Your SlideShare is downloading. ×
0
Informa(on 
Security 
Tech 
Talk 
Aug 
4th 
2014 
Dirk 
Zi=ersteyn
Informa(on 
security 
Three 
main 
goals
Keep 
your 
data 
secure
Make 
sure 
people 
can’t 
change 
your 
data
Make 
sure 
your 
informa(on 
stays 
available
Confiden(ality 
Integrity 
Availability
Confiden(ality 
Integrity 
Availability
Availability 
Subject 
for 
another 
talk
Confiden(ality 
and 
Integrity 
Two 
sides 
of 
the 
same 
coin 
If 
you 
can’t 
guarantee 
integrity, 
confiden(ality 
is...
Cryptography 
Confiden(ality 
Integrity 
(a 
bit)
Basic 
Terminology: 
Plaintext 
Encryp(on 
Key 
Ciphertext 
Decryp(on 
Key 
Plaintext
Basic 
Terminology: 
Plaintext 
Encryp(on 
Key 
Ciphertext 
Decryp(on 
Key 
Plaintext 
= 
Symmetric 
encryp(on
Basic 
Terminology: 
Plaintext 
Encryp(on 
Key 
Ciphertext 
Decryp(on 
Key 
Plaintext 
≠ 
Asymmetric 
encryp(on
Founda(ons 
Kerckhoffs 
(1835 
– 
1903) 
Shannon 
(1916 
– 
2001)
Auguste 
Kerckhoffs 
La 
Cryptographie 
Militaire 
(1883)
Kerckhoffs’ 
principle 
The design of a system should not 
require secrecy
Kerckhoffs’ 
principle 
The design of a system should not 
require secrecy 
and compromise of the system 
should not incon...
Kerckhoffs’ 
principle 
Open Source your method
Kerckhoffs’ 
principle 
Security 
is 
in 
the 
key
Claude 
Shannon 
Perfect 
Secrecy 
Confusion 
Diffusion
Claude 
Shannon 
"Perfect Secrecy" is defined by requiring of a 
system that after a cryptogram 
is intercepted by the ene...
In 
other 
words: 
The 
enemy 
learns 
nothing.
Claude 
Shannon 
Confusion: 
Rela(on 
plaintext 
-­‐ 
ciphertext
Claude 
Shannon 
Diffusion: 
Posi(on 
of 
plaintext 
in 
ciphertext
Back 
in 
the 
days… 
Caesar 
Cipher
caesar 
= 
alpha[n:] 
+ 
alpha[:n]
caesar(‘Hello World’, 3) 
= 
‘KHOOR ZRUOG’
Decrypt 
Simple.
Decrypt 
A 
li=le… 
too 
simple.
for i in range(26): 
print caesar('KHOOR ZRUOG', i)
0: KHOOR ZRUOG 
1: LIPPS ASVPH 
2: MJQQT BTWQI 
3: NKRRU CUXRJ 
4: OLSSV DVYSK 
5: PMTTW EWZTL 
6: QNUUX FXAUM 
7: ROVVY G...
ecuritysay 
oughthray 
obscurityyay
ecuritysay 
oughthray 
obscurityyay 
They 
simply 
assumed 
no-­‐one 
would 
think 
t 
o 
decrypt 
it 
(they 
even 
hardco...
KHOOR Z'RUOG! 
(Klingons 
never 
bluff) 
They 
hoped 
people 
would 
think 
it 
was 
some 
language 
they 
did 
not 
under...
Kerckhoffs’ 
principle
Improving 
Caesar 
shi` 
Keyspace 
≈ 
26
Generalizing 
Caesar 
shi` 
ABCDEFGHIJKLMNOPQRSTUVWXYZ 
alpha = alpha[n:] + alpha[:n] 
DEFGHIJKLMNOPQRSTUVWXYZABC
Subs(tu(on 
cipher 
ABCDEFGHIJKLMNOPQRSTUVWXYZ 
alpha = random.shuffle(alpha) 
WGLOJTYUDZQXKVAFHMBPECRNIS
Subs(tu(on 
cipher 
Keyspace 
≈ 
26! 
403291461126605635584000000
Secure?
You 
intercept: 
MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A 
ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD ...
English 
le=er 
freq’s
Message 
le=er 
freq’s
Pre=y 
similar! 
