Introduction to Network Security – Part 6

NOTIFICATION: These examples are provided for educational purposes. The use of this code and/or information is under your own responsibility and risk. The information and/or code is given ‘as is’. I do not take responsibilities of how they are used.

Poly-alphabetic Cipher

In the previous posting, we say that the mono-alphabetic cipher instead of shifting the alphabet a number of letters (Caesar cipher), its substitute each letter arbitrarily by mapping the plaintext letter map to a random arranged ciphertext. The only requirement for the ciphertext was that the letters must not be repeated. Now we are going to see a cipher that uses a set of related mono-alphabetic rules plus a key to determine which rule will be use to perform a transformation.

Vigenère Cipher

Encryption:

This cipher is similar to the Caesar cipher for the use of the 26 letters alphabet with the only different that we create a table in which:

  1. The columns represent the plain text
  2. The rows represent the key
  3. The alphabet inside the table is shifted to the right one letter one time for each letter of the alphabet key.

To be more clear, let take a quick look of the Caesar cipher table:
In this example, We started the alphabet on the letter ‘E’ because the key was 5.

Now, the Vigenère Cipher will apply this shifting 26 times, one time per row, for each letter of the alphabet that correspond to the key as follow:

Lets say that you have the following key “THIS  MESSAGE WAS FOR YOU”, and your key is “HELLO” then using the table:

We would obtain:

From a mathematical point of view we have:

  1. Lets assume that we take the letters of the alphabet from A to Z and be replace them with number starting from 0, for example: A = 0, B = 1, …, Z = 25.
  2. Since we have 26 letters in the alphabet, lets perform module of 26 on this equation.
  3. If ‘i’ is the letter position, P indicate the plaintext, K indicate the key, and C indicate the ciphertext then:
    C_i \equiv (P_i + K_i) \pmod {26}
    (For more information about the algebra involved in the Vigenère cipher: http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher)

Decryption

For decryption we only need to use a letter of the key to identify the row and the letter of the ciphertext in the row to identify the column, the letter designated to the column give us the plaintext letter.

From a mathematical point of view we have:

  1. Lets assume that we take the letters of the alphabet from A to Z and be replace them with number starting from 0, for example: A = 0, B = 1, …, Z = 25.
  2. Since we have 26 letters in the alphabet, lets perform module of 26 on this equation.
  3. If ‘i’ is the letter position, P indicate the plaintext, K indicate the key, and C indicate the ciphertext then:
    P_i \equiv (C_i - K_i) \pmod {26}
    (For more information about the algebra involved in the Vigenère cipher: http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher)

Security

This cipher is not secure. If two or more sequences are identical inside the plaintext, we run the risk that identical ciphertext sequence will be generated. The attacker can use these repetition in the ciphertext to make a deduction about what is the plaintext. The more plaintext is needed to encrypt, the more chances that the ciphertext can be broken or the key found.

As an example, lets assume we have the following:
Plaintext:   WE RUN WHEN WE WERE DISCOVER BY THEM
Key:             RUNNING NO RUNNING NO RUNNING NO

This would give us a ciphertext in which we can spot the repetitions:

The only way around this problem is by using the Autokey cipher.

Autokey Cipher

An auto-key cipher is the concept of generating a key that does not have a repetition cycle.

Instead of having a plaintext and a key such as this example:
Plaintext:   WE RUN WHEN WE WERE DISCOVER BY THEM
Key:             RUNNING NO RUNNING NO RUNNING NO

We could have the following key:
Plaintext:   WE RUN WHEN WE WERE DISCOVER BY THEM
Key:             RUNNING IS NOT THE SOLUTION THIS

This would give us a ciphertext with no repetitions:

One-Time Pad Cipher

The One-Time Pad cipher use a similar concept as the Auto-Key Cipher; however, the difference is the generation of a random key which is as long as the message. Also, it is required that at the end of the transmission, the random key generated must be destroyed.

The only problem is to find a secure way to distribute the random generated key between the principals.

Share

Introduction to Network Security – Part 4

NOTIFICATION: These examples are provided for educational purposes. The use of this code and/or information is under your own responsibility and risk. The information and/or code is given ‘as is’. I do not take responsibilities of how they are used.

