1 / 19

Fundamentals of Computer Security

Fundamentals of Computer Security. Elementary Cryptology. Cryptography in Context. The good news: Cryptography is powerful. Cryptography is the easy part. The bad news: Cryptography is not enough. Cryptography is very hard.

bayard
Télécharger la présentation

Fundamentals of Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fundamentals of Computer Security Elementary Cryptology CSCI 379 Fundamentals of Computer Security

  2. Cryptography in Context The good news: • Cryptography is powerful. • Cryptography is the easy part. The bad news: • Cryptography is not enough. • Cryptography is very hard. Our goal in this class is not to become experts in cryptography, but to become well-informed users of this technology. CSCI 379 Fundamentals of Computer Security

  3. The Role of Cryptographyin Communications Confidentiality: Only authorized parties can read the message. Authentication: The identity of the sender of a message can always be ascertained. Integrity: The receiver can easily determine that the message has or hasn’t been tampered with. Nonrepudiation: The sender cannot deny having sent a message. CSCI 379 Fundamentals of Computer Security

  4. Cryptology encryption key decryption key Cryptography encryption algorithm decryption algorithm ciphertext Cryptanalysis plaintext plaintext plaintext CSCI 379 Fundamentals of Computer Security

  5. Algorithms or “Ciphers” Concealment: Hide a message in another piece of data. Substitution: Change the symbols used to write the message. Transposition: Scramble the symbols used to write the message. CSCI 379 Fundamentals of Computer Security

  6. Concealment CiphersorSteganography Steganograpy (covered writing), null cipher, open-letter cipher, conventional writing, dissimulated writing, etc. CSCI 379 Fundamentals of Computer Security

  7. Concealment Ciphers A message is embedded (hidden) within a seemingly inocuous piece of information: A treatise to analyze campus knowledge of undergraduate tenants portrays outright sympathy totally aimed toward negligent idiots notwithstanding elegant amoral mentalities. CSCI 379 Fundamentals of Computer Security

  8. Concealment Ciphers A message is embedded (hidden) within a seemingly inocuous piece of information: Atreatise to analyze campus knowledge of undergraduate tenants portrays outright sympathy totally aimed toward negligent idiots notwithstanding elegant amoral mentalities. attack outpost at nine am CSCI 379 Fundamentals of Computer Security

  9. Lord Bacon’s Cipher Hold OFf uNtIl you hEar frOm mE agAin. wE May cOMpROmIse. HoldO FfuNt Ilyou hEarf rOmmE agAin wEMay cOMpR OmIse baaab baaba baaaa abaaa abaab aabaa abbaa abbab babaa The message could be concealed in markings on a piece of candy, on the palings of a picket fence, on the arrangement of a deck of cards, on published text with slightly different fonts, etc. Bacon’s Bi-literal Alphabet CSCI 379 Fundamentals of Computer Security strike now

  10. A Steganographic Paradigm secret embedding algorithm extraction algorithm open message with embedded secret secret open message CSCI 379 Fundamentals of Computer Security

  11. Embedding Messages in Images Steganogram: 47K bytes; Message: 6.46K bytes Original image: 47K bytes • Detecting that an image has an embedded message visually is nearly impossible. • Checking the size of the image doesn’t help. • The only hope seems to lie in deep, thorough mathematical analysis. Source:Model Based Steganography, Phil Salee, UC Davis. CSCI 379 Fundamentals of Computer Security

  12. Breaking Concealment Ciphers These ciphers depend on the belief that they won’t be identified in a steganogram. One looks for embedded messages in data depending on the level of caution that is warranted. At times, the steganogram may be enciphered using transposition or substitution to further confuse the reader. In the event the reader can break the first cipher and read the steganogram, s/he may think that the secret has been solved. CSCI 379 Fundamentals of Computer Security

  13. Substitution Ciphers CSCI 379 Fundamentals of Computer Security

  14. The Additive Cipher(Caesar Cipher = Shift Cipher with key=3) The key value determines a shift in the cipher text alphabet. Example: PLAINTEXT ciphertext (key=3) PLAINTEXT: HERE BE DRAGONS. ciphertext: khuh eh gudjrqs. POSSIBLE KEY VALUES: 26. WEAK KEY: key=0. CSCI 379 Fundamentals of Computer Security

  15. The Additive Cipher(Caesar Cipher = Shift Cipher with key=3) The key value determines a shift in the cipher text alphabet. Algorithm: for each letter P in the plaintext, compute a corresponding letter C of the ciphertext using the equation below. CSCI 379 Fundamentals of Computer Security

  16. The Multiplicative Cipher Algorithm: for each letter P in the plaintext, compute a corresponding letter C of the ciphertext using the equation below. Caution: we have to be careful with the choice of k! PLAINTEXT ciphertext (key=13) PLAINTEXT ciphertext (key=2) CSCI 379 Fundamentals of Computer Security

  17. The Affine Cipher Algorithm: for each letter P in the plaintext, compute a corresponding letter C of the ciphertext using the equation below. Caution: we still have to be careful with the choice of k! PLAINTEXT ciphertext (key: m=5, a=8) CSCI 379 Fundamentals of Computer Security

  18. Hardening Text Ciphers Consider the occurrence of “space” in the plaintext. One can eliminate all occurrences of “space” compressing the plaintext before encipherment. The text can then be divided into fixed-length groups of letters (the use of “nulls” may be necessary). Another possibility is to treat “space” as just another symbol extending the plaintext and ciphertext alphabets. ORIGINAL PLAINTEXT: HERE BE DRAGONS MODIFIED PLAINTEXT: HEREB EDRAG ONSXX (X=null) ciphertext: KHUKE HGUDJ RQSAA ORIGINAL PLAINTEXT: HERE BE DRAGONS ciphertext: IFSFACFAESBHPOT CSCI 379 Fundamentals of Computer Security

  19. References In print: • Fundamentals of Secure Computer Systems, Brett Tjaden. Franklin, Beedle & Associates, 2003. • Applied Cryptography, Bruce Schneier. Wiley, 1996. • Practical Cryptography, Bruce Schneier and Neils Ferguson. Wiley, 2002. • Cryptanalysis, Helen Fouché Gaines. Dover Publications, Inc., 1939. • The Code Book, Simon Singh. • Security Engineering, Ross Anderson. Online: • http://www.wiretapp.net CSCI 379 Fundamentals of Computer Security

More Related