lecture1 on Cyber Security and Phishint Tectis
fitfalcon0900
9 views
44 slides
Aug 21, 2024
Slide 1 of 44
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
About This Presentation
A lecture on Cyber Security
Slide Content
David Evans
http://www.cs.virginia.edu/~evans
CS551: Security and Privacy
University of Virginia
Computer Science
CS551: Security and Privacy on the Internet
Lecture 1: Introduction
With a magnetic card and his dog Buddy's name as a
password, President Clinton e-signed a bill Friday that will
make electronic signatures as real as those on paper.
FoxNews, 30 June 2000
http://www.cs.virginia.edu/~evans
CS551: Security and Privacy
University of Virginia
Computer Science
CS551: Security and Privacy on the Internet
Lecture 1: Introduction
With a magnetic card and his dog Buddy's name as a
password, President Clinton e-signed a bill Friday that will
make electronic signatures as real as those on paper.
FoxNews, 30 June 2000
30 Aug 2000 University of Virginia CS 551 2
Menu
•Course Introduction
–Course Overview
–Course Logistics: details on Syllabus
•Introduction to Cryptology
–Terminology
–A simple substitution cipher
–History
Send registration email by noon tomorrow.
Menu
•Course Introduction
–Course Overview
–Course Logistics: details on Syllabus
•Introduction to Cryptology
–Terminology
–A simple substitution cipher
–History
Send registration email by noon tomorrow.
30 Aug 2000 University of Virginia CS 551 3
Resources
•Staff:
–Instructor: David Evans (call me “Dave”)
[email protected]
Office Hours (236A):
Mondays 1:30-2:30; Wednesdays after class
Research: code safety, static analysis, constraining
behavior of swarms
–TA: Siddarth Dalai, [email protected]
CS Library: Tuesday, 3:30-4:30; Friday, 2:00-3:00
•Web:
http://www.cs.virginia.edu/cs551-security
Resources
•Staff:
–Instructor: David Evans (call me “Dave”)
[email protected]
Office Hours (236A):
Mondays 1:30-2:30; Wednesdays after class
Research: code safety, static analysis, constraining
behavior of swarms
–TA: Siddarth Dalai, [email protected]
CS Library: Tuesday, 3:30-4:30; Friday, 2:00-3:00
•Web:
http://www.cs.virginia.edu/cs551-security
30 Aug 2000 University of Virginia CS 551 4
Course Overview
•Cryptology
–Classical ciphers, symmetric key, public-key
•Applications
–Passwords, key-exchange protocols,
message authentication, digital cash
•System Security
–Access control, malicious code, intrusion
detection, other topics
Course Overview
•Cryptology
–Classical ciphers, symmetric key, public-key
•Applications
–Passwords, key-exchange protocols,
message authentication, digital cash
•System Security
–Access control, malicious code, intrusion
detection, other topics
30 Aug 2000 University of Virginia CS 551 5
Why you should take this course?
Cryptography plays a central role in
human history.
More than anything else, survival of
humanity depends on computer
security.
Reason #1: Fate of Humanity
Why you should take this course?
Cryptography plays a central role in
human history.
More than anything else, survival of
humanity depends on computer
security.
Reason #1: Fate of Humanity
30 Aug 2000 University of Virginia CS 551 6
Why you should take this course?
Reason #2: Intellectual
Security is about making and solving
puzzles.
Purest form of intellectual endeavor.
Why you should take this course?
Reason #2: Intellectual
Security is about making and solving
puzzles.
Purest form of intellectual endeavor.
30 Aug 2000 University of Virginia CS 551 7
Why you should take this course?
Reason #3: Be like Tom
Mr. Jefferson would have wanted you to.
Why you should take this course?
Reason #3: Be like Tom
Mr. Jefferson would have wanted you to.
30 Aug 2000 University of Virginia CS 551 8
Bad reasons to take this class
•You want to write the ultimate
destructive virus.
•You want to break into (UVA’s | the
CIA’s | your bank’s) computer
systems.
Bad reasons to take this class
•You want to write the ultimate
destructive virus.
