Lecture 2 ~Basic Cryptography~

Assalamualaikum w.b.t...

Lecture 2 nie kiteorg blajor pasal basic cryptography... ermm... semangak giler msk kelas time nie... macam best la pulakk network security nie.. ermm.. macam la tp.... lecture kali nie antare topic2 nyer:-
~Cryptography Concept
~Cryptography Algorithms
~Monoalpahbetic
~Polyalphabetic
~Transposition

Cryptography Concept
~The idea of a cipher system is to disguise information in such a way that its meaning is unintelligible to an unauthorized person.
~The two most common uses are, probably, to store data securely in a computer file or to transmit it across an insecure channel such as the internet.
~Encrypted document does not prevent unauthorized people gaining access to it but, rather, ensures that they cannot understand what they see.

The Art of secret writing





The Earliest Information Security Tool


Mechanical crypto machine in World War II

~The Enigma machine.
~During its height, it was thought to be invincible.
~It was believed to be un-crackable.

Cryptography Terminology
~plaintext - original message
~ciphertext - coded message
~cipher - algorithm for transforming plaintext to ciphertext
~key - info used in cipher known only to sender/receiver
~encipher (encrypt) - converting plaintext to ciphertext
~decipher (decrypt) - recovering ciphertext from plaintext
~cryptography - study of encryption principles/methods
~cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key
~cryptology - field of both cryptography and cryptanalysis

Cryptography Algorithms
~Classified along three independent dimensions:
>The number of keys used
*symmetric (single key, or private-key encryption)
*asymmetric (two-keys, or public-key encryption)
>The type of operations used for transforming plaintext to ciphertext
*Substitution/Transposition/Product
>The way in which the plaintext is processed
*Block/Stream

Cryptanalysis
~objective to recover key not just message
~general approaches:
*cryptanalytic attack
*brute-force attack

Cryptanalytic Attacks
~ciphertext only
*only know algorithm & ciphertext, is statistical, know or can identify plaintext
~known plaintext
*know/suspect plaintext & ciphertext
~chosen plaintext
*select plaintext and obtain ciphertext
~chosen ciphertext
*select ciphertext and obtain plaintext
~chosen text
*select plaintext or ciphertext to en/decrypt

More Definitions
unconditional security
~no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
computational security
~given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken

Brute Force Search
~always possible to simply try every key
~most basic attack, proportional to key size
~assume either know / recognise plaintext


Cryptography Algorithms


Symmetric vs. Asymmetric
~If the system is symmetric, then there may be a need to distribute a secret key value before secret messages can be exchanged.
*One of the most difficult aspects of obtaining a secure system.
~If the system is asymmetric, then it may be possible to avoid this particular problem by distributing only the encryption keys, which do not need to be secret.
*However it is then replaced by the problem of guaranteeing the authenticity of each participant’s encryption key.


Symmetric Cryptography Principles


Symmetric Cryptography Requirements
~two requirements for secure use of symmetric encryption:
*a strong encryption algorithm
*a secret key known only to sender / receiver
~mathematically have:
C = EK(P)
P = DK(C)
~assume encryption algorithm is known
~implies a secure channel to distribute key


Public-Key Cryptography (Asymmetric) Principles
~The use of two keys has consequences in: key distribution, confidentiality and authentication.
~The scheme has six ingredients
*Plaintext
*Encryption algorithm
*Public key
*Private key
*Ciphertext
*Decryption algorithm

Encryption using Asymmetric Cryptography


Methods use in Cryptography Algorithm
Substitution
~monoalphabetic substitution
*Formed by shifting the letters of the original alphabet
~polyalphabetic substitution
*Extension of monoalphabetic substitution system
*Using Vigenere Tableau
Transposition
~unkeyed transposition
*Rearrange letters by using matrix
~keyed transposition
*Rearrange letters by using matrix where the size of matrix is determined by the
length of the key used.


Caesar Ciphers
~One of the earliest substitution cipher described by Julius Caesar in the Gallic Wars.
~In this cipher each of the letters A to W is encrypted by being represented by the letter that occurs three places after it in the alphabet.
~Although Caesar used a ‘shift’ of 3, a similar effect could have been achieve using any number from 1 to 25.
*In fact any shift is now commonly regarded as defining a Caesar Cipher.
~The encryption key and decryption key are both determined by a shift but the encryption and decryption rules are different.
~We could have changed the formulation slightly to make the two rules coincide and have different encryption and decryption keys.
*A shift of 26 has the same effect as a shift of 0 and, for any shift from 0 to 25,encryption with that shift is the same as decryption with the new shift obtained by subtracting the original shift from 26.
*E.g: encryption with shift 8 is the same as decryption with shift 26 - 8 =18.


