Cryptology

Cryptology

Cryptography: math in service of security

Cryptanalysis – breaking cryptographic systems

 Cryptology
Four principal achievements:

Confidentiality – set of rules that limits access

Integrity – consistency and accuracy of

data throughout its life-cycle

Authentication – confirms a truth claimed

by some entity

Non-repudiation – ensure that the author of a piece

of information cannot deny it
 security policies try to achieve
(remember the ‘C’ of CIA?)

Confidentiality: information should not

be disclosed to unauthorized parties

Integrity: information should not be modified in an unauthorized

manner

Availabile: system or resource shall be available for use as

intended Security mechanism
 Cryptography

Communicating in the presence of enemies – 1900 BC

a very long history Menet Khufu

The Old Kingdom is the name given to the period in the 3rd millennium BC when
Egypt attained its first continuous peak of civilization – the first of three so-called
"Kingdom" periods, which mark the high points of civilization in the lower Nile Valley
…
(It’s already in use in the Old Kingdom (and probably well before (ever heard this
notion?  the main use of language is not to confer information, but rather to
persuade))
--wikipedia

substitution
 Cryptography

~ 500bc

Spartans developed the Scytale

transposition
 Cryptography

+k
Caesar Cipher
When I was a kid, I invented this also, A->C
many of you likely did as well
B->D
C->E etc

a b c d e f g h I j k l m n o p q r s t u v w x y z

a b c d e f g h I j k l m n o p q r s t u v w x y z

Let k == 3, then the cleartext CAT becomes the ciphertext DFW

 Cryptography

These are easily broken by frequency analysis:

given “enough” ciphertext, the code breaks itself

 Cryptography
Vigenere cipher

Caesar, but instead of k ϵ Z we use k ϵ Zn

The key is now a vector instead of an integer

so let k = “SECRET” = {18, 4, 2, 17, 4, 19}

Then ATTACK:

A S Will frequency analysis work here?

TX
TV
AR
CG
 Cryptography
Vigenere cipher

Caesar, but instead of k ϵ Z we use k ϵ Zn

The key is now a vector instead of an integer

so let k = “SECRET” = {18, 4, 2, 17, 4, 19}

Will frequency analysis work here?

Then ATTACK:

A S Yes, it will
TX
TV just use every nth letter, and it is
AR the same problem… so the amount
CG of “enough” increases, but that’s it
 Playfair cipher
by Sir Charles Wheatstone in 1854, popularized
by Lord Lyon Playfair

Works with pairs of letters. It is still subject to frequency analysis, but 625 is harder than 26

We’re talking manual analysis here…

No equipment needed other than pen and paper

Important but not critical

Short lifespan, not long

no longer used in a computational setting anyway – modern computers can easily break it; still could
be useful for short-term needs, we measure strength of a crypto
algorithm in terms of time - how long does it take to break it?
 Playfair cipher
by Sir Charles Wheatstone in 1854, popularized
by Lord Lyon Playfair

WW1, WW2

PT109 - American patrol boat, under the command of Lieutenant John F. Kennedy,
Playfair message received (it is claimed) when it sank:

KXJEY UREBE ZWEHE WRYTU HEYFS

KREHE GOYFI WTTTU OLKSY CAJPO
BOTEI ZONTX BYBNT GONEY CUZWR
GDSON SXBOU YWRHE BAAHY USEDQ
 Playfair cipher

Create the key:

1. Create a 5x5 2 dimensional key block

2. Put a word/phrase in the block in an

agreed fashion, dropping repeated letters

3. Fill in the rest of the block with the missing

letters of the alphabet in an agreed (often
Typewriter-style fashion)
 Playfair cipher

Key phrase is
“playfair example”

Typewriter fashion
from the top with
repeated letters dropped

The rest of the block

is filled with the missing
letters of the alphabet

Something has to be left out

To fit in 5x5, usually ‘J’ or ‘Q’

The phrase may need to be adjusted --Wikipedia example

a bit, in the end we need 25 letters
 Playfair cipher

Working from left to right:

1. Break the plaintext into pairs of letters
2. Add an ‘X’ at the end if necessary to ensure an even # of letters
3. Add an ‘X between any pairs of repeated letters in a pair, rechunk

Hello there, would become

 HE LL OT HE RE WO UL DB EC OM EX

 HE LX LO TH ER EW OU LD BE CO ME
 Playfair cipher

Working from left to right, find each pair

in the key square and replace them with
their corresponding cipher pair
HE LX LO TH ER EW OU LD BE CO ME

DM LX LO TH ER EW OU LD BE CO ME
 Playfair cipher

The two plain text letters you look up will either be

a. in the same row - use the letters to the right

b. in the same column - use the letters below

c. neither of those - use the opposite corners

1. for a,b wrap if need be

2. for c, the cipher text letter you write down first is
the one in the same row as the first letter of plaintext
 Playfair cipher

