ee5552 network security and encryption block 5 dr. t.j. owens cmath, fima, mieee dr t. itagaki miet,...
TRANSCRIPT
EE5552 Network Security and Encryption
block 5
Dr. T.J. Owens CMath, FIMA, MIEEEDr T. Itagaki MIET, MIEEE, MAES
Block 5Simple Ciphers and Classical Ciphers
and A Complexity Measure for Security
Objectives (1)After studying this material you should• Understand the following concepts: additive cipher,
multiplicative cipher, modular arithmetic.• Understand how a key can set the parameters of a
mathematical transformation.• Understand in general terms how an adversary might attack
these ciphers.
Objectives (2)After studying this material you should• Be able to define the terms one-way function, one way hash
function and one way trapdoor function and state their relevance to cryptography.
• Be able to outline how the complexity of a problem or algorithm is measured.
• Know what it means for a problem to be in complexity class P.• Understand that in modern scalable cryptosystems encryption
and decryption are in P and cryptanalysis is not.
Educational ProgramCryptool (1)The material in this block can seem a little abstract. To visualise
the concepts it contains an educational program called CrypTool about cryptography and cryptanalysis is recommended.
You can download Cryptool fromhttp://www.cryptool.com/
Educational ProgramCryptool (2)
Security does not depend on keeping the encoding algorithm secret it depends on keeping the key secret.
Caesar Cipher (1)Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZCiphertext: DEFGHIJKLMNOPQRSTUVWXYZABC
In ASCII code wise…Encryption: En(x) = (x + n) mod 26
Dycription: Dn(x) = (x - n) mod 26
where n is shift (= key)
Modular arithmetic is used in RSA public key cryptography which is used in WPA.
Caesar Cipher (2)Caesar Cipher is a transposion/substituion cipher.The replacement remains the same throughout the message, so
the cipher is classed as a type of monoalphabetic substitution, as opposed to polyalphabetic substitution.
Caesar Cipher (3)Breaking the cipher (1)The Caesar cipher can be easily broken even in a ciphertext-only
scenario. Two situations can be considered:1) an attacker knows (or guesses) that some sort of simple
substitution cipher has been used, but not specifically that it is a Caesar scheme;
2) an attacker knows that a Caesar cipher is in use, but does not know the shift value.
Caesar Cipher (4)Breaking the cipher (2)In the first case, the cipher can be
broken using the same techniques as for a general simple substitution cipher, such as frequency analysis or pattern words. While solving, it is likely that an attacker will quickly notice the regularity in the solution and deduce that a Caesar cipher is the specific algorithm employed.
The distribution of letters in a typical sample of English language text
http://en.wikipedia.org/wiki/Caesar_cipher
Caesar Cipher (5)Breaking the cipher (3)In the second instance, breaking
the scheme is even more straightforward. Since there are only a limited number of possible shifts (26 in English), they can each be tested in turn in a brute force attack.
A brute force approach is to match up the frequency distribution of the letters.
The distribution of letters in a typical sample of English language text
http://en.wikipedia.org/wiki/Caesar_cipher
Caesar Cipher (6)For a visualisation of the Caesar cipher in CrypTool from the pull
down menu choose:Indiv. Procedures/Visualization of Algorithms/Caesar
Caesar Cipher (7)Frequency distribution – keyboard layout (UK, D)
http://en.wikipedia.org/wiki/Keyboard_layout
Caesar Cipher (8)Frequency distribution – keyboard layout (UK, FR)
http://en.wikipedia.org/wiki/Keyboard_layout
Caesar Cipher (9)Frequency distribution? – keyboard layout (UK, JP)
http://en.wikipedia.org/wiki/Keyboard_layout
Caesar Cipher (10)Frequency distribution? – keyboard layout (D, PL)
http://en.wikipedia.org/wiki/Keyboard_layouthttp://ascii-table.com/img/keyboard-214.png
Caesar Cipher (11)Strengthening the cipher (1)The frequency distribution of the letters is the main problem, an
application of a random number table/generator, as an additive cipher, would be a help – hiding the repeats and the frequency distribution.
c.f. Vigenère cipherhttp://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
Classic military ciphers usually comply with an implementation guide (logic-sequence/algorism), a code (word/dictionary) book and a random number table.
Caesar Cipher (12)Strengthening the cipher (2)In accordance with the implementation guide, the message
header should contain the key to the starting point (or the initial setting) of the random number table/generator.
• To encode, each symbol would be added with the random number from the sequence.
• To decode, each symbol would be deducted with the random number from the sequence.
