CHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY. Badran Awad Computer Department Palestine Technical college

Transcription

1 CHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY Badran Awad Computer Department Palestine Technical college

2 CHAPTER 1 Introduction Historical ciphers Information theoretic security Computational security Cryptanalysis techniques Security of Algorithms

3 INTRODUCTION Who has used cryptography? Within the last 10 minutes Today? In your whole life?

4

5

6

7 Cryptography: Multi-Disciplinary

8 Cryptography: Multi-Disciplinary Number Theory Probability Algebraic Geometry Complexity Coding Theory Engineering Security

9 Cryptography: Multi-Disciplinary Number Theory Probability Algebraic Geometry Complexity Coding Theory Engineering Security

10 What is cryptography about? Adversary: a clever person with powerful computer Main goals: Data privacy. Data integrity.

11 Data Privacy Adversary: does not learn any information about m. Example: m is a credit-card number sent to Bob, we want to make a sure Adversary does not learn it.

12 Data Integrity Goal: m really comes from Alice m has not modified in transit

13 Ideal World Kryptonite pipe Kryptonite pipe: cannot see inside or alter content. All our goals would be achieved. But: hard to implement in practice.

14 Cryptography!!!

15 Cryptographic Schemes Enc: encryption algorithm. Dec: decryption algorithm Ke: encryption key Kd: decryption key

16 Cryptographic Schemes Cryptographer goals: How to define security goals? How to define Enc, Dec? How to gain confidence that Enc, Dec achieve goals?

17 Encryption Schemes

18 Encryption Schemes

19 Encryption Schemes

20 Encryption Schemes

21 Encryption Schemes

22 Encryption Schemes

23 Encryption Schemes

24 Provable security

25 Provable security

26 Provable security

27 Provable security the motivation

28 Provable security the motivation

29 Provable security the motivation

30 Provable security the motivation

31 Provable security the motivation

32 Provable security the motivation

33 Kirchhoff's principle

34 Kirchhoff's principle

35 A more refined picture

36 A more refined picture

37 A more refined picture

38 Kirchhoff's principle

39 Kirchhoff's principle

40 Kirchhoff's principle

41 Kirchhoff's principle obscurity

42 A more mathematical view

43 A more mathematical view

44 A more mathematical view

45 A more mathematical view

46 A more mathematical view - refined

47 Shift Cipher

48 Shift Cipher

49 Security of the shift cipher

50 Security of the shift cipher

51 Security of the shift cipher

52 Substitution Cipher

53 Substitution Cipher

54 Substitution Cipher

55 How to break the substitution cipher? First successful formal attack on ciphers was established by Al-Kindi ( ). It was probably religiously motivated textual analysis of the Qur'an which led to the invention of the frequency analysis technique for breaking monoalphabetic substitution ciphers by al-kindi sometime around AD 800.

56 How to break the substitution cipher? Brute force attack: 26! 1026 Use statistical patterns of the language. For example: the frequency tables Texts of 50 characters can be usually be broken this way. Look at the example from the textbook.

57 Other famous historical cipher

58 The Vigenere Cipher (Polyalphabetic) The Vigenere Cipher (Polyalphabetic) It uses 2 or more cipher alphabets, switching between them during encryption, thereby confusing potential cryptanalysis. Able to produce different cipher for same alphabet. Blaise de Vigenere ( ) The Vigenere square can be used for encryption and decryption. Leon Battista Alberti ( )

59 The Vigenere Cipher First one choose a keyword, example LEMON. Then one writes it over and over again on the plaintext. PLAINTEXT: KEYWORD: ATTACKATDAWN LEMONLEMONLE CIPHERTEXT: LXFOPVEFRNHR

60 The Vigenere Cipher So, is it still secure???? No. In 1854 Charles Babbage developed a test that succeeded to attack this cipher. In 1863 Friedrich Kasiski was the first to publish a successful attack on the Vigenere cipher. The primary weakness of the Vigenere cipher is the repeating nature of its key. This cipher was secure from about 1553 till 1854 (301 years!!!) What s next????

61 The Enigma machine.

62 The Enigma machine.

63 The Enigma machine.

64 Exercises Write a program that can encrypt and decrypt using the general Caesar cipher. Write a program that can perform a letter frequency attack on an additive cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify give me the top 10 possible plaintexts. Write a program that can perform a letter frequency attack on any mono-alphabetic substitution cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify give me the top 10 possible plaintexts.

