Lecture 1 - Applied Cryptography
Lecture 1 - Applied Cryptography
Lecture 1
1
A Note on Security
☞ In this course, you will be exposed to information about
security problems and vulnerabilities with computing
systems and networks.
☞ To be clear, you are not to use this or any other similar
information to test the security of, break into,
compromise, or otherwise attack, any system or network
without the express consent of the owner.
☞ In particular, you will comply with all my instructions
when doing the labs.
☞ Any violation is at YOUR RISK!
And may result in severe consequences.
10 June 2020 2
In this course
We will discuss…
10 June 2020 3
What is our goal in this course?
☞ Our primary goal is to be able to identify security and privacy issues in
various aspects of computing, including:
– Communication and networking
– Operating systems
– Internet applications
– Databases
– Cloud and IoT
– Mobile applications
☞ Secondarily, to be able to use this ability to
design systems that are more protective
of security and privacy.
4
What is Cryptography?
10 June 2020 5
Cryptography
“The discipline that embodies the principles, means, and methods for the
transformation of data in order to hide their semantic content, prevent their
unauthorized use, or prevent their undetected modification“.
Source: NIST
10 June 2020 6
The CIA Triad - Core Security Principles
☞ Availability
10 June 2020 7
Vulnerabilities, Threats and Attacks
☞ Categories of vulnerabilities
• Corrupted (loss of integrity)
• Leaky (loss of confidentiality
• Unavailable or very slow
☞Threats:
• Loss of Keys
10 June 2020 8
Vulnerabilities, Threats and Attacks
☞ Attacks (threats carried out)
☞ Passive – attempt to learn or make use of
information from the system
10 June 2020 9
Security and Reliability
☞ Security has a lot to do with reliability
☞ A secure system is one you can rely on to (for
example):
• Keep your personal data confidential
• Allow only authorized access or modifications to
resources
☞ Give you correct and meaningful results when you
want them
10 June 2020 10
What is Privacy?
There are many definitions of privacy
10 June 2020 11
Context of Cryptography
• Cryptology: the study of cryptosystems has two
subdivisions
• Cryptography
12
Crypto system
13
Thank You!
Next Class
☞ Mandatory reading for the next class
☞ https://ifca.ai/pub/fc97/r4.pdf
10 June 2020 14
Basic Cryptographic Primitives
Building blocks
15
Cryptographic primitive
16
Cryptographic protocols
18
Unkeyed primitives
• Unkeyed includes
• Hashing, SHA-family
• One-way permutations
• Use
• Hash and sign
19
Simmitric – key primitive
21
Public key primitives
• Participant possesses a private and a public key.
• Message encrypted from public key can be decrypted using private key
• Message encrypted from private key can be decrypted using public key
• Main ingredients of public key system:
• Plaintext
• Encryption algorithm
• Private key
• Public key
• Decryption algorithm
• Ciphertext
22
Public key primitives
• Public-key cryptosystems
• Signatures
• PKI - public-key infrastructure, only if we had it right :-(
23
Math in primitives
24
Math in cryptanalysis
• Probability and statistics, random oracle models
• Number theoretical algorithms: primality, factoring
• Discrete logarithms: cyclic group discovery, index calculus,
• counting points on elliptic curves, theory of elliptic curves
25
Cryptographic primitive evaluation
• Primitives should be evaluated with respect to various criteria such as:
• Level of security - is usually difficult to quantify.
• Functionality - primitives will need to be combined to meet various information
security objectives.
• Mode of operation - primitives, when applied in various ways and with various
inputs, will typically exhibit different characteristics.
• Performance - refers to the efficiency of a primitive in a mode of operation.
• Ease of implementation – refers to the difficulty of realizing the primitive in a
practical instantiation.
26
Classical cryptography
Most of them not in use nowadays
27
Olden days cryptography
• Used historically
• Practically computed and solved by hand
• Most of it was “the art of writing or solving codes”
• Letter coding
• Number coding
• Mixed coding
28
Letter coding
• If TAP is coded as SZO then how is freeze coded
solution:
F------E
R------Q
E------D
E------D
Z-------Y
E-------D
29
Number Coding
• If P A I N T is coded as 74128 and E X C E L is coded as 93596, then
how would you encode A C C E P T?
A C C E P T
4 5 5 9 7 8
30
Example
• If ‘tee see pee’ means ‘drink fruit juice’ ‘see kee mee’ means ‘juice is
sweet’ and ‘fee ree mee’ means ‘he is intelligent’ which world means
‘sweet’?