•You want to break into (UVA’s | the
CIA’s | your bank’s) computer
systems.
30 Aug 2000 University of Virginia CS 551 9
How to get an A in CS551
Problem Sets (40-50%)
4 throughout term (1
st
is due 11 Sept)
Project (30-50%)
Teams of 1 – 4
Can involve design/implementation
Can involve survey/analysis
Exams (30-50%)
Midterm, Final
Class Contribution (0-10%)
How to get an A in CS551
Problem Sets (40-50%)
4 throughout term (1
st
is due 11 Sept)
Project (30-50%)
Teams of 1 – 4
Can involve design/implementation
Can involve survey/analysis
Exams (30-50%)
Midterm, Final
Class Contribution (0-10%)
30 Aug 2000 University of Virginia CS 551 10
“Easy ways” to get an A in CS551
•Break into my grades file and change your
grade to “Hahahaha”
–Physical attacks on my house, car or office are NOT
eligible! (And NOT encouraged!)
–Don’t try to break into UVA’s grade records:
•Too easy (probably only worth a B, or C- for social
engineering attack)
•Honor code violation
•Discover a security flaw important enough to
get reported in the New York Times
•Factor RSA-300 =
2769315567803442139028689061647233092237608363983953254005036722809375824714
9473946190060218756255124317186573105075074546238828817121274630072161346956
4396741836389979086904304472476001839015983033451909174663464663867829125664
459895575157178816900228792711267471958357574416714366499722090015674047
“Easy ways” to get an A in CS551
•Break into my grades file and change your
grade to “Hahahaha”
–Physical attacks on my house, car or office are NOT
eligible! (And NOT encouraged!)
–Don’t try to break into UVA’s grade records:
•Too easy (probably only worth a B, or C- for social
engineering attack)
•Honor code violation
•Discover a security flaw important enough to
get reported in the New York Times
•Factor RSA-300 =
2769315567803442139028689061647233092237608363983953254005036722809375824714
9473946190060218756255124317186573105075074546238828817121274630072161346956
4396741836389979086904304472476001839015983033451909174663464663867829125664
459895575157178816900228792711267471958357574416714366499722090015674047
30 Aug 2000 University of Virginia CS 551 11
Bonus Points / Demerits
(1 point = 1 problem set)
+1 Posting in RISKS
+(varies) Solving a challenge problem
-1 Send me a virus
-2 Get arrested for computer securityattack
-10 Get convicted for computer security attack
-100I get arrested for something you do
related to this class
Bonus Points / Demerits
(1 point = 1 problem set)
+1 Posting in RISKS
+(varies) Solving a challenge problem
-1 Send me a virus
-2 Get arrested for computer securityattack
-10 Get convicted for computer security attack
-100I get arrested for something you do
related to this class
30 Aug 2000 University of Virginia CS 551 12
Challenge Problems
•Open until solved or last day of class
•Usually only first satisfactory answer gets
bonus
–Better, later answer might still get bonus
•Solve in groups, each member gets
n / n * value (e.g., 2 people = 2 / 2 = 0.7)
First challenge problem: Jefferson wheel
cryptogram (see course web page)
Challenge Problems
•Open until solved or last day of class
•Usually only first satisfactory answer gets
bonus
–Better, later answer might still get bonus
•Solve in groups, each member gets
n / n * value (e.g., 2 people = 2 / 2 = 0.7)
First challenge problem: Jefferson wheel
cryptogram (see course web page)
30 Aug 2000 University of Virginia CS 551 13
Honor Code, Schmonor Code
•Learn from your fellow students – they are
your best resource!
•Everything you turn in should be your own
•Write down who you discussed assignments
with, all external sources you used
•Be honest – you know what cheating is and
isn’t
Honor Code, Schmonor Code
•Learn from your fellow students – they are
your best resource!
•Everything you turn in should be your own
•Write down who you discussed assignments
with, all external sources you used
•Be honest – you know what cheating is and
isn’t
30 Aug 2000 University of Virginia CS 551 14
Logistics Questions?
Logistics Questions?
30 Aug 2000 University of Virginia CS 551 15
What is cryptology?
