CMSC 414 Computer (and Network) Security Lecture 3 Jonathan Katz
Download
Report
Transcript CMSC 414 Computer (and Network) Security Lecture 3 Jonathan Katz
CMSC 414
Computer (and Network) Security
Lecture 3
Jonathan Katz
Confidentiality
In more detail…
Alice and Bob share a key K
– Must be shared securely
– Must be completely random
– Must be kept completely secret from attacker
– We don’t discuss (for now) how they do this
Plaintext - encryption - ciphertext -
decryption
Decryption must recover the message!
Notes…
Can also be used to encrypt files (i.e.,
secure storage)
We have not said anything yet about
security…
Some examples
(Shift cipher)
(Substitution cipher)
(Vigenere cipher)
Attacks?
Shift cipher
– Key space is too small!
– Insecure against ciphertext-only attack
• Frequency analysis
• Index of coincidence
– If an attacker can recover they key, a scheme is
clearly insecure
• What about the converse?
– Multiple other attacks and problems
Attacks?
Substitution cipher
– Much larger key space
– Still not secure against ciphertext-only attack
(frequency analysis, digrams, trial and error)
– Having a large key space is necessary, but not
sufficient, to guarantee security…
• (Note that adversary can still recover the key)
Attacks?
Vigenere cipher
– Index of coincidence
• Random text has index: (26)-2 = 0.038
• English text has index: (pi)2 = 0.065
– Can distinguish substitution and Vigenere
ciphers; if the latter, can determine key length
– Can further use this to determine key
Moral of the story?
Don’t use “simple” schemes
Thoroughly analyze schemes before using
– Better yet, use schemes that other, smarter
people have already analyzed…