Professional Documents
Culture Documents
Technologies
Stephen Thorpe & Ajit Narayanan
Example question
Imagine that you want to encipher the plaintext I will do well in
this exam. Using Ajit as the key, show how a transposition
cipher will encipher this plaintext.
Exercise in decryption
You receive the ciphertext
etooaotutyhscnurocrsooeememh
and you have the key student and
know that a transposition cipher has
been used. What is the plain text?
key
num
Solution
key
number 4
etooaotutyhscnurocrsooeem
emh=
Come at once to your
mothers house
Stream cipher
Takes one character and replaces it with one character
Substitution cipher
The simplest type of stream cipher
Simply substitutes one letter or character for another
Symmetric Cryptographic
Algorithms
Symmetric Cryptographic
Algorithms
Block
ciphers
using
bits
p q xor
11
01
10
00
0
1
1
0
Plaintext message
converted into binary (e.g.
ASCII) and transmitted in
binary polyalphabetic
See
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
p q xor
110
011
101
000
letter:
bit
string:
b
0001
c
0010
d
0011
e
0100
f
0101
g
0110
h
0111
i
1000
j
1001
k
1010
l
1011
m
1100
n
1101
o
1110
p
1111
cipher
a
0000
b
0001
c
0010
d
0011
e
0100
f
0101
g
0110
h
0111
i
1000
j
1001
k
1010
l
1011
m
1100
n
1101
o
1110
p
1111
Symmetric Cryptographic
Algorithms
Block cipher
Manipulates an entire block of plaintext at one time
Plaintext message is divided into separate blocks of 8
to 16 bytes
And then each block is encrypted independently
Symmetric Cryptographic
Algorithms
Block cipher advantages and disadvantages
Considered more secure because the output is more
random
Cipher is reset to its original state after each block is
Processed
Results in the ciphertext being more difficult to break
13
Overview:
Cryptography can
help to keep
information secure
B
3.B: Thank you, A.
Now lets communicate
secretly
B
3. B: Thank you, A. Now
lets communicate
secretly
Summary of Lecture 1
Basic problem is: how do the sender and receiver of
secure information share the common key if they have
previously not communicated with each other?
They cannot send the key to each other in plain text,
since an attacker will then also get the key
In any case, would you give your secret key to
someone you dont know? Will it work in a team?
Hashing and
Security
Learning Objectives
You will be able to describe how a hash function
aids integrity and authentication of
information
ATM in Jungle
27
28
Hash Functions
A hash function h takes as input a message of arbitrary length
Long Message
and produces as output a message digest
of fixed length.
(binary
0 1 1 0 1 0 0 1
version of
text or code)
Hash Function h
160-Bit
Message
Digest
See http://en.wikipedia.org/wiki/Hash_function
for more on hash functions
1 1 1 0
30
3
3
Notes:
1. Same length
output always
produced
2. Changing a
small part of
input produces
a totally
different hash
sum
34
table below)
00010100000000
100111
and the key:
This
1 0 1produces
0 1 0 1 0 the
1 0 ciphertext/hash using the OR function:
1 0 1 1 1 1 1 0 1 0 1 0 1 0 1 0 1 1 1 1 (key applied twice) =
780975 in decimal
This is block cipher: message is converted into blocks of
fixed size and each block is separately encrypted with a
key (of the same size).
Working back: 1/0 0 1/0 1/0 1/0 1/0 1/0 0 1/0 0 1/0 0 1/0 0
1/0 0 1/0 1/0 1/0 1/0 One possibility: 1 0 1 1 1 1 1 0 1 0 1 0
letter: 1 0 a1 0 1 1b 1 1 (only
c
green
d
0 bits
e
aref known
g for certain)
h
bit
0000
0001 version:
0010
0011
0100
0101
0110
0111
One
plaintext
lokkp
string:
i
1000
j
1001
k
1010
l
1011
m
1100
n
1101
o
1110
p
1111
Hashing security
While using OR will create multiple possibilities of
decrypting back to plaintext, a brute force approach
may be able to extract the plaintext by working
through all possible combinations
This is because the hash is as long as the original
message
Much better is to produce a hash where there is no
indication of how long the original message is
XOR the favoured hash method for producing
fixed length hashes
2
0
Exercise 1
p
0
1
0
q
1
0
0
xor 1 1 0
1
1
0
Blocke
110001001011111
dP
01101
Key
10101
Answer:
Exercise 2
p
0
1
0
q
1
0
0
xor 1 1 0
1
1
0
Exercise 3
p
0
1
0
q
1
0
0
or 1 1 1
1
1
0
Blocke
in binary
110001001011111
dP
01101
Key
10101
Answer:
Exercise 4
p
0
1
0
q
1
0
0
or 1 1 1
1
1
0
42
Notice how
three different
keys are
required
If the plaintext
has to be
recovered from
the ciphertext,
somehow the
keys must be
shared
But if the
purpose is to
stop a brute
force attack,
the attacker
will now find it
much more
difficult to
work back from
a stolen hash
(e.g. password)
file to the
Hash
algorithms
using
binary
versions of
5 digit
numbers
Triple Data
Encryption
Standard
(3DES)
Designed to
replace DES
Uses three
rounds of
encryption
instead of
just one
43
Symmetric Cryptographic
Algorithms
Advanced Encryption Standard (AES)
Approved by the National Institute of Standards and
Technology (NIST) in late 2000 as a replacement for DES
AES performs three steps on every block (128 bits) of plaintext
Within Step 2, multiple rounds are performed depending upon
the key size
Within each round, bytes are substituted and rearranged, and
then special multiplication is performed based on the new
arrangement
44
Other Algorithms
Several other symmetric cryptographic algorithms are
also used:
45
The names Alice and Bob are two commonly used placeholder names. They are used for
archetypal characters in fields such as cryptographyThe names are used for convenience;
for example, "Alice sends a message to Bob encrypted with his public key" is easier to
follow than "Party A sends a message to Party B encrypted by Party B's public key."
