SlideShare a Scribd company logo

Lecture 02 - 05 Oct 21.pptx

Download as PPTX, PDF
H
HammadRao5

This document provides an overview of cryptography concepts including symmetric and asymmetric encryption, hash functions, and cryptographic algorithms like the Enigma machine and the Data Encryption Standard (DES). It discusses how Enigma worked using electromechanical rotors to scramble letters and how settings were changed daily to encrypt messages. It also explains the design of DES, including its use of Feistel networks, substitution boxes, and key scheduling to encrypt data in 64-bit blocks using a 56-bit key. The document notes attacks that have been performed on DES like brute force searches and analytic attacks like differential and linear cryptanalysis. It concludes with discussing principles for designing secure block ciphers.

1 of 54
Lecture 2 Introduction to Cryptography Dr. Shafqat Cheema 05 Oct 2021
Flashback  IS deals with CIA  Intro to Cryptography – Terminologies  Symmetric / Asymmetric Cryptography  Malicious Programs  We often say a term brute force attack. So what it actually is? 2
Enigma 3  The Enigma machine was invented by the German engineer Arthur Scherbius at the end of World War I  Enigma has an electromechanical rotor mechanism that scrambles the 26 letters of the alphabet.
Enigma 4  In typical use, one person enters text on the Enigma's keyboard and another person writes down which of 26 lights above the keyboard lights up at each key press. If plain text is entered, the lit-up letters are the encoded ciphertext. Entering ciphertext transforms it back into readable plaintext.  The rotor mechanism changes the electrical connections between the keys and the lights with each keypress.  The security of the system depends on a set of machine settings that were generally changed daily during the war, based on secret key lists distributed in advance, and on other settings that were changed for each message.
Enigma 5 The receiving station has to know and use the exact settings employed by the transmitting station to successfully decrypt a message. While Germany introduced a series of improvements to Enigma over the years, and these hampered decryption efforts to varying degrees, they did not ultimately prevent Britain and its allies from exploiting Enigma-encoded messages as a major source of intelligence during the war.
Malware Countermeasures
Signatures: A Malware Countermeasure  Scan compare the analyzed object with a database of signatures  A signature is a virus fingerprint – E.g.,a string with a sequence of instructions specific for each virus – Different from a digital signature  A file is infected if there is a signature inside its code – Fast pattern matching techniques to search for signatures  All the signatures together create the malware database that usually is proprietary 7
White/Black Listing  Maintain database of cryptographic hashes for – Operating system files – Popular applications – Known infected files  Compute hash of each file in hard drives  Look up into database to compare  Needs to protect the integrity of the database  Example: TripWire software 8
Heuristic Analysis  Useful to identify new and “zero day” malware  Code analysis – Based on the instructions, the antivirus can determine whether or not the program is malicious, i.e., program contains instruction to delete system files,  Execution emulation – Run code in isolated emulation environment • Such as in Virtual Machine – Monitor actions that target file takes – If the actions are harmful, mark as virus  Heuristic methods can trigger false alarms 9
Shield vs. On-demand  Shield – Background process (service/daemon) – Scans each time a file is touched (open, copy, execute, etc.) On-demand • Scan on explicit user request or according to regular schedule • On a suspicious file, directory, drive, etc. 10
Online vs Offline Anti Virus Software Online  Free browser plug-in  Authentication through third party certificate (i.e. VeriSign)  No shielding  Software and signatures update at each scan  Poorly configurable  Scan needs internet connection  Report collected by the company that offers the service Offline  Paid annual subscription  Installed on the OS  Software distributed securely by the vendor online or a retailer  System shielding  Scheduled software and signatures updates  Easily configurable  Scan without internet connection  Report collected locally and may be sent to vendor 11
Quarantine  A suspicious file can be isolated in a folder called quarantine: – E.g,. if the result of the heuristic analysis is positive and you are waiting for db signatures update  The suspicious file is not deleted but made harmless: the user can decide when to remove it or eventually restore for a false positive – Interacting with a file in quarantine it is possible only through the antivirus program  The file in quarantine is harmless because it is encrypted  Usually the quarantine technique is proprietary and the details are kept secret 12
Static vs. Dynamic Analysis Static Analysis  Checks the code without trying to execute it  Quick scan in white list  Filtering: scan with different antivirus and check if they return same result with different name  Weeding: remove the correct part of files as junk to better identify the virus  Code analysis: check binary code to understand if it is an executable, e.g., PE  Disassembling: check if the byte code shows something unusual Dynamic Analysis  Check the execution of codes inside a virtual sandbox  Monitor – File changes – Registry changes – Processes and threads – Networks ports 13
Cryptographic Algorithms
Types of Cryptography 15  Symmetric Key Cryptography  Asymmetric Key Cryptography  Hash Functions
Symmetric Key Cryptography - Examples 16 Data Encryption Standard (DES) The Data Encryption Standard was published in 1977 by the US National Bureau of Standards. It uses 56 bit key and maps a 64 bit input block of plaintext onto a 64 bit block of ciphertext. 56 bits is a rather small key for today's computing power.
Problems with Conventional Cryptography 17 Key Management Symmetric-key systems are simpler and faster; their main drawback is that the two parties must somehow exchange the key in a secure way and keep it secure after that. Key Management caused nightmare for the parties using the symmetric key cryptography. They were worried about how to get the keys safely and securely across to all users. This gave the chance for third parties to intercept the keys in transit to decode the top-secret messages. Thus, if the key was compromised, the entire coding system was compromised and a “Secret” would no longer remain a “Secret”. This is why the “Public Key Cryptography” came into existence.
Asymmetric Key Cryptography 18 Asymmetric cryptography , also known as Public-key cryptography, refers to a cryptographic algorithm which requires two separate keys, one of which is private and one of which is public. The public key is used to encrypt the message and the private one is used to decrypt the message.
Asymmetric Key Cryptography 19 Public Key Cryptography is a very advanced form of cryptography. Officially, it was invented by Whitfield Diffie and Martin Hellman in 1975. The basic technique of public key cryptography was first discovered in 1973 by the British Clifford Cocks of Communications-Electronics Security Group (CESG) of (Government Communications Headquarters - GCHQ) but this was a secret until 1997.
Comparison 20
Hash Functions 21 A cryptographic hash function is a function that takes an arbitrary block of data and returns a fixed-size bit string, the cryptographic hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the message, and the hash value is sometimes called the message digest or simply digest.
Hash Functions 22 An ideal cryptographic hash function has four main properties:  it is deterministic, same message always results in the same hash  it is easy to compute the hash value for any given message  it is infeasible to generate a message that has a given hash  it is infeasible to modify a message without changing the hash  it is infeasible to find two different messages with the same hash.
Hash Functions 23 Collusion Discovery In March 2005 Xiaoyun Wang and Hongbo Yu of Shandong University in China created a pair of files that share the same MD5 checksum hence prove that there is a collusion when using MD5 $ md5sum file1.dat MD5 Sum = a4c0d35c95a63a805915367dcfe6b751 $ md5sum file2.dat MD5 Sum = a4c0d35c95a63a805915367dcfe6b751 Visit the following websites for more information http://www.mscs.dal.ca/~selinger/md5collision/ http://www.x-ways.net/md5collision.html
Block vs Stream Ciphers  Block ciphers process messages in blocks, each of which is then en/decrypted  Like a substitution on very big characters – 64-bits or more  Stream ciphers process messages a bit or byte at a time when en/decrypting  Many current ciphers are block ciphers – better analyzed – broader range of applications
Block vs Stream Ciphers
Block Cipher Principles  Most symmetric block ciphers are based on a Feistel Cipher Structure  Must be able to decrypt ciphertext to recover messages efficiently  Block ciphers look like an extremely large substitution  264 entries for a 64-bit block  instead create from smaller building blocks  using idea of a product cipher
Claude Shannon and Substitution – Permutation Ciphers  Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paper  form basis of modern block ciphers  S-P networks are based on the two primitive cryptographic operations:  substitution (S-box)  permutation (P-box)  provide confusion & diffusion of message & key
Confusion and Diffusion  cipher needs to completely obscure statistical properties of original message  a one-time pad does this  more practically Shannon suggested combining S & P elements to obtain:  diffusion – dissipates statistical structure of plaintext over bulk of ciphertext  confusion – makes relationship between ciphertext and key as complex as possible
Feistel Cipher Structure  Horst Feistel devised the feistel cipher – based on concept of invertible product cipher  partitions input block into two halves – process through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves  implements Shannon’s S-P net concept
Feistel Cipher Structure
Feistel Cipher Structure
Feistel Cipher Design Elements  block size  key size  number of rounds  subkey generation algorithm  round function  fast software en/decryption  ease of analysis
Data Encryption Standard (DES)
Data Encryption Standard (DES)  most widely used block cipher in world till it became obsolete  adopted in 1977 by NBS (now NIST) – as FIPS PUB 46  encrypts 64-bit data using 56-bit key  has widespread use  has been considerable controversy over its security
DES History  IBM developed Lucifer cipher – by team led by Feistel in late 60’s – used 64-bit data blocks with 128-bit key  then redeveloped as a commercial cipher with input from NSA and others  in 1973 NBS issued request for proposals for a national cipher standard  IBM submitted their revised Lucifer which was eventually accepted as the DES
DES Design Controversy  although DES standard is public  was considerable controversy over design – in choice of 56-bit key (vs Lucifer 128-bit) – and because design criteria were classified  subsequent events and public analysis show in fact design was appropriate  use of DES had flourished – especially in financial applications – still standardised for legacy application use
DES Round Structure  uses two 32-bit L & R halves  as for any Feistel cipher can describe as: Li = Ri–1 Ri = Li–1  F(Ri–1, Ki)  F takes 32-bit R half and 48-bit subkey: – expands R to 48-bits using permutation – adds to subkey using XOR – passes through 8 S-boxes to get 32-bit result – finally permutes using 32-bit permutation
DES – Round Structure
DES – One Round
Initial Permutation IP  first step of the data computation  IP reorders the input data bits  even bits to LH half, odd bits to RH half
DES Round Structure
Substitution Boxes S  have eight S-boxes which map 6 to 4 bits  each S-box is actually 4 little 4 bit boxes  outer bits 1 & 6 (row bits) select one row of 4  inner bits 2-5 (col bits) are substituted  result is 8 lots of 4 bits, or 32 bits  row selection depends on both data & key  feature known as autoclaving (autokeying)
DES Key Schedule  forms subkeys used in each round  initial permutation of the key (PC1) which selects 56- bits in two 28-bit halves  16 stages consisting of: • rotating each half separately either 1 or 2 places depending on the key rotation schedule K • selecting 24-bits from each half & permuting them by to use in round function F
DES Decryption  decrypt must unwind steps of data computation  with Feistel design, do encryption steps again using subkeys in reverse order (SK16 … SK1) – IP undoes final FP step of encryption – 1st round with SK16 undoes 16th encrypt round – …. – 16th round with SK1 undoes 1st encrypt round – then final FP undoes initial encryption IP – thus recovering original data value
DES Decryption
Avalanche Effect 46 • key desirable property of any encryption algorithm • want a change of one input or key bit to result in changing approx half output bits • making attempts to “home-in” by guessing keys impossible • DES exhibits strong avalanche
Strength of DES 47 •56-bit keys have 256 = 7.2 x 1016 values •brute force search looks hard •past advances have shown it is possible –in 1997 on Internet in a few months –in 1998 on dedicated h/w (EFF) in a few days –in 1999 above combined in 22hrs! –Nowadays … can do it on a desktop! •still, it must be possible to recognize plaintext •forced consideration of alternatives to DES
Attacks on DES – Timing Attack 48 •attacks actual implementation of cipher •use knowledge of consequences of implementation to derive information about some/all subkey bits •specifically use fact that calculations can take varying times depending on the value of the inputs to it •particularly problematic on smartcards
Attacks on DES – Analytic Attacks 49 • now have several analytic attacks on DES • these utilise some deep structure of the cipher –by gathering information about encryptions –can eventually recover some/all of the sub-key bits –if necessary then exhaustively search for the rest • generally these are statistical attacks –differential cryptanalysis –linear cryptanalysis –related key attacks
Attacks on DES – Analytic Attacks 50 Differential Cryptanalysis • one of the most significant (public) advances in cryptanalysis • known by NSA in 70's … influenced DES • Murphy, Biham & Shamir published in 90’s • powerful method to analyse block ciphers • used to analyse most current block ciphers with varying degrees of success • DES reasonably resistant to it.
Attacks on DES – Analytic Attacks 51 Linear Cryptanalysis • another recent development • also a statistical method • must be iterated over rounds, with decreasing probabilities • developed by Matsui et al in early 90's • based on finding linear approximations • can attack DES with 243 known plaintexts • easier but still in practise infeasible
DES Design Criteria 52 •as reported by Coppersmith in 1994 •7 criteria for S-boxes provide for –non-linearity –resistance to differential cryptanalysis –good confusion •3 criteria for permutation P provide for –increased diffusion
Block Cipher Design 53 Many principles from Feistel in 70s still hold • number of rounds –more is better, make exhaustive search the best attack option • function f: –provides “confusion”, is nonlinear, avalanche –issues of how S-boxes are selected • key schedule –complex subkey creation, key avalanche
54 Q & A

