ECEG-6530

Computer (and Network) Security

Security notions for private-key

encryption
TYPE OF DEFINITION
ATTACK
Spam is the receipt of unsolicitied email. While many consider spam simply a
SPAM nuisance rather than an attack, it has been used as a means of making malicious
code attacks more effective (Whitman & Mattford, 2009).
Viruses are programs that piggyback on other executable programs. In fact,
VIRUSES viruses are not structured to exist by themselves. When the program to which a
virus is attached is executed, the virus code is also executed and performs its
actions. Some viruses can delete files and cause entire systems to become
unstable while, other viruses do not perform any malicious act except to spread
themselves to other systems (Coyle, 2008).
Worms do not have to be attached to a host document to spread, but can travel
WORMS independently. A worm does not always require action by the computer user to
start, and worms can replicate themselves.

Spyware is software installed on a computer without the consent of the owner

SPYWARE that monitors or controls the owner’s computer. It can also be used to redirect
the end user to certain web sites, monitor Internet surfing, or record keystrokes
(http://www.ftc.gov/spyware).

Phishing as defined by the National Consumers League (NCL) is using the

PHISHING Internet to fraudulently gather personal data about a consumer (Fraud.org).
Some examples
 Shift cipher
 Substitution cipher
 Vigenere cipher
The Shift Cipher
Let P  C  K  26 . For 0  k  25, define
ek ( p )  ( p  k )mod26 ( p  26 )
and
d k (c )  (c  k )mod26 (c  26 )

 Once a key is chosen, this cipher maps each alphabetic character

to a unique alphabetic character. Such ciphers are called mono
alphabetic.
 The Shift Cipher has only 26 distinct keys!
 The famous Caesar Cipher is the Shift Cipher with k = 3.

4
The Shift Cipher
A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

 In order to encrypt a plaintext string, using a given key, we

have to perform the following operations:
– Convert the string to a sequence of integers
– Add value of the key to each integer, reducing each sum
modulo 26
– Convert the sequence of integers to a ciphertext string
 Decryption works in a similar way. However to decrypt a
ciphertext one should subtract value of the key from each
integer instead of adding it.

5
The Shift Cipher
Example:
 We will encrypt “julius” using the Shift Cipher with key k = 3.

 First convert the plaintext to a sequence of integers

(9 20 11 8 20 18)

 Next, we add 3 to each value, reducing each sum modulo 26 if needed

(12 23 14 11 23 21)

 The last step is to convert the integers to alphabetical characters

“MXOLXV”

6
The Substitution Cipher
Let P  C. K consists of all possible permutations
of the 26 symbols 1,2,3,...,25. For each permutation
k  K , define
ek ( p )  k ( p )
and
d k (c )  k 1( p )
where k 1 is the inverse permutation to k.

 The Substitution Cipher is a monoalphabetic cipher.

 It is one of the oldest known ciphers.
 26! possible keys. Yet it is not difficult to break.
Especially if the given cipher text length is greater than
50 symbols.

7
The Substitution Cipher
a b c d e f g h i j k l m

M I B A U P E G Z S C Y W

n o p q r s t u v w x y z

Q F D R T V X H O K J L N

 To encrypt a plaintext message one has to substitute all

letters in the original text with the corresponding
ciphertext letters, using the permutation function.
 For decryption the inverse permutation is used.
 Using the table above one can encipher “secret” to
“VUBTUX”.

8
The Substitution Cipher
A substitution cipher replaces one symbol with another.
Substitution ciphers can be categorized as either
monoalphabetic ciphers or poly alphabetic ciphers.

Note

A substitution cipher replaces one symbol with

another.

1.Monoalphabetic Ciphres
2.Polyalphabetic Ciphers

9
 1 Monoalphabetic Ciphers

Note

In monoalphabetic substitution, the

relationship between a symbol in the
plaintext to a symbol in the cipher text is
always one-to-one.

10
3.2.1 Continued
Additive Cipher

The simplest monoalphabetic cipher is the additive cipher.

This cipher is sometimes called a shift cipher and sometimes
a Caesar cipher, but the term additive cipher better reveals its
mathematical nature.

Figure 3.8 Plaintext and ciphertext in Z26

11
3.2.1 Continued
Figure 3.9 Additive cipher

Note

When the cipher is additive, the plaintext,

ciphertext, and key are integers in Z26.

