Cryptography ThreeB. Ed Crowley. Fall 08

Similar documents
Cryptanalysis. Ed Crowley

1-7 Attacks on Cryptosystems

(8) Cryptanalysis. Close-up of the rotors in a Fialka cipher machine

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014

CSCE 813 Internet Security Symmetric Cryptography

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Outline Basics of Data Encryption CS 239 Computer Security January 24, 2005

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Cryptography and Network Security 2. Symmetric Ciphers. Lectured by Nguyễn Đức Thái

Classical Cryptography. Thierry Sans

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Lecture 4: Symmetric Key Encryption

2.1 Basic Cryptography Concepts

NETWORK SECURITY & CRYPTOGRAPHY

Computer Security: Principles and Practice

Cryptography MIS

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

(2½ hours) Total Marks: 75

Cryptography and Network Security

Syrvey on block ciphers

Cryptography Math/CprE/InfAs 533

Lecture 3: Symmetric Key Encryption

OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Lecture IV : Cryptography, Fundamentals

Some Stuff About Crypto

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

P2_L6 Symmetric Encryption Page 1

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Content of this part

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Cryptographic Concepts

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Cryptography Introduction to Computer Security. Chapter 8

1.264 Lecture 28. Cryptography: Asymmetric keys

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY. Badran Awad Computer Department Palestine Technical college

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

CSC 474/574 Information Systems Security

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Computer Security CS 526

Textbook: Ahmet Burak Can Hacettepe University. Supplementary books:

International Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES

Uses of Cryptography

Computational Security, Stream and Block Cipher Functions

Network Security and Cryptography. 2 September Marking Scheme

ECEN 5022 Cryptography

Ref:

Secret Key Algorithms (DES)

CRYPTOGRAPHY. BY, Ayesha Farhin

CSE 127: Computer Security Cryptography. Kirill Levchenko

CPSC 467: Cryptography and Computer Security

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Security Requirements

Chapter 3 Block Ciphers and the Data Encryption Standard

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

10/3/2017. Cryptography and Network Security. Sixth Edition by William Stallings

Introduction to Cryptology ENEE 459E/CMSC 498R. Lecture 1 1/26/2017

10EC832: NETWORK SECURITY

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

CSCE 715: Network Systems Security

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

PASSWORDS & ENCRYPTION

Encryption. INST 346, Section 0201 April 3, 2018

APNIC elearning: Cryptography Basics

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

Public-key Cryptography: Theory and Practice

Introduction to Cryptology

Shared Secret = Trust

Introduction to Cryptography. Vasil Slavov William Jewell College

UNIT - IV Cryptographic Hash Function 31.1

Introduction to Cryptography

Symmetric, Asymmetric, and One Way Technologies

Lecture 1: Perfect Security

Modern Cryptography Activity 1: Caesar Ciphers

Overview of Conventional Encryption Techniques

Study on data encryption technology in network information security. Jianliang Meng, Tao Wu a

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Cryptography Introduction

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Module 1: Classical Symmetric Ciphers

Sirindhorn International Institute of Technology Thammasat University

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

S. Erfani, ECE Dept., University of Windsor Network Security

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

CPSC 467: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Foundations of Cryptology

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography: Matrices and Encryption

Transcription:

Cryptography ThreeB Ed Crowley Fall 08

Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types

Cryptanalysis.

Science of cracking ciphers and codes, decoding secrets, violating authentication schemes, and in general, breaking cryptographic protocols.

In 1920, The term "cryptanalysis" was coined by William Friedman to describe methods for breaking codes and ciphers. Though, the craft of cryptanalysis is much older. For most classical ciphers, frequency analysis is the basic tool. In natural languages, certain letters of the alphabet appear more frequently. In any sample of English plaintext, "E" is likely to be the most common letter. Similarly, the digraph "TH" is the most likely pair of letters. Frequency analysis relies on a cipher failing to hide these statistics.

As ciphers became more complex, mathematics became more important in cryptanalysis. This change was particularly evident during World War II. Efforts to crack Axis ciphers required new levels of mathematical sophistication. Automation was first applied to cryptanalysis in that era with the Polish Bomba device

By most measures, modern cryptography has become much more impervious to cryptanalysis than the pen-and-paper systems of the past. Most attacks are against the implementation and few are against the underlying algorithm. As William Hugh Murray has observed, there are an infinite number of ways to implement an algorithm, most of them wrong. While we can make statements, about cryptographic strength in the abstract, we can only make statements about security in a specific application and environment context.

