One Time Pad Encryption The unbreakable encryption method


 Paulina Johnston
 1 years ago
 Views:
Transcription
1 One Time Pad Encryption The unbreakable encryption method
2 One Time Pad The unbreakable encryption method One Time Pad encryption is a very simple, yet completely unbreakable cipher method. It has been used for decades in mils electronic cipher systems for encrypting our customers sensitive data. Over the years, we have perfected the implementation of One Time Pad encryption into our products. Today, high levels of automation, high capacity storage media, continuous key protection, and huge One Time Pads provide our customers with outstanding communication security without sacrificing convenience. This document will help you understand how One Time Pad can ensure complete privacy for your sensitive information. Characteristics of the One Time Pad encryption method The One Time Pad encryption method is a binary additive stream cipher, where a stream of truly random keys is generated and then combined with the plain text for encryption or with the cipher text for decryption by an exclusive OR (XOR) addition. It is possible to prove that a stream cipher encryption scheme is unbreakable if the following preconditions are met: A The key must be as long as the plain text. B The key must be truly random. C The key must only be used once. The One Time Pad implementation in mils electronic s products fulfills all these requirements and therefore provides absolute protection for our customers sensitive information.
3 Components of the OTP encryption Truly random key generation For One Time Pad encryption, a truly random key stream must be employed. The word random is used in its most literal sense here. In mils electronic products, all keys are exclusively generated by a True Random Noise Source. This Noise Source is incorporated into the hardware security token of each mils electronic application. As it is part of the security token, it is protected against all manipulation and tampering attempts and provides a very high key generation speed. Oscillator ring 1 Oscillator ring 2 Oscillator ring n Combination stage Random bits The random noise source derives its randomness by sampling a set of parallel ring oscillators, a reliable technology for obtaining genuine randomness. This technique uses timing jitter and oscillator drift found in freerunning CMOS ring oscillators as a source of randomness. Timing jitter is a random phenomenon caused by the thermal noise and local voltage variations present at each transistor of a ring oscillator. Local variations in voltage and temperature will cause each ring to oscillate faster (or slower) over time  resulting in a random drift relative to the other rings. As the frequency of each oscillator randomly drifts with each cycle, the output stream becomes random relative to the lower frequency sampling rate.
4 The One Time Pad encryption process One Time Pad keys are used in pairs. The keys are distributed securely prior to encryption. One copy of the key is kept by the sender and one by the recipient. The confidentiality and authenticity of the One Time Pad keys can be guaranteed thanks to the continuous protection during their distribution and storage. Therefore, outsiders will not be able to misuse the key (e.g. by copying or altering the key during distribution) Plain text 0 Cipher text Exclusive OR function One Time Pad Generated by the True Random Noise Source A To encrypt plain text data, the sender uses a key string equally long as the plain text. The key is used by mixing (XORing) bit by bit, always adding one bit of the key with one bit of the plain text to create one bit of cipher text. B This cipher text is then sent to the recipient. C At the recipient s end, the encoded message is mixed (XORed) with the duplicate copy of the One Time Key and the plain text is restored. D Both sender s and recipient s keys are automatically destroyed after use, so that erroneous reapplication of the same key is impossible.
5 Why is One Time Pad encryption unbreakable? The popular scientific explanation Cipher text KNQX L ZRV Key 1 ZCVPQ I T A YES COME, Plain text 1 (meaningful) Key 2 HSUXZRAV CPQXAT I F Plain text 2 (meaningless) Key 3 E T DYHCNX HZAUHPSE Plain text 3 (meaningless) Key 4 L F ZRX I BH S T AY OF F Plain text 4 (meaningful) Exclusive OR function The brute force attack With One Time Pad encryption, the key used for encoding the message is completely random and is as long as the message itself. That is why the only possible attack to such a cipher is a brute force attack. Brute force attacks use exhaustive trial and error methods in order to find the key that has been used for encrypting the plain text. This means that every possible combination of key bits must be used to decrypt the cipher text. The correct key would be the one that produces a meaningful plain text. Unlimited computing power is useless Let s assume an eavesdropper has intercepted a One Time Pad encrypted message and that he has unlimited computing power and time. For example, typical messages are at least 200 bytes long, requiring the testing of bits. Even if the eavesdropper is both willing and able to do this, the following paragraph will describe why unlimited computational power will not compromise the system. Attackers must try every possible key Since all One Time Keys are equally likely and come from a completely unpredictable noise source that is proven to be random, the attacker has to test all possible key strings. Impossible to guess the right plain text If he used every possible key string to decrypt the cipher text, all potential plain text strings with the same length as the original plain text would appear. As illustrated above, most of these potential plain text strings would make no sense; however, every meaningful string the same length as the original plain text would also appear as a potential plain text string. Without knowing the applied OTP, the eavesdropper has no way of finding out which meaningful string is the original plain text. Thus, trying all possible keys doesn t help the attacker at all, because all possible plain texts are equally likely decryptions of the cipher text.