12
3.2.1 Continued
Example 3.3
Use the additive cipher with key = 15 to encrypt the
message “hello”.

Solution
We apply the encryption algorithm to the plaintext,
character by character:

13
3.2.1 Continued
Example 3.4

Use the additive cipher with key = 15 to decrypt the message

“WTAAD”.
Solution
We apply the decryption algorithm to the plaintext character
by character:

14
3.2.1 Continued
Shift Cipher and Caesar Cipher

Historically, additive ciphers are called shift ciphers. Julius

Caesar used an additive cipher to communicate with his
officers. For this reason, additive ciphers are sometimes
referred to as the Caesar cipher. Caesar used a key of 3 for his
communications.

Note

Additive ciphers are sometimes referred to as

shift ciphers or Caesar cipher.

15
3.2.1 Continued
Example 3.5
Eve has intercepted the cipher text “UVACLYFZLJBYL”. Show how she
can use a brute-force attack to break the cipher.

Solution
Eve tries keys from 1 to 7. With a key of 7, the plaintext is
“not very secure”, which makes sense.

16
Caesar Cipher
 The earliest known use of a substitution cipher, and the simplest, was by Julius
Caesar. The Caesar cipher involves replacing each letter of the alphabet with
the letter standing three places further down the alphabet. For example,
 plain: meet me after the toga party
 cipher: PHHW PH DIWHU WKH WRJD SDUWB

Note that the alphabet is wrapped around, so that the letter following Z is A.
We can define the transformation by listing all possibilities, as follows:
 plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
 cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 Let us assign a numerical equivalent to each letter:
 ab cdefghIjklmnopqrstuvwxyz
 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the
ciphertext letter C:[2]
 [2] We define a mod n to be the remainder when a is divided by n.
For example, 11 mod 7 = 4
 C = E(3, p) = (p + 3) mod 26
 A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
 where k takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D(k, C) = (C k) mod 26
 If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis
is easily performed:
Simply try all the 25 possible keys. Figure 2.3 shows the results of applying this strategy
to the example ciphertext. In this case, the plaintext leaps out as occupying the third line.
Three important characteristics of this problem enabled us
to use a brute-force cryptanalysis:
1.The encryption and decryption algorithms are known.
2.There are only 25 keys to try.
3.The language of the plaintext is known and easily
recognizable.
3.2.1 Continued
Multiplicative Ciphers

Figure 3.10 Multiplicative cipher

P c

Note

In a multiplicative cipher, the plaintext and

ciphertext are integers in Z26; the key is an integer
in Z26*.
20
3.2.1 Continued
Example 3.7
What is the key domain for any multiplicative cipher?
Solution
The key needs to be in Z26*. This set has only 12 members:
1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25.
Example 3.8
We use a multiplicative cipher to encrypt the message
“hello” with a key of 7. The ciphertext is “XCZZU”.

21
The Vigenère Cipher
Let m be a positive integer. Define P  C  K  ( 26 )m .
For a key k  (k1, k 2 ,..., k m ), we define
ek ( p1, p2 ,..., pm )  ( p1  k1, p2  k 2 ,..., pm  k m )
and
d k (c1, c2 ,..., cm )  (c1  k1, c2  k 2 ,..., cm  k m ),
where all operations are performed in 26 .

 The Vigenère Cipher is a polyalphabetic cipher. Thus the cipher

can map an alphabetic character to several other characters.
 This cipher is named after Blaise de Vigenère (16th century). Yet it
was first described by Giovan Batista Belaso in 1553.
 The number of possible keywords of length m is 26m.

22
The Vigenère Cipher
A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

 To encipher a message we again make use of the table

– Both the key and the original plaintext have to be written as
sequence of integers.
– An integer string corresponding to the message is split on n
blocks of size m, where m is length of the key.
– The keyword is added (modulo 26) to each block.
 Decryption is similar, except that the keyword is
subtracted (modulo 26) from each ciphertext block.

23
The Vigenère Cipher
A simple example:
 The plaintext is “attackatdawn” and the keyword is “cipher”, thus m = 6.

 The numerical equivalent of k is (2 8 15 7 4 17).

The plaintext can be written using integers as
(0 19 19 0 2 10 0 19 3 14 22 13).

