1 / 46

An Introduction to Cryptology & Steganography

An Introduction to Cryptology & Steganography. Mgr. Tomas Foltynek , Ph.D. Department of Informatics Faculty of Business and Economics Mendel University in Brno Czech republic. Introduction. Secure communication problem is as old as mankind

penda
Télécharger la présentation

An Introduction to Cryptology & Steganography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to Cryptology & Steganography Mgr. Tomas Foltynek, Ph.D. Department of Informatics Faculty of Business and Economics Mendel University in Brno Czech republic

  2. Introduction • Secure communication problem is as old as mankind • people want privacy (=nobody reads their messages) • people are curious (=want to read others’ messages) • More communication => more need of security • We often hear about • Hackers, crackers, attackers, • Viruses, worms, Trojan horses • E-banking breakthroughs • Breaking ciphers and secret codes • Hidden messages, watermarks • How are these topics related?

  3. Content • What is cryptology • Symmetric cryptology • Basic principles • Asymmetric cryptology • Digital signature • Steganography

  4. What is cryptology • Science of cryptography and cryptanalysis • Cryptography • science of secret codes, enabling the confidentiality of communication through an insecure channel • e.i. how to make a message uncomprehensible for unauthorised persons • Cryptanalysis • theory of (in)security analysis of cryptographic systems • e.i. how to break ciphers and read secret messages • Also includes Steganography & Steganalysis • how to hide a message • how to find a hidden message • Word origin from Greek: crypto = hidden

  5. The Paradigms of Cryptography • Confidentiality • the content of a message remains secret • information should’n leak to third party • Data integrity • to avoid any malicious data manipulation • insertion, deletion, substitution • Authentication • identification of the author • signature authentication, access control, etc.

  6. Other Goals of Cryptography • Authorisation • confirmation about data origin • Non-repudiation • nobody can deny previous action • Practical notions • Anonymity, electronic payment, electronic votes, zero-knowledge protocol,…

  7. Cryptographic methods • Transposition • change the position of characters • Characters remain the same • Substitution • position of characters remain the same • characters in the message are changed

  8. Transposition • The position of letters is changed • Example: IWSAYNMNAERG – TAMNADAYYAAO IAIGOBTEE – NKNDMYHSA TAAADNHRLVDHMOMYNW – HTMIETEEIEWOYUAKO BTEAEFNAELE – YHNMOANBLE • Solution: It was many and many a year ago In a kingdom by the sea That a maiden there lived whom you may know By the name of Annabel Lee

  9. Scytale (Sparta) • First military cipher in history • Leather tape wound on a pole of given thickness

  10. Substitution • The letters are changed • Codes • binary code • Morse code • Ciphers • Alphabet shifting (Caesar cipher) • Polyalfabetic substitution (Vigenère cipher)

  11. Denotion of Communication Parties • A – Alice – sender of the message • B – Bob – recipient of the message • E – Eve – eavesdropper – tries to break the message • E – encoding/enciphering algorithm • D – decoding/deciphering algorithm • M – message (plaintext) • K – key • C – ciphertext • C = E(M, K); M = D(C, K)

  12. General encryption process • Sender applies encryption algorithm to a plain text • S/he gains a cipher text, sends it to the recipient • Recipient applies decryption algorithm to the cipher text • S/he gains the plain text again

  13. Division of Cryptography • Symmetric cryptography • both sender and recipient have the same key • deciphering is an inversion of enciphering • Asymmetric cryptography • sender and recipient have different keys • mathematic relation • algorithms are generally different • useful for both encryption and digital signature

  14. Modular arithmetics • Arithmetics on a cyclic set • 2 + 3 = 5 (mod 7) • 5 + 4 = 2 (mod 7) • 5 · 4 = 6 (mod 7) • because 20/7 = 2, remainder 6 • 11 · 9 = 1 (mod 7) • because 99/7 = 14, remainder 1 • 35 = 5 (mod7)

  15. XOR operation • eXclusive OR • Logical OR, only one of two given expression can be true • 0  0 = 0 • 0  1 = 1 • 1  0 = 1 • 1  1 = 0 • Sum modulo 2 • Simple enciphering and deciphering C = M  K, M = C  K

  16. Kerckhoffs’ principle • Basic cryptographic principle • Dutch lingvist Auguste Kerckhoffs von Nieuwenhoff (1883) “A cryptosystem is secure even if everything about the system, except the key, is public knowledge” • Security shouldn’t depend on the secrecy of algorithm, but on the secrecy of the key

  17. Caesar Cipher • Alphabet shifted by 3 abcdefghijklmnopqrstuvwxyz DEFGHIJKLMNOPQRSTUVWXYZABC • Example • veni, vidi, vici  YHQL, YLGL, YLFL • Algorithm: alphabet shift • Key: by how many letters • 25 possible keys (English)

  18. Classical Ciphers • Monoalphabeticsubstitutioncipher abcdefghijklmnopqrstuvwxyz JULISCAERTVWXYZBDFGHKMNOPQ • Kryptanalysisvia frequencyanalysis • found by arabictheologists • Zeroletters, codewords, homomorficsubstitution • Vigenère (polyalphabetic) cipher • Key length by Kasiski examination • Frequency analysis • Vernam cipher (one-time pad) • Theoretically unbreakable

  19. Why Was a Computer Invented? • New inventions mostly come of • human laziness • wars • First computer • 1943 Colossus • Great Britain, Bletchley Park • Breaking German ENIGMA code

