Network Security: Cryptography CS/SS G513 S.K. Sahay

Transcription

1 Network Security: Cryptography CS/SS G513 S.K. Sahay BITS-Pilani, K.K. Birla Goa Campus, Goa

2 S.K. Sahay Network Security: Cryptography 1 Introduction Network security: measure to protect data/information during transmission. Security attack: any action that compromises the security of data/information. Interruption, Interception, Modification, Fabrication Dishonesty Main concept behind network security is the use of cryptography techniques. Key generation and management Distribution, transportation, storage, accessibility, lifetime, backup, destroying key at the end of life, complexity, randomness, using the full spectrum of key space.

3 S.K. Sahay Network Security: Cryptography 2 Terminology Cryptography: science of secret writing with the goal of hiding the meaning of a message. Cryptanalysis: art and science to break the cryprtosystem. Encryption: method of transforming data (x) into an unreadable format. Plaintext: message/data before encryption. Ciphertext: message/data after encryption. Decryption: method to get back the x from y.

4 S.K. Sahay Network Security: Cryptography 3 Terminology Cipher/EA: set of rules/procedures that dictates how to encrypt/decrypt data. Key: values used in encryption/decryption. Key space: range of possible values used to construct keys. Key clustering: when two different keys generate the same y from the same x. Work factor: estimated time and resources to break a cryptosystem. No system is unbreakable.

5 S.K. Sahay Network Security: Cryptography 4 Steganography Hides secret message in other message. Security through obscurity. Does not attract attention, while cryptography draw attention. Provide secrecy, while cryptography provides privacy. Can be used where cryptography is not allowed. Supplements cryptography.

6 S.K. Sahay Network Security: Cryptography 5 Key Ideas of Encryption Confusion Diffusion Kerchoff s principles

7 S.K. Sahay Network Security: Cryptography 6 Historical Ciphers Symmetric ciphers are also referred as symmetric-key, secret-key and single key. Ancient ciphers was exclusively based on symmetric-key. Substitution ciphers: Monalphabetic ciphers Homophonic ciphers Polyalphabetic ciphers Polygram ciphers Running key ciphers Letter frequency attack

8 S.K. Sahay Network Security: Cryptography 7 Historical Ciphers Transposition ciphers: Simplest: write horizontally and read vertically. key: Letters remain same, order changes. While in substitution letter changes, order remain same. Combined cipher: Two substitution/transposition cipher in sequence. Substitution and transposition are orthogonal. Hence can be combined to produce a new harder cipher.

9 S.K. Sahay Network Security: Cryptography 8 Breaking an Algorithm Total Break Global Deduction Instance (local) deduction Information Deduction.

10 S.K. Sahay Network Security: Cryptography 9 Cryptanalysis attack Ciphertext only attack Known plaintext attack Chosen plaintext attack Adaptive chosen plaintext attack Chosen ciphertext attack Chosen key attack Rubber hose cryptanalysis

11 S.K. Sahay Network Security: Cryptography 10 Security of cipher Unconditional secure Computationally secure Degree of security: how hard to break. Peer-review. Decoding by reverse engg. Data Complexity: Breaking cost Encrypted data cost. Time Complexity: Time require to break Time the data is useful. Storage requirement: Amount of data required to break Amount of available x, y. An algorithm is said to have a security level of n bit if the best known attack requires 2 n steps.

12 S.K. Sahay Network Security: Cryptography 11 Stream Cipher Synchronous stream cipher (Key-Auto-Key) State cipher Depend on the current state. Encrypted plaintext will be different at every time. Security concern: Identical key stream at both sides; Synchronization? k = = x = y Pattern repetition, negligible security; Random, harder to break it. If x and y known k can be obtained. Deterministic if k not changes; k > x If y 1 and y 2 encrypted with same k.

13 S.K. Sahay Network Security: Cryptography 12 Stream Cipher Asynchronous stream cipher (Ciphertext-Auto-Key) State depend on previous y. Synchronization is automatic. y error = continuous x error, until synchronized. Protects against any insertion/deletion. General advantage of stream cipher: Compact and fast [cell phones, embedded devices, RC4 (internet traffic)] Less flops and gates.

14 S.K. Sahay Network Security: Cryptography 13 Modular Arithmetic A simple way of doing arithmetic in a finite set of integers. In general a r mod n, if n divides a - r, a, r, n Z and m > 0 All modern crypto algos. are based on modular arithmetic. Holds commutative, associative, distributive laws Identities and additive inverse.

