Professional Documents
Culture Documents
BASIC CRYPTOGRAPHY
Lecture 2
1
Week 2
TOPICS
What is authentication?
Password
Cryptography Concept
Cryptography Algorithms
Digital Signature
Public Key Infrastructure (PKI)
RSA
Methods of Attacks in Encryption
Systems 2
WHAT IS AUTHENTICATION?
Verification of identity of someone who
generated some data
Relates to identity verification
classifications of identity verification:
by something known e.g. password
by something possessed e.g. smart card,
passport
by physical characteristics (biometrics)
e.g. finger prints, palm prints, retina,
voice
by a result of involuntary action :
signature 3
AUTHENTICATION
Requirements – must be able to verify
that:
Message came from apparent
source or author
Contents have not been altered
Sometimes, it was sent at a
certain time or sequence
Protection against active attack
(falsification of data and transactions)
4
PASSWORD
Protection of passwords
Don’t keep your password to anybody
Don’t write or login your password at everywhere
Etc.
Choosing a good password
Criteria:
Hard to guess and easy to remember
Characteristics of a good password
Not shorter than six characters
Calculations on password
Password population, N =rs 5
Probability of guessing a password = 1/N
Probability of success, P=nt/N
TIME TAKEN TO CRACK PASSWORD
No. Total by human by 1MIPS
Characters Combination Comp
1 36 3 minutes .000018s
2 1300 2 hours .00065s
3 47000 3 days .02s
4 1700000 3 months 1s
5 60000000 10 years 30s
10 37x1014 580 Million y 59years
6
TECHNIQUES FOR GUESSING
PASSWORDS
Try default passwords.
Try all short words, 1 to 3 characters long.
Try all the words in an electronic
dictionary(60,000).
Collect information about the user’s
hobbies, family names, birthday, etc.
Try user’s phone number, social security
number, street address, etc.
Try all license plate numbers
Use a Trojan horse
Tap the line between a remote user and the 7
host system.
PASSWORD SELECTING
STRATEGIES
User education
Computer-generated passwords
Reactive password checking
Proactive password checking
8
EXAMPLE OF PASSWORD
Based on the passwords given below,
determine which passwords are good or
bad, include one reason for each password:
UTeM1
hon05da
MyviT05
aleeyah
king
zamrud
9
EXAMPLE OF PASSWORD
CALCULATION
Assume you choose character from
a-z and 0-9 and the number of
characters required are 5.
Determine how much time will be
needed to get the right password if
your capability of your computer is
400 MIPS.
Give your opinion/conclusion from
this problem.
10
CRYPTOGRAPHY CONCEPT
The idea of a cipher system is to disguise
information in such a way that its
meaning is unintelligible to an
unauthorized person.
Steganography
(Hiding)
Secret
Writing Transposition
Codes
(Replace
Cryptography words)
(Scrambling)
Substitution
Cipher
(Replace
letters)
12
SECRET WRITING
Hiding
Steganography messages
(Hiding)
Message not
changed
Does not
involve key
Secret
Writing
Scrambling
messages
Message
changed
Cryptography 13
(Scrambling) Does involve
key
STEGANOGRAPHY
-THE ART OF HIDING
THE SCYTALE 15
MECHANICAL CRYPTO MACHINE
IN WORLD WAR II
cryptanalysis
CRYPTOGRAPHY ALGORITHMS
Classifiedalong three independent dimensions:
The type of operations used for transforming
plaintext to ciphertext
20
SYMMETRIC VS. ASYMMETRIC
Ifthe system is symmetric, then
there may be a need to distribute a
secret key value before secret
messages can be exchanged.
One of the most difficult aspects of
obtaining a secure system.
22
SYMMETRIC CRYPTOGRAPHY
REQUIREMENTS
two requirements for secure use of symmetric
encryption:
a strong encryption algorithm
a secret key known only to sender / receiver
mathematically have:
C = EK(P)
P = DK(C)
Decryption algorithm
ENCRYPTION USING ASYMMETRIC
CRYPTOGRAPHY
25
METHODS USE IN CRYPTOGRAPHY
ALGORITHM
Substitution
monoalphabetic substitution
Formed by shifting the letters of the original
alphabet
polyalphabetic substitution
Extension of monoalphabetic substitution
system
Using Vigenere Tableau
Transposition
unkeyed transposition
Rearrange letters by using matrix
keyed transposition
Rearrange letters by using matrix where the
26
size of matrix is determined by the length of
the key used.
CAESAR CIPHERS
One of the earliest substitution cipher
described by Julius Caesar in the Gallic
Wars.
In this cipher each of the letters A to W is
encrypted by being represented by the
letter that occurs three places after it in
the alphabet.
Although Caesar used a ‘shift’ of 3, a
similar effect could have been achieve
using any number from 1 to 25.
In fact any shift is now commonly
regarded as defining a Caesar Cipher. 27
CAESAR CIPHERS (CONT.)