•Greek: “krypto” = hide
•Cryptology – science of hiding
= cryptography + cryptanalysis + steganography
•Cryptography – secret writing
•Cryptanalysis – analyzing (breaking) secrets
Cryptanalysis is what attacker does
Decipher or Decryption is what legitimate receiver
does
What is cryptology?
•Greek: “krypto” = hide
•Cryptology – science of hiding
= cryptography + cryptanalysis + steganography
•Cryptography – secret writing
•Cryptanalysis – analyzing (breaking) secrets
Cryptanalysis is what attacker does
Decipher or Decryption is what legitimate receiver
does
30 Aug 2000 University of Virginia CS 551 16
Steganography
•“Covered” messages
•Technical Steganography
–Invisible ink, shaved heads, microdots
•Linguistic Steganography
–“Open code” – secret message appears innocent
•“East wind rain” = war with USA
•Broken dolls in WWII
–Hide message in low-order bits in GIF
Steganography
•“Covered” messages
•Technical Steganography
–Invisible ink, shaved heads, microdots
•Linguistic Steganography
–“Open code” – secret message appears innocent
•“East wind rain” = war with USA
•Broken dolls in WWII
–Hide message in low-order bits in GIF
30 Aug 2000 University of Virginia CS 551 17
Cryptology and Security
Cryptology is a branch of
mathematics.
Security is about people.
Cryptology and Security
Cryptology is a branch of
mathematics.
Security is about people.
30 Aug 2000 University of Virginia CS 551 18
Terminology
Encrypt DecryptPlaintext
Ciphertext
Plaintext
Alice Bob
Eve
Insecure Channel
C = E(P)
P = D(C)
E must be invertible
Terminology
Encrypt DecryptPlaintext
Ciphertext
Plaintext
Alice Bob
Eve
Insecure Channel
C = E(P)
P = D(C)
E must be invertible
30 Aug 2000 University of Virginia CS 551 19
Cryptography
•Always involves 2 things:
–Transformation
–Secret
Cryptography
•Always involves 2 things:
–Transformation
–Secret
30 Aug 2000 University of Virginia CS 551 20
Kerckhoff’s Principle
•Security should depend only on the key
–Don’t assume enemy won’t know algorithm
•Can capture machines, disassemble programs, etc.
•Too expensive to invent new algorithm if it might have
been compromised
–Security through obscurity isn’t
•Look at history of examples
•Better to have scrutiny by open experts
“The enemy knows the system being used.”
(Claude Shannon)
Kerckhoff’s Principle
•Security should depend only on the key
–Don’t assume enemy won’t know algorithm
•Can capture machines, disassemble programs, etc.
•Too expensive to invent new algorithm if it might have
been compromised
–Security through obscurity isn’t
•Look at history of examples
•Better to have scrutiny by open experts
“The enemy knows the system being used.”
(Claude Shannon)
30 Aug 2000 University of Virginia CS 551 21
Alice and Bob
Encrypt DecryptPlaintext
Ciphertext
Plaintext
K
E K
D
Alice
Bob
C = E(K
E, P) = E
K
E
(P)
P = D(K
D
, C) = D
K
D
(C)
If K
E = K
D it is symmetric encryption
If K
E K
D it is asymmetric encryption
Alice and Bob
Encrypt DecryptPlaintext
Ciphertext
Plaintext
K
E K
D
Alice
Bob
C = E(K
E, P) = E
K
E
(P)
P = D(K
D
, C) = D
K
D
(C)
If K
E = K
D it is symmetric encryption
If K
E K
D it is asymmetric encryption
30 Aug 2000 University of Virginia CS 551 22
Substitution Cipher
•C = E
K(p)
C
i = K[p
i]
•Key is alphabet mapping:
a J, b L, ...
•Suppose attacker knows algorithm but
not key, how many keys to try?26!
If every person on earth tried one per second,
it would take 5B years.
Substitution Cipher
•C = E
K(p)
C
i = K[p
i]
•Key is alphabet mapping:
a J, b L, ...