English 
Message
a 
d
ab 
do
abc 
dok
abcdefghijklmnopqrstuvwxyz 
dokutbnvrxcespalyhzmwqjfgi
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi 
aoeutsnhrcxkbdpjyvzmwqlfgi 
Actual 
key
Similar 
enough 
to 
come 
close 
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi 
aoeutsnhrcxkbdpjyvzmwqlfgi 
Actual 
key
More 
work 
needed 
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi 
aoeutsnhrcxkbdpjyvzmwqlfgi 
Actual 
key
There 
are 
some 
pre=y 
big 
mismatches
Decoded 
with 
guessed 
key 
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O 
STOTEFEAT ODNWTED BY TRE LNATIAEATOC ...
We’ve 
assumed 
it’s 
English 
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O 
STOTEFEAT ODNWTED BY TRE LNATIAEATO...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O 
STOTEFEAT ODN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O 
StOteFeAt ODN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O 
StOteFeAt ODN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O 
stOteFeAt ODN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O 
stOteFeAt ODN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adN...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration oM indeWendence is the usual naFe oM a 
stateFent ado...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of indeWendence is the usual naFe of a 
stateFent ado...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of independence is the usual naFe of a 
stateFent ado...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of independence is the usual name of a 
statement ado...
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of independence is the usual name of a 
statement ado...
Cracked! 
So, 
let’s 
adap(ng 
it 
in 
a 
different 
way
Change 
the 
shi` 
each 
le=er
Plaintext: 
supersecretmessageyoushouldnotsee 
Key: 
donotlook
Repeat 
the 
key 
supersecretmessageyoushouldnotsee 
donotlookdonotlookdonotlookdonotl
Add 
plaintext 
and 
key 
supersecretmessageyoushouldnotsee 
donotlookdonotlookdonotlookdonotl 
--------------------------...
This 
is 
the 
Vigenère 
Cipher 
Named 
for 
Blaise 
de 
Vigenère 
(1523 
– 
1596)
This 
is 
the 
Vigenère 
Cipher 
Actually 
invented 
by 
Giovan 
Bapsta 
Bellaso 
(1505 
– 
??)
Also 
known 
as: 
Le 
Chiffre 
Indéchiffrable 
(The 
Unbreakable 
Cipher)
Secure?
Brute 
Force: 
possibili(es 
(n 
= 
9 
-­‐> 
10795636100592)
Frequency 
analysis? 
Ciphertext 
English
First: 
Guess 
the 
key 
length
Repeated 
words, 
repeated 
key 
Key: ABCDABCDABCDABCDABCDABCDABCD 
Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY 
Ciphertext: C...
Repeated 
words, 
repeated 
key 
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
Repeated 
words, 
repeated 
key 
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR 
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1...
Repeated 
words, 
repeated 
key 
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR 
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1...
Repeated 
words, 
repeated 
key 
[18, 9, 6, 3, 2, 1] 
∩ 
[30, 15, 10, 6, 5, 3, 2, 1] 
= 
[6, 3, 2, 1]
Repeated 
words, 
repeated 
key 
[18, 9, 6, 3, 2, 1] 
∩ 
[30, 15, 10, 6, 5, 3, 2, 1] 
= 
[6, 3, 2, 1]
When 
you 
assume 
You 
make 
an 
ass 
out 
of 
u 
and 
me
When 
you 
assume 
There 
might 
not 
be 
any 
repeated 
words 
at 
the 
right 
spots
If 
the 
key 
length 
= 
2 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABABABABABABABABABABABABABABABABABA...
If 
the 
key 
length 
= 
2 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABABABABABABABABABABABABABABABABABA...
If 
the 
key 
length 
= 
2 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABABABABABABABABABABABABABABABABABA...
If 
the 
key 
length 
= 
3 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABCABCABCABCABCABCABCABCABCABCABCAB...
Let’s 
try 
this! 
Encoded 
a 
plaintext 
with 
key 
‘SECRET’
Split 
the 
ciphertext,
Split 
the 
ciphertext, 
Sort 
characters 
by 
frequency
Split 
the 
ciphertext, 
Sort 
characters 
by 
frequency 
Sum 
highest 
frequencies, 
second 
highest, 
etc.
secret
secret 
s e c 
r e t
Now 
that 
we 
know 
the 
key 
length, 
This 
is 
not 
that 
different 
from 
subs(tu(on 
cipher
Cracked! 
