introduction to cryptography techniques how secure is that banking network traffic?
TRANSCRIPT
Introduction to Introduction to Cryptography Cryptography
TechniquesTechniques
How secure is that banking network How secure is that banking network traffic?traffic?
Social and ComputingSocial and ComputingImplications of Implications of CryptographyCryptography The internet is a collection of The internet is a collection of
networks designed to deliver data networks designed to deliver data packets.packets.
Packets are easy to sniff.Packets are easy to sniff.
The internet is not secure, but is The internet is not secure, but is used to connect banks, the power used to connect banks, the power grid, pipelines, transportation grid, pipelines, transportation systems, etc.systems, etc.
TermsTerms
Plaintext – the readable messagePlaintext – the readable message
Ciphertext – the coded messageCiphertext – the coded message
Encryption
Decryption
plaintext ciphertext plaintext
key key
Types of AttacksTypes of Attacks
Ciphertext OnlyCiphertext Only – adversary uses just the ciphertext to gain either the key or the plaintext (really bad encryption)
Known PlaintextKnown Plaintext – adversary gets the key using some ciphertext and its plaintext
Chosen PlaintextChosen Plaintext – adversary introduces some plaintext to generate some ciphertext
Symmetric Key Symmetric Key EncryptionEncryption Both parties share a secret key
The single key is used for both encryption and decryption
Encryption and decryption are equal efforts
Shift CiphersShift Ciphers
key = amount to shift each character
Example: Rotate13‘A’ + 13 = 1 + 13 = 14 = ‘N’
So, the message “aardvark” becomes “nneqinex”.
Shift CiphersShift Ciphers
Advantage of Rot13:Easy to implement. Rot13('A') = 'N' (1 + 13)%26 = 14
Rot13('N') = 'A' (14 + 13)%26 = 1
So, one function does both encoding and decoding.
Disadvantage of Any Rotation:Very easy to break – just try all 26 possibilities.aka - Brute Force Brute Force attack.
Substitution CipherSubstitution Cipher
Key = list of character substitutionsKey = list of character substitutions
Example: Key = “Chair”A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Y Z c h a i r B D E F G J K L M N O P Q S T U V W X
Disadvantage:Susceptible to Character Frequency
Analysis
Character FrequenciesCharacter Frequencies
Character FrequenciesCharacter Frequencies
Start of Word Letter Frequencies
Letter t a i s o c m f p w
Freq 0.1594 0.155 0.0823 0.0775 0.0712 0.0597 0.0426 0.0408 0.040 0.0382
End of Word Letter Frequencies
Letter e s d t n y r o l f
Freq 0.1917 0.1435 0.0923 0.0864 0.0786 0.0730 0.0693 0.0467 0.0456 0.0408
Polyalphbetic CiphersPolyalphbetic Ciphers
Key is repeated and used to shift Key is repeated and used to shift characters.characters.
Example plaintextnow is the time for all
+ keyaar dv ark aard var kaa
Ciphertextopo mo uzp ujei bpj lmm
Polyalphbetic CiphersPolyalphbetic Ciphers
Advantage: Thwarts character frequency analysis. For example, an “e” will encrypt to several different letters.
Disadvantage: Statistics can still be used to break the code.
Polyalphbetic CiphersPolyalphbetic Ciphers
How to Break Them:1 - Look for repeated strings.
For example, if the characters “thi” appear together frequently, then it could be because the key is hitting a common word.
Text = and we need to test and retest
Key = ste ve stev es teve ste vestev
Sum = thi sj gyjz yh njoy thi njmyxp
Polyalphbetic CiphersPolyalphbetic Ciphers
How to Break Them:2 – Determine Probable Key Length
The start of strings “thi” are frequently separated by distances that are multiples of 5. So, key length is probably five.
3A – Try keys of that length.
3B – Use CharFreqAnal on characters separated by that length.
One-Time PadOne-Time Pad
Key is used to shift the plaintext. Key is used only once. Key has same length as the
message.
Advantage: Unbreakable! Disadvantage: Requires lots of
keys.
DESDES History History
DData EEncryption SStandard
Solicited in 1973 by the National Bureau of Standards (National Institute of Standards and Technology)
Developed by IBM and the NSA
Adopted in 1977
DES Design PrinciplesDES Design Principles
Confusion Confusion – complicate the relationship between key and ciphertext
Diffusion Diffusion – spread structure of plaintext around the ciphertext
DES Design OverviewDES Design Overview
http://www.itl.nist.gov/fipspubs/fip46-2.htm
Key = 56 bits plus 8 parity bits 70,000,000,000,000,000 possible
keys of 56 bits Key generates 16 subkeys 16 rounds of functions
Breaking DESBreaking DES
1993 1993 – design of $1M machine to search entire key space in one day
1997 1997 – design of $1M machine to search entire key space in one hour
1999 1999 - “DES Challenge” prize claimed in 22 hours by distributed.net
2006 - University of Bochum and Kiel, University of Bochum and Kiel, Germany, uses $10,000 hardware cost to Germany, uses $10,000 hardware cost to get average time of 6.4 days.get average time of 6.4 days.
triple DES is much less breakable
Unix CryptUnix Crypt
““man 3 crypt”man 3 crypt”
#include <unistd.h> char *crypt(const char *key, const char *salt);
crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.
Password SaltPassword Salt
Based on time when password createdBased on time when password created First two letters in the passwd fieldFirst two letters in the passwd field Used to discourage a brute force attackUsed to discourage a brute force attack
Encrypting every dictionary word then comparing that list to passwd entries will not work since every dictionary word can yield 4096 different possibilities.
Even if my password is the same for Even if my password is the same for two systems, they have different salts two systems, they have different salts so they look differentso they look different
Public Key EncryptionPublic Key Encryption
Two Keys : encryption and decryption
Encryption key is public
Decryption key is private
Once sender encrypts a message, even they can’t decrypt it
Public Key EncryptionPublic Key Encryption
1.1. Receiver sends their public key to Receiver sends their public key to the senderthe sender
2.2. Sender encrypts message using Sender encrypts message using that public keythat public key
3.3. Sender sends encrypted messageSender sends encrypted message
4.4. Receiver decrypts message using Receiver decrypts message using their private keytheir private key
SummarySummary
Nothing on a public Nothing on a public
network is completely network is completely
safe.safe.