SlideShare a Scribd company logo

CNIT 141: 1. Encryption

Sam Bowne
Sam Bowne

For a college course https://samsclass.info/141/141_F21.shtml

Education
1 of 44
Download to read offline
CNIT 141 Cryptography for Computer Networks 1. Encryption Updated on 8-25-2021
Topics • The Basics • Classical Ciphers • How Ciphers Work • Perfect Encryption: The One-Time Pad • Encryption Security • Asymmetric Encryption • When Ciphers Do More Than Encryption • How Things Can Go Wrong
The Basics • P: Plaintext • K: Key • C: Ciphertext • E: Encryption via cipher • D: Decryption via cipher
Classical Ciphers
Caesar Cipher
Caesar Cipher in Python
Brute Force Attack
Vigenere Cipher • Shift varies with a repeated keyword • Combine several Caesar ciphers together
Breaking the Vigenere Cipher • Find repeating ciphertext to deduce key length • Use frequency analysis
Frequency Analysis • From Wikipedia
Modified Caesar Program • Converts to uppercase • Preserves spaces
Encrypt a Paragraph
Frequency Counter
How Ciphers Work
Two Components • Permutation • Transforms one letter to another letter • In Caesar cipher, shift letter three places • Mode of Operation • Algorithm to handle messages of arbitrary size • In Caesar cipher, process each letter independently
Permutation Security • Permutation should be determined by the key • If key is secret, attacker can’t easily decrypt • Different keys should result in different permutations • Permutation should look random • No pattern in ciphertext
Mode of Operation • Caesar cipher encrypts letters one at a time • Double letters remain doubled • HELLO -> KHOOR • Patterns in plaintext are preserved in ciphertext • Insecure (now called “Electronic Code Book” mode) • More secure modes encrypt repeated text differently each time
Perfect Encryption: The One-Time Pad
XOR • XOR combines two bits • 0 ^ 0 = 0 • 0 ^ 1 = 1 • 1 ^ 0 = 1 • 1 ^ 1 = 0
Encrypting a Stream of Bits • Plain: ABC = 0100 0001 0100 0010 0100 0011 • Key: 0110 0110 0110 0101 1010 111 0 • Cipher: 0010 0111 0010 0111 1110 110 1 • Key must be random and never re-used • Key must be longer than all the plaintexts you want to send
Unbreakable • If an attacker uses a brute-force attack • Trying all possible keys • They get all possible letter sequences • No way to identify the correct decryption
Encryption Security
Attack Models • Set requirements for cryptographers who design ciphers • So they know what attacks to prevent • Give guidelines to users • Whether a cipher is safe in their environment • Provide clues for cryptanalysts who attempt to break ciphers • Is an attack doable in the model considered?
Attack Models
Kerckhoff’s Principle • The key is secret • The cipher is not secret
Black-Box Models No knowledge of cipher operation • Ciphertext-Only Attack (COA) • Attacker sees only C • Known-Plaintext Attack (KPA) • Attacker knows P and C • Chosen-Plaintext Attack (CPA) • Attacker can perform encryption for any P • Chosen-Ciphertext Attack (CCA) • Attacker can perform encryption and decryption
Gray-Box Models • Attacker has access to the implementation • Can tamper with the system’s internals • Side-channel attack • Attacker measures something else about the cipher’s operation • Such as timing or power consumption • Noninvasive — does not alter integrity of system
Gray-Box Models • Invasive attacks • Modify system • Examples • Using acid to dissolve parts of a microchip • Injecting faults with lasers
Security Goals • Indistinguishability • Ciphertext should be indistinguishable from a random string • Non-malleability • Ciphertext cannot be altered and produce meaningful plaintext
Security Notions • IND-CPA • Indistinguishability against a Chosen- Plaintext Attack • Also called semantic security • Two identical plaintext strings must result in different ciphertexts • Accomplished by adding “random” bits each time you encrypt
Asymmetric Encryption • Uses two keys • Also called Public-Key encryption • Public key freely published to everyone • Private key held secret • Will be covered in later chapters—everything in this chapter is about symmetric encryption
When Ciphers Do More Than Encryption
Authenticated Encryption • Returns an authentication tag with the ciphertext • Tag ensures integrity of the message and also authenticates the author • Authenticated Encryption with Associated Data (AEAD) • Another variant
Format-Preserving Encryption • Normally encryption takes inputs as bits and returns outputs as bits • Could be written as hex, base64, etc. • Format-Preserving Encryption returns ciphertext in the same format as the plaintext • Zip code -> Zip code • IP address -> IP address
Fully Homomorphic Encryption • Allows modification of encrypted data without decrypting it • The first FHE scheme was created in 2009 • Very slow
Searchable Encryption • Searches encrypted data without decrypting it • Using an encrypted search string • Protects privacy of search engine users
Tweakable Encryption • Adds a “tweak” parameter to normal encryption • Such as a unique customer number • Acts like an Initialization Vector in CBC • Main application is disk encryption
How Things Can Go Wrong
Weak Cipher • 2G phone networks used the A5/1 cipher • Vulnerable to a time-memory trade-off attack • Using large lookup tables to speed up an attack
Wrong Model • Padding Oracle attack • If a user submitted data that decrypted to a valid string, that was taken as authentication • Even if the string contained nonsense • Server provided error messages for incorrect padding • Those errors can be used to find valid ciphertext without knowing the key
CNIT 141: 1. Encryption

