 Well, I just received an email from Dr. Tanarat. It's alright. What should I do? He's an excellent student. What should I do? Dr. Tanarat, tell me. Excellent student. He's already done security. He should get an A. What should I do? From Dr. Tanarat. From address Tanarat at S-I-T-T-U-A-C-T-H. Which is correct. That's his email address. But in fact, it's a fake message. It's sent by someone maliciously in pretending I received it. I didn't send it. I received it. And simply change the from address in the email address. So in email especially, it's very easy. You can control the actual from address in an email. So there are certain fields in an email. From, to and so on, subject. In this case, I created an email and changed the from address to be Tanarat's email address. So when, in a different account, I sent it. When I receive it here, it says it's from Dr. Tanarat. So that's a simple demonstration of a masquerade attack. Someone pretending to be someone else in this case. And without, alright, maybe this one I would not believe if I saw it. But in other cases, you may believe that message and believe who the source was. But for security, we need something better than just using the from address to identify someone. We need cryptographic techniques to provide authentication. Some of you may have seen with email, you can provide signatures, digital signatures at the end of the email. And we'll see as we go through the course that you can attach information to the email that gives the receiver much more confidence that it came from the right person using public and private keys. We'll come to that after the midterm. Another example. So that's an example of a masquerade attack. The other example is, I want to show, is me accessing the wireless network. And it would take a little bit to set up, but let me use my high-tech picture of what we want to do while I set this up. I've got my two laptops here. The blue one and the one on the screen is the black one, the gray one. What I'm going to do is use this to access a website. And of course, since I'm using wireless LAN, I'm connecting to some access point which is where outside in the corridor in this case. So I'm going to connect to an access point outside. And this other laptop, which you see the screen is going to, hopefully, if it works, intercept the message and see the message contents. Just to illustrate how easy it is. Now, that's only if it works. Let's try it. First, just make sure that this laptop... No, with this malicious user, the laptop you see up here, I need to configure it to intercept messages. Normally, with wireless LAN, with Wi-Fi, you transmit to an access point and receive from access point. So you associate with an access point. And you only communicate with that access point. And then that access point sends it across the rest of the network. So when you turn on your laptop, what it does is your laptop finds or discovers some nearby access points and then associates with one of them. Another feature of wireless LAN and many wireless technologies is that the transmission is broadcast. That is, when I transmit a signal to the access point out in the corridor, it goes, of course, to the access point, but from the antenna in my laptop, it spreads all around, in fact. The signal goes in that direction, in that direction, up and down, all around. So anyone within range of that signal, so within 5, 10 metres, should be able to receive the signal. So, in fact, what I'm going to do is with the blue laptop, send to the access point, and because my other laptop is within range, I'm going to configure it such that it will receive that signal. Normally, your laptop will not receive other people's signals. Actually, it will receive other people's signals, but it will discard their signals because normally, you only receive and process data that is sent to you or data that you send. But you can configure some operating systems such that if someone else sends to the access point, if I receive the signal, I can receive and process their data. I'll set that up and then we'll show what we can achieve by doing that. I need to remember the instructions. I need to turn my wireless LAN interface into a mode such that it can receive other people's signals. And I'll do it quickly here. Using IF-CONFIG, you're going to learn some of these commands in the lab next week. I'm just going to, for the start, turn off my wireless LAN interface and then set it up and then turn it back on. And now I'm going to set it up using another command called IW-CONFIG to configure my wireless interface. The name of my wireless interface is WLAN0 and there's a special mode and it's called monitor mode, which means when the wireless LAN on my laptop is on, it's going to monitor whatever anyone else within range sends, monitor in intercept, in fact, and record everything that other people send. Normally, your laptop does not use monitor mode. It's a special case. And just to confirm, so my wireless LAN interface is in the monitor mode at the moment. It's not doing anything. It will not send data. It will just receive other people's data and turn it on. And last thing, I'm going to monitor a specific channel. You don't have to remember this. This is a demonstration. Not for the wireless but for the next step. Channel. Monitor channel 13. Because hopefully this laptop's