computer and network security

1
computer and network security

• matt barrie
• ltmattb_at_alumni.stanford.orggt

2
cryptography

• Cryptography is the study of mathematical
  techniques related to the design of cyphers.
• It is one example of many mechanisms that make up
  security
• Cryptography
• Signature / Pattern Matching
• Access Control
• Statistical Profiling
• Traffic Security
• Countermeasures
• Software Security
• Operating System Security
• Tamper Resistance

3
cryptography

• The fundamental application of cryptography is in
  facilitating secure communications over an
  insecure channel.
• How can Alice send a message to Bob over an
  insecure channel with Eve listening in?
• Eve is an active attacker and may tap, insert or
  modify messages in transit.
• How does one use cryptography to provide security
  such as
• Authentication ?
• Confidentiality ?
• Integrity ?
• Non-repudiation ?

Alice
Bob
Eve
4
symmetric cyphers

• The traditional way of achieving this is through
  private key encryption.
• This is also known as symmetric encryption as the
  key used to encrypt and decrypt messages is the
  same.
• A symmetric cypher is one defined by the rule
• Dk(Ek(m)) m

Encryption
Decryption
Original Message m
C Ek(m)
E
Message m
D
Secret Key k
Secret Key k
5
communication with symmetric cyphers

• Alice and Bob share an encryption algorithm Ek, a
  decryption algorithm Dk, and a secret key, k.
• Alice wants to send Bob a message, m.
• The unencrypted message m is known as either the
  plaintext or the cleartext.
• Alice encrypts m by computing the cyphertext c
  Ek(m) and sends it to Bob.
• Bob decrypts c by computing Dk(c) m to retrieve
  the original plaintext message m.

6
symmetric cryptosystem

• It is computationally hard to decrypt c without
  the secret key, k.
• The secret key k is usually a large number ( 64
  bits).
• The range of possible values of k is called the
  keyspace K
• For 64 bit keys the keyspace would be (0 .. 264)
• The range of possible messages is the message
  space M.

c Ek(m)
Alice
Bob
Eve
Secret Key k
Secret Key k
Doesnt know k Cant decrypt!
7
types of symmetric cyphers

• Stream cyphers operating on a single bit (or
  byte) at a time.
• Block cyphers operating on blocks (numbers of
  bits) of plaintext at a time.

Plaintext
Cyphertext
Original Plaintext
E
D
key
key
8
cryptanalysis

• We always assume that attackers have
• complete access to the communications channel
• complete knowledge about the cryptosystem
• Secrecy must exist completely within the key
• There are five major attack models
• Cyphertext-only attack (COA)
• Attacker only has access to the cyphertext
• Given c1 Ek(m1), c2 Ek(m2), , cn
  En(mn)
• Find any of m1, m2, mn, k, or
• an algorithm to infer mn1 from cn1

9
cryptanalysis - attack models

• Known-plaintext attack (KPA)
• Attacker intercepts a random plaintext /
  cyphertext pair
• Given m1, c1 Ek(m1), , cn En(mn)
• Find any of Either k or
• an algorithm to infer mn1 from cn1
• Chosen-plaintext attack (CPA)
• Attacker chooses a message, m1, and gets the
  cyphertext.
• Stronger than KPA (some cyphers resistant to KPA
  are not resistant to CPA)
• Given m1, c1 Ek(m1), , cn En(mn) where
  attacker chooses m1
• Find any of Either k or
• an algorithm to infer mn1 from cn1

10
cryptanalysis - attack models

• Chosen-cyphertext attack (CCA)
• Attacker specifies a cyphertext, C, and gets the
  plaintext.
• Given c1, m1 Dk(c1), , mn Dn(cn) where
  attacker choses p1
• Find any of k
• Rubber-hose attack (RHA)
• The cryptanalyst breaks knuckles, blackmails,
  threatens or tortures someone until they cough up
  the key.
• Sometimes known as a purchase-key attack.
• Extremely powerful.
• Usually the easiest way to break a cryptosystem.

