EE5552 Network Security and Encryption

block 4

Dr. T.J. Owens CEng MIETDr T. Itagaki MIET, MIEEE, MAES

Block 4Basic concepts of cryptography

Objectives (1)After studying this material you should• Appreciate that the central issue in data encryption is the

design of data transformations that are easy, given a specific piece of secret knowledge, but extremely difficult otherwise.

• Recognise that a modern cryptosystem achieves secrecy through an algorithm which computes a code from a key.

• Understand that cryptographic techniques can protect against eavesdropping and tampering.

Objectives (2)After studying this material you should• Be able to calculate the Unicity Distance of a cipher system

and comprehend its significance.• Understand how the one time pad achieves perfect secrecy.• Appreciate that linear feedback shift registers provide a

method for approximating the one time pad.

Boundaries

Encoding

Sample

Decoding

Convert

Channel

Modulation

Demodulation

Block diagram of a communications system. Coding steps in a communications system.

Source

Coding

Source

Decoding

Decryption

Encryption Channel

Coding

Channel

Decoding

Cryptography - terminologyCryptosystem or cipher system is a method of hiding the content

of messages.Cryptography is the art (and science) of creating and using

cryptosystems. Cryptanalysis is the art (and science) of breaking cryptosystems. Cryptology is the study of both cryptography and cryptanalysis.

Key Phrase Cipher A B C D E

A T H I S M

B Y K E W O

C R D A B C

D F G l N P

E Q U V X Z

c.f. Vigenère cipherhttp://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher

Features of the Example Cipher• Easy encoding and decoding• Easy to remember key.• The use of different alphabets for the plain text and cipher

text. • Each input symbol mapped to two output symbols.• Removal of redundancy in the plain text (“i” and “j” treated

as the same letter and spaces omitted.• Independent encoding of plaintext characters• Some letters from the key phrase are discarded.

Data Security and Information Theory

Cryptosystems (1)Aim to transform original data (plaintext) into an unintelligible

form (ciphertext) before transmitting it over a communication system.

This involves computing an invertible transformation of a message that is hard to invert without some secret knowledge known as the key.

Encoding process often called encryption and the decoding process decryption.

Data Security and Information Theory

Cryptosystems (2)An unauthorised person attempting to unauthorised access to a

communications system is a cryptanalyst or adversary.The key must be transmitted from Alice to Bob by a “secure”

channel.Cryptosystems may be used to assure Secrecy/Privacy,

Authenticity/Integrity and Anonymity/Invisibility.

Attacks on Cipher systems (1)• Passive wiretapping (eavesdropping)• Active wiretapping (tampering)

Attacks on Cipher systems (2)• Eve (the cryptanalyst) knows

– The encryption algorithm. – The plaintext statistics or structure.– Probability distribution of keys.– The ciphertext only attack: Eve knows the encryption algorithm and

has some ciphertext and some knowledge of the statistical structure of the plaintext.

– The known plaintext attack. Eve knows the encryption algorithm and has some plaintext together with its corresponding ciphertext.

– The chosen plaintext attack. Eve knows the encryption algorithm and is able to choose some plaintext and arrange that it is encrypted.

Discrete Random VariablesX denotes the number of mouse clicksx: CLICK CLICK CLICK CLICK CLICK CLICK

Y denotes the number of keystrokesy: KEY KEY KEY KEY KEY

we can write: (This denotes the probability that X and Y are equal to x)we cannot write (This would implies that random variable X is the same as

random variable Y)

Probability DistributionThe probability distribution of X is the set of pairs

Discrete Information Sourcesdiscrete information source emits an endless stream of symbols

drawn from an alphabet discrete memoryless source (DMS) is a source that emits a

stream of statistically independent symbols from its alphabet. binary memoryless source has an alphabet of two symbolsRolling a die = DMStossing a coin = binary DMS

Uncertainty and InformationInformation conveyed by a message or symbol with probability p

is

Entropy is the expected information or

Ciphertext only Cryptanalysis (1)Consider the above source and cipher system.

The cryptanalyst knows the plaintext symbol probabilities P(A), P(B), P(C), and P(D) and the probability distribution of the keys (P(k1) and P(k2) are equally likely).

Ciphertext only Cryptanalysis (2)The cryptanalyst

needs to identify the key.

The cryptanalyst can calculate the probabilities that any ciphertext character resulted from a particular plaintext character.

Ciphertext only Cryptanalysis (3)For example, if ciphertext A is observed this results from

plaintext character B and k1 or plaintext character A and k2. So the probabilities of each of these may be calculated as

This process may be continued to build up a table of conditional probabilities

Ciphertext only Cryptanalysis (4)

Suppose the following plaintext has been enciphered using k2 thenPlaintext: DCDBCDADCBCiphertext: DBDCBDADBC

This process may be continued to build up a table of conditional probabilities

Plaintext, Key

Ciphertext A, k1 A, k2 B, k1 B, k2 C, k1 C, k2 D, k1 D, k2

A 0 0.333 0.667 0 0 0 0 0

B 0.25 0 0 0 0 0.75 0 0

C 0 0 0 0.333 0 0 0.667 0

D 0 0 0 0 0.429 0 0 0.571

Ciphertext only Cryptanalysis (5)Suppose the following plaintext has been enciphered using k2

thenPlaintext: DCDBCDADCBCiphertext: DBDCBDADBC

On seeing the ciphertext the cryptanalyst calculates the probability of the two possible corresponding plaintexts (s1 and s2) using the table as follows:

The ciphertext contains one A, three Bs, two Cs and four Ds.