Before we begin talking about encryption, decryption, and ciphers related topic, let go over some terminologies to have in account:

  • Cipher: An algorithm used for encryption.
    Link reference: <http://www.merriam-webster.com/dictionary/cipher>
  • Ciphertext: The encrypted(coded) message.
    Link reference: <http://cryptnet.net/fdp/crypto/crypto-dict/en/crypto-dict.html>
  • Cryptanalysis: Study of the principles and methods of deciphering a ciphertext without having the required key.
    Link reference: <http://en.wikipedia.org/wiki/Cryptanalysis>
  • Cryptography: Study of the principles and methods of encryption.
    Link reference: <http://en.wikipedia.org/wiki/Cryptography>
  • Cryptology: The study of cryptanalysis and cryptography.
    Link reference: <http://www.britannica.com/EBchecked/topic/145058/cryptology>
  • Deciphering: Also known as decryption. The act of transforming a ciphertext to the original plaintext.
    Link reference: <http://www.merriam-webster.com/dictionary/deciphering>
  • Decryption: Also known as deciphering. The act of transforming a ciphertext to the original plaintext.
  • Enciphering: Also known as encryption. The act of transforming a plaintext to a ciphertext.
    Link reference: <http://www.merriam-webster.com/dictionary/enciphering>
  • Encryption: Also know as enciphering. The act of transforming a plaintext to a ciphertext.
  • Plaintext: the original message to be encrypted.
    Link reference: <http://en.wikipedia.org/wiki/Plaintext>
  • Product: stages of transposition and substitutions performed.
    Link reference: <http://www.britannica.com/EBchecked/topic/477942/product-cipher>
  • Secret key: An input required for the encryption and/or decryption algorithms.
  • Substitution: Map each element in a plain text to another element.
    Link reference: <http://substitution.webmasters.sk/>
  • Transposition: Rearrange the elements in the plaintext
    Link reference: <http://mw1.meriam-webster.com/dictionary/transposition%20cipher>

Cryptography

A cryptographic system is characterized by the use of encryption operations, number of keys used for encryption and decryption, and the way in which the plain text is processed.

Encryption Operations: In order to encrypt a plaintext to a chipertext is required to perform multiple stages of transposition and substitution, also known as product.

  • Substitution: We take each element from the plaintext and mapped them to another element
  • Transposition: We  take each element in the plaintext and rearrange its order in such a way that it differ from the original plaintext.

To perform encryption and decryption, we use a key reference. We can categorize the encryption techniques as  symmetric, single, asymmetric, double, and/or public.

The plaintext can be processed by using a method of streams or blocks:

  • Stream: The plaintext is processed as a continuous set of elements in which each element is encrypted one at a time.
  • Blocks: The plaintext is divided in a set of blocks in which each block is encrypted one at a time.

Cryptanalysis

As explained in the terminology list, Cryptanalysis is purpose of decrypt an encrypted ciphertext without the knowledge of the key used for the encryption. One way is to attack the encryption system and recover the key used for the encryption instead of recovering the plaintext from a single ciphertext.
Cryptanalysis attacks are divided in two categories:

  1. Brute-force Attack: Every combination of a possible key is tested on the chipertext until the plaintext is obtained.
  2. Cryptanalytic Attack: The use of knowing some characteristic of the original plaintext such as some used keywords, language, format, plaintext to ciphertext pairs examples, and  knowledge of the possible algorithm used to decrypt the ciphertext.

Unconditional Security

We call unconditional security when a cipher cannot be broken by using a ciphertext and the plaintext that produced the ciphertext regardless of the computational power and time available. Up to day, there are no encryption algorithm that can be unconditional secure with the exception of the one-time pad encryption algorithm <http://www.ibm.com/developerworks/library/s-pads.html> which will be explained in the following postings.

Computational Security

Base on the cost-benefit of braking a cipher, a cipher may not be broker due:

  1. The cost of braking the cipher is greater than the value of the plaintext encrypted
  2. The time required to breaking the cipher exceed the usefulness lifetime of the plaintext encrypted
  3. Depending of the complexity of the cipher, there would be a limitation of computing resources and time.

Brute Force Search

As explained before, we call brute force to try every key combination possible to decrypt the ciphertext into plaintext. Before obtaining success, the attacker must try at least 50 percent of the possible keys; therefore, the probability of success may be proportional to the size of the key.

Lets assume we wish to have to option of using:

  1. DES encoding (56-bit) <http://groups.csail.mit.edu/cag/raw/benchmark/suites/des/README.html>.
  2. Triple DES (168-bit) <http://en.wikipedia.org/wiki/Triple_DES>
  3. AES (Greater than 128 bits) <http://www.aescrypt.com/>

Depending of which encryption we use, the time required to find the right key by brute force could be:

Share