Скачать презентацию What is cryptology Greek krypto hide Скачать презентацию What is cryptology Greek krypto hide

94b9663c326600b528c98d6fc2d67954.ppt

  • Количество слайдов: 29

What is cryptology? • Greek: “krypto” = hide • Cryptology – science of hiding What is cryptology? • Greek: “krypto” = hide • Cryptology – science of hiding = cryptography + cryptanalysis + steganography • Cryptography – secret writing • Cryptanalysis – analyzing (breaking) secrets Cryptanalysis is what attacker does Decipher or Decryption is what legitimate receiver does 30 Aug 2000 University of Virginia CS 551

Steganography • “Covered” messages • Technical Steganography – Invisible ink, shaved heads, microdots • Steganography • “Covered” messages • Technical Steganography – Invisible ink, shaved heads, microdots • Linguistic Steganography – “Open code” – secret message appears innocent • “East wind rain” = war with USA • Broken dolls in WWII – Hide message in low-order bits in GIF 30 Aug 2000 University of Virginia CS 551

Cryptology and Security Cryptology is a branch of mathematics. Security is about people. 30 Cryptology and Security Cryptology is a branch of mathematics. Security is about people. 30 Aug 2000 University of Virginia CS 551

Terminology Insecure Channel Plaintext Alice 30 Aug 2000 Encrypt Ciphertext Decrypt Eve C = Terminology Insecure Channel Plaintext Alice 30 Aug 2000 Encrypt Ciphertext Decrypt Eve C = E(P) P = D(C) E must be invertible University of Virginia CS 551 Plaintext Bob

Cryptography • Always involves 2 things: – Transformation – Secret 30 Aug 2000 University Cryptography • Always involves 2 things: – Transformation – Secret 30 Aug 2000 University of Virginia CS 551

Kerckhoff’s Principle • Security should depend only on the key – Don’t assume enemy Kerckhoff’s Principle • Security should depend only on the key – Don’t assume enemy won’t know algorithm • Can capture machines, disassemble programs, etc. • Too expensive to invent new algorithm if it might have been compromised – Security through obscurity isn’t • Look at history of examples • Better to have scrutiny by open experts “The enemy knows the system being used. ” (Claude Shannon) 30 Aug 2000 University of Virginia CS 551

Alice and Bob Plaintext Encrypt Ciphertext Decrypt KE KD Alice C = E(KE, P) Alice and Bob Plaintext Encrypt Ciphertext Decrypt KE KD Alice C = E(KE, P) = EKE (P) P = D(KD, C) = DKD (C) If KE = KD it is symmetric encryption If KE KD it is asymmetric encryption 30 Aug 2000 Plaintext University of Virginia CS 551 Bob

Substitution Cipher • C = EK(p) Ci = K[pi] • Key is alphabet mapping: Substitution Cipher • C = EK(p) Ci = K[pi] • Key is alphabet mapping: a J, b L, . . . • Suppose attacker knows algorithm but not key, how many keys to try? 26! If every person on earth tried one per second, it would take 5 B years. 30 Aug 2000 University of Virginia CS 551

Monoalphabetic Cipher “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD Monoalphabetic Cipher “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF. ” 30 Aug 2000 University of Virginia CS 551

Frequency Analysis “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD Frequency Analysis “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF. ” W: 20 C: 11 F: 11 G: 11 30 Aug 2000 “Normal” English: e 12% t 9% a 8% University of Virginia CS 551

Pattern Analysis “XBe HGQe XS ACFPSUe. G Fe. PGe. XF CF Aee. KZV CDQGJCDe. Pattern Analysis “XBe HGQe XS ACFPSUe. G Fe. PGe. XF CF Aee. KZV CDQGJCDe. A CD BHYJD DJXHGe; e. Ue. D XBe Ze. JFX PHGCSHF YCDA CF GSHFe. A LV XBe KGSYCFe SI FBJGCDQ RDSOZe. AQe OCXBBe. ZA IGSY SXBe. GF. ” XBe = “the” Most common trigrams in English: the = 6. 4% and = 3. 4% 30 Aug 2000 University of Virginia CS 551

