Security Concepts
Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
1
Information
Textbook Chapter 1
Some of the slides and figures are from textbook slides distributed by Pearson
2
Computer Security Definition
The NIST Computer Security Handbook Definition
“The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
Key points:
Confidentiality, integrity and availability
Confidentiality:
Data confidentiality: confidential information is not disclosed to unauthorized parties
Privacy: personal information should not be collected by unauthorized personnel
Integrity:
Data integrity: information should not be changed by unauthorized parties
System integrity: systems perform as intended free of unauthorized manipulation
Availability:
Systems work promptly and service is not denied to authorized user.
Information resources: hardware, software, firmware, information/data, and telecommunications
3
National Institute of Standards and Technology
Computer Security Objectives
4
CIA triad
FIPS PUB 199 characterization
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.
Integrity: Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.
Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.
Federal Information Processing Standards
Computer Security Objectives
5
Additional concepts
Authenticity: verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
Accountability: Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Tools for Confidentiality
Encryption
Transform the information using a secrete so it is useful only to the intended recipient
Access Control
Rules and policies that limit access to confidential information
Authentication
Determine identity or role of a user
Authorization
Specify the access rights or privileges to resources
Physical Security
Use physical barriers to deny unauthorized access
For example, lock and security guards
6
Tools for Integrity
Backups
Periodic archiving of data.
Checksums
Computation of a function that maps the contents of a file to a numerical value
Data correcting codes
methods for storing data in such.
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
1. Security Concepts
Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
1
Information
Textbook Chapter 1
Some of the slides and figures are from textbook slides
distributed by Pearson
2
2. Computer Security Definition
The NIST Computer Security Handbook Definition
“The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the
integrity, availability and confidentiality of information system
resources (includes hardware, software, firmware,
information/data, and telecommunications).”
Key points:
Confidentiality, integrity and availability
Confidentiality:
Data confidentiality: confidential information is not disclosed
to unauthorized parties
Privacy: personal information should not be collected by
unauthorized personnel
Integrity:
Data integrity: information should not be changed by
unauthorized parties
System integrity: systems perform as intended free of
unauthorized manipulation
Availability:
Systems work promptly and service is not denied to authorized
user.
Information resources: hardware, software, firmware,
information/data, and telecommunications
3
National Institute of Standards and Technology
3. Computer Security Objectives
4
CIA triad
FIPS PUB 199 characterization
Confidentiality: Preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information. A loss
of confidentiality is the unauthorized disclosure of information.
Integrity: Guarding against improper information modification
or destruction, including ensuring information non-repudiation
and authenticity. A loss of integrity is the unauthorized
modification or destruction of information.
Availability: Ensuring timely and reliable access to and use of
information. A loss of availability is the disruption of access to
or use of information or an information system.
Federal Information Processing Standards
4. Computer Security Objectives
5
Additional concepts
Authenticity: verifying that users are who they say they are and
that each input arriving at the system came from a trusted
source.
Accountability: Systems must keep records of their activities to
permit later forensic analysis to trace security breaches or to aid
in transaction disputes.
Tools for Confidentiality
Encryption
Transform the information using a secrete so it is useful only to
the intended recipient
Access Control
Rules and policies that limit access to confidential information
Authentication
Determine identity or role of a user
Authorization
Specify the access rights or privileges to resources
Physical Security
Use physical barriers to deny unauthorized access
For example, lock and security guards
5. 6
Tools for Integrity
Backups
Periodic archiving of data.
Checksums
Computation of a function that maps the contents of a file to a
numerical value
Data correcting codes
methods for storing data in such a way that small changes can
be easily detected and automatically corrected.
7
Tools for Availability
Physical protections
Infrastructure meant to keep information available even in the
event of physical challenges.
For example, back up power
Computational redundancies
Computers and storage devices that serve as fallbacks in the
6. case of failures.
For example, back up storage
8
Levels of Impact
9
Examples
Low
The loss could be expected to have a limited adverse effect on
organizational operations, organizational assets, or individuals
Moderate
7. The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or individuals
High
The loss could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational
assets, or individuals
Levels of Impact
Examples:
Confidentiality:
Student enrollment info: moderate
Faculty list: low or no rating
Integrity:
Patient allergy info: high
Online forum: moderate
Availability:
Critical service: high
University website: moderate
10
8. Computer Security Challenges
Computer security is not simple
Simple requirements, complex mechanisms
Must consider potential attacks
Counterintuitive procedures
Physical and logical placement needs to be determined
More algorithms and protocols may be involved
Attackers only need to find a single weakness, the developer
needs to find all weaknesses
Benefit of security is not obvious until breech or failure occurs
Requires regular monitoring
Security is often an afterthought
Incorporated after the design is completed
Security is treated as an impediment to efficient and user-
friendly operation
11
Computer Security Terminology
12
Table 1.1 of textbook
9. 13
Security Concepts and Relationships
Resources
Assets of a Computer System
Hardware
Computer systems
Data processing and data storage
Data communications devices
Software
OS
System utilities
Applications
Data
files and databases
Security-related data, such as password files.
Communication facilities and networks
Local and wide area network communication links,
10. Bridges and routers etc.
14
Vulnerabilities and Threats
Categories of vulnerabilities
Corrupted (loss of integrity)
Leaky (loss of confidentiality)
Unavailable or very slow (loss of availability)
Threats
Capable of exploiting vulnerabilities
Represent potential security harm to an asset
15
CIA
Attacks
Attacks (threats carried out)
11. Passive
Attempt to learn or make use of information from the system
that does not affect system resources
Active
Attempt to alter system resources or affect their operation
Insider
Initiated by an entity inside the security parameter
Outsider
Initiated from outside the perimeter
16
Countermeasures
Countermeasure: any means taken to deal with a security attack
Prevent
Detect
Recover
Despite countermeasures, residual vulnerabilities may remain
Countermeasures can themselves introduce new vulnerabilities
The goal is to minimize the residual level of risk to the assets
17
12. Threat Consequences
18
Table 1.2 in textbook
Attacks (Revisit)
Recall passive and active attacks
Passive attacks: attempts to learn or make use of information
from the system but does not affect system resources.
Eavesdropping
Traffic analysis
Active attacks: attempts to alter system resources or affect their
operation
Replay
Masquerade
Modification of messages
Denial of service
13. 19
Computer Assets and Threats
20
Table 1.3 in textbook
Security Requirements (Countermeasures)
FIPS PUB 200 (Minimum Security Requirements for Federal
Information and Information Systems) enumerates 17 security-
related areas (Table 1.4)
Technical measures:
Access control
Identification and authentication
System and communication protection
System and information integrity
Management controls:
Awareness and training
14. Audit and accountability
Certification, accreditation and security assessments
Contingency planning
Maintenance
Physical and environmental protection
Planning
Personnel security
Risk assessment
Systems and services acquisition
Overlap
Configuration management
Incident response
Media protection
21
Federal Information Processing Standards
Security Design Principles
National Centers of Academic Excellence
Economy of mechanism
keep it simple
Fail-safe defaults
default is lack of access
Complete mediation
do not rely on cached answers to grant access
Open design
Encryption algorithms are public, but keys are secret
Separation of privilege
multifactor user authentication
15. Least privilege
every process/user should have least privilege to perform task
Least common mechanism
separate user functions as much as possible
Psychological acceptability
security should intrude minimally with user work
Isolation
isolate systems/processes/files as much as possible
Encapsulation
object-oriented concept for protecting data
Modularity
use a modular architecture, to facilitate upgrades/maintenance
Layering
provide multiple layers of security
Least astonishment
programs and UIs should respond in understandable ways
22
Attack Surfaces
23
An attack surface consists of the reachable and exploitable
vulnerabilities in a system
Three categories:
Network attack surface
Vulnerabilities over an enterprise network, wide-area network,
or the Internet.
For example, network protocol vulnerabilities used for a denial-
16. of-service
Software attack surface
Vulnerabilities in application, utility or operating system code.
A particular focus in this category is Web server software.
For example, codes that processes incoming data, email, XML,
office documents, and industry-specific custom data exchange
formats
Human attack surface
Vulnerabilities created by personnel or outsiders, such as social
engineering, human error, and trusted insiders.
For example, an employee with access to sensitive information
vulnerable to a social engineering attack
Attack Trees
Branching, hierarchical data structure that represents a set of
potential techniques for exploiting security vulnerabilities
Root node: attack goal
Subnode: subgoal
Leaf node: ways to initiate an attack
Each subnode is either AND-node or OR-node
Example: Internet banking Authentication (Figure 1.4)
17. 24
Computer Security Strategy
Security policy
Formal statement of rules and practices that specify how a
system provides security services to protect system resources
Security implementation
Involves four complementary actions
Prevention
Detection
Response
Recovery
Assurance
Degree of confidence that security measures work as intended to
protect assets
Evaluation
Process of examining a computer product or system with respect
to certain criteria
Involve testing and analytic or mathematical techniques
25
18. Summary
Computer security definition
Computer security objective (CIA triad)
Tools for CIA
Level of impact
Computer security challenges
Security terminology
Security concepts and relationship
Computer system assets
Vulnerabilities, threats, attacks and countermeasures
Threat consequences
Security requirements
Security design principles
Attack surfaces
Attack trees
Computer security strategy
26
19. Threat Consequence Threat Action (Attack)
Unauthorized
Disclosure
A circumstance or
event whereby an
entity gains access to
data for which the
entity is not
authorized.
Exposure: Sensitive data are directly released to an
unauthorized entity.
Interception: An unauthorized entity directly accesses
sensitive data traveling between authorized sources and
destinations.
Inference: A threat action whereby an unauthorized entity
indirectly accesses sensitive data (but not necessarily the
data contained in the communication) by reasoning from
characteristics or byproducts of communications.
Intrusion: An unauthorized entity gains access to sensitive
data by circumventing a system's security protections.
Deception
20. A circumstance or
event that may result
in an authorized entity
receiving false data
and believing it to be
true.
Masquerade: An unauthorized entity gains access to a
system or performs a malicious act by posing as an
authorized entity.
Falsification: False data deceive an authorized entity.
Repudiation: An entity deceives another by falsely denying
responsibility for an act.
Disruption
A circumstance or
event that interrupts
or prevents the correct
operation of system
services and
functions.
Incapacitation: Prevents or interrupts system operation by
disabling a system component.
Corruption: Undesirably alters system operation by
adversely modifying system functions or data.
Obstruction: A threat action that interrupts delivery of
system services by hindering system operation.
21. Usurpation
A circumstance or
event that results in
control of system
services or functions
by an unauthorized
entity.
Misappropriation: An entity assumes unauthorized logical
or physical control of a system resource.
Misuse: Causes a system component to perform a function
or service that is detrimental to system security.
Threat Consequence Threat Action (Attack)
Unauthorized
Disclosure
A circumstance or
event whereby an
entity gains access to
data for which the
entity is not
authorized.
Exposure: Sensitive data are directly released to an
unauthorized entity.
Interception: An unauthorized entity directly accesses
sensitive data traveling between authorized sources and
destinations.
Inference: A threat action whereby an unauthorized entity
indirectly accesses sensitive data (but not necessarily the
data contained in the communication) by reasoning from
characteristics or byproducts of communications.
22. Intrusion: An unauthorized entity gains access to sensitive
data by circumventing a system's security protections.
Deception
A circumstance or
event that may result
in an authorized entity
receiving false data
and believing it to be
true.
Masquerade: An unauthorized entity gains access to a
system or performs a malicious act by posing as an
authorized entity.
Falsification: False data deceive an authorized entity.
Repudiation: An entity deceives another by falsely denying
responsibility for an act.
Disruption
A circumstance or
event that interrupts
or prevents the correct
operation of system
services and
functions.
Incapacitation: Prevents or interrupts system operation by
disabling a system component.
Corruption: Undesirably alters system operation by
adversely modifying system functions or data.
Obstruction: A threat action that interrupts delivery of
system services by hindering system operation.
Usurpation
A circumstance or
event that results in
control of system
services or functions
by an unauthorized
entity.
23. Misappropriation: An entity assumes unauthorized logical
or physical control of a system resource.
Misuse: Causes a system component to perform a function
or service that is detrimental to system security.
Availability Confidentiality Integrity
Hardware
Equipment is stolen or
disabled, thus denying
service.
An unencrypted CD-
ROM or DVD is stolen.
Software Programs are deleted, denying access to users.
An unauthorized copy
of software is made.
A working program is
modified, either to
cause it to fail during
execution or to cause it
to do some unintended
task.
Data Files are deleted, denying access to users.
An unauthorized read
of data is performed.
An analysis of
statistical data reveals
underlying data.
24. Existing files are
modified or new files
are fabricated.
Communication
Lines and
Networks
Messages are destroyed
or deleted.
Communication lines
or networks are
rendered unavailable.
Messages are read. The
traffic pattern of
messages is observed.
Messages are modified,
delayed, reordered, or
duplicated. False
messages are
fabricated.
Availability Confidentiality Integrity
Hardware
Equipment is stolen or
disabled, thus denying
service.
An unencrypted CD-
ROM or DVD is stolen.
Software
25. Programs are deleted,
denying access to users.
An unauthorized copy
of software is made.
A working program is
modified, either to
cause it to fail during
execution or to cause it
to do some unintended
task.
Data
Files are deleted,
denying access to users.
An unauthorized read
of data is performed.
An analysis of
statistical data reveals
underlying data.
Existing files are
modified or new files
are fabricated.
Communication
Lines and
Networks
Messages are destroyed
or deleted.
Communication lines
or networks are
rendered unavailable.
Messages are read. The
traffic pattern of
messages is observed.
Messages are modified,
delayed, reordered, or
duplicated. False
messages are
26. fabricated.
Modular Arithmetic
Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
1
Information
Reading: Appendix B.2 in textbook (will be posted in
Webcourses)
Reference: online tutorials
27. 2
Modulo Operation
Given any positive integer n and any integer a, when a is
divided by n, we get an integer quotient, q, and integer
remainder, b, that obey the following relationship:
a = q · n + b, where 0 <= b <= n-1
Then we define b= a modulo n or b= a mod n.
Note: b (modular value) is always non-negative
Examples:
5 mod 11 = 5, 5=0x11+5, so q=0 and b=5
17 mod 11 = 6, 17=1x11+6, so q=1 and b=6
-11 mod 7 = 3. (-11)=(-2)x7+3, so q=-2 and b=3
3
b is always non-negative
Congruent Modulo
Two integers, a and b, are congruent modulo n if and only if a
28. mod n = b mod n
When a and b are divided by n, they have the same remainder
a ≡ b (mod n) ⇔a mod n = b mod n
Example:
100 mod 11 = 1; 34 mod 11 = 1
So 100 ≡ 34 (mod 11)
In arithmetic modulo n, a and b are equivalent if their
difference, (a - b), is a multiple of n
n | (a - b)
Example:
10 ≡ 2 (mod 4) because 4 | (10 − 2)
4
Modular Arithmetic
Modular arithmetic is 'clock arithmetic’
For clock, time goes from 1 to 12, and back to 1 again
For modulo arithmetic, we start with 0, go up to n-1, and then
go back to 0
Modular arithmetic uses a finite number of values, and loops
back from either end
29. When we do modular arithmetic, we can first perform the
operation and then modulo reduce the answer
Examples:
( 12 + 8 ) mod 5 = 20 mod 5 = 0
( 12 x 8 ) mod 5 = 96 mod 5 = 1
5
Modulo Reduction
The results of modular computations must remain within Zn =
{0, 1, 2, … n-1}
For large values, modulo reduction is used to simplify modular
computations.
Modulo properties:
Reducing each intermediate result modulo n yields the same
result as doing the entire calculation, and then reducing the
result to modulo n
For integers a, b, and c, and for positive n, we have:
( a + b ) mod n = ( ( a mod n ) + ( b mod n ) ) mod n
( a - b ) mod n = ( ( a mod n ) - ( b mod n ) ) mod n
( a · b ) mod n = ( ( a mod n ) · ( b mod n ) ) mod n
a (b+c) mod n = ( ( a b mod n ) · ( a c mod n ) ) mod n
Examples
( 12 + 8 ) mod 5 = ( ( 12 mod 5 ) + ( 8 mod 5 ) ) mod 5 = ( 2 + 3
) mod 5 = 5 mod 5 = 0
(12 – 8) mod 5 = ( (12 mod 5 ) – ( 8 mod 5) ) mod 5 = ( 2 – 3 )
30. mod 5 = -1 mod 5 = 4
( 12 · 8 ) mod 5 = ( ( 12 mod 5 ) · ( 8 mod 5 ) ) mod 5 = ( 2 · 3
) mod 5 = 6 mod 5 = 1
26 mod 5 = ( ( 22 mod 5 ) · ( 24 mod 5 ) ) mod 5 = (( 4 mod 5 )
· ( 16 mod 5 ) ) mod 5= (4*1) mod 5 = 4
Other properties:
Transitive law: a ≡ b ≡ c, then a ≡ c
Commutative: a + b = b + a
Associative: (a + b) + c = a + (b + c)
Distributive: a(b + c) = ab + ac
6
Modular Inverse
Given two positive integers x and y, both less than some other
positive integer n, we say that y is the modular inverse of x,
modulo n, and x is the modular inverse of y, modulo n,
if and only if (x · y) mod n = 1, for 0 < x < n and 0 < y < n
x-1 = y (mod n)
Example:
Prove 7 and 3 are inverses modulo 10
Steps:
Compute the multiplication
31. Compute the modulo value of the result
If the modulo value is 1, the numbers are inverses
7 · 3 = 21
21 mod 10 = 1
Since the modulo value is 1, 7 and 3 are inverses modulo 10
7
Properties of Modular Inverse
The number 1 is always the modular inverse of 1 for any
modulus.
Not all values less than a particular modulus have inverses
Inverse of 2, mod 14 does not exist
Look at the row of 2
This row does not have 1
For the number a and modulo n, the inverse can be found if a
and n are relatively prime
Relatively prime: two numbers a, n are relatively prime if
gcd(a,n) = 1, where gcd is greatest common divisor
In the table, we can see 1, 3, 5, 9, 11 and 13 are relatively prime
to 14.
So those rows contains 1, indicating modular inverses
32. 8
Mod 14 multiplication table
Summary
What is Modulo Operation
Concept of Congruent Modulo
Modular Arithmetic
Modulo Reduction
Modular Inverse
Properties of Modular Inverse
9
APPENDIX B
SOME ASPECTS OF NUMBER
THEORY
33. William Stallings
B.1 PRIME AND RELATIVELY PRIME NUMBERS
............................................ 2
Divisors
...............................................................................................
............. 2
Prime Numbers
...............................................................................................
3
Relatively Prime Numbers
............................................................................. 4
B.2 MODULAR ARITHMETIC
................................................................................ 5
Modular Arithmetic Operations
..................................................................... 7
Inverses
...............................................................................................
............ 8
34. B.3 FERMAT'S AND EULER'S THEOREMS
......................................................... 9
Fermat's Theorem
........................................................................................... 9
Euler's Totient Function
............................................................................... 10
Euler's Theorem
............................................................................................
12
Copyright 2014
Supplement to
Computer Security, Third Edition
Pearson 2014
http://williamstallings.com/ComputerSecurity
B-2
This appendix provides some background on number theory
concepts
referenced in this book.
B.1 PRIME AND RELATIVELY PRIME NUMBERS
35. In this section, unless otherwise noted, we deal only with
nonnegative
integers. The use of negative integers would introduce no
essential
differences.
Divisors
We say that b ≠ 0 divides a if a = mb for some m, where a, b,
and m are
integers. That is, b divides a if there is no remainder on
division. The
notation b|a is commonly used to mean b divides a. Also, if b|a,
we say that
b is a divisor of a. For example, the positive divisors of 24 are
1, 2, 3, 4, 6,
8, 12, and 24.
The following relations hold:
• If a|1, then a = ±1.
• If a|b and b|a, then a = ±b.
• Any b ≠ 0 divides 0.
36. • If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n.
To see this last point, note that
If b|g, then g is of the form g = b × g1 for some integer g1.
If b|h, then h is of the form h = b × h1 for some integer h1.
B-3
So
mg + nh = mbg1 + nbh1 = b × (mg1 + nh1)
and therefore b divides mg + nh.
Prime Numbers
An integer p > 1 is a prime number if its only divisors are ±1
and ±p. Prime
numbers play a critical role in number theory and in the
algorithms
discussed in Chapter 23.
Any integer a > 1 can be factored in a unique way as
37. �
a = p1
a1 p2
a2 … pt
at
where p1 < p2 < . . . < pt are prime numbers and where each ai
is a positive
integer. For example, 91 = 7 × 13; and 11011 = 7 × 112 × 13.
It is useful to cast this another way. If P is the set of all prime
numbers,
then any positive integer can be written uniquely in the
following form:
�
a = pap
p∈ P
∏ where each ap ≥ 0
The right-hand side is the product over all possible prime
numbers p; for any
particular value of a, most of the exponents ap will be 0.
The value of any given positive integer can be specified by
simply listing
38. all the nonzero exponents in the foregoing formulation. Thus,
the integer 12
is represented by {a2 = 2, a3 = 1}, and the integer 18 is
represented by {a2
= 1, a3 = 2}. Multiplication of two numbers is equivalent to
adding the
corresponding exponents:
B-4
k = mn → kp = mp + np for all p
What does it mean, in terms of these prime factors, to say that
a|b?
Any integer of the form pk can be divided only by an integer
that is of a
lesser or equal power of the same prime number, pj with j ≤ k.
Thus, we can
say
a|b → ap ≤ bp for all p
Relatively Prime Numbers
39. We will use the notation gcd(a, b) to mean the greatest common
divisor
of a and b. The positive integer c is said to be the greatest
common divisor
of a and b if
1. c is a divisor of a and of b;
2. any divisor of a and b is a divisor of c.
An equivalent definition is the following:
gcd(a, b) = max[k, such that k|a and k|b]
Because we require that the greatest common divisor be
positive, gcd(a,
b) = gcd(a, –b) = gcd(–a, b) = gcd(–a, –b). In general, gcd(a, b)
= gcd( | a
|, | b | ). For example, gcd(60, 24) = gcd(60, –24) = 12. Also,
because all
nonzero integers divide 0, we have gcd(a, 0) = | a |.
B-5
It is easy to determine the greatest common divisor of two
40. positive
integers if we express each integer as the product of primes. For
example,
300 = 22 × 31 × 52; 18 = 21 × 32; gcd(18, 300) = 21 × 31 × 50
= 6.
In general,
k = gcd(a, b) → kp = min(ap, bp) for all p
Determining the prime factors of a large number is no easy
task, so the
preceding relationship does not directly lead to a way of
calculating the
greatest common divisor.
The integers a and b are relatively prime if they have no prime
factors
in common; that is, if their only common factor is 1. This is
equivalent to
saying that a and b are relatively prime if gcd(a, b) = 1. For
example, 8 and
15 are relatively prime because the divisors of 8 are 1, 2, 4, and
8, and the
divisors of 15 are 1, 3, 5, and 15, so 1 is the only number on
both lists.
41. B.2 MODULAR ARITHMETIC
Given any positive integer n and any nonnegative integer a, if
we divide a by
n, we get an integer quotient q and an integer remainder r that
obey the
following relationship:
a = qn + r 0 ≤ r < n; q = ⎣ a/n⎦
where ⎣ x⎦ is the largest integer less than or equal to x.