Computers have both increased the need for, and decreased the cost of, cryptography. Effectiveness of cryptographic algorithms now resides in complexity rather than in secrecy. Understand that strong security is different than strong cryptography. While modern algorithms are resistant to all but the most resourceful attacks, in practice they are no stronger than the systems and applications in which they are used.!

# The A5/1, A5/2 and CMEA algorithms, used in mobile phone technology, can all be broken in hours, minutes or even in real-time using widely-available computing equipment. In 2001, Wired Equivalent Privacy (WEP), a protocol used to secure Wi-Fi wireless networks, was shown to be susceptible to a practical related-key attack. "

%&&'( Goal Gain ability to decrypt new cipher text Without additional information. Intermediate goal: crack message key. Attacks characterized by three criteria. 1. Prerequisite knowledge and capabilities needed 2. Additional secret information deduced 3. Effort required $

'( Prior knowledge scenarios Ciphertext Only Known Plaintext Chosen Plaintext Adaptive Chosen Plaintext Differential Cryptanalysis Chosen ciphertext Adaptive chosen ciphertext Symmetric Algorithm Attacks Brute Force Meet in the Middle Statistical Hash Attacks Birthday attack Network Attacks Man in the Middle Replay External attacks: Black-bag cryptanalysis Rubber-hose cryptanalysis

&'( Ciphertext Only Cryptanalyst obtains several ciphertext samples. Without plaintext Goal: Determine key. Most difficult type of attack. Requires a very large ciphertext sample. Known Plaintext Based upon ciphertext/corresponding plaintext samples. Could be partial (repeating headers) Goal: determine key

&'( Chosen Plaintext Cryptanalyst can choose what plain text message he wishes to encrypt and view the results. Much, much, stronger than known plain text attack. Optimum type of attack.

&'( Adaptive Chosen Plaintext Special case of chosen-plaintext attack in which the cryptanalyst is able to choose plaintext samples dynamically, and alter his or her choices based on the results of previous encryptions.

) Specific type of chosen plaintext attack Succeeded in 1992 against DES Took 50 days Took 2 14 operations Faster than brute force but not relevant

* Differential Cryptanalysis Specific type of chosen plaintext attack. Looks at the difference between two text blocks Makes use of the fact that after a specific number of rounds, diverse differences bring out specific intermediate results with different probabilities. Based on this, and the known difference between input and output, a statistical forecast can be made about the key Goal: obtain key

&'( Chosen-ciphertext Cryptanalyst may choose a piece of cipher text and attempt to obtain the corresponding plaintext. Generally utilized with public-key cryptosystems Adaptive-chosen-ciphertext Scenario in which a cryptanalyst has free use of a piece of decryption hardware, but is unable to extract the decryption key from it.

+' &'( Brute Force Meet in the middle Differential cryptanalysis Statistical!

, Originally meant trying every possible key until correct key is identified. Advances in computing performance over time makes brute force an increasingly practical attack against fixed length keys. In certain contexts, a dictionary attack can be considered a form of brute force. Now, most often implemented as smart brute force attacks Not all cryptosystems utilize key space appropriately. Those that don t are vulnerable to smart brute force attacks. Makes key likely to be found without searching the entire keyspace. "

+'( Meet in the Middle Applied to double encryption schemes by encrypting known plaintext from one end with each possible key and comparing the results in the middle. Works brute force from both ends. Why 2DES doesn t work Statistical Exploiting the lack of randomness in key generation. $

'( Birthday attack Usually applied to the probability of two different messages using the same hash function that produces a common message digest or Given a message and its corresponding message digest, finding another message that when passed through the same hash function generates the same specific message digest.

-.('( Man in the Middle An attacker taking advantage of the store and forward nature of a network. Works by intercepting messages and forwarding modified versions of the original messages while in-between two parties attempting secure communications. SSL vulnerability

' & A good algorithm must withstand a chosen plaintext attack, otherwise it is not secure. If known plain text or a cipher text only attack succeeds, then algorithm should be discarded.

+ '(

/0 References FM 34-40-2, Basic Cryptanalysis http://www.umich.edu/~umich/fm-34-40-2/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback