Cryptology for Engineers

  • View
    12

  • Download
    1

Embed Size (px)

Transcript

Cryptology For EngineersALDEC WebinarCreated and Presented by Jerry Kaczynski, ALDEC Research Engineer

Rev. 1.6a

2

Agenda Basic Terms Ciphers Hybrid Cryptosystem Authentication Cryptanalysis

www.aldec.com

3

Simple Explanations

BASIC TERMSwww.aldec.com

4

Cryptology Cryptology combines Greek terms (kryptos = secret)and (logos = study) to describe science or study of hiding, securely transferring and recovering information.

Cryptology can be divided into two closely related disciplines: Cryptography dealing with securing information, Cryptanalysis trying to break security. banking, electronic commerce, telecommunication, military and IP (Intellectual Property) protection.

Cryptology finds many practical implementations in

www.aldec.com

5

PlaintextTo be, or not to be- that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune Or to take arms against a sea of troubles, And by opposing end them. To die- to sleepNo more; and by a sleep to say we end The heartache, and the thousand natural shocks That flesh is heir to. 'Tis a consummation Devoutly to be wish'd. To die- to sleep. To sleep- perchance to dream: ay, there's the rub! For in that sleep of death what dreams may come When we have shuffled off this mortal coil, Must give us pause. There's the respect That makes calamity of so long life. For who would bear the whips and scorns of time, Th' oppressor's wrong, the proud man's contumely, The pangs of despis'd love, the law's delay, The insolence of office, and the spurns That patient merit of th' unworthy takes, ...

Hamlet 3/1

Plaintext is the document/message everybody can read and understand. We are using document icon to represent plaintext in diagrams.www.aldec.com

6

Cipher & Key Cipher is an algorithm that converts plaintext into something that cannot beread by uninitiated persons and later allows retrieval of the plaintext. Key is a value that personalizes cipher by modifying its algorithm. Caesars cipher (one of the oldest known ciphers) shifts each letter in plaintext alphabet by given number of positions. The key in Caesars cipher is the number of shifted positions (+3 in our diagram).A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

+3A B C D E F G H I J K L M N O P Q R S

+3T U V W X Y Z

= +3www.aldec.com

7

Cipher Strength The stronger the cipher, the more difficult it isto break it for some attacker.

Strength of the cipher is measured by complexity of the algorithmand size of the key.

The more complex the cipher algorithm, the more difficult it is todevise quick method of reversing it. (Caesars cipher is so simple that anybody can break it now.)

The longer the key, the more difficult it is to guess it by trial anderror approach, a.k.a. brute force attack. (Caesars key is 5-bit number 1 of 26 possible in our example so guessing it without computer takes no more than an hour.)www.aldec.com

8

CiphertextWr eh, ru qrw wr eh- wkdw lv wkh txhvwlrq: Zkhwkhu 'wlv qreohu lq wkh plqg wr vxiihu Wkh volqjv dqg duurzv ri rxwudjhrxv iruwxqh Ru wr wdnh dupv djdlqvw d vhd ri wurxeohv, Dqg eb rssrvlqj hqg wkhp. Wr glh- wr vohhsQr pruh; dqg eb d vohhs wr vdb zh hqg Wkh khduwdfkh, dqg wkh wkrxvdqg qdwxudo vkrfnv Wkdw iohvk lv khlu wr. 'Wlv d frqvxppdwlrq Ghyrxwob wr eh zlvk'g. Wr glh- wr vohhs. Wr vohhs- shufkdqfh wr guhdp: db, wkhuh'v wkh uxe! Iru lq wkdw vohhs ri ghdwk zkdw guhdpv pdb frph Zkhq zh kdyh vkxiiohg rii wklv pruwdo frlo, Pxvw jlyh xv sdxvh. Wkhuh'v wkh uhvshfw Wkdw pdnhv fdodplwb ri vr orqj olih. Iru zkr zrxog ehdu wkh zklsv dqg vfruqv ri wlph, Wk' rssuhvvru'v zurqj, wkh surxg pdq'v frqwxphob, Wkh sdqjv ri ghvslv'g oryh, wkh odz'v ghodb, Wkh lqvrohqfh ri riilfh, dqg wkh vsxuqv Wkdw sdwlhqw phulw ri wk' xqzruwkb wdnhv, ...

Hamlet 3/1 with Caesars cipher & +3 key

Ciphertext is the document/message encrypted using some cipher andreadable only to those who have the key. We are using document with key icon to represent ciphertext in diagrams. www.aldec.com

9

Encryption Encryption is the process of applying selected cipher and key tothe plaintext in order to obtain ciphertext (encrypted message).