Figure B.1 demonstrates that, given a and positive n, it is
always
possible to find q and r that satisfy the preceding relationship.
Represent the
integers on the number line; a will fall somewhere on that line
(positive a is
shown, a similar demonstration can be made for negative a).
Starting at 0,
B-6
0
42. n 2n 3n qn (q + 1)na
n
r
Figure B.1 The Relationship a = qn + r; 0 ! r < n
(a) General relationship
0 15
15
10
30
= 2 15
70
(b) Example: 70 = (4 15) + 10
45
= 3 15
60
= 4 15
75
= 5 15
proceed to n, 2n, up to qn such that qn ≤ a and (q + 1)n > a. The
distance
43. from qn to a is r, and we have found the unique values of q and
r. The
remainder r is often referred to as a residue.
If a is an integer and n is a positive integer, we define a mod n
to be the
remainder when a is divided by n. Thus, for any integer a, we
can always
write
a = ⎣ a/n⎦ × n + (a mod n)
Two integers a and b are said to be congruent modulo n, if (a
mod n)
= (b mod n). This is written a ≡ b mod n. For example, 73 ≡ 4
mod 23; and
21 ≡ –9 mod 10. Note that if a ≡ 0 mod n, then n|a.
The modulo operator has the following properties:
1. a ≡ b mod n if n|(a – b)
2. (a mod n) = (b mod n) implies a ≡ b mod n
B-7
44. 3. a ≡ b mod n implies b ≡ a mod n
4. a ≡ b mod n and b ≡ c mod n imply a ≡ c mod n
To demonstrate the first point, if n|(a – b), then (a – b) = kn for
some
k. So we can write a = b + kn. Therefore, (a mod n) =
(remainder when b +
kn is divided by n) = (remainder when b is divided by n) = (b
mod n). The
remaining points are as easily proved.
Modular Arithmetic Operations
The (mod n) operator maps all integers into the set of integers
{0, 1, . . . (n
– 1)}. This suggests the question, Can we perform arithmetic
operations
within the confines of this set? It turns out that we can; the
technique is
known as modular arithmetic.
Modular arithmetic exhibits the following properties:
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n
45. 2. [(a mod n) – (b mod n)] mod n = (a – b) mod n
3. [(a mod n) × (b mod n)] mod n = (a × b) mod n
We demonstrate the first property. Define (a mod n) = ra and (b
mod n)
= rb. Then we can write a = ra + jn for some integer j and b = rb
+ kn for
some integer k. Then
(a + b) mod n = (ra + jn + rb + kn) mod n
= (ra + rb + (k + j)n) mod n
= (ra + rb) mod n
= [(a mod n) + (b mod n)] mod n
B-8
The remaining properties are as easily proved.
Inverses
As in ordinary arithmetic, we can write the following:
46. if (a + b) ≡ (a + c) (mod n) then b ≡ c (mod n) (B.1)
(5 + 23) ≡ (5 + 7) (mod 8); 23 ≡ 7 (mod 8)
For example, (5 + 23) ≡ (5 + 7) (mod 8) implies that 23 ≡ 7
(mod 8).
Equation (B.1) is consistent with the existence of an additive
inverse.
Adding the additive inverse of a to both sides of Equation (B.1),
we have
((–a) + a + b) ≡ ((–a) + a + c) (mod n)
b ≡ c (mod n)
However, the following statement is true only with the attached
condition:
if (a × b) ≡ (a × c) (mod n)
then b ≡ c (mod n) if a is relatively prime to n (B.2)
Similar to the case of Equation (B,1), we can say that Equation
(B.2) is
consistent with the existence of a multiplicative inverse.
Applying the
47. multiplicative inverse of a to both sides of Equation (B.2), we
have
((a–1)ab) ≡ ((a–1)ac) (mod n)
b ≡ c (mod n)
B-9
The proof that we must add the condition in Equation (B.2) is
beyond the
scope of this book but is explored in [STAL11b].
B.3 FERMAT'S AND EULER'S THEOREMS
Two theorems that play important roles in public-key
cryptography are
Fermat's theorem and Euler's theorem.
Fermat's Theorem1
Fermat's theorem states the following: If p is prime and a is a
positive
integer not divisible by p, then
48. ap–1 ≡ 1 (mod p) (B.3)
Proof: Consider the set of positive integers less than p: {1, 2,
…, p – 1} and
multiply each element by a, modulo p, to get the set X = {a mod
p, 2a mod
p, . . . (p – 1)a mod p}. None of the elements of X is equal to
zero because
p does not divide a. Furthermore, no two of the integers in X are
equal. To
see this, assume that ja ≡ ka (mod p), where 1 ≤ j < k ≤ p – 1.
Because a is
relatively prime to p, we can eliminate a from both sides of the
equation
[see Equation (B.2)] resulting in j ≡ k (mod p). This last
equality is
impossible because j and k are both positive integers less than
p. Therefore,
we know that the (p – 1) elements of X are all positive integers,
with no two
elements equal. We can conclude the X consists of the set of
integers {1, 2,
…, p – 1} in some order. Multiplying the numbers in both sets
and taking the
49. result mod p yields
1 This is sometimes referred to as Fermat's little theorem.
B-10
a × 2a × . . . × (p – 1)a ≡ [(1× 2 × …× (p – 1)] (mod p)
ap–1(p – 1)! ≡ (p – 1)! (mod p)
We can cancel the (p – 1)! term because it is relatively prime to
p [see
Equation (B.2)]. This yields Equation (B.3).
a = 7, p = 19
72 = 49 ≡ 11 (mod 19)
74 ≡ 121 ≡ 7 (mod 19)
78 ≡ 49 ≡ 11 (mod 19)
716 ≡ 121 ≡ 7 (mod 19)
ap–1 = 718 = 716 × 72 ≡ 7 × 11 ≡ 1 (mod 19)
An alternative form of Fermat's theorem is also useful: If p is
prime and
a is a positive integer, then
ap ≡ a (mod p) (B.4)
50. Note that the first form of the theorem [Equation (B.3)] requires
that a be
relatively prime to p, but this form does not.
p = 5, a = 3 ap = 35 = 243 ≡ 3 (mod 5) = a (mod p)
p = 5, a = 10 ap = 105 = 100000 ≡ 10 (mod 5) ≡ 0 (mod 5) = a
(mod p)
Euler's Totient Function
Before presenting Euler's theorem, we need to introduce an
important
quantity in number theory, referred to as Euler's totient function
and written
φ(n), defined as the number of positive integers less than n and
relatively
prime to n.
B-11
Determine φ(37) and φ(35).
Because 37 is prime, all of the positive integers from 1 through
36 are
relatively prime to 37. Thus φ(37) = 36.
To determine φ(35), we list all of the positive integers less than
51. 35 that are
relatively prime to it:
1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18,
19, 22, 23, 24, 26, 27, 29, 31, 32, 33, 34.
There are 24 numbers on the list, so φ(35) = 24.
Table B.1 lists the first 30 values of φ(n). The value φ(1) is
without
meaning but is defined to have the value 1.
Table B.1 Some Values of Euler's Totient Function φ(n)
n φ(n) n φ(n) n φ(n)
1 1 11 10 21 12
2 1 12 4 22 10
3 2 13 12 23 22
4 2 14 6 24 8
5 4 15 8 25 20
6 2 16 8 26 12
7 6 17 16 27 18
8 4 18 6 28 12
52. 9 6 19 18 29 28
10 4 20 8 30 8
It should be clear that for a prime number p,
B-12
φ(p) = p – 1
Now suppose that we have two prime numbers p and q, with p ≠
q. Then we
can show that for n = pq,
φ(n) = φ(pq) = φ(p) × φ(q) = (p – 1) × (q – 1)
To see that φ(n) = φ(p) × φ(q), consider that the set of positive
integers less
that n is the set {1, . . . , (pq – 1)}. The integers in this set that
are not
relatively prime to n are the set {p, 2p, . . . , (q – 1)p} and the
set {q, 2q, .
. . , (p – 1)q}. Accordingly,
53. φ(n) = (pq – 1) – [(q – 1) + (p – 1)]
= pq – (p + q) +1
= (p – 1) × (q – 1)
= φ(p) × φ(q)
φ(21) = φ(3) × φ(7) = (3 – 1) × (7 – 1) = 2 × 6 = 12
where the 12 integers are {1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19,
20}
Euler's Theorem
Euler's theorem states that for every a and n that are relatively
prime,
aφ(n) ≡ 1 (mod n) (B.5)
a = 3; n = 10; φ(10) = 4 aφ(n) = 34 = 81 ≡ 1 (mod 10) = 1
(mod n)
a = 2; n = 11; φ(11) = 10 aφ(n) = 210 = 1024 ≡ 1 (mod 11) = 1
(mod n)
B-13
Proof: Equation (B.5) is true if n is prime, because in that case
φ(n) = (n –
54. 1) and Fermat's theorem holds. However, it also holds for any
integer n.
Recall that φ(n) is the number of positive integers less than n
that are
relatively prime to n. Consider the set of such integers, labeled
as follows:
R = {x1, x2, . . ., xφ(n)}
That is, each element xi of R is a unique positive integer less
than n with
gcd(xi, n) = 1. Now multiply each element by a, modulo n:
S = {(ax1 mod n), (ax2 mod n), . . ., (axφ(n) mod n)}
The set S is a permutation of R, by the following line of
reasoning:
1. Because a is relatively prime to n and xi is relatively prime
to n, axi
must also be relatively prime to n. Thus, all the members of S
are
integers that are less than n and that are relatively prime to n.
2. There are no duplicates in S. Refer to Equation (B.2). If axi
55. mod n =
axj mod n, then xi = xj.
Therefore,
B-14
axi mod n( )
i= 1
φ n( )
∏ = xi
i =1
φ n( )
∏
axi
i= 1
φ n( )
∏ ≡ xi
i =1
φ n( )
∏ mod n( )
56. aφ n( ) × xi
i =1
φ n( )
∏
⎡
⎣
⎢
⎢
⎤
⎦
⎥
⎥
≡ xi
i =1
φ n( )
∏ mod n( )
aφ n( ) ≡ 1 mod n( )
This is the same line of reasoning applied to the proof of
Fermat's
theorem.
As is the case for Fermat's theorem, an alternative form of the
theorem
57. is also useful:
aφ(n)+1 ≡ a (mod n) (B.6)
Again, similar to the case with Fermat's theorem, the first form
of Euler's
theorem [Equation (B.6)] requires that a be relatively prime to
n, but this
form does not.
Eustis Basics
Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
58. 1
Objectives
Eustis basics
Login information
Supported programming languages
Recommended software
SSH
File transfer
Access to Eustis
On campus and off campus
Basic operations on Eustis
Demo
2
Basic Information
Eustis server – department Unix server
eustis.eecs.ucf.edu
Login username: your UCF NID
Login password: your NID password
Support ssh (Secure Shell)
Do not support telnet for security reason
Eustis is on campus network only, no public access
If you are on campus network, you can connect to it directly
If you are off campus, you have to use VPN
Eustis help page: http://newton.i2lab.ucf.edu/wiki/Help:Eustis
59. 3
Eustis for This Course
Support multiple programming languages
C (gcc)
C++ (g++)
Java
More
Eustis is required for all programming assignments
Your programs should be runnable on Eustis
Can be compiled and run on Eustis
This provides uniform platform to run your programs
TA would actually run your programs to grade your assignments
4
Recommended Software
Must use ssh client to connect to Eustis
Many free ssh client software online
60. Example
Putty: command line based terminal
List of ssh clients
https://en.wikipedia.org/wiki/Comparison_of_SSH_clients
File transfer is possible on Eustis
Many GUI based software
Example
WinSCP for Windows
5
Mobaxterm
We recommend Mobaxterm
Combine ssh and file transfer (and many more)
Download page https://mobaxterm.mobatek.net/download-home-
edition.html
For windows
You may use putty and WinSCP as alternative
6
61. Off Campus Access
Procedure
Connect VPN first to get into campus network
Use ssh client to connect to Eustis
VPN installation
UCF VPN page
http://newton.i2lab.ucf.edu/wiki/Help:VPN
Download and install Cisco AnyConnect client
Run VPN
Run Cisco AnyConnect client and fill in
ucfvpn-1.vpn.ucf.edu
You will be prompted to enter your NID and password
Once VPN is connected, you can proceed with ssh connection
7
Basic Operations on Eustis
Basic Unix commands as shown in the table
On Eustis, you can use ‘pico’ to do simple text editing
Or you can edit your codes on your own computer and then
upload (through file transfer) to Eustis for compiling and
running
62. 8
Compile and Run Programs
C
Compile
gcc –o <executable> <sourcefile.c>
Run
./ <executable>
Example
gcc –o hello hello.c
./hello
With arguments
./ <executable> <argument1> <argument2>
Example: file name as an argument
./hello temp.txt
C++
Compile
g++ -o <executable> <sourcefile.cpp>
Run
./ <executable>
Example
g++ –o hello hello.cpp
./hello
With arguments
./ <executable> <argument1> <argument2>
Example: file name as an argument
./hello temp.txt
63. Java
Compile
javac hello.java
Run
java hello
java hello temp.txt (with argument)
Demo
9
Action Items
Your Eustis account has been created.
Please try to login Eustis using your NID and password
Mobaxterm or putty or any client you choose
Also try transferring file to Eustis
If you do not use Mobaxterm, make sure your file transfer
software works as intended.
If you have any problem accessing Eustis, please let us know.
10
64. Cryptographic Tools
Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
1
Information
Reading: Textbook Chapter 2
Some of the slides and figures are from textbook slides
distributed by Pearson
2
65. Encryption
Definition
Encryption is the process of encoding a message or information
in such a way that only authorized parties can access it and
those who are not authorized cannot.
3
secure
sender
secure
receiver
data
data
Alice
Bob
Eve
66. Symmetric Encryption
Universal technique for providing confidentiality for
transmitted or stored data
Also referred to as conventional encryption or single-key
encryption
Two requirements for secure use:
Need a strong encryption algorithm
Sender and receiver must have obtained copies
of the secret key in a secure fashion and must
keep the key secure
4
Symmetric Encryption Model
Plaintext
The original message or data, input to the encryption algorithm
Encryption algorithm
The algorithm performs various substitutions and
transformations on the plaintext.
Secret key
Another input to the encryption algorithm. The exact
67. substitutions and transformations performed by the algorithm
depend on the key.
Ciphertext:
The scrambled message produced as output. It depends on the
plaintext and the secret key. For a given message, two different
keys will produce two different ciphertexts.
Decryption algorithm
This is essentially the encryption algorithm run in reverse. It
takes the ciphertext and the secret key and produces the original
plaintext.
5
Figure 2.1 in textbook
Attacking Symmetric Encryption
Cryptanalytic Attacks
Rely on:
Nature of the algorithm
Some knowledge of the general characteristics of the plaintext
Some sample plaintext-ciphertext pairs
Exploits the characteristics of the algorithm to attempt to
deduce a specific plaintext or the key being used
If successful all future and past messages encrypted with that
key are compromised
Brute-Force Attack
Try all possible keys on some ciphertext until an intelligible
68. translation into plaintext is obtained
On average half of all possible keys must be tried to achieve
success
6
Popular Encryption Algorithms
7
Table 2.1 in textbook
7
69. Data Encryption Standard (DES)
The most widely used encryption scheme
FIPS PUB 46
Data Encryption Algorithm (DEA)
64 bit plaintext block and 56 bit key to produce a 64 bit
ciphertext block
Strength concerns:
Concerns about algorithm
DES is the most studied encryption algorithm in existence
Use of 56-bit key
Electronic Frontier Foundation (EFF) announced in July 1998
that it had broken a DES encryption
8
Triple DES (3DES)
Repeats basic DES algorithm three times using either two or
three unique keys
First standardized for use in financial applications in ANSI
standard X9.17 in 1985
Attractions:
168-bit key length overcomes the vulnerability to brute-force
attack of DES
Underlying encryption algorithm is the same as in DES
Drawbacks:
Algorithm is sluggish in software
Still uses a 64-bit block size
70. 9
American National Standards Institute
Software designed for 70’s hardware, not efficient
Advanced Encryption Standard (AES)
NIST in 1997 issued a call for proposals for a new Advanced
Encryption Standard
Security strength equal to or better than 3DES
Significantly improved efficiency
Symmetric block cipher
128 bit data and 128/192/256 bit keys
NIST selected Rijndael algorithm (FIPS PUB 197)
10
Decryption Time
11
Table 2.2 in textbook
71. Practical Security Issues
Typically symmetric encryption is applied to a unit of data
larger than a single 64-bit or 128-bit block
Electronic codebook (ECB) mode is the simplest approach to
multiple-block encryption
Each block of plaintext is encrypted using the same key
Cryptanalysts may be able to exploit regularities in the plaintext
Modes of operation
Alternative techniques developed to increase the security of
symmetric block encryption for large sequences
Overcomes the weaknesses of ECB
12
Block Cipher
13
Block cipher
Processes the input one block of elements at a time
72. Produces an output block for each input block
Can reuse keys
More common
ECB
Stream Cipher
Processes the input elements continuously
Produces output one element at a time
Primary advantage is that they are almost always faster and use
far less code
Encrypts plaintext one byte at a time
Pseudorandom stream is one that is unpredictable without
knowledge of the input key
14
73. Message Authentication
Encryption assures confidentiality
Message authentication assures data integrity: verifies received
message is authentic
Contents have not been altered
From authentic source
Timely and in correct sequence
Message authentication can be performed either with or without
encryption
Symmetric encryption alone may not be good for message
authentication: reorder attack
Message authentication without encryption
Broadcast
Heavy load and cannot decrypt all messages
Computer program authentication
15
Message Authentication Code (MAC)
Authentication technique
The use of a secret key to generate a small block of data
Assuming both parties share same secret key and MAC
algorithm
Message can include a sequence number
74. FIPS PUB 113, recommends the use of DES. DES is used to
generate an encrypted version of the message, and the last 16 or
32 bits of ciphertext are used as MAC.
16
Secure Harsh Function
One-way hash function
Given hash value it is infeasible to find the original message
Message digest H(M)
Accepts a variable-size message M as input and produces a
fixed-size message digest or harsh value or harsh code
17
17
Hash Function Requirements
75. For any hash function
can be applied to an entire message or file of any size
produces a fixed-length output
computationally easy to compute
For a secure hash function, all above, plus
must be one-way (pre-image resistant)
infeasible to find x from H( x )
must be collision resistant
for a given message, infeasible to find another message that
generates the same hash value
infeasible to find 2 messages that generate the same hash value
Uses for secure hash functions
MACs, digital signatures, and integrity checking
18
Message Authentication with Secure Hash Function
Hash function does not take a secret key as input.
To authenticate a message, the message digest can be encrypted
with the secret key
19
76. Security of Secure Hash Function
Attacks on secure hash function
Cryptanalysis
Exploit logical weaknesses in the algorithm
Brute-force attack
Strength of hash function depends on the length of the hash
code produced by the algorithm
SHA (Secure Hash Algorithm) most widely used hash algorithm
FIPS 180 (1993): SHA
FIPS 180-1 (1995): SHA-1 (160 bits)
FIPS 180–2 (2002): SHA-2
SHA-256, SHA-384, and SHA-512
Other uses
Passwords
Hash of a password stored by an operating system
Intrusion detection
Store H(F) for each file on a system and secure the hash values.
Later check if a file has been modified.
20
77. Public-Key Encryption
First proposed by Diffie and Hellman in 1976
Based on mathematical function rather than simple operations
on bit patterns
Asymmetric
Uses two separate keys: public key and private key
Public key is made public for others to use
Usage example
To send a message, the sender encrypts the message using the
receiver's public key
The receiver uses his private key to decrypt the message.
Solves key distribution and digital signature issues, but
algorithms run much slower than symmetric algorithms.
Computationally expensive, symmetric encryption still the
method most used for data encryption
Still need some form of protocol for distributing keys
21
21
Public-Key Encryption Model
Plaintext
Readable message or data that is fed into the algorithm as input
78. Encryption algorithm
Performs transformations on the plaintext
Public and private key
Pair of keys, one for encryption, one for decryption
Ciphertext
Scrambled message produced as output
Decryption algorithm
Produces the original plaintext
22
Public-Key Cryptography
Other way to use public key: provide authentication and
integrity
Only Bob has his private key
Authentication - only Bob could have encrypted the plaintext
Integrity - no one but Bob would be able to modify the
plaintext
23
79. Requirements for Public-Key Cryptosystems
Computationally easy to create key pairs
Useful if either key can be used for each role
Computationally infeasible for opponent to otherwise recover
original message
Computationally infeasible for opponent to determine private
key from public key
Computationally easy for sender who knows public key to
encrypt messages
Computationally easy for receiver who knows private key to
decrypt ciphertext
24
Application of Public Key
Encryption,
Computationally expensive, not popular
Diffie-Hellman key exchange
Use public-key encryption to distribute a shared secret key
The secrete key then can be used for symmetric encryption
80. Authentication
Digital signature
Use authentication scenario, but encrypt a hash value, not the
message
Key management and distribution
used with certificate authorities (CAs) to assure recipients that
alleged public key is genuine
25
Digital Certificates
Used for authenticating both source and data integrity
Created by encrypting hash code with private key
Does not provide confidentiality
Even in the case of complete encryption
Message is safe from alteration but not eavesdropping
Message can be decrypted using sender’s public key
26
Public Key Management
81. In public key scenario, how can Alice know that the public key
she is using for Bob is really his public key?
Digital certificates (DC)
Issued by trusted entities called certificate authorities (CA)
A digital certificate vouches for Bob and contains Bob’s public
key
DC is digitally signed by the CA using its private key; Alice
uses the CA’s public key to verify the CA’s signature
Alice now trust that they have a valid public key for Bob, since
they trust the CA.
This is not fool-proof. It is merely “strong evidence” of Bob’s
public key
27
Digital Envelopes
Another way to use public-key encryption to protect symmetric
key
Protects a message without arranging for sender and receiver to
have the same secret key
Similar to a sealed envelope containing an unsigned letter
Process
Uses a one-time symmetric key
Key is encrypted using receiver's public key and sent to receiver
28
82. Random Numbers
Uses
Keys for public-key algorithms
Stream key for symmetric stream cipher
Symmetric key for use as a temporary session key or in creating
a digital envelope
Handshaking to prevent replay attacks
Session key
Requirements
Randomness
Uniform distribution
Frequency of occurrence of each of the numbers should be
approximately the same
Independence
No one value in the sequence can be inferred from the others
Unpredictability
Opponent should not be able to predict future element of
sequence on basis of earlier elements
29
83. Random vs. Pseudorandom
Cryptographic applications typically make use of algorithmic
techniques for random number generation.
