Posts: 5,362
Threads: 2,998
Joined: Feb 2011
Presented By-
Kirti Dixit
Uday joshi
[attachment=12387]
C&W
Chaffing & winnowing Confidentiality w/o Encryption…………
definition
Chaff – worthless parts
To winnow –to separate out the chaff
No Encryption, no decryption !
No Export control ?
introduction
first proposed by Ronald Rivest
achieve confidentiality in message transmission.
a cryptographic technique
achieve confidentiality w/o using encryption
Chaffing ->
adding fake packets with bogus MACs.
MAC based on sequence number and message.
Winnowing ->
discarding packets with bogus MACs
Techniques used so far…….
Encryption :
transforming the message into cipher text.
keys to encrypt and decrypt the message.
examples are DES, 3DES, RSA and AES
Steganography :
hiding a secret message within a larger one.
deny the message exists.
example is hiding a text message in a picture file
Era of new concept –
C & W
does not use encryption keys
not subject to i/m and e/p restrictions.
achieves privacy and confidentiality by using authentication keys
not controlled by government
disclosure of these signatures is not allowed
Authenticating…..
Chaffing………
“adding chaff”, to the transmitted message.
Fake pkts havng reasonable serial no.,content but invalid MAC.
Chaffing ->
adding fake packets with bogus MACs.
MAC based on sequence number and message.
Winnowing ->
discarding packets with bogus MACs
Clear – text C & W
At reciever
1, Hi Bob 46231
2, Meet me at 78229
3, 7 PM 23829
4, Love Alice 83912
Message Reconstruction
Security
Security depends on difficulty (for the adversary) of distinguishing the chaff from the wheat
MAC algorithm must be strong and act as a “random function” to the adversary.
Chaffing will normally add at least one chaff packet for each wheat packet.
We also need to make wheat packets unintelligible. How can we do this?
Make Wheat packets a single byte or bit !
Bit-by-Bit C & w
Dividing the entire messages into bits.
Transmiting packets with serial number and MAC.
Discussion…..
huge advance in confidentiality
privacy from plain-text attack
does not require knowledge of the secret key!
highly inefficient, due to its greater size.
Package transform/ AONT
AONT stands for “All-or nothing”.
consider m1, m2, …, ms plaintext blocks
H a hash function, K’ a randomly chosen key
The transmitted blocks are:
mi’= mi θ H(K’,i) for i = 1, 2, …s
K’ is transmitted by sending the extra value M:
M = K’ θ h1 θ h2 θ… θhs
Where:
hi = H(Ko, mi’ θ i) for i = 1, 2, …s
K0 is a publicly known key.
Discussion….
confidential and secure means of communication.
Chaff packets can be randomly generated.
MAC itself act as a secret key.
“deniable encryption”.
Proof of Concept
Only 2 proofs for concept of C&W programs.
These are written in PERL and JAVA.
Do not use AONT as pre-processing step.
Chaffinch- an approach towards C&W
Based on original C&W scheme.
Introduces better ideas to improve security
Allow concurrent message passing.
No keys!!!
No encrypion!!!
Design of Chaffinch
Designed to send multiple messages in single communication.
Cover message consisting the original one.
Message is divided into sections with a secret key.
Resulting section act as a chaff for cover msg and vice versa.
Cannot remove chaff altogether.
reduce the no. of random chaff packets needed
reduce bandwidth requirements.
Example of claffinch communication……..
Differences from C&W…
Use of a different authenticator on the packets
64 bit MAC for security in C&W
10 bit authenticator alongwith Brute Force search in chaffinch.
alternate pre-processing step
modification is to hi:
hi = H(K0, mi’ θ Z) for i = 1, 2, …s
Where: Z = HASH(m1’,m2’,…ms’)
Cipher BEAR.
Discussion…
Using BEAR- difficulty in an adversary picking out the correct message segments.
whole packaging process is keyless.
Chaffinch idea- denying the existence of any communication b/w users.
Computer seized and a detailed analysis of the hard drives is conducted if user is under suspicion.
Conclusion…
Presentation provides a secure and confidential communication scheme through C&W.
Can handle many concurrent messages w/o encryption.
Government restricted the use of mechanism- encryption.
Chaffinch users would be safe from giving up their keys.
Discussion of whether C&W consitutes encryption untill the big court decides about it.
Posts: 5,362
Threads: 2,998
Joined: Feb 2011
Prepared by-
Kirti Dixit
Uday joshi
[attachment=12404]
Abstract
This paper presents an overview of Chaffing and Winnowing as described by
Ronald Rivest. This leads onto a review of a secure Chaffing and Winnowing
scheme called Chaffinch.
1.Introduction-
The use of technology to stay ahead of and get around laws and regulations is a recurrent theme in my writings and talks. A legislative process that cannot keep up with the pace of technology is often guilty of producing regulations too mired in the specifics of today's technology that they do not anticipate and do not apply to the changes that will inevitably come. An example of a technology that may be a way around existing encryption legislation is Chaffing and Winnowing.
