Ciphertext: BGO….. Decryption: “Subtract” key from ciphertext mod 26
Modular Arithmetic What does "modular addition" mean?
If the modulus is 10, then numbers go like this:
In: 0 1 2 3 4 5 6 7 8 9 10 11 12 13
Out: 0 1 2 3 4 5 6 7 8 9 0 1 2 3
(start over at 0)
So, 3 mod 10 = 3. 13 mod 10=3. 33 mod 10 = 3.
For modulus 10, it's easy. Just keep last digit.
Modular Arithmetic If modulus is 4?
In: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 ..
Out: 0 1 2 3 0 1 2 3 0 1 2 3 0 1 ..
So, 3 mod 4 = 3. 5 mod 4 = 1
For n modulus 4, Divide & keep remainder.
5/4 = ¼ + 4/4 so throw away the 4/4.
One-Time Pads
They used actual printed 'pads' of paper Unconditionally secure (if pad is random)
Problem: Exchanging the pads ("key")
There are some clever ways to exchange the key
For instance …
New York Telephone Directory (must agree on which edition!) Start on page 42, take every 8th
numeral and use it as the next offset.
Or: Take "Hamlet" by Shakespeare
From page 3, every 3rd letter.
BUT:
Neither the phone book nor Shakespeare
are truly random.
Good statistical analysis (and cribs) will eventually detect ANY regularity
in such a code.
History's most famous cryptanalysis: Enigma
Germans believed it to be uncrackable.
Press a key, a letter lights up.
Each "rotor" contained wires implementing a Substitution cypher.
Five rotors – each shifts after every letter
So you need to know: (a) Rotor wiring,(b) Initial setting on a given day.
Cracking Enigma
• Polish mathematicians developed ideas,
Based on a weakness (A->R and also R->A).
(!!It's really a complex substitution cypher.!!)
• British captured an Enigma from a sinking sub off Scotland
• Alan Turing's team at Bletchley Park
developed the "Bombe" computers to
seek the daily settings, based on cribs.
Enigma and ULTRA
• Over 200 Bombes were operating
• Churchill, Roosevelt could read Nazi traffic
• The tragedy of Coventry
Oneexwidow.blogspot.com
Enigma and ULTRA
• Over 200 Bombes were operating
• Churchill, Roosevelt could read Nazi traffic
• The tragedy of Coventry
* The triumph: Battle of the Atlantic
Modern Cryptology
• First principle:
• Assume that your SYSTEM is known
• The only security is in protecting the KEYS
• "Security by obscurity" does not work!
(which leads to the Second Principle:
Human beings are almost always the weak link.)
!! Security through Obscurity
• "My URL is not linked from anywhere."
• "They'll never think to look HERE for the key to my apartment!
• "Nobody would think of me spelling my pet's name BACKWARDS for a password!"
Key attribute of the STO fallacy: Assuming
That other people are as stupid as you are….
Public-Key Cryptography
• Diffie & Hellman (1976)
• Uses one-way (asymmetric) functions, public keys, and private keys
35
The RSA Public Key Encryption System: Key idea:
• "Trapdoor function": Easy in, difficult out.
Encryption and SSL: Key Concepts
DataEncryption
Anybody canEncrypt and sendA message to Bob
Bob’s Mailbox
36
The RSA Public Key Encryption System: Key idea 1:
• "Trapdoor function": Easy in, difficult out.
Encryption and SSL: Key Concepts
DataEncryption
Decryption
Bob’s Mailbox
Only Bob has theKey to his mailbox.
37
The RSA Public Key Encryption System: Key idea 2:
• "Symmetry": two keys are created: Key 1, Key 2.
If you ENCRYPT with Key 1, you can DECRYPT with K2
If you ENCRYPT with Key 2, you can DECRYPT with K1
How does it work? You don't want to know the math..It involves prime numbers and factorization.
Encryption and SSL: Key Concepts
38
Bob wants private data from Alice. Bob creates a Key pair (two big, special numbers)Bob posts one (the public key) on his websiteBob keeps the private key in a secret place
(Private Key)
Public Key
Encryption and SSL: Key Concepts
Alice in Atlanta
Bob in Boston
39
Bob wants private data from Alice. Bob creates a Key pair (two big, special numbers)Bob posts one (the public key) on his websiteBob keeps the private key in a secret place
(Private Key)Alice grabs acopy of the Public Keypublic key
Public Key
Encryption and SSL: Key Concepts
Alice in Atlanta
Bob in Boston
40
Alice uses the public key, encrypts data ('plaintext'),sends it to Bob. Chris the Criminal grabsa copy as it goes by.
key
plaintext ---> Encryptedpublic key ---> message
public key attempt to Chris getsdecipher ?? garbage
Encryption and SSL: Key Concepts
Alice in Atlanta Bob in BostonChris the crook
41
Bob uses the private key to recover Alice'splaintext.
privatekey
plaintext ---> Encrypted de-public key ---> message cypher
plaintext
Encryption and SSL: Key Concepts
Alice in Atlanta
Bob in Boston
Chris the Crook
42
Another essential usage: Proving who you are.
Alice reads bob.com, wants to do business.But she's worried to send ccard information.
So she sends him a test-text: "ertfqgjmnit43ff...."and says: encrypt this with your private key.
I already know your public key. If your replydecrypts properly by the public key, then I know you had the private key!
Digital Signatures
44
Alice sends test message Bob encrypts
and returns
Alice decryptsand believes
Like the Dutch Resistance in World War 2
You're Dutch? Then say "Schevenengen"German cannot pronounce it,even if he tries
Dutch person hangs up phone
Digital Signatures
SSL and the Internet
• Uses a public key encryption technique
to exchange keys with your browser.
(PKE is too slow for all of the traffic.)
Relies on a "Chain of Authority" to verify
That security certificates (public keys)
Actually belong to who they say.
Chain of Authority
• How it works?
• My business has a security certificate.
• You don't trust it, so you check with its
issuing authority (Thawte, Inc.)
* Who is Thawte? Check with THEIR issuing
authority … back to a trusted source.
• Your browser has a list of trusted authorities.
• (The police-verification story.)