6 Why is One Time Pad encryption unbreakable? The mathematical proof DEFINITION A noise source is called a True Random Noise Source or fulfills the true random property if for all any generated key sequence for all satisfies (1) THEOREM: Unconditional security of One Time Pad For a cipher system with a true random noise source, the One Time Pad cipher is perfectly secret. PROOF First, we determine the length of the plain text by. Let denote the plain text and the One Time Pad generated by the true random noise source. The resulting cipher text is calculated by, i.e. for all. A system is called perfectly secret or unconditionally secure if for all for all (2) is satisfied. For we conclude from equation (2) and. (3)
7 We get for all and by using the law of total probability and the true random property of the noise source (4) By again applying the true random property of the noise source and equation (2) for we obtain and (5) From the definition of conditional probability follows for all and all (6) and (7) and thus we get (8) From equation (5) and equation (4) we deduce equation (8) simplifies to and thus for all. Hence, the mathematical proof is complete.
8 Further reading Schneier, Bruce: Applied Cryptography: Protocols, Algorithms, and Source Code in C. 1996, John Wiley and Sons, Inc. New York, Chichester, Brisbane, Toronto, Singapore
9 Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone: Handbook of Applied Cryptography 1997, CRC Press Boca Raton, New York, London, Tokyo
10 The history of One Time Pad encryption The One Time Pad encryption method is nothing new. In 1882, Frank Miller was the first to describe the One Time Pad system for securing telegraphy. In 1917, Gilbert Vernam invented a cipher solution for a teletype machine. U.S. Army Captain Joseph Mauborgne realized that the character on the key tape could be completely random. Together, they introduced the first One Time Pad encryption system. Since then, One Time Pad systems have been widely used by governments around the world. Outstanding examples of a One Time Pad system include the hot line between the White House and the Kremlin and the famous Sigsaly speech encryption system. Another development was the paper pad system. Diplomats had long used codes and ciphers for confidentiality. For encryption, words and phrases were converted to groups of numbers and then encrypted using a One Time Pad. The famous patent for the Secret Signaling System from Each character of a message was combined with a character on a paper tape key. Frank Miller Gilbert Vernam Joseph Mauborgne
11 mils electronic s OTP history OTP encryption has always played an essential role in mils electronic s product philosophy. When the company was founded in the late 1940s, OTP was the only applied encryption method. The TT360 Tape Mixer was one of the first electromechanical cipher machines which the company developed and sold. TT360 Tape Mixer OTP Cipher Disk Although unbreakable, OTP encryption is so simple that you can even employ it manually. We therefore often give a OTP Cipher Disk to our customers as a gift. When used correctly, it s a powerful tool to create short unbreakable messages. M640 Tape Mixer M730 Cipher Machine with MilsCard M830 Cipher Machine MilsOne Client with OneQube With the invention of microprocessor technology, OTP encryption was complemented by algorithm based encryption in the M640 Tape Mixer or the M830 Cipher Machine. The usability of OTP was drastically increased by software based development. With the invention of the personal computer it was necessary to remove the sensitive parts of OTP encryption from the PC into dedicated security hardware, like the MilsCard of the M730 Cipher Machine. Today, the entire OTP storage and encryption process is handled by the OneQube, the hardware token of MilsOne. With its fully automated OTP usage and 29 GB of OTP storage it represents the stateoftheart OTP implementation.
12 mils electronic gesmbh & cokg leopoldwedlstrasse mils austria t f TECOTP04e
Application Note AN00160
Considerations for Sending Data Over a Wireless Link Introduction Linx modules are designed to create a robust wireless link for the transfer of data. Since they are wireless devices, they are subject
More informationPublic Key Encryption and Digital Signature: How do they work?
White Paper Public Key Encryption and Digital Signature: How do they work? Business solutions through information technology Entire contents 2004 by CGI Group Inc. All rights reserved. Reproduction of
More informationThe Steganographic File System
The Steganographic File System Ross Anderson 1, Roger Needham 2, Adi Shamir 3 1 Cambridge University; rja14@cl.cam.ac.uk 2 Microsoft Research Ltd; needham@microsoft.com 3 Weizmann Institute; shamir@wisdom.weizmann.ac.il
More informationA Method for Obtaining Digital Signatures and PublicKey Cryptosystems
A Method for Obtaining Digital Signatures and PublicKey Cryptosystems R.L. Rivest, A. Shamir, and L. Adleman Abstract An encryption method is presented with the novel property that publicly revealing
More informationCommunication Theory of Secrecy Systems
Communication Theory of Secrecy Systems By C. E. SHANNON 1 INTRODUCTION AND SUMMARY The problems of cryptography and secrecy systems furnish an interesting application of communication theory 1. In this
More informationWhy Johnny Can t Encrypt
In Security and Usability: Designing Secure Systems that People Can Use, eds. L. Cranor and G. Simson. O'Reilly, 2005, pp. 679702 CHAPTER THIRTY FOUR Why Johnny Can t Encrypt A Usability Evaluation of
More informationWhy Johnny Can t Encrypt: A Usability Evaluation of PGP 5.0
Why Johnny Can t Encrypt: A Usability Evaluation of PGP 5.0 Alma Whitten School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 alma@cs.cmu.edu J. D. Tygar 1 EECS and SIMS University
More informationELECTROMAGNETIC SIDECHANNEL ANALYSIS ON INTEL ATOM PROCESSOR
ELECTROMAGNETIC SIDECHANNEL ANALYSIS ON INTEL ATOM PROCESSOR A Major Qualifying Project Report: submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE by Anh Do Soe Thet Ko Aung Thu Htet Date:
More informationSwitching Algebra and Logic Gates
Chapter 2 Switching Algebra and Logic Gates The word algebra in the title of this chapter should alert you that more mathematics is coming. No doubt, some of you are itching to get on with digital design
More informationNew Directions in Cryptography
644 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. IT22, NO. 6, NOVEMBER 1976 New Directions in Cryptography Invited Paper WHITFIELD DIFFIE AND MARTIN E. HELLMAN, MEMBER, IEEE AbstractTwo kinds of contemporary
More informationOfftheRecord Communication, or, Why Not To Use PGP
OfftheRecord Communication, or, Why Not To Use PGP Nikita Borisov UC Berkeley nikitab@cs.berkeley.edu Ian Goldberg ZeroKnowledge Systems ian@cypherpunks.ca Eric Brewer UC Berkeley brewer@cs.berkeley.edu
More informationLest We Remember: Cold Boot Attacks on Encryption Keys
Lest We Remember: Cold Boot Attacks on Encryption Keys J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward
More informationVehicle data acquisition using CAN By Henning Olsson, OptimumG henning.olsson@optimumg.com
Vehicle data acquisition using By Henning Olsson, OptimumG henning.olsson@optimumg.com Introduction: Data acquisition is one of the best tools to increase the understanding of vehicle behavior. One can
More informationData protection. Protecting personal data in online services: learning from the mistakes of others
Data protection Protecting personal data in online services: learning from the mistakes of others May 2014 Contents Introduction... 2 What the DPA says... 4 Software security updates... 5 Software security
More informationTowards Statistical Queries over Distributed Private User Data
Towards Statistical Queries over Distributed Private User Data Ruichuan Chen Alexey Reznichenko Paul Francis Johannes Gehrke Max Planck Institute for Software Systems (MPISWS), Germany Cornell University,
More informationPrivacy by Design Solutions for Biometric OnetoMany Identification Systems
Privacy by Design Solutions for Biometric OnetoMany Identification Systems IPC Technical Report June 2014 Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Alex Stoianov, Ph.D.
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 0829/14/EN WP216 Opinion 05/2014 on Anonymisation Techniques Adopted on 10 April 2014 This Working Party was set up under Article 29 of Directive 95/46/EC. It is
More information6 USE CASES. Introduction. Chapter 6. Objectives. The indispensable first step to getting the things you want out of life: decide what you want.
UML and Patterns.book Page 61 Thursday, September 16, 2004 9:48 PM Chapter 6 6 USE CASES The indispensable first step to getting the things you want out of life: decide what you want. Ben Stein Objectives
More informationAbstract. 1. Introduction. Butler W. Lampson Xerox Palo Alto Research Center David D. Redell Xerox Business Systems
Experience with Processes and Monitors in Mesa 1 Abstract Butler W. Lampson Xerox Palo Alto Research Center David D. Redell Xerox Business Systems The use of monitors for describing concurrency has been
More informationAll Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks
All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda EURECOM Sophia Antipolis, France bilge@eurecom.fr, strufe@eurecom.fr,
More informationFairplay A Secure TwoParty Computation System
Fairplay A Secure TwoParty Computation System Dahlia Malkhi 1, Noam Nisan 1, Benny Pinkas 2, and Yaron Sella 1 1 The School of Computer Science and Engineering The Hebrew University of Jerusalem Email:
More informationAutomatically Detecting Vulnerable Websites Before They Turn Malicious
Automatically Detecting Vulnerable Websites Before They Turn Malicious Kyle Soska and Nicolas Christin, Carnegie Mellon University https://www.usenix.org/conference/usenixsecurity14/technicalsessions/presentation/soska
More informationIntroduction to Data Mining and Knowledge Discovery
Introduction to Data Mining and Knowledge Discovery Third Edition by Two Crows Corporation RELATED READINGS Data Mining 99: Technology Report, Two Crows Corporation, 1999 M. Berry and G. Linoff, Data Mining
More informationEffective and Efficient Malware Detection at the End Host
Effective and Efficient Malware Detection at the End Host Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and XiaoFeng Wang Secure Systems Lab, TU Vienna {ck,pmilani}@seclab.tuwien.ac.at
More informationPRIVACY AMPLIFICATION BY PUBLIC DISCUSSION*
SIAM J. COMPUT. Vol. 17, No. 2, April 1988 (C) 1988 Society for Industrial and Applied Mathematics O03 PRIVACY AMPLIFICATION BY PUBLIC DISCUSSION* CHARLES H. BENNETT?, GILLES BRASSARD$ AND JEANMARC ROBERT
More informationIntellectual Need and ProblemFree Activity in the Mathematics Classroom
Intellectual Need 1 Intellectual Need and ProblemFree Activity in the Mathematics Classroom Evan Fuller, Jeffrey M. Rabin, Guershon Harel University of California, San Diego Correspondence concerning
More informationWhat Every Programmer Should Know About Memory
What Every Programmer Should Know About Memory Ulrich Drepper Red Hat, Inc. drepper@redhat.com November 21, 2007 1 Introduction Abstract As CPU cores become both faster and more numerous, the limiting
More informationDuplexing the sponge: singlepass authenticated encryption and other applications
Duplexing the sponge: singlepass authenticated encryption and other applications Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2, and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract.
More informationPrivacy and Electronic Communications Regulations. Guidance on the rules on use of cookies and similar technologies
Privacy and Electronic Communications Regulations Guidance on the rules on use of cookies and similar technologies Contents 1. Introduction 2. Background 3. Consumer awareness of cookies 4. Terminology
More informationWhat Every Citizen Should Know About DRM, a.k.a. Digital Rights Management
What Every Citizen Should Know About DRM, a.k.a. Digital Rights Management By Mike Godwin Senior Technology Counsel Public Knowledge PUBLIC KNOWLEDGE NEW AMERICA FOUNDATION What Every Citizen Should Know
More information