Caesar Cipher (13)Strengthening the cipher (3)The cryptanalysts may be able to realise the use of a random
number table/generator. However, without having the same random number table/generator with the initial setting, it would be very difficult to decrypt, as long as the random number table/generator is good enough.
However, the deployment of the specific code book and random number table/generator is a logistical problem.
c.f. length of passwordhttp://en.wikipedia.org/wiki/Enigma_machine
Caesar Cipher (14)Strengthening the cipher (4)interlacingStrip Cipher
http://en.wikipedia.org/wiki/M-94
http://en.wikipedia.org/wiki/Cryptography
Other Monoalphabetic CiphersMultiplicative ciphers (1)Encrypt: (a x k) mod m This is just multiplication modulo m.Decrypt: (a x k-1) mod m
(k x k-1) mod m = (k-1 x k) mod m
NOTE: Inverses mod m do not always exist.
Other Monoalphabetic CiphersMultiplicative ciphers (2)Also possible ambiguity.Key k is 2 and 6 received Two possible messages were sent (3 and 16), since
(3 x 2) mod 26 = (16 x 2) mod 26 = 6So this transformation is not invertible.To avoid the problem choose key that does not share any
divisors with the modulus.Keys are coprime or relatively prime to (have no common
factors with) the modulus.
Suitable Keys for a Multiplicative Cipher (1)
Use a prime modulus, then any non-zero key can be used:Calculation of the inverse of a key k
where (a x k) mod m
Let Ф(m) = number of positive integers < m that are coprime with m; if m is prime Ф(m) = m - 1.
Then we use FERMAT’S THEOREM that:1 mod mk-1 mod m
Suitable Keys for a Multiplicative Cipher (2)
Suppose we want the multiplicative inverse of 3 mod 53. Then we calculate k-1 = km-2 mod m >> 351 mod 53
3 x 18 =54 = 1 mod 53 as requiredSo, 3-1 mod 53 = 18 mod 53
Cryptanalysis of Multiplicative Ciphers (1)
If the modulus is non-prime, then the plaintext may have a common factor with m. The cryptanalyst must solve
(pq)k = pr mod pswhich gives the equation
qk = r mod ps
Suppose the plaintext is a and the ciphertext is b the cryptanalyst must solve:
a x k = m b = b mod m
for some k. If m is prime k = b a-1 mod m
Cryptanalysis of Multiplicative Ciphers (2)
By calculatingk = rq-1 mod ps
one possible value for the key is obtained. The others arek + s, k + 2s, k + 3s….
ExampleIf we know that plaintext 15 produces ciphertext 12 mod 21
Cryptanalysis of Multiplicative Ciphers (3)
ExampleIf we know that plaintext 15 produces ciphertext 12 mod 21
Since the keys 12 and 19 are also possible so we need some further plaintext - ciphertext pairs to determine a unique value for the key.
Nevertheless, a multiplicative cipher is not significantly harder to break than an additive cipher.
A Complexity Measure for Security (1)
Technology is notoriously hard to predict:Where a calculator on the ENIAC is equipped with 18,000
vacuum tubes and weighs 30 tons, computers in the future may have only 1,000 vacuum tubes and weigh only 1½ tons.
(Popular Mechanics, March 1949)
In this section we examine the theory that can give some assurance that a cryptosystem will be secure in the future.
A Complexity Measure for Security (2)
One-way Functions:The concept of a one-way function is fundamental to modern cryptography. Such a function, say f(x), is a function that is easy to compute but which is
extremely difficult to invert.
Example 9.2-1 FactorisationThe question: “What is the product of 23, 31, 52 and 111?” has easy answer,
6600 BUT the question: “What are the prime factors of 6600?” is much harder.OR Factorise 1323
Variants on the Idea of One-Way Function (1)
One-way Hash FunctionsHash function y = H(x) is a many-to-one function.Takes big number, or piece of text, or some other data and
computes from it a smaller number or bit vector.The intention is that the probability of two distinct typical
arguments giving the same result is uniformly small.
Variants on the Idea of One-Way Function (2)
ExampleIn CrypTool compute a hash of the starting example text using the SHA-1
function.From the pull down menu chose:Indiv. Procedures/Hash/SHA-1Write down the hash of startingexample-enNow go to:File/Open and Open CrypTool-en and compute its hash using the SHA-1 function.Write down the hash of CrypTool-en and compare it with that of
startingexample-en. What do you observe?
Variants on the Idea of One-Way Function (3)
One-way hash function is designed so that y = H(x) is easy to compute but x = H-1(y) is extremely hard.