Guessing “the HGQe t. S ACFPSUe. G Fe. PGet. F CF Aee. KZV CDQGJCDe. Guessing “the HGQe t. S ACFPSUe. G Fe. PGet. F CF Aee. KZV CDQGJCDe. A CD h. HYJD DJt. HGe; e. Ue. D the Ze. JFt PHGCSHF YCDA CF GSHFe. A LV the KGSYCFe SI Fh. JGCDQ RDSOZe. AQe OCthhe. ZA IGSY Sthe. GF. ” S = “o” 30 Aug 2000 University of Virginia CS 551

Guessing “the HGQe to ACFPo. Ue. G Fe. PGet. F CF Aee. KZV CDQGJCDe. Guessing “the HGQe to ACFPo. Ue. G Fe. PGet. F CF Aee. KZV CDQGJCDe. A CD h. HYJD DJt. HGe; e. Ue. D the Ze. JFt PHGCo. HF YCDA CF Go. HFe. A LV the KGo. YCFe o. I Fh. JGCDQ RDo. OZe. AQe OCthhe. ZA IGo. Y othe. GF. ” othe. GF = “others” 30 Aug 2000 University of Virginia CS 551

Guessing “the Hr. Qe to ACs. Po. Uer se. Prets Cs Aee. KZV CDQr. Guessing “the Hr. Qe to ACs. Po. Uer se. Prets Cs Aee. KZV CDQr. JCDe. A CD h. HYJD DJt. Hre; e. Ue. D the Ze. Jst PHr. Co. Hs YCDA Cs ro. Hse. A LV the Kro. YCse o. I sh. Jr. CDQ RDo. OZe. AQe OCthhe. ZA Iro. Y others. ” “se. Prets” = “secrets” 30 Aug 2000 University of Virginia CS 551

Guessing “the Hr. Qe to ACsco. Uer secrets Cs Aee. KZV CDQr. JCDe. A Guessing “the Hr. Qe to ACsco. Uer secrets Cs Aee. KZV CDQr. JCDe. A CD h. HYJD DJt. Hre; e. Ue. D the Ze. Jst c. Hr. Co. Hs YCDA Cs ro. Hse. A LV the Kro. YCse o. I sh. Jr. CDQ RDo. OZe. AQe OCthhe. ZA Iro. Y others. ” “ACsco. Uer” = “discover” 30 Aug 2000 University of Virginia CS 551

Guessing “the Hr. Qe to discover secrets is dee. KZV i. DQr. Ji. Ded Guessing “the Hr. Qe to discover secrets is dee. KZV i. DQr. Ji. Ded i. D h. HYJD DJt. Hre; eve. D the Ze. Jst c. Hrio. Hs Yi. Dd is ro. Hsed LV the Kro. Yise o. I sh. Jri. DQ RDo. OZed. Qe Oithhe. Zd Iro. Y others. ” 30 Aug 2000 University of Virginia CS 551

Monoalphabetic Cipher “The urge to discover secrets is deeply ingrained in human nature; even Monoalphabetic Cipher “The urge to discover secrets is deeply ingrained in human nature; even the least curious mind is roused by the promise of sharing knowledge withheld from others. ” - John Chadwick, The Decipherment of Linear B 30 Aug 2000 University of Virginia CS 551

Why was it so easy? • Doesn’t hide statistical properties of plaintext • Doesn’t Why was it so easy? • Doesn’t hide statistical properties of plaintext • Doesn’t hide relationships in plaintext (EE cannot match dg) • English (and all natural languages) are very redundant: about 1. 3 bits of information per letter – Compress English with gzip – about 1: 6 30 Aug 2000 University of Virginia CS 551

How to make it harder? • Cosmetic • Hide statistical properties: – Encrypt “e” How to make it harder? • Cosmetic • Hide statistical properties: – Encrypt “e” with 12 different symbols, “t” with 9 different symbols, etc. – Add nulls, remove spaces • Polyalphbetic cipher – Use different substitutions • Transposition – Scramble order of letters 30 Aug 2000 University of Virginia CS 551

Types of Attacks • Ciphertext-only - How much Ciphertext? • Known Plaintext - often Types of Attacks • Ciphertext-only - How much Ciphertext? • Known Plaintext - often “Guessed Plaintext” • Chosen Plaintext (get ciphertext) – Not as uncommon as it sounds! • • Chosen Ciphertext (get plaintext) Not recommended in CS 551 Dumpster Diving Social Engineering “Rubber-hose cryptanalysis” – Cryptanalyst uses threats, blackmail, torture, bribery to get the key. 30 Aug 2000 University of Virginia CS 551