going to use channel 13 to communicate with the access point outside. That's the uncertainty in this demo. And then, so now my laptop should be receiving all the packets sent by other people, tablets, phones, laptops in the vicinity. My laptop can receive anything that they send. And I'm going to record everything that I receive using a program called TCP dump, which just records all the packets other people are sending on my wireless LAN interface. Some options which are not so important and write to a file. That now my laptop is recording to a file all the packets other people send. So don't do anything on your phone or on your tablet because I will record it. But I will do something on this laptop. And you cannot see it. I'm just setting up to turn on the wireless. I don't need to do it correctly. I'm just trying to connect to the SIT wireless LAN slowly. I've connected to the SIT wireless LAN. And I have an IP address. And you cannot see, but... Okay, I just opened my web browser and I've got the SIT login. So now I need to enter my login and I'll access the website. And I accessed my favorite website, the course web page. And I'll just follow a link. And now let's look at what data my laptop sent to the access point by looking at what my other laptop captured. So we'll close that. So this software TCP dump records all the packets that my wireless LAN interface receives. And because this blue laptop was sending some data, as were other people probably, but they were sending data within vicinity of this capturing laptop, it received a signal. TCP dump recorded the packets and recorded them into a file, example.cap. In fact, it received 62,184 packets. Let's look at those packets. And Wireshark is a program that will display them in a nicer format. And it displays many of them. I logged into the SIT website, into the SIT internet access system. When you access the network here, you need to provide your username and password. In fact, that server that provides that service, I remember its IP address. It's, I think, 192.168.20.109. That is, I'm filtering out the packets. And let's zoom in so it's a bit clearer. I'm filtering out the packets which were between my blue laptop, hopefully, and the SIT login server. You know that page that asks you for your username and password. And these are some of the packets. We see there's a TCP connection set up. There's a request from my computer, 10.10.97.210 to the 192.168.20 computer. It was a request for the web page. And the SIT login server sends back a response, which is that actual web page, asking me for my username, password, and showing that long warning message. Then I typed in my username and password. Let's go down and see if we find it. Whether this is the correct one, let's zoom in. So the orange one is from my computer. Actually, what's wrong? Anyone recognize anything wrong? Two different computers logged in. Here's my computer. My blue one is 10.10.99.251. The previous packets were a different computer. Someone else logged in. I will not look at their password. I'll just look at my own. So mine is, in fact, starts here. This is when I log in. If we zoom in on that particular packet, we can see some of the details. It's a HTTP packet. And it's a request for access to the internet. And then now let's try and find the... Then there's the response. And somewhere down below, there's just some data and some acts there. More acts. One of these should contain... I don't think it's that one. It's filter again. This is like doing any demo and nothing works 100%. It shows us the HTTP packets. I need to look for my IP address, which is the 251. Getting closer here. So this is from my computer. 10.10.99.251. Going to the SIT login server. It's a post. What happens with the web login is that you try and access the internet. SIT login server sends you this login page. You type in your username and password, click OK, and that sends data back to the server and checks your username and password. Zoom in looking at the details of that packet. What do you see? Because I typed in my username and password and that was sent, of course, to the server because the server needs to authenticate me. So that's sent to the server and from a blue laptop, my other laptop captured that data. And this is showing the packets which were captured and I found one of those packets. And somewhere inside that packet, we see the data that was sent from laptop to server, including username and password, and the rest of the message. So that's sent to the server and the server then checks, is it my correct password? If so, it logs me in. And then we continue. Don't log into my account. We'll change it. That will be changed soon. So that's an example of simply releasing the message contents. By someone intercepting, they have captured the data that was sent from Bob to Alice and Darth has captured that and they see the contents. In this case, they can use that in the future. So in this case, there's no... and in SIT's login, there's no encryption for the internet access. So you need to be careful with your passwords because, especially, don't use your pass... don't use a password here that you use in other systems. So I do not use this password for my bank account, for example. So because if someone finds it, then they also have access to your other systems. So in this case, there's