“Drink fruit juice” and “Juice is sweet”----juice is common word
“tee see pee” and “see kee mee” ---- see is common
so juice is coded as see
similarly from “juice is sweet” and “he is intelligent” -- ‘is’ common
so is is coded as “mee” remaining word from “juice is sweet” is
sweet
so the sweet is coded as “kee”
31
cryptosystem
•
32
Classical cipher
• The classical algorithms are those invented pre-computer up until
around the 1950's.
• Mainly
• Substitution ciphers
• Transposition cipher
• Combined
33
Substitution cipher
• Encrypt the plaintext by swapping each letter or symbol in the plaintext
by a different symbol as directed by the key.
• Monoalphabetic cipher
• Polyalphabetic cipher
• polygraphic cipher
34
Substitution example
• If cook is called butler, butler is called manager, manager is called
teacher, teacher is called clerk and finally clerk is called principal,
who will teach in class
35
Monoalphabetic substitution cipher
• Simple substitution cipher
• Fixed substitution over the entire message
• Example:
• Caesar cipher
36
Caesar cipher
• Simple monoalphabetic substitution cipher
• Substitute one letter for another
37
Caesar cipher example
• Plaintext “begin the attack now”
• Key: Shift index by 3
• Cipher: Caesar cipher
38
solution
• Ciphertext: EHJLQWKHDWWDFNQRZ
39
Polyalphabetic substitution cipher
• Cipher alphabet for the plain alphabet may be different at different
places during the encryption process.
• Examples:
• Playfair cipher
• Vigenere cipher
40
Playfair cipher
• Encrypting and Decrypting:
• Plaintext encrypted two letters at a time:
• STEP1: if a pair is a repeated letter, insert a filler like 'X', eg. "balloon"
encrypts as "ba lx lo on"
• STEP2: If both letters fall in the same row, replace each with letter to right
(wrapping back to start from end)
• STEP3: if both letters fall in the same column, replace each with the letter
below it (again wrapping to top from bottom)
• STEP4: otherwise each letter is replaced by the
one in its row in the column of the other
letter of the pair
41
Playfair example
• Plain text = classical ciphers are easily breakable.
• Key = ENCRYPT
• Cipher system = playfair
E N C R Y
P T A B D
F G H I/J K
L M O Q S
U V W X Z
42
Playfair cipher steps:
• Two letters at a time
• Plaintext: “tell him about me”
TE LL HI MA BO UT ME
• Step2-step4
TE LX LH IM AB OU TM EX
PN QU OF GQ BD LW GV RU
Ciphertext: PNQUOFGQBDLWGVRU
43
Vigenere Cipher
• Idea: Uses Caesar's cipher with various shifts, in order to hide the
distribution of the letters.
• A key defines the shift used in each letter in the text
• A key word is repeated as many times as required to become the
same length
44
Vigenere Cipher examples
Example1:
Plain text: I attack
Key: 234
Ciphertext: KDXVDGM
Example 2:
Plain text : I attack
Key: exam
Ciphertext: NYRGFAL
45
Polygraphic substitution cipher
• Works on multiple letters at the same time
• Hill cipher
46
Hill cipher
•
3 0 2
2 0 -2
0 1 1
0.2 0.2 0
-0.2 0.3 1
0.2 -0.3 0
47
To encrypt plaintext using matrix M
• Plaintext=‘abc’
• Key = matrix M
• Cipher = Hill cipher considering a=1, b=2, c=3
• Encryption achieved my multiplying matrix M by values of
plaintext grouped 3 letters at a time
3 0 2 0 4
Ciphertext C= 2 0 -2 . 1 = -4
0 1 1 2 3
48
Decryption hill cipher
•
0.2 0.2 0 4 0
-0.2 0.3 1 -4 1
0.2 -0.3 0 3 2
49
Next Class
☞ Mandatory reading for the next class
https://ieeexplore.ieee.org/document/8686758
50
Classical cryptography
Most of them not in use nowadays
51
Classical transposition cipher
• Is a method of encryption by which the positions held by units
of plaintext (which are commonly characters or groups of
characters) are shifted according to a regular system, so that
the ciphertext constitutes a permutation of the plaintext.
• Transposition cipher, simple data encryption scheme in which
plaintext characters are shuffled in some regular pattern to
form cipher text.
• Rail Fence cipher
• Columnar transposition
• Double transposition
52
Rail fence cipher
• The rail fence cipher (sometimes called zigzag cipher) is a
transposition cipher that jumbles up the order of the letters of
a message using a basic algorithm.
• The rail fence cipher works by writing your message on
alternate lines across the page, and then reading off each line
in turn.