These algorithms are deterministic and produce sequences of
numbers that are not statistically random
Pseudorandom numbers
Sequences that satisfy statistical randomness tests (uniformity,
independence)
Can be predictable
True random number generator (TRNG)
Uses a nondeterministic source to produce randomness
Most operate by measuring unpredictable natural processes
e.g. radiation, gas discharge, leaky capacitors
Increasingly provided on modern processors
30
Encryption of Stored Data
Situation
Common to encrypt transmitted data, much less common for
stored data
84. There is often little protection beyond domain authentication
and operating system access controls
Data are archived for indefinite periods
Even though erased, until disk sectors are reused data are
recoverable
Approaches
Use a commercially available encryption package
Pretty Good Privacy (PGP) enables to generate a key from
password
Back-end appliance
Encrypts all data going from server to the storage
Library based tape encryption
Co-processor embedded in library hardware encrypts data using
a non readable key
Background laptop/PC data encryption
Software that encrypts all or part of data
Transparent to users and applications
31
Summary
Symmetric Encryption
Symmetric Encryption Model
Popular Encryption Algorithms
DES
3DES
AES
85. Block Cipher vs Stream Cipher
Message Authentication
Message Authentication Code (MAC)
Secure Harsh Function
Public-Key Encryption
Digital Certificates
Public Key Certificate
Digital Envelopes
Random Numbers
Encryption of Stored Data
32
Key size
(bits) Cipher
Number of
Alternative
Keys
Time Required at 109
decryptions/s
Time Required
at 1013
decryptions/s
86. 56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour
128 AES 2128 ≈ 3.4 × 1038 2
127 ns = 5.3 × 1021
years 5.3 × 10
17 years
168 Triple DES 2168 ≈ 3.7 × 1050 2
167 ns = 5.8 × 1033
years 5.8 × 10
29 years
192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040
years
9.8 × 1036 years
256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060
years
1.8 × 1056 years
Key size
(bits) Cipher
Number of
Alternative
Keys
Time Required at 10
9
decryptions/s
Time Required
87. at 10
13
decryptions/s
56 DES
2
56
≈ 7.2 ´ 10
16
2
55
ns = 1.125 years
1 hour
128
AES
2
128
≈ 3.4 ´ 10
38
2
127
ns = 5.3 ´ 10
21
years
5.3 ´ 10
17
years
168
Triple DES
2
168
≈ 3.7 ´ 10
50
89. 56
years
Number Systems
Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
1
Information
Required reading: slides
Reference:
http://sandbox.mc.edu/~bennet/cs110/textbook/index.html
2
90. Importance of Number Systems
Number systems are used in representing addresses and data in
computers and networks
Often use binary and hex systems
Some of attacks might cause number overflows
3
Review of Decimal Number System
Decimal system is our everyday number system
Base 10 number system
Digits: 0,1,2,3,4,5,6,7,8,9
Examples
Expansions using powers of 10:
304 = (3x102) + (0x101) + (4x100)
2047 = (2x103) + (0x102) + (4x101) + (7x100)
12.3 = (1x101) + (2x100) + (3x10-1)
43.57 = (4 x 101) + (3 x 100) + (5 x 10-1)
+ (7 x 10-2)
4
Negative exponent
91. 100= 1 (n0 = 1 for all n≠0)
10-1 = 1/101= 0.1(a-b = 1/ab, for all a≠0)
Binary Number System
Foundation of digital system
Base 2 system
0, 1
A binary digit is called a bit
Example: 1010 has 4 bits
Expansion using powers of 2:
1010 = (1x23) + (0x22) + (1x21) + (0x20)
110 = (1x22) + (1x21) + (0x20)
Convert to decimal
Carry out the expansion calculation using decimal expressions
1010 = (1x23) + (0x22) + (1x21) + (0x20) = 8 + 0 + 2 + 0 =10
110 = (1x22) + (1x21) + (0x20) = 4 + 2 + 0 =6
5
92. Binary Number System
Convert from decimal to binary
6
220
2
110
0
Remainder
2
Quotient
55
2
0
27
2
1
13
2
1
1
6
2
3
2
1
2
0
0
1
1
Result: 11011100
93. Binary Number System
Bit field
Example
2-bit field has 4 possible combinations: 00, 01, 10, 11. The total
number of bit patterns is 4.
Bit field of width n
The total number of bit patterns (possible combinations) is 2n.
The range of numbers that can be represented is 0 to 2n-1.
Recall the relationship between key size and number of possible
keys
Byte
8-bit field: 256 different bit patterns and number range from 0
to 255
Significant bit
Left-most bit is the most significant bit, right-most bit is the
least significant bit
7
94. Other Number Systems
Facts
Computers use binary numbers for storage and computation.
Binary numbers are hard for people to work with because they
are so long and repetitive
Converting decimal to binary is tedious, at best
Octal and hexadecimal number systems
Higher base than binary
Convert easily from/to binary
8
Octal Number System
Base 8 system
0, 1, 2, 3, 4, 5, 6, 7
3 binary digits represent one octal digit
0 = 000, 1 = 001, 2 = 010, 3 = 011
4 = 100, 5 = 101, 6 = 110, 7 = 111
Octal to binary
Example: 75 octal = 111 101 binary
Binary to Octal
Take 3 bits at a time from right to left.
Replace each 3 bits by a octal digit.
At the end, if you have less than 3 bits left, add zeroes at the
left end to make the result an even 3 bits
Replace those 3 bits by an octal digit
Octal to decimal
95. Expansions to convert to decimal
Example: 75 octal = 7x81 + 5x80 = 61 decimal
9
Hexadecimal Number System
Base 16 number system
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F
4 binary digits represent one hexadecimal digit
0 = 0000, 1 = 0001, 2 = 0010, 3 = 0011
4 = 0100, 5 = 0101, 6 = 0110, 7 = 0111
8 = 1000, 9 = 1001, A = 1010, B = 1011
C = 1100, D = 1101, E = 1110, F = 1111
Works well with byte (8 bits)
1 byte has 2 hexadecimal digits
Hexadecimal (hex) to binary
Example: A5 hex = 1010 0101 binary
Binary to hex
Take 4 bits at a time from right to left.
Replace each 4 bits by a hex digit.
At the end, if you have less than 4 bits left, add zeroes at the
left end to make the result an even 4 bits
Replace those 4 bits by a hex digit
Hex to decimal
Expansions to convert to decimal
Example: A5 hex = Ax161 + 5x160 = 10x16 + 5x1 = 165
decimal
10
96. Negative Numbers
Recall in decimal number system, negative numbers use minus
sign (“-”)
Negative numbers in binary number system use sign bits
If the most significant bit (MSB) is a 1, then it represents a
negative number
One possibility: One’s complement
Use unsigned binary values for positive numbers
To get the negative value, just "flip" each bit of the positive
numbers.
Problem: extra 0
11
Two’s Complement Number System
The other possibility: two’s complement number system
97. Use unsigned binary values for positive numbers
To get the corresponding negative value, "flip" each bit and add
1 to result
no extra zero this time, and we also have an additional negative
value
12
Decimal Expansion for Two’s Complement
The sign bit is the leftmost bit is also MSB
If it is a 1, then it represents a negative number. If it is a 0, it
represents a positive number
Decimal expansion
Given n-bit binary number, the value of MSB is either 0 (for
positive number) or (-1)x 2(n-1)
The rest digits are expanded as usual
Example: 8-bit binary numbers
11011010
= (-1x27) + (1x26) + (0x25) + (1x24) + (1x23) + (0x22) +
(1x21) + (0x20)
= -128 + 64 + 0 + 16 + 8 + 0 + 2 + 0 = -38
1000000
= (-1x27) + (0x26) + (0x25) + (0x24) + (0x23) + (0x22) +
(0x21) + (0x20)
= -128 + 0
= -128
11111111
98. = (-1x27) + (1x26) + (1x25) + (1x24) + (1x23) + (1x22) +
(1x21) + (1x20)
= -128 + 64 + 32 + 16 + 8 + 4 +2 +1
= -1
01111111
= (0x27) + (1x26) + (1x25) + (1x24) + (1x23) + (1x22) + (1x21)
+ (1x20)
= 0 + 64 + 32 + 16 + 8 + 4 + 2 + 1
= 127
13
Largest number in 8-bit two’s complement
Smallest negative number in 8-bit two’s complement
Two’s Complement Arithmetic
Addition
Basics
0 + 0 = 0
0 + 1 = 1
1 + 0 = 1
1 + 1 = 0, plus a carry of 1
1 + 1 + 1 = 1, plus a carry of 1
We add bits from right to left and ignore the carries past bit-
field width
Example: 4-bit field
Negate
Negate a binary number
99. Just change all 0s to 1s and 1s to 0s (i.e., flip all bits), and then
add 1
Example: 8-bit two’s complement number 0000 1111 (decimal
15)
Flip the bits to get 1111 0000
Add 1, we get 1111 0001
Verify decimal value of 1111 0001
Decimal expansion is: -128 + 64 + 32 + 16 + 1 = -128 + 113 = -
15 decimal
Example: 8-bit two’s complement number 1000 1111 (decimal -
113)
Flip the bits to get 0111 0000
Add 1, we get 0111 0001
Verify decimal value of 0111 0001
Decimal expansion is: 64 + 32 + 16 + 1 = 113 decimal
14
Two’s Complement Arithmetic
Subtraction
In subtraction, negate the number that is to be subtracted (even
if it is negative already), and then add the two numbers
Example: 7-5 (4-bit field)
Negate 5 decimal
5 = 0101
Flip 0101 and add 1, we get 1011
Add 7 and (-5)
100. 7 = 0111, -5 = 1011
Ignore carry into 5th bit, since it is 4-bit field
Then the result is 0010 = 2 in decimal
15
0111
+1011
10010
Carries 1 1 1
Overflow in Two’s Complement
Given a bit-field width, only a limited number of numbers can
be represented
The two’s complement arithmetic may generate numbers beyond
the limit
Overflow examples
Two positive numbers
4-bit field: 7 + 5
In two’s complement, 1100 = -4 decimal
It is incorrect. Overflow occurs.
4-bit two’s complement can only represent numbers from -8 to
+7
The result is beyond the limit
Two negative numbers
4-bit field: (-4) + (-6)
101. Ignore the carry in 5th bit since it is 4-bit field
0110 = 6 decimal
It is incorrect. Overflow occurs.
4-bit two’s complement can only represent numbers from -8 to
+7
16
0111
+0101
1100
Carries 1 1 1
1100
+1010
10110
Overflow Rules in Two’s Complement
Remember we still ignore the carry beyond the bit-field width
Rules for adding numbers of same sign
If we add two positive numbers but get a negative result, the
overflow occurs and the result cannot be used.
If we add two negative numbers but get a positive result, the
overflow occurs and the result cannot be used.
For subtraction, after negating the number that is to be
subtracted, we treat it as addition and follow the same rules
102. 17
Unsigned Binary Number
Given bit-field width of n, unsigned binary numbers can
represent numbers 0 to 2n -1
For unsigned binary number, the MSB does not indicate sign but
simply a value
The decimal expansions are different for signed and unsigned
binary numbers
Example: 4-bit field
1101 is decimal -3 in two’s complement (signed binary number)
1101 is decimal 13 in unsigned binary number
Addition is same process for unsigned as for signed
The results are interpreted differently
Always know you are dealing with signed or unsigned binary
numbers
18
103. Summary
Review of Decimal Number System
Binary Number System
Convert from decimal to binary
Bit field, byte and significant bit
Why We Need Other Number Systems
Octal Number System
Hexadecimal Number System
Negative binary numbers
One’s complement vs. two’s complement
Decimal Expansion for Two’s Complement
Two’s Complement Arithmetic
Addition
Negate
Subtraction
Overflow in Two’s Complement
Unsigned Binary Number
19
Classic Symmetric Cryptography
104. Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
1
Information
Reading: Chapter 20.1 in textbook
Reference:
Cryptography and Network Security: Principles and Practice,
Sixth Edition, William Stallings, Pearson – Prentice Hall, 2014
Other online tutorials
2
105. Symmetric Encryption
Also referred to as:
Conventional encryption
Secret-key or single-key encryption
The sender and recipient share a common key
All classical encryption algorithms are symmetric
Only alternative before public-key encryption in 1970’s
Still most widely used alternative
Requirements
Strong encryption algorithm
A secret key known only to sender / receiver
Must have a secure means for distributing the key
Security by obscure approach (hoping the algorithm is unknown
to the attacker) is unreliable
we should assume the attacker knows the encryption algorithm
Security depends on the secrecy of the key, not the algorithm
Has five ingredients:
Plaintext
Encryption algorithm
Secret key
Ciphertext
Decryption algorithm
3
106. More Terminology
plaintext - original message
ciphertext – the encrypted message
cipher – the encryption algorithm for transforming plaintext to
ciphertext
key(s) - info used by cipher algorithm, should be known only to
sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering plaintext from ciphertext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - study of principles/ methods of
deciphering ciphertext without knowing the key
cryptosystem – a set of keys, algorithms, and specific language
that form a system for encrypting and decrypting text
Mathematical notation
Encryption and decryption are functions in the mathematical
sense
Encrypting plaintext message M using encryption algorithm E
with key k:
C = E(k, M)
Decrypting ciphertext C using decryption algorithm D with key
k:
M=D(k, C)
4
107. Computationally Secure Encryption
Encryption is computationally secure if:
Cost of breaking cipher exceeds value of information
Time required to break cipher exceeds the useful lifetime of the
information
Usually very difficult to estimate the amount of effort required
to break
Can estimate time/cost of a brute-force attack
5
Cryptanalysis
6
Table 20.1
deliberately pick patterns to reveal the
structure of the key
108. Substitution Ciphers
A substitution cipher is a class of cipher algorithms where:
Letters of plaintext are replaced by other letters or by numbers
or symbols
If the plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit
patterns
Assuming English language and letter only substitutions (no
numbers or other character)
Then, 26 choices for substitution for “a”
25 choices for substitution for “b” since we can’t use what we
chose for “a”
24 choices for “c”, etc.