65 How to define security of an encryption scheme?

66 How to define security of an encryption scheme?

67 How to define security of an encryption scheme?

68 How to define security of an encryption scheme?

69 Idea 1

70 Idea 1

71 Idea 2

72 Idea 2

73 Idea 3

74 Idea 3

75 Idea 4

76 Idea 4

77 How to formalize the Idea 4?

78 What does it mean to achieve secure encryption? Adversary cannot find the secret key. Adversary cannot find plaintext corresponding to ciphertext. Adversary cannot determine any character of plaintext that corresponds to the ciphertext. Adversary cannot determine any meaningful information about plaintext from ciphertext. Adversary cannot compute any function of plaintext from ciphertext.

79 Cryptographic goals Confidentiality to keep the content of information from al but those who are authorized to have them. Data integrity to be able to detect alteration of data. Authentication to be able to identify entities in communication. Non-repudiation to prevent an entity from denying previous commitments or actions.

80 Types of attacks (cryptanalysis techniques) 1. Ciphertext only attack The cryptanalyst has the ciphertext of several messages, which are encrypted using the same algorithm. The cryptanalyst job is to: Deduce the plaintext Or better deduce the key used to encrypt the message in order to decrypt other messages encrypted with the same keys. That is, Given : Deduce : C 1 = Ek P 1, C 2 = Ek P 2,, Ci = Ek(Pi) P 1, P 2,, Pi or k

81 Types of attacks (cryptanalysis techniques) 2. Known plaintext attack The cryptanalyst has access to not only the ciphertext of several messages, but also to the plaintext of those messages. The cryptanalyst job is to: Deduce the key(s) used to encrypt the messages. Deduce the algorithm to decrypt any new messages encrypted with the same key (from step (a)) That is, Given: P 1, C 1 = Ek P 1,, Pi, Ci = Ek(Pi) Deduce : Either k or an algorithm to infer P i + 1 from C i + 1 = Ek(Pi + 1)

82 Types of attacks (cryptanalysis techniques) 3. Chosen plaintext attack The cryptanalyst not only has access to the ciphertext and associated plaintext for several messages, but he also chooses the plaintext to be encrypted. The cryptanalyst job is to: Deduce the key(s) used to encrypt the messages Deduce the algorithm to decrypt any new messages encrypted with the same key (from step (a)) That is, Given: P 1, C 1 = Ek P 1,, Pi, Ci = Ek Pi Where the cryptanalyst gets to choose P 1, P 2,, Pi Deduce: Either k or an algorithm to infer P i + 1 from C i + 1 = Ek(Pi + 1)

83 Types of attacks (cryptanalysis techniques) 4. Chosen ciphertext attack The cryptanalyst can choose different ciphertext to be decrypted and has access to the decrypted plaintext. The cryptanalyst job is to: Deduce the key That is, Given : C 1, P 1 = Dk C 1,, Ci, Pi = Dk(Ci) Deduce : k

84 Types of attacks (cryptanalysis techniques) 5. Chosen key attack The cryptanalyst has SOME knowledge about the relationship between different keys. Not practical. 6. Brute force attack The cryptanalyst will try every possible key one-by-one and checking whether the resulting plaintext is meaningful. 7. Rubber hose attack Torture, blackmail etc.

85 Security of Algorithms Different algorithms offer different degrees of security. Cost to break algorithm > value of data (SAFE) Time to break algorithm > time encrypted data must remain secret (SAFE) Amount of data encrypted with a single key < amount of data necessary to break the algorithm (SAFE)

86 Complexity of an attack One can measure the complexity of an attack in different ways: Data complexity: The amount of data needed as input to the attack. Processing complexity: The time needed to perform the attack. Also known as work factor. Storage requirements: The amount of memory needed to do the attack.

87 Exercises Read about The Wassenaar Arrangement and International Traffic in Arms Regulation (ITAR) then answer these questions. Has it always been legal for American to teach cryptography outside of US? And Why? Give me a Case Study. From regulations mentioned in question 1, what is the maximum key length allowed to be embedded on exported cryptography machine? What is the minimum key length for a cryptography systems to be secure if based on the Discrete Log Problem? Solve the exercises at the end of chapter 1.