53
Rail fence example
• Plaintext: “this is a secret message”
• Key =2
• Cipher system: rail fence
• Ciphertext:
T I I A E R T E S G
H S S S C E M S A E
• TIIAERTESGHSSSCEMSAE
54
Columnar transposition cipher
• In a columnar transposition, the message is written out in rows
of a fixed length, and then read out again column by column,
and the columns are chosen in some scrambled order.
• Both the width of the rows and the permutation of the columns
are usually defined by a keyword.
• For example, the keyword ZEBRAS is of length 6, and the
permutation is defined by the alphabetical order of the letters in
the keyword. In this case, the order would be "6 3 2 4 1 5".
• In a regular columnar transposition cipher, any spare spaces are
filled with nulls;
55
Encryption:
• For example, suppose we use the keyword ZEBRAS and the message WE ARE DISCOVERED. FLEE
6 3 2 4 1 5
AT ONCE.
Z E B R A S
W E A R E D
I S C O V E
R E D F L E
E A T O N C
• providing five nulls (QKJEU), these letters can be
E X- X- X-J X-E X-
randomly selected as they just fill out the incomplete Q K U
57
Double transposition Cipher
• Double Transposition consists of two applications of columnar
transposition to a message. The two applications may use the
same key for each of the two steps, or they may use different
keys.
58
Example
2 1 3 4
• Plaintext “We are discovered flee at once”H E L P
• Key1: zebras E V L N
E A C D
• Key2: help T K E S
• Ciphertext after key1: E A Q R
59
Steganography
Uses of Steganography
• Governments
• Individuals
Steganography & Cryptography
• Steganography and Cryptography are closely related
• The difference is in their goals...
• Cryptography: although encypted and unreadable, the
existence of data is not hidden
• Steganography: no knowledge of the existence of the data
• Steganography and Cryptography can be used together to
produce better protection
Digital Watermarking
Image “painted” with the watermark: “Invisible Man” © 1997, Neil F. Johnson
Digital Watermarking
• Used primarily for identification
• Embedding a unique piece of information within a medium
(typically an image) without noticeably altering the medium
• Almost impossible to remove without seriously degrading an
image
Types of Digital Steganography
• Hiding a Message inside Text
• Hiding a Message inside Images
• Most popular technique
• Hiding a Message inside Audio and Video Files
Hiding a Message inside Text
• Partially effective
• First-letter algorithm
• Every n-th character
• Altering the amount of whitespace
• Using a publicly available cover source
Hiding a Message inside Images
• The most popular medium!
source: wikipedia.org
Next Class
☞ Mandatory reading for the next class
☞ https://users.encs.concordia.ca/~youssef/Publications/Papers/C
ryptanalysis%20of%20Simple%20Substitution%20Ciphers%20Usi
ng%20Particle%20Swarm.pdf
70
Classical ciphers cryptanalysis
Without key get the secret data
71
Cryptanalysis
• This video focus on cryptanalysis
• hacker wants to recover key or plaintext
• hacker is not bound by any rules
• For example, hacker might attack the implementation, not the
algorithm itself
72
Definition of Secure
• A cryptosystem is secure if the best know attack is to try all
possible keys
• Cryptosystem is insecure if any shortcut attack is known
• By this definition, an insecure system might be harder to break
than a secure system!
73
Cryptanalysis attack
74
Cryptanalytic Attacks
• Ciphertext only
• only know algorithm & ciphertext, is statistical, know
or can identify plaintext
• Known plaintext
• know/suspect plaintext & ciphertext
• Chosen plaintext
• select plaintext and obtain ciphertext
• Chosen ciphertext
• select ciphertext and obtain plaintext
75
Ciphertext-Only Attack
• Ciphertext-only attack: only know algorithm & ciphertext, is
statistical, know or can identify plaintext
76
Known-Plaintext Attack
• know/suspect plaintext & ciphertext
77
Chosen-Plaintext Attack
• select plaintext and obtain ciphertext
78
Chosen-Ciphertext Attack
• select ciphertext and obtain plaintext
79
Theoretical Cryptanalysis
• Think that a cipher has a 100 bit key
• Then keyspace is of size 2100
• Think there is a shortcut attack with “work” equal to testing about
280 keys
• If hacker can test 230 per second
• Then she finds key in 36 million years
• Better than 37 trillion, but not practical
80
Why Study Cryptanalysis?
82
Cryptanalysis of Caesar cipher
what is this? can you try find the sentence written here?
FRPPRQFDHVDUFLSKHULVHDVLOBGHFUHSWHG
83
Cryptanalysis of the Columnar Transposition Cipher
84
Next Class
☞ Mandatory reading for the next class
☞ https://brilliant.org/courses/probability/
85
S Rajashree
Computer Science and Engineering
BNMIT, Bengaluru
10 June 2020 86