Cryptography

CS.521 INFORMATION AND NETWORK SECURITY

Cryptography

 The art of protecting information by

transforming it (encrypting it) into an
unreadable format, called cipher text. Only
those who possess a secret keycan decipher
(or decrypt) the message into plain text.
 Encrypted messages can sometimes be
broken by cryptanalysis, also
called codebreaking, although modern
cryptography techniques are virtually
unbreakable.
History of cryptography
 Classical cryptography
 Hieroglyphs in Old Kingdom of Egypt circa 1900 BC
 Transposiition cipher
a method of encryption by which the positions held by units
of plaintext
 Substitution ciphers
a method of encryption by which units of plaintext are
replaced with ciphertext, according to a regular system; the
"units" may be single letters (the most common), pairs of
letters, triplets of letters, mixtures of the above, and so forth.
The receiver deciphers the text by performing an inverse
substitution. Caesar cipher
World War II cryptography
 mechanical and electromechanical Cipher machines.
 The Germans made heavy use, in several variants, of
an electromechanical rotor mechine known
as Enigma.
 German code bracking also had some success, most
importanlty by breaking the Naval Cipher No. 3.
 US navy cryptographers (with cooperation from British
and Dutch cryptographers after 1940) broke into
several Japanese Navy crypto systems. The break
into one of them, JN-25, famously led to the US
victory in the Battle of Midway;
Basic Terminology
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to
ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering ciphertext from
plaintext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - field of both cryptography and
cryptanalysis
Cryptographic components
How a Cryptosystem Works

Plaintext (M) (data file or messages)

E(M) = C
D(C) = M
encryption algorithm (E) + D(E(M)) = M
secret key A (KA)

Ciphertext (C) (stored or transmitted safely)

decryption algorithm (D) +

secret key B (KB)
Note: Key A may be the same as Key B,
depending on the algorithm
Plaintext (M) (original data or messages)
Brute Force Search
 always possible to simply try every key
 most basic attack, proportional to key size
 assume either know / recognise plaintext

Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
Types of Cryptography
 Symmetric Cryptography
 Deploy the same secret key to encrypt and decrypt
messages
 The secret key is shared between two parties
 Encryption algorithm is the same as decryption
algorithm
 Asymmetric (Public-key) Cryptography
 Privatekey, Public key
 The secret key is not shared and two parties can still
communicate using their public keys
 Encryption alg. is different from decryption alg.
Classification of Cryptosystems
 Based on operations to transform plaintext into
ciphertext
 Substitution Ciphers
 Transposition Ciphers
 Based on the number of keys used
 Symmetric encryption
 Asymmetric (Public-key) encryption
 Based on the way in which the plaintext is
processed
 BlockCipher
 Stream Cipher
Symmetric Cryptography
Public-Key Cryptography
Man In The Middle Attack
Model of Symmetric Cryptosystem
What is Symmetric Encryption used for?

 Transmitting data over an insecure

channel
 Secure stored data (encrypt & store)
 Provide integrity check:
Properties of Symmetric Cryptography

 Message Confidentiality
 Message Authentication
 Message Integrity
Cryptographic Techniques

 Classical Crytographic
Substitution Ciphers
Transposition Ciphers
 Modern Crytographic
Substitution Ciphers

 Character in plaintext is substituted for another

character in ciphertext
 Caesar Cipher: each plaintext character is
replaced by the character three to the right
modulo 26. E.g. A→D, B→E, X→A
 ROT13: commonly found in UNIX systems. Every
plaintext character is rotated 13 places.

ITEC4621 Network Security

Caesar Cipher
 earliest known substitution cipher
 by Julius Caesar
 first attested use in military affairs
 replaces each letter by 3rd letter on
 example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
 Caesar Cipher
K=3
Outer: plaintext
Inner: ciphertext

ITEC4621 Network Security

Caesar Cipher (cont’d)
 can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y
z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
25

 then have Caesar cipher as:

c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)
Cryptanalysis of Caesar Cipher
 only have 26 possible ciphers
A maps to A,B,..Z
 could simply try each in turn
 a brute force search
 given ciphertext, just try all shifts of letters
 do need to recognize when have plaintext
 eg. break ciphertext "GCUA VQ DTGCM"
Transposition Ciphers
 Plaintext remains the same, but the order of characters is
shuffled around.
 E.G. “Columnar Transposition Cipher”
Plaintext: COMPUTER GRAPHICS MAY BE SLOW BUT AT
LEAST IT’S EXPENSIVE

COMPUTERGR
APHICSMAYB
ESLOWBUTAT
LEASTITSEX
PENSIVE

Ciphertext: CAELSOPSEEMHLAN…
Steganography

 Plaintext can be hidden by two ways:

 Steganography: conceal the existence of the message
 Cryptography: render the message unintelligible to
outsiders using various kinds of transformation of the
text
 Examples of Steganography
 Character marking: overwrite text with pencil
 Invisible ink: use special substance
 Pin punctures: pin puncture on selected letters
One-time Pads
 One-time pad is a large non-repeating set of truly
random key letters
 Encryption is a additional modulo 26 of plaintext
character
 For example:
 Message: ONETIMEPAD Decryption
 Pad Sequence: TBFRGFARFM P+K mod 26 = C
P = C-K mod 26
 Ciphertext: IPKLPSFHGQ
I-T mod 26 = 9-20 mod 26
Because = -11 mod 26
O+T mod 26 = I → 15+20 mod 26 = 9 = -11+26 mod 26
= 15 mod 26
N+B mod 26 = P → 14+2 mod 26 = 16 =O
E+F mod 26 = K, etc.

ITEC4621 Network Security

Cryptographic Process
Message Message

m1 m2 mn m1 m2 mn

Encryption Decryption

c1 c2 cn c1 c2 cn

Ciphertext Ciphertext

ITEC4621 Network Security

Block Cipher and Stream Cipher
 Blockcipher: divides entire message in to
blocks used to produce ciphertext.
 Stream cipher: encrypts a data stream one
bit or one byte at a time.
 Converts plaintext to ciphertext 1 bit at a
time.
 Simple stream cipher

ITEC4621 Network Security

Public-key Cryptography
 In order for Alice & Bob to be able to
communicate securely using a symmetric-key
cryptosystem, they must have a shared key in the
first place.
 What if they have never met before ?
 Alice needs to keep 100 different keys if she
wishes to communicate with 100 different people.
 The capability to replace paper documents with
electronic documents “Digital Signature”
 Symmetric-key cryptosystems lack of providing
necessary security services non-repudiation
Public-key Cryptography
 probablymost significant advance in the
3000 year history of cryptography
 uses two keys – a public & a private key
 asymmetric since parties are not equal
 uses clever application of number
theoretic concepts to function
 complements rather than replaces private
key crypto
WHY PUBLIC-KEY CRYPTOGRAPHY?
 developed to address two key issues:
 key distribution – how to have secure
communications in general without having to
trust a KDC with your key
 digital signatures – how to verify a message
comes intact from the claimed sender
 publicinvention due to Whitfield Diffie &
Martin Hellman at Stanford University in
1976
 known earlier in classified community
PUBLIC-KEY CRYPTOGRAPHY
 public-key/two-key/asymmetric cryptography
involves the use of two keys:
a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
 a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
 is asymmetric because
 those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
PUBLIC-KEY ENCRYPTION
PUBLIC-KEY AUTHENTICATION
DIGITAL SIGNATURE
PUBLIC ANNOUNCEMENT
PUBLICLY AVAILABLE DIRECTORY
PUBLIC-KEY AUTHORITY
 improve security by tightening control over
distribution of keys from directory
 has properties of directory
 and requires users to know public key for
the directory
 then users interact with directory to
obtain any desired public key securely
 does require real-time access to directory when
keys are needed
PUBLIC-KEY AUTHORITY (CONT.)
PUBLIC-KEY CERTIFICATES
 Used to identify parties without
contacting a public-key authority
 Requirements
 Anyone can read a certificate to determine
the name and public key of the certificate’s
owner.
 Anyone can verify the certificate.
 Only the certificate authority (CA) can
create and update certificates
PUBLIC-KEY CERTIFICATES (CONT.)
END….