1Basic Concepts of CryptologyECE 646 - Lecture 2CRYPTOLOGYCRYPTOGRAPHY CRYPTANALYSISfrom Greekcryptos - hidden, secretlogos - wordgraphos - writing2Basic Vocabularyciphertext(cryptogram,encrypted message)message(plaintext,clear message)message(plaintext,clear message)MCMencryption(encipherment)decryption(decipherment)Sender ReceiverCryptosystem (Cipher)messageciphertextcryptographickeyN bitsM bitsK bits3Definition of a cryptosystem (cipher)MCfamily of encipheringtransformationsfamily of decipheringtransformationsKkey Kmessage spaceciphertext spacekey spaceenciphering transformation EK(M)deciphering transformation DK(C)K ∈ KM ∈ MDK(EK(M)) = MSubstitution CipherKey =a b c d e f g h i j k l m n o p q r s t u v w x y zf q i s h n c v j t y a u w d r e x l b m z o g k p TO BE OR NOT TO BEBD QH DX WDB BD QHTO BE OR NOT TO BEencipheringdecipheringNumber of keys = 26! ≈ 4 ⋅ 10264Kerckhoff’s principleThe security of a cipher MUST NOT depend on anything that cannot be easily changedA. Kerckhoff, 1883Unpublished vs. published algorithm?Unpublished algorithmPublished algorithm1. Cryptanalysis must include recovering the algorithm2. Smaller number of users, smaller motivation to break3. Unavailable for other countries1. The only reliable way of assessing cipher security2. Prevents backdoors hiddenby designers3. Large number of implementations= low cost + high performance4. No need for anti-reverse-engineering protection5. Software implementations6. Domestic and international standardization5Fundamental Tenet of CryptographyIf lots of smart people have failed to solve a problem, then it probably will not be solved anytime soon.Security of unpublished ciphersCommercial packages cracking unpublished encryption schemes built-in:• MS Word, MS Excel, MS Money• Word-Perfect, ProWrite, Data Perfect• Lotus 1-2-3, Symphony, Quattro-Pro• Paradox, Semantec’s Q&A• PKZipTime: 1-2 minutes for old versions of programsup to several days for new versions of someprogramsPrice: ~ $99 per moduleCompanies: Access DataCrak SoftwarePasswords recovered even for empty files!6Access Data – DNA: Distributed Network Attack• client-server application• DNA client runs in the background, only takingunused processor time• performs an exhaustive key search on Office ‘97Office 2000, and Adobe Acrobat encrypted documentsExpected recovery times (500 MHz, Intel machines, MS Word):Product Maximum Time Expected 5 Client Network 11 days 5.5 days10 Client Network 5.5 days 2.75 days25 Client Network 2.5 days 1.25 days50 Client Network 1.25 days 0.5 day100 Client Network 12 hours 6 hours Breaking ciphers used in GSM, 1999 (1)GSM - world’s most widely used mobile telephone system• 51% market share of all cellular phones, both analog and digital• over 215 million subscribers in America, Europe, Asia, Africa, and Australia• In the US, GSM employed in the "Digital PCS" networks of Pacific Bell, Bell South, Omnipoint, etc.Two voice encryption algorithms:A5/1 and A5/2encrypt voice between the cell phone and the base station7Breaking ciphers used in GSM (2)Both voice encryption algorithms • never published• designed and analyzed by the secretive "SAGE" group (part of ETSI – European TelecommunicationsStandard Institute)• A5/1 believed to be based on the modified French naval cipherBoth algorithms reverse-engineered by"Marc Briceno" with the Smartcard Developer Associationpublished by the Berkeley groupA5/1 in May 1999,A5/2 in August 1999Breaking ciphers used in GSM (3)Published attacksMay 1999, Jovan GolicNumber of operations in the attack ~ 240A5/1December 1999, Alex Biryukov and Adi ShamirLess than 1 second on a single PC with 128 MB RAM and two 73 GB hard disks.Based on the analysis of the A5/1 output during the first two minutes of the conversation.A5/2August 1999, Ian Goldberg and David Wagner, U.C. BerkeleyNumber of operations in the attack ~ 2168Features required from today’s ciphersSTRENGTHFUNCTIONALITY• easy key distribution• digital signaturesPERFORMANCESoftware or hardware?SOFTWAREHARDWAREsecurity of dataduring transmissionflexibility(new cryptoalgorithms,protection against new attacks)speedrandom keygenerationaccess controlto keystamper resistance(viruses, internal attacks)low cost9Basic hardware implementations of cryptography• VLSI chip (ASIC, FPGA)• smart card• PCMCIA card• cryptographic card• stand-alone cryptographic deviceApplications most suitable forhardware implementations• hardware accelerators for security gateways and routers• wireless communications• universal smart cards for electronic commerce• electronic wallet• Certificate Authority - center for registration of public keys• key-escrow cryptography• military devices• high-grade security devices10Evolution of cryptography and cryptanalysiscryptographycryptanalysis200019901980197019401920mathematicsengineeringphysicsDES RSAECCstatisticsnumber theoryrotor machinesencipheringdevicesintegratedcircuitssoftwarepackagesoperatingsystemsquantum cryptographymathematicsengineeringphysicsstatisticspermutation theorycryptographicbombsspecial-purposemachinessupercomputerscomputernetworksquantum computingcomputersnumber
View Full Document