26! Choices overall: ≈ 4.03 x 1026 =
403,000,000,000,000,000,000,000,000
7
Caesar Cipher
Simplest and earliest known use of a substitution cipher
Used by Julius Caesar
Involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet
Shift cipher
Alphabet is wrapped around so that the letter following Z is A
Example
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
109. 8
The earliest known, and the simplest, use of a substitution
cipher was by Julius
Caesar. The Caesar cipher involves replacing each letter of the
alphabet with the
letter standing three places further down the alphabet.
Note that the alphabet is wrapped around, so that the letter
following Z is A.
Caesar Cipher Algorithm
Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
24 25
User modular arithmetic, algorithm can be expressed as:
Encryption: C = E(3, M) = (M + 3) mod (26)
Decryption: M = D(3, C) = (C – 3) mod (26)
A shift may be of any amount, so that the general Caesar
algorithm is:
Encryption: C = E(k , M ) = (M + k ) mod 26
Decryption: M = D(k , C ) = (C - k ) mod 26
110. 9
Cryptanalysis of Caesar Cipher
Brute-force cryptanalysis of Caesar cipher
The third line
10
If it is known that a given ciphertext is a Caesar cipher, then a
brute-force
cryptanalysis is easily performed: simply try all the 25 possible
keys. Figure 2.3
shows the results of applying this strategy to the example
ciphertext. In this case, the
plaintext leaps out as occupying the third line.
Three important characteristics of this problem enabled us to
111. use a brute-force
cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily
recognizable.
Keyword Cipher
Example: use keyword “PROGRAM” to encrypt a message
Steps:
Lay out keyword and ignore duplicate letters (e.g., the second
‘R’ in program)
Finish out the mapping with the letters of the alphabet that were
not used, using the standard ordering of the letters
Plaintext and ciphertext alphabets are shown below:
a b c d e f g h i j k l m n o p q r s t u v w x y z
P R O G A M B C D E F H I J K L N Q S T U V W X Y Z
Plaintext: p a r t y
Ciphertext: LPQTY
Number of possible ciphers is 26! / (26 – n)! where n = keyword
length
For n = 6 (as above), this number is (26)(25)(24)(23)(22)(21) =
165,765,600
11
112. Monoalphabetic Cipher
Instead of just shifting the alphabet we could shuffle the letters
arbitrarily
Each plaintext letter maps to a different random ciphertext letter
This is essentially a keyword cipher with a key that is 26 letters
long
Example
Plain: a b c d e f g h i j k l m n o p q r s t uv w x yz
Cipher: D K V Q F I B J W PES C X HT M YAUOL RG ZN
Plaintext: i f w e w i s h t o r e p l a c e l e t t e r s
Ciphertext: W I R F R W AJ UHY F T SDV FS FUUFY A
Number of possible ciphers is 26! ≅ 4.03 x 1026
Susceptible to letter frequency analysis
12
Letter Frequency Analysis
13
Relative frequencies of letters in the English language
Easy to break monoalphabetic cipher because they reflect the
frequency data of the original alphabet
One to one mapping
113. Polyalphabetic Ciphers
Polyalphabetic substitution cipher
Does not use a one-to-one (1:1) correspondence between
plaintext letter and its corresponding ciphertext letter
Uses multiple substitution alphabets and switches among them
systematically
The same plaintext letter will generally be encrypted differently
each time it appears (one-to-many function)
Similarly, the same ciphertext character will generally represent
multiple plaintext characters
The Vigenère Cipher is the best-known example
The famous Enigma Cipher from World War II is a well-known
more complex example
14
Vigenère Cipher
Best known and one of the simplest polyalphabetic substitution
ciphers
This scheme uses multiple shift ciphers (in the form of the
114. Vigenere table)
Vigenere table is a table with all possible shifts
26 Caesar ciphers with shifts of 0 through 25
key is multiple letters long K = k1 k2 ... kd, d = key length
each letter of key specifies a different row of Vigenere table
Substitution
Use the rows (alphabets) specified by the key letters
sequentially
Repeat from start after d letters in message (here, we reuse
keyword, unlike the keyword cipher
Decryption simply performs same operations in reverse
15
Vigenère Table
16
Shift 0
Shift 1
Shift 25
.
.
.
115. Vigenère Cipher Example
Example: using the keyword “deceptive”
Write out the plaintext: wearediscoveredsaveyourselves
Write the keyword above it, repeated as needed, trimming off
any excess
key: deceptivedeceptivedeceptivede
plaintext: wearediscoveredsaveyourselves
Use each key letter as index to row of Vigenere table
Look up the corresponding letter for the plaintext letter
Repeat the process for each plaintext letter
key: deceptivedeceptivedeceptivede
plaintext: wearediscoveredsaveyourselves
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGZHW
Notice the one to many mapping
Plaintext “e” maps to {I,T,G,H,M}
Ciphertext “G” represents {c,e,r,l}
17
Vigenère Cipher: Modular Arithmetic
Applied modular arithmetic to Vigenere Cipher
key: deceptivedeceptivedeceptivede
plaintext: wearediscoveredsaveyourselves
116. ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGZHW
Columns in red show that modulo reduction was used to get the
values
18
Vernam Cipher
The ultimate defense against such a cryptanalysis is to choose a
keyword that is as long as the plaintext and has no statistical
relationship to it
Vernam cipher works on binary data (bits) rather than letters.
Use a very long but repeating keyword
19
One-Time Pad
Improvement to Vernam cipher
Use a random key that is as long as the message so that the key
117. need not be repeated
Key is used to encrypt and decrypt a single message and then is
discarded
Each new message requires a new key of the same length as the
new message
Scheme is unbreakable
Produces random output that bears no statistical relationship to
the plaintext
Because the ciphertext contains no information whatsoever
about the plaintext, there is simply no way to break the code
20
Binary One-Time Pad
Bit operation using exclusive-or (XOR)
The symmetry property of XOR:
C = M ⊕ P and M = C ⊕ P
where P is the pad (the key)
Example:
Let M be the word “IF”, whose ASCII code is: 1001001
1000110
Let pad P (the key) be the random bit pattern: 1010110 0110001
Encryption:
Plaintext 1 0 0 1 0 0 1 1 0 0 0 1 1 0
Key 1 0 1 0 1 1 0 0 1 1 0 0 0 1
Ciphertext 0 0 1 1 1 1 1 1 1 1 0 1 1 1
Decryption:
Ciphertext 0 0 1 1 1 1 1 1 1 1 0 1 1 1
118. Key 1 0 1 0 1 1 0 0 1 1 0 0 0 1
Plaintext 1 0 0 1 0 0 1 1 0 0 0 1 1 0
21
Same key
Plaintext recovered
Challenges of One-Time Pad
There is the practical problem of making large quantities of
random keys
Any heavily used system might require millions of random
characters on a regular basis
Key distribution problem
For every message to be sent, a key of equal length is needed by
both sender and receiver
22
Pseudo-Random Number Generators
Recall random numbers have many applications
119. But computers can’t generate truly random numbers.
Computers generate pseudo-random numbers that can pass
statistical tests
Uniformity and independence
A pseudo-random number generator (PRNG) is a computer
algorithm for generating pseudo-random numbers
The algorithm takes a fixed value, called the seed, as an input
and produces a sequence of output bits using a deterministic
algorithm
The output bit stream is determined solely by the input value or
values, so an adversary who knows the algorithm and the seed
can reproduce the entire bit stream
An adversary who does not know the seed is unable to
determine the pseudorandom string
23
Linear Congruential Generator
Linear congruential generator (LCG) is one of the PRNGs
An algorithm first proposed by Lehmer that is parameterized
with four numbers:
m the modulus m > 0
a the multiplier 0 < a< m
c the increment 0≤ c < m
120. x0 the starting value, or seed 0 ≤ x0 < m
The sequence of random numbers {xn} is obtained via the
following iterative equation:
Xn+1 = (a · xn + c) mod m
If m , a , c , and x0 are integers, then this technique will
produce a sequence of integers with each integer in the range 0
≤ xn < m
The selection of values for a , c , and m is critical in
developing a good random number generator
Example:
Let m = 1823, a = 17, b = 248 and x0 = 362
Then x1 = ( 17 x362 + 248 ) mod 1823
= ( 6154 + 248 ) mod 1823
= 6402 mod 1823= 933
We repeat this calculation using the value of x1 instead of x0,
obtaining x2 =1525
Similarly, x3 = 651, x4 = 377, x5 = 1188…
24
Playfair Cipher
Recall monoalphabetic ciphers are susceptible to letter
frequency analysis
Another polyalphabetic approach to improving security was to
encrypt multiple letters as a single unit
121. Playfair Cipher
Best-known multiple-letter encryption cipher
Invented by British scientist Sir Charles Wheatstone in 1854,
but named after Lord Playfair who promoted it
Encrypts pairs of letters (digrams), instead of single letters
Based on the use of a 5 x 5 matrix of letters constructed using a
keyword
Reasonably fast and more secure than simple substitution
there are 676 bigrams (2-letter combinations), versus 26 letters
25
Playfair Key Matrix
Fill in letters of keyword (minus duplicates) from left to right
and from top to bottom, then fill in the remainder of the matrix
with the remaining letters in alphabetic order
Using the keyword MONARCHY:
To get 25 entries, we combine I/J but some people just drop
QMONARCHYBDEFGI/JKLPQSTUVWXZ
122. 26
In this case, the keyword is monarchy . The matrix is
constructed by filling
in the letters of the keyword (minus duplicates) from left to
right and from top to
bottom, and then filling in the remainder of the matrix with the
remaining letters in
alphabetic order. The letters I and J count as one letter.
Plaintext is encrypted two
letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are
separated with a filler
letter, such as x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix
are each replaced
by the letter to the right, with the first element of the row
circularly following
the last. For example, ar is encrypted as RM.
3. Two plaintext letters that fall in the same column are each
replaced by the
letter beneath, with the top element of the column circularly
following the last.
For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the
letter that lies in
its own row and the column occupied by the other plaintext
letter. Thus, hs
becomes BP and ea becomes IM (or JM, as the encipherer
wishes).
The Playfair cipher is a great advance over simple
monoalphabetic ciphers.
123. For one thing, whereas there are only 26 letters, there are 26 *
26 = 676 digrams, so
that identification of individual digrams is more difficult.