Ciphertext only Cryptanalysis (6)Calculating the product of the relevant conditional probabilities

for each key givesП1 = 0.667 x 0.253 x 0.6672 x 0.4294 = 1.57 x 10-4

П2 = 0.33 x 0.753 x 0.332 x 0.5714 = 1.66 x 10-3

Then

Plaintext s2 = DCDBCDADCB and the key was k2.

Shannon proposed two measures of the security of a cipher system:

Cover Time: This is the time estimated to break the system with unlimited access to plaintext and ciphertext, but using current computing technology.

Unicity Distance: This is the amount of ciphertext required for the key to be identified uniquely.

Unicity Distance (1)For a source X with an alphabet of size and probability

distribution the entropy is the expected information:

Now let ML denote a random plaintext of length L giving ciphertext CL of length L by application of key kx from key set K.

Unicity Distance (2)For any ciphertext the minimum number, n, of cipher text

symbols needed before only one key could have generated that ciphertext is:

The unicity distance is given by the equality of this expression. For k equiprobable keys this is

Infinite Unicity DistanceIf the unicity distance is infinite then we would have a perfectly secure

system.

We have two choices:1. Make the denominator zero,

This is only true if the message is randomly generated or is perfectly compressed, neither of which is possible.

2. Make the numerator infinite, This would seem to require a key of infinite size.

However, for a message of n symbols we only need n randomly generated symbols of the key

Then the unicity distance is greater than n and we need more ciphertext characters than the n available to break the cipher.

This is the basis of a provably unbreakable cipher.

Perfect SecrecyThis gives perfect secrecy if:

i.e. The number of keys equals the number of messages.

A HUGE amount of key data required.

The One Time Pad (1)Proposed by Gilbert Vernam during World War 1The only cipher that provides perfect secrecy.Each key is used only once

The One Time Pad (2)The one time pad is so called because the sender at one time

had a pad of paper upon each page of which there is a truly random sequence of symbols.

A page is destroyed after use so that each key is used only once.The mixing function can be as simple as addition modulo 2.

Note: If M1 + K = C1 and M2 + K = C2 then an attacker can compute C1 – C2 = M1 – M2 and if the messages have enough redundancy they can be recovered.

Approximating the One Time PadOTP is impractical because we cannot mathematically generate

truly random sequences.

Pseudorandom sequences, or pseudonoise, used.

Implementation Using Shift Registers (1)

We can approximate a one-time pad by generating an extremely long psuedorandom sequence (of length or more) and then combining the elements of this sequence with plaintext symbols in a very simple way.

The psuedorandom sequence generator in a stream cipher consists of memory, which holds its current state, and a next state function, which computes a new state at each step.

The output of the sequence generator is some function of its state.

Implementation Using Shift Registers (2)

In the following illustrations the arrows go both ways between the State box and the Next State Function box because the next state is a function of the current state.

Mixer CipherTextPlainText inchunks of afew bits

Next StateFunction

State

Key

InitialState

SelectFunction

Keystream

Mixer CipherTextPlainText inchunks of afew bits

Next StateFunction

State

Key

InitialState

SelectFunction

Keystream

Stream Cipher Cipher Feedback Mode

Implementation Using Shift Registers (3)

A closely related cipher system is the cipher feedback (CFB) configuration where the ciphertext is fed back into the keystream sequence generator.

Thus the ciphertext in a message depends on all the preceding ciphertext in the message.

This can provide message authentication – preventing an adversary tampering with a message undetected.

Wireless technologies use stream ciphers because they approximate the one-time pad and because they only require an encryption card not an encryption and a decryption card.

Binary Linear Feedback Shift Registers (1)

Binary LFSRs are used to generate very long sequences of pseudorandom numbers.

Binary Linear Feedback Shift Registers (2)

The shift register is a sequence of bits (if it is n-bits long, it is called an n-bit shift register).

Each time a new bit is needed all bits in the shift register are shifted 1 to the right.

The new left-most bit is computed as a function of the other bits in the register. The output of the shift register is 1 bit, often the least significant bit.

The Security of LFSRsLFSRs are not secure because of their linearity. Only 2n consecutive bits from the register are required to attack

an LFSR with n stages requires.To obtain the state and feedback coefficients of the register

requires only one matrix inversion since we are solving 2n linear equations.

Nonlinear MethodsCombine the output of two or more registers non-linearly. Many nonlinear combinations of LFSRs have been proposed but

all have some weaknesses making them insecure.The idea of a nonlinear FSR has more merit, however, and the

OFB mode of the DES block cipher to be seen in block 4 is essentially a nonlinear FSR.

Bluetooth deploys a stream cipher built using a nonlinear combination of LFSRs.

home work• http://en.wikipedia.org/wiki/Enigma_machine• http://

lifehacker.com/5978602/use-accented-characters-to-make-your-ios-password-even-stronger

• http://www.labnol.org/software/strong-passcode/27623/