One More Transposition Cipher

According to Wikipedia, Transposition Cipher is a method of encryption by which the positions held by units of plaintext are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed. Transposition ~ the position of each character is modified according to the key and method used.

The examples of Transposition cipher are Rail Fence, Route cipher, Double Transposition, Myszkowski Transposition. There are some drawbacks associated with some of the transposition ciphers, and the worst is its vulnerability to frequency count. If the ciphertext exhibits a frequency distribution very similar to plaintext, it is mostly a transposition. They can be attacked with anagramming, meaning through sliding pieces of ciphertext and looking for sections that look like anagrams and solving them.

Transposition can be made more secure by combining it with other techniques like substitution cipher. It is also mentioned that Fractionation can enhance the technique, and at last binary technique is mentioned, but there is no considerable work done on the binary side. Yesterday night when I was solving some challenges at my favourite site, it came to my mind about enhancing the transposition techniques by working with binary numbers. When we convert the plaintext to binary, we can have better chances of making the ciphertext more unpredictable through transposition. Here I am presenting the ouline of how to randomize the transposition cipher by using 2 symmetric keys and the hash of plaintext. Hash functions like md5, sha256-512 or whirlpool.

We will need the following:

  • Plaintext
  • Key-1 (alphanumeric)
  • Key-2 (numeric – even length)
  • Hash Function

1. Convert the plaintext(ASCII) to binary.
It can be done with a simple python function. (ref: A stackoverflow post) Here a space is used to differentiate the different ASCII characters, but in real we dont use the space between them.

basic

1(a). Take the Hash of plaintext and store it in a variable.

2. User provides an alphanumeric key, of random length. For example, lets take it of length 10 bits. While, we assume that the plain text is of 20 bits.
3. Make the total length a multiple of 4. The total length here is 20+10 = 30 bits, and we add 2 bits here. Preferrably, in this case we add two ‘1’ bits. Total length = 32.
4. Now the first-last step comes. We have a string of 32 bits, without any spaces. We create a new string / modify our string by placing the bits in this order >> first bit – last bit – second bit – second-last bit – third bit – third-last bit – … … – sixteenth bit – seventeenth bit
This step will kind-of randomize the string.
5. User provides a numeric key of random length. Suppose the key here is 317325.
6. Our string is of 32 bits (a multiple of 4). Hence there can be 8 (= 32/4) groups of bits. Lets name them with numbers, like 1 2 3 4 5 6 7 8.
Transposition is done once again, in a different manner. The key here is 317325. First, we replace ‘3-1’7325.
So in our string, the groups of bits numbered 3 and 1 will be swapped. It becomes
3 2 1 4 5 6 7 8
Again, according to the key, one more swapping of 31’7-3’25. (Here comes a small trick: The 3rd group became the first group, and 1st group is at number 3. So the group at position 7 and at position 3 will be swapped.)
3 2 7 4 5 6 1 8
The last transposition according to the key 3173’2-5’:
3 5 7 4 2 6 1 8
7. The string is randomized. For making it complex, we reverse the first-last step. The new arrangement of bits will be >> first bit – third bit – fifth bit – … … – sixth bit – fourth bit – second bit
The string is again randomized.
8. Now we convert it back to ASCII for some more computation. The hash of the plaintext is available to us.
We take one char of our string, one char of hash, next char from string, next char of hash, … …
Continue the above process till the end of hash, and then keep the characters as-it-is.
Hence, if we consider our string characters as s(1,2,3,4,…) and hash as h(1,2,3,4,…), the new string becomes
s1 h1 s2 h2 s3 h3 … …
The length of hash depends on the Hash function used. For example, if it is md5 then 128 bits, and for whirlpool it is 512 bits.
9. Send the string to the receiver. The receiver knows which hash function was used, and hence can directly take away the bits of hash and save it for verification of plaintext.
10. The reverse process to the above given steps will decrypt the ciphertext.