no encryption. You can set up encryption, but it involves more steps with setting up the network. Okay. That's two examples of the types of attacks which are possible and quite easy. What we want to go through then is, well, how do we stop those attacks? Now, what techniques can we use such that someone cannot see the password so that someone cannot pretend to be someone else with an email? Well, those techniques mainly require... or rely upon encryption, transforming some data into some other form and sending that transformed data, that encrypted data. So what we're going to do to demonstrate the concepts of encryption is to look at some old classical encryption ciphers, algorithms. So by old, thousands of years old in some case. So that is the first things that come up. No longer used, of course, but they demonstrate the principles and are easy to give some examples on the board or on a piece of paper. Classical encryption techniques. We'll see some more terminology come up. I don't need this. We're going to talk about, and all these old techniques, and up until the last, say, 30 or 50 years, the techniques have used what's called symmetric encryption, symmetric ciphers. It's only in the last, maybe since the 1970s, since an alternative has come up called asymmetric or public key cryptography. So at least up until the midterm we're focusing what is symmetric key encryption. We'll explain what it is. First some terminology. What we're going to do to encrypt something, we take some message, apply some algorithm on that message, and we get some output. The original message we refer to as the plain text. It doesn't have to be text, but the message we refer to as plain text. Plain meaning it can be read. We take the plain text, we apply some transformation, some encryption algorithm, and as the output we get ciphertext. So we encrypt plain text and get ciphertext. Encryption is this process of converting from plain text to ciphertext, sometimes called encyphering. So we have some function that takes plain text, returns ciphertext, that's an encryption function. And we normally need to go back in the other direction as well. Given the ciphertext, we decrypt that and get the original plain text back. And encryption usually depends upon the fact that if you take some plain text and encrypt to get the ciphertext, then you should be able to take that ciphertext and decrypt and get the same original plain text. You don't want to get different plain text as the output. With symmetric key encryption, we use a key at both the sender and receiver. When I say the sender and receiver, I will talk about that model that we finished on before the break, where we have the source, the sender has some message to send to the receiver. The source has a plain text message, they encrypt it, they get some ciphertext, they send the ciphertext to the receiver, the receiver takes the ciphertext, decrypts and gets the plain text. To perform the encryption and decryption, you don't just have the plain text and ciphertext, there's another piece of information, the key. And that key is normally secret. That is known just to the sender and receiver. If someone else knows it, it's not a secret. Our system will not work. Cryptography is the study of the algorithms used for encryption. So all we've said here is we convert plain text to ciphertext. How do we do that? Well, there's different ways that we can perform that conversion. They are encryption algorithms, those algorithms, or the study of those algorithms is cryptography. A cipher or a cryptographic system is a particular algorithm. So we'll talk about shortly the Caesar cipher, the Playfair cipher, two different algorithms. Cryptanalysis is the study of the techniques for decryption without knowledge of the plain text. That is like breaking the cipher. If you've got the ciphertext, you want to get back the plain text, then what techniques can we do to obtain that plain text? Cryptology is just the areas of cryptanalysis and cryptography. There's some terminology. This is similar to that diagram we finished on. And maybe this is a... Well, it uses the terminology we've just introduced and maybe a bit easier when we go through it as an example. Again, we have a source on this side and wants to send some data to the receiver on the other side. So we start with our original message, the plain text input. We have some plain text, X, if we want to use some mathematical notation. We have an encryption algorithm, some algorithm that transforms plain text into ciphertext. That algorithm takes two inputs. It takes the plain text's input, X, and a key, K, some secret information. So what we get is that we take the plain text, the key, apply our encryption algorithm, and we get some output. The ciphertext is the output. Denoted here as Y. In this case, X is the plain text, K is the key, and Y is the ciphertext in this slide. In other cases, we'll use different notation like P, K, and C. And the encryption algorithm is expressed as a function here. It's a function that takes two inputs, the plain text and the key, and returns one output, Y, the ciphertext. So we see in the middle here, Y, the ciphertext, equals E. E is a function, the encryption function. E of K and X. So E, this function E, is our encryption algorithm. Just the notation used on this slide. And we see two inputs