The encryption key and decryption key are both
determined by a shift but the encryption and
decryption rules are different.
characters.
EXAMPLE:
30
CAESAR CIPHER EXHAUSTIVE KEY
SEARCH: CRYPTOGRAM XMZVH
Enciphering Assumed Enciphering Assumed Enciphering Assumed
key message key message key message
31
CAESAR CIPHERS (CONT.)
A single key search may not identify the key uniquely.
It is much more likely merely to limit the number of
possibilities by eliminating some obviously wrong
ones.
37
EXAMPLE: POLYALPHABETIC
SUBSTITUTION CIPHER
38
WHAT IS FREQUENCY ATTACK??
40
BREAKING VIGENERE CIPHER
This cipher was secure from about 1553 till 1854 (301 years!!!)
Letter is rearranged
Letter are retain but moved from its
position
Two type
Unkeyed single transposition
Keyed single transposition
42
EXAMPLE: UNKEYED SINGLE
TRANSPOSITION
Encrypt the plaintext : “there is no
security on this earth there is
only opportunity” into a matrix of
10 (vertical) by 5 (horizontal).
43
EXAMPLE: KEYED SINGLE
TRANSPOSITION
With the key “86423175”, encrypt the
plaintext “ignorance is the mother of
admiration” using keyed single
transposition into 4 by 8 matrix. Use
“x” to pad out columns.
44
MODERN ALGORITHMS
45
MODERN ALGORITHMS (CONT.)
The encryption algorithm may act on a bit-
string in a number of ways.
stream ciphers where the sequence is
encrypted bit-by-bit.
block ciphers, where the sequence is
divided into blocks of a predetermined
size.
ASCII requires 8 bits to represent one
character, and so for a block cipher that
has 64-bit blocks, the encryption 46
algorithm acts on eight characters at
once.
MODERN ALGORITHMS (CONT.)
Since most modern
algorithms operate on
binary strings we need
to be familiar with a 0 1
method of combining 0 0 1
two bits called 1 1 0
Exclusive OR and
often written as XOR
or .
0 0 = 0, 0 1 =1,
1 0 = 1 and 1 1 = 0 47
CLASSIFICATION OF CIPHERS
(TRANSFORMATION)
Stream ciphers
they convert one symbol of plaintext
immediately into a symbol of ciphertext
depends on symbol, key and control
information of encipherment algorithm
Block ciphers
encrypt a group of plaintext symbols as one
block
examples are transposition ciphers
e.g, in columnar transposition, the entire message is
translated as one block, block size need not have any
particular relationship to the size of the character
48
STREAM CIPHERS
The plaintext is enciphered bit by bit.
The value of each bit is changed to the
alternative value or leave unchanged.
If a bit is changed twice, it returns to its
original value.
51
STREAM CIPHERS (CONT.)
The keystream bit in position i, Ki = Pi Ci
can be determined as the XOR of the
plaintext and ciphertext in position i.
This highlight the potential weakness for
stream ciphers.
Anyone who is able to launch a known
plaintext attack, can deduce parts of the
keystream sequence from the
corresponding plaintext and ciphertext bit
pairs.
Thus the keystream must be
unpredictable in the sense that
knowledge of some of it should not enable 52
an attacker to deduce the rest.
STREAM CIPHERS (CONT.)
altered.
HASH FUNCTION
57
DIGITAL SIGNATURES
The digital signature for a message from a
particular sender is a cryptographic value
that depends on the message and the sender.
In contrast , a hand-written signature
depends only on the sender and is the
same for all messages.
60
DIGITAL SIGNATURES (BASIC
PRINCIPLE)
For a digital signature scheme based on RSA or El
Gamal:
Each user has a private key that only they can
use and its use is accepted as identifying them.
There is a corresponding public key.
Anyone who knows this public key, can check
that the corresponding private key has been
used, but cannot determine the private key.
This gives the receiver assurance of both the
origin and content of the message.
61
GENERATING A DIGITAL
SIGNATURE
Asymmetric
cryptographic processing requires
much computational processing.
Hf
E D
HASHING
FUNCTION
HASH OF MESSAGE
SIGNATURE - 64
SIGNED HASH OF MESSAGE
VERIFYING A DIGITAL SIGNATURE
The signature can be verified by anyone
who knows the corresponding public key.
Signature Message
Hashing
Verify using Function
Public key
Hash of Message
Hash of Message
66
If hashes are equal, signature is
authentic
CERTIFICATION AUTHORITY (CA)
AIM:
To guarantee the authenticity of public keys.
METHOD:
The CA guarantees the authenticity by
signing a certificate containing user’s identity
and public key with its secret key.
REQUIREMENT:
All users must have an authentic copy of the
Certification Authority’s public key.
67
CERTIFICATION PROCESS
Centre
Verifies Creates
credentials Certificate
Distribution
Owner
69
CERTIFICATION AUTHORITIES
Problems / Questions
Who generates users’ key?
How is identity established?
How can certificates be cancelