### Lecture slides

```Computer Security
Set of slides 2
Dr Alexei Vernitski
Cryptography
• Codes
• Ciphers
(read more in the textbooks)
Example of code: Morse code
For discussion
• In what circumstances would one want to use
Morse code?
• For example:
– Is Morse code suitable for storing data?
– Is Morse code suitable for protecting data
confidentiality?
Example of code: ASCII code
97 is a
98 is b
99 is c
100 is d
101 is e
102 is f
103 is g
104 is h
105 is i
106 is j
107 is k
108 is l
109 is m
110 is n
111 is o
112 is p
113 is q
114 is r
115 is s
116 is t
117 is u
118 is v
119 is w
120 is x
121 is y
122 is z
Example of code: ASCII code
1100001 is a
1100010 is b
1100011 is c
1100100 is d
1100101 is e
1100110 is f
1100111 is g
1101000 is h
1101001 is i
1101010 is j
1101011 is k
1101100 is l
1101101 is m
1101110 is n
1101111 is o
1110000 is p
1110001 is q
1110010 is r
1110011 is s
1110100 is t
1110101 is u
1110110 is v
1110111 is w
1111000 is x
1111001 is y
1111010 is z
For discussion
• In what circumstances would one want to use
ASCII code?
• For example:
– Is ASCII code suitable for storing data?
– Is ASCII code suitable for protecting data
confidentiality?
Encoding data in computers
•
•
•
•
Characters are encoded as numbers
Numbers are encoded as binary numbers – why?
Binary numbers are stored as sequences of bits
Memory for storing numbers is allocated in
blocks of a standard length, for example,
1 byte = 8 bits
• Each ASCII code is 7 bits
• A byte contains 8 bits – why?
Example of cipher: Dorabella cipher
• This note was sent by the composer Elgar to
his young friend Dora Penny
• It is still unknown what is written in the note
Cryptography
• Codes
• Ciphers
Examples of codes:
• Morse code
• ASCII code
Example of cipher:
• Dorabella cipher
Example: letter to John Trevanion
Worthie Sir John:Hope, that is ye beste comfort of ye afflicted,
cannot much, I fear me, help you now. That I
would saye to you, is this only: if ever I may be
able to requite that I do owe you, stand not
upon asking me. 'Tis not much that I can do: but
what I can do, bee ye verie sure I wille. I knowe
that, if dethe comes, if ordinary men fear it, it
frights not you, accounting it for a high honor, to
have such a rewarde of your loyalty. Pray yet
that you may be spared this soe bitter, cup. I
fear not that you will grudge any sufferings; only
if bie submission you can turn them away, 'tis
the part of a wise man. Tell me, an if you can, to
do for you anythinge that you wolde have done.
The general goes back on Wednesday. Restinge
your servant to command. - R.T.
Example: letter to John Trevanion
Worthie Sir John:Hope, that is ye beste comfort of ye afflicted,
cannot much, I fear me, help you now. That I
would saye to you, is this only: if ever I may be
able to requite that I do owe you, stand not
upon asking me. 'Tis not much that I can do: but
what I can do, bee ye verie sure I wille. I knowe
that, if dethe comes, if ordinary men fear it, it
frights not you, accounting it for a high honor, to
have such a rewarde of your loyalty. Pray yet
that you may be spared this soe bitter, cup. I
fear not that you will grudge any sufferings; only
if bie submission you can turn them away, 'tis
the part of a wise man. Tell me, an if you can, to
do for you anythinge that you wolde have done.
The general goes back on Wednesday. Restinge
your servant to command. - R.T.
Cryptography
• Cryptography
• Steganography
Example of cryptography:
• Dorabella cipher
Example of steganography:
• John Trevanion’s letter
Digital steganography
• Information can be hidden in picture files or
video files
• We shall look at one example:
– 24-bit BMP file format
24-bit BMP file format
• Each pixel of the picture is defined individually
by three bytes
• Each of the three bytes corresponds to one
colour component of the pixel:
– Red
– Green
– Blue
• Thus, the intensity of each of these three
colours is in the range 0-255.
24-bit BMP file format
• I am showing you a very simple example
(based on a black square)
• The code I used is taken from here:
http://pseentertainmentcorp.com/smf/index.php?topic=2034.0
For discussion
• Suppose you plan to use steganography.
• Would you also consider using cryptography in
combination with steganography?
Symmetric block ciphers
•
•
•
•
Ciphers
Blocks
Keys
Attacks
(read more in the textbooks)
(note that today we shall consider only very
simple examples, not useful in practice)
Caesar cipher without key
• Today, in all examples, a block is a letter
• Each block is encrypted separately, using
exactly the same algorithm
• Encryption:
A→B→C→… → Y→Z→A
• Decryption:
A→Z→Y→… → C→B→A
“Cipher” without key
plaintext
Encryption
algorithm
ciphertext
ciphertext
Decryption
algorithm
plaintext
Caesar cipher without key
• Encryption:
A→B→C→… → Y→Z→A
• Decryption:
A→Z→Y→… → C→B→A
• It is a block cipher
(in this case, block=letter)
• Is this cipher secure?
