• No se han encontrado resultados

6. ANÁLISIS DE LA ESTRATEGIA PARA LA IMPLEMENTACIÓN DE LA CARRERA

6.1 LA CARRERA ADMINISTRATIVA ESPECIAL COMO DERECHO Y DEBER DE

Definition 4.1A cryptosystem is a five-tuple (M, C, K, E, D), where the following conditions are satisfied:

Mis a finite set of possible plaintexts over some alphabet.

Cis a finite set of possible ciphertexts.

K, the keyspace, is a finite set of possible keys.Kusually consists of two parts:

an encryption keyspaceKE, which is a finite set of possible encryption keys,

and a decryption keyspaceKD, which is a set of possible decryption keys.

• For each encryption keykEKE, there is an encryption ruleEkEEand

a corresponding decryption keykDKDand ruleDkDD. Each pair of

EkE :MCandDkD :CMare functions such thatDkD(EkE(m))=m

for every plaintextmM.

A cryptosystem is shown in Figure 4.1. There are two general types of cryp- tosystems: symmetric and public key. Asymmetric cryptosystemis also called

asecret key cryptosystem. In such a cryptosystem, the encryption key can be

calculated from the decryption key or vice versa, and a principal who encrypts a message has to share the encryption key with the principal who will receive and decrypt the encrypted message. In most symmetric cryptosystems, the encryption key and the decryption key are the same. Apublic key cryptosystem, also called

anasymmetric cryptosystem, on the other hand, is a cryptosystem where the

encryption key and the decryption key are different and match each other. Further- more, the decryption key cannot be calculated from the encryption key, at least in any reasonable amount of time. The encryption keykE does not need to be kept secret. It can be made public. Anybody, even an absolute stranger, can use the encryption keykEto encrypt a message, but only the principal who owns the cor- responding decryption keykDcan decrypt the encrypted message. In a public key cryptosystem, the encryption key is often called thepublic key, while the decryp- tion key is often called theprivate key. A public key cryptosystem is usually much slower than a symmetric cryptosystem at a similar strength of security. Due to this reason, symmetric cryptosystems are typically applied in the encryption of multimedia content, while the content encryption key might be encrypted with a public key cryptosystem so that only the designated user(s) can recover the content decryption key to decrypt the encrypted multimedia content. The latter encryption

Encryption Decryption Plaintext Ciphertext

Original Plaintext Encryption Key Decryption Key

is well described in a general public key encryption textbook [2],[3]. We shall focus on symmetric encryption and its applications in multimedia encryption in this chapter.

4.2.2 Block and Stream Ciphers, Modes of Operation

Symmetric ciphers can be classified into two types, block and stream, according to the way a cipher operates.Block ciphersoperate on blocks of plaintext and ciphertext using a fixed encryption transformation. Plaintext is partitioned into a sequence of blocks of a fixed size, padded if necessary, and a block cipher encrypts each block at a time. With the same key, the same plaintext block will always be encrypted to the same ciphertext block. TheData Encryption Stan- dard(DES) and its successor, theAdvanced Encryption Standard(AES), are two widely used block ciphers. DES operates on 64-bit blocks with a key of 56 bits. AES operates on 128-bit blocks, and the key sizes can be 128, 192, or 256 bits. By contrast,stream ciphersoperate on streams of plaintext and ciphertext one bit or byte at a time, using a time-varying encryption transformation. With a stream cipher, the same plaintext bit will be encrypted to a different bit every time it is encrypted. A stream cipher applies simple encryption transformations according to a keystream being used. Akeystreamis a sequence of symbols in the keyspace. It can be generated at random or by an algorithm called akeystream genera- torfrom a small initial keystream called aseedor from a seed and the previous ciphertext symbols. Many algorithms, including chaos-based methods, have been developed to generate pseudo-random keystreams. In aself-synchronizing stream

cipher, each keystream bit is a function of a fixed number of previous ciphertext

bits, while the keystream in asynchronous stream cipheris generated indepen- dent of the plaintext. A typical encryption transformation in a stream cipher is the exclusive-or, i.e., XOR, operation which applies on the keystream and the plain- text to produce the ciphertext. RC4 is a widely used variable-key-size synchronous stream cipher. Stream ciphers offer several advantages over block ciphers. A stream cipher is usually faster than a block cipher and uses less data buffering. A syn- chronous stream cipher does not produce any error propagation. This is especially useful when the encrypted multimedia is transmitted over error-prone networks such as wireless communications.

