Cryptanalysis
advertisement
Cryptanalysis
Aaron Willett
What is Cryptology?
• Cryptography (Encryption)
▫ the practice and study of techniques for secure
communication in the presence of third parties
• Cryptanalysis (Decryption)
▫ the art of defeating cryptographic security
systems, and gaining access to the contents of
encrypted messages, without being given
the cryptographic key.
History
Early Cryptology
• Scytale
• Julius Caesar
• Vigenere Square
Vigenere Square
Cryptology circa WWII
• German Enigma
• Bombe
• Japanese Red, Orange, Purple
Types
•
•
•
•
Ciphertext-only attack
Chosen-ciphertext attack
Known-plaintext attack
Chosen-plaintext attack
Ciphertext-Only Attack
• Attacker has access to a set of ciphertexts
• Guess-and-check
• Frequency Analysis
Example 1
Plaintext: HEREISANEXAMPLEOFAFREQUENCYANALYSIS
Ciphertext: XTJTWICNTDCQLSTMOCOJTKGTNYBCNCSBIWI
English Frequency Table
Ciphertext Frequency Table
Example 2
• Sub1.pdf
• Sub2.pdf
• Sub3.pdf
Chosen-Ciphertext Attack
• Tries to discover the key
• Uses ciphertext chosen by attacker
• Relies on being able to obtain decrypted
plaintext
• Two variations
Lunchtime Attack
• Euphemism “Away on Lunch”
• Attacker can make queries but only up until a
certain point, after which the attacker must
demonstrate some improved ability to attack the
system.
• Attacker cannot adapt queries
▫ Results given after the ability to makes queries
expires
Adaptive Chosen-Ciphertext
• Similar to normal chosen-ciphertext
• Ciphertext is chosen based on the result of the
previous query
Known-Plaintext Attack
• Attacker has the ciphertext and some samples of
plaintext
• Apply the known plaintext to the ciphertext to
help decryption
• Preferred over ciphertext-only
Example 3
• Plaintext: This is encrypted using a ROT3 Caesar Cipher
• Ciphertext: Wklv lv hqfubswhg xvlqj d URW3 Fdhvdu Flskhu
• Known-Plaintext: Caesar
• By knowing ‘Caesar’ one can make educated
assessments
• Compare length, frequency of letters, patterns
▫ ROT3 pattern
Chosen-Plaintext Attack
• Chooses plaintext and receives corresponding
ciphertext
• Not always viable (E.g. Enigma WWII)
• Two variations
Chosen-Plaintext Attack
• Batch Chosen-Plaintext
▫ Attacker chooses a “batch” of plaintexts before any
encrypted ciphertext is received
• Adaptive chosen-plaintext
▫ Attacker makes n-amounts of interactive queries
and alters their plaintext based on the previous
query
Methods
•
•
•
•
Classical Cryptanalysis
Symmetrical Cryptanalysis
Hash Functions
External Attacks
Classical Cryptanalysis
• Frequency Analysis
• Index of Coincidence
• Kasiski Examination
Index of Coincidence
• Useful method to find the length of a key for
Vigenere or Beaufort ciphers
• Shifts the cipher text one position until circled
back
• Counts the occurrences of letters that are in the
same position between the shifted ciphertext
and the original
• A high index of coincidence shows multiples of
the key length
Example 4
*Example courtesy of http://www.murky.org/blg/2004/10/index-of-coincidences-a-worked-example/
Ciphertext
• VKMHG QFVMO IJOII OHNSN
IZXSS CSZEA WWEXU LIOZB
AGEKQ UHRDH IKHWE OBNSQ
RVIES LISYK BIOVF IEWEO BQXIE
UUIXK EKTUH NSZIB SWJIZ BSKFK
YWSXS EIDSQ INTBD RKOZD
QELUM AAAEV MIDMD GKJXR
UKTUH TSBGI EQRVF XBAYG
UBTCS XTBDR SLYKW AFHMM
TYCKU JHBWV TUHRQ XYHWM
IJBXS LSXUB BAYDI OFLPO XBULU
OZAHE JOBDT ATOUT GLPKO
FHNSO KBHMW XKTWX SX
Shifts
•
Original: VKMHGQFVMOIJOIIOHNSNIZXSSCSZEA...