Furthermore, the relative
frequencies of individual letters exhibit a much greater range
than that of digrams,
making frequency analysis much more difficult. For these
reasons, the Playfair
cipher was for a long time considered unbreakable. It was used
as the standard field
system by the British Army in World War I and still enjoyed
considerable use by the
U.S. Army and other Allied forces during World War II.
Despite this level of confidence in its security, the Playfair
cipher is relatively
easy to break, because it still leaves much of the structure of the
plaintext language
intact. A few hundred letters of ciphertext are generally
sufficient.
Playfair Encrypting and Decrypting
Encryption: Each 2-letter plaintext combination forms the
opposite diagonal corners of a rectangle in the Playfair matrix.
The corresponding cipher letters are found in the other two
corners of that rectangle
The first ciphertext letter is the one in the same row as the first
plaintext letter
Decryption: performed in the same manner, except using the
ciphertext as input
Example: plaintext “wh” is encrypted as “vy”
27
124. Playfair Rules
If one plaintext character left over, pad with a ‘Z’ , except if the
singleton is a ‘Z’ then replace it with an ‘X’
If a bigram consists of two of the same letter, insert an 'X’ after
the first letter to make a bigram, and then move the second
letter to be the first letter of the next bigram
If both letters fall in the same row, replace each with the letter
to its right (wrapping back to start from end)
If both letters fall in the same column, replace each with the
letter below it (wrapping from bottom to top)
Otherwise each letter is replaced by the letter in the same row
and in the column of the other letter of the pair (opposite
diagonal corners of rectangle)
The first cipher letter is the corner that is in the same row as the
first plaintext letter of the bigram; the second cipher letter is
the opposite diagonal corner from the first cipher letter (also:
when choosing a ciphertext letter from the “I/J” matrix element,
always choose “I”).
28
Playfair Example
125. Wireless: E( wi re le sx sz ) =XG MK UL XA TX
note double “s” and singleton
Monday: E( mo nd ay ) = ON RY NB
note “m” and “o” are in same row
Deem: E( de em ) = CK LC
no double-”e”; also, “e” and “m” in same column
For the Playfair cipher, the “key” is the keyword and all six
rules
29
Frequency of Letter Occurance
Revealing the effectiveness of the Playfair and other ciphers
30
Hill Cipher
Developed by the mathematician Lester Hill in 1929
126. Strength is that it hides single-letter frequencies
Features
Uses linear algebra (matrix multiplication)
Letters are encoded as numbers modulo 26
Blocks of letters are interpreted as vectors
Key is a random matrix of same dimension as vectors
Strong against a ciphertext-only attack but easily broken with a
known plaintext attack
31
Vector and Matrix
A vector is an ordered set of numbers
Example: [ 3, 27, 16 ]
Can be represented horizontally or vertically
The dot product of two vectors (same length) is simply the sum
of the products of each component
Example: [ 1, 5, 4 ] · [ 4, 2, 6 ] = (1)(4) + (5)(2) + (4)(6) = 4 +
10 + 24 = 38
A matrix is a rectangular arrangement of numerical values
a vector is a special case of matrix with at least one of whose
dimensions is 1
we can consider each row or column as a vector
We enclose matrices with square brackets
Examples:
127. ,
32
Enclose matrices with square brackets
Matrix Arithmetic for Hill Cipher
To multiply a matrix by a vector, the matrix must be have as
many columns as the vector has rows.
Example
=
The Hill cipher uses a square matrix as its key – “key matrix”
Requirement for the key matrix: must have a matrix inverse
33
Matrix Inverse
The inverse of a square matrix A, is a matrix such that
=I, where I is the identity matrix
Inverse of a matrix by Gauss-Jordan elimination
129. Hill Cipher Encryption
The key matrix must have a matrix inverse so we can decrypt
what we encrypt
The key matrix , for any vector
To encrypt
To decrypt
Padding
Use the letter “x” to pad the last block if needed
Modular arithmetic
Matrix arithmetic modulo 26
36
Hill Cipher Example
M=“next”= [13, 4, 23, 19]
Since the matrix is 3x3, this time we split the message into
blocks of length 3 and encrypt each block separately.
Since the second block is just the letter “t” we must pad it to
make a full block; so,let’s just use “x” as the pad character.
130. This gives us 2 blocks: “nex” and “txx”
For example, the first block (“nex”) is encrypted as follows
(using mod 26 arithmetic)
37
Transposition Ciphers
Ciphertext is a permutation (i.e. rearrangement or shuffling) of
the plaintext letter.
Simplest transposition cipher is Rail Fence cipher
Plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows
38
131. Rail Fence of Depth 2
Write plaintext message in 2 rows, alternating letters from one
row to the next
Encryption performed by reading across each row
Example: meet me after the toga party
m e m a t r h t g p r y
e t e f e t e o a a t
cipher: MEMATRHTGPRYETEFETEOAAT
39
2 rails
Rail Fence of Depth 3
Use 3 rows and weave back and forth from row 1 to row 2 to
row 3, then back to row 2, then 1, and repeat
Example: meet me after the toga party
m m t h g r
e t e f e t e o a a t
e a r t p y
cipher: MMTHGRETEFETEOAATEARTPY
40
3 rails
132. Columnar Transposition Cipher
Also called “Row Transposition Cipher”
More complex transposition
Write the message in a rectangle, row by row, and read the
message off, column by column, but permute the order of the
columns
The order of the columns then becomes the key to the algorithm
Key length is same as row length
Pad with the letter ‘x’ (random characters in general, but we
will use ‘x’), as needed to complete the last row
41
Columnar Transposition Cipher
Example: “Attack postponed until two am”
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x x x
Ciphertext:
TTNAAPTMTSUOAODWCOIXKNLXPETX
42
133. Summary
What is Symmetric Encryption
Requirements
Terminology
Computationally Secure Encryption
Concept of Substitution Ciphers
Caesar Cipher
Keyword Cipher
Monoalphabetic Cipher
Polyalphabetic Ciphers
Vigenère Cipher
Vernam Cipher and One-Time Pad
Pseudo-Random Number Generators
Linear Congruential Generator
Playfair Cipher
Hill Cipher
Transposition Ciphers
Rail Fence Cipher
Columnar Transposition Cipher
43
134. Modes of Operation
Dr. Y. Chu
CIS3360: Security in Computing
0R02
Spring 2018
1
Information
Reading: Chapter 20.5 in textbook
2
135. Objectives
Learn five modes of operation
How to apply those modes to block ciphers
3
Block Cipher
Block cipher
Encrypts plaintext characters in chunks called blocks
Stream cipher can be thought of as a block cipher with a block
size of 1
Block size is the number of elements in a block
Example:
Caesar cipher as a stream cipher
4
t1t2t3 t4
Caesar cipher as a block cipher
t1
136. t2
time
time
…
…
Blocks and Padding
A typical message is longer than 1 block
Message is split into blocks of the required size
If the last block is shorter than the block size, we must pad it to
make a complete block
Padding can be done in many different ways
Example
Use counts of the pad size
[ b1 b2 b3 5 5 5 5 5]
Here, we have 3 data bytes, plus 5 bytes of padding
We have been using X
Example: PETERPAN, with block size 5: PETER PANXX
We use it for Caesar, Vigenere, and Hill ciphers, but not for
Playfair which has its own rules
5
137. Simple Cipher
Here we define a simple cipher, which we will call SC (i.e.
simple cipher) that operates on bit strings:
SC cipher: flip bits and then do circular shift to left
Suppose we are given plaintext (bit string): 110110100110
block size: 4 bits (use this later )
initialization vector: 0101 (use this later)
If we do not use SC as a block cipher, then ciphertext is:
flip bits: 001001011001
shift left: 010010110010
6
Ciphertext
Vigenere Block Cipher
Use the Vigenere cipher as a block cipher
Keyword: ROCK
Name it VROCK
Block size is length of keyword
Block size is 4
Initialization vector (IV): DARK (use it later)
Recall basic operation of Vigenere
7
138. Modes of Operation
A technique for enhancing the effect of a cryptographic
algorithm or adapting the algorithm for an application
To apply a block cipher in a variety of applications, five modes
of operation have been defined by NIST
These modes are intended for use with any symmetric block
cipher, including triple DES and AES
Technically stream ciphers can also use these modes if we
consider stream ciphers as block size 1
8
Five Modes
9
Table 20.4
139. Electronic Codebook (ECB)
Simplest mode
Message is broken into independent blocks
Plaintext is handled b bits at a time
Each block is encrypted using the same key
A gigantic codebook in which there is an entry for every
possible b-bit plaintext pattern
Each block is encoded independently of the other blocks, as if it
were the entire plaintext message
Mathematic notations
Ci = E(K, Pi ) = Ek(Pi)
Pi = D(K, Ci ) = Dk(Ci)
Pi is the plaintext block, Ci is the ciphertext, K is the key, E is
encryption and D is decryption
10
ECB Mode
11
140. SC in ECB Mode
Recall SC (Simple Cipher)
Plaintext (bit string): 110110100110
Block size: 4 bits (now we use it )
Plaintext separated into blocks P1, P2, and P3 :
1101 1010 0110
ECB encrypts each block as if it were the entire plaintext
message
C1= E(P1) = SC( 1101 ) = flip( 1101 ),
then left( 0010 ) = 0100
C2 = E( P2 ) = SC( 1010 ) = flip( 1010 ),
then left( 0101 ) = 1010
C3 = E( P3) = SC( 0110 ) = flip( 0110 ),
then left( 1001 ) = 0011
So, complete ciphertext is: 010010100011
12
Vigenere in ECB Mode
Use the Vigenere cipher as a block cipher
keyword: ROCK
VROCK
141. block size is length of keyword (=4)
ECB Vigenere operation:
13
t1
t2
t3
Characteristics of ECB
Pros
Is very simple
Allows for parallel encryptions of the blocks of a plaintext
Can tolerate the loss or damage of a block
Cons
Long documents and images are not suitable for ECB, since
patterns in the plaintext are repeated in the ciphertext.
Main use is encrypting very short messages (e.g., encryption
keys)
14
Source: Introduction to Computer Security,
Goodrich and Tamassia, at page 403
142. Cipher Block Chaining (CBC)
Message is broken into blocks
Blocks are “linked” together in encryption operation
Each previous cipher block is chained with current plaintext
block, hence name
Need to use an Initialization Vector (IV) to start the process
Mathematical notation
Cj = E(K, [Cj–
C0 =IV
15
CBC Mode
16
143. SC in CBC Mode
Recall our SC
Plaintext (bit string): 110110100110
Block size: 4 bits
Initialization vector (IV): 0101
Plaintext separated into blocks P1, P2, and P3 :
1101 1010 0110
CBC encrypts each block XOR’d with the previous ciphertext
block
C1 = E( P1 XOR IV) = SC( 1101 XOR 0101 ) = flip( 1000 ),
then left( 0111 ) = 1110
C2 = E( P2 XOR 1110) = SC( 1010 XOR 1110 ) = flip( 0100 ),
then left( 1011 ) = 0111
C3 = E( P3 XOR 0111) = SC( 0110 XOR 0111 ) = flip( 0001 ),
then left( 1110 ) = 1101
So the complete ciphertext is
111001111101
17
Vigenere in CBC Mode
Use the Vigenere cipher as a block cipher
Keyword: ROCK
VROCK
Block size is length of keyword (=4)
Initialization Vector (IV): DARK (here we use it)
144. Plaintext separated and padded into blocks P1, P2, and P3 :
STOR MYNI GHTX
Padding character ‘X’
CBC encrypts each block PLUS the output of the previous block
– use plus instead of XOR
C1 = E(P1 + IV) = VROCK(STOR + DARK ) = ROCK + STOR
+ DARK = MHHL
C2 = E(P2 + MHHL) = VROCK( MYNI + MHHL ) = ROCK +
MHHL + MYNI = PTWD
C3 = E(P3 + PTWD) = VROCK( GHTX + PTWD ) = ROCK +
GHTX + PTWD = MORK
So, complete ciphertext is: MHHLPTWDMORK
18
Characteristics of CBC
Overcome the repeat pattern issue in ECB
A ciphertext block depends on all blocks before it
Any change to a block affects all following ciphertext blocks
Need Initialization Vector (IV)
Must be known to sender & receiver but be unpredictable by a
third party
If sent in plaintext, attacker can use it
It could be sent encrypted in ECB mode before rest of message
Or use other methods
Applications:
Bulk data encryption and authentication
19
145. Cipher Feedback (CFB)
The ciphertext for one block is encrypted again and fed back
(hence, the name) using XOR to encrypt the next plaintext block
We are not encrypting the current plaintext block directly to get
the current ciphertext block
Different from CBC, where the previous ciphertext is first
combined with the next plaintext block, and the result is
encrypted.