11
attack examples

• Known-plaintext attack
• An attacker knowing that source code is being
  encrypted
• (the first bytes most likely to be include)
• Famous break of the Japanese PURPLE cypher in
  WWII
• A complex cypher used to protect high level
  communications
• The allies had already broken several of the
  Japanese diplomatic cyphers
• PURPLE was used to protect communications, but
  the Japanese could only afford to build and
  deploy 12 cypher machines
• They sent these to the twelve most important
  embassies
• Some messages needed to be broadcast to all
  embassies
• So some messages had to be sent using old cyphers
  the US had already broken!
• Chosen-plaintext attack
• Feed intelligence to an ambassador with goal that
  it is encrypted and sent home

12
classes of break

• Worst to least severe
• Total break
• Attacker finds secret key k and hence can compute
  all Dk(c)
• Global deduction
• Attacker finds alternate algorithm A equivalent
  to all Dk(c), without finding k
• Local deduction (or instance deduction)
• Attacker finds the plaintext of one intercepted
  cyphertext
• Information deduction
• Attacker gains some information about the key or
  plaintext, e.g. a few bits or the meaning of a
  message.

13
attack metrics

• An algorithm is unconditionally secure, if no
  matter how much cyphertext an attacker has, there
  is not enough information to deduce the
  plaintext.
• Information security is a resource game attacks
  are measured in terms of
• Data requirements
• how much data is necessary to succeed?
• Processing requirements (or work factor)
• how much time is needed to perform the attack?
• Memory requirements
• how much storage space is required?
• Computational cost
• Dollar-seconds

14
substitution cyphers

• Substitution cyphers are the oldest form of
  cypher
• The secret key consists of a table which maps
  letter substitutions between plaintext and
  cyphertext.
• Most famous is the Caesar cypher where each
  letter is shifted by 3 (modulo 26)
• abcdefghijklmnopqrstuvwxyz
• DEFGHIJKLMNOPQRSTUVWXYZABC
• A becomes D
• B becomes E
• Similar to this is ROT13 which shifts the
  plaintext 13 places, so encrypting twice results
  in the plaintext
• ROT13(ROT13(m)) m

15
substitution cyphers

• There are 26! (factorial) possible keys (4 x
  1026 - large!)
• Monoalphabetic (single character) substitution
  cypher
• Substitution cyphers are easy to break using
  frequency analysis of the letters (a
  cyphertext-only attack)
• single letters
• digraphs (groups of two letters)
• trigraphs (three letters)

abcdefghijklmnopqrstuvwxyz key XNYAHPOGZQWBTSFL
RCVMUEKJDI plaintext THISCOURSEROCKSTHEBLOCK cyp
hertext MGZVYFUCVHCFYWVMGHNBFYW
16
substitution cyphers

• Substitution cyphers are easy to break using
  frequency analysis of the letters (a
  cyphertext-only attack)

Letter count Letter Count English
Dictionary Cyphertext a 18924 n 17432 a
? n b 3311 o 17520 b o c 7852 p 5150
c p d 9491 q 179 d q e 30625 r 15399
e r f 5176 s 16485 f s g 4480 t 20900
g t h 11092 u 5815 h u i 17080 v 2613
i v j 255 w 3899 j w k 1193 x 512
k x l 9990 y 3642 l y m 6152 z 188 m z
17
permutation cyphers

• Otherwise known as a transposition cypher
• The secret key is a random permutation, p
• Given a message m m1m2m3 ... mn
• One can compute its encryption by
• Ep(m) mp(1) mp(2) mp(n)
• Suppose p 1 2 3 4 5 6
• 4 3 1 5 2 6
• Then Ep(crypto) PYCTRO

18
vignere cypher

• Originates in Rome in the sixteenth century
• A vignere cypher is a polyalphabetic substitution
  cypher (made up of multiple monoalphabetic
  substitution cyphers)
• The secret key is a word. Encryption is performed
  by adding the key modulo 26 in blocks
• plaintext launchmissilesatlosangeles
• key cryptocryptocryptocryptocr
• cyphertext ostdwwparicahkzjfdvsmwyahk
• Note that punctuation and white space is removed
  (this would make the code easy to break)

