Network and data security

1. Network and data security 3rd Lecture

2. Review Cryptanalysis Types of cryptanalytic attacks. Ciphertext-only attack. Known-plaintext attack. Chosen-plaintext attack. Adaptive chosen-plaintext attack. Chosen-ciphertext attack. Security of algorithms. Stenography.

3. Substitution cipher In substitution cipher, each character in the plaintext is substituted for another character in the ciphertext. Ex: ROT13 algorithm: rotate each character 13 places (‘A’ is replaced by ‘N’, ‘B’ is replaced by ‘O’, and so on). Caeser Cipher: each plaintext character is replaced by the character three to the right modulo 26 (‘A’ is replaced by ‘D’, …, X is replaced by ‘A’).

4. Transposition Cipher In transposition cipher, the plaintext remains the same, but the order of characters is shuffled around. Ex: in “simple columnar transposition cipher”: the plaintext is written horizontally onto a piece of paper of fixed width and the cipher text is read off vertically. Decryption is to write the ciphertext vertically of the same width and then reading the plaintext off horizontally.

5. Transposition Cipher Encryption example: Plaintext: datasecurityisveryimportant d a t a s e c u r i t y i s v e r y i m p o r t a n t Ciphertext: duvoarertirtatyasyineimtcsp

6. Transposition Cipher Decryption of: duvoarertirtatyasyineimtcsp First: we have to count the number of letters to know where to stop filling the columns. In our example, the number of letters is (27). Then each column will have 27/7 = 4 characters but the last column will have only 3 characters. d a t a s e c u r i t y i s v e r y i m p o r t a n t

7. Transposition Cipher: variation Using a key word or phrase, such as CONVENIENCE, assign a number to each letter in the word using this rule: the numbers are assigned starting with 1, and they are assigned first by alphabetical order, and second, where the same letter appears twice, by position in the word. Then, write in the message under the keyword, writing across - but take out columns, in numerical order, reading down.

8. Example

9. Simple XOR 0 xor 0 = 0 1 xor 0 = 1 0 xor 1 = 1 1 xor 1 = 0 a xor a = 0 a xor b xor b = a M xor K = C C xor K = M

10. One-Time Pads It is considered to be a perfect encryption algorithm. A large non-repeating set of random key letters is used. The sender and the receiver have the same set of keys. For encryption, the sender used each key letter to encrypt exactly one plaintext character. Encryption is the addition modulo 26 of the plaintext character and the one-time pad key character.

11. One-Time Pads Each key letter is used exactly one, for only one message. For perfect security, after encryption the user has to destroy the used keys. The receiver uses the same keys in turn to decrypt each letter of the ciphertext. Assuming an eavesdropper can’t get access to the one-time pad used to encrypt the message, this scheme is perfectly secure.

12. One-Time Pads Example: if the message is “onetimepad” and the key sequence from the pad is “tbfrgfarfm”, then the ciphertext is “ipklpsfhgq” because: O(15) + T(20) mod 26 = I (9) N(14) + B(2) mod 26 = P (16) E(5) + F(6) mod 26 = K (11) etc.

13. One-Time Pads A given ciphertext is equally likely to correspond to any possible plaintext of equal size. The important point is that, the sender can never use the key sequence again, ever. One-time pad can be extended to binary data (bits instead of letters – xor instead of +).

14. One-Time Pads Notes: The sender and the receiver have to be perfectly synchronized. If the receiver is off by a bit, the message will not make any sense. The key sequences have to be completely random.