Principle 
is 
easy 
Doing 
it 
by 
hand 
is 
tedious
Cracked! 
smurfoncrack.com/pygenere/ 
source: 
smurfoncrack.com/pygenere/pygenere.py
Is 
there 
any 
truly 
secure 
method?
Yes.
The 
One-­‐Time 
pad 
Looks 
like 
Vigenère.
The 
One-­‐Time 
pad 
Create 
a 
long 
key, 
without 
repeFFon
The 
One-­‐Time 
pad 
Create 
a 
long 
key, 
without 
repeFFon 
Securely 
share 
it 
between 
both 
par(es
The 
One-­‐Time 
pad 
To 
send 
a 
message:
Plaintext attackatdawn 
Key owbxelcixrql 
------------ + 
Ciphertext opuxgvcbarmy
And 
then:
And 
then: 
Destroy 
the 
key
One-­‐Time 
pad
This 
is 
provably 
perfectly 
secure 
You 
can’t 
even 
brute 
force 
it!
This 
is 
provably 
perfectly 
secure 
opuxgvcbarmy 
owbxelcixrql 
------------ - 
attackatdawn 
opuxgvcbarmy 
elqinoymwrk...
This 
is 
provably 
perfectly 
secure 
So 
why 
don’t 
we 
all 
use 
it?
Why 
we 
don’t 
use 
it: 
You 
need 
to 
share 
the 
key 
securely, 
But 
how?
Out 
of 
band 
communica(on 
How 
the 
spies 
did 
it 
Before 
the 
mission, 
they 
received 
a 
codebook
Out 
of 
band 
communica(on 
How 
the 
spies 
did 
it 
But 
imprac(cal 
for 
ordinary 
use
In 
band 
communica(on 
Safe 
channel 
through 
which 
to 
send 
the 
key
In 
band 
communica(on 
Just 
use 
that 
channel 
to 
send 
the 
message.
They 
all 
have 
in 
common: 
Confusion 
✓ 
Diffusion 
✗
Why 
do 
you 
need 
diffusion? 
e.g. 
image 
encryp(on
Using 
a 
block 
cipher 
Encodes 
blocks 
of 
data
Electronic 
Code 
Book 
(ECB) 
Blocks 
with 
the 
same 
data 
are 
encoded 
as 
the 
same 
data
Encode 
this 
image 
with 
ECB: 
24-­‐bits 
bmp
“Encrypted” 
(a`er 
header 
restora(on)
Cipher 
block 
chaining 
Does 
do 
diffusion
Looks 
like 
noise.
Methods 
covered 
so 
far: 
Brute 
Force 
Caesar 
Cipher
Methods 
covered 
so 
far: 
Brute 
Force 
Caesar 
Cipher 
Founda(onal 
weakness 
Vigenère, 
Subs9tu9on, 
ECB
Next 
up: 
Mad 
Science
Next 
up: 
Mad 
Science 
Side 
channel 
a=acks
Tradi(onal 
model 
Plaintext 
E 
Key 
Ciphertext 
D 
Key 
Plaintext
Side 
channel 
model 
Plaintext 
E 
Key 
Ciphertext 
D 
Key 
Plaintext 
Heat 
Timing 
Heat 
Timing
Simple 
example 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x !...
Simple 
example 
if input == password: 
login() 
else: 
error()
Simple 
example 
1000 * input = '-' 
Wall time: 817 μs 
1000 * input = '--' 
Wall time: 2.14 ms 
1000 * input = '---' 
Wal...
Simple 
example 
1000 * input = '-' 
Wall time: 817 μs 
1000 * input = '--' 
Wall time: 2.14 ms 
1000 * input = '---' 
Wal...
Simple 
example 
1000 * input = '-' 
Wall time: 817 μs 
1000 * input = '--' 
Wall time: 2.14 ms 
1000 * input = '---' 
Wal...
Simple 
example 
1000 * input = 'a-' 
Wall time: 2.15 ms 
1000 * input = 'b-' 
Wall time: 2.33 ms 
1000 * input = 'c-' 
Wa...
Simple 
example 
1000 * input = 'a-' 
Wall time: 2.15 ms 
1000 * input = 'b-' 
Wall time: 2.33 ms 
1000 * input = 'c-' 
Wa...