Shift 1: KMHGQFVMOIJOIIOHNSNIZXSSCSZEAW...
Shift 2: MHGQFVMOIJOIIOHNSNIZXSSCSZEAWW...
Shift 3: HGQFVMOIJOIIOHNSNIZXSSCSZEAWWE...
Shift 4: GQFVMOIJOIIOHNSNIZXSSCSZEAWWEX...
Shift 5: QFVMOIJOIIOHNSNIZXSSCSZEAWWEXU...
Shift 6: FVMOIJOIIOHNSNIZXSSCSZEAWWEXUL...
Shift 7: VMOIJOIIOHNSNIZXSSCSZEAWWEXULI...
Index of Coincidence
Shift
Coincidences
• 1
________________________
• 2
________________________
• 3
________________________
• 4
________________________
• 5
________________________
• 6
________________________
• 7
• 8
________________________
• 12
________________________
• 11
________________________
• 13
________________________
• 19
________________________
• 25
________________________
• 11
Kasiski Examination
• Similar to finding the index of coincidence
• Searches for repeated sequences of letters
greater than 3
• Record the distance between occurrences
• Attempt to find a common factor
Symmetric Algorithms
•
•
•
•
•
•
•
•
•
•
Boomerang Attack
Brute Force Attack
Davies' Attack
Differential Cryptanalysis
Integral Cryptanalysis
Linear Cryptanalysis
Meet-in-the-middle Attack
Mod-n Cryptanalysis
Slide Attack
XSL Attack
Brute Force Attack
• Attacker runs trials against a cryptosystem for
all possible keys
• Sometimes infeasible
• Time consuming
Key Length vs Brute Force Combinations
Differential Cryptanalysis
• Useful against block and stream ciphers
▫ AES, DES, Blowfish, RC4
• Chosen-plaintext attack
• Feeds plaintext pairs into the cryptosystem and
analyzes the difference defined by the XOR
operation
• Analyzing the results suggests possible key
values
Linear Cryptanalysis
• Also useful against block and stream ciphers
• Develop linear equations that relate the plaintext
and the ciphertext to certain key bits
• Derive other key bits from these equations
• Brute force
Hash Functions
• Passwords are commonly saved in hash tables
• Two methods to crack hash functions
▫ Birthday Attack
▫ Rainbow Table
Birthday Attack
• Exploits the birthday paradox
• Goal is to find two arbitrary inputs that yield the
same hash value
▫ Known as a hash collision
• Useful when an attacker wants to modify a
document with a digital signature
Birthday Paradox
• As an example, consider the scenario in which a teacher
with a class of 30 students asks for everybody's birthday,
to determine whether any two students have the same
birthday (corresponding to a hash collision as described
below; for simplicity, ignore February 29). Intuitively,
this chance may seem small. If the teacher picked a
specific day (say September 16), then the chance that at
least one student was born on that specific day is , about
7.9%. However, the probability that at least one student
has the same birthday as any other student is nearly 70%
(using the formula
Example 5
• Mallory creates two documents X and Y, which
have the same hash value. Mallory sends
document X to Alice who verifies the document,
signs it, and returns it to Mallory. Mallory then
copies the digital signature from document X to
document Y and sends document Y to Bob. The
signature on document Y matches the document
hash so Bob's software cannot detect any
modifications done to the document.
Rainbow Table
• Pre-computed table used for reversing hash
functions
• Typically used for cracking password hashes
• Infeasible when a salt is added to a password
Rainbow Tables for Ophcrack
• Alphanumeric – 388 MB
▫ 80 Billion hashes; 12 septillion passwords
• Extended – 7.5 GB
▫ Contains !"#$%&'()*+,-./:;<=>?@[\]^_`{|} ~
▫ 7 trillion hashes; 5 octillion passwords
External Attacks
• Crude, non-mathematical methods
• Black-bag and rubber-hose
• Black-bag is a euphemism for the acquisition of
cryptographic secrets through theft
▫ Key-logging, trojan horse, physically stealing
• Rubber-hose uses torture and coercion to obtain
information
▫ Humans are the weakest link
Questions?