Mathematically present as
~mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

~then have Caesar cipher as:
c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)


Caesar Cipher Exhaustive Key Search: cryptogram XMZVH



Cryptanalysis of Caesar Cipher
~only have 26 possible ciphers
*A maps to A,B,..Z
~could simply try each in turn
~a brute force search
~given ciphertext, just try all shifts of letters
~do need to recognize when have plaintext
~eg. break ciphertext "GCUA VQ DTGCM"

How to make it more secure
~rather than just shifting the alphabet
~could shuffle (jumble) the letters arbitrarily
~each plaintext letter maps to a different random ciphertext letter
~hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA


Simple Substitution Ciphers (Random)
A B C D E F G H I J K L M
D I Q M T B Z S Y K V O F

N O P Q R S T U V W X Y Z
E R J A U W P X H L C N G

~For a Simple Substitution Ciphers (or monoalphabetic ciphers), we write the alphabet in a randomly chosen order underneath the alphabet written in strict alphabetical order.
~The encryption and decryption keys are equal.
~The encryption rule is ‘replace each letter by the one beneath it’ while the decryption rule is the opposite procedure
~The number of keys for a Simple Substitution Cipher is equal to the number of ways in which the 26 letters of the alphabet can be arranged.
*It is called 26 factorial and is denoted by 26! It is 26 x 25 x 24 x … x 3 x 2 x 1 which equals 403,291,461,126,605,635,584,000,000 keys.
~Although having a large number of keys is a necessary requirement for cryptography security, however having a large number of keys is certainly no guarantee that the cipher system is strong.


Examples - Simple Substitution Ciphers
~In the following examples we assume that the cryptograms given have been intercepted by someone who knows that the message is in English and that a Simple Substitution Cipher was used:
Example 1: G WR W RWL
Example 2: HKC
Example 3: HATTPT
Example 4: HATTPT (Given that the message is the name of a country)

But is it Secure Enough
~now have a total of 26! = 4 x 1026 keys
~with so many keys, might think is secure
~but would be !!!WRONG!!!
~problem is language characteristics

Language Redundancy and Cryptanalysis
~human languages are redundant
~eg "th lrd s m shphrd shll nt wnt"
~letters are not equally commonly used
~in English E is by far the most common letter
*followed by T,R,N,I,O,A,S
~other letters like Z,J,K,Q,X are fairly rare
~have tables of single, double & triple letter frequencies for various languages


Use in Cryptanalysis
~key concept - monoalphabetic substitution ciphers do not change relative letter frequencies
~discovered by Arabian scientists in 9th century
~calculate letter frequencies for ciphertext
~compare counts/plots against known values
~if caesar cipher look for common peaks/troughs
*peaks at: A-E-I triple, NO pair, RST triple
*troughs at: JK, X-Z
~for monoalphabetic must identify each letter
*tables of common double/triple letters help

Example Cryptanalysis
~given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
~count relative letter frequencies (see text)
~guess P & Z are e and t
~guess ZW is th and hence ZWP is the
~proceeding with trial and error finally get:
it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow


Vigenère Ciphers
~The Vigenère Cipher (the best known of the manual polyalphabetic cipher) uses a Vigenère Square to perform encryption.
~The left-hand (key) column of this square contains the English alphabet and for each letter, the row determined by that letter contains a rotation of the alphabet with that letter as the leading character.
*So each letter in the left-hand column gives a Caesar Cipher whose shift is determined by that letter.
*Example: the letter g gives the Caesar Cipher with shift 6.


Transposition
~Letter is rearranged
~Letter are retain but moved from its position
~Two type
*Unkeyed single transposition
*Keyed single transposition

Example: Unkeyed Single Transposition
~Encrypt the plaintext : “there is no security on this earth there is only opportunity” into a matrix of 10 (vertical) by 5 (horizontal).
~Get the ciphertext horizontally, using 5- letter words.


Example: Keyed Single Transposition
With the key “86423175”, encrypt the plaintext “ignorance is the mother of admiration” using keyed single transposition into 4 by 8 matrix. Use “x” to pad out columns.

huhhh.. fenin2 blajor cipher nie... uhuksss... tunggu ajer lecture seterusnyer nnt.. aku raser musti lg fenin + tensen... adesss....

alhamdulillahh....

"God makes a promise. Faith believes it. Hope anticipates it. Patience quietly awaits it.."