TERMINOLOGY• Cryptology-Art and science of making “secret codes”.• Cryptography- The practice and study of hiding information.• Cryptanalysis-Art of finding some weakness and insecurity in a cryptographic scheme.
CRYPTOGRAPHIC TERMINOLOGY• Plain text-The format of the data before being encrypted.• Cipher Text-The “scrambled” format of data after being encrypted.• Key-A secret value used during the encryption and decryption process• Encryption-Method of transforming plain text into an unreadable format• Decryption-Method of obtaining the encrypted message back to its original form.
TYPES OF SYMMETRIC CIPHERS• Stream ciphers – Encrypts one bit/character at a time• Block ciphers – Break plaintext message in equal-size blocks – Encrypts each block as a unit
SUBSTITUTION CIPHER• Substituting by a character “key” places ahead of the current charactera)Monoalphabetic cipher (Stream cipher)• Eg. PlainText : THIS IS AN EASY TASK• Key : 3• Encryption : WKLV LV DQ HDVB WDVNb) Polyalphabetic cipher (Block cipher)• Eg : THIS IS AN EASY TASK.• Make group of 3 characters and a set of keys used could be 135. THI SIS ANE… Encryption : UKN TLX…
TRANSPOSITION CIPHER• Transposition ciphers use the letters of the plaintext message, but they permute the order of the letters.Encrypt : hello my dear friendKey: 21431. Remove spaces2. Divide the text into blocks of 4 characters.3. Add bogus character(s) at the end(if reqiured). hello myde arfr iendCiphertext: ehol ymed rarf eidnAfter decryption : hello myde arfr iend
VERNAM CIPHER• Each character from the plaintext is encrypted by a modular addition which a number from the secret random key pad which is of the same length as the plain text.Step 1: Convert the letters to their numeric equivalents V E R N A M C I P H E R 21 4 17 13 0 12 2 8 15 7 4 17Assume the random 2 digit no. series (key) 76 48 16 82 44 03 58 11 60 05 10 88Step 2: Add the numeric equivalent and the corresponding random no. Random no + numeric equivalent =sumSum 97 52 33 95 44 15 60 19 75 12 14 105
VERNAM CIPHERStep 3 : Perform sum mod 26 19 0 7 17 18 15 8 19 23 12 14 1Ciphertext ---- t a h r s p i t x m o bDecryptionStep 1 a = (numeric equivalent of ciphertext - key)Step 2a mod 26(if a negative then keep adding 26 till you get a positive no.)Step 3Convert numeric equivalent back to alphabet
A5/1 STREAM CIPHER• GSM uses A5/1 as a cryptographic algorithm.• Phone communication in GSM is done as a sequence of 228 bit frames.• A5/1 creates a bit stream of 228 bits in a 228 bit buffer which is EX-Ored with 228 bits of plain text to generate the ciphertext.
A5/1 STREAM CIPHER• It was initially kept secret, but became public knowledge through leaks and reverse engineering.• COPACOBANA was the first commercially available solution to break the cipher.
RC4 STREAM CIPHER• Most widely used stream cipher used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).• Designed by Ron Rivest in 1984.• Hence the name RC4( Rivest cipher 4).• Fluhrer, Mantin and Shamir attack AND Kleins Attack are a few attempts.
RC4 STREAM CIPHER• Consists of 2 parts: Key Scheduling Algorithm (KSA) & Pseudo-Random Generation Algorithm• 8 bits of the plain text is Exored with a byte of the key to produce a byte of ciphertext.• Key stream is a a sequence of bytes( can contain 1-256 bytes).
DATA ENCRYPTION STANDARD (DES)• Modern symmetric key block cipher.• Developed by IBM and then published by National Institute of standards and technology(NIST).• Vulnerable only because of its small key length.• Often used in VPN servers.