Simple 
example 
1000 * input = 'ba' 
Wall time: 2.33 ms 
1000 * input = 'bb' 
LOGGED IN! (2.47 ms) 
1000 * input = 'bc' 
...
Simple 
example 
1000 * input = 'ba' 
Wall time: 2.33 ms 
1000 * input = 'bb' 
LOGGED IN! (2.47 ms) 
1000 * input = 'bc' 
...
Simple 
example 
This 
simple 
error 
has 
reduced 
your 
keyspace 
From 
26n 
to 
26n
This 
isn’t 
really 
MAD 
science…
Power 
consump(on 
of 
a 
CPU 
during 
RSA 
computa(on.
0
0 
1 
…
Crypto 
is 
a 
minefield
h=p://www.moserware.com/2009/09/s(ck-­‐figure-­‐guide-­‐to-­‐advanced.html
Methods 
covered 
so 
far: 
Brute 
Force 
Caesar 
Cipher 
Founda(onal 
weakness 
Vigenère, 
Subs9tu9on, 
ECB 
Side 
channe...
Last 
but 
not 
least 
Rubber-­‐Hose 
Cryptanalysis
[..] 
In 
which 
a 
rubber 
hose 
is 
applied 
forcefully 
and 
frequently 
to 
the 
soles 
of 
the 
feet, 
un9l 
the 
key...
What 
haven’t 
I 
covered? 
Asymmetric 
encryp(on 
public 
– 
private 
key 
… 
A 
lot 
of 
math 
Diffie 
– 
Hellman 
key 
...
MORE!!! 
Great 
intro 
to 
a 
great 
encryp(on 
standard 
A 
s(ck 
figure 
guide 
to 
AES 
Awesome 
primer 
for 
InfoSec 
...
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
Upcoming SlideShare
Loading in...5
×

Information security - Paylogic TechTalk 2014

2,425

Published on

A primer in information security, giving an intro to the foundations, examples of different kinds vulnerabilities, and a bunch of extra info.

Published in: Internet, Software

Transcript of "Information security - Paylogic TechTalk 2014"

  1. 1. Informa(on Security Tech Talk Aug 4th 2014 Dirk Zi=ersteyn
  2. 2. Informa(on security Three main goals
  3. 3. Keep your data secure
  4. 4. Make sure people can’t change your data
  5. 5. Make sure your informa(on stays available
  6. 6. Confiden(ality Integrity Availability
  7. 7. Confiden(ality Integrity Availability
  8. 8. Availability Subject for another talk
  9. 9. Confiden(ality and Integrity Two sides of the same coin If you can’t guarantee integrity, confiden(ality is useless, and vice-­‐versa.
  10. 10. Cryptography Confiden(ality Integrity (a bit)
  11. 11. Basic Terminology: Plaintext Encryp(on Key Ciphertext Decryp(on Key Plaintext
  12. 12. Basic Terminology: Plaintext Encryp(on Key Ciphertext Decryp(on Key Plaintext = Symmetric encryp(on
  13. 13. Basic Terminology: Plaintext Encryp(on Key Ciphertext Decryp(on Key Plaintext ≠ Asymmetric encryp(on
  14. 14. Founda(ons Kerckhoffs (1835 – 1903) Shannon (1916 – 2001)
  15. 15. Auguste Kerckhoffs La Cryptographie Militaire (1883)
  16. 16. Kerckhoffs’ principle The design of a system should not require secrecy
  17. 17. Kerckhoffs’ principle The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents
  18. 18. Kerckhoffs’ principle Open Source your method
  19. 19. Kerckhoffs’ principle Security is in the key
  20. 20. Claude Shannon Perfect Secrecy Confusion Diffusion
  21. 21. Claude Shannon "Perfect Secrecy" is defined by requiring of a system that after a cryptogram is intercepted by the enemy, the a posteriori probabilities of this cryptogram representing various messages be identically the same as the a priori probabilities of the same messages before the interception
  22. 22. In other words: The enemy learns nothing.
  23. 23. Claude Shannon Confusion: Rela(on plaintext -­‐ ciphertext
  24. 24. Claude Shannon Diffusion: Posi(on of plaintext in ciphertext
  25. 25. Back in the days… Caesar Cipher
  26. 26. caesar = alpha[n:] + alpha[:n]
  27. 27. caesar(‘Hello World’, 3) = ‘KHOOR ZRUOG’
  28. 28. Decrypt Simple.
