Encryption and Decryption Algorithms

 —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  — —
Sup­port this Page: http://amzn.to/2kgnzrf
 — —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  —  — —

Encryp­tion and Decryp­tion Algorithms
Some Defin­i­tions:

A cryptosys­tem or cipher sys­tem dis­guises meth­ods so that only cer­tain people can see through the dis­guise’

cryp­to­graphy is the art of cre­at­ing and using cryptosys­tems

cryptoana­lys­is is the art of break­ing cryptosys­tems — look­ing through the dis­guise even when you are not sup­posed to be able to

crypto­logy is the study of both cryp­to­graphy and cryptoana­lys­is

plain­text is the ori­gin­al unen­cryp­ted mes­sage

cipher­text is the dis­guised encryp­ted mes­sage

encryp­tion is the pro­cess of con­vert­ing plain­text to cipher­text

decryp­tion is the reverse pro­cess — to con­vert cipher­text to plain­text

• A cryptosys­tem can be a set of labelled algorithms — the labels are called keys.

E.g. Juli­us Caesar didn’t trust his mes­sen­gers, so he used shift by n’ encryp­tion for dif­fer­ent val­ues of n. Every A was replaced by a D, a B by an E. (the key n=3)

recip­i­ents are people who are sup­posed to be able to see through the dis­guise (oth­er people would be eaves­drop­pers, enemies, oppon­ents, spies or third parties)

Encryp­tion and Decryp­tion Algorithms

Some crypt­ana­lyses per­formed dur­ing WWII by the Allies are still clas­si­fied

Clas­sic­al crypt­ana­lys­is involves ana­lyt­ic­al reas­on­ing, applic­a­tion of
math­em­at­ic­al tools, pat­tern find­ing, determ­in­a­tion and luck
Mod­ern crypt­ana­lys­is may con­sist of factor­ing integers or tak­ing log­ar­ithms

If f(x) = y and y is known, f is com­put­able, then you could find x by try­ing every pos­sible x. This is brute-for­ce search

For example: a crypt­ana­lyst has a plain­text and cor­res­pond­ing cipher­text, but does not know the key. He may simply encrypt the plain­text using every pos­sible key, until the cipher­text matches, or decrypt­ing the cipher­text to match the plain­text, whichever is faster.

Brute-for­ce search is imprac­tic­al for every well-designed cryptosys­tem because of the large key space

Tech­no­lo­gic­al advant­ages may well make brute-for­ce more prac­tic­al in some cases — e.g DES has 256 (or 1017) pos­sible keys and massively par­al­lel machines may threaten the secur­ity of DES again­st brute-for­ce saer­ch.

Encryp­tion and Decryp­tion Algorithms
Prop­er­ties of a Cryptosys­tem:

The secur­ity of a strong sys­tem resides with the secrecy of the key rather than the secrecy of the algorithm

A large key­space

Pro­duces cypher­text which appears ran­dom to statistal tests

Res­ists all known pre­vi­ous attacks (a sys­tem which has not been tested is sus­pect)

Some­times it can be shown math­em­at­ic­ally that a cryptosys­tem is strong (if x can break this sys­tem, than x can solve the well-known dif­fi­cult prob­lem of factor­ing integers)

Encryp­tion and Decryp­tion Algorithms
Example of Prac­tic­al Crypt­ana­lys­is: The enemy might assume cribs’ — stretches of prob­able plain­text. If this is cor­rect he might deduce the key and then decipher the remain­ing mes­sage

A stand­ard crypt­ana­lyt­ic attack con­sists of know­ing some plain­text match­ing a given piece of cipher­text and try­ing to determ­ine which key maps one to the oth­er. The plain­text might be known because it is stand­ard (a greet­ing, a head­er or trail­er) or because it was guessed.

If text is guessed to be in a mes­sage, the pos­i­tion will not be known, but a mes­sage is usu­ally short enough so that the crypt­ana­lyist can assume the known plain­text in every pos­sible pos­i­tion and attacks each case in par­al­lel. The known plain­text might be some­thing so com­mon that it is almost guar­an­teed to be in a mes­sage.

