Would You Buy This? Our unbreakable military-grade 10,240-bit bi-Gaussian encryption system, using a proprietary one- time pad algorithm, has recently been reviewed by the NSA and approved by a Fortune 500 customer and is available both inside and outside of the US. Adapted from Peter Gutman’s crypto tutorial: http://www.cryptoapps.com/~peter/part6.pdf 20 January 2006
Alice Bob
�������������������� Message 1 from Criminal to Elsie Message 2 from Criminal to Elsie Message 3 from Criminal to Elsie Elsie’s Message to the Criminal Message 4 from Criminal to Elsie Sherlock Holmes’ message to the Criminal
The dancing man cipher is another form of a substitution cipher. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ����������
Kerckhoffs’ Principle “The security of a cryptosystem must not depend on keeping secret the crypto- algorithm. The security depends only on keeping secret the key.”
Cryptographic Tools Three basic tools are used • Encryption is used to provide confidentiality • Checksums/hash algorithms are used to provide integrity protection • Digital signatures are used to provide authentication, integrity protection, and non-repudiation However, if the underlying system is unsecure, no amount of cryptography will help. 20 January 2006
General crypto guidance 1. Cryptography is indeed rocket science. 2. Proprietary cryptography must be assumed to be broken, by definition 3. Adding cryptography to an unsecure system is like putting steel doors on a grass hut. 20 January 2006
Vernam Cipher If a binary message m 1 m 2 ...m t is operated on by a binary key string k 1 k 2 …k t of the same length to produce a ciphertext c 1 c 2 …c t where c i = m i ⊕ k i , 1 ≤ i ≤ t If the key string is randomly chosen and never used again, the cipher is a one-time pad and is unbreakable other than via brute-force guessing.
OTP XOR Demo $ ./xordemo k < p > c $ hexdump -C p 00000000 4d 65 65 74 20 61 74 20 74 68 65 20 67 61 74 68 |Meet at the gath| 00000010 65 72 69 6e 67 20 70 6f 69 6e 74 20 61 74 20 31 |ering point at 1| 00000020 38 30 30 20 68 6f 75 72 73 20 54 68 75 72 73 64 |800 hours Thursd| 00000030 61 79 21 0a |ay!.| 00000034 $ hexdump -C k 00000000 62 61 6e 61 6e 61 6f 72 61 6e 67 65 61 70 70 6c |bananaorangeappl| 00000010 65 6c 69 6d 65 6b 69 77 69 6c 65 6d 6f 6e 6d 61 |elimekiwilemonma| 00000020 6e 67 6f 6b 75 6d 71 75 61 74 70 69 6e 65 61 70 |ngokumquatpineap| 00000030 70 6c 65 0a |ple.| 00000034 $ hexdump -C c 00000000 2f 04 0b 15 4e 00 1b 52 15 06 02 45 06 11 04 04 |/...N..R...E....| 00000010 00 1e 00 03 02 4b 19 18 00 02 11 4d 0e 1a 4d 50 |.....K.....M..MP| 00000020 56 57 5f 4b 1d 02 04 07 12 54 24 01 1b 17 12 14 |VW_K.....T$.....| 00000030 11 15 44 0a |..D.| 00000034 $ ./xordemo k < c > pp $ diff p pp $
Russian One-Time Pad captured by MI5
Auguste Kerckhoffs, ‘La cryptographie militaire’-- 1883 1. The system must be substantially, if not mathematically, undecipherable; 2. The system must not require secrecy and can be stolen by the enemy without causing trouble; 3. It must be easy to communicate and remember the keys without requiring written notes, it must also be easy to change or modify the keys with di ff erent participants; 4. The system ought to be compatible with telegraph communication; 5. The system must be portable, and its use must not require more than one person; 6. Finally, regarding the circumstances in which such system is applied, it must be easy to use and must neither require stress of mind nor the knowledge of a long series of rules.
Polyalphabetic Substitution Cipher: Vigenère Cipher This is the Vigenère Square, or Tabula Recta. P =SAMBRADFORD KEY=HEISMANHEIS C= ZEUTDAQMSZV
Breaking a Vigenère cipher Frequency analysis fails, because this cipher evens out the distribution of letters. So instead … • Search for repeated groups in the ciphertext • These may represent the same words encrypted using the same letters. • If they are the same plaintext words, the key should be a factor of the distances between them
One attack on Vigenère ciphers (Wikipedia) Key : ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTO ISSHORTFOR CRYPTO GRAPHY Ciphertext: CSASTP KVSIQUTGQU CSASTP IUAQJB ^------16------^ Possible key lengths are 16,8,4,2,1
ROTOR Machines
B y M e s s e r W o l a n d - o w n w o r k b y u s e r : H a n d i g e H a r r y b a s e d o n p r e v i o u s v e r s i o n b a s e d o n I m a g e : E n i g m a w i r i n g k l e u r . p n g b y M a t t C r y p t o o r i g i n a l l y n l : A f b e e l d i n g : E n i g m a _ w i r i n g _ k l e u r . p n g b y n l : U s e r : D r d e f c o m , C C B Y - S A 3 . 0 , h t t p s : / / c o m m o n s . w i k i m e d i a . o r g / w / i n d e x . p h p ? c u r i d = 1 7 9 0 4 7 9
General Feistel network
Feistel Networks Guaranteed R d L d to be invertible L i = R i-1 L 1 R 1 L d-1 R d-1 R i = L i-1 XOR f(R i-1 ), then Then you can add encryption decryption R i = L i-1 XOR f(R i-1 ,K i ) ) to the F’s. L d-2 R d-2 L 2 R 2 L d R d Original diagram from WikiCommons, modified here
DES IP occurs before round 1, transposing the input block in specific manner In each round, the key bits are shifted, and 48 bits are selected from the 56 bits of the key The data is split in half, with permutations and substitutions applied to the right half. After 16 rounds, the FP (inverse of IP) is applied.
AES Here’s a super animation of AES hint: play it at 50% or 75% speed
Modes of operation: ECB (Electronic Code Book) Wikimedia Commons
ECB can leave data patterns behind Encrypted using ECB Encrypted using other modes Tux the Penguin, the Linux mascot. Created by Larry Ewing with The GIMP. Other two images are from Wikipedia Commons
Initialization Vector (IV) • All the modes of operation besides ECB need their pumps to be primed with a random block of data. • No need for secrecy, but an IV should only be used once for a given key.
Modes of operation: CBC (Cipher-Block Chaining) C i = E K (P i ⊕ C i-1 ) P i = C i-1 ⊕ D K (C i ) Wikimedia Commons
Modes of operation: CFB (Cipher Feedback) C i = P i ⊕ E K (C i-1 ) P i = C i ⊕ D K (C i-1 ) Wikimedia Commons
Cryptographic Hash Function Wikimedia Commons
Message Authentication Codes Wikimedia Commons
Playfair Cipher Key is: CHARLES C H A R L E S B D F G I K M N O P Q T U V W X Y Z http://www.simonsingh.net/The_Black_Chamber/playfair_cipher.html
Recommend
More recommend