Q1. Which tool or technique from the above list would be most effective for a cryptanalyst to use to decipher a text encrypted with the Caesar cipher, and why? The Caesar cipher is a substitution cipher that substitutes one character for another and shifting the alphabet by a determined number of spaces. This type of cipher is vulnerable to statistical analysis. (Kendall, 2008). Therefore, a Histogram would be the most effective tool to use. The Histogram can be used to show “the relative frequency of each of the characters in the document”. (CSEC 630 Lab Assignment 1 – Introduction to Cryptography, n.d.). Since there are only 25 possible encryptions keys…”if we know how one letter should be deciphered, then we can determine the shift and decipher the entire message.” (Bryant & Ward, n.d.).
Q2. What do you notice about the histogram results when text is encrypted with the Vigenère cipher in comparison to the results of the Caesar cipher? Why is this the case? Unlike the Caesar cipher, you do not see the high peaks and low valleys visually making it more difficult to identify the usage patterns. Because the Vigenère cipher is polyalphabetic and “works by adding a key repeatedly into the plaintext”(Anderson, 2008), frequency analysis is more difficult and is not as reliable. The Vigenère cipher can be broken using statistical techniques provided that “the ciphertext is long enough relative to the value of m”. (Goodrich & Tamassia, 2011)
According to our text Security Engineering by Ross Anderson, ECB is “adequate for many simple operations such as challenge-response and some key management tasks; it’s also used to encrypt PINs in cash machine stations”. (Anderson, 2008). However, “using ECB to encrypt message of more that an one block length…such as bank payment messages, would be foolish, as messages could be subject to a cut and splice attack”. (Anderson, 2008). Subsequently, CBC is used in “most commercial applications, which encrypt more than one block” and is “effective at disguising any patterns in the plaintext”. (Anderson, 2008). In addition, “the ECB mode in such cases serves as an clean architectural boundary rather than as a confidentiality mode in its own right…and is not IV-based and does not enjoy SemCPA security”. (Rogaway, 2011). CBC, on the other hand, is “secure, in the SemCPA sense, if the user employs a random IV”. (Rogaway, 2011). Therefore, it can be assumed that CBC would be the mode of choice for an online bank statement and for viewing a website using TCP/IP due to the fact that more than one block needs to be encrypted.
Whereas, ECB would suffice for an encrypted VoIP session because it uses connectionless protocols. Q6. What difference do you notice in the block size, discuss whether or not this cipher would be susceptible to statistical analysis and why. The difference in block size depends on the encryption key values. While this cipher is susceptible to statistical analysis, the longer the key, the larger the block size and the harder statistical analysis becomes. Q7. Analyze the data encrypted with the RSA cipher. How does this encryption method compare to the other methods the Lab has covered? The main difference using the RSA cipher is that it lacks the impact of a histogram. This is because the random nature of the characters varies as compared to the Ceasar and Vigenére. Also, the complex nature of the data created as the key length is increased causes visual or mathematical analysis to become more difficult. RSA is more secure because it uses asymmetric encryption and uses separate keys for encryption and decryption.
Other methods use only one key for both. In any encryption method, the longer the key, the more secure the cipher will be. One downside to RSA is that is uses more processing and memory and takes up more space, therefore it will run slower. (Anderson, 2008). Q8. What are the advantages of the Hybrid RSA-AES cipher? How does this encryption method compare to the other methods the Lab has covered? The main advantage of the Hybrid RSA-AES cipher is that it runs at the speed of symmetric encryption while still protecting data with the strength of asymmetric encryption. With symmetric encryption, you get speed but it is not as secure. With assemmetric encryption, you gain security but it isn’t as efficient. Hybrid RSA-AES gives us the best of both worlds. It is more efficient and more secure than other methods. (Anderson, 2008).
Anderson, R. (2008). Security engineering: A guide to building dependable
distributed systems. New York: Wiley. Bryant, L., & Ward, J. (n.d.). Caesar Ciphers: An Introduction to Cryptography. Retrieved February 21, 2015, from http://www.purdue.edu/discoverypark/gk12/downloads/Cryptography.pdf. CSEC 630 Lab Assignment 1 – Introduction to Cryptography. (n.d.). University of Maryland University College. Retrieved from https://learn.umuc.edu/d2l/le/content/57178/viewContent/2562147/View. Dent, A. W., & Mitchell, C. J. (2004). User’s Guide to Cryptography and Standards. Boston, MA: Artech House. Goodrich, M. T., & Tamassia, R. (2011). Introduction to computer security. Boston: Pearson. Kendall, J., Dr. (2008, June). Cryptographic Techniques for Network Security. University of Portsmouth. Retrieved from https://learn.umuc.edu/d2l/le/content/57178/viewContent/2562147/View. Rogaway, P. (2011). Evaluation of Some Blockcipher Modes of Operation. Cryptography Research and Evaluation Committees (CRYPTREC). Retrieved February 21, 2015, from http://web.cs.ucdavis.edu/~rogaway/papers/modes.pdf