 Now we split the plaintext message in two blocks of six, and add the keyword modulo
26 to each of them
0 19 19 0 2 10 0 19 3 14 22 13
2 8 15 7 4 17 2 8 15 7 4 17
2 1 8 7 6 1 2 1 18 21 0 4
 Thus the ciphertext is “CBIHGBCBSVAE”.

24
The Vigenere Cipher
A simple example (cont.):
 To decrypt the ciphertext “CBIHGBCBSVAE”, we follow the same sequence of steps.

 The numerical equivalent of k is (2 8 15 7 4 17).

The ciphertext can be written using integers as
(2 1 8 7 6 1 2 1 18 21 0 4).

 Now subtract the keyword modulo 26 from the ciphertext

2 1 8 7 6 1 2 1 18 21 0 4
2 8 15 7 4 17 2 8 15 7 4 17
0 19 19 0 2 10 0 19 3 14 22 13
 We were able to recover the original plaintext, which is “attackatdawn”.

25
Attacks?
 Shift cipher
– Key space is too small!
– Insecure against ciphertext-only attack
• Frequency analysis
• Index of coincidence
– If an attacker can recover they key, a scheme is
clearly insecure
Attacks?
 Substitution cipher
– Much larger key space
– Still not secure against ciphertext-only attack
(frequency analysis, digrams, trial and error)
– Having a large key space is necessary, but not
sufficient, to guarantee security…
• (Note that adversary can still recover the key)
Attacks?
 Vigenere cipher
– Index of coincidence
• Random text has index:  (26)-2 = 0.038
• English text has index:  (pi)2 = 0.065
– Can distinguish substitution and Vigenere
ciphers; if the latter, can determine key length
– Can further use this to determine key
Attacks
 Ciphertext only
 Known plaintext
 Chosen plaintext
 Chosen ciphertext (includes chosen
plaintext attacks)
Attacks…
 A typical standard is security against
chosen-plaintext attacks
 Security against chosen-ciphertext attacks is
increasingly required
 Note that the one-time pad is insecure
against known-plaintext attack
Randomized encryption
 To be secure against chosen-plaintext
attack, encryption must be randomized
Data Encryption Standard (DES)
 Developed in 1977 by NBS
 56-bit key, 64-bit input/output
– A 64-bit key is derived from 56 random bits
– One bit in each octet is a parity-check bit
– The “short” key length is a major concern…
DES: High-level description
 Encryption proceeds in a sequence of 16
rounds
 Each round uses a 48-bit key (derived from
the main key), acts on a 64-bit input, and
produces a 64-bit output
DES: High-level description
 Each round proceeds as follows:
– Input is divided into (L, R)
– L’ = R
– R’ = L  F(K, R), where K is the round key
– F is a non-invertible function!
• But we will see that decryption is still possible
– (L’, R’) is then permuted in some fixed way to
give the output at that round
3-DES
 Expands the key length
 Now, key K = (K1, K2); |K| = 112
 The “new” block cipher is just:
– EK1,K2(m) = DESK1(DES-1K2(DESK1(m)))
 This is a permutation, and invertible…
Concerns about DES
 Short key length
– DES “cracker”, built for $250K, can break DES
in days
– Distributing the computation makes it faster
 Some (theoretical) attacks have been found
 Non-public design process
 3-DES is fairly slow
 DES
 The 64-bit input is subjected to an initial permutation to obtain a 64-bit result
(which is just the input with the bits shuffled). The 56-bit key is used to
generate sixteen 48-bit per-round keys, by taking a different 48-bit subset of
the 56 bits for each of the keys. Each round takes as input the 64-bit output of
the previous round, and the 48-bit per-round key, and produces a 64-bit
output. After the 16th round, the 64-bit output has its halves swapped and is
then subjected to another permutation, which happens to be the inverse of the
initial permutation.
 That is the overview of how encryption works. Decryption works by
essentially running DES backwards. To decrypt a block, you'd first run it
through the initial permutation to undo the final permutation (the initial and
final permutations are inverses of each other). You'd do the same key
generation, though you'd use the keys in the opposite order (first use K 16, the
key you generated last). Then you run 16 rounds just like for encryption. Why
this works will be explained when we explain what happens during a round.
After 16 rounds of decryption, the output has its halves swapped and is then
subjected to the final permutation (to undo the initial permutation).