Recommended

White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
Durgesh Malviya
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
AdiseshaK
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
Prof. Dr. K. Adisesha
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdf
AdiseshaK
 
Encryption
EncryptionEncryption
Encryption
Vijay Kumar
 
Cryptography
CryptographyCryptography
Cryptography
amiable_indian
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
Vanda KANY
 

Recommended

White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
Durgesh Malviya
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
AdiseshaK
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
Prof. Dr. K. Adisesha
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdf
AdiseshaK
 
Encryption
EncryptionEncryption
Encryption
Vijay Kumar
 
Cryptography
CryptographyCryptography
Cryptography
amiable_indian
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
Vanda KANY
 
Unit 2
Unit 2Unit 2
Unit 2
Vinod Kumar Gorrepati
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
ijtsrd
 
DOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYDOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITY
Tuhin_Das
 
H42063743
H42063743H42063743
H42063743
IJERA Editor
 
Data encryption
Data encryptionData encryption
Data encryption
Balvant Biradar
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security Encryption
Joel Briza
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
7wounders
 
s117
s117s117
s117
s1170034
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
Information Technology
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
SecurityTube.Net
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
editor1knowledgecuddle
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
Password hacking
Password hackingPassword hacking
Password hacking
Mr. FM
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
AFRINIC
 
Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2
editor1knowledgecuddle
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
ams1ams11
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithm
Ijcem Journal
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
eSAT Publishing House
 
security issue
security issuesecurity issue
security issue
JAINIK PATEL
 
sieving analysis and results interpretation
sieving analysis and results interpretationsieving analysis and results interpretation
sieving analysis and results interpretation
ssuser36d3051
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 

More Related Content

Similar to Lecture 02 - 05 Oct 21.pptx

Unit 2
Unit 2Unit 2
Unit 2
Vinod Kumar Gorrepati
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
ijtsrd
 
DOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYDOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITY
Tuhin_Das
 
H42063743
H42063743H42063743
H42063743
IJERA Editor
 
Data encryption
Data encryptionData encryption
Data encryption
Balvant Biradar
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security Encryption
Joel Briza
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
7wounders
 
s117
s117s117
s117
s1170034
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
Information Technology
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
SecurityTube.Net
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
editor1knowledgecuddle
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
Password hacking
Password hackingPassword hacking
Password hacking
Mr. FM
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
AFRINIC
 
Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2
editor1knowledgecuddle
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
ams1ams11
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithm
Ijcem Journal
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
eSAT Publishing House
 
security issue
security issuesecurity issue
security issue
JAINIK PATEL
 

Similar to Lecture 02 - 05 Oct 21.pptx (20)

Unit 2
Unit 2Unit 2
Unit 2
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
 
DOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYDOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITY
 
H42063743
H42063743H42063743
H42063743
 
Data encryption
Data encryptionData encryption
Data encryption
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security Encryption
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
s117
s117s117
s117
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
 
Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2
 
Password hacking
Password hackingPassword hacking
Password hacking
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithm
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
 
security issue
security issuesecurity issue
security issue
 

Recently uploaded

sieving analysis and results interpretation
sieving analysis and results interpretationsieving analysis and results interpretation
sieving analysis and results interpretation
ssuser36d3051
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
MIGUELANGEL966976
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
Dr Ramhari Poudyal
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
NidhalKahouli2
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
Victor Morales
 
International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...
gerogepatton
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
nooriasukmaningtyas
 
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
Mukeshwaran Balu
 
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
awadeshbabu
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
Heat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation pptHeat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation ppt
mamunhossenbd75
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 

Recently uploaded (20)

sieving analysis and results interpretation
sieving analysis and results interpretationsieving analysis and results interpretation
sieving analysis and results interpretation
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
 
International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
 
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
 
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
Heat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation pptHeat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation ppt
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 

