CS457 – Introduction to Information Systems Security Cryptography 1a Elias Athanasopoulos elathan@ics.forth.gr Cryptography Elements Symmetric Encryption Block Ciphers - Stream Ciphers - Asymmetric Encryption Cryptographic Hash Functions Applications CS-457 Elias Athanasopoulos 2 Computer Security “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/ data, and telecommunications). CS-457 Elias Athanasopoulos ” 3 CIA Confidentiality - Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Integrity - - Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Availability - CS-457 Assures that systems work promptly and service is not denied to authorized users. Elias Athanasopoulos 4 An Example Confidentiality: Bad guys cannot see messages Communication Availability: The system is operational System/Service Integrity: Bad guys cannot change messages CS-457 Elias Athanasopoulos 5 How to achieve CIA? Crypto algorithms - “Hide” messages, sign messages, provide guarantees about sent/received messages, etc. Secure systems - Apply Crypto concepts in protocols, systems, etc. Software defenses - CS-457 Ensure that software is not manipulated Elias Athanasopoulos 6 CS-457 Elias Athanasopoulos 7 Cryptographic Jargon Plaintext - Encryption algorithm - The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. Ciphertext: - The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key - This is the original intelligible message or data that is fed into the algorithm as input. This is the scrambled message produced as output. It depends on the plaintext and the secret key. Decryption algorithm - CS-457 This is essentially the encryption algorithm run in reverse. Elias Athanasopoulos 8 NOT Security via Obscurity The encryption/decryption algorithm is assumed to be known Security is based on Secrecy of the key - Hard to infer the plaintext via the ciphertext by just knowing the key - Cryptanalysis - CS-457 Infer the plaintext from ciphertext without knowing the key Elias Athanasopoulos 9 Symmetric Encryption CS-457 Elias Athanasopoulos 10 Caesar Cipher CS-457 Elias Athanasopoulos 11 Key: 3 CS-457 Elias Athanasopoulos 12 Or… Plain: abcdefghijklmnopqrstuvwxyz Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC CS-457 Elias Athanasopoulos 13 Encrypting a message Plain: meet me after the toga party Cipher: PHHW PH DIWHU WKH WRJD SDUWB CS-457 Elias Athanasopoulos 14 Simple Brute Force attack: we need to try 25 different keys. CS-457 Elias Athanasopoulos 15 Increase the key space Permutations: {a, b, c} - abc, acb, bac, bca, cab, cba Size: 6 (or 3! ~ 1*2*3) - In general the size is n! (n is the size of the set) For the alphabet: 26! CS-457 Elias Athanasopoulos 16 Frequency Analysis CS-457 Elias Athanasopoulos 17 Example UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ CS-457 Elias Athanasopoulos 18 Count Frequencies CS-457 Elias Athanasopoulos 19 Compare with English CS-457 Elias Athanasopoulos 20 And try… CS-457 Elias Athanasopoulos 21 Voila! CS-457 Elias Athanasopoulos 22 One-Time Pad Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih plaintext: mr mustard with the candlestick in the hall Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih plaintext: miss scarlet with the knife in the library Key = Size of message CS-457 Elias Athanasopoulos 23 Transposition CS-457 Elias Athanasopoulos 24 Modern Symmetric Ciphers DES, 3DES, and AES - AES is the dominant one, today Based on - Substitutions and transpositions Very complex Type Block - Stream - CS-457 Elias Athanasopoulos 25 Block vs Stream Block cipher - one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used. Stream cipher - CS-457 one that encrypts a digital data stream one bit or one byte at a time. Elias Athanasopoulos 26 Block Cipher CS-457 Elias Athanasopoulos 27 Stream Cipher CS-457 Elias Athanasopoulos 28 Block cipher Plaintext of n bits produces a ciphertext of n bits - Block size: n bits Space of different plaintext blocks: 2^n - CS-457 Each block must be unique Elias Athanasopoulos 29 Encryption should be reversible CS-457 Elias Athanasopoulos 30 General n-bit-n-bit Block (n = 4) CS-457 Elias Athanasopoulos 31 Decryption/Encryption CS-457 Elias Athanasopoulos 32 Problems Vulnerable to statistical attacks Small blocks can take limited transformations - Increase n - Key size: 4 bits * 16 rows In general: n * 2^n - Approximate the ideal case - CS-457 Elias Athanasopoulos 33 Feistel Cipher Goal - Approximate the ideal cipher Reduce statistical properties between plaintext, ciphertext, and key(s) Difussion - Each plaintext digit affect the value of many ciphertext digits Confusion - CS-457 The statistics of the ciphertext and the value of the encryption key is as complex as possible Elias Athanasopoulos 34 Feistel Cipher Substitution: right part is transformed by F(Ki) and XORed with left part. Permutation: right part swapped with left part. CS-457 Elias Athanasopoulos 35 Properties Block size: - Larger block sizes mean greater security but reduced encryption/decryption speed for a given algorithm. A block size of 64 bits is reasonable tradeoff. AES uses a 128-bit block size. Key size: - CS-457 Larger key size means greater security but may decrease encryption/ decryption speed. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size. Elias Athanasopoulos 36 Properties Number of rounds: - The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. A typical size is 16 rounds. Subkey generation algorithm: - Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. Round function F: - CS-457 Again, greater complexity generally means greater resistance to cryptanalysis. Elias Athanasopoulos 37 Extra (desired) properties Fast software encryption/decryption: - In many cases, encryption is embedded in applications or utility functions in such a way as to preclude a hardware implementation. Ease of analysis: - CS-457 There is great benefit in making the algorithm easy to analyze. It is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. DES, for example, does not have an easily analyzed functionality. Elias Athanasopoulos 38 Block modes Mode Description Typical Application Electronic Codebook (ECB) Each block of 64 plaintext bits is encoded independently using the same key. • Secure transmission of single values (e.g., an encryption key) Cipher Block Chaining (CBC) The input to the encryption • General-purpose blockalgorithm is the XOR of the oriented transmission next 64 bits of plaintext • Authentication and the preceding 64 bits of ciphertext. CS-457 Elias Athanasopoulos 39