Hash functions are widely used in wireless systems to verify the authenticity of messages
SHA-1 is a one-way hash function
Variants on the Idea of One-Way Function (4)
Trapdoor One-way Functions
A trap door one-way function is a one-way function together with a certain piece of additional information (the “trapdoor”) that enables easy calculation of f-1.
For example: one of the factors of 1323 is 33
Cryptographic Applications of One-way Functions (1)
Authenticating MessagesPassword ProtectionStream Cipher: A one-way hash function could be
used to create a secure stream cipher as in the diagram.
Since the input to the one-way function cannot be determined from its output, the state of the counter cannot be determined.
Cryptographic Applications of One-way Functions (2)
Block Cipher (DES)Public Key Cryptography (RSA)Message Authentication in a Public Key System
Asymptotic Complexity (1)A problem with complexity n2 will be harder to solve than a
problem with complexity 10000n for all inputs of size greater than 10,000.
Thus we choose to ignore constant factors to get a degree of technology independence, since changes in technology only affect constant factors.
Asymptotic Complexity (2)The graph below shows how some functions vary with n.
A exp(Bn) > Cn Dlog(En) > Fn3G > Hn2l
This is true regardless of the values of the constants A-I.
Comparing the asymptotic magnitude of two functions (1)
Is for large enough n and for all values of a (>1) and b?
If we take logs of both sides we obtain the equivalent condition
So there will be a member of the set of natural numbers
n = {0, 1, 2, …} to satisfy this condition for any a (>1) and b, so an is always greater than
Comparing the asymptotic magnitude of two functions (2)
We ignore terms that are insignificant for very large n. Thus for example we shall not distinguish between n4 and n4+100n3+25n, since n4 becomes arbitrarily larger than 100n3+25n as n increases.
Notation for Asymptotic Complexity (1)
Domain n = {0, 1, 2, …}.UPPER BOUND “ f(n) grows no more quickly than
g(n)”.LOWER BOUND “f(n) grows at least as quickly as
g(n)”.TIGHT BOUND and
write
Notation for Asymptotic Complexity (2)
Example Consider the function This is and Recall for we ignore constant factors like 5x and for
we ignore because it grows more slowly than .It is also and Note the 5 in is not a constant factor.Hence in addition
)1( , )( 5n , )( lognn , )105( n
)10( nO , nO 510 , )105( nO
)105( n and )10( lognn n
Measuring the Complexity of a Problem
Primitive OperationsProblem solution time is measured by the number of steps, or primitive
operations that must be performed. Usually, • They can be computed in a time that is independent of their arguments.• They have a finite domain - they accept as input only a fixed number of
distinct values.• They can be implemented by fixed size logic circuits.
More formally, the (time) complexity of a problem is generally stated as the number of primitive steps required by some model of computation.
Classifying Decision Problems P (1)
Class P: functions whose complexity is no greater than for some constant a.
Problems in P are regarded as easy or feasible, and problems that are not are regarded as hard or infeasible or intractable.
A problem has at least exponential time complexity if its complexity is and such problems are provably intractable for large n.
Classifying Decision Problems P (2)
Example: A polynomial function and an exponential function
Compare operations required for n10 and 1.1n
N n10 1.1n
2 1024210 21.11.1 2
1000 3010 101000 411000 1047.21.1
Scalable cryptosystems (1)A cryptosystem is scalable if it allows us to set the cryptanalyst a
harder task whenever the time spent on encryption and decryption is increased, by using a longer key.
To achieve scalability, it must be arranged that as the cryptosystem is scaled up, the time required for cryptanalysis increases much faster than the time spent on encryption and decryption.
Scalable cryptosystems (2)A modern scalable cryptosystem is designed so that encryption and
decryption are computationally feasible but identification of the key by a cryptanalyst is infeasible.• A problem is considered feasible if it is in class P and infeasible if it is
not.• It follows that cryptosystems are designed so that encryption and
decryption are in P and cryptanalysis is not. By choosing a sufficiently large key the cryptographer can ensure that the
cryptanalyst cannot afford sufficient computer power to attack it.A user of AES can implement it as a scalable cryptosystem by increasing its
key length; AES supports key sizes of 128, 192, and 256 bits. IEEE 802.11i recommends the use of AES.
home work• http://en.wikipedia.org/wiki/Cipher • http://en.wikipedia.org/wiki/Enigma_machine• http://en.wikipedia.org/wiki/Enigma_(2001_film)• http://en.wikipedia.org/wiki/Windtalkers• http://en.wikipedia.org/wiki/Colossus_computer• http://en.wikipedia.org/wiki/Steganography