1 Cryptanalysis Concept and Practice 9/5/2017 CNIT370, Fall 20172 Form 8 Groups: 1. Bring your individual answers to this question into your groups. 2...

Author:
Kenneth Sherman

1 downloads 63 Views 1016KB Size

9/5/2017

CNIT370, Fall 2017

Form 8 Groups: 1. Bring your individual answers to this question into your groups. 2. Discuss what you believe the Japanese and Soviets could have done differently to reduce the probability that their cryptosystems would have been broken. 3. Form one, combined written list based on your discussions We will add your groupβs contribution to the whiteboard 9/5/2017

CNIT370, Fall 2017

2

Cryptosystems that exhibit βPerfect Secrecyβ β’ In fancy math terms: The conditional probability of the plaintext message after the ciphertext is known is the same as the conditional probability of the plaintext message before the ciphertext is known. Pr [πΆ = π π = π = Pr[πΆ = π] β’ More Simply: The ciphertext reveals nothing about the plaintext message other than its length. β’ To prove this, we would show that, for every ciphertext and plaintext of the same length, there is a key which enciphers the given plaintext into the given ciphertext.

9/5/2017

CNIT370, Fall 2017

3

Cryptosystems that follow βKerchoffsβs Principleβ β’ Have no secret components except for the key. β’ This concept is also often attributed to Claude Shannon, who phrased it as, βThe enemy knows the system.β β’ You are also familiar with its opposite axiom: βSecurity Through Obscurityβ.

9/5/2017

CNIT370, Fall 2017

4

Classical Ciphers are of two forms: substitution and transposition. β’ Substitution ciphers substitute letters of the plaintext message with other letters to produce the ciphertext message. β examples: Caesar, Vigenere β’ Transposition ciphers move the plaintext letters around in a pattern to produce the ciphertext message. β examples: writing the message backward. Modern ciphers use other methods to encrypt messages, but those methods sometimes combine multiple substitutions and transpositions as part of the algorithm. β example: DES 9/5/2017

CNIT370, Fall 2017

5

β¦by percentage

Simple Substitution Ciphers can be broken using frequency analysis and trial and error. In frequency analysis, the cryptanalyst compares the frequency of occurrences of the letters in the ciphertext and compares them to the frequency of use in the native language of the text (in this case, English). Frequency analysis is also used to distinguish between substitution ciphers from transposition.

9/5/2017

CNIT370, Fall 2017

6

Attempt to decipher the following ciphertext created using a simple cipher. You have 5 minutes.

β¦by percentage

AOLWYLZPKLUAVMAOLBUPALKZAHALZ THE EA E T THE TE E

9/5/2017

CNIT370, Fall 2017

7

Ciphertext: AOLWYLZPKLUAVMAOLBUPALKZAHALZ β’ Frequency Analysis of ciphertext letters: β 6 of 29 As : 6 of 29 Ls are the two most frequent ciphertext letters. β From the chart, ciphertext As or Ls should be either plaintext Es or Ts β The ciphertext letters βAOLβ appear to be a common βtrigramβ β’ Trail and Error (Educated Guesses): β The ciphertext A could be plaintext E, but because plaintext T is so common and because it is the first letter of the most common trigram, we guess that the ciphertext AOL is the plaintext word THE. β’ Apply the deciphering algorithm β If we shift plaintext T by 7, we get A. Plaintext H shifted by 7 is Oβ¦ β β¦applying to all ciphertext letters, we get Plaintext: THE PRESIDENT OF THE UNITED STATES 9/5/2017

CNIT370, Fall 2017

8

β¦by percentage

Ciphertext: AOLWYLZPKLUAVMAOLBUPALKZAHALZ Comparison β’ A: 6/29 = 20.69 ; L: 6/29 = 20.69 β’ Z: 3/29 = 10.34 β’ P, O, K, U : 2/29 = 6.90 β’ W, Y, V, M, B, H : 1/29 = 3.45 β’ AOL: Apply the deciphering algorithm β’ π π = π + π πππ π βΆ m = c + k mod 26 β’ If c = A = 1; k = -8 (or +18) : m =1-8 or -7 mod 26 = 19 = Tβ¦ Plaintext: THE PRESIDENT OF THE UNITED STATES