Caesar cipher with key
• Key k is a number between 1 and 25
• Encryption:
each letter is moved k positions to the right in
the alphabet
• Decryption:
each letter is moved k positions to the left in
the alphabet
Cipher with key
plaintext
Encryption
algorithm
key
ciphertext
ciphertext
Decryption
algorithm
key
plaintext
Kerckhoffs's principle
• One must assume that everything about the
cipher, including the encryption and
decryption algorithms, are known to the
attacker
• Only the key is not known to the attacker, and
confidentiality must be based on this
assumption
Symmetric cipher
• Both to encrypt and to decrypt you need a
key, and this is the same key in both cases
• Such a cipher is called symmetric (the same
key for both encryption and decryption)
• Most ciphers are symmetric
Attack
• The algorithm is known
• Find the plaintext
• Find the key
Caesar cipher with key: an attack
• Key k is a number between 1 and 25
• Because there are not so many keys, we can
build a table of all possible keys, or simply try
all possible keys one after another
• This attack is called exhaustive key search, or
brute force attack
Substitution cipher
• A table of correspondences is prepared
• Letters in the second row are placed in a random
order
• (Note that the table is not likely to be stored as a table
with two rows when you implement the cipher)
A B C…
K U D
X Y Z
HMY
Substitution cipher
• Encryption:
find the letter in the first row and replace by the
corresponding letter in the second row
• Decryption:
find the letter in the second row and replace by
the corresponding letter in the first row
A B C…
K U D
X Y Z
HMY
Substitution cipher: attack?
•
•
•
•
•
Now, there are many keys
How many?
26  25  24  …  2  1
This is what is denoted by 26!
We cannot use exhaustive key search
Substitution cipher: attack 1
• However, we have not so many blocks (26).
• We can successfully use the known plaintext
attack
• See a separate example
Substitution cipher: attack 2
•
•
•
•
•
We can use frequency analysis
Example from E. A. Poe
Example from A. Conan Doyle
A more realistic example
Example: Dorabella cipher
Frequency analysis: example
• This is the substitution cipher from Edgar Allan
Poe’s story ‘The Gold-Bug’ (1843).
• 53‡‡†305))6*;4826)4‡.)4‡);806*;48†8
• “Now, in English, the letter which most
frequently occurs is e. Afterwards, the
succession runs thus: a o i d h n r s t u y c f g l
m w b k p q x z.”
• Then the character successfully decrypts the
cipher
Frequency analysis: example
• This is the substitution cipher from Arthur
Conan Doyle’s story ‘The Adventure of the
Dancing Men’ (1903)
The Adventure of the Dancing Men
• Having once recognised, however, that the symbols stood for
letters, and having applied the rules which guide us in all
forms of secret writings, the solution was easy enough. The
first message submitted to me was so short that it was
impossible for me to do more than to say with some
confidence that the symbol stood for E. As you are aware, E
is the most common letter in the English alphabet, and it
predominates to so marked an extent that even in a short
sentence one would expect to find it most often. Out of
fifteen symbols in the first message four were the same, so it
was reasonable to set this down as E.
A more realistic example
• It is a truth universally acknowledged that a
single man in possession of a good fortune,
must be in want of a wife.
• ot os i trmtn mhoversiddc ipkhafdelwel tnit i
sohwde yih oh gassessoah au i waal uartmhe
ymst be oh fiht au i foue
• The second fragment is produced by applying
a substitution cipher and then breaking it with
frequency analysis
Frequency analysis
• Simple frequency analysis based only on
frequency of individual letters is unlikely to be
very successful
• It is possible to use more advanced statistical
techniques to analyse the ciphertext,
assuming we know the statistical properties of
the plaintext
• Example of a more advanced solver
• http://www.blisstonia.com/software/WebDecrypto/index.php
Dorabella cipher
Dorabella cipher
1, 12, 4, 0, 2, 7, 20, 0, 11, 22, 3, 16, 17, 5, 16, 6, 16, 16, 7, 12, 12, 16, 5, 20, 22, 23, 8, 3, 15
20, 16, 20, 7, 20, 0, 11, 10, 0, 4, 16, 16, 4, 7, 8, 17, 20, 16, 3, 16, 7, 19, 15, 17, 5, 23, 11, 11, 23, 3, 15
4, 15, 7, 19, 15, 4, 5, 19, 18, 8, 15, 4, 16, 7, 19, 17, 15, 8, 0, 12, 8, 15, 7, 0, 8, 23, 0
Frequency of letters in English language
Symbol frequencies in Dorabella cipher and
in an average English text
‘Decryption’ of Dorabella cipher
• This is an example of what a simple frequency
analysis produces and a ‘decryption’:
wlioytsodfheurepeetllersfmnha
sestsodboieeitnusehetcaurmddmha
iatcaircgnaietcuanolnatonmo
• More advanced versions of frequency analysis
also cannot break Dorabella cipher
• Probably, in this cipher not only substitutions,
but also permutations are used.
What we have considered today:
Examples of ciphers
Caesar cipher without key
Caesar cipher with key
Substitution cipher
What we have considered today:
Types of attack
Unknown plaintext
Known statistical
properties of plaintext
Known plaintext
Sample exam questions
• Explain briefly the difference between a code
and a cipher. Give one example of a code and
one example of a cipher, explaining briefly
why these examples demonstrate well the
difference between codes and ciphers.
Sample exam questions
• Describe an example of a technology which
can be classified as steganography. Explain
why you would classify it as steganography.
Sample exam questions
• Give a short definition of how the brute force
attack works.
• Explain briefly why Caesar’s cipher can be
attacked using the brute force attack, whereas
the substitution cipher cannot.
• More generally, explain which types of ciphers
are vulnerable to the brute force attack, and
which are not.
Sample exam questions
• Explain why frequency analysis can be
successfully used for attacking the substitution
cipher.
• Suggest one parameter of a cipher which is
likely to make it less vulnerable to frequency
analysis.
```