"Chaff" and "Winnowing" are terms that come from the oldest profession (or second oldest, depending upon who you ask) - farming. Winnowing means to remove the useless parts, or "chaff", from grain. By adding useless information to valuable data, you are able to securely transport the entire package until it can be safely winnowed at the other end. By obscuring data within meaningless bytes, we are providing the same functionality as encryption, but technically we aren't encrypting anything.
Chaffing and winnowing are dual components of a privacy-enhancement scheme that does not require encryption. The technique consists of adding false packets to a message at the source (sender end of the circuit), and then removing the false packets at the destination (receiver end). The false packets obscure the intended message and render the transmission unintelligible to anyone except authorized recipients.
At the source, each legitimate message packet is assigned a unique serial number and a message authentication code (MAC). Every serial number and MAC is known to the receiver in advance. Then the bogus packets are added at the source; this is the chaffing process (chaff is the undesirable part of a plant such as wheat that is separated during milling). The chaff packets have the same format as the legitimate ones, and they also have reasonable serial numbers, but they have invalid MACs. It is impossible to tell the difference between the legitimate packets and the chaff except by comparing MACs at the destination.
At the destination, the chaff packets are removed by comparing MACs. This is called winnowing. If an incoming packet has a bogus MAC, it is discarded; if it has a legitimate MAC, it is accepted. Thus, the original message is recovered.
Definition :
Chaffing and winnowing is a cryptographic technique to achieve confidentiality without using encryption when sending data over an insecure channel. The name is derived from agriculture: after grain has been harvested and threshed, it remains mixed together with inedible fibrous chaff. The chaff and grain are then separated by winnowing, and the chaff is discarded. The technique was conceived by Ron Rivest. Although it bears similarities to both traditional encryption and steganography, it cannot be classified under either category.
This technique is remarkable compared to ordinary encryption methods because it allows the sender to deny responsibility for encrypting their message. When using chaffing and winnowing, the sender transmits the message unencrypted, in clear text. Although the sender and the receiver share a secret key, they use it only for authentication. However, a third party can make their communication confidential by simultaneously sending specially crafted messages through the same channel.
Chaffing and Winnowing was first proposed by Ronald Rivest as a means to achieve confidentiality in message transmission.
At the present time there were two major techniques used for preventing adversaries from gaining information from a transmitted message:
• Encryption
This is the process of transforming the message into a random stream of characters called a cipher text. This is done using keys to encrypt and decrypt the message. Decryption of the cipher text is very difficult without knowledge these keys. Techniques like this have been around for some time and commonly used examples are DES, 3DES, RSA and AES.
• Steganography
The art of hiding a secret message within a larger one in such a way as to be able to deny the message exists. An example is hiding a text message in a picture file by changing the low-order pixel bits to be the message information.
Chaffing and Winnowing introduces a novel new concept that does not use encryption keys, and as such would not be subject to import and export restrictions. Chaffing and Winnowing achieves privacy and confidentiality by using authentication keys, however, these are not to be confused with encryption keys. Authentication keys/digital signatures are not controlled by governments and most have chosen that the disclosure of these signatures is not allowed. They have taken this stance over authentication keys because of the danger of unscrupulous people being able to use someone else’s personal authenticator to take over that person’s identity!
2.Chaffing and Winnowing-
To understand the processes involved it is first useful to familiarize us with some quite old words.
Winnow – to separate out or eliminate the poor or useless parts
Chaff – useless parts of wheat
Winnowing is often used when referring to separating grain from chaff.
Authenticating:
When the user has a message they want to send it is broken into packets. These packets contain the message information and header information. Within this header is usually a serial number so that the receiver can reassemble the message in the correct order.
In Chaffing and Winnowing the person sending the message adds a “message authentication code”, MAC, to each of the transmitted packets. Both the sender and receiver calculate the Mac as a function of the packet contents, serial number and a secret password/key that is shared. This MAC is attached onto the end of the packet as demonstrated in Figure 1.
Serial number information
Serial no. info MAC
MAC Algorithm
Figure 1. This shows the process of authenticating packets. The MAC is calculated and then put onto the end of the packet. These MAC’s are not regarded as encryption, just authentication, as the packet is still in the clear.
Now that all of the packets are authenticated they are ready to be sent. If they are sent as they are there is no security as the information is still in the clear! An adversary need only intercept all of the packets to reconstruct the message. Confidentiality comes from the next step…
3.Chaffing-
This is the process of “adding chaff”, useless parts, to the transmitted message. The chaff are fake packets that have the correct overall format, reasonable serial numbers and reasonable content, however, they have MAC’s that are not valid when computed with the shared key.
These chaff packets are interspersed randomly with the good(wheat) packets to form the transmitted data sequence. The receiver collects all of the transmitted packets in the sequence and computes the MAC that should be associated with each packet using the MAC algorithm and the shared key. Those packets with MAC’s not matching those appended are discarded and the only packets left are the wheat ones with valid MAC’s. The MAC numbers are stripped off and the serial numbers used to reconstruct the message.