9/5/2017

CNIT370, Fall 2017

9

β¦by percentage

Frequency analysis isnβt perfect. Either ciphertext A or L could have been plaintext E or T. The more ciphertext you have from a simple cipher, the more likely it is you can break it. What did we learn about this cipher in regard to Perfect Secrecy and Kerckhoffsβs Principle?

9/5/2017

CNIT370, Fall 2017

10

To some degreeβ¦ β’ Homophonic: Replace plaintext letters with a random choice from several possible ciphertext letters. β’ Polyalphabetic: Multiple maps from plaintext alphabet to ciphertext alphabet β’ Polygram: Arbitrary substitutions for blocks of characters

9/5/2017

CNIT370, Fall 2017

11

Keyphrase

β’ Uses multiple maps from the plaintext alphabet to the ciphertext alphabet.

M: K: C:

9/5/2017

C R Y P T O F U N F U N H L L U N B

CNIT370, Fall 2017

M e s s a g e

12

http://www.math.tamu.edu/~dallen/hollywood/breaking/v.htm

Vjw lvhlxpga, tp rvzkamxtvvz onrht szho Cckfhm tpq i ecjgxt szho VC, ttr lkkiqgi gpkqhoa vum vqhvmtl. Jxkao rqhvz, hbwekfp vqytxir amwqmgvf, bagl ikg qwbpt iuqhb 90. Mjr kkcfp agnl-hp vvmq rivj bbage, jnv (gptpxa mq fbtvr-wy-vum-ttg athrbr gdcbrzmgv) gpxa owmj fckxvdx. Vumr triekmm mjva tpq lxevlx vuim kg unug jx c fqzp szho Tww vuim vumr uuwnnq woge khor xxvgg wksnxtrvvgf igf om ytvmgff. Bagl baga kagps mq fmx ks igagpbpt meur ql waltonoxf. Yw tpq jxjbtw, vumkg va t ebuinrbxnl cgfnufctmw dbbmnr wy Lnkd Fnvbgya bp gpx vecgm bn mjr Xntqcx Dbqeonsxt. Um hhsmku n lkkas mq gpx KH Phqfqxt (vv mjr aikeqm qs nkkrvwuuqi), yuw kgnlbnl mqerxmu. Um wtvvdu zwlv bn bv vv hpr oh cal hhsmku fwfg gw mjr Jhkymk. Vum Uqvtxt gidgf qm, upzxyf bag pii dnkd qa igf fmmu gpx dbbmnr wg vum ztbcgf. Gpx Jbwlkrz zkiml jvu t hhvga ywhm nvw cfsl jvu pjl px fvl mjnb. Mjr Jhkymk nbwdu oivm nb akz igf firu: "Bp, B'o wclv twgpn etkg nht gpx ebxl vb aaqj ci." 9/5/2017

CNIT370, Fall 2017

13

First, find the period, π, then break by solving π interlaced simple substitution ciphers by letter frequency, guessing, or using digraphs. Two methods to do this are: β’ Kasiski Method: β Look for repetitions in the cipher text. β The starting locations of the repetitions may be a multiple of the period, π. β Look at the gcd of some of these differences. β’ The Index of Coincidence Method: β Can be used in combination with Kasiski in order to determine which multiple of d is the actual period. 9/5/2017

CNIT370, Fall 2017

14

The IC tells you the approximate size of period π . The Kasiski method complements IC by telling you a number (the gcd) that probably divides π . Example: If IC = 0.043, then π is probably 6 or 7. β’ F is the frequency of occurrence of a letter in the plaintext or ciphertext, N is the length of the text. β’ If a Kasiski analysis finds several examples of repeated ciphertext occurring at multiples of 3 in the position of the letters, then π is probably a multiple of 3. β’ These two pieces suggest that π=6. πΌπΆ =

