CMSC 414 Computer and Network Security Lecture 3

1
CMSC 414Computer and Network SecurityLecture 3

• Jonathan Katz

2
Private-key encryption

• Alice and Bob share a key K
• Must be shared securely
• Must be completely random
• Must be kept completely secret from attacker
• We dont discuss (for now) how they do this
• Plaintext - encryption - ciphertext - decryption
• Decryption must recover the message!

3
Security through obscurity?

• Always assume full details of crypto protocols
  and algorithms are public
• Only secret information is a key
• Security through obscurity is a bad idea

4
Shift cipher

• Attacks?
• Key space is too small!
• Insecure against ciphertext-only attack
• Frequency analysis
• Index of coincidence
• If an attacker can recover the key, a scheme is
  clearly insecure
• What about the converse?
• Multiple other attacks and problems

5
Substitution cipher

• Attacks?
• Much larger key space
• Definitely not secure against known-plaintext
  attack
• Also not secure against ciphertext-only attack
  (frequency analysis, digrams, trial and error)
• Having a large key space is necessary, but not
  sufficient, to guarantee security
• (Note that adversary can still recover the key)

6
Attacks

• A typical standard is security against
  chosen-plaintext attacks
• Security against chosen-ciphertext attacks is
  increasingly required
• Note that the one-time pad is insecure against
  known-plaintext attack

7
Moral of the story?

• Dont use simple schemes
• Thoroughly analyze schemes before using
• Better yet, use schemes that other, smarter
  people have already analyzed
• A good definition of security is critical

8
Re-thinking the problem

• What do we mean by security?
• I.e., not being able to determine the key??
• Types of attacks
• Perfect security
• One-time pad
• Computational security
• Block ciphers and modes of encryption
• DES and AES

9
Notions of Security

• What constitutes a break?
• What kind of attacks?
• Note always assume adversary knows full details
  of the scheme (except the key)
• Never aim for security through obscurity

10
Security goals?

• Adversary unable to recover the key
• Necessary, but meaningless on its own
• Adversary unable to recover entire plaintext
• Good, but is it enough?
• Adversary unable to determine any information at
  all about the plaintext
• Sounds great!
• Can we achieve it?

11
One-time pad

• (One-time pad)

12
Properties of one-time pad?

• Achieves perfect secrecy
• No eavesdropper (no matter how powerful) can
  determine any information whatsoever about the
  plaintext
• (Essentially) useless in practice
• Long key length
• Can only be used once (hence the name!)