1 / 47

DIG 3563 – Information Management Cryptography Lecture 12

DIG 3563 – Information Management Cryptography Lecture 12. Based in part on a lecture by Sarah Adams (Olin College) and Gordon Prichett (Babson College). What will you be responsible for?. Specific SKILLS will be called out and Marked with !! During the lecture notes.

dasan
Télécharger la présentation

DIG 3563 – Information Management Cryptography Lecture 12

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DIG 3563 – Information Management CryptographyLecture 12 Based in part on a lecture by Sarah Adams (Olin College) and Gordon Prichett (Babson College)

  2. What will you be responsible for? Specific SKILLS will be called out and Marked with !! During the lecture notes.

  3. Communication System

  4. Cryptology • Cryptography • Inventing cipher systems; protecting communications and storage • Cryptanalysis • Breaking cipher systems

  5. Cryptography

  6. Cryptanalysis

  7. What is used in Cryptology? • Cryptography: • Linear algebra, abstract algebra, number theory – efficient hiding of information • Cryptanalysis: • Probability, statistics, combinatorics, computing – ways to find information

  8. Caesar Cipher • ABCDEFGHIJKLMNOPQRSTUVWXYZ • Key = 3 • DEFGHIJKLMNOPQRSTUVWXYZABC • Example • Plaintext: OLINCOLLEGE • Encryption: Shift by KEY = 3 • Ciphertext: ROLQFROOHJH • Decryption: Shift backwards by KEY = 3

  9. Caesar Cipher !! Use a +4 letter offset Caesar Cipher to encrypt (or decrypt) a message. Example: Attack Gaul tomorrow at dawn. step 0: Table: ABCDE FGHIJ KLMNO PQRST UVWXY Z DEFGH IJKLM NOPQR STUVW XYZAB C step 1: ATTACKGAULTOMORROWATDAWN step 2: A-> D, T-> W, etc. step 3: Break into 5 letter code groups Answer: DWWDF NJDXO WRPRU URZDW GDZQ

  10. Cryptanalysis of Caesar • Try all 26 possible shifts • Frequency analysis Most frequent English Letters are e t a o i n s h r d l u, etc….

  11. Frequency Analysis • You need a good-sized body of cyphertext + knowledge (or guess) about which language it's in. • Find most frequent letters in cyphertext • Line up with most freq letters in language • See if they match. (Short cyphertexts … bad news …) (Look for "e" in Caesar's message on Gaul.)

  12. Substitution Cipher(Slightly stronger than Caesar Cypher) • Permute A-Z randomly: A B C D E F G H I J K L M N O P… becomes H Q A W I N F T E B X S F O P C… • Substitute H for A, Q for B, etc. • Example • Plaintext: OLINCOLLEGE • Key: PSEOAPSSIFI

  13. Cryptanalysis of Substitution Ciphers • Try all 26! permutations – TOO MANY! Bigger than Avogadro's Number! • Frequency analysis • Crib analysis

  14. What's a crib? • A piece of known plaintext. Example: • If we know that every morning's encrypted weather report begins with 'Weather Report", we can immediately crack w e a t h r p o from a substitution cypher, and detect if it's a Caesar cypher.

  15. !! Use a crib to crack a code • Assume that the phrase "Heil Hitler" is encrypted in the following text. Determine if (a) it's a substitution or Caesar cypher. (b) If Caesar, what's the offset? • GDHKG HSKDQ

  16. !! How to do it? • GDHKG HSKDQ • HE I L H I T LE R • We see H->G and E->D and I->H and L->K • So it's a Caesar Cypher with offset -1

  17. If crib is not at beginning? You would have to try lots of combinations. You might even invent a COMPUTER to help you do it.

  18. One-Time Pads • Assign a number to each letter • A B … M N … T U … Z • 0 1 … 13 14 … 20 21 … 25 • Plaintext: MATHISUSEFULANDFUN • Key: NGUJKAMOCTLNYBCIAZ • Encryption: “Add” key to message mod 26 • Ciphertext: BGO….. • Decryption: “Subtract” key from ciphertext mod 26

  19. Modular Arithmetic • What does "modular addition" mean? • If the modulus is 10, then numbers go like this: • In: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 • Out: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 • (start over at 0) • So, 3 mod 10 = 3. 13 mod 10=3. 33 mod 10 = 3. • For modulus 10, it's easy. Just keep last digit.

  20. Modular Arithmetic • If modulus is 4? • In: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 .. • Out: 0 1 2 3 0 1 2 3 0 1 2 3 0 1 .. • So, 3 mod 4 = 3. 5 mod 4 = 1 • For n modulus 4, Divide & keep remainder. • 5/4 = ¼ + 4/4 so throw away the 4/4.

  21. !! Modular Arithmetic • Compute 15 mod 7

  22. !! Modular Arithmetic • Compute 15 mod 7 • Answer: divide 15 by 7. Throw away the result, keep the remainder. • 2 • 7 15 • 14 • 1

  23. One-Time Pads • They used actual printed 'pads' of paper • Unconditionally secure (if pad is random) Problem: Exchanging the pads ("key") • There are some clever ways to exchange the key

  24. For instance … • New York Telephone Directory • (must agree on which edition!) • Start on page 42, take every 8th numeral and use it as the next offset. Or: Take "Hamlet" by Shakespeare From page 3, every 3rd letter.