π< π< β 1 2 π πβ1 2

β[email protected]

β[email protected]

(1, 0.066), (2, 0.052), (3, 0.047), (4, 0.045), (5, 0.044), (10, 0.041), (β, 0.038) 9/5/2017

CNIT370, Fall 2017

15

Some periodic polyalphabetic ciphers have very long periods, so they seem unbreakable. β’ The World War 2 German Enigma Machine is an example of such a cipher. β It was broken using Group Theory during the war. β’ Using text from a book as the keyspace is another example. β This type of cipher is also vulnerable to frequency analysis because both alphabets involved follow language frequency patterns.

9/5/2017

CNIT370, Fall 2017

16

1. 2. 3. 4.

Key generation should be random. The key should be as long as the message. Keys should not be re-used. Keys should be the only secret component of the cryptosystem.

9/5/2017

CNIT370, Fall 2017

17

1. 2. 3. 4.

ππππ(π) πππππ‘β π β₯ πππππ‘β (π) π< β {πA , πT , β¦ π<@A } β = (πΊππ, πΈππ, π·ππ) ππ ππππ€π, π ππ π’πππππ€π

9/5/2017

CNIT370, Fall 2017

18

Basics of a strong cryptosystem Key Generation

Length Message Key

Patterned

Random

Message 1

2

3

4

Key Usage

Key

Kerckhoffsβs Principle Ciphertext

Message

9/5/2017

Method

β

β Ciphertext

One-off CNIT370, Fall 2017

19

Key

Message

β

β Message Ciphertext One-off

One-off

1. 2. 3. 4.

Key generation should be random. The key should be as long as the message. Keys should not be re-used. Keys should be the only secret component of the cryptosystem. 9/5/2017

1. 2. 3. 4.

CNIT370, Fall 2017

ππππ(π) πππππ‘β π β₯ πππππ‘β (π) π< β {πA , πT , β¦ π<@A } β = (πΊππ, πΈππ, π·ππ) ππ ππππ€π, π ππ π’πππππ€π

20

You are an IT security consultant. Your client uses a VPN tunnel for remote login after hours when necessary, but are outsourcing their billing to a third party, which requires a constant flow of sensitive data. They would like to use their existing software for the billing connection because they already own it. β’ Prepare a 1.5-2 page executive summary that recommends a course of action to your client. Use the principles of Perfect Security and Kerckhoffsβs Principle to make your argument. β’ Be sure to include a basic drawing of the system you recommend that highlights the key features, and a mathematical explanation for your clientβs engineers of the time it will take to break the key length you choose.

9/5/2017

CNIT370, Fall 2017

21

Cisco Anyconnect VPN v.2.0 β’ IT loads clients onto remote workstations and enters the pre-shared key (PSK). Users have no knowledge of the PSK. β’ Client requires users to enter their username and password combination in order to connect. Algorithm used: AES256 Pre-shared key: bam!bam!2 Last key change: Upon Installation (6/30/2012)

9/5/2017

CNIT370, Fall 2017

22

You are an IT security consultant. Your client uses a VPN tunnel for remote login after hours when necessary, but are outsourcing their billing to a third party, which requires a constant flow of sensitive data. They would like to use their existing software for the billing connection because they already own it. β’ Prepare a 1.5-2 page executive summary that recommends a course of action to your client. Use the principles of Perfect Security and Kerckhoffsβs Principle to make your argument. β’ Be sure to include a basic drawing of the system you recommend that highlights the key features, and a mathematical explanation for your clientβs engineers of the time it will take to break the key length you choose.

9/5/2017

CNIT370, Fall 2017

23

Our partners will collect data and use cookies for ad personalization and measurement. Learn how we and our ad partner Google, collect and use data. Agree & Close