Lecture 02 - 05 Oct 21.pptx

  • 1. Lecture 2 Introduction to Cryptography Dr. Shafqat Cheema 05 Oct 2021
  • 2. Flashback  IS deals with CIA  Intro to Cryptography – Terminologies  Symmetric / Asymmetric Cryptography  Malicious Programs  We often say a term brute force attack. So what it actually is? 2
  • 3. Enigma 3  The Enigma machine was invented by the German engineer Arthur Scherbius at the end of World War I  Enigma has an electromechanical rotor mechanism that scrambles the 26 letters of the alphabet.
  • 4. Enigma 4  In typical use, one person enters text on the Enigma's keyboard and another person writes down which of 26 lights above the keyboard lights up at each key press. If plain text is entered, the lit-up letters are the encoded ciphertext. Entering ciphertext transforms it back into readable plaintext.  The rotor mechanism changes the electrical connections between the keys and the lights with each keypress.  The security of the system depends on a set of machine settings that were generally changed daily during the war, based on secret key lists distributed in advance, and on other settings that were changed for each message.
  • 5. Enigma 5 The receiving station has to know and use the exact settings employed by the transmitting station to successfully decrypt a message. While Germany introduced a series of improvements to Enigma over the years, and these hampered decryption efforts to varying degrees, they did not ultimately prevent Britain and its allies from exploiting Enigma-encoded messages as a major source of intelligence during the war.
  • 7. Signatures: A Malware Countermeasure  Scan compare the analyzed object with a database of signatures  A signature is a virus fingerprint – E.g.,a string with a sequence of instructions specific for each virus – Different from a digital signature  A file is infected if there is a signature inside its code – Fast pattern matching techniques to search for signatures  All the signatures together create the malware database that usually is proprietary 7
  • 8. White/Black Listing  Maintain database of cryptographic hashes for – Operating system files – Popular applications – Known infected files  Compute hash of each file in hard drives  Look up into database to compare  Needs to protect the integrity of the database  Example: TripWire software 8
  • 9. Heuristic Analysis  Useful to identify new and “zero day” malware  Code analysis – Based on the instructions, the antivirus can determine whether or not the program is malicious, i.e., program contains instruction to delete system files,  Execution emulation – Run code in isolated emulation environment • Such as in Virtual Machine – Monitor actions that target file takes – If the actions are harmful, mark as virus  Heuristic methods can trigger false alarms 9
  • 10. Shield vs. On-demand  Shield – Background process (service/daemon) – Scans each time a file is touched (open, copy, execute, etc.) On-demand • Scan on explicit user request or according to regular schedule • On a suspicious file, directory, drive, etc. 10
  • 11. Online vs Offline Anti Virus Software Online  Free browser plug-in  Authentication through third party certificate (i.e. VeriSign)  No shielding  Software and signatures update at each scan  Poorly configurable  Scan needs internet connection  Report collected by the company that offers the service Offline  Paid annual subscription  Installed on the OS  Software distributed securely by the vendor online or a retailer  System shielding  Scheduled software and signatures updates  Easily configurable  Scan without internet connection  Report collected locally and may be sent to vendor 11
  • 12. Quarantine  A suspicious file can be isolated in a folder called quarantine: – E.g,. if the result of the heuristic analysis is positive and you are waiting for db signatures update  The suspicious file is not deleted but made harmless: the user can decide when to remove it or eventually restore for a false positive – Interacting with a file in quarantine it is possible only through the antivirus program  The file in quarantine is harmless because it is encrypted  Usually the quarantine technique is proprietary and the details are kept secret 12
  • 13. Static vs. Dynamic Analysis Static Analysis  Checks the code without trying to execute it  Quick scan in white list  Filtering: scan with different antivirus and check if they return same result with different name  Weeding: remove the correct part of files as junk to better identify the virus  Code analysis: check binary code to understand if it is an executable, e.g., PE  Disassembling: check if the byte code shows something unusual Dynamic Analysis  Check the execution of codes inside a virtual sandbox  Monitor – File changes – Registry changes – Processes and threads – Networks ports 13
  • 15. Types of Cryptography 15  Symmetric Key Cryptography  Asymmetric Key Cryptography  Hash Functions
