2014年11月19日星期三

DES & AES

DES stands for Data Encryption Standard, while AES stands for Advanced Encryption Standard. These two standards are all developed after the internet came to the world. After the internet was introduced to the world, computer security was more and more important because people can connect to the internet at any point of the world. Without standard to protect these information, anybody can access to the information in plain text.


So in 1972, NBS (National Bureau of Standards) started a study about computer security, but there was no satisfied response afterward. Then in 1974, IBM submitted a candidate answer. However, in a declassified NSA book named American Cryptology during the Cold War, 1945-1989 by Thomas R. Johnson, Johnson said that NBS solicited private industry for a data encryption standard (DES). The first offerings were disappointing, so NSA began working on its own algorithm. Then a deputy director for research and engineering, Howard Rosenblum discovered that Walter Tuchman of IBM was working on a modification to Lucifer for general use. NSA gave Tuchman a clearance and brought him in to work jointly with the Agency on his Lucifer modification. Also, the book indicated that NSA worked closely with IBM to strengthen the algorithm.

For DES, it is archetypal block cipher, an algorithm that takes a fixed-length string of plaintext bits and transfer the text into another cipher text bit string of the same length. The length used by DES is 64 bits. To make 64 bits text be encrypted, people need a key to start the process. Only the people who have the key to a specific text, they can read the text. The length of DES key is 64 bits. However, 8 bits of them are used to correction. So only 56 bits are actually used.


Since key of DES is 56 bits long, it is not too hard for the computer today to brute force attack the key. So we have the advanced version of DES, AES. AES was developed based on the Rijndael cipher by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. The standard length for AES is 128 bits. However, people can use 256 bits version for security reason. However, computer professionals found some indirect ways to break AES. For example, there was a method to break AES by getting the cache of using the specific key for the AES. But the method need administrator authority to run. The AES is security for usage right now. However, there will be always a day that we have to abandon AES due to the development of technology. 

2014年11月10日星期一

Japanes Naval Codes_IST323



Japanese naval codes

During World War 2, Allies and Axis were not only satisfied to protect information in simple method of substitution cipher. People began to pursue the more complicated way to protect the information. However, both Allies and Axis wanted to decode the code from the other side which made the World War not only a cruel war for humans, but also a rivalry of high technology. One of the most famous rivalry should be Japanese naval codes.



Japan had one of the most powerful naval power in the world in Asia-Pacific area during World War 2, so American Naval might not defeat Japanese naval easily without the help from decoding department. Backing in 1836, American artist Samuel F. B. Morse, American physicist Joseph Henry, and Alfred Vail developed an electrical telegraph system. The system use signal “on” and “off” to represent the information. There are correspondent letters and Morse code for English. However, since Japan had Japanese letter, Japan Naval has their own Morse code system. Moreover, Japanese Naval developed a more sophisticated system to replace the words they would use during War which was the Japanese Naval codes.



Japanese Naval codes were unlike German codes in World War 2. Japanese naval had book for their codes, while German codes used mechanical enci
Professors monitoring telegram
pherment, like Enigma. The principle of book cipher was that the sender composes the message and then checking in the code book to make the message in groups. Usually, common words and phrases (en example in World War two was Midway), and the remaining text is encoded individually. The receiver then looks up the group in code book and reassembles the message. There is also an advanced version of code book which enciphering the group themselves which is called super ciphering.



The most famous Japanese Naval code system was JN25. JN25 has more than 90,000 words and phrases. There were also a lot of super ciphering methods. In generally, even American Naval can decipher the major of the meaning of the codes, the most important information like position or force name were also hard to decipher because these information was only appearing in the code book in the rules defined by Japanese so that American could not decipher by machines. However, American used strategy to know what the specific information was. In the case of Midway, Japanese used AF to present Midway Island. At that time, American only learned that Japanese Naval would attack a position called AF after they decipher Japanese cipher. They did not know where AF was. Then, American sent a message in plain text said that there was a short of fresh water on Midway. After that American monitored Japanese telegram and found one piece of information said that AF was lack of fresh water. In this way, American learned that AF was referred to Midway.

Code book was strong. However, it was finally be deciphered. In World War 2, the information Security was not only a competition between technology, but also the battle between humanity and strategy.

2014年11月5日星期三

History of Information Security -- part 2

The Development of Information Security

The second era of Information Security was Modern Time Encryption. During this period, people began to encrypt information by machine. For example, Enigma was invented in 1919. The improvement of technology brought us advanced electronic machine which increased the efficiency a lot. However, people just changed the way of encryption from hand-writing to machine. The method of encryption was still the same. Basic function of encryption was still a simple substitution cipher.


Then comes to the third era – Modern Encryption. In 1937, the “father of Computer Science” Alan Turing invented “Alan Turing’s theory of digital computing” which made human beings master the basic ideas of AI. In 1945, John von Neumann invented the logical system of computer. Then, the first electronic general-purpose computer ENIAC was announced in 1946. The invention of computer gave humans more options to store the information. Moreover, Claude Elwood Shannon, American mathematician, founded information theory with a landmark paper in 1948. This theory gave information security a theory support.


