480 likes | 600 Vues
Computer Security Set of slides 2. Dr Alexei Vernitski. Cryptography. Codes Ciphers (read more in the textbooks). Example of code: Morse code. For discussion. In what circumstances would one want to use Morse code? For example: Is Morse code suitable for storing data?
E N D
Computer SecuritySet of slides 2 Dr Alexei Vernitski
Cryptography • Codes • Ciphers (read more in the textbooks)
For discussion • In what circumstances would one want to use Morse code? • For example: • Is Morse code suitable for storing data? • Is Morse code suitable for protecting data confidentiality?
Example of code: ASCII code 97 is a 98 is b 99 is c 100 is d 101 is e 102 is f 103 is g 104 is h 105 is i 106 is j 107 is k 108 is l 109 is m 110 is n 111 is o 112 is p 113 is q 114 is r 115 is s 116 is t 117 is u 118 is v 119 is w 120 is x 121 is y 122 is z
Example of code: ASCII code 1100001 is a 1100010 is b 1100011 is c 1100100 is d 1100101 is e 1100110 is f 1100111 is g 1101000 is h 1101001 is i 1101010 is j 1101011 is k 1101100 is l 1101101 is m 1101110 is n 1101111 is o 1110000 is p 1110001 is q 1110010 is r 1110011 is s 1110100 is t 1110101 is u 1110110 is v 1110111 is w 1111000 is x 1111001 is y 1111010 is z
For discussion • In what circumstances would one want to use ASCII code? • For example: • Is ASCII code suitable for storing data? • Is ASCII code suitable for protecting data confidentiality?
Encoding data in computers • Characters are encoded as numbers • Numbers are encoded as binary numbers – why? • Binary numbers are stored as sequences of bits • Memory for storing numbers is allocated in blocks of a standard length, for example, 1 byte = 8 bits • Each ASCII code is 7 bits • A byte contains 8 bits – why?
Example of cipher: Dorabella cipher • This note was sent by the composer Elgar to his young friend Dora Penny • It is still unknown what is written in the note
Cryptography • Codes • Ciphers Examples of codes: • Morse code • ASCII code Example of cipher: • Dorabella cipher
Example: letter to John Trevanion Worthie Sir John:- Hope, that is ye beste comfort of ye afflicted, cannot much, I fear me, help you now. That I would saye to you, is this only: if ever I may be able to requite that I do owe you, stand not upon asking me. 'Tis not much that I can do: but what I can do, bee ye verie sure I wille. I knowe that, if dethe comes, if ordinary men fear it, it frights not you, accounting it for a high honor, to have such a rewarde of your loyalty. Pray yet that you may be spared this soe bitter, cup. I fear not that you will grudge any sufferings; only if bie submission you can turn them away, 'tis the part of a wise man. Tell me, an if you can, to do for you anythinge that you wolde have done. The general goes back on Wednesday. Restinge your servant to command. - R.T.
Example: letter to John Trevanion Worthie Sir John:- Hope, that is ye beste comfort of ye afflicted, cannot much, I fear me, help you now. That I would saye to you, is this only: if ever I may be able to requite that I do owe you, stand not upon asking me. 'Tis not much that I can do: but what I can do, bee ye verie sure I wille. I knowe that, if dethe comes, if ordinary men fear it, it frights not you, accounting it for a high honor, to have such a rewarde of your loyalty. Pray yet that you may be spared this soe bitter, cup. I fear not that you will grudge any sufferings; only if bie submission you can turn them away, 'tis the part of a wise man. Tell me, an if you can, to do for you anythinge that you wolde have done. The general goes back on Wednesday. Restinge your servant to command. - R.T.
Cryptography • Cryptography • Steganography Example of cryptography: • Dorabella cipher Example of steganography: • John Trevanion’s letter
Digital steganography • Information can be hidden in picture files or video files • We shall look at one example: • 24-bit BMP file format
24-bit BMP file format • Each pixel of the picture is defined individually by three bytes • Each of the three bytes corresponds to one colour component of the pixel: • Red • Green • Blue • Thus, the intensity of each of these three colours is in the range 0-255.
24-bit BMP file format • I am showing you a very simple example (based on a black square) • The code I used is taken from here: http://pseentertainmentcorp.com/smf/index.php?topic=2034.0
For discussion • Suppose you plan to use steganography. • Would you also consider using cryptography in combination with steganography?
Symmetric block ciphers • Ciphers • Blocks • Keys • Attacks (read more in the textbooks) (note that today we shall consider only very simple examples, not useful in practice)
Caesar cipher without key • Today, in all examples, a block is a letter • Each block is encrypted separately, using exactly the same algorithm • Encryption:A → B→ C→ … → Y→ Z→ A • Decryption:A → Z→ Y→ … → C→ B→ A
“Cipher” without key plaintext Encryptionalgorithm ciphertext ciphertext Decryptionalgorithm plaintext
Caesar cipher without key • Encryption:A → B→ C→ … → Y→ Z→ A • Decryption:A → Z→ Y→ … → C→ B→ A • It is a block cipher (in this case, block=letter) • Is this cipher secure?