  • 16. Symmetric Key Cryptography - Examples 16 Data Encryption Standard (DES) The Data Encryption Standard was published in 1977 by the US National Bureau of Standards. It uses 56 bit key and maps a 64 bit input block of plaintext onto a 64 bit block of ciphertext. 56 bits is a rather small key for today's computing power.
  • 17. Problems with Conventional Cryptography 17 Key Management Symmetric-key systems are simpler and faster; their main drawback is that the two parties must somehow exchange the key in a secure way and keep it secure after that. Key Management caused nightmare for the parties using the symmetric key cryptography. They were worried about how to get the keys safely and securely across to all users. This gave the chance for third parties to intercept the keys in transit to decode the top-secret messages. Thus, if the key was compromised, the entire coding system was compromised and a “Secret” would no longer remain a “Secret”. This is why the “Public Key Cryptography” came into existence.
  • 18. Asymmetric Key Cryptography 18 Asymmetric cryptography , also known as Public-key cryptography, refers to a cryptographic algorithm which requires two separate keys, one of which is private and one of which is public. The public key is used to encrypt the message and the private one is used to decrypt the message.
  • 19. Asymmetric Key Cryptography 19 Public Key Cryptography is a very advanced form of cryptography. Officially, it was invented by Whitfield Diffie and Martin Hellman in 1975. The basic technique of public key cryptography was first discovered in 1973 by the British Clifford Cocks of Communications-Electronics Security Group (CESG) of (Government Communications Headquarters - GCHQ) but this was a secret until 1997.
  • 21. Hash Functions 21 A cryptographic hash function is a function that takes an arbitrary block of data and returns a fixed-size bit string, the cryptographic hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the message, and the hash value is sometimes called the message digest or simply digest.
  • 22. Hash Functions 22 An ideal cryptographic hash function has four main properties:  it is deterministic, same message always results in the same hash  it is easy to compute the hash value for any given message  it is infeasible to generate a message that has a given hash  it is infeasible to modify a message without changing the hash  it is infeasible to find two different messages with the same hash.
  • 23. Hash Functions 23 Collusion Discovery In March 2005 Xiaoyun Wang and Hongbo Yu of Shandong University in China created a pair of files that share the same MD5 checksum hence prove that there is a collusion when using MD5 $ md5sum file1.dat MD5 Sum = a4c0d35c95a63a805915367dcfe6b751 $ md5sum file2.dat MD5 Sum = a4c0d35c95a63a805915367dcfe6b751 Visit the following websites for more information http://www.mscs.dal.ca/~selinger/md5collision/ http://www.x-ways.net/md5collision.html
  • 24. Block vs Stream Ciphers  Block ciphers process messages in blocks, each of which is then en/decrypted  Like a substitution on very big characters – 64-bits or more  Stream ciphers process messages a bit or byte at a time when en/decrypting  Many current ciphers are block ciphers – better analyzed – broader range of applications
  • 25. Block vs Stream Ciphers
  • 26. Block Cipher Principles  Most symmetric block ciphers are based on a Feistel Cipher Structure  Must be able to decrypt ciphertext to recover messages efficiently  Block ciphers look like an extremely large substitution  264 entries for a 64-bit block  instead create from smaller building blocks  using idea of a product cipher
  • 27. Claude Shannon and Substitution – Permutation Ciphers  Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paper  form basis of modern block ciphers  S-P networks are based on the two primitive cryptographic operations:  substitution (S-box)  permutation (P-box)  provide confusion & diffusion of message & key
  • 28. Confusion and Diffusion  cipher needs to completely obscure statistical properties of original message  a one-time pad does this  more practically Shannon suggested combining S & P elements to obtain:  diffusion – dissipates statistical structure of plaintext over bulk of ciphertext  confusion – makes relationship between ciphertext and key as complex as possible
  • 29. Feistel Cipher Structure  Horst Feistel devised the feistel cipher – based on concept of invertible product cipher  partitions input block into two halves – process through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves  implements Shannon’s S-P net concept
  • 32. Feistel Cipher Design Elements  block size  key size  number of rounds  subkey generation algorithm  round function  fast software en/decryption  ease of analysis
  • 34. Data Encryption Standard (DES)  most widely used block cipher in world till it became obsolete  adopted in 1977 by NBS (now NIST) – as FIPS PUB 46  encrypts 64-bit data using 56-bit key  has widespread use  has been considerable controversy over its security
