BASIC METHODS

Protecting sensitive information in a communications channel (outside the physical control of the communicators) is essential [9]. Basically, there are two methods for providing protection:

1. Concealing the existence of the message by such techniques as includ-ing it with unrelated communications

2. Making the information in the message unintelligible through cryp-tographic techniques, without attempting to conceal the existence of the message

The latter approach is the more practical in computer/communications systems.

As illustrated in Figure 8-1, a cryptographic system (cryptosystem) for secure communications between a sender (S) and a receiver (R) consists of the following elements:

Plaintext

Message(M)

,

Ciphertext

Message (E) Ciphertext r.U-=-n-s-ec-u-re----,

Communications Channel

Figure 8-1. Application of Cryptographic Transformations

• A plaintext message (M) to be transmitted and protected

• A very large family of invertible cryptographic transformations (ci-phers) (T) applied to M to produce ciphertext (E) and later to recover M by applying the inverse T-l to E

• A parameter (K, the key of the cryptosystem) that selects one specific transformation (T I() from the family of transformations

A cryptosystem can be effective only if the communicators keep the key secret and the family T is large enough that the correct K could not be guessed or determined by trial-and-error search techniques.

Such a system is used in the following manner. Prior to proceeding with communication, both S and R agree upon the family of transformations to be used and establish K (e.g., one communicator selects K and communicates it to the other over a secure communications channel). Now S generates M and encrypts it by applying TK: E = TK (M). The sender then transmits E. Upon receiving E, R applies the inverse transformation and recovers M: M = T K -1 (E). E may be intercepted in the channel and subjected to various cryptana-lytic attacks aimed at M, K, or both. Since it must be assumed that the interceptor knows in detail the transformation being used, the security of the message rests entirely upon the interceptor not knowing which key was used.

More than 70 years ago, a set of effectiveness criteria for cryptosystems was stated by Kerkhoffs (as described by Shannon [10]):

• The transformation used should be unbreakable (if not in theory, then in practice).

• The interceptor's knowledge of the family of transformations being used and of the cryptosystem equipment should not compromise the protection provided.

• The key should be capable of providing all protection and should be easy to generate, store, transmit, and change.

• The transformation used should be simple, requiring no complicated rules or mental strain.

Although Kerkhoff's criteria were derived for manually operated commu-nications systems, they can be applied to computer/commucommu-nications systems.

Some changes, of course, have occurred. For example, computers pennit more complex transformations, and the keys can be changed more readily and frequently. On the other hand, computers have become important tools for cryptanalysis, and their use has greatly reduced the effectiveness of classical cryptographic transformations [11].

In classical cryptography, all transformations are substitutions, transposi-tions, or product ciphers (combinations of substitutions and transpositions). If M is regarded as a string of characters from an alphabet (A), such as the English alphabet, a monoalphabetic substitution transformation replaces ev-ery character of A by either a character from a cipher alphabet (B) or a group of characters from B. These two cases are called monographic and poly-graphic substitutions. Alphabet B is usually a pennutation of A. A very simple fonn of a monoalphabetic substitution is the Caesar cipher, in which the cipher B is obtained by rotating the original alphabet A by a fixed number of character positions. This number is the key. Figure 8-2 illustrates a Caesar cipher in which K

=

3 and A is rotated to the left. Because there are only 25 possible rotations for the English alphabet, this system is very easy to solve by trial-and-error methods.

Plaintext

alphabet A: abc d e f g h i j kim n 0 p q r stu v w x y z Ciphertext

alphabet B: d e f g h i j kim n 0 p q r stu v w x y z abc Plaintext message: sell all shares

Ciphertext: vhoo doo vkduhv

Figure 8-2. Caesar Cipher (K

=

³⁾

Polyalphabetic substitution transformations use several cipher alphabets (B1o ~, . . . , Bn), each of which is usually a Caesar cipher. They are used cyclically to determine which substitution is to be made. The key can be numeric (showing the amount of rotation for each alphabet used) or alphabetic (showing which character of each of the alphabets corresponds to the plaintext letter "a"). For example, when the key is "domino," the plaintext message

"sell all shares" is encrypted as "vsxt nzo gtiesy. " The longer the key (the more alphabets used), the more effective a polyalphabetic substitution is because it hides the original text more thoroughly. If K is at least as long as the message, the key is generated by a random process and is used only once.

This cryptosystem is called a Vernam system and is, in theory and practice, unbreakable. Its use in data communications systems, however, is impractical because a very large K must be provided when the message volume is large.

Transpositions are rearrangements of characters in a message, without changing the alphabet. Typically, a transposition operation is applied to a block of characters of the message. The key specifies which characters are to be interchanged. For example, in a block of six characters, with K specified as (136542), the word "profit" is changed to "optrfi." Character 3 replaces

character 1, 6 replaces 3, and so forth as specified by the key until, finally, character 2 replaces 1. If the block is large, a transposition can be very effective.

Product transfonnations (repeated application of substitutions and transpo-sitions) can be very effective "mixing transfonnations." One such transfor-mation is the Data Encryption Standard (DES), approved by the National Bureau of Standards for nonmilitary agencies of the federal government [12].

DES is discussed in more detail in the next section. Other transformations, based on complex mathematical fonnulas [13], are also examined.

Transfonnations based on substitutions only are called stream ciphers-each character of the message is encrypted independently of the others and can be transmitted as soon as it has been encrypted. Transfonnations that apply transpositions are called block ciphers because an entire block of char-acters must be encrypted before any can be transmitted. The following types are based on the structure of the communication and the implementation of encryption:

• End-to-end encryption-The sender encrypts the message and it re-mains encrypted while being transmitted through a network until it is received and decrypted by the recipient.

• Link-by-link encryption-Each communications link from switching center to switching center has its own encryption key. The communica-tors need only the key to the nearest switching center.

• Super encryption-The communications system uses link-by-link en-cryption, but the communicators use their own end-to-end encryption keys.

Link-by-link encryption increases key security by limiting each communi-cator to only one key to the nearest switching center and eliminating the need to make prior key transmissions. This means, however, that communicators are placing their trust in the communications system and its security. Mes-sages must be decrypted at each switching center for reencryption for the next link and can thus be intercepted at the switching centers. Super encryption can avoid this problem.

Im Dokument Data Communications Management (Seite 117-120)