Recommended

CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
Sam Bowne
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
Sam Bowne
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Sam Bowne
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and Guidelines
WSO2
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
Mazin Alwaaly
 

Recommended

CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
Sam Bowne
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
Sam Bowne
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Sam Bowne
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and Guidelines
WSO2
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
Mazin Alwaaly
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed Hashing
Sam Bowne
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
F5 Networks
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
Mohamed El-Serngawy
 
Kerberos
KerberosKerberos
Kerberos
Sutanu Paul
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
CSNP
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
Sam Bowne
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro
Sam Bowne
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
Sam Bowne
 
Snort
SnortSnort
Snort
Stickman Hai
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
Cryptography
CryptographyCryptography
Cryptography
Rutuja Solkar
 
Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxTopic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptx
UrjaDhabarde
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
InfosecTrain
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
Sam Bowne
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
Sam Bowne
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
Sam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
Sam Bowne
 

More Related Content

What's hot

Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 

What's hot (20)

CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed Hashing
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
Kerberos
KerberosKerberos
Kerberos
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
Snort
SnortSnort
Snort
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Cryptography
CryptographyCryptography
Cryptography
 
Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxTopic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptx
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
 

Similar to CNIT 141: 1. Encryption

«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
0xdec0de
 

Similar to CNIT 141: 1. Encryption (20)

CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
Cryptography
CryptographyCryptography
Cryptography
 
CompTIASecPLUS-Part6 - UnlimitedEdited.pptx
CompTIASecPLUS-Part6 - UnlimitedEdited.pptxCompTIASecPLUS-Part6 - UnlimitedEdited.pptx
CompTIASecPLUS-Part6 - UnlimitedEdited.pptx
 
Cryptography
CryptographyCryptography
Cryptography
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - Workshop
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptography
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphers
 
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
 
Information and network security 10 classical encryption techniques
Information and network security 10 classical encryption techniquesInformation and network security 10 classical encryption techniques
Information and network security 10 classical encryption techniques
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Hybrid Cryptography with examples in Ruby and Go
Hybrid Cryptography with examples in Ruby and GoHybrid Cryptography with examples in Ruby and Go
Hybrid Cryptography with examples in Ruby and Go
 
Symmetric ciphermodel
Symmetric ciphermodelSymmetric ciphermodel
Symmetric ciphermodel
 

More from Sam Bowne

More from Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Recently uploaded

Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
httgc7rh9c
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 

CNIT 141: 1. Encryption

  • 1. CNIT 141 Cryptography for Computer Networks 1. Encryption Updated on 8-25-2021
  • 2. Topics • The Basics • Classical Ciphers • How Ciphers Work • Perfect Encryption: The One-Time Pad • Encryption Security • Asymmetric Encryption • When Ciphers Do More Than Encryption • How Things Can Go Wrong
  • 3. The Basics • P: Plaintext • K: Key • C: Ciphertext • E: Encryption via cipher • D: Decryption via cipher
  • 8. Vigenere Cipher • Shift varies with a repeated keyword • Combine several Caesar ciphers together
  • 9. Breaking the Vigenere Cipher • Find repeating ciphertext to deduce key length • Use frequency analysis
  • 11. Modified Caesar Program • Converts to uppercase • Preserves spaces
  • 14.
  • 16. Two Components • Permutation • Transforms one letter to another letter • In Caesar cipher, shift letter three places • Mode of Operation • Algorithm to handle messages of arbitrary size • In Caesar cipher, process each letter independently
  • 17. Permutation Security • Permutation should be determined by the key • If key is secret, attacker can’t easily decrypt • Different keys should result in different permutations • Permutation should look random • No pattern in ciphertext
  • 18. Mode of Operation • Caesar cipher encrypts letters one at a time • Double letters remain doubled • HELLO -> KHOOR • Patterns in plaintext are preserved in ciphertext • Insecure (now called “Electronic Code Book” mode) • More secure modes encrypt repeated text differently each time
  • 20. XOR • XOR combines two bits • 0 ^ 0 = 0 • 0 ^ 1 = 1 • 1 ^ 0 = 1 • 1 ^ 1 = 0
  • 21. Encrypting a Stream of Bits • Plain: ABC = 0100 0001 0100 0010 0100 0011 • Key: 0110 0110 0110 0101 1010 111 0 • Cipher: 0010 0111 0010 0111 1110 110 1 • Key must be random and never re-used • Key must be longer than all the plaintexts you want to send
  • 22. Unbreakable • If an attacker uses a brute-force attack • Trying all possible keys • They get all possible letter sequences • No way to identify the correct decryption
  • 23.
  • 25. Attack Models • Set requirements for cryptographers who design ciphers • So they know what attacks to prevent • Give guidelines to users • Whether a cipher is safe in their environment • Provide clues for cryptanalysts who attempt to break ciphers • Is an attack doable in the model considered?
  • 27. Kerckhoff’s Principle • The key is secret • The cipher is not secret
  • 28. Black-Box Models No knowledge of cipher operation • Ciphertext-Only Attack (COA) • Attacker sees only C • Known-Plaintext Attack (KPA) • Attacker knows P and C • Chosen-Plaintext Attack (CPA) • Attacker can perform encryption for any P • Chosen-Ciphertext Attack (CCA) • Attacker can perform encryption and decryption
  • 29. Gray-Box Models • Attacker has access to the implementation • Can tamper with the system’s internals • Side-channel attack • Attacker measures something else about the cipher’s operation • Such as timing or power consumption • Noninvasive — does not alter integrity of system
  • 30. Gray-Box Models • Invasive attacks • Modify system • Examples • Using acid to dissolve parts of a microchip • Injecting faults with lasers
  • 31. Security Goals • Indistinguishability • Ciphertext should be indistinguishable from a random string • Non-malleability • Ciphertext cannot be altered and produce meaningful plaintext
  • 32. Security Notions • IND-CPA • Indistinguishability against a Chosen- Plaintext Attack • Also called semantic security • Two identical plaintext strings must result in different ciphertexts • Accomplished by adding “random” bits each time you encrypt
  • 33. Asymmetric Encryption • Uses two keys • Also called Public-Key encryption • Public key freely published to everyone • Private key held secret • Will be covered in later chapters—everything in this chapter is about symmetric encryption
  • 34. When Ciphers Do More Than Encryption
  • 35. Authenticated Encryption • Returns an authentication tag with the ciphertext • Tag ensures integrity of the message and also authenticates the author • Authenticated Encryption with Associated Data (AEAD) • Another variant
  • 36. Format-Preserving Encryption • Normally encryption takes inputs as bits and returns outputs as bits • Could be written as hex, base64, etc. • Format-Preserving Encryption returns ciphertext in the same format as the plaintext • Zip code -> Zip code • IP address -> IP address
  • 37. Fully Homomorphic Encryption • Allows modification of encrypted data without decrypting it • The first FHE scheme was created in 2009 • Very slow
  • 38. Searchable Encryption • Searches encrypted data without decrypting it • Using an encrypted search string • Protects privacy of search engine users
  • 39.
  • 40. Tweakable Encryption • Adds a “tweak” parameter to normal encryption • Such as a unique customer number • Acts like an Initialization Vector in CBC • Main application is disk encryption
  • 41. How Things Can Go Wrong
  • 42. Weak Cipher • 2G phone networks used the A5/1 cipher • Vulnerable to a time-memory trade-off attack • Using large lookup tables to speed up an attack
  • 43. Wrong Model • Padding Oracle attack • If a user submitted data that decrypted to a valid string, that was taken as authentication • Even if the string contained nonsense • Server provided error messages for incorrect padding • Those errors can be used to find valid ciphertext without knowing the key