DES ALGORITHM• DES is a Feistel cipher – 64 bit block length – 56 bit key length – 16 rounds – 48 bits of key used each round (subkey)• Each round is simple (for a block cipher)• Security depends primarily on “S-boxes” – Each S-boxes maps 6 bits to 4 bits
L R key 32 28 28 expand shift shift One 48 28 28 Round32 Ki 48 of 48 compress S-boxes 28 28 DES 32 P box32 32 32 key L R
DES ATTACKS• Brute force attack• Differential cryptanalysis• Linear cryptanalysis• Improved Davies attack• distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes• Now replaced by AES
ADVANCED ENCRYPTION STANDARD (AES)• Replacement for DES• AES competition (late 90’s) – NSA openly involved – Transparent process – Many strong algorithms proposed – Rijndael Algorithm ultimately selected• Iterated block cipher (like DES)• Not a Feistel cipher (unlike DES)• 3 versions are : AES - 128 AES - 192 AES – 256• Used in Open SSL and WPA2
AES OVERVIEW• Block size: 128, 192 or 256 bits• Key length: 128, 192 or 256 bits (independent of block size)• 10 to 14 rounds (depends on key length)• Each round uses 4 functions (in 3 “layers”) – ByteSub (nonlinear layer) – ShiftRow (linear mixing layer) – MixColumn (nonlinear layer) – AddRoundKey (key addition layer)
RSA• The most common public-key algorithm is the RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman).• Applications1. To protect web traffic, in the SSL protocol (Security Socket Layer),2. To guarantee email privacy and authenticity in PGP (Pretty Good Privacy)3. To guarantee remote connection in SSH (Secure Shell)4. Furthermore it plays an important role in the modern payment systems through SET protocol (Secure Electronic Transaction).
ALGORITHM• Let p and q be two large prime numbers• Let N = pq be the modulus• Find ф(n)=(p-1).(q-1)• Choose e such that it is relatively prime to ф(n).• Choose d such that : e x d mod ф(n)=1• Public key is (N,e)• Private key is d• To encrypt message M compute – C = Me mod N• To decrypt C compute – M = Cd mod N
RSA ATTACKS• Factoring the Public Key To make RSA secure recommended size of p and q is 512 bits(154 decimal digits). This makes n 1024 bits.• Guessing d• Cycle Attack• Common Modulus
Diffie Hellman• Invented by Williamson (GCHQ) and, independently, by D and H (Stanford)• A “key exchange” algorithm – Used to establish a shared symmetric key - Not for encrypting or signing but for exchanging keys.
1. P is very large prime no and g is its primitive root.2. Alice chooses a large random no. x such that 0<= x <= p-1 and calculates R1= gx mod p.3. Bob chooses another large random no. y such that 0<= y <= p-1 and calculates R2=gy mod p.4. Alice sends R1 to Bob. Alice does not send x; she only sends R1.5. Bob sends R2 to Alice. Bob does not send y; he only sends R2.6. Alice calculates K= (R2)x mod p.7. Bob calculates K= (R1)y mod p.
ATTACKS1. Discrete logarithm attack Intruder can intercept R1 and R2. If he can find x from R1=gx mod p and y from R2=gy mod p then he can calculate k=gxy mod p2. Man in the middle attack.
SOME CRYPTOGRAPHIC HASHESa) MD5(Message Digest 5)• Developed by Ron Rivest of MIT.• Was the mostly used secure hash algorithm till it was cracked.• Takes an input msg of arbitrary length and produces as output a 128-bit message digest.• The input is processed in 512-bit block.• Attacks possible on MD5 are Bruteforce and Fast collision attacks.
SOME CRYPTOGRAPHIC HASHESb) SHA-1(Secure hash algorithm)• Developed by NIST(National Institute of standards and technology).SHA-1 Logic :• The algorithm takes as input a message with a maximum length of less than 264 bits and produces a 160-bit message digest.• The input is processed in 512-bit blocks.
TOOLS FOR CRYPTANALYSTS• Ganzúa-A cryptanalysis tool for classical ciphers• EverCrack - Open Source Cryptanalysis Engine• Leptons Crack• Online crackers
SOME RESOURCES• CRYPTOGRAPHY CLASS BY STANFORD http://www.crypto-class.org/• Awesome videos http://www.intypedia.com/• CRYPTOGRAPHY AND NETWORK SECURITY -BEHEROUZ A FOROUZAN