Encryption and Decryption Algorithms

Support this Page: http://amzn.to/2kgnzrf

Encryption and Decryption Algorithms
Some Definitions:

A cryptosystem or cipher system disguises methods so that only certain people can see through the ‘disguise’

cryptography is the art of creating and using cryptosystems

cryptoanalysis is the art of breaking cryptosystems — looking through the disguise even when you are not supposed to be able to

cryptology is the study of both cryptography and cryptoanalysis

plaintext is the original unencrypted message

ciphertext is the disguised encrypted message

encryption is the process of converting plaintext to ciphertext

decryption is the reverse process — to convert ciphertext to plaintext

• A cryptosystem can be a set of labelled algorithms — the labels are called keys.

E.g. Julius Caesar didn’t trust his messengers, so he used ‘shift by n’ encryption for different values of n. Every A was replaced by a D, a B by an E. (the key n=3)

recipients are people who are supposed to be able to see through the disguise (other people would be eavesdroppers, enemies, opponents, spies or third parties)

Encryption and Decryption Algorithms

Some cryptanalyses performed during WWII by the Allies are still classified

Classical cryptanalysis involves analytical reasoning, application of
mathematical tools, pattern finding, determination and luck
Modern cryptanalysis may consist of factoring integers or taking logarithms

If f(x) = y and y is known, f is computable, then you could find x by trying every possible x. This is brute-force search

For example: a cryptanalyst has a plaintext and corresponding ciphertext, but does not know the key. He may simply encrypt the plaintext using every possible key, until the ciphertext matches, or decrypting the ciphertext to match the plaintext, whichever is faster.

Brute-force search is impractical for every well-designed cryptosystem because of the large key space

Technological advantages may well make brute-force more practical in some cases — e.g DES has 2^56 (or 10^17) possible keys and massively parallel machines may threaten the security of DES against brute-force saerch.

Encryption and Decryption Algorithms
Properties of a Cryptosystem:

The security of a strong system resides with the secrecy of the key rather than the secrecy of the algorithm

A large keyspace

Produces cyphertext which appears random to statistal tests

Resists all known previous attacks (a system which has not been tested is suspect)

Sometimes it can be shown mathematically that a cryptosystem is strong (if x can break this system, than x can solve the well-known difficult problem of factoring integers)

Encryption and Decryption Algorithms
Example of Practical Cryptanalysis: The enemy might assume ‘cribs’ — stretches of probable plaintext. If this is correct he might deduce the key and then decipher the remaining message

A standard cryptanalytic attack consists of knowing some plaintext matching a given piece of ciphertext and trying to determine which key maps one to the other. The plaintext might be known because it is standard (a greeting, a header or trailer) or because it was guessed.

If text is guessed to be in a message, the position will not be known, but a message is usually short enough so that the cryptanalyist can assume the known plaintext in every possible position and attacks each case in parallel. The known plaintext might be something so common that it is almost guaranteed to be in a message.

A strong encryption algorithm is unbreakable not only under known plaintext but also under “”adaptive chosen plaintext”” — the enemy gets to choose what plaintext to use and gets to do this over and over, choosing the plaintext for round N+1 only after analysing the result of round N

E.g. DES (Data Encryption Standard — an algorithm for encrypting or decrypting 64 bits of data using a 56 bit key, widely used in the financial world) is reasonably strong even under an adaptive chosen plaintext attack and triple-DES is very strong under all attacks

Encryption and Decryption Algorithms
Kinds of cryptanalytic attacks: hardest to attack first

cyphertext only: the attacker has only the encoded message to work with to deduce the plaintext, with no knowledge of the latter. This is possible and the code’s resistance to it is considered the basis of its cryptographic security

known plaintext: the attacker knows the plaintext and corresponding cyphertext of an arbitrary message not of his choosing. The particular message of the sender’s is said to be ‘compromised’. In some systems one known cyphertext-plaintext pair will compromise the overall system, resistance to this is essential for a secure code.

chosen plaintext: the attacker can find the cyphertext corresponding to any arbitrary plaintext message of his choosing

chosen cyphertext: the attacker can choose arbitrary cyphertext and find the corresponding decrypted plaintext (this can show in public key systems, where it may reveal the private key)

adaptive chosen plaintext: the attacker can determine the cyphertext of chosen plaintexts in an interactive/iterative process based on previous results. This also a method for attacking product ciphers, called ‘differential cryptanalysis’

Encryption and Decryption Algorithms
What is a private-key cryptosystem?

private-key cryptosystem consists of an encryption system E and a
decryption system D
The encryption system E is a collection of functions EK indexed by the keys K, mapping a set of plaintexts P to a set of ciphertexts C

The decryption system D is a collection of functions DK such that DK(EK(P)) = P for every plaintext P

This means that successful decryption of ciphertext into plaintext is accomplished using the same key (index) as was used for the corresponding encryption of plaintext into ciphertext

Such systems where the same key value is used both to encrypt and decrypt are also called “”symmetric cryptosystems””.

Encryption and Decryption Algorithms
what is a product cipher?

A product cipher is a block cipher that iterates several weak operations such as transposition, substitution, modular addition/multiplication and linear transformations.

A block cipher is a cipher that encrypts a block of data (e.g. 8 bytes) all at once, and then goes on to the next block

Examples: The DES cipher uses a block length of 64 bits of data using 56 key bits. The LOKI cipher uses a block length of 64 bits of data and 64 key bits. DES is the U.S. Government’s Data Encryption Standard defined in FIPS (Federal Information Processing Standards) published in 1988, identical to ANSI DEA (Data Encryption Algoritm) defined in ANSI X3.92–1981.

Triple DES is a product cipher which operates on 64 bit blocks like DES. Each form of Triple DES uses the DES cipher 3 times. Some forms use two 56 bit keys, others use three.

Encryption and Decryption Algorithms
DES Encryption

DES is available both in software and hardware

Some ftp sites provide DES code, other books contain DES algorithms

The standard claims the algorithm must be implemented in hardware, nevertheless many software implementations exist

Some hardware implementations are claimed to exist

DES is not intended to protect “”classified data”” according to FIPS 46–1

Security Problems in Computer Management 1

• Traditional security problems — 30 years ago

Computer rooms were locked

Insider threats e.g authorised users misusing accounts

• Computing in the 00’s

Most systems are interconnected through the Internet (Someone could steal your password while your building is locked up)

Viruses and Worms can be spread (even by email attachments, VB scripts, infected word documents)

Vulnerabilities in a system can be utilised by individuals/malware -Aliz worm uses MS vulnerability to execute

Security Problems in Computer Management 2

The following is the basic approach as suggested in RFC 1244.

What are you trying to protect?

What are you protecting it from?

How likely are the threats?

Implement measures which will protect your assets in a cost-effective manner

Review this process, and improve things each time a weakness is found.

Security Problems in Computer Management 3