CS549:

Cryptography and Network

Security
© by Xiang-Yang Li

Department of Computer Science,

IIT
Cryptography and Network Security 1
Notice©
This lecture note (Cryptography and Network Security) is prepared by
Xiang-Yang Li. This lecture note has benefited from numerous
textbooks and online materials. Especially the “Cryptography and
Network Security” 2nd edition by William Stallings and the
“Cryptography: Theory and Practice” by Douglas Stinson.
You may not modify, publish, or sell, reproduce, create derivative
works from, distribute, perform, display, or in any way exploit any
of the content, in whole or in part, except as otherwise expressly
permitted by the author.
The author has used his best efforts in preparing this lecture note.
The author makes no warranty of any kind, expressed or implied,
with regard to the programs, protocols contained in this lecture
note. The author shall not be liable in any event for incidental or
consequential damages in connection with, or arising out of, the
furnishing, performance, or use of these.

Cryptography and Network Security 2

About Instructor
 Associate Professor IIT
 PhD/MS UIUC 1997-2000
 BS, BE Tsinghua University

 Research Interests:
 Algorithm design and analysis
 Wireless networks
 Game theory
 Computational geometry

 Contact Information
 Phone 312-567-5207
 Email: xli@cs.iit.edu

Cryptography and Network Security 3

Office and Office hours
 Office
 SB 237D ， 10 W 31st Street, Chicago.

 Office hours
 Wednesday 4:10PM – 6:10PM.

 Or by contact: email xli@cs.iit.edu,

 phone 312 567 5207

Cryptography and Network Security 4

About This Course
 Textbook
 Cryptography: Theory and Practice
by Douglas R. Stinson CRC press

 Cryptography and Network Security:

Principles and Practice; By William
Stallings Prentice Hall

 Handbook of Applied Cryptography by

Alfred J. Menezes, Paul C. van Oorschot
and Scott A. Vanstone, CRC Press
 I have electronic version!
Cryptography and Network Security 5
Grading and Others
 Grading
 Homework 30%
 Mid Term 25% (closed book on Oct 14th, 2009)
 Project s 20% (select your own topic),
 Main campus students do the following (3 students form a group)
 Programming project: coding some selected methods (every student does it individually)
 Presentation project: 10-15 pages report and oral presentation (a group project that is done by group
of 3 students)
 India session do
 Programming projects, and
 Writing a 10-15-page technical report on selected topics.
 Final exam 25% (open book)
 Policy
 Do it yourself
 Can use library, Internet and so on, but you have to cite the sources when you use this information

Cryptography and Network Security 6

Homeworks
 HW1 (Due 9/23/09)
 Do it independently
 HW2 (Due 10/28/09)
 No discussion
 No copy  HW3 (Due 12/2/09)
 Can use reference books
 Staple your solution  Report (Due 12/02/09)
 Write your name also, 
 For report,
 you could discuss with classmates
then write your own report (about
15 pages for the topic you
selected)
 For project (presentation and
programming) Type your solution!
 Main campus students: You
SHOULD collaborate with your • print it then submit
group member and you SHOULD
make enough contributions to get
credit • Or submit it electronically
 Other students: do it yourself

Cryptography and Network Security 7

Topics
 Introduction
 Number Theory
 Traditional Methods: secret key system
 Modern Methods: Public Key System
 Digital Signature and others
 Internet Security: DoS, DDoS
 Other topics:
 secret sharing, zero-knowledge proof, bit commitment,
oblivious transfer,…

Cryptography and Network Security 8

Organization
 Chapters
 Introduction
 Number Theory
 Conventional Encryption
 Block Ciphers
 Public Key System
 Key Management
 Hash Function and Digital Signature
 Identification
 Secret Sharing
 Pseudo-random number Generation
 Email Security
 Internet Security
 Others
Cryptography and Network Security 9
Cryptography and Network Security

Introduction

Xiang-Yang Li

Cryptography and Network Security 10

Introduction

The art of war teaches us not on the

likelihood of the enemy’s not coming, but on
our own readiness to receive him; not on the
chance of his not attacking, but rather on the
fact that we have made our position
unassailable.
--The art of War, Sun Tzu
孙子兵法
Cryptography and Network Security 11
Information Security

From wikipedia
Cryptography and Network Security 12
C.I.A
 Confidentiality, Integrity and Availability
 Information Systems are decomposed in
three main portions, hardware, software
and communications
 with the purpose to identify and apply information
security industry standards, as mechanisms of
protection and prevention, at three levels or layers:
 Physical, personal and organizational

Cryptography and Network Security 13

Various Securities
 Data security
 Data security is the means of ensuring that data is kept safe from corruption
and that access to it is suitably controlled.
 Computer Security
 The objective of computer security includes protection of information and
property from theft, corruption, or natural disaster, while allowing the
information and property to remain accessible and productive to its intended
users.
 Malware: malicious software
 includes computer viruses, worms, trojan horses, most rootkits, spyware,
dishonest adware,
 Network Security
 protect the network and the network-accessible resources from unauthorized
access, consistent and continuous monitoring and measurement of its
effectiveness