and the output is the ciphertext. We send the ciphertext across the network to the destination. The destination has a decryption algorithm. So a decryption algorithm takes the ciphertext as input, so the ciphertext is received, that's one input, takes the key as input, the same key as used on the other side, and decrypts. And if everything works correctly, they'll get the original plain text as output. So we also have D, the decryption algorithm. And if the algorithms are correct, then using the same key K and the ciphertext, we'll get X, which is the plain text as an output. So plain text message at the start, and the same plain text message is received at the receiver. What is sent across the network is the ciphertext. What the attacker can see here, this is our network or our communication channel, the attacker, the opponent, sees the ciphertext. If the attacker can intercept the message, then they find out why the ciphertext. The key K should be secret. Only the source and the destination should know K. If the attacker knows K, what do they do? What can the attacker do if they know K? They should be able to decrypt. Under one assumption, the algorithm is known. So we have different pieces of information here. The plain text, the key, the ciphertext, an encryption algorithm and a decryption algorithm. From the attacker's perspective, they can intercept and find the ciphertext. In most practical cases, we assume that the algorithm is known. Everyone knows the algorithm, including the attacker. They know the function for encrypting and decrypting. Only in very special cases where that's not true. For example, maybe in the military or in some government organisations where they keep the algorithm secret. But it's very hard to do so. Because in practice, someone needs to implement software or hardware to do this encryption. And that takes many people. I think that secret requires a lot of physical resources. In most practical cases and encryption that we use today, the algorithms for encrypting and decrypting are not secret. They are known by everyone. That is, you and I know them. The attacker knows what they are. The ciphertext can be known by the attacker. We assume that the attacker or the opponent can receive anything sent across the channel, which is the ciphertext. This is known by the attacker. The goal of the attacker is to find k and or... What do we got? x, the plaintext. If the attacker can find the key, then they know the decryption algorithm. They know y. If they also know the key k, then they can find x. Because the decrypting using key k or y gives us x, the plaintext. If the attacker knows the key, they can easily find that or calculate the plaintext. If they know the plaintext, then we haven't kept our message secret or confidential. Our system is not secure. That's the basic model for encryption. It's similar to the last slide that we finished with just before the break. It's a different perspective. What do we need for this to work? To provide some security, we'll describe on that slide, but from the attacker's perspective, they can find the ciphertext. They know the encryption and decryption algorithm. Let's say they want to find the plaintext. If they find the plaintext, our system is not secure. How do they find the plaintext? We know the plaintext can be found by decrypting with the key, the ciphertext. We know the function. The attacker knows the function. They know y, the plaintext. If they know k, they can find x. One objective, find the key k. We assume that the key is secret. If it becomes publicly known, then the security of this system fails. It falls down. The assumption is that the source and receiver keep the key k secret. If I'm communicating with someone and we decide upon a secret key, if for some reason someone else discovers that secret key, we cannot trust it and we can no longer securely communicate. The key must be secret. What else could they do? So if they find the key, the system falls down. But look what we have here. What's our other function? y equals encrypt key with key k, x, we get y. Sometimes, well, we'd like to make the algorithm such that it's hard to find the key. Even if you know some pairs of plaintext and ciphertext. So we'll see there are different classifications of the security of the system and the types of attacks. But first thing, keep this key secret. And the second, have an algorithm which is considered strong. We need to define what we mean by strong or secure. Strong in terms of security. An algorithm such that it's hard to find what the key is. So we need a strong encryption algorithm. What is this function e and the corresponding d? Given if the attacker knows the algorithm and the ciphertext, should be impossible or practically impossible to find the key or the plaintext from the algorithm. If the algorithm has that property, then we consider it strong. And the other assumption or requirement we have is that both the sender and receiver know the secret key and keep it secret. If they tell someone else it's no longer considered secret. In practice we will assume that the cipher that is the encryption and encryption algorithm are known. A public. Everyone knows the details of these algorithms including the attacker. And we assume that the key to get from the sender-receiver is somehow securely distributed. For example, I