19
breaking vignere cyphers

• The index of coincidence is a statistical measure
  of text is useful in distinguishing simple
  substitution ciphers from vignere cyphers.
• To determine the index of coincidence of a piece
  of text, take the text and shift it by some
  random number of places and write the shifted and
  unshifted texts next to each other.
• althoughthecipherisinscrutableandoftenunforgeablet
  oanyonewithoutthis
• oftenunforgeabletoanyonewithoutthisalthoughtheciph
  erisinscrutableand
• x x x
  x
• The rate coincidences occur is the index of
  coincidence.
• We have 4 coincidences for 68 characters (IOC
  6)

20
breaking vignere cyphers

• Using the standard frequencies with which
  individual letters appear in English text, the
  probability that a coincidence will occur is ?p
  0.0667.
• If the text is random, and the different letters
  are chosen with equal probability, the
  probability of a coincidence is much smaller (?r
  0.0385).
• The most important property of the index of
  coincidence is that it is the same for text
  encrypted with a simple substitution cipher as
  for plain text.
• Language ?p
• French 0.0778
• German 0.0762
• English 0.0667
• Russian 0.0529
• Random 0.0385

21
example breaking vignere cyphers

• Cyphertext
• TPCTY LVEOO GBVRC BTWXS IHDKD QIRVQ QUKWL TMNQO
  EKMLP AURKL VHIUX YJRNV
• QWJEK UEQVD IXPLU RKLVT QSLKI LWAZI JWXPL QRKIO
  PWFME XLLCP KDIKV EUXYX
• EAAQV MEKVN AVZRQ JGEMX LQUPM PCRLO IZPZZ FPONI
  AYPVQ RMVHC QZFLV IKGUK
• LRXER MDWVG RVMPQ PWLWT TIYEQ JAYMK XBPUK PZJBF
  WIRKS QJMSV FYKFP QLRXE
• OIPID IQQLI ICPFP LMVBR BUAMW KLLUM FLRXE CDQFV
  IKNWZ KUIXF BTIII CQZQM
• JQVUX UVZXL XMDAY IIOMP AZXEK VYIDC EGIDX NMQJQ
  ZQVMP FMESC EQGQD IDIJD
• MDXYI ACGES WSIFQ YIUMQ CBQSE EINBT CNSOM AUQLW
  BQVFL VALTS AJKLV JIZHJ
• MPVZQ XTLCQ ZFLDC ECVPW LRQQB TIVQV UWGPK LFTAF
  IKLXH BQVKL BGIEE KLFTA
• FCCEK FAQPR LEGID QVWMG MPMCC LNWDH DCPRQ DMKJX
  KTQXY LFFMZ SKXEA NMGVJ
• OQUYI CIPVQ NICMH GCZXF XEGUF LRXDQ LAAEM KVWFL
  VTFVK MYJIJ GBALV EOVPK
• PFZFP OWMEH KGAEM EXEGU AVEMK INAVZ RQJMQ HFMQT
  CEXTE RUMYI KSHPW IXYIT
• CGILV VBKVU WYSRN LIECO CQZUP ZJQWX YCJSR NCZXF
  XEGMP ICMSG ZYIFP LTLRV
• FQJKV QIEIJ KMEMW PBGCZ XFXEG MFSYM AGUQX VEZJU
  QXFHL VPKAZ PIHWD XYSRC
• ZFQPK LFBTC JTFTQ FMJKL QLXIR HJGQZ XFXEG TMRUS
  CWXDM XLQPM EWHYF ESQRD
• ILNWD HWSOV PKRRQ BUAMO VJLTB TCIMD JBQSL WKGAE
  WROBD ZURXQ VUWGP FYQQN
• FVFYY NMMRU SCVPK QVVZA KGXFJ COQZI VRBOQ QWRRA
  FMEXI SVCTX XYIJV PMXRJ
• CNQOX DCPQC XJFVF CUFLP WBTDM RK

22
breaking vignere cyphers

• Once the key length N is known, we attack the N
  subtexts of the message independently by
  frequency analysis.
• If the message is a true vignere cipher, this is
  extremely easy, since each column of the vignere
  tableau is just a rotation of the usual alphabet,
  and once we get one letter correct, we know them
  all.
• Note the index of coincidence varies by language.