  29. 29. Decrypt A li=le… too simple.
  30. 30. for i in range(26): print caesar('KHOOR ZRUOG', i)
  31. 31. 0: KHOOR ZRUOG 1: LIPPS ASVPH 2: MJQQT BTWQI 3: NKRRU CUXRJ 4: OLSSV DVYSK 5: PMTTW EWZTL 6: QNUUX FXAUM 7: ROVVY GYBVN 8: SPWWZ HZCWO 9: TQXXA IADXP 10: URYYB JBEYQ 11: VSZZC KCFZR 12: WTAAD LDGAS 13: XUBBE MEHBT 14: YVCCF NFICU 15: ZWDDG OGJDV 16: AXEEH PHKEW 17: BYFFI QILFX 18: CZGGJ RJMGY 19: DAHHK SKNHZ 20: EBIIL TLOIA 21: FCJJM UMPJB 22: GDKKN VNQKC 23: HELLO WORLD 24: IFMMP XPSME 25: JGNNQ YQTNF
  32. 32. ecuritysay oughthray obscurityyay
  33. 33. ecuritysay oughthray obscurityyay They simply assumed no-­‐one would think t o decrypt it (they even hardcoded the number by which is was shi`ed: 3)
  34. 34. KHOOR Z'RUOG! (Klingons never bluff) They hoped people would think it was some language they did not understand
  35. 35. Kerckhoffs’ principle
  36. 36. Improving Caesar shi` Keyspace ≈ 26
  37. 37. Generalizing Caesar shi` ABCDEFGHIJKLMNOPQRSTUVWXYZ alpha = alpha[n:] + alpha[:n] DEFGHIJKLMNOPQRSTUVWXYZABC
  38. 38. Subs(tu(on cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ alpha = random.shuffle(alpha) WGLOJTYUDZQXKVAFHMBPECRNIS
  39. 39. Subs(tu(on cipher Keyspace ≈ 26! 403291461126605635584000000
  40. 40. Secure?
  41. 41. You intercept: MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD CWKG 4, 1776, LHREH ADDPWDETU MHAM MHT MHRVMTTD ABTVREAD EPKPDRTZ, MHTD AM LAV LRMH NVTAM OVRMARD, VTNAVUTU MHTBZTKQTZ AZ MHRVMTTD DTLKG RDUTJTDUTDM ZPQTVTRND ZMAMTZ, ADU DP KPDNTV A JAVM PS MHT OVRMRZH TBJRVT. RDZMTAU MHTG SPVBTU A DTL DAMRPD - MHT WDRMTU ZMAMTZ PS ABTVREA. CPHD AUABZ LAZ A KTAUTV RD JWZHRDN SPV RDUTJTDUTDET, LHREH LAZ WDADRBPWZKG AJJVPQTU PD CWKG 2. A EPBBRMMTT PS SRQT HAU AKVTAUG UVASMTU MHT SPVBAK UTEKAVAMRPD, MP OT VTAUG LHTD EPDNVTZZ QPMTU PD RDUTJTDUTDET. MHT MTVB "UTEKAVAMRPD PS RDUTJTDUTDET" RZ DPM WZTU RD MHT UPEWBTDM RMZTKS. …
  42. 42. English le=er freq’s
  43. 43. Message le=er freq’s
  44. 44. Pre=y similar! English Message
  45. 45. a d
  46. 46. ab do
  47. 47. abc dok
  48. 48. abcdefghijklmnopqrstuvwxyz dokutbnvrxcespalyhzmwqjfgi
  49. 49. Guessed key dokutbnvrxcespalyhzmwqjfgi
  50. 50. Guessed key dokutbnvrxcespalyhzmwqjfgi aoeutsnhrcxkbdpjyvzmwqlfgi Actual key
  51. 51. Similar enough to come close Guessed key dokutbnvrxcespalyhzmwqjfgi aoeutsnhrcxkbdpjyvzmwqlfgi Actual key
  52. 52. More work needed Guessed key dokutbnvrxcespalyhzmwqjfgi aoeutsnhrcxkbdpjyvzmwqlfgi Actual key
  53. 53. There are some pre=y big mismatches
  54. 54. Decoded with guessed key TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
  55. 55. We’ve assumed it’s English TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM. So let’s find some English words
  56. 56. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
  57. 57. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
  58. 58. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
  59. 59. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
  60. 60. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
  61. 61. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  62. 62. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  63. 63. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  64. 64. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  65. 65. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  66. 66. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  67. 67. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  68. 68. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  69. 69. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration oM indeWendence is the usual naFe oM a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart oM the british eFWire. instead they MorFed a new nation - the united states oM aFerica. Kohn adaFs was a leader in Wushing Mor indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee oM MiVe had already draMted the MorFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration oM indeWendence" is not used in the docuFent itselM.