want to encrypt and send a secure message to one person. So what I do is I choose a key. Some random key. I write it down on a piece of paper, give it to the other person and then we do our encryption. If we're secure, we're okay. But it's not so easy in practice. I want to communicate with someone on the other side of the world via the internet. I cannot write down the key on a piece of paper and send it via post. It's going to take a few days to get there. Not very convenient. So in network systems we need some automatic ways to distribute keys. And we assume so far we assume that we've got some magic way to distribute keys from sender to receiver so that no one else knows the key. One of the topics is key management where we look at how to distribute keys. But for now we assume we can. This is almost the same system but also shows the attacker formally the cryptanalyst here. Using the same mathematical notation some slight variations. We have a message or the thing that generates the message some message source, X, the plain text an encryption algorithm we have a key source something that generates or calculates keys and somehow the key is distributed to both the source and the receiver securely. No one else knows the key except the source and destination. We encrypt get the ciphertext, send the ciphertext and decrypt and get the plain text. The attacker cryptanalyst here can intercept the ciphertext their goal is to find the plain text and all the key. Usually if you find the plain text you've defeated the security of the system if you find the key you can easily find the plain text. So the goal of the attacker is to find the key or the plain text. That's here. It's denoted as X hat K hat because they try and calculate what the key and the plain text is. And of course it should be the same as the real values. If they can find them we wouldn't consider this secure. We need algorithms such that they cannot find these. So that's some of the notation and general terms for encryption. Before we give some specific examples a little bit more notation what are these algorithms for encryption? How do we encrypt? Well there are two main operations used to transform the plain text to ciphertext. And they're very simple operations. Substitution and transposition. Quite simply substitution is you take one element of the plain text and replace it with another. Let's say the plain text is made up of English characters. Hello, H-E-L-L-O Then there are five elements in this plain text, the five letters. Substitution is taking one of the elements the letter H and replacing it with another letter in the alphabet. Let's say replace H with X. That's substituting one element with another. Transposition is rearranging those elements. If we have H-E-L-L-O we may rearrange those five characters to be L-E-H-O-L That's transposition. Using these two simple operations we'll see most or most ciphers that we'll see the symmetric ciphers we'll go through use these simple operations but to provide more security they combine them. They don't just do a substitution or just a transposition they use both of them and they repeat them. So we get what's called product systems which are multiple stages of substituting and transpositions. So replace one letter with another letter do that for all the letters then rearrange according to some algorithm then do it again in another stage and again and again that pattern comes out in the ciphers we'll go through. In general encryption there are two different types symmetric key encryption symmetric key cryptography and public key encryption also called asymmetric. So symmetric sometimes called single key encryption secret key encryption shared key encryption conventional it's the original approach used and it's being used up and it's still used today it's quite significant. In the last 40 or so years this new approach called public key or asymmetric encryption was developed. What's the difference at this point in time symmetric uses one key known by both the source and destination the sender and receiver symmetric that is the same key asymmetric or public key encryption the sender uses one key the receiver uses a different key a different asymmetric but usually there must be some relationship between the two different keys we're going to focus on symmetric key encryption after the midterm we'll come back to public key encryption and how that works. Another way to classify ciphers is on how much plain text do they operate at any time a block cipher encrypts a block of plain text usually the block in practice is say 64 bits or 128 bits a stream cipher encrypts the elements continuously say one bit at a time we're going to focus on block ciphers we'll see one example later of stream ciphers let's go to an example cipher and then come back to the types of attacks we'll jump forward and what we're going to do is go through some classical techniques using first substitution that is replacing one element with another and then a few with transposition re-arranging and use them to demonstrate the concepts that are used in most ciphers I think with all of the examples that we'll use we'll use the English alphabet from A to Z but it doesn't have to be any alphabet any set of characters it can be binary, it can be tie it can be numbers whatever we choose as long as it's defined but for simple