Lecture slides

advertisement
Computer Security
Set of slides 3
Dr Alexei Vernitski
Another useful example of a Cipher
Vigenere’s cipher (16th century)
• It is like Caesar’s cipher
• However, instead of one number acting as a
key, a sequence of numbers is used, one for
each letter of the plaintext
• When you come to the end of the sequence,
you start using it from the beginning again
For discussion
• Is Vigenere’s cipher more secure than Caesar’s
cipher?
• How does Vigenere’s cipher make the
attacker’s statistical analysis of the cipher text
difficult?
• What statistical analysis can be applied to
Vigenere’s cipher?
• As to the key length of Vigenere’s cipher, what
would you consider the safe length of the key?
The key length
The general conclusions:
• If the key is longer, it is used fewer times in
the encryption process,
• therefore, the attacker can obtain less useful
statistics from the cyphertext.
• The ultimate case of this is the one-time pad,
which is a key that is at least as long as the
message.
One-time pad
• By a one-time pad we mean a Vigenere cipher
whose key sequence (known as key stream) is
as long as the message, and never reused.
• A one-time pad cipher is unbreakable. Why?
One-time pad
• Venona project is an example of breaking
incorrectly used one-time pads
• Cryptanalysis by American and British codebreakers revealed that some of the one-time pad
material had incorrectly been reused by the
Soviets (specifically, entire pages, although not
complete books), which allowed decryption
(sometimes only partial) of a small part of the
traffic.
http://en.wikipedia.org/wiki/Venona_project
Example: optical encryption
• This is an unusual example of a one-time pad
• This cipher is unbreakable
• It can be used e.g. if one half is shown on the
computer screen and the other is printed on a
transparent film
To encrypt a black pixel:
The first slide
either
or
The second slide
and
and
To encrypt a white pixel:
The first slide
either
or
The second slide
and
and
Towards ciphers in computers
•
•
•
•
Caesar’s cipher
Substitution cipher
Vigenere’s cipher
One-time pad
(Vernam’s cipher)
• In computers data is
stored as bits, not as
letters
• How can one re-apply
the principles of these
classical ciphers to
binary data?
Substitution as XOR
• Each bit of a block is either 0 or 1
• When you encrypt, one of two possible
substitutions can be used:
– Either 0 → 0, 1 → 1,
– Or 0 → 1, 1 → 0.
• Each of these two substitution can be
produced by XORing this bit with 0 or 1
Bitwise XOR
•
•
•
•
The same idea as in Vigenere’s cipher
The key is a binary array
The message is split in blocks
The length of the block is the same as the
length of the key
• Each bit of the block is XORed with the
corresponding bit of the key
Bitwise XOR: example
block
0 1 1 0 1 0 1 0
XOR
1 0 1 0 1 1 0 0
key
XOR
• Each computer cipher uses
– either XOR (typically, so-called stream ciphers)
– or bit-wise XOR (typically, so-called block ciphers)
• In your opinion, what is the main design
problem of stream ciphers?
• In your opinion, what is the main design
problem of block ciphers?
Block cipher
• A message is a sequence of bits, for example:
0110010100001011110…
• We split the message in blocks of a fixed
length
• Each block is encrypted in exactly the same
way, until the whole message is encrypted
Block cipher
• Each block is encrypted in exactly the same
way, until the whole message is encrypted
• Therefore, to make cryptoanalysis more
difficult…
• Each block should be sufficiently long (why?)
• The encryption of each block should be good
Permutation
• Also called transposition
• (but is NOT the same as substitution)
• This is a rule directing how the order of bits
should be changed, for example:
0
1
1
0
0
1
1
0
1
1
0
0
1
0
0
1
Permutation
• Permutation makes ciphers stronger
• For example, probably nobody can break the
Dorabella cipher because it uses both
substitution and permutation
• However, there are techniques designed to
break ciphers based on substitution and
permutation: for example, differential
cryptanalysis
Differential cryptanalysis
• It is called ‘differential’ because the attacker
studies how a small change in the plaintext block
affects the encrypted block
• It can be attempted against every cipher, but is
especially successful against ciphers based on
substitution and permutation
• We present it in the scenario of a known plaintext
attack
• For the sake of an example, we consider a cipher
with block length merely 4 bits
Example of differential cryptanalysis
• We shall apply differential cryptanalysis against a
block cipher based only on applying a fixed
permutation to each block and XOR of each block
with a fixed binary array.