Really Brief History First 4000 years Vigenère Babbage breaks Vigenère; Kasiski (1863) publishes Cryptographers Really Brief History First 4000 years Vigenère Babbage breaks Vigenère; Kasiski (1863) publishes Cryptographers Alberti – first polyalphabetic cipher monoalphabetics Cryptanalysts 3000 BC 30 Aug 2000 al-Kindi - frequency analysis 900 1460 University of Virginia CS 551 1854

Really Brief History Last 100 years Quantum Crypto Mauborgne – one-time pad ? Linear, Really Brief History Last 100 years Quantum Crypto Mauborgne – one-time pad ? Linear, Differential Cryptanalysis Enigma adds rotors, stops repeated key Feistel block cipher, DES Turing’s loop attacks, Colossus Rejewski repeated message-key attack Cryptanalysts Mechanical ciphers - Enigma Cryptographers 1854 30 Aug 2000 1918 1939 1945 1973 University of Virginia CS 551 Public-Key

Themes 1 • Arms race between cryptographers and cryptanalysts – But, often disconnect between Themes 1 • Arms race between cryptographers and cryptanalysts – But, often disconnect between two (e. g. , Mary Queen of Scots uses monoalphabetic cipher long after known breakable) • Multi-disciplinary field – Linguists, classicists, mathematicians, computer scientists, physicists • Secrecy often means advances rediscovered and miscredited 30 Aug 2000 University of Virginia CS 551

Themes 2 • Dominated by needs of government: war is the great catalyst • Themes 2 • Dominated by needs of government: war is the great catalyst • Cryptanalysis advances led by most threatened countries: – France (1800 s), Poland (1930 s), England/US (WWII), Israel? (Today) 30 Aug 2000 University of Virginia CS 551

Security vs. Pragmatics • Trade-off between security and effort – one-time pad: perfect security, Security vs. Pragmatics • Trade-off between security and effort – one-time pad: perfect security, but requires distribution and secrecy of long key – DES: short key, fast algorithm, but breakable – quantum cryptography: perfect security, guaranteed secrecy of key, slow, requires expensive hardware • Don’t spend $10 M to protect $1 M. • Don’t protect $1 B with encryption that can be broken for $1 M. 30 Aug 2000 University of Virginia CS 551

Perfectly Secure Cipher: One-Time Pad • Mauborgne/Vernam [1917] • XOR ( ): 0 0=0 Perfectly Secure Cipher: One-Time Pad • Mauborgne/Vernam [1917] • XOR ( ): 0 0=0 1 0=1 0 1=1 1 1=0 a a=0 a 0=a a b b=a • E(P, K) = P K D(C, K) = C K = (P K) K = P 30 Aug 2000 University of Virginia CS 551

Why perfectly secure? • For any given ciphertext, all plaintexts are equally possible. Ciphertext: Why perfectly secure? • For any given ciphertext, all plaintexts are equally possible. Ciphertext: 0100111110101 Key 1: 1100000100110 Plaintext 1: 1000111010011 = “CS” Key 2: 1100010100110 Plaintext 2: 1000101010011 = “BS” • More formal proof next time 30 Aug 2000 University of Virginia CS 551

Go to the beach? • Cannot reuse K – What if receiver has C Go to the beach? • Cannot reuse K – What if receiver has C 1 = P 1 K and C 2 = P 2 K C 1 C 2 = P 1 K P 2 K = P 1 P 2 • Need to generate truly random bit sequence as long as all messages • Need to securely distribute key 30 Aug 2000 University of Virginia CS 551

Summary • Fate of humanity depends on this course. • Meaning of: plaintext, ciphertext, Summary • Fate of humanity depends on this course. • Meaning of: plaintext, ciphertext, key, encrypt, decrypt, cryptanalyze, steganography • Kinds of attacks on cryptosystems • Kerckhoff’s Principle • Monoalphabetic Cipher – How to cryptanalyze • One-Time Pad – Why its perfectly secure in theory – Why its not used often in practice 30 Aug 2000 University of Virginia CS 551