examples the English alphabet with substitution ciphers the letters of the plain text the plain text message we want to send are replaced with other letters or by other numbers or symbols or by numbers or symbols not of symbols no replaced by other letters or by numbers or symbols we would use again English but if we're using a computer we usually represent that plain text as binary as bits so usually we replace a sequence of bits let's say four bits with a different sequence of bits or eight bits with a different sequence of bits let's go through the first example, the Caesar cipher supposedly used by Caesar a Roman general a long time ago to send secret messages to his army so that the others would not be able to intercept and find out the instructions we have an alphabet with the 26 English characters and the original Caesar cipher is that we take the input plain text letter and the cipher text is that plain text letter shifted to the right by three positions so if the input plain text letter is a the output cipher text is d because d is one, two, three positions along in the alphabet if the input letter is y then the output is b because b is one, two three positions along we wrap around at the end so we can use all the letters so that's the simplest cipher that we can go through we can generalize that so this shifts by three positions the original Caesar cipher we can generalize it to shift by any number of positions k positions so we define the cipher by how many positions we shift the letters to positions and we can express that mathematically by mapping the letters to numbers and a common mapping is that the letter a maps to number zero the letter z maps to number what 25 so we just map each letter to the numbers and the shift by positions is that we add the number of positions a is zero if we shift by three positions the ciphertext should be d which is three zero plus three if we shift by four positions it's zero plus four and we get e is the output so we can express the encryption algorithm mathematically here the ciphertext c is obtained by encrypting the plaintext p using key k is the number of positions we shift which is calculated as taking the value of the plaintext element p plus k so we just add and because we wrap around we need to mod by 26 26 because we have 26 characters to deal with this case where we take y we shift by three positions and we get b that's why we have this mod 26 and to decrypt we go backwards that is in the opposite direction to decrypt the ciphertext g is the letter three positions beforehand which is d and mathematically it's the ciphertext minus the number of positions we shift mod 26 just a quick simple task to get your brain working here's your plaintext encrypt it calculate the ciphertext hello everyone with a key of four simple and in this case you can simply use the information on the no you cannot use that exact shift but you can look from the alphabet here and shift four positions along first letter l okay I think you can have to go all the way not always but sometimes to distinguish between plaintext and ciphertext I'll write plaintext as lowercase and ciphertext as uppercase just to distinguish okay l next z for z so you can encrypt anything with the cipher and you should be able to decrypt the decryption conceptually is just shifting backwards so we mathematically when we're using the numbers the ciphertext value minus the key value mod 26 our key is four the letter what do we have here do we have one interesting if we have the letter b integer one what's the value of the plaintext using the mathematical approach quite simply p equals the ciphertext value one minus the key four mod 26 three minus three mod 26 is what minus three mod 26 23 okay we don't have in modular arithmetic we don't have our negative values here we just have from zero up to 25 with mod 26 and this this implements that wraparound feature which is the letter x is that right so be careful with the mathematical form I just made that up the c is the ciphertext if the ciphertext letter was b that is value one then this is what would calculate but that's not related to the holo everyone we'll see with our ciphers even the simple ones we can express that as an algorithm or as an equation here and we can implement that of course quite easily in software what's wrong with the cipher brute force we'll explain brute force a little bit more but with the cipher how many keys are there 26 keys really how many possible keys sorry how many possible keys in one instance we have one key but remember what we do is the source chooses a secret key that is I choose k equal to 4 I tell the other person we're going to use k equal to 4 then I take my plain text holo everyone I encrypt it using k equal to 4 I get my ciphertext send the ciphertext and the receiver decrypts using k equal to 4 that's the secret known only to the source and destination if someone else knows the key they can easily decrypt if you have this the ciphertext and you know the key you'll just do the calculation here and you'll get the plain text so if you don't know the key if you know this you don't know k equal to 4 what do you do guess guess how many guesses will you take 25 guesses why ok you guess the maximum number most guesses you need to make is the number of keys available because what can the key be it could be 