Cryptography and Network Security 14

Network Security
 network security and information security are often used
interchangeably

 network security is generally taken as providing protection

at the boundaries of an organization

 Network security starts from authenticating any user, most likely a username and a
password

 An intrusion prevention system (IPS)[2] helps detect and prevent such malware. IPS
also monitors for suspicious network traffic for contents, volume and anomalies to
protect the network from attacks such as denial of service

Cryptography and Network Security 15

Criteria for Desirable Cryptosystems
 Confidence in Security established
 Is it based on hard or intractable problems?
 Or how can I know the method is secure?
 Practical Efficiency
 Space, time and so on

 Explicitness
 About its environment assumptions, security service offered,
special cases in math assumptions,
 Protection tuned to application needs
 No less, no more
 Security protocols cannot do all: man does what man can do,
machine does what machine can do
 Openness

Cryptography and Network Security 16

Most important
 Security first

 Efficiency, resource utilization, and

security tradeoffs
 Thisis especially the case for resource constrained
networks such as wireless sensor networks
 Limited power supply (thus limited communication, and
computation), limited storage space

Cryptography and Network Security 17

Cryptography
 Cryptography (from Greek kryptós, "hidden", and
gráphein, "to write") is, traditionally, the study of
means of converting information from its normal,
comprehensible form into an incomprehensible
format, rendering it unreadable without secret
knowledge — the art of encryption.
 Past: Cryptography helped ensure secrecy in
important communications, such as those of spies,
military leaders, and diplomats.
 In recent decades, cryptography has expanded its
remit in two ways
 mechanisms for more than just keeping secrets: schemes like digital
signatures and digital cash, for example.
 in widespread use by many civilians, and users are not aware of it.
Cryptography and Network Security 18
Crypto-graphy, -analysis, -logy
 The study of how to circumvent the use of cryptography is
called cryptanalysis, or codebreaking.
 Cryptography and cryptanalysis are sometimes grouped
together under the umbrella term cryptology, encompassing
the entire subject.
 In practice, "cryptography" is also often used to refer to
the field as a whole; crypto is an informal abbreviation.
 Cryptography is an interdisciplinary subject,
 linguistics
 Mathematics: number theory, information theory, computational
complexity, statistics and combinatorics
 engineering

Cryptography and Network Security 19

Close, but different fields
 Steganography
 the study of hiding the very existence of a message, and not
necessarily the contents of the message itself (for example,
microdots, or invisible ink)
 http://en.wikipedia.org/wiki/Steganography

 Traffic analysis
 which is the analysis of patterns of communication in order
to learn secret information
 The messages could be encrypted
 http://en.wikipedia.org/wiki/Traffic_analysis

Cryptography and Network Security 20

Steganography
 Some techniques
 Concealing messages within the lowest bits of noisy
images or sound files.
 Invisible ink
 Concealing data within encrypted data

 Polybiussquare
 Hidden messages on messenger's body

Cryptography and Network Security 21

Stenography Example

Last 2 bits

Cryptography and Network Security 22

Tools for Stenography
 http://www.jjtc.com/Steganography/toolm
atrix.htm

Cryptography and Network Security 23

 Network Security Model

Trusted Third Party

Principal Principal
(sender) (receiver
)

Security Security
transformation transformation

attacker
Cryptography and Network Security 24
Attacks, Services and Mechanisms
 Security Attacks
 Action compromises the information security
 Could be passive or active attacks

 Security Services
 Actions that can prevent, detect such attacks.
 Such as authentication, identification, encryption, signature, secret
sharing and so on.

 Security mechanism
 The ways to provide such services
 Detect, prevent and recover from a security attack

Cryptography and Network Security 25

Attacks
 Passive attacks
 Interception
 Release of message contents
 Traffic analysis
 Active attacks
 Interruption, modification, fabrication
 Masquerade
 Replay
 Modification
 Denial of service

Cryptography and Network Security 26

Information Transferring

Cryptography and Network Security 27

Attack: Interruption

Cut wire lines,

Jam wireless
signals,
Drop packets,

Cryptography and Network Security 28

Attack: Interception

Wiring,
eavesdrop

Cryptography and Network Security 29

Attack: Modification

Replaced
intercept
info

Cryptography and Network Security 30

Attack: Fabrication

Ali: this is
…

Also called impersonation

Ali: this is
…
Cryptography and Network Security 31
Attacks, Services and Mechanisms
 Security Attacks
 Action compromises the information security
 Could be passive or active attacks

 Security Services
 Actions that can prevent, detect such attacks.
 Such as authentication, identification, encryption, signature, secret
sharing and so on.

 Security mechanism
 The ways to provide such services
 Detect, prevent and recover from a security attack

Cryptography and Network Security 32

Important Services of Security
 Confidentiality, also known as secrecy:
 only an authorized recipient should be able to extract the
contents of the message from its encrypted form. Otherwise, it
should not be possible to obtain any significant information
about the message contents.
 Integrity:
 the recipient should be able to determine if the message has
been altered during transmission.
 Authentication:
 the recipient should be able to identify the sender, and verify
that the purported sender actually did send the message.
 Non-repudiation:
 the sender should not be able to deny sending the message.

Cryptography and Network Security 33

Secure Communication
 protecting data locally only solves a minor part of
the problem.

 The major challenge that is introduced by the

Web Service security requirements is to secure
data transport between the different components.

 Combining mechanisms at different levels of the

Web Services protocol stack can help secure data
transport (see figure next page).

Cryptography and Network Security 34

Secure Communication

Cryptography and Network Security 35

Secure Communication
 The combined protocol HTTP/TLS or SSL is often
referred to as HTTPS (see figure). SSL was
originally developed by Netscape for secure
communication on the Internet, and was built into
their browsers. SSL version 3 was then adopted
by IETF and standardized as the Transport Layer
Security (TLS) protocol.
 Use of Public Key Infrastructure (PKI) for session
key exchange during the handshake phase of TLS
has been quite successful in enabling Web
commerce in recent years.
 TLS also has some known vulnerabilities: it is
susceptible to man-in-the-middle attacks and
denial-of-service attacks.

Cryptography and Network Security 36

SOAP security
 SOAP (Simple Object Access Protocol) is designed to pass
through firewalls as HTTP. This is disquieting from a
security point of view. Today, the only way we can recognize
a SOAP message is by parsing XML at the firewall. The
SOAP protocol makes no distinction between reads and
writes on a method level, making it impossible to filter away
potentially dangerous writes. This means that a method
either needs to be fully trusted or not trusted at all.
 The SOAP specification does not address security issues
directly, but allows for them to be implemented as
extensions.
 As an example, the extension SOAP-DSIG defines the syntax and
processing rules for digitally signing SOAP messages and validating
signatures. Digital signatures in SOAP messages provide integrity and
non-repudiation mechanisms. 

Cryptography and Network Security 37

PKI
 PKI key management provides a sophisticated framework for
securely exchanging and managing keys. The two main
technological features, which a PKI can provide to Web
Services, are:
 Encryption of messages: by using the public key of the recipient
 Digital signatures: non-repudiation mechanisms provided by PKI and
defined in SOAP standards may provide Web Services applications with
legal protection mechanisms
 Note that the features provided by PKI address the same
basic needs as those that are recognized by the
standardization organizations as being important in a Web
Services context.
 In Web Services, PKI mainly intervenes at two levels:
 At the SOAP level (non-repudiation, integrity)
 At the HTTPS level (TLS session negotiation, eventually assuring
authentication, integrity and privacy)

Cryptography and Network Security 38

Some basic Concepts

Cryptography and Network Security 39

Cryptography
 Cryptography is the study of
 Secret (crypto-) writing (-graphy)

 Concerned with developing algorithms:

 Conceal the context of some message from all except
the sender and recipient (privacy or secrecy), and/or
 Verify the correctness of a message to the recipient
(authentication)
 Form the basis of many technological solutions to
computer and communications security problems

Cryptography and Network Security 40

Basic Concepts
 Cryptography
 encompassing the principles and methods of transforming
an intelligible message into one that is unintelligible, and
then retransforming that message back to its original form
 Plaintext
 The original intelligible message

 Ciphertext
 The transformed message

 Message
 Is treated as a non-negative integer hereafter

Cryptography and Network Security 41

Basic Concepts
 Cipher
 An algorithm for transforming an intelligible message
into unintelligible by transposition and/or substitution,
or some other techniques
 Keys
 Some critical information used by the cipher, known
only to the sender and/or receiver
 Encipher (encode)
 The process of converting plaintext to ciphertext

 Decipher (decode)
 The process of converting ciphertext back into plaintext

Cryptography and Network Security 42

Basic Concepts
 cipher
 an algorithm for encryption and decryption. The exact
operation of ciphers is normally controlled by a key — some
secret piece of information that customizes how the
ciphertext is produced
 Protocols
 specify the details of how ciphers (and other cryptographic
primitives) are to be used to achieve specific tasks.
 A suite of protocols, ciphers, key management, user-
prescribed actions implemented together as a system
constitute a cryptosystem;
 this is what an end-user interacts with, e.g. PGP
Cryptography and Network Security 43
 Encryption and Decryption

Decipher P = D(K2)(C)
Plaintext ciphertext

Encipher C = E(K1)(P)
K1, K2: from keyspace
These two keys could be different;
could be difficult to get one from the other
Cryptography and Network Security 44
What is Security?
 Two fundamentally different securities
 Unconditional security
 No matter how much computational power is available, the
cipher cannot be broken
 Using Shannon’s information theory
 The entropy of the message I(M) is same as the entropy of the
message I(M|C) when known the ciphertext (and possible more)
 Computational security
 Given limited computing resources (e.g time needed for
calculations is greater than age of universe), the cipher
cannot be broken
 What do we mean “broken”?
 Proved by some complexity equivalence approach

Cryptography and Network Security 45