Caesar cipher with key • Key k is a number between 1 and 25 • Encryption:each letter is moved k positions to the right in the alphabet • Decryption:each letter is moved k positions to the left in the alphabet
Cipher with key plaintext Encryptionalgorithm key ciphertext ciphertext Decryptionalgorithm key plaintext
Kerckhoffs'sprinciple • One must assume that everything about the cipher, including the encryption and decryption algorithms, are known to the attacker • Only the key is not known to the attacker, and confidentiality must be based on this assumption
Symmetric cipher • Both to encrypt and to decrypt you need a key, and this is the same key in both cases • Such a cipher is called symmetric (the same key for both encryption and decryption) • Most ciphers are symmetric
Attack • The algorithm is known • Find the plaintext • Find the key
Caesar cipher with key: an attack • Key k is a number between 1 and 25 • Because there are not so many keys, we can build a table of all possible keys, or simply try all possible keys one after another • This attack is called exhaustive key search, or brute force attack
Substitution cipher • A table of correspondences is prepared • Letters in the second row are placed in a random order • (Note that the table is not likely to be stored as a table with two rows when you implement the cipher)
Substitution cipher • Encryption:find the letter in the first row and replace by the corresponding letter in the second row • Decryption:find the letter in the second row and replace by the corresponding letter in the first row
Substitution cipher: attack? • Now, there are many keys • How many? • 26 25 24 … 2 1 • This is what is denoted by 26! • We cannot use exhaustive key search
Substitution cipher: attack 1 • However, we have not so many blocks (26). • We can successfully use the known plaintext attack • See a separate example
Substitution cipher: attack 2 • We can use frequency analysis • Example from E. A. Poe • Example from A. Conan Doyle • A more realistic example • Example: Dorabella cipher
Frequency analysis: example • This is the substitution cipher from Edgar Allan Poe’s story ‘The Gold-Bug’ (1843). • 53‡‡†305))6*;4826)4‡.)4‡);806*;48†8 • “Now, in English, the letter which most frequently occurs is e. Afterwards, the succession runs thus: a o i d h n r s t u y c f g l m w b k p q x z.” • Then the character successfully decrypts the cipher
Frequency analysis: example • This is the substitution cipher from Arthur Conan Doyle’s story ‘The Adventure of the Dancing Men’ (1903)
The Adventure of the Dancing Men • Having once recognised, however, that the symbols stood for letters, and having applied the rules which guide us in all forms of secret writings, the solution was easy enough. The first message submitted to me was so short that it was impossible for me to do more than to say with some confidence that the symbol stood for E. As you are aware, E is the most common letter in the English alphabet, and it predominates to so marked an extent that even in a short sentence one would expect to find it most often. Out of fifteen symbols in the first message four were the same, so it was reasonable to set this down as E.
A more realistic example • It is a truth universally acknowledged that a single man in possession of a good fortune, must be in want of a wife. • otositrmtnmhoversiddcipkhafdelweltnitisohwdeyih oh gassessoah au iwaaluartmheymst be oh fiht au ifoue • The second fragment is produced by applying a substitution cipher and then breaking it with frequency analysis
Frequency analysis • Simple frequency analysis based only on frequency of individual letters is unlikely to be very successful • It is possible to use more advanced statistical techniques to analyse the ciphertext, assuming we know the statistical properties of the plaintext • Example of a more advanced solver • http://www.blisstonia.com/software/WebDecrypto/index.php
Dorabella cipher 1, 12, 4, 0, 2, 7, 20, 0, 11, 22, 3, 16, 17, 5, 16, 6, 16, 16, 7, 12, 12, 16, 5, 20, 22, 23, 8, 3, 15 20, 16, 20, 7, 20, 0, 11, 10, 0, 4, 16, 16, 4, 7, 8, 17, 20, 16, 3, 16, 7, 19, 15, 17, 5, 23, 11, 11, 23, 3, 15 4, 15, 7, 19, 15, 4, 5, 19, 18, 8, 15, 4, 16, 7, 19, 17, 15, 8, 0, 12, 8, 15, 7, 0, 8, 23, 0
Symbol frequencies in Dorabella cipher and in an average English text
‘Decryption’ of Dorabella cipher • This is an example of what a simple frequency analysis produces and a ‘decryption’:wlioytsodfheurepeetllersfmnhasestsodboieeitnusehetcaurmddmhaiatcaircgnaietcuanolnatonmo • More advanced versions of frequency analysis also cannot break Dorabella cipher • Probably, in this cipher not only substitutions, but also permutations are used.
Sample exam questions • Explain briefly the difference between a code and a cipher. Give one example of a code and one example of a cipher, explaining briefly why these examples demonstrate well the difference between codes and ciphers.
Sample exam questions • Describe an example of a technology which can be classified as steganography. Explain why you would classify it as steganography.
Sample exam questions • Give a short definition of how the brute force attack works. • Explain briefly why Caesar’s cipher can be attacked using the brute force attack, whereas the substitution cipher cannot. • More generally, explain which types of ciphers are vulnerable to the brute force attack, and which are not.
Sample exam questions • Explain why frequency analysis can be successfully used for attacking the substitution cipher. • Suggest one parameter of a cipher which is likely to make it less vulnerable to frequency analysis.