Encryption

www.aldec.com

10

Decryption Decryption is the process of applying known key and cipher(in reverse) to the ciphertext in order to recover plaintext (original message).

Decryption

www.aldec.com

11

Cryptosystem Cryptosystem is a complete system encompassing all people,procedures, tools, ciphers, keys, and transmission channels involved in a secure data transfer.Encryption Decryption

Data transfer

Alice

Distance

Bob

www.aldec.com

12

How Encryption is Done

CIPHERSwww.aldec.com

13

Substitution Ciphers In this group of ciphers, each unit in the plaintext(letter, symbol or group of symbols) is replaced with some other unit.

The simplest example of substitution cipheris Caesars cipher we have seen in Basic Terms section.

Substitution ciphers can be easily broken, asdescribed in The Gold-Bug by Edgar Allan Poe or The Adventure of the Dancing Men Sherlock Holmes story by Sir Arthur Conan Doyle.

Substitution ciphers are no longer used alone, but can be a part oflarger (and safer) encryption schemes.www.aldec.com

14

Transposition Ciphers Transposition ciphers change position of symbols within themessage according to the predefined scheme.

Rail Fence Cipher a simple transposition cipher requires themessage to be written in a wave pattern and then read in regular rows:P D O E A I O T V

LA

N

IS

C

VE

R

DS

T

RT

T

ME

M

VE

D

OF

I

EP

M

PDOEAIOTV LNICVRDTRTMMVDOIEM ASESTEEFP

Transposition ciphers are too simple to be secure, but are still usedas a part of better encryption schemes.

www.aldec.com

15

Symmetric Ciphers All ciphers we have mentioned so far (and all ciphers in use untillate 20th century) have one thing in common: a secret key number or phrase that must be known to both sender and recipient of the message. Since both parties have to keep the key secret, those ciphers are known as symmetric ciphers or secret key ciphers.

Alice

We use single frame around the key to signify that it must be secret

Bob

www.aldec.com

16

Block Ciphers One class of modern symmetric ciphers performs encryption

on fixed-length chunks of data: we call them block ciphers. Originally 64 bit (8 characters) block size was used, now 128 bit (16 characters) blocks are more popular. Plaintext is divided into the block-size chunks before encryption; last chunk is padded to full block size if needed. Each chunk is encrypted the same way (with the same key) by identical encryption units. Internal operations of encryption unit consist of several rounds of substitutions, transpositions and logical operations. Each round gets its own key derived from the secret key using key schedule algorithm. Outputs of encryption units are merged into ciphertext.

www.aldec.com

17

Popular Block Ciphers DES (Data Encryption Standard) was announced in 1976 as a nationalstandard in the USA and quickly gained worldwide popularity.

DES uses 64 bit block and 56 bit keys. DES was broken in 22 hours in 1999, so it isno longer considered secure in critical applications.

AES (Advanced Encryption Standard), a DES successor,was announced in 2001 as a winner of 5 year long contest.

AES implements 128 bit block length. Uses 3 strengths of keys: 128 bit, 192 bit and 256 bit. All versions of AES are safe now, although 128 bit versionmay be broken in the nearest future.

Other block ciphers worth mentioning: 3DES, IDEA, Blowfish.www.aldec.com

18

ECB Trivial Block Cipher Mode The simplest mode of operation for block ciphers requires only theplaintext (divided into blocks and padded) and a secret key:Plaintext Padding

DES Encryption

DES Encryption

DES Encryption

Ciphertext

This mode of operation is called ECB (Electronic CodeBook);it looks OK, but has one serious problemwww.aldec.com

19

Pattern Preservation in ECB If we use DES-ECB to encrypt 64x64 pixel bitmap with 256 colors:

We will notice that ECB preserves patterns:

This property of ECB makes it useless in serious applications.Other block cipher modes of operation were created to address this issue.

www.aldec.com

20

CBC Practical Block Cipher Mode Cipher-Block Chaining mode (CBC) XORs each block of plaintext withthe ciphertext block from the previous encryption unit. Since the first unit has no predecessor, Initialization Vector (IV) is used with the first block of plaintext.Plaintext_1 IV Plaintext_2 . . .

XDES Encryption

XDES Encryption . . .

. . .Ciphertext_1 Ciphertext_2

*IV should be random, but does not have to be secret.

www.aldec.com

21

CBC vs. ECB CBC mode uses data from two neighboring units to avoid pattern

preservation. Lets compare results of encrypting our K bitmap using ECB and CBC modes:

ECBCBC

CBC is the most popular (but not the only one) block cipher modeof operation in practical applications.

www.aldec.com

22

Stream Ciphers Some applications require encryption performed very quickly on livestream of data audiovisual data transmission is a good example. Block ciphers a