A number of different modes of operation can be used with a block cipher to encrypt a message longer than the size of a block that the block cipher operates on. Different modes offer different features and properties. Commonly used modes are

theelectronic codebook (ECB) mode, thecipher block chaining (CBC) mode,

thecipher feedback (CFB) mode, and theoutput feedback (OFB) mode. In the

ECB mode, each plaintext block is encrypted into a ciphertext block separately. Ciphertext blocks can be considered as codebooks of plaintext blocks. In the CBC mode, the current plaintext block is XORed with the previous ciphertext block,

Section 4.2: FUNDAMENTALS OF MODERN ENCRYPTION 79

or with a random block called theinitialization vector(IV) if there is no previous ciphertext block, before it is encrypted. The IV does not need to be secret, but should be unique for each message encrypted with the same key so that the same plaintext will be encrypted into different ciphertexts. In the CFB mode, a block cipher operates on a queue the size of a block. The queue is initialized with an IV and encrypted repetitively with the block cipher. After each encryption, the queue is shifted left bytbits, wheretis the same as or smaller than the size of the queue. The left-mosttbits are shifted out of the queue and XORed with the first

tbits of the unprocessed plaintext. The result is fed back to the right side of the queue. The OFB mode operates in the same way as the CFB mode except the left shift is a circular shift: the left-mosttbits are shifted back to the right side of the queue. A block cipher is configured into a self-synchronization stream cipher with the CFB mode and a synchronous stream cipher with the OFB mode.

4.2.3 Cryptanalysis

While cryptography is to keep confidentiality of the plaintext, cryptanalysis is the science of breaking a cryptosystem to recover the plaintext without access to the key. Kerchoff’s principle that the secrecy must reside entirely in the key is a basic assumption in cryptanalysis. A cryptanalyst has complete knowledge of a cryptosystem except the key being used. This is a good assumption since details of a cryptosystem may eventually be known by a cryptanalyst. It guarantees that knowledge of how a cryptosystem works will not lead to a break of the system’s security.

An attempted cryptanalysis is called an attack. The following attacks are frequently used to break a cryptosystem:

1. Ciphertext-only attack. A cryptanalyst tries to deduce the decryption key

or plaintext by only observing ciphertext. A cryptosystem vulnerable to this type of attack is considered to be completely insecure.

2. Known-plaintext attack. A cryptanalyst has access to the ciphertext and

associated plaintext for several messages and tries to deduce the key used to encrypt the messages or to develop an algorithm to decrypt any new messages encrypted with the same key.

3. Chosen-plaintext attack. In addition to the available information in the

known-plaintext attack, a cryptanalyst chooses the plaintext that gets encrypted to yield more information about the key.

4. Adaptive chosen-plaintext attack. This is a chosen-plaintext attack where

the choice of plaintext may be modified based on the results of previous encryption.

5. Chosen-ciphertext attack. A cryptanalyst can choose different cipher-

texts to be decrypted and has access to the corresponding decrypted plaintexts.

6. Adaptive chosen-ciphertext attack. This is a chosen-ciphertext attack where the choice of ciphertext may be modified based on the results of previous decryption.

Security of a modern cryptosystem relies on the complexity to break it. All these cryptosystems are breakable. A straightforward attack is to try every key in the finite keyspace one by one and check if the resulting plaintext is meaningful. This is called abrute forceattack. A brute force attack usually has a very high complexity and may not be feasible.

4.3 THE MULTIMEDIA ENCRYPTION PARADIGM

Multimedia encryptionis a special application of general encryption in which

the representation of multimedia is transformed into a different representation such that the content cannot be rendered intelligibly or to an acceptable perceptual quality. Readers may ask naturally: Why do we need to study multimedia encryp- tion? Can we treat multimedia as a general message and encrypt accordingly? Yes, we can. In fact, this is the most straightforward multimedia encryption scheme, and is generally referred to as thenaïve encryption[4]. A variation of the naïve encryption is to encrypt the data in each packet to be transmitted over a network as if it were text encryption to provide confidentiality during transmission [5, 6]. These schemes achieve the goal to protect multimedia’s confidentiality, but sacrifice many desirable features that multimedia applications may require. For example, decryption has to be applied to extract basic information such as the bitrate about the multimedia encrypted with the naïve encryption. Multimedia encryption has a number of unique issues that are not seen in text encryption. This section will discuss those issues.

In this chapter, abitstreamis defined as the actual sequence of bits result- ing from the coding of a sequence of symbols generated from multimedia data. It may contain headers for the low-level data packetization. Acodestream is defined as a collection of one or more bitstreams and associated information required for their decoding and expansion to multimedia data. A bitstream is often used to mean a codestream in the literature. We sometimes use it in that way too. Similar to plaintext and ciphertext used in general encryption,plain bitstreamand

plain codestreamare defined as the unencrypted multimedia bitstream and code-

stream, andcipher bitstreamandcipher codestreamare defined as the encrypted multimedia bitstream and codestream, respectively.

4.3.1 Desirable Features and Requirements of Multimedia Encryption

As a special application, multimedia encryption shares many requirements and desirable features with general encryption. Multimedia encryption does have a number of unique requirements and desirable features that a general