{"id":1127,"date":"2010-10-28T16:28:10","date_gmt":"2010-10-28T20:28:10","guid":{"rendered":"http:\/\/www.acarlstein.com\/?p=1127"},"modified":"2010-11-02T15:55:20","modified_gmt":"2010-11-02T19:55:20","slug":"introduction-to-network-security-part-5","status":"publish","type":"post","link":"http:\/\/blog.acarlstein.com\/?p=1127","title":{"rendered":"Introduction to Network Security – Part 5"},"content":{"rendered":"

NOTIFICATION:<\/strong><\/span> <\/strong>These examples are provided for educational purposes. The use of this code and\/or information is under your own responsibility and risk. The information and\/or code is given \u2018as is\u2019. I do not take responsibilities of how they are used.<\/p>\n

Symmetric Encryption<\/strong><\/p>\n

In the symmetric encryption, the same key (normally a single-key) is used to perform the encryption and decryption of the ciphertext.<\/p>\n

Symmetric Cipher Model:<\/span> This model is performed by performing transformations and substitutions on the plaintext. A secret key, independent from the plaintext and the algorithm, is used to cipher the plaintext. After, the ciphertext plus the secret key is used with the decryption algorithm to obtain the original plaintext.<\/p>\n

Symmetric Encryption is the opposite to the concept of public key distribution which will be explained in future postings.<\/p>\n

Requirements:<\/span><\/p>\n

    \n
  1. The cipher model must be mathematical expression:
    \n(E: Encryption, D: Decryption, X: plaintext, Y: ciphertext, K: secret key)<\/p>\n
    Y = E(K, X)\r\nX = D(K, Y)\r\n<\/pre>\n<\/li>\n
  2. Assumption that the encryption algorithm is known to the attacker.<\/li>\n
  3. A strong encryption algorithm which in case the attacker would  obtain or know some examples of the ciphertext and the plaintext  produced from the ciphertext, the attacker would still be not able to  obtain the key. This means that if the attacker would obtain the  ciphertext, the attacker would not be able to obtain the secret key or  the plain text.<\/li>\n
  4. Secret key should be known only by the sender and the receiver of the ciphertext.<\/li>\n
  5. The distribution of the secret key must be done in a secure fashion.  For example, the use of a third party that would generate and provide  in a secure way the key to the sender and the receiver.<\/li>\n<\/ol>\n
    Substitution Ciphers<\/strong><\/p>\n
    In classical substitution ciphers, all the letters in the plaintext will be replaced by another letter, number, and\/or symbol.<\/p>\n
    Caesar Cipher<\/strong><\/p>\n
    History explains that Julius Caesar <http:\/\/www.roman-empire.net\/republic\/caesar-index.html<\/a>> came up with a substitution cipher that he used in his campaigns for military affairs.<\/p>\n
    The cipher works in the following way:<\/p>\n
      \n
    1. We use the alphabet of 26 letters:\n
      \"\"<\/a>\r\n<\/pre>\n<\/li>\n
    2. Under this alphabet, we will rewrite the alphabet by picking a letter as a starting point.
      \nLets say our key indicate the starting point such as K = 4 so we begin with the letter ‘E’ then:
      \n      \"\"<\/a><\/li>\n
    3. This means that if we wish to send a plaintext (P) that says HELLO, the ciphertext (C) would be LIPPS, and the key (K) would be 4<\/li>\n
    4. The mathematical way to represent this cipher will be the follows:\n
        \n
      1. Give each letter of the alphabet a number:
        \nA = 1, B = 2, C = 3, D = 4, E = 5,F = 6, G = 7, H = 8, J = 9, K = 10, L = 11, M = 12, N = 13, O = 14,P = 15, Q = 16, R = 17, S = 18, T = 19, U = 20, V = 21, W = 22, X = 23, Y = 24, Z = 25.<\/li>\n
      2. Encryption Algorithm:
        \nE: Encryption, Ct: Ciphertext, Pt: Plaintext, K: secret key<\/p>\n
        Ct = E(Pt)\r\n   = (Pt + K) mod 26<\/pre>\n<\/li>\n
      3. Decryption Algorithm:
        \nD: Decryptor, Ct: Ciphertext, Pt: Plaintext, K: secret key<\/p>\n
        Pt = D(Ct)\r\n   = (26 + (Ct - K)) mod 26<\/pre>\n<\/li>\n<\/ol>\n<\/li>\n
      4. The weakness of this cipher is that it can be broken by brute force. We just need to test the 25 combinations of different keys\u00a0 until we find the key that reveals the message.<\/li>\n<\/ol>\n
        Monoalphabetic Cipher<\/strong><\/p>\n
        The mono-alphabetic cipher instead of shifting the alphabet a number of letters, its substitute each letter arbitrarily by mapping the plaintext letter map to a random arranged ciphertext. The only requirement for the ciphertext is that the letters must not be repeated.<\/p>\n
        Since we are using 26 letters of the alphabet the arrangement of the cipher can permute a total of 26! permutations.<\/p>\n
        \"\"<\/a><\/p>\n
        If we wish to encode the word “HELLO”, we would obtain “NERRS”<\/p>\n
        Lets assume we wish to cipher a plaintext:<\/p>\n
        Plaintext = “THIS IS A SECRET MESSAGE ENCODED IN MONOALPHABETIC”<\/p>\n
        Ciphertext = “XNMW MW E WIGBIX OIWWEJI IPGSCIC MP OSPSERUEDIXMG”<\/p>\n
        The following website let you play a little with monoalphabetic cipher by randomizing for you the ciphertext:
        \n<        http:\/\/www.simonsingh.net\/The_Black_Chamber\/generalsubstitutionWithMenu.html<\/a>><\/p>\n
        The only problem is that this cipher can be exploited by doing regularities analysis over the frequency of the letters. Base on the language rules some letters are used more than others. For example, in English, the letter ‘E’ is the most common used in words, followed by A, I, O, N, R, S, T. Others letters such as K, J, Q, X, Z are less used than the rest.<\/p>\n
        The largest is the message, the most chances that the attacker can decrypt the message.
        \nJust in this message “XNMW MW E WIGBIX OIWWEJI IPGSCIC MP OSPSERUEDIXMG” we have:<\/p>\n