23
rotor machines

• Rotor machines are mechanical devices that rotate
  varying sized disks in different ratios using
  gears.
• Popular during WWII e.g. German ENIGMA.
• Enigma used 3 or 4 replaceable rotors. On each
  rotor was arranged the alphabet in random order.
  The "key is the choice and initial positions of
  the rotors.

24
rotor machines

• Suppose you wished to encrypt B. After pressing
  B" the first rotor would select a permutation
  for B say C. The second rotor would match C
  with its own permutation, say G, the third G
  to H etc.
• After determining B to represent C the first
  rotor would be advanced a notch, so that if B
  were to be typed again, a different encryption
  would result (here G). Similarly for rotor 2,
  after a full rotation of rotor 1 in this manner,
  etc.
• 263 possible permutations for each letter.

25
xor

• XOR (addition modulo 2) is commonly used to
  provide security in software programs (although
  extremely weak!).
• The message m is xord with a secret key
• c m ? k
• m c ? k
• XOR is a Vignere cypher and trivial to break
• Determine the key length N from index of
  coincidence
• Shift cyphertext by N and XOR with itself
• This removes the key (c ? c m ? k ? m ? k m
  ? m)
• Results in message XORd with a shifted version of
  itself
• Language is extremely redundant (English 1.3
  bits / byte)
• Easy to then decrypt

26
one time pad

• A one time pad is where we use a different
  substitution cypher for each letter of the
  plaintext.
• Encryption is xor (for bits) or addition
  modulo-26.
• Provided the secret key is truly random, the
  plaintext does not repeat and the pad is never
  used again, a one time pad is perfectly secure.
• Failure in any these requirements results in no
  security.
• Strength comes from the fact that a truly random
  key added to plaintext results in truly random
  cyphertext.
• No amount of computing power can break a OTP.
• Problems key distribution, key destruction,
  synchronisation.
• Used for ultra-secure low bandwidth
  communications.

27
perfect secrecy

• Goal of cryptography is that cyphertext tells
  absolutely nothing about the plaintext.
• A cypher has perfect secrecy if For all m ? M, c
  ? C the plaintext and cyphertext are
  statistically independent
• Pr m1 m2 c1 c2 Pr m1 m2
• Assuming each transmitted message is equally
  likely, the probability that the transmitted
  message is m is
• Pr m1 m2 M-1
• Now the probability that the transmitted message
  is m given that the observed cyphertext is c is
  
• Pr m1 m k Ek(m) c, k ? K
• 
  K

28
perfect secrecy of OTP

• The key space must be at least as large as the
  set of plaintexts
• i.e. K M
• For M C 0,1n
• Any cypher with perfect secrecy satisfies K
  2n
• The one time pad has perfect secrecy since
• M C K 0,1n
• Thus Pr m1 m2 1 / 2n
• Pr m1 m2 c1 c2 1 / 2n
• Note we require k ? K to be as long as the
  message
• The paradox we have to securely communicate a
  key as long as the message a priori.

29
attacks on the OTP

• A two-time pad has perfect insecurity!
• If c1 m1 ? k and c2 m2 ? k
• then c1 ? c2 m1 ? m2
• The OTP is highly malleable.
• An attacker can easily create a new cyphertext
  with a known relationship to the plaintext
  without decryption.
• Stream cyphers suffer from the same problem.

30
example OTP voting scheme

• Suppose plaintext is a one bit vote v ? 0,1
• Where v 0 is a vote for labour, v 1 is a vote
  for liberal
• Alice encrypts her vote using a OTP and sends to
  Bob
• c b ? k (k ? 0,1 randomly chosen)
• Eve intercepts the cyphertext and sends with bits
  flipped
• c c ? 1
• Bob receives c and decrypts vote
• c ? k
• c ? 1 ? k
• b ? k ? 1 ? k
• !b (the vote is reversed!)

31
references

• Handbook of Applied Cryptography
• 1.4 - 1.5
• 7.1 - 7.3
• Stallings
• 2