See the example in the Wikipedia entry

for Playfair Cipher for a nice visual
 Historical Ciphers
•Atbash Cipher Historical Ciphers
•ROT13 Cipher
•Caesar Cipher
•Affine Cipher
•Rail-fence Cipher
•Baconian Cipher
•Polybius Square Cipher •Running Key Cipher
•Simple Substitution Cipher •Vigenère and Gronsfeld Cipher
•Codes and Nomenclators Cipher •Homophonic Substitution Cipher
•Columnar Transposition Cipher •Four-Square Cipher
•Autokey Cipher •Hill Cipher
•Beaufort Cipher •Playfair Cipher
•Porta Cipher •ADFGVX Cipher
•ADFGX Cipher
•Bifid Cipher
•Straddle Checkerboard Cipher
•Trifid Cipher
•Base64 Cipher
•Fractionated Morse Cipher
 Cryptography

There are two main techniques used in cryptoogy

(it started like this

… and it’s still like this)

Transposition
(see the Jumble puzzle)

Substitution
(see the cryptoquote puzzle)
Cryptography

Claude said a crypto

system must have:

Confusion
Hide the relationship between
the key and the ciphertext

Diffusion
Change 1 bit in of plaintext,
½ the cipher text should change
 Cryptography

Transposition – provides diffusion

Substitution - provides confusion

 Cryptography

Transposition

Jumble
 Cryptography

what would a key look like?

Transposition
 Cryptography

Cab I n
52 14 3
now is the time
k = 52143 now i s the time
ion w e sht et mi
 Cryptography

Substitution

cryptoquote
 Cryptography

what would a key look like?

Substitution

cryptoquote
Caesar cipher
also called shift cipher

E(x) = (x + k) % 26

D(y) = (y – k) % 26
 Cryptography

How would you break the substitution cipher?

Brute-force
how does this work, and
how hard (big) is it?
 Cryptography

The “system” is much larger than

user <-> network <-> process

It involves many components, including social ones

Hence  many attack vectors

(more trying all possible keys)
 Uses of cryptography

Secure communications
https, 802.11, WPA, GSM, Bluetooth

Encrypting files on disk

Content protection
DVD Blu-ray, CSS

User Authentication
 Some uses of cryptography
PGP
GPG
TruCrypt
Secure shell
Video plug-ins
Email clients
Cell phone
HDCP – multimedia
Bank card
VPN
ePassport
On-line banking
 Cryptography

Cryptography is a very useful tool, but it is:

Not a general solution to security

Not useful without correct implementation and usage

 Cryptography

Encrypted data in communication, me talking to someone else

m = plaintext message k = secret key Alice & Bob are talking

c = ciphertext E,D = cipher Eve is always listening

Alice
Bob

m E(k,m) = c c D(k,c) = m
E D

k k

Eve
 Cryptography

Encrypted file in storage, me talking to me

rick File 1 rick

Like communication, me talking to me

 Cryptography

The Encryption algorithm is publically known

everybody knows exactly how it works
(and Eve always hears everything)

Don’t roll-your-own – the public ones have

gone through extensive peer review by the
“right” people

ꓱ many examples of broken bespoke crypto systems

 Cryptography

Kerckhoff’s Principle (1880’s)

A crypto-system should be secure even if the

attacker knows all the details about the
system, with the exception of the key

Maybe counterintuitive, but correct

 Cryptography

Single use key (one-time key)

key is only used to encrypt one message

Multi use key (many time keys)

key encrypts multiple messages

(like files on disk)
 Cryptography

Symmetric block

vs

Asymmetric stream
 A chunk of bits at a time
Symmetric block (usually fixed size)
Ke == Kd

vs

Ke != Kd One bit at a time

Asymmetric stream (cell phone)
 Cryptography

The security of the structure is based on

mathematics and complexity theory

The implementation of the structure in software/hardware

(SSL, Browser) which should not diverge from the theory
but must still be fast and usable

Practical attacks on theoretically secure systems often

arise due to the intersection of these
 Cryptology

cryptanalysis

cryptography

Symmetric Asymmetric Protocols

alg alg
Checkpoint,

are all these comfortable?

1. cryptology, cryptography, cryptanalysis

2. Caesar, viginere, playfair ciphers
3. Substitution, transposition
4. Jumble and Cryptoquote puzzles
5. Cleartext, cyphertext
6. Claude Shannon
7. Confusion diffusion
8. Key, key space
9. Exhaustive key space search, frequency analysis
10. Kerckoff’s principal
11. Symmetric vs asymmetric
12. Block vs stream