  • 35. DES History  IBM developed Lucifer cipher – by team led by Feistel in late 60’s – used 64-bit data blocks with 128-bit key  then redeveloped as a commercial cipher with input from NSA and others  in 1973 NBS issued request for proposals for a national cipher standard  IBM submitted their revised Lucifer which was eventually accepted as the DES
  • 36. DES Design Controversy  although DES standard is public  was considerable controversy over design – in choice of 56-bit key (vs Lucifer 128-bit) – and because design criteria were classified  subsequent events and public analysis show in fact design was appropriate  use of DES had flourished – especially in financial applications – still standardised for legacy application use
  • 37. DES Round Structure  uses two 32-bit L & R halves  as for any Feistel cipher can describe as: Li = Ri–1 Ri = Li–1  F(Ri–1, Ki)  F takes 32-bit R half and 48-bit subkey: – expands R to 48-bits using permutation – adds to subkey using XOR – passes through 8 S-boxes to get 32-bit result – finally permutes using 32-bit permutation
  • 38. DES – Round Structure
  • 39. DES – One Round
  • 40. Initial Permutation IP  first step of the data computation  IP reorders the input data bits  even bits to LH half, odd bits to RH half
  • 42. Substitution Boxes S  have eight S-boxes which map 6 to 4 bits  each S-box is actually 4 little 4 bit boxes  outer bits 1 & 6 (row bits) select one row of 4  inner bits 2-5 (col bits) are substituted  result is 8 lots of 4 bits, or 32 bits  row selection depends on both data & key  feature known as autoclaving (autokeying)
  • 43. DES Key Schedule  forms subkeys used in each round  initial permutation of the key (PC1) which selects 56- bits in two 28-bit halves  16 stages consisting of: • rotating each half separately either 1 or 2 places depending on the key rotation schedule K • selecting 24-bits from each half & permuting them by to use in round function F
  • 44. DES Decryption  decrypt must unwind steps of data computation  with Feistel design, do encryption steps again using subkeys in reverse order (SK16 … SK1) – IP undoes final FP step of encryption – 1st round with SK16 undoes 16th encrypt round – …. – 16th round with SK1 undoes 1st encrypt round – then final FP undoes initial encryption IP – thus recovering original data value
  • 46. Avalanche Effect 46 • key desirable property of any encryption algorithm • want a change of one input or key bit to result in changing approx half output bits • making attempts to “home-in” by guessing keys impossible • DES exhibits strong avalanche
  • 47. Strength of DES 47 •56-bit keys have 256 = 7.2 x 1016 values •brute force search looks hard •past advances have shown it is possible –in 1997 on Internet in a few months –in 1998 on dedicated h/w (EFF) in a few days –in 1999 above combined in 22hrs! –Nowadays … can do it on a desktop! •still, it must be possible to recognize plaintext •forced consideration of alternatives to DES
  • 48. Attacks on DES – Timing Attack 48 •attacks actual implementation of cipher •use knowledge of consequences of implementation to derive information about some/all subkey bits •specifically use fact that calculations can take varying times depending on the value of the inputs to it •particularly problematic on smartcards
  • 49. Attacks on DES – Analytic Attacks 49 • now have several analytic attacks on DES • these utilise some deep structure of the cipher –by gathering information about encryptions –can eventually recover some/all of the sub-key bits –if necessary then exhaustively search for the rest • generally these are statistical attacks –differential cryptanalysis –linear cryptanalysis –related key attacks
  • 50. Attacks on DES – Analytic Attacks 50 Differential Cryptanalysis • one of the most significant (public) advances in cryptanalysis • known by NSA in 70's … influenced DES • Murphy, Biham & Shamir published in 90’s • powerful method to analyse block ciphers • used to analyse most current block ciphers with varying degrees of success • DES reasonably resistant to it.
  • 51. Attacks on DES – Analytic Attacks 51 Linear Cryptanalysis • another recent development • also a statistical method • must be iterated over rounds, with decreasing probabilities • developed by Matsui et al in early 90's • based on finding linear approximations • can attack DES with 243 known plaintexts • easier but still in practise infeasible
  • 52. DES Design Criteria 52 •as reported by Coppersmith in 1994 •7 criteria for S-boxes provide for –non-linearity –resistance to differential cryptanalysis –good confusion •3 criteria for permutation P provide for –increased diffusion
  • 53. Block Cipher Design 53 Many principles from Feistel in 70s still hold • number of rounds –more is better, make exhaustive search the best attack option • function f: –provides “confusion”, is nonlinear, avalanche –issues of how S-boxes are selected • key schedule –complex subkey creation, key avalanche