•Suppose attacker knows algorithm but
not key, how many keys to try?26!
If every person on earth tried one per second,
it would take 5B years.
30 Aug 2000 University of Virginia CS 551 23
Monoalphabetic Cipher
“XBW HGQW XS ACFPSUWG FWPGWXF
CF AWWKZV CDQGJCDWA CD BHYJD
DJXHGW; WUWD XBW ZWJFX
PHGCSHF YCDA CF GSHFWA LV XBW
KGSYCFW SI FBJGCDQ RDSOZWAQW
OCXBBWZA IGSY SXBWGF.”
Monoalphabetic Cipher
“XBW HGQW XS ACFPSUWG FWPGWXF
CF AWWKZV CDQGJCDWA CD BHYJD
DJXHGW; WUWD XBW ZWJFX
PHGCSHF YCDA CF GSHFWA LV XBW
KGSYCFW SI FBJGCDQ RDSOZWAQW
OCXBBWZA IGSY SXBWGF.”
30 Aug 2000 University of Virginia CS 551 24
Frequency Analysis
“XBW HGQW XS ACFPSUWG FWPGWXF CF
AWWKZV CDQGJCDWA CD BHYJD DJXHGW;
WUWD XBW ZWJFX PHGCSHF YCDA CF
GSHFWA LV XBW KGSYCFW SI FBJGCDQ
RDSOZWAQW OCXBBWZA IGSY SXBWGF.”
W: 20 “Normal” English:
C: 11e 12%
F: 11t 9%
G: 11a 8%
Frequency Analysis
“XBW HGQW XS ACFPSUWG FWPGWXF CF
AWWKZV CDQGJCDWA CD BHYJD DJXHGW;
WUWD XBW ZWJFX PHGCSHF YCDA CF
GSHFWA LV XBW KGSYCFW SI FBJGCDQ
RDSOZWAQW OCXBBWZA IGSY SXBWGF.”
W: 20 “Normal” English:
C: 11e 12%
F: 11t 9%
G: 11a 8%
30 Aug 2000 University of Virginia CS 551 25
Pattern Analysis
“XBe HGQe XS ACFPSUeG FePGeXF CF
AeeKZV CDQGJCDeA CD BHYJD DJXHGe;
eUeD XBe ZeJFX PHGCSHF YCDA CF
GSHFeA LV XBe KGSYCFe SI FBJGCDQ
RDSOZeAQe OCXBBeZA IGSY SXBeGF.”
XBe = “the”
Most common trigrams in English:
the = 6.4%
and = 3.4%
Pattern Analysis
“XBe HGQe XS ACFPSUeG FePGeXF CF
AeeKZV CDQGJCDeA CD BHYJD DJXHGe;
eUeD XBe ZeJFX PHGCSHF YCDA CF
GSHFeA LV XBe KGSYCFe SI FBJGCDQ
RDSOZeAQe OCXBBeZA IGSY SXBeGF.”
XBe = “the”
Most common trigrams in English:
the = 6.4%
and = 3.4%
30 Aug 2000 University of Virginia CS 551 26
Guessing
“the HGQe tS ACFPSUeG FePGetF CF
AeeKZV CDQGJCDeA CD hHYJD DJtHGe;
eUeD the ZeJFt PHGCSHF YCDA CF
GSHFeA LV the KGSYCFe SI FhJGCDQ
RDSOZeAQe OCthheZA IGSY StheGF.”
S = “o”
Guessing
“the HGQe tS ACFPSUeG FePGetF CF
AeeKZV CDQGJCDeA CD hHYJD DJtHGe;
eUeD the ZeJFt PHGCSHF YCDA CF
GSHFeA LV the KGSYCFe SI FhJGCDQ
RDSOZeAQe OCthheZA IGSY StheGF.”