  70. 70. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of indeWendence is the usual naFe of a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart of the british eFWire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in Wushing for indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration of indeWendence" is not used in the docuFent itself.
  71. 71. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of independence is the usual naFe of a stateFent adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly independent soVereign states, and no longer a part of the british eFpire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in pushing for independence, which was unaniFously approVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on independence. the terF "declaration of independence" is not used in the docuFent itself.
  72. 72. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of independence is the usual name of a statement adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselVes as thirteen newly independent soVereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. Kohn adams was a leader in pushing for independence, which was unanimously approVed on Kuly 2. a committee of fiVe had already drafted the formal declaration, to be ready when congress Voted on independence. the term "declaration of independence" is not used in the document itself.
  73. 73. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of independence is the usual name of a statement adopted by the continental congress on july 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselves as thirteen newly independent sovereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. john adams was a leader in pushing for independence, which was unanimously approved on july 2. a committee of five had already drafted the formal declaration, to be ready when congress voted on independence. the term "declaration of independence" is not used in the document itself.
  74. 74. Cracked! So, let’s adap(ng it in a different way
  75. 75. Change the shi` each le=er
  76. 76. Plaintext: supersecretmessageyoushouldnotsee Key: donotlook
  77. 77. Repeat the key supersecretmessageyoushouldnotsee donotlookdonotlookdonotlookdonotl
  78. 78. Add plaintext and key supersecretmessageyoushouldnotsee donotlookdonotlookdonotlookdonotl --------------------------------- vicskdsqbhhzsldouobchgaziznqcggxp +
  79. 79. This is the Vigenère Cipher Named for Blaise de Vigenère (1523 – 1596)
  80. 80. This is the Vigenère Cipher Actually invented by Giovan Bapsta Bellaso (1505 – ??)
  81. 81. Also known as: Le Chiffre Indéchiffrable (The Unbreakable Cipher)
  82. 82. Secure?
  83. 83. Brute Force: possibili(es (n = 9 -­‐> 10795636100592)
  84. 84. Frequency analysis? Ciphertext English
  85. 85. First: Guess the key length
  86. 86. Repeated words, repeated key Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB
  87. 87. Repeated words, repeated key VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
  88. 88. Repeated words, repeated key VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]
  89. 89. Repeated words, repeated key VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1] QUCE -> QUCE = 30 -> [30, 15, 10, 6, 5, 3, 2, 1]
  90. 90. Repeated words, repeated key [18, 9, 6, 3, 2, 1] ∩ [30, 15, 10, 6, 5, 3, 2, 1] = [6, 3, 2, 1]
  91. 91. Repeated words, repeated key [18, 9, 6, 3, 2, 1] ∩ [30, 15, 10, 6, 5, 3, 2, 1] = [6, 3, 2, 1]
  92. 92. When you assume You make an ass out of u and me
  93. 93. When you assume There might not be any repeated words at the right spots
  94. 94. If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
  95. 95. If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB
  96. 96. If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB Should be a standard letter distribution
  97. 97. If the key length = 3 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABC uwwibwtjabkxauvawvx hpnnhjmlpfvmkwrhnll djdgiclddahcjyfuhbe AAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCCC Should be a standard letter distribution
  98. 98. Let’s try this! Encoded a plaintext with key ‘SECRET’
  99. 99. Split the ciphertext,
  100. 100. Split the ciphertext, Sort characters by frequency
  101. 101. Split the ciphertext, Sort characters by frequency Sum highest frequencies, second highest, etc.
  102. 102. secret
  103. 103. secret s e c r e t
  104. 104. Now that we know the key length, This is not that different from subs(tu(on cipher
  105. 105. Cracked! Principle is easy Doing it by hand is tedious
  106. 106. Cracked! smurfoncrack.com/pygenere/ source: smurfoncrack.com/pygenere/pygenere.py
  107. 107. Is there any truly secure method?