0 but if the key was 0 it's not a very smart key to choose why a key of 0 gives us the same plain text and ciphertext we don't shift by any positions it's possible in theory a key of 1 is possible 2, 3, 4, 5 a key of 25 is possible what about a key of 26 a key of 26 because we have this mod 26 we're going to have some number plus 26 mod 26 plus 0 ok that number plus 0 because it's a mod 26 26 mod 26 is the same as 0 mod 26 a key of 27 is the same as a key of 1 so in effect we only have 26 possible combinations and one of them is not so good because it gives us the same plain text and ciphertext so if you don't know the key try them all that is take the ciphertext decrypt with all possible keys and see what you get I'll show you an example you cannot see all of it this is just in a spreadsheet it may not be all clear this is some ciphertext it goes longer than this but there's no need to see the rest so I've created this ciphertext what's the key ciphertext well you cannot see the plain text nothing is obvious so what we do is you try to decrypt this ciphertext using all possible keys you don't know the key so let's do what's called a brute force attack and try to decrypt the ciphertext with every possible key all 26 keys in our case and I've done that and here I've got the original ciphertext at the top and then I decrypted this using a key of A where A maps to the letter 0 and that's our not very smart key because we get the same if we decrypt this ciphertext with a key of 0 the plain text is the same do you think the key of 0 was what was used in this case why not it doesn't make sense this message would make sense okay so I try a key equal to 1 and I get this and I try them all and we scroll down you watch and see tell me what the key is it's not easy but I think you quickly see that this one L or 11 the only truly secure computer is one buried in concrete with the power with the power turned off and then something else at the end and then the network cable cut that's a secure computer that's our plain text guess that's the plain text look at all the other keys any message you understand there all 26 keys in this case all the rest look like random letters or a random combination of letters there's just one of those plain text which makes sense therefore it's safe to assume that that is the correct plain text and it's safe to assume the key is 11 in this case so that's a brute force attack take the cipher text decrypt it with every possible key one of the answers will be a message that you understand and therefore you've discovered the plain text and the key that works assuming you can understand or you can recognize the message in this case we can we guess that the message was in English what if it was in a different language Portuguese you may not be able to recognize it but the same concept applies assuming you know the language you will be able to recognize the message and if you don't know the language then try to translate it to a different language that is use different languages there's not so many languages in the world to try all of them so assuming you can recognize the plain text brute force attack will always work because one of the messages will be a message you recognize all the rest would look like random letters random characters and the cipher is subject to a brute force attack because there are just 26 keys easy to try them all you could have done this on a piece of paper I did it with a computer it takes less than a second so one type of attack against all ciphers is a brute force attack let's go back a few slides a brute force attack a brute force attack try all possible keys the time it takes the brute force attack depends upon the number of keys that you need to try with Caesar cipher 26 keys this table gives us some different examples what it shows us is if we have a cipher with a particular key size and here we measure the key size in bits in Caesar cipher it's not measured in bits it's decimal numbers but assuming we have say a 32 bit key with 32 bits how many possible values are there? 2 to the power of 32 if you've got 32 bit number then there are 2 to the power of 32 possible numbers so if I have a cipher with a 32 bit key there are 2 to the power of 32 possible keys it's listed here which is about 4 billion 4.3 by 10 to the 9 that's the number of possible keys so if I do a brute force attack I need to try 4 billion possible keys on average though assuming the the person who chose the key randomly chose a key on average when I try my keys as a brute force attack I will only have to try half of them before I get the correct answer let's demonstrate that let's say a 3 bit key 3 bit key the possible values there are 8 so I'm using a 3 bit key choose a key don't tell anyone write it down choose one don't tell me especially ok chosen one ok I try this one and so what I'll do is I take the cipher text I'll decrypt using this key and if it was the correct key I would be able to recognise the plain text if it was an incorrect key the plain text from decrypting would be like we saw on the Caesar cipher would be random characters so the idea is that if I decrypt with the correct key I will recognise the plain text and I'm finished if I decrypt with the wrong key I will get random characters I know it's not correct and I'll move on to the next key and try that so I would