Surprisingly, decryption involves using the encryption cipher
(same scheme)
Standard allows any number of bits (1,8, 64 or 128 etc) to be
fed back
Denoted CFB-1, CFB-8, CFB-64, CFB-128 etc
But most efficient to use all bits in block (64 or 128)
Mathematical notations
Encryption: Cj = Pj -1 )
-1)
C0=IV
20
146. CFB Mode
21
S-bit CFB Mode
22
SC in CFB Mode
Recall SC
Plaintext (bit string): 110110100110
Block size: 4 bits
Initialization vector: 0101
Plaintext separated into blocks P1, P2, and P3 :
1101 1010 0110
CFB encrypts the previous ciphertext block and then XOR’s it
with the current plaintext block
147. C1 = P1 XOR E( IV) = 1101 XOR SC( 0101 ) = 1101 XOR (
left( 1010 ) ) = 1101 XOR 0101 = 1000
C2 = P2 XOR E(1000) = 1010 XOR SC(1000) = 1010 XOR (
left( 0111 ) ) = 1010 XOR 1110 = 0100
C3 = P3 XOR E(0100) = 0110 XOR SC(0100) = 0110 XOR (
left( 1011 ) ) = 0110 XOR 0111 = 0001
The complete ciphertext is
100001000001
Note: CFB for character data gives same result as CBC since we
use simple addition
23
Characteristics of CFB
Encryption can not be processed in parallel
Decryption can be processed in parallel
Same encryption cipher is used at both sides
Errors can propagate
Applications
Stream data encryption, authentication
24
148. Output Feedback (OFB)
25
OFB Mode
26
SC in OFB Mode
Let’s go back to SC
Plaintext (bit string): 110110100110
Block size: 4 bits
Initialization vector: 0101
Plaintext separated into blocks P1, P2, and P3 :
1101 1010 0110
OFB encrypts the IV repeatedly and XOR’s the results with the
plaintext blocks
C1= P1 XOR E( IV) = 1101 XOR SC( 0101 ) = 1101 XOR ( left(
149. 1010 ) ) = 1101 XOR 0101 = 1000
C2= P2 XOR E(0101) = 1010 XOR SC(0101) = 1010 XOR (
left( 1010 ) ) = 1010 XOR 0101 = 1111
C3 = P3 XOR E(0101) = 0110 XOR SC(0101) = 0110 XOR (
left( 1010 ) ) = 0110 XOR 0101 = 0011
The ciphertext is: 100011110011
27
Vigenere in OFB Mode
Let’s go back to the character Vigenere example
Plaintext: STORMYNIGHT
Keyword: ROCK
VROCK
Block size: 4
Initialization vector: DARK
Plaintext separated and padded into blocks P1, P2, and P3 :
STOR MYNI GHTX
For OFB, we encrypt the IV repeatedly and add the result to
plaintext block, mod 26
C1 = P1 + E( IV ) = STOR + VROCK(DARK ) = STOR + (
ROCK + DARK ) = STOR + UOTU = MHHL
C2 = P2 + E(UOTU) = MYNI + VROCK(UOTU) = MYNI + (
ROCK + UOTU ) = MYNI + LCVE = XAIM
C3= P3+ E(LCVE) = GHTX + VROCK(LCVE) = GHTX + (
ROCK + LCVE ) = GHTX + CQXO = IXQL
The complete ciphertext is: MHHLXAIMIXQL
28
150. Characteristics of OFB
“Pad” can be calculated in advance
Errors do not propagate
More vulnerable to message stream modification
A variation of one-time pad
Technically IVs should not be reused.
IV is actually nonce.
Applications
Stream encryption on noisy channels.
29
Counter (CTR)
30
151. CTR Mode
31
SC in CTR Mode
Let’s go back to SC example
Plaintext (bit string): 110110100110
Block size: 4 bits
Initialization vector (seed): 0101
Plaintext separated into blocks P1, P2, and P3 :
1101 1010 0110
CTR increments and encrypts the seed value repeatedly and
XOR’s the results with the plaintext blocks
C1= P1 XOR E(S+0) = 1101 XOR SC( 0101 ) = 1101 XOR (
left( 1010 ) ) = 1101 XOR 0101 = 1000
C2= P2 XOR E(S+1) = 1010 XOR SC( 0110 ) = 1010 XOR (
left( 1001 ) ) = 1010 XOR 0011 = 1001
C3 = P3 XOR E(S+2) = 0110 XOR SC( 0111 ) = 0110 XOR (
left( 1000 ) ) = 0110 XOR 0001 = 0111
The complete ciphertext is: 100010010111
32
152. Characteristics of CTR
High efficiency
Can be processed in parallel
Preprocessing
Encryption algorithm does not depend on plaintext or ciphertext
Random access
Any block can be processed in random fashion
Provable security
As good as other modes
Simple
Encryption only
Must never reuse key/counter values
Applications
high-speed network encryptions
33
Summary
Block cipher
Our examples
Simple Cipher
Vigenere Block Cipher (character)
Modes of Operation
153. Electronic Codebook (ECB)
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB)
Counter (CTR)
Concept
Structure
Examples in SC and/or Vigenere
Characteristics
34
Programming Assignment 1: Encryption and Decryption using
Vigenere
with Cipher Block Chaining (CBC)
1. Introduction
In this programming assignment, you will implement Vigenere
encryption and decryption with Cipher Block
Chaining (CBC). The original form of Vigenere cipher has been
introduced in “L6: Symmetric Encryption” (slide
154. No. 15-18). CBC mode has been introduced in “L8: Modes of
Operation” (slide No. 15-19). In the lecture of
“Modes of Operation”, we used Vigenere block cipher as an
example to show how to apply the modes of
operation to ciphers. The description of Vigenere block cipher
is in slide No. 7 of “L8: Modes of Operation”.
Comparing with original form of Vigenere cipher, the Vigenere
block cipher defines a block size that is equal to
length of Vigenere key. According to the slide No. 18 of “L8:
Modes of Operation”, for CBC mode an IV (Initial
Vector) is also needed as input. So, the inputs to the encryption
algorithm include Vigenere key, IV and plaintext
and the inputs to the decryption algorithm include Vigenere
key, IV and cyphertext. In the lecture slides, we have
focused on the encryption part. But in this assignment, you will
implement both encryption and decryption
algorithms. Therefore, you will create two programs or source
files: one for the encryption (or encipher) and one
for the decryption (or decipher). The encipher program will be
run first. When encrypting, the encipher program
will take inputs including plaintext, key and IV. The encipher
encrypts the plaintext with the key & IV, and
generate a file to store the ciphertext. Then when the decipher
program is run, the ciphertext file will be used as
155. input along with key & IV. The decipher program decrypts the
ciphertext to recover the plaintext.
2. Basic Encryption and Decryption Schemes
In the slides of “L8: Modes of Operation”, we have mentioned
that Vigenere block cipher is a character cipher.
Instead of using the XOR defined in CBC mode, we used plus
(+) in Vigenere with CBC (slide No. 18 of “L8:
Modes of Operation”). Therefore, the encryption of Vigenere
with CBC can be expressed as
�0 = �(�0 + ��) = (�0 + �� + �������) ��� 26
�� = �(�� + ��−1) = (�� + ��−1 + �������) ��� 26
Since we have modified the CBC operation for Vigenere
character cipher, we have to adapt the CBC decryption
too. Once one already establishes the encryption algorithm (or
encipher). The general rule for the decryption
algorithm (or decipher) is to run the encryption in reverse.
Following this rule, we can express the decryption of
Vigenere with CBC as:
�0 = (�0 − �� − �������) ��� 26
�� = (�� − ��−1 − �������) ��� 26
Note: the result of (�0 − �� − �������) �� (�� − ��−1
− �������) can be negative but modular value should
156. not be negative. Since we have adapted both encryption and
decryption of original CBC. The mathematical
notations shown above may not match the CBC diagram (Slide
No. 16 of “L8: Modes of Operation”), which uses
XOR operation.
3. Implementation
3.1. Preprocessing
The plaintext input to the Vigenere CBC encipher should come
from a text file. You may use any text file that is
less than 4 Kilobytes in size. You can generate your text file by
simply copying and pasting any text content.
However, the normal text file contains upper case and lower
case alphabetic characters, numbers, punctuations
and other special characters including space and line feed etc..
These are way more than 26 letters defined in
Vigenere cipher. So you have to preprocess the text file to
eliminate all the special characters, numbers, white
space and punctuations, as well as convert all upper case letters
into lower case letters. The result of preprocessing
should be a string of lower case letters. (as shown Figure 1)
Then the encipher will use these letter sequences as
the plaintext input.
157. Figure 1: Plaintext after Preprocessing
3.2. Inputs
In addition to the letter sequence you generated from the
preprocessing. The Vigenere CBC encipher needs a key
and an IV. For this assignment, you would allow the user to
enter a key (key length ranges from 2 to 10) and an IV
with the same length as key. You may want to mandate that the
length of IV should be the same as the key. Inputs
to the Vigenere CBC decipher should be the same key and IV,
as well as the ciphertext. The ciphertext sequence
should be generated by the Vigenere CBC encipher.
The easy way to allow the user’s input is using the command
line arguments. For example, assuming the executable
of your Vigenere CBC encipher is called V_encipher, plaintext
file is called sample.txt, the key is rock and the IV
is dark. The Unix command line to run the encipher would look
like this:
./V_encipher sample.txt rock dark
Assuming your encipher would save the ciphertext to a file
ciphertext.txt and your decipher executable is called
158. V_decipher (the key and the IV are same as the above), the
Unix command line to run the decipher would look like
this:
./V_decipher ciphertext.txt rock dark
3.3. Outputs
As mentioned above, you would create two programs: one for
the encipher (including the preprocessing) and one
for the decipher. The outputs of the encipher program should
include the following:
Original text file name
ireturnedfromthecityaboutthreeoclockonthatmayafternoonpretty
w
elldisgustedwithlifeihadbeenthreemonthsintheoldcountryandwas
fe
dupwithitifanyonehadtoldmeayearagothatiwouldhavebeenfeeling
li
kethatishouldhavelaughedathimbuttherewasthefacttheweatherma
d
emeliverishthetalkoftheordinaryenglishmanmademesickicouldnt
ge
tenoughexerciseandtheamusementsoflondonseemedasflatassoda
w
159. aterthathasbeenstandinginthesunrichardhannayikepttellingmysel
fy
ouhavegotintothewrongditchmyfriendandyouhadbetterclimbout
Key
IV
Block size
Plaintext (after preprocessing) printed on the screen
Number of characters in plaintext (before padding)
Ciphertext printed on the screen
Name of ciphertext file (ciphertext saved to a file)
Number of padding characters
The ciphertext file will be used as one of the inputs to the
decipher. The outputs of the decipher program should
include the following:
Ciphertext file name
Number of characters in ciphertext
Recovered plaintext printed on the screen
3.4. Other Implementation details