  108. 108. Yes.
  109. 109. The One-­‐Time pad Looks like Vigenère.
  110. 110. The One-­‐Time pad Create a long key, without repeFFon
  111. 111. The One-­‐Time pad Create a long key, without repeFFon Securely share it between both par(es
  112. 112. The One-­‐Time pad To send a message:
  113. 113. Plaintext attackatdawn Key owbxelcixrql ------------ + Ciphertext opuxgvcbarmy
  114. 114. And then:
  115. 115. And then: Destroy the key
  116. 116. One-­‐Time pad
  117. 117. This is provably perfectly secure You can’t even brute force it!
  118. 118. This is provably perfectly secure opuxgvcbarmy owbxelcixrql ------------ - attackatdawn opuxgvcbarmy elqinoymwrku ------------ - keepthepeace
  119. 119. This is provably perfectly secure So why don’t we all use it?
  120. 120. Why we don’t use it: You need to share the key securely, But how?
  121. 121. Out of band communica(on How the spies did it Before the mission, they received a codebook
  122. 122. Out of band communica(on How the spies did it But imprac(cal for ordinary use
  123. 123. In band communica(on Safe channel through which to send the key
  124. 124. In band communica(on Just use that channel to send the message.
  125. 125. They all have in common: Confusion ✓ Diffusion ✗
  126. 126. Why do you need diffusion? e.g. image encryp(on
  127. 127. Using a block cipher Encodes blocks of data
  128. 128. Electronic Code Book (ECB) Blocks with the same data are encoded as the same data
  129. 129. Encode this image with ECB: 24-­‐bits bmp
  130. 130. “Encrypted” (a`er header restora(on)
  131. 131. Cipher block chaining Does do diffusion
  132. 132. Looks like noise.
  133. 133. Methods covered so far: Brute Force Caesar Cipher
  134. 134. Methods covered so far: Brute Force Caesar Cipher Founda(onal weakness Vigenère, Subs9tu9on, ECB
  135. 135. Next up: Mad Science
  136. 136. Next up: Mad Science Side channel a=acks
  137. 137. Tradi(onal model Plaintext E Key Ciphertext D Key Plaintext
  138. 138. Side channel model Plaintext E Key Ciphertext D Key Plaintext Heat Timing Heat Timing
  139. 139. Simple example def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True
  140. 140. Simple example if input == password: login() else: error()
  141. 141. Simple example 1000 * input = '-' Wall time: 817 μs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 μs def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True
  142. 142. Simple example 1000 * input = '-' Wall time: 817 μs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 μs def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 0.8ms
  143. 143. Simple example 1000 * input = '-' Wall time: 817 μs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 μs def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.1ms (1 iter)
  144. 144. Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.1ms (1 iter)
  145. 145. Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.3ms (2 iter)
  146. 146. Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.3ms (2 iter)
  147. 147. Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.5ms (2 iter)
  148. 148. Simple example This simple error has reduced your keyspace From 26n to 26n
  149. 149. This isn’t really MAD science…
  150. 150. Power consump(on of a CPU during RSA computa(on.
  151. 151. 0
  152. 152. 0 1 …
  153. 153. Crypto is a minefield
  154. 154. h=p://www.moserware.com/2009/09/s(ck-­‐figure-­‐guide-­‐to-­‐advanced.html
  155. 155. Methods covered so far: Brute Force Caesar Cipher Founda(onal weakness Vigenère, Subs9tu9on, ECB Side channel a=acks Timing, Power Consump9on, Acous9c, etc.
  156. 156. Last but not least Rubber-­‐Hose Cryptanalysis
  157. 157. [..] In which a rubber hose is applied forcefully and frequently to the soles of the feet, un9l the key to the cryptosystem is discovered A process that can take a surprisingly short 9me and is quite computa9onally inexpensive sci.crypt (1990)
  158. 158. What haven’t I covered? Asymmetric encryp(on public – private key … A lot of math Diffie – Hellman key exchange Prime factoriza(on Ellip(c Curve crypto … Integrety assurance HMAC … Stream Ciphers Man in the middle AES, DES, Hashes Salts Etc.
  159. 159. MORE!!! Great intro to a great encryp(on standard A s(ck figure guide to AES Awesome primer for InfoSec Mad science side-­‐channel a=acks To Protect and Infect (Jacob Applebaum) History of the informa(on age
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×