S = “o”
30 Aug 2000 University of Virginia CS 551 27
Guessing
“the HGQe to ACFPoUeG FePGetF CF
AeeKZV CDQGJCDeA CD hHYJD DJtHGe;
eUeD the ZeJFt PHGCoHF YCDA CF
GoHFeA LV the KGoYCFe oI FhJGCDQ
RDoOZeAQe OCthheZA IGoY otheGF.”
otheGF = “others”
Guessing
“the HGQe to ACFPoUeG FePGetF CF
AeeKZV CDQGJCDeA CD hHYJD DJtHGe;
eUeD the ZeJFt PHGCoHF YCDA CF
GoHFeA LV the KGoYCFe oI FhJGCDQ
RDoOZeAQe OCthheZA IGoY otheGF.”
otheGF = “others”
30 Aug 2000 University of Virginia CS 551 28
Guessing
“the HrQe to ACsPoUer sePrets Cs
AeeKZV CDQrJCDeA CD hHYJD DJtHre;
eUeD the ZeJst PHrCoHs YCDA Cs
roHseA LV the KroYCse oI shJrCDQ
RDoOZeAQe OCthheZA IroY others.”
“sePrets” = “secrets”
Guessing
“the HrQe to ACsPoUer sePrets Cs
AeeKZV CDQrJCDeA CD hHYJD DJtHre;
eUeD the ZeJst PHrCoHs YCDA Cs
roHseA LV the KroYCse oI shJrCDQ
RDoOZeAQe OCthheZA IroY others.”
“sePrets” = “secrets”
30 Aug 2000 University of Virginia CS 551 29
Guessing
“the HrQe to ACscoUer secrets Cs
AeeKZV CDQrJCDeA CD hHYJD DJtHre;
eUeD the ZeJst cHrCoHs YCDA Cs
roHseA LV the KroYCse oI shJrCDQ
RDoOZeAQe OCthheZA IroY others.”
“ACscoUer” = “discover”
Guessing
“the HrQe to ACscoUer secrets Cs
AeeKZV CDQrJCDeA CD hHYJD DJtHre;
eUeD the ZeJst cHrCoHs YCDA Cs
roHseA LV the KroYCse oI shJrCDQ
RDoOZeAQe OCthheZA IroY others.”
“ACscoUer” = “discover”
30 Aug 2000 University of Virginia CS 551 30
Guessing
“the HrQe to discover secrets is
deeKZV iDQrJiDed iD hHYJD DJtHre;
eveD the ZeJst cHrioHs YiDd is
roHsed LV the KroYise oI shJriDQ
RDoOZedQe OithheZd IroY others.”
Guessing
“the HrQe to discover secrets is
deeKZV iDQrJiDed iD hHYJD DJtHre;
eveD the ZeJst cHrioHs YiDd is
roHsed LV the KroYise oI shJriDQ
RDoOZedQe OithheZd IroY others.”
30 Aug 2000 University of Virginia CS 551 31
Monoalphabetic Cipher
“The urge to discover secrets is deeply
ingrained in human nature; even the
least curious mind is roused by the
promise of sharing knowledge withheld
from others.”
- John Chadwick,
The Decipherment of Linear B
Monoalphabetic Cipher
“The urge to discover secrets is deeply
ingrained in human nature; even the
least curious mind is roused by the
promise of sharing knowledge withheld
from others.”
- John Chadwick,
The Decipherment of Linear B
30 Aug 2000 University of Virginia CS 551 32
Why was it so easy?
•Doesn’t hide statistical properties of
plaintext
•Doesn’t hide relationships in plaintext
(EE cannot match dg)
•English (and all natural languages) are
very redundant: about 1.3 bits of
information per letter
–Compress English with gzip – about 1:6
Why was it so easy?
•Doesn’t hide statistical properties of
plaintext
•Doesn’t hide relationships in plaintext
(EE cannot match dg)
•English (and all natural languages) are
very redundant: about 1.3 bits of
information per letter
–Compress English with gzip – about 1:6
30 Aug 2000 University of Virginia CS 551 33
How to make it harder?
•Cosmetic
•Hide statistical properties:
–Encrypt “e” with 12 different symbols, “t”
with 9 different symbols, etc.
–Add nulls, remove spaces
•Polyalphbetic cipher
–Use different substitutions
•Transposition
–Scramble order of letters
How to make it harder?
•Cosmetic
•Hide statistical properties:
–Encrypt “e” with 12 different symbols, “t”
with 9 different symbols, etc.
–Add nulls, remove spaces
•Polyalphbetic cipher
–Use different substitutions
•Transposition
–Scramble order of letters
30 Aug 2000 University of Virginia CS 551 34
Types of Attacks
•Ciphertext-only - How much Ciphertext?
•Known Plaintext - often “Guessed Plaintext”
•Chosen Plaintext (get ciphertext)
–Not as uncommon as it sounds!
•Chosen Ciphertext (get plaintext)
•Dumpster Diving
•Social Engineering
•“Rubber-hose cryptanalysis”
–Cryptanalyst uses threats, blackmail, torture,
bribery to get the key.
Not recommended in CS551
Types of Attacks
•Ciphertext-only - How much Ciphertext?
•Known Plaintext - often “Guessed Plaintext”
•Chosen Plaintext (get ciphertext)
–Not as uncommon as it sounds!
•Chosen Ciphertext (get plaintext)
•Dumpster Diving
•Social Engineering
•“Rubber-hose cryptanalysis”
–Cryptanalyst uses threats, blackmail, torture,
bribery to get the key.
Not recommended in CS551
30 Aug 2000 University of Virginia CS 551 35
Really Brief History
First 4000 years
Cryptographers
Cryptanalysts
3000BC
monoalphabetics
900
al-Kindi - frequency analysis
Alberti – first polyalphabetic cipher
1460
Vigenère
1854
Babbage breaks Vigenère;
Kasiski (1863) publishes
Really Brief History
First 4000 years
Cryptographers
Cryptanalysts
3000BC
monoalphabetics
900
al-Kindi - frequency analysis
Alberti – first polyalphabetic cipher
1460
Vigenère
1854
Babbage breaks Vigenère;
Kasiski (1863) publishes
30 Aug 2000 University of Virginia CS 551 36
Really Brief History
Last 100 years
Cryptographers
Cryptanalysts
1854 1918
Mauborgne – one-time pad
Mechanical ciphers - Enigma
1939
Rejewski repeated
message-key attack
Turing’s loop attacks,
Colossus
Enigma adds rotors, stops repeated key
1945
Feistel block cipher, DES
Linear, Differential Cryptanalysis
?
1973
Public-Key
Quantum Crypto
Really Brief History
Last 100 years
Cryptographers
Cryptanalysts
1854 1918
Mauborgne – one-time pad
Mechanical ciphers - Enigma
1939
Rejewski repeated
message-key attack
Turing’s loop attacks,
Colossus
Enigma adds rotors, stops repeated key
1945
Feistel block cipher, DES
Linear, Differential Cryptanalysis
?
1973
Public-Key
Quantum Crypto
30 Aug 2000 University of Virginia CS 551 37
Themes 1
•Arms race between cryptographers and
cryptanalysts
–But, often disconnect between two (e.g., Mary
Queen of Scots uses monoalphabetic cipher
long after known breakable)
•Multi-disciplinary field
–Linguists, classicists, mathematicians,
computer scientists, physicists
•Secrecy often means advances
rediscovered and miscredited
Themes 1
•Arms race between cryptographers and
cryptanalysts
–But, often disconnect between two (e.g., Mary
Queen of Scots uses monoalphabetic cipher
long after known breakable)
•Multi-disciplinary field
–Linguists, classicists, mathematicians,
computer scientists, physicists
•Secrecy often means advances
rediscovered and miscredited
30 Aug 2000 University of Virginia CS 551 38
Themes 2
•Dominated by needs of government:
war is the great catalyst
•Cryptanalysis advances led by most
threatened countries:
–France (1800s), Poland (1930s),
England/US (WWII), Israel? (Today)
Themes 2
•Dominated by needs of government:
war is the great catalyst
•Cryptanalysis advances led by most
threatened countries:
–France (1800s), Poland (1930s),
England/US (WWII), Israel? (Today)
30 Aug 2000 University of Virginia CS 551 39
Security vs. Pragmatics
•Trade-off between security and effort
–one-time pad: perfect security, but requires
distribution and secrecy of long key
–DES: short key, fast algorithm, but breakable
–quantum cryptography: perfect security,
guaranteed secrecy of key, slow, requires
expensive hardware
•Don’t spend $10M to protect $1M.
