SECURITY GOALS AND

ATTACKS
BASIC TERMINOLOGY

 Plaintext: original message to be encrypted

 Ciphertext: the encrypted message

 Enciphering or encryption: the process of converting plaintext

into ciphertext

 Encryption algorithm: performs encryption

 Two inputs: a plaintext and a secret key
7
 Deciphering or decryption: recovering plaintext from
ciphertext

 Decryption algorithm: performs decryption

 Two inputs: ciphertext and secret key

 Secret key: same key used for encryption and decryption

 Also referred to as a symmetric key

8
SYMMETRIC CIPHER MODEL

9
 Cipher or cryptographic system : a scheme for encryption and decryption

 Cryptography: science of studying ciphers

 Cryptanalysis: science of studying attacks against cryptographic systems

 Cryptology: cryptography + cryptanalysis

10
CIPHERS

 Symmetric cipher: same key used for encryption and

decryption
 Block cipher: encrypts a block of plaintext at a time

(typically 64 or 128 bits)

 Stream cipher: encrypts data one bit or one byte at a time

 Asymmetric cipher: different keys used for

encryption and decryption 11
SYMMETRIC ENCRYPTION

 or conventional / secret-key / single-key

 sender and recipient share a common key
 all classical encryption algorithms are symmetric
 The only type of ciphers prior to the invention of
asymmetric-key ciphers in 1970’s
 by far most widely used

12
SYMMETRIC ENCRYPTION

 Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)
 X = plaintext
 Y = cipher text
 K = secret key
 E = encryption algorithm
 D = decryption algorithm
 Both E and D are known to public
13
CRYPTANALYSIS

 Objective: to recover the plaintext of a ciphertext or,

more typically, to recover the secret key.

 Kerkhoff’s principle: the adversary knows all details

about a cryptosystem except the secret key.

 Two general approaches:

 brute-force attack
 non-brute-force attack (cryptanalytic attack)
14
BRUTE-FORCE ATTACK

 Try every key to decipher the ciphertext.

Key Size (bits) Number of Alternative Time required at 1 Time required at 106
 On average, need to try half of all possible keys
Keys decryption/µs decryptions/µs

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds


56
Time needed proportional
2 µs
to= 1142
size
years
of key space
10.01 hours
256 = 7.2  1016 55

128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation) 15
CRYPTANALYTIC ATTACKS

 May be classified by how much information needed

by the attacker:
 Cipher text-only attack

 Known-plaintext attack

 Chosen-plaintext attack

 Chosen-ciphertext attack
16
CIPHERTEXT-ONLY ATTACK

 Given: a cipher text c

 Q: what is the plaintext m?
 An encryption scheme is completely insecure if it cannot
resist ciphertext-only attacks.

17
KNOWN-PLAINTEXT ATTACK

 Given: (m1,c1), (m2,c2), …, (mk,ck) and a new ciphertext c.

 Q: what is the plaintext of c?

 Q: what is the secret key in use?

18
CHOSEN-PLAINTEXT ATTACK

 Given: (m1,c1), (m2,c2), …, (mk,ck), where m1, m2, …, mk are

chosen by the adversary; and a new ciphertext c.

 Q: what is the plaintext of c, or what is the secret key?

19
EXAMPLE: CHOSEN-PLAINTEXT ATTACK

 In 1942, US Navy cryptanalysts discovered that Japan was

planning an attack on “AF”.
 They believed that “AF” means Midway island.
 Pentagon didn’t think so.
 US forces in Midway sent a plain message that their freshwater
supplies were low.
 Shortly, US intercepted a Japanese ciphertext saying that “AF” was
low on water.
 This proved that “AF” is Midway.
20
CHOSEN-CIPHERTEXT ATTACK

 Given: (m1,c1), (m2,c2), …, (mk,ck), where c1, c2, …, ck are

chosen by the adversary; and a new ciphertext c.

 Q: what is the plaintext of c, or what is the secret key?

21
CLASSICAL CIPHERS

 Plaintext is viewed as a sequence of elements (e.g., bits

or characters)
 Substitution cipher: replacing each element of the
plaintext with another element.
 Transposition (or permutation) cipher: rearranging the
order of the elements of the plaintext.
 Product cipher: using multiple stages of substitutions
and transpositions
22
CAESAR CIPHER

 Earliest known substitution cipher

 Invented by Julius Caesar
 Each letter is replaced by the letter three positions further down the
alphabet.
 Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

 Example: ohio state  RKLR VWDWH

23
CAESAR CIPHER

 Mathematically, map letters to numbers:

a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
 Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
24

 Can be generalized with any alphabet.

CRYPTANALYSIS OF CAESAR CIPHER

 Key space: {0, 1, ..., 25}

 Vulnerable to brute-force attacks.
 E.g., break ciphertext "UNOU YZGZK“

 Need to recognize it when have the plaintext

 What if the plaintext is written in Swahili?

25
MONOALPHABETIC SUBSTITUTION CIPHER

 Shuffle the letters and map each plaintext letter to a different random ciphertext letter:

Plain letters: abcdefghijklmnopqrstuvwxyz

Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

 What does a key look like? 26

MONOALPHABETIC CIPHER SECURITY

 Now we have a total of 26! = 4 x 1026 keys.

 With so many keys, it is secure against brute-force attacks.

 But not secure against some cryptanalytic attacks.

 Problem is language characteristics.

27
LANGUAGE STATISTICS AND CRYPTANALYSIS

 Human languages are not random.

 Letters are not equally frequently used.

 In English, E is by far the most common letter, followed by T, R, N, I, O, A, S.

 Other letters like Z, J, K, Q, X are fairly rare.

 There are tables of single, double & triple letter frequencies for various
languages

28
ENGLISH LETTER FREQUENCIES

29
STATISTICS FOR DOUBLE & TRIPLE LETTERS

 In decreasing order of frequency

 Double letters:
th he an in er re es on, …

 Triple letters:
the and ent ion tio for nde, …
30
USE IN CRYPTANALYSIS

 Key concept: monoalphabetic substitution does not change relative letter

frequencies

 To attack, we

 calculate letter frequencies for ciphertext

 compare this distribution against the known one

31
EXAMPLE CRYPTANALYSIS
 Given ciphertext:

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
 Count relative letter frequencies
 Guess {P, Z} = {e, t}
 Of double letters, ZW has highest frequency, so guess ZW = th and hence ZWP =
the
 Proceeding with trial and error finally get:

it was disclosed yesterday that several informal but

direct contacts have been made with political
32

representatives of the viet cong in moscow

LETTER FREQUENCIES IN CIPHERTEXT

P 13.33 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00
S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00
U 8.33 V 4.17 T 2.50 I 0.83 N 0.00
O 7.50 X 4.17 A 1.67 J 0.83 R 0.00
M 6.67

33