  25. BUT: Neither the phone book nor Shakespeare are truly random. Good statistical analysis (and cribs) will eventually detect ANY regularity in such a code.

  26. History's most famous cryptanalysis: Enigma Germans believed it to be uncrackable. Press a key, a letter lights up. Each "rotor" contained wires implementing a Substitution cypher. Five rotors – each shifts after every letter So you need to know: (a) Rotor wiring, (b) Initial setting on a given day.

  27. Cracking Enigma • Polish mathematicians developed ideas, Based on a weakness (A->R and also R->A). (!!It's really a complex substitution cypher.!!) • British captured an Enigma from a sinking sub off Scotland • Alan Turing's team at Bletchley Park developed the "Bombe" computers to seek the daily settings, based on cribs.

  28. The replica (working!) Bombe at Bletchley Park, north of London

  29. Enigma and ULTRA • Over 200 Bombes were operating • Churchill, Roosevelt could read Nazi traffic • The tragedy of Coventry Oneexwidow.blogspot.com

  30. Enigma and ULTRA • Over 200 Bombes were operating • Churchill, Roosevelt could read Nazi traffic • The tragedy of Coventry * The triumph: Battle of the Atlantic

  31. Modern Cryptology • First principle: • Assume that your SYSTEM is known • The only security is in protecting the KEYS • "Security by obscurity" does not work! (which leads to the Second Principle: Human beings are almost always the weak link.)

  32. !! Security through Obscurity • "My URL is not linked from anywhere." • "They'll never think to look HERE for the key to my apartment! • "Nobody would think of me spelling my pet's name BACKWARDS for a password!" Key attribute of the STO fallacy: Assuming That other people are as stupid as you are….

  33. Public-Key Cryptography • Diffie & Hellman (1976) • Uses one-way (asymmetric) functions, public keys, and private keys

  34. Public Key Algorithms • Based on hard mathematical problems • Factoring large integers

  35. Encryption and SSL: Key Concepts • The RSA Public Key Encryption System: Key idea: • "Trapdoor function": Easy in, difficult out. Data Encryption Bob’s Mailbox Anybody can Encrypt and send A message to Bob

  36. Encryption and SSL: Key Concepts • The RSA Public Key Encryption System: Key idea 1: • "Trapdoor function": Easy in, difficult out. Data Encryption Bob’s Mailbox Decryption Only Bob has the Key to his mailbox.

  37. Encryption and SSL: Key Concepts • The RSA Public Key Encryption System: Key idea 2: • "Symmetry": two keys are created: Key 1, Key 2. • If you ENCRYPT with Key 1, you can DECRYPT with K2 • If you ENCRYPT with Key 2, you can DECRYPT with K1 • How does it work? You don't want to know the math.. • It involves prime numbers and factorization.

  38. Encryption and SSL: Key Concepts Bob wants private data from Alice. Bob creates a Key pair (two big, special numbers) Bob posts one (the public key) on his website Bob keeps the private key in a secret place (Private Key) Public Key Bob in Boston Alice in Atlanta

  39. Encryption and SSL: Key Concepts Bob wants private data from Alice. Bob creates a Key pair (two big, special numbers) Bob posts one (the public key) on his website Bob keeps the private key in a secret place (Private Key) Alice grabs a copy of the Public Key public key Public Key Bob in Boston Alice in Atlanta

  40. Encryption and SSL: Key Concepts • Alice uses the public key, encrypts data ('plaintext'), • sends it to Bob. Chris the Criminal grabs • a copy as it goes by. • key • plaintext ---> Encrypted • public key ---> message • public key attempt to Chris gets • decipher ?? garbage Bob in Boston Chris the crook Alice in Atlanta

  41. Encryption and SSL: Key Concepts • Bob uses the private key to recover Alice's • plaintext. • private • key • plaintext ---> Encrypted de- • public key ---> message cypher • plaintext Bob in Boston Chris the Crook Alice in Atlanta

  42. Digital Signatures Another essential usage: Proving who you are. Alice reads bob.com, wants to do business. But she's worried to send ccard information. So she sends him a test-text: "ertfqgjmnit43ff...." and says: encrypt this with your private key. I already know your public key. If your reply decrypts properly by the public key, then I know you had the private key!

  43. Digital Signatures Alice sends test message Bob encrypts and returns Alice decrypts and believes

  44. Digital Signatures Alice sends test message Bob encrypts and returns Alice decrypts and believes Like the Dutch Resistance in World War 2 You're Dutch? Then say "Schevenengen" German cannot pronounce it, even if he tries Dutch person hangs up phone

  45. SSL and the Internet • Uses a public key encryption technique • to exchange keys with your browser. • (PKE is too slow for all of the traffic.) • Relies on a "Chain of Authority" to verify • That security certificates (public keys) • Actually belong to who they say.

  46. Chain of Authority • How it works? • My business has a security certificate. • You don't trust it, so you check with its • issuing authority (Thawte, Inc.) • * Who is Thawte? Check with THEIR issuing • authority … back to a trusted source. • Your browser has a list of trusted authorities. • (The police-verification story.)

  47. Are we there yet? • Is PKE encryption (with big keys) ultimately • secure? • Don't bet on it! Quantum computers (if • they can be made to work) can explore • ALL POSSIBILITIES AT ONCE • (for a given key size) … so the game • is still afoot (as Sherlock Holmes said.)

More Related