Why one more transposition cipher?
The well-know ciphers which currently exist do have some or the other flaws, along with that one is common – frequency analysis. In the above given technique, the frequency analysis is nearly impossible. Also, it is much reinforced against anagram attacks.
Why one more transposition cipher in the era of asymmetric-key ciphers?
Take example of emails. People are provided with the public key encryption techniques in their mail-clients, but they seldom use it. Reason is complexity and because they dont like configuring the keys for each user and spending some time decrypting the received message. In the above given technique, the computing is less compared to the public key ciphers, and a one-time setup will work forever. Though user needs to keep changing the keys/hash-functions.
How is it different from the other techniques?
The security. Its sheild against attacks. The cryptanalyst will need to spend more time computing and guessing and playing with the binary data. Although it is vulnerable against brute-force attack, it will need intensive resources as compared to the resources which can crack the traditional transposition ciphers. One more advantage is that this technique can be used for any kind of data – text, video, image. And further this data can be converted to a different kind of data because the encryption is done at bit level. Hence it becomes expensive for the attacker to detect the type of data before doing the cryptanalysis.

I have just started working on the technique, and implementation on real-world scenarios and cryptanalysis through brute-forcing and other techniques are yet to be performed. Here I have just provided my idea on how binary translation can provide better security in transposition ciphers without the intention of criticising any of the prevelant cipher techniques.

Creating a Data Recovery Agent

Imagine a scenario, where you are the System Admin of an organization, using Windows domain. There is a guy in the organization who has fought with his manager, and is now resigining from his post. This disgruntled employee, may have the idea of encrypting all the company’s data from his own user account before leaving. If he encrypts all the data, we do not have the key to decrypt, and that’s a big loss.

How to overcome this? Answer is data recovery agent.

The public and private keys come in picture – while creating a data recovery agent, you are providing the public key to employees, while the private key is available only to the admin. Hence whenever a guy encrypts any data on his machine on Windows domain, he’ll need the public key to encrypt, but he cant decrypt someone else’s data as the private key is not available with him. This provides Data Integrity and Confidentiality.

Steps:

You’ll need a Windows server 2008 as a server machine, and a client such as XP or Windows 7.

On the server machine, start the command prompt.

First step is to create a set of public and private keys.

Create a directory named ‘certi’ for storing the keys and then go to that directory with the following commands

mkdir certi

 cd certi

Now, to create a pair of keys, the command is as below:

cipher /R:certi_file

This command will ask you to provide a password for the keys. Two files will be created. File with extension “.cer” is the public key (which we need to provide to the client) and “.pfx” is the private key (to be kept secret).

Image

Now, in the same server machine, run the command ‘certmgr.msc’

This will open a windows where you can edit the available certificates. Import our private key by-

Right click ‘Trusted Root Certification Authorities’ > All Tasks > Import

Image

You will get a prompt where you have to specify the path for your private key.

Provide the “.pfx” file path and then you’ll be asked for the password of your key pair.

Image

The configuring of your server is complete.

Now enter the client machine with Administrator credentials.

Go to Control Panel > Administrative Tools > Local Security Policy > Public Key Policies

Right click Encrypting File System > Add Data Recovery Agent

Image

In the Wizard, click Next and Browse Folders.

Locate the “.cer” file in the client machine and provide it for installing.

ImageThe configuration of our client is over.

Now to verify the Data Recovery Agent, log-in to the client as testuser1.

Create a file named ‘impdata.rtf’ and provide some text input.

Now encrypt that file by

Right click file > Advanced > Check the Encrypt contents to secure data option

Image

We have encrypted our file with the Admin’s public key. 

Whenever someone else, other than the one with private key, will try to open our file, that user will not be able to see its contents.

Login with testuser2, and try to access the file. You’ll be denied.

Image

But the Administrator has the private key, and he can view the contents of the file.

Login to the client as Administrator, and you’ll be able to read the file.

Image