Document Sample

Network Security (Encryption & Decryption) Dr. R. K. Rao Entropy & Equivocation • The concept entropy is employed in the design of secure systems. • Entropy is a measure of uncertainty of a message source • Entropy also defines the average amount of information per message Information in a Message • Is related to the probability of occurrence of the message • Messages with probability of either 0 or 1 contain no information, since we can be confident concerning our prediction of their occurrence. • What is Information and how do we define it? Measure of Information • Consider two messages: M1: Today temperature in London is 8 degrees Centigrade M2: Today there was an earthquake in London downtown which leveled down many buildings. • Which of the two messages convey more information? M1 or M2 Measure of Information • M1 does convey some information, which has cleared our uncertainty about the temperature in London (such temperatures are common around this time of the year) • M2 is more surprising and certainly conveys more information • Therefore, we can say that the information is related to the probability of occurrence of the message Measure of Information • More probable the occurrence of the message, less is the information it conveys • Less probable the message is, more is the information it conveys 1 I (M 1) log 2 P(M 1) Definition of Entropy • Suppose we have a message source: [M ] M1 , M 2 ,...,M n • The Entropy or the Average Uncertainty of the source is n 1 H ( M ) P( M i ) log 2 i 1 P( M i ) Definition of Entropy • The Entropy can be considered as a measure of how much choice is involved in the selection of a message M • When base of the logarithm is 2, the amount of uncertainty is expressed in bits/message • When base is e, it is expressed in nats/message What the Cryptanalyst wants? • Cryptanalyst will have intercepted some ciphertext, C, and will want to know how confidently he can predict a message (or key) given that particular ciphertext is received. • That is, the conditional Entropy, H(M|C), of M given C. n m 1 H ( M / C ) P( M , C ) log 2 i 1 j 1 P( M / C ) Equivocation • Equivocation, H(M|C), can be thought of as the uncertainty that message M was sent, having received C. • The cryptanalyst would like this equivocation to approach to ZERO as the the amount of intercepted ciphertext, C, increases Practical Security Systems • Consider, for example, a key is configured as a permutation of the alphabet. • There are then 26! possibilites • In an exhaustive search, one might expect to reach the right key at about halfway through the search. • If we assume that each trial requires 1micro second, what is the total time required to end the search? Confusion & Diffusion • In practice, a statistical analysis using the frequency of occurrence of individual characters and character combinations can be used to solve many cipher systems • Shannon, suggested two encryption concepts for frustrating the statistical endeavors of cryptanalysts • These are: Confusion and Diffusion Confusion • Confusion involves substitutions that render the final relationship between the key and ciphertext as complex as possible • This makes it difficult to utilize a statistical analysis to narrow the search to a particular subset of the key variable space • Confusion ensures that the majority of the key is needed to decrypt even very short sequences of ciphertext Diffusion • Involves transformations, nonlinear, that smooth out the statistical differences between characters and between character combinations • An example of diffusion with 26-letter alphabet is to transform a message sequence M , M ,..., into a new message 0 1 sequence Y0 , Y1 ,..., . Diffusion • Use the transformation s 1 Yn M ni mod ulo 26 i 0 • Where each character in the sequence is regarded as an integer modulo-26, s is some chosen integer and n=0, 1,.. • The letter frequency in the new message Y will be uniform than that of M Substitution • Substitution encryption techniques, such as Caesar cipher and Trithemius progressive key cipher, are widely used in puzzles • These ciphers offer little encryption protection. For substitution ciphers to fulfill Shannon’s concept of confusion, a more complex relationship is required Substitution Box (Example) S-box (Example) • This is an example of providing greater substitution complexity through the use of a non-linear transformation • In general, n input bits are first represented as one of 2^n different characters • The set of 2^n characters are then permuted so that each character is transposed to one of the others in the set • The character is then converted back to an n-bit output S-box (Example) • In general, it can be shown that there are (2^n)! different substitution or connection patterns possible • When n=128, (2^128)! Is an astronomical number Is the transformation non-linear? • To verify that the transformation is non- linear, perform the following operations: • C=T(a)+T(b) • C’=T(a+b) • If C=C’, the transformation is linear, otherwise it is non-linear Permutation Box or P-box • In permutation (transposition), the positions of the plaintext letters in the message are simply rearranged, rather than being substituted with other letters of the alphabet as in classic ciphers • For example, THINK might appear, after permutation, as the ciphertext HKTNI. P-box example (binary data permulation) P-box example • In the example, input data are simply rearranged or permuted • This technique has one major drawback – it is vulnerable to trick messages • A trick message is illustrated in the Figure. • A single 1 at the input and all the rest 0 quickly reveals one of the internal connections. Product Cipher System • Shannon suggested using product cipher or combinations of S-box and P-box transformations, which together yield a cipher system more powerful than either one alone • This approach has been used by IBM in the LUCIFER system • This approach is also the basis for Data Encryption Standard (DES) Product Cipher System Product Cipher System • Uses combination of P-boxes and S-boxes • Decryption is accomplished by running the data backward, using the inverse of each box • The system is difficult to implement since each S-box is different, a randomly generated key is not usable and the system does not lend itself to repeated use of the same circuitry Lucifer System • Used two different types of S-boxes which could be publicly revealed • The input data are transformed by the sequence of S- and P- boxes under the dictates of a key • The 25-bit key in this example designates, the choice of S1 and S0 of each of the 25 S-boxes in the block. The details of the encryption devices can be revealed since security of the system is provided by the key Present-day Ciphers • The iterated structure of the product cipher system is typical of present-day ciphers • The messages are partitioned into successive blocks of n bits, each of which is encrypted with the same key. • The n-bit block represents one of the 2^n different characters, allowing (2^n)! different substitution patterns

DOCUMENT INFO

Shared By:

Categories:

Tags:

Stats:

views: | 10 |

posted: | 3/19/2012 |

language: | English |

pages: | 29 |

OTHER DOCS BY jennyyingdi

Docstoc is the premier online destination to start and grow small businesses. It hosts the best quality and widest selection of professional documents (over 20 million) and resources including expert videos, articles and productivity tools to make every small business better.

Search or Browse for any specific document or resource you need for your business. Or explore our curated resources for Starting a Business, Growing a Business or for Professional Development.

Feel free to Contact Us with any questions you might have.