Privacy
Preventing third party from snooping. Authentication Authentication
deals with determining whom you are talking to before revealing sensitive
information. Preventing
impostering. Encryption Encryption
is the process of transforming the data so that the original meaning remains
confidential. Often the
unprocessed data is called clear/plain
text, and the processed data is called cipher text. Decryption
Is the process of retrieving the original message from
encrypted form. This process converts cipher to text to plain
text. Key
Is a word,
number or phrase that is used to encrypt the plain text/decrypt the cipher
text. Crypt analysis Is the
science of breaking codes and ciphers.
Kinds of Authentication
1. Guarantee that no third party has modified the data.
2. Receiver can prove that only sender originate the
data
Digital signature
eg; for electronic transaction
Cryptographic privacy and authentication
Encrypt before sending and decrypt
after receiving
Two components: key and the algorithm
should the algorithm be secret?
yes for military systems
no for commercial systems
Key distribution must be secure
Can also be used for authentication
Crypt analysis
Crypt analysis: Attacker tries
to break the system
Eg:
By guessing the plain text for given cipher text or
by guessing the cipher text for some plain
text
Possible
attacks
1. Cipher text only attack
Analyst has cipher-text of several
messages all encrypted using same encrypted algorithm and key
2. Known plain text attack
Analyst cipher-text and plain text
Tries to deduce the keys
3. Chosen plain text attack
Has all plain text attack and also
can chose particular plain text to be encrypted
4. Chosen text attack
Special case of chosen plain text
attack
Can modify the choice of plain text
to be encrypted based on the previous results
Tries to deduce the keys
Methods
statistical
distribution of rows
structural
aspects of plaintext
Security Guarantees
Two possibilities
Unconditional
Security
Security that does not depend on an assumption that the attacker has limited
computing power
an example:
One time tape
Key has the
same length as the plain text
Key material
is used only once
The more you
communicate, the more key material you need
Plain text
P
=
01101010
Key
K =
11001100
Cipher text
C = P xor
K = 10100110
Decryption
D =
C xor K= 01101010
Computational
Security
Computational
security is based on the amount of computational work required to break
a system by the best currently known
methods. Computational
security is likely to decrease with the development of new cryptanalytic
techniques.
examples:
Public key algorithms: RSA, Diffie-Hellman
Private key algorithms: DES, IDEA and RES
Most systems have computational
security
How much security
to have?
Depends on
cost-benefit analysis for attacker
Public Key systems
Shared key
Difficulty
in key distribution
c(n,2)=O(n^2)
keys
Public key/Asymetric key systems
Cryptography in which asymmetric key algorithms
are used for encryption. In these algorithms, one key is used to encrypt
a message and
another is used to decrypt it. The key used to decrypt
must be kept secret ('private') and cannot be derived from the public key.
Public component
and a private component
Two kinds
Public key distribution: establish shared key first
Public key cryptography: uses public/private keys for
encryption/decryption
Public key
cryptography can also be used for digital signatures
Public key systems
RSA: based on the difficuty of factoring
Galois Filed(GF) systems: based on the difficulty to
find the logarithm
Based on Knapsack problem
Some Example Systems
Permuted alphabet (common puzzle)
Can be attacked using frequency analysis, patterns, digrams
and trigrams
Attack becomes difficult if alphabet size is large
Transposition
Poly-alphabetic periodic or running
key
Code versus ciphering
Codes are stronger and also achieve data compression
Taxonamy of Ciphers
Stream cihers: encrypt/decrypt
one symbol at a time
Block ciphers: divide plain text
into blocks and encrypt/decrypt each block independently
Disadvantage of block ciphers
Identical blocks of plain text generate identical blocks of cipher text
Attacker can "cut&paste" cipher text and obtain readable(edited) plain
text
Properties required
No bit of plain text should be appear directly in the
cipher text
Changing even one bit in the plain text should result
in huge(50%) change in cipher text
Exact opposite properties are required for systematic
error correction codes
Key management
Keys need to be generated periodically
New users
Some keys may be compromised
Addressing O(n^2) problem with
key distribution
Link encryption
Key Distribution centre(KDC): all eggs in one basket
Multiple KDC's: better security
Some non crypto attacks
[Wo]man-in-the-middle attack:
play a trick by being in the middle
The cryptanalyst/attacker places him or herself in the
communication channel between two parties who wish to exchange their keys
for
secure communication (via asymmetric or public key infrastructure
cryptography). The cryptanalyst/attacker then performs a key
exchange with each
party, with the original parties believing they are exchanging keys with
each other. The two parties then end up using
keys that are known
to the cryptanalyst/attacker. This type of attack can be defeated by the
use of a hash function
Traffic analysis
Can learn information by just looking presense or absense
of traffic, or its volume
Eg: Bank transactions
can be analysed by detecting the traffic
Can be counted using data padding
Playback or reply attacks
To counter: Need to verify timeliness from sender
while authenticating
Beware of issues of time synchronization
Error Control and Cryptography
Internal Error
control
Error control is internal to encryption(before encryption)
Error Control----------->Encryption----------->Decryption----------->Error
Control
Bad(infeasible) for error correction
can provide automatic authentication
External Error
Control
Erro control is external to encryption(after encryption)
Encryption----------->Error Control----------->Error Control----------->Decryption
required for error control