The forth era was Network Security. The Advanced Research Projects Agency within the U.S. Department of Defense developed the Advanced Research Projects Agency Network (ARPANET) which was one of the progenitors of what was to become the global internet. The development of internet was a huge improvement for human to concern about information security becausewe could attach to any piece of information on the internet. In 1972, IBM invented Data Encryption Standard which was the first time people use computer algorithm to encrypt information. In 1991, the internet was introduced to the public. Then in 2002, U.S. National Institute of Standards and Technology invented advanced encryption standard which is now widely used in the world. With the development of internet and the increasing of the population using internet, the theory of information has been more and more specific. In this era, people began to use internet to communicate and the encryption standard to protect the information.

We not only have advanced encryption standard now, but also have advanced networking and planning to nip the attacking in the bud. 

2014年10月29日星期三

IST 323 The history of Information Security

Development of Information Security
Here, I want to add a summary for the development of information security.
People began to protect the information they wanted to deliver when people invented characters. The proposal to protect information is to protect a secret or avoid misunderstanding. Under this condition, whisper, notes, expression in one’s eyes can all be considered as a kind of information security because all these ways to deliver information can be executed in more liberal ways. Like we can talk out loudly instead of whispering, we can post a paper instead of a little note and we can also talk instead of eye contacting. However, if these public methods to protect information came to the stage of history, how would the real information security work?
Steganography
In the history of information security, the way to assurance the security is developed with the development of technology, especially information technology. I think the history of information security can be separated to four parts.
1.      Classical Encryption Era (BC – Early 20th Century)
2.      Modern Times of Encryption (1920s – 1940s)
3.      Modern Encryption Era (1940s – 1960s)
4.      Network Security Era (  Till now)
During the classical encryption era, people encrypt information manually. Manual encryption has low efficiency so that only high level information would be encrypted, like military intelligence. During that time, the most famous method of encryption was Caesar Cipher. Also, ancient Greek wrote characters on the wooden backing of a wax tablet before applying its beeswax surface to achieve steganography. Chinese people wrote the information in poems in ancient times. The information they wanted to deliver was every first letter of each line of a poem, but the whole poem was not related to the information so that others would not notice the information. Also, during Civil War, the Federal Army widely used code books to protect the information.
The Era of Classical Encryption was long. The development was slow because people did not invent a new way to store information. Since human can only write the characters on paper, we could not have an advanced way to protect the information. However, since our technology developed, how would the next three eras look like?

I will talk about the other eras in the next blog. 

2014年10月21日星期二

Stories in Information Security #2 _ World War Two

Enigma

File:Enigmas.jpg
As long as people had invented characters, people have found the importance to protect the information the want to transmit, especially during the war time. All the empires wanted to protect the information. For Caesar, he invented the cipher method to protect what his strategy. For Sparta, they write the text on a stripe of sheepskin which circle on a wooden stick, then move the stick to protect the information. All these method are processed by human beings so that there will always be some artificial mistakes. Before the ending of World War One, Arthur Scherbius who was a electronic engineer from Germany. He invented a mechanical cipher machine in the year of 1918. He was so proud of this machine and named it Enigma. From that time, human began to encrypt information through machine. This was a significant improvement in the history of information security. During World War Two, German deployed 30 thousands Enigma for army. Although Enigma was a significant improvement, it still used the substitution cipher method which was almost the same method with Caesar Cipher. However, since Enigma was a cipher machine, it can list much more cipher solution than human can list. Based on the principle of Enigma, it can provide 10 to 114 square possibilities. Even after the Alliance captured several Enigma and learned the principle of it, the Alliance still face 10 to 23 square (76 bits) possibilities to solve a cipher-text, which means it was almost impossible for Alliance to solve cipher-text by enumeration method. In the end, Enigma was be cracked by Alliance because the mistake made by German operator and the capture of Enigma. Scientist believed that the crack of Enigma Machine helped Alliance won the WW2 2 years advanced. After the World War Two, with the development of computer, human began to try the more sophisticated method to protect information.

2014年9月29日星期一

Stories in Information Security #1 -- Caesar cipher

Caesar Cipher

Information Security has been one of the most important sciences since human invented the way to communicate. Let's go back to the Roman Empire. In about BC 50, people did not have telegram or phone to communicate with each other. So when Caesar wanted to convey his orders or communicate with his subordinates, the first thing he would consider would be whether the enemies would understand what he said. What would Caesar do?

As an emperor, he did not want others learn what he was thinking about. So here comes to the Caesar Cipher or called Caesar Code. This method of cipher which used by Caesar may considered as the first time that humans using cipher to protect what they communicated with friends. Caesar Cipher is not only the earliest cipher method that humans used, but also the most widely used. The core of this cipher method is shift. It is a type of substitute cipher which means the plain text are substituted by another letter in the alphabet. Generally, scientists think that Caesar used D to replace A, E for B, F for C and so on. Then used A to replace X, B for Y and C for Z at the end. On the other hand, some people think Caesar used the Greek alphabet to substitute the Latin alphabet (not replaced in the order of letters). However, no matter how Caesar replace his plain text, the way to transfer the ciphered text to plain text (how the letters are shifted or replaced) was only known by Caesar's friends or generals.

Though Caesar Code was widely used at that time and it did have a strong result for Roman Empire, this cipher method is easy to break for us nowadays especially when there are spaces between every words. We can search for some easy words like "is" or "are" and find how much the letters are shifted. Then we can easily break the whole sentence. We can also use the frequency analysis to break Caesar Code. On the other hand, Caesar is not a strong method to cipher texts, but the idea of Caesar Code presented in many other methods of cipher.