  20. Breaking the Enigma • Poland – Marian Rejewski • codebooks for day key inference from repeated message key • mechanical decipherer – “bomb” • Alan Turing (1912 – 1954) • Inventor of Turing machine, founder of the theory of computation • Analysed plenty of messages • given structure (weather info) • New type of “bomb” guessing the key from ciphertext and supposed plaintext

  21. Computers in Cryptology • Breaking ciphers = trying huge amount of possibilities • computer does this in quite short time • the end of “classical” ciphers • One-way functions • computation of every input in polynomial time • computation of inverse in exponential time • P != NP problem

  22. Symmetric encryption algorithms • DES, 3DES, AES, IDEA • Block ciphers • Many rounds consisting of transpositions, permutations, substitutions, XOR with key, etc. • Security depends on the key length • Let’s consider 128 bit key • 2128 possible values • 1GHz processor: 230 operations per second • Breaking time: 298 seconds • The age of the Universe: 260 seconds • 1 more bit => breaking time doubles • Problem: How to distribute the key?

  23. Data Encryption Standard • Block symmetric cipher • 1973 – 1974 Horst Fiestel • 16 rounds, Fiestel funciton • expansion, XOR, substitution, permutation • Better methods than brute force attack are known • 3DES • good for thepresent

  24. Asymmetric Cryptography: RSA • A pair of keys is needed • Public key • Private key • Try to • count 13*37 • factorize 527 • Security relies on infeasible factorization of p*q (p,q are primes) • The secret key is derived from a product

  25. Using RSA for Encryption and Digital Signature • Using RSA for encryption • Sender encrypts the message with receiver’s public key (everyone can do this) • Only receiver is able to decrypt the message (s/he is the only one having private key) • Using RSA for digital signature • Author encrypts the message (hash) with his own private key (only he can do this) • Anybody can examine his/her authorship by decrypting the message by author’s public key • Combination (encryption and signature) • Sender encrypts the message both with receiver’s public key and his own private key • Only receiver can decrypt the message and examine authorship

  26. Digital signature scheme

  27. Verification of the Digital Signature

  28. Bypassing cryptography • Cryptanalysis stands behind cryptography • “Unbreakable” ciphers are known • Meant unbreakable in reasonable time • Electromagnetic tapping • Messages are captured before encryption • Tapping can be shielded; In USA special permission from FBI is required • Viruses, Trojan horses

  29. Steganography • Hiding the existence of the message • Hiding messages to almost all file types is possible • Images, Music, Video, Executables, Text, … Source: Wikipedia

  30. Why to use Steganography • Cryptography may be illegal in some countries • We want to hide a message itself • Security by obscurity • Enciphered message arouse suspicion • Protection of communication parties • Not only of a message

  31. Steganography in Antiquity and in the Middle Ages • The battle of Salamis (480 BC) • message hidden under wax on empty tables • The revolt against Persians • The message tattooed to the shaved head of a slave, hidden by regrown hair • China • message written on silk in a wax bullet, messenger swallowed the bullet… • Italy • Secret inks

  32. Steganography in the WW2 • Hiding messages into toys, dolls, flowers… • Sending these things was later banned in UK and USA • Microdots • Text reduced onto size of 1mm • Pasted instead of period • Text covered by post stamp

  33. Second letters • „Apparentlyneutral's protest isthoroughlydiscounted and ignored. Isman hard hit. Blockadeissueaffects pretext for embargo on by-products, ejectingsuets and vegetableoils.“ • Used by Germanspy • PERSHING SAILS FROM NY JUNE 1

  34. Digital Steganography • Hiding messages into data files • Terminology: • Plaintext – message to be hid • Text or a file • Enciphered plaintext (ciphertext) • Covertext – carrier of a message – file we hide in • Stegotext – carrier containing a message

  35. Usage of Steganography • WTC attacks on Sep 11 2001 • Al Quaeda – maps and instruction hidden in images on sport chats and porn sites • Software watermarks • Microsoft’s patent – information about license is hidden into executable • Printer steganography • Yellow tracking dots • Intelligence services • Communication with illegal agents

  36. Steganographic methods for text • Any message is a sequence of 0 and 1 • We need to encode 2 different symbols/states • Plain text • White characters at the end of line • Similar characters (I-1, O-0, etc.) • Formatted text • Similar fonts • Move of lines (by 1/300 inch)

  37. Steganographic methods for images • The most often transferred multimedia • Attracts less attention • LSB = Least Significant Bit • Serves for carrying the information • Image data is changed slightly • Human eye cannot recognize any change • Color palette • Order of colors encodes message • JPEG matrix • Less significant positions in hue matrix

  38. Steganographic methods for audio • LSB (same as images) • Parity coding • Uses parity bit as a carrier • Phase movement (WAV) • DCT decomposes signal to (co)sines • Phase movement encodes message • Composition of sines to “original” sound • Totally different data • Encoding to noise • Echo coding

  39. Steganography in executables • Executable = sequence of instructions • Interchangable instructions • A := 3; B := 5; S := A + B; • Positive / negative conditions • Content of unused variables • Jump over part with message

  40. Steganalysis • Trying known methods • Comparing with known originals • Statistical analysis • Data from the same source • Noise analysis • Data may be changed before hiding • Compression, adding prefixes/suffixes

  41. Steganographic software • www.stegoarchive.com • www.spammimic.com • JPHS (JPEG Hide and Seek)

  42. Sources • Literature • Simon Singh: The Code Book • David Kahn: The Codebreakers • Serge Vaudenay: A Classical Introduction to Cryptography: Applications for Communications Security • Internet • computer.howstuffworks.com/computer-internet-security-channel.htm • en.wikipedia.org/wiki/Category:Computer_security • www.stegoarchive.com

  43. The end • Thank you for your attention • Questions?

More Related