•Don’t protect $1B with encryption that can be
broken for $1M.
Security vs. Pragmatics
•Trade-off between security and effort
–one-time pad: perfect security, but requires
distribution and secrecy of long key
–DES: short key, fast algorithm, but breakable
–quantum cryptography: perfect security,
guaranteed secrecy of key, slow, requires
expensive hardware
•Don’t spend $10M to protect $1M.
•Don’t protect $1B with encryption that can be
broken for $1M.
30 Aug 2000 University of Virginia CS 551 40
Perfectly Secure Cipher:
One-Time Pad
•Mauborgne/Vernam [1917]
•XOR ():
0 0 = 0 1 0 = 1
0 1 = 1 1 1 = 0
a a = 0
a 0 = a
a b b = a
•E(P, K) = P K
D(C, K) = C K = (P K) K = P
Perfectly Secure Cipher:
One-Time Pad
•Mauborgne/Vernam [1917]
•XOR ():
0 0 = 0 1 0 = 1
0 1 = 1 1 1 = 0
a a = 0
a 0 = a
a b b = a
•E(P, K) = P K
D(C, K) = C K = (P K) K = P
30 Aug 2000 University of Virginia CS 551 41
Why perfectly secure?
•For any given ciphertext, all plaintexts
are equally possible.
Ciphertext: 0100111110101
Key1: 1100000100110
Plaintext1: 1000111010011 = “CS”
Key2: 1100010100110
Plaintext2:1000101010011 = “BS”
•More formal proof next time
Why perfectly secure?
•For any given ciphertext, all plaintexts
are equally possible.
Ciphertext: 0100111110101
Key1: 1100000100110
Plaintext1: 1000111010011 = “CS”
Key2: 1100010100110
Plaintext2:1000101010011 = “BS”
•More formal proof next time
30 Aug 2000 University of Virginia CS 551 42
Go to the beach?
•Cannot reuse K
–What if receiver has
C
1 = P
1 K and C
2 = P
2 K
C
1 C
2 = P
1 K P
2 K
= P
1
P
2
•Need to generate truly random bit sequence
as long as all messages
•Need to securely distribute key
Go to the beach?
•Cannot reuse K
–What if receiver has
C
1 = P
1 K and C
2 = P
2 K
C
1 C
2 = P
1 K P
2 K
= P
1
P
2
•Need to generate truly random bit sequence
as long as all messages
•Need to securely distribute key
30 Aug 2000 University of Virginia CS 551 43
Summary
•Fate of humanity depends on this course.
•Meaning of: plaintext, ciphertext, key, encrypt,
decrypt, cryptanalyze, steganography
•Kinds of attacks on cryptosystems
•Kerckhoff’s Principle
•Monoalphabetic Cipher
–How to cryptanalyze
•One-Time Pad
–Why its perfectly secure in theory
–Why its not used often in practice
Summary
•Fate of humanity depends on this course.
•Meaning of: plaintext, ciphertext, key, encrypt,
decrypt, cryptanalyze, steganography
•Kinds of attacks on cryptosystems
•Kerckhoff’s Principle
•Monoalphabetic Cipher
–How to cryptanalyze
•One-Time Pad
–Why its perfectly secure in theory
–Why its not used often in practice
30 Aug 2000 University of Virginia CS 551 44
Charge
•Send me your registration survey by
noon tomorrow
•Think about projects and teams
•Subscribe to comp.risks and Cryptogram
(instructions on manifest)
•Next time:
–Shannon’s Principles – how to judge a cipher
–Better classical ciphers
–Projects
Charge
•Send me your registration survey by
noon tomorrow
•Think about projects and teams
•Subscribe to comp.risks and Cryptogram
(instructions on manifest)
•Next time:
–Shannon’s Principles – how to judge a cipher
–Better classical ciphers
–Projects
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 9
- Slides 44
- Age 469 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views