A strong encryp­tion algorithm is unbreak­able not only under known plain­text but also under ““adapt­ive chosen plain­text”” — the enemy gets to choose what plain­text to use and gets to do this over and over, choos­ing the plain­text for round N+1 only after ana­lys­ing the res­ult of round N

E.g. DES (Data Encryp­tion Stand­ard — an algorithm for encrypt­ing or decrypt­ing 64 bits of data using a 56 bit key, widely used in the fin­an­cial world) is reas­on­ably strong even under an adapt­ive chosen plain­text attack and triple-DES is very strong under all attacks

Encryp­tion and Decryp­tion Algorithms
Kinds of crypt­ana­lyt­ic attacks: hardest to attack first

cypher­text only: the attack­er has only the encoded mes­sage to work with to deduce the plain­text, with no know­ledge of the lat­ter. This is pos­sible and the code’s res­ist­ance to it is con­sidered the basis of its cryp­to­graph­ic secur­ity

known plain­text: the attack­er knows the plain­text and cor­res­pond­ing cypher­text of an arbit­rary mes­sage not of his choos­ing. The par­tic­u­lar mes­sage of the sender’s is said to be com­prom­ised’. In some sys­tems one known cypher­text-plain­text pair will com­prom­ise the over­all sys­tem, res­ist­ance to this is essen­tial for a secure code.

chosen plain­text: the attack­er can find the cypher­text cor­res­pond­ing to any arbit­rary plain­text mes­sage of his choos­ing

chosen cypher­text: the attack­er can choose arbit­rary cypher­text and find the cor­res­pond­ing decryp­ted plain­text (this can show in pub­lic key sys­tems, where it may reveal the private key)

adapt­ive chosen plain­text: the attack­er can determ­ine the cypher­text of chosen plain­texts in an interactive/iterative pro­cess based on pre­vi­ous res­ults. This also a meth­od for attack­ing pro­duct ciphers, called dif­fer­en­tial crypt­ana­lys­is’

Encryp­tion and Decryp­tion Algorithms
What is a private-key cryptosys­tem?

private-key cryptosys­tem con­sists of an encryp­tion sys­tem E and a
decryp­tion sys­tem D
The encryp­tion sys­tem E is a col­lec­tion of func­tions EK indexed by the keys K, map­ping a set of plain­texts P to a set of cipher­texts C

The decryp­tion sys­tem D is a col­lec­tion of func­tions DK such that DK(EK℗) = P for every plain­text P

This means that suc­cess­ful decryp­tion of cipher­text into plain­text is accom­plished using the same key (index) as was used for the cor­res­pond­ing encryp­tion of plain­text into cipher­text

Such sys­tems where the same key value is used both to encrypt and decrypt are also called ““sym­met­ric cryptosys­tems””.

Encryp­tion and Decryp­tion Algorithms
what is a pro­duct cipher?

A pro­duct cipher is a block cipher that iter­ates sev­er­al weak oper­a­tions such as trans­pos­i­tion, sub­sti­tu­tion, mod­u­lar addition/multiplication and lin­ear trans­form­a­tions.

A block cipher is a cipher that encrypts a block of data (e.g. 8 bytes) all at once, and then goes on to the next block

Examples: The DES cipher uses a block length of 64 bits of data using 56 key bits. The LOKI cipher uses a block length of 64 bits of data and 64 key bits. DES is the U.S. Government’s Data Encryp­tion Stand­ard defined in FIPS (Fed­er­al Inform­a­tion Pro­cessing Stand­ards) pub­lished in 1988, identic­al to ANSI DEA (Data Encryp­tion Algor­itm) defined in ANSI X3.92 – 1981.

Triple DES is a pro­duct cipher which oper­ates on 64 bit blocks like DES. Each form of Triple DES uses the DES cipher 3 times. Some forms use two 56 bit keys, oth­ers use three.

Encryp­tion and Decryp­tion Algorithms
DES Encryp­tion

DES is avail­able both in soft­ware and hard­ware

Some ftp sites provide DES code, oth­er books con­tain DES algorithms

The stand­ard claims the algorithm must be imple­men­ted in hard­ware, nev­er­the­less many soft­ware imple­ment­a­tions exist

Some hard­ware imple­ment­a­tions are claimed to exist

DES is not inten­ded to pro­tect ““clas­si­fied data”” accord­ing to FIPS 46 – 1

Secur­ity Prob­lems in Com­puter Man­age­ment 1

• Tra­di­tion­al secur­ity prob­lems — 30 years ago

Com­puter rooms were locked

Insider threats e.g author­ised users mis­us­ing accounts

• Com­put­ing in the 00’s

Most sys­tems are inter­con­nec­ted through the Inter­net (Someone could steal your pass­word while your build­ing is locked up)

Vir­uses and Worms can be spread (even by email attach­ments, VB scripts, infec­ted word doc­u­ments)

Vul­ner­ab­il­it­ies in a sys­tem can be util­ised by individuals/malware -Aliz worm uses MS vul­ner­ab­il­ity to execute

Secur­ity Prob­lems in Com­puter Man­age­ment 2

The fol­low­ing is the basic approach as sug­ges­ted in RFC 1244.

What are you try­ing to pro­tect?

What are you pro­tect­ing it from?

How likely are the threats?

Imple­ment meas­ures which will pro­tect your assets in a cost-effect­ive man­ner

Review this pro­cess, and improve things each time a weak­ness is found.

Secur­ity Prob­lems in Com­puter Man­age­ment 3