Following the alphabet, the specific names have evolved into common parlance within these
fields helping technical topics to be explained in a more understandable fashion.
In cryptography and computer security, there are a number of widely used names for the
participants in discussions and presentations about various protocols. The names
are conventional, somewhat self-suggestive, sometimes humorous, and effectively act as
metasyntactic variables.
In typical implementations of these protocols, it is understood that the actions attributed to
characters such as Alice or Bob need not always be carried out by human parties directly,
but also by a trusted automated agent (such as a computer program) on their behalf.
Perhaps because Alice's and Bob's distinct genders permit the use of gender-specific
pronouns to reduce verbosity while preventing an increase in ambiguity, there has been
little tendency to introduce inanimate parties so that neuter pronouns could refer to them.
Hashing Algorithms
Hash functions in real life are complicated mathematical
functions expressed in logical terms (shift, OR, XOR, AND)
A hashing algorithm is considered secure if it has these
characteristics:
The ciphertext hash is a fixed size no matter how long the plaintext
Two different sets of data cannot produce the same hash, which
is known as a collision
It should be impossible to produce a data set that has a desired or
predefined hash
The resulting hash ciphertext cannot be reversed unambiguously
or uniquely
That is, a hash is not meant to be reversed (not really encryption as
such, but useful nevertheless)
Note that Alice and Bob must share a key to hash the
document. The MAC is therefore produced by
encrypting/hashing the document with a key to the hashing
function. This key should be known only to Alice and Bob. But
Note that the hash is itself encrypted with the same or another
key to produce an encrypted message digest. If the digest
encryption key is only known to A and B, the message is
authenticated. First key can be public but second key must be
Alices problem
Alice may want to communicate with Bob and 10 other people
with integrity and authenticity
Alice shares her secret hash key with all 11 people
If any one of the 11 persons is untrustworthy, then the hash
key is compromised
It is not practical for Alice to have 11 separate secret hash keys
If every pair of persons in the above scenario uses a separate
key, how many keys will be needed?
Formula: n * (n - 1)/2, where n=number of users
So, 11*10/2=55 separate keys
If n=50,000, then 1.5 billion keys are needed approximately
Exercise 5
Alice wants to communicate with Bob with integrity and
authenticity. Alice and Bob have not communicated
before. How does Alice communicate with integrity and
authenticity to Bob?
4
0
4
1
Creating a use-once session key between Alice and Bob using KDC
KAB can now become the shared, secret hashing key. Alice uses
KAB to hash her message and Bob uses the same key to check
the hash of her message. Integrity and authenticity are now
guaranteed.
Note that this is for shared secret keys. A different method is
KA-KDC
KDC
KA-KDCKP-KDC
KX-KDC
KY-KDC
KB-KDC KZ-KDC
KA-KDC(A,B)
Alice
knows
R1
KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)
KDC
Bob knows to
use R1 to
communicate
with Alice
Alice and Bob communicate: using R1 as session key for shared symmetric encryption
But KDC needs to store everyones private key
From
http://www.cs.northwestern.edu/~ychen/classes/cs395-w05/lectures/class5.ppt
Summary of Lecture 2
Learning objectives:
Class Exercise 2
Use the same group as yesterday and do the following:
Implement a more secure encryption technique by implementing a hashing
program.
Again there is no need for any user interface.
You should work in the same group as yesterday.
Your program should work for all ASCII characters