CLASSICAL ENCRYPTION

TECHNIQUES

INFORMATION SECURITY
BS_CS 6TH 2
MULTI-LEVEL SECURITY (MLS)

 There are security classifications or security levels

 Users/principals/subjects have security clearances
 Objects have security classifications
 Example of security levels
 Top Secret
 Secret
 Confidential
 Unclassified
 In this case Top Secret > Secret > Confidential > Unclassified
 Security goal (confidentiality): ensures that information do not flow to those
not cleared for that level
3
MULTI-LEVEL SECURITY (MLS)

 The capability of a computer system to carry information with different

sensitivities (i.e. classified information at different security levels), permit
simultaneous access by users with different security clearances and needs-to-
know, and prevent users from obtaining access to information for which they
lack authorization.
 Discretionary access control fails to achieve MLS
 Typically use Mandatory Access Control
 Primary Security Goal: Confidentiality

4
MANDATORY ACCESS CONTROL(MAC)

 Mandatory access controls (MAC) restrict the access of subjects to

objects based on a system-wide policy
 Denying users full control over the access to resources that they create. The
system security policy (as set by the administrator) entirely determines the
access rights granted

5
WHAT IS A SECURITY MODEL?

 A model describes the system

 e.g., a high level specification or an abstract machine description of what the system does
 A security policy
 defines the security requirements for a given system
 Verification techniques that can be used to show that a policy is satisfied by a system
 System Model + Security Policy = Security Model

6
BELL-LAPADULA MODEL(BLP): A MAC MODEL FOR ACHIEVING
MULTI-LEVEL SECURITY

 Introduce in 1973
 Air-Force was concerned with security in time-sharing systems
 Many OS bugs
 Accidental misuse
 Main Objective:
 Enable one to formally show that a computer system can securely process classified
information

7
THE BLP SECURITY MODEL

 A computer system is modeled as a state-transition system

 There is a set of subjects; some are designated as trusted.
 Each state has objects, an access matrix, and the current access
information.
 There are state transition rules describing how a system can go from
one state to another
 Each subject s has a maximal sec level Lm(s), and a current sec level Lc(s)
 Each object has a classification level

8
ELEMENTS OF THE BLP MODEL
Lm: Max Lc: Current L: Class.
Sec. Level Sec. Level Level

Subjects Objects
Current
Accesses
Trusted
Subjects

Access Matrix 9

Security levels, e.g.: {TS, S, C, U}

CLASSICAL ENCRYPTION TECHNIQUES

 As opposed to modern cryptography

 Goals:
 to introduce basic concepts & terminology of encryption
 to prepare us for studying modern cryptography

10
BASIC TERMINOLOGY

 Plaintext: original message to be encrypted

 Ciphertext: the encrypted message

 Enciphering or encryption: the process of converting plaintext into ciphertext

 Encryption algorithm: performs encryption

 Two inputs: a plaintext and a secret key

11
 Deciphering or decryption: recovering plaintext from ciphertext

 Decryption algorithm: performs decryption

 Two inputs: ciphertext and secret key

 Secret key: same key used for encryption and decryption

 Also referred to as a symmetric key

12
 Cipher or cryptographic system : a scheme for encryption and decryption

 Cryptography: science of studying ciphers

 Cryptanalysis: science of studying attacks against cryptographic systems

 Cryptology: cryptography + cryptanalysis

13
 Cryptography
Basics

 Cryptography is the science of secret, or hidden writing

 It has two main Components:
1. Encryption
– Practice of hiding messages so that they can not be read by anyone other than the intended
recipient

2. Authentication & Integrity

– Ensuring that users of data/resources are the persons they claim to be and that a message has
not been surreptitiously altered
CIPHERS

 Symmetric cipher: same key used for encryption and

decryption
 Block cipher: encrypts a block of plaintext at a time
(typically 64 or 128 bits)

 Stream cipher: encrypts data one bit or one byte at a time

 Asymmetric cipher: different keys used for

encryption and decryption
15
 Encryption
Symmetric Algorithms

 Algorithms in which the key for encryption and decryption are the same are
Symmetric
 Example: Caesar Cipher
 Types:
1. Block Ciphers
– Encrypt data one block at a time (typically 64 bits, or 128 bits)
– Used for a single message

2. Stream Ciphers
– Encrypt data one bit or one byte at a time
– Used if data is a constant stream of information
SYMMETRIC ENCRYPTION

 or conventional / secret-key / single-key

 sender and recipient share a common key
 all classical encryption algorithms are symmetric
 The only type of ciphers prior to the invention of asymmetric-key ciphers in
1970’s
 by far most widely used

17
 Encryption
Cipher

Plain Text Encryption Cipher Text Decryption Plain Text

Algorithm Algorithm

 Cipher is a method for encrypting messages

Key A Key B

 Encryption algorithms are standardized & published

 The key which is an input to the algorithm is secret
 Key is a string of numbers or characters
 If same key is used for encryption & decryption the algorithm is called symmetric
 If different keys are used for encryption & decryption the algorithm is called asymmetric
Symmetric Encryption
Key Strength

 Strength of algorithm is determined by the size of the key

 The longer the key the more difficult it is to crack
 Key length is expressed in bits
 Typical key sizes vary between 48 bits and 448 bits
 Set of possible keys for a cipher is called key space
 For 40-bit key there are 240 possible keys
 For 128-bit key there are 2128 possible keys
 Each additional bit added to the key length doubles the security
 To crack the key the hacker has to use brute-force
(i.e. try all the possible keys till a key that works is found)
 Super Computer can crack a 56-bit key in 24 hours
 It will take 272 times longer to crack a 128-bit key
(Longer than the age of the universe)
SYMMETRIC CIPHER MODEL

20
 SYMMETRIC ENCRYPTION

 Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)
 X = plaintext
 Y = ciphertext
 K = secret key
 E = encryption algorithm
 D = decryption algorithm
 Both E and D are known to public

21