try this one would I get the correct plain text? no I try this one would I get the correct plain text? no if I try this one this one this one this one ok that's the key he chose so all I did is try them all I would decrypt my cipher text and I get 101 because when I decrypt my cipher text with 101 since it was encrypted using key one and zero one I will get the correct plain text now how many attempts? six maximum number of attempts I'll take is eight if he chose this one minimum is one on average it will be half the key space four in this case because on average if you choose a random key sometimes it will be quickly I'll find it sometimes it will take me a long time on average it will be half the number of possible values so on average we need four attempts that is assuming someone randomly chooses a key so normally when we measure brute force attack we consider what is the total number of possible keys and we may talk about what is the maximum number of attempts it would be eight and what is the average number of attempts in this case it would be the key space divided by two which is four attempts and what this table shows is the average number of attempts if we have two to the power of 32 keys on average we take two to the power of 32 divided by two attempts which is two to the power of 31 and what this table gives us is some example times it takes let's say we have a computer and to do one decryption it takes one microsecond which means one million decryptions per second if that was the case if I had a 32 bit key two to the power of 32 or four billion possible keys my computer would take about 35, 36 minutes to find the key okay if I had many computers and I could go much faster and much faster computers such that I could decrypt one million ciphertext per microsecond that's one million times faster than this column then it would take two milliseconds to decrypt so almost no time how fast is a computer how fast can it decrypt then in nowadays that these times are quite easy for most computers or a network of computers or dedicated computers these times of a million decryptions per microsecond pushing the limits of some systems when we look at Das I'll give you some more examples of how long it takes to break a real cipher so how do we make so a brute force attack in theory is always successful but in practice it takes a long time and is only successful if we can complete the attack in a reasonable amount of time if we have a 128 bit key our ultra fast computer would take 10 to the power of 18 years who's going to wait for the end of the world to find the plane text or the key so just by increasing the key length we can avert a brute force attack because with 128 bits even with the fastest of the fast computers it's still going to take thousands of years to find the key so brute force in theory is successful but in practice it can be averted we can avoid it by having a key that is large enough Caesar cipher key length there are just 26 keys not very good most real ciphers today use 128 bits or larger block ciphers so the key length is not a problem finish with one last example Caesar cipher no good because the key length is just 26 or there's just 26 possible values to break it so expand on the Caesar cipher but allow any letter in the 26 letter alphabet to map to any of the one other letters so what you do to choose a key is you have your alphabet of letters A to Z and a key in this case is a mapping so we have A, B, C I choose a mapping from each letter to some other letter let's say I choose A to map to Q A can map to one of 26 other letters B can map to how many other letters well B can map to any of the other letters except Q let's say I choose S there are 25 possible values to choose from then I choose C maps to some other letter I can choose from 24 letters there's 24 letters remaining whatever I choose A and I keep going like that what I do is I choose a mapping from each of the letter in the alphabet to some other letter Z would map to the last letter available whatever it was the number of choices I have of mappings is from A to one of 26 possible letters B to one of 25 possible letters C to one of 24 possible letters and Z to one of the only one last possible letter the number of possible mappings is 26 factorial and each mapping in this case defines a key in this cipher where we allow any letter to map to any other letter we have 26 factorial possible keys and go back to our that's this one 26 characters permutation take our computer 6 million years to break this cipher so we've gone from a Caesar cipher which has 26 keys to a even a simple cipher but now has 4 by 10 to the power of 26 keys and a brute force attack would be not practical in this case so it's very easy to increase the number of keys in this case once you have a mapping then to encrypt you just take if I want to encrypt the the word hello then I find H find the corresponding cipher text letter and that's the output E, L, L, O and encrypt that's what's called a mono-alphabetic substitution cipher we still substitute one letter with another letter mono-alphabetic meaning mono-alphabet for both the plain text and cipher text and brute force is impossible in this case because it takes too long if you wanted to try we will stop there and we'll go back about keys next week and go through some other classical ciphers