15 S.K. Sahay Network Security: Cryptography 14 Modular Arithmetic: Properties a and b are congruent modula of n, if a mod n = b mod n; a b mod n; b a mod n If a b mod n; b c mod n then a c mod n If (a + c) (b + c) mod n; then b c mod n If (a c) (b c) mod n; then b c mod n If (a ± b) mod n = (a mod n ± b mod n) mod n If (a b) mod n = [(a mod n) (b mod n)] mod n If [a (b ± c)] mod n = [(a b) mod n) ± (a c) mod n)] mod n For efficiency apply modulo reduction (public-key schemes); e.g. 3 8 mod 7 = mod 7

16 S.K. Sahay Network Security: Cryptography 15 Modular Arithmetic Equivalence class: one can write a = q.m + r a r = q.m a r mod n; a Z n ; 0 r < n Many valid r for a given n and a. A set of Nos. having same remainder (r) are called an equivalence class; e.g mod ; mod 7; 10 4 mod 7... forms a set (...-18,-11,-4, 3, 10, 17,...). In a modulus 7 there are more 6 equivalence class. There are (n -1) equivalence class for given n and in a given equivalence class all members behave equivalently.

17 S.K. Sahay Network Security: Cryptography 16 Group and Ring Group is a set of elements together with an operation which combines two elements of group. Group operation is closed, associative and an neutral & inverse element exists. Ring is a set of elements with two operations (+, ), a, b Z n s.t. (a + b) c mod n; (a b) d mod n; c, d Z n Operation is closed, associative, distributive and an neutral & inverse element exists for both the operators.

18 S.K. Sahay Network Security: Cryptography 17 Modular Arithmetic: Application Shift/Caesar cipher: If x, y, k Z 26, then y = E k (x) (x + k) mod 26 x = D k (y) (y k) mod 26 If k = 10 and plaintext is CRYPTO = x 1, x 2, x 3, x 4, x 5, x 6 = 2, 17, 24, 15, 19, 14 then ciphertext = y 1, y 2, y 3, y 4, y 5, y 6 = 12, 1, 8, 25, 3, 24 = MBIZDY Only 25 possible keys, hence brute force attack is trivial. Also one can apply letter frequency analysis. If arbitrary substitution, then key space is 26!

19 S.K. Sahay Network Security: Cryptography 18 Modular Arithmetic: Application Affine cipher: If x, y, a, b Z 26, then y = E k (x) (a.x + b) mod 26 x = D k (y) a 1.(y b) mod 26 If (a, b) = (3, 10) and plaintext is CRYPTO = x 1, x 2, x 3, x 4, x 5, x 6 = 2, 17, 24, 15, 19, 14 then ciphertext = y 1, y 2, y 3, y 4, y 5, y 6 = 16, 9, 4, 3, 15, 0 = QJEDPA = 312 possible keys. Larger than Caesar cipher but still brute force attack is trivial and letter frequency analysis. Correctness.

20 S.K. Sahay Network Security: Cryptography 19 Modular Arithmetic: Application Letter frequency attack: ULADVYR ZLJBYPAF JVBYZL XMNIEZC GMYUZONW YEUZGM NETWORK SECURITY COURSE LQ QHWZRUN VHFXULWB ZH DUH VWXGBLQJ FUBSWRJUDSKB DQG LWV DSSOLFDWLRQ IX XWPYAJO MWQSJIPE YW KJW MPSTEIXC QJEDPACJKDFE KXT IPM KDDRIQKPIAX WE ARE STUDYING CRYPTOGRAPHY AND ITS APPLICATION IN NETWORK SECURITY

21 S.K. Sahay Network Security: Cryptography 20 Modular Arithmetic: Application Stream Cipher: If x i, y i, s i {0, 1}, then y i = E si (x i ) (x i + s i ) mod 2 x i = D si (y i ) (y i + s i ) mod 2 Encryption and decrytpion are the same function. Simple modulo 2 addition (XOR) XOR gate is invertible and perfectly balanced. If s i is true random, then it is unpredictable with 50% chance. Nature of the key stream: s i sequence should appear random, hence stream cipher will not be easy to break by an attacker.