• Suppose the following known plaintext blocks
0000 1000 1100 0110 1111
• correspond to the following ciphertext blocks
1001 1000 0000 0101 0110.
• Break the cipher by determining exactly what
permutation was applied and what binary array
was used to XOR with each block.
S-box
• S-box or a substitution box is a function
producing a highly non-linear substitution of
bits in a binary array
• In books, S-boxes are normally represented as
look-up tables
S-box: an example
(in the form of a table as S-boxes are
often represented in books)
*00*
*01*
*10*
*11*
0**0
01
00
11
10
0**1
11
10
01
00
1**0
00
10
01
11
1**1
11
01
00
11
S-box: non-linearity
*00*
*01*
*10*
*11*
0**0
01
00
11
10
0**1
11
10
01
00
1**0
00
10
01
11
1**1
11
01
00
11
For example, does the first bit of the output depend on the third bit of the input?
Yes in a half of the cases, No in the other half of the cases
Famous block ciphers
• DES
• Triple DES
• AES
A round in a Feistel cipher
Left-hand part of the block
XOR
Left-hand part of the block
Right-hand part of the block
F
Right-hand part of the block
Rounds in a Feistel cipher
Left-hand part of the block
XOR
Right-hand part of the block
F
Left-hand part of the block
Right-hand part of the block
F
Left-hand part of the block
XOR
Right-hand part of the block
DES
• DES stands for Data Encryption Standard
• This is a block cipher with the block size 64
and the key size 56
• Number of S-boxes: 8
• Number of rounds: 16
• Which of these parameters make DES an
insecure cipher?
Breaking DES
• In 1998, a purpose-built
computer Deep Crack
decrypted a DES-encrypted
text in only 56 hours
• In 2012, a cloud computing
tool allows members of the
general public to recover a
DES key from a known
plaintext-ciphertext pair in
about 24 hours.
Triple DES
• The algorithm is easy:
– Encrypt with DES using key 1
– Decrypt with DES using key 2
– Encrypt with DES using key 3
• Why is Triple DES stronger than DES?
AES
• AES has been created in the 1990s to provide the
businesses worldwide with a new common secure
cryptosystem instead of DES
• It has been tested by many cryptologists and is very
good
• AES can work with keys consisting of 128 or 192 or
256 bits (which is much better than the 56-bit keys of
DES)
• A cute cartoon guide to AES:
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
Modes of operation (of block ciphers)
• What if blocks repeat because of the peculiar
nature of your data?
• What if you are sending the same message
again?
• How can we improve security in these
scenarios?
Homework
1. You might read that triple DES is ‘too slow’.
For example:
In what sense and in what context can one
be saying that triple DES is too slow?
2. Some experts think that the block length of
DES is too short and, therefore, is insecure
(why?).
What is the block length of Triple DES?
What is the block length of AES?
http://1.bp.blogspot.com/_Zfbv3mHcYrc/SreojET_QBI/AAAAAAAABkc/knYwS6AsM04/s1600-h/aes_act_1_scene_11_triple_des_1100.png
Sample exam questions
• Describe how an attack based on differential
cryptanalysis can be organised against a block
cipher
• Explain briefly what an S-box is and how it
contributes to security
Sample exam questions
• You work as a computer consultant. Your
customer asks you which vulnerabilities were
discovered in DES that made it necessary to
invent new ciphers to replace DES. What will
you reply?
• You work as a computer consultant. Your
customer asks you about a computer cipher
called Triple AES. What will you reply?
Sample exam questions
• Explain how the short key length makes DES a
weak cipher
• Explain how the short block length might
make DES a weak cipher
Sample exam questions
• Explain the difference between DES, Triple DES
and AES.
• State which one of them you would
recommend to use.
Download