22 S.K. Sahay Network Security: Cryptography 21 Perfect Stream Cipher Requirement of random number: Uniform distribution and Independence. Random number generator: TRNG, PRNG and CSRNG With a given seed s o, s i+1 = a.s i + b mod n; s i+1 = a.s 2 i + b.s i + c mod n; s i+1 = a.s 3 i + b.s2 i + c.s i + d mod n, Passes the next bit test i.e. there is no polynomial time algo. that on input of the first k bits, can predict the (k + 1) bit with probability greater than 50% DES-OFB, ANSI X9.17 PRNG, Blum-Blum Shub Generator

23 S.K. Sahay Network Security: Cryptography 22 Perfect Stream Cipher OTP in substitution cipher is an addition modulo 26 and the one time character. e.g. EQNVZ = E k (X... Y) Stream cipher as a perfect cipher or OTP i.e. unconditionally secure, if the key-stream (s i ). is generated from TRNG known to only legitimate parties used only once y o (x o + s o ) mod 2 y 1 (x 1 + s 1 ) mod 2 Attacker will not able to determine x i (0/1) better than 50%, if s i is obtained from TRNG.

24 S.K. Sahay Network Security: Cryptography 23 Perfect Stream Cipher: Limitation Need of TRNG. Transportation and volume (size) of the key. Key shall not be re-used. True OTP are rarely used, however gave great idea for developing secure ciphers.

25 S.K. Sahay Network Security: Cryptography 24 Practical Stream Cipher OTP is unconditionally secure, but not practical. Know cipher not unconditionally secure, also don t know the best algorithm for a attack. Design with a complexity no better than an exhaustive key search.

26 S.K. Sahay Network Security: Cryptography 25 Practical Stream Cipher: LFSR Flip-Flop Gated D-latch Shift register. Linear Feedback Shift Register. Leftmost bit is XORed with the previous operations. The sequence of s i generated by plain LFSR are cryptographically weak. Combinations of LFSR with proper feedback makes secure stream cipher. e.g. A5/1, Trivium, etc. Degree of LFSR: No. of storage element.

27 S.K. Sahay Network Security: Cryptography 26 Practical Stream Cipher: LFSR LFSR of degree 3. Repeats after 6th clock, hence period of length is 7. Generalize LFSR i.e. of degree m m possible feedbacks; P i = 1/0 taken as closed/open switch. Output sequence depends on feedback coefficients. If initial value is s o, s 1, s 2...s m 1, then in general s i+m = m 1 j=0 s i+j.p j mod 2; s i, P j (0, 1), i = 0, 1, 2...

28 S.K. Sahay Network Security: Cryptography 27 Practical Stream Cipher: LFSR Linear recurrences, repeats periodically. Length of the s i sequence depends on the feedback coefficient. Let m = 4 and P 3 = 0, P 2 = 0, P 1 = 1, P o = 1; (4, 1, 0) P 3 = 1, P 2 = 1, P 1 = 1, P o = 1; (4, 3, 2, 1, 0) P 3 = 0, P 2 = 1, P 1 = 0, P o = 1; (4, 2, 0) How to obtain maximum length i.e. 2 m 1 Polynomial representation: P(x) = x m + P m 1.x m P 1.x + P o If polynomial is primitive output sequence will be max. length. A polynomial over GF(2) is irreducible, if it cannot be factored e.g. x 2 + x + 1 is irreducible, but x 2 + 1

29 S.K. Sahay Network Security: Cryptography 28 Practical Stream Cipher: LFSR Security issue: Known plain-text attack: Let attacker know (x o, x 1,...x 2m 1 ) and (y o, y 1,...y 2m 1 ). Find key i.e feedback coefficient P m 1, P m 2,...P 1, P o First find out the first 2m stream bits by s i = (x i + y i ) mod 2; i = 0, 1, 2...(2m 1) we can write s m = s m 1.P m s 1.P 1 + s o.p o mod 2 s m+1 = s m.p m s 2.P 1 + s 1.P o mod s 2m 1 = s m.p m s 2.P 1 + s 1.P o mod 2

30 S.K. Sahay Network Security: Cryptography 29 Practical Stream Cipher: LFSR Security issue: Highly insecure cipher because stream is deterministic for a given previous state. The sequence of s i generated by plain LFSR are cryptographically weak. A good PRNG but terrible cryptographical ones. Combinations of LFSR with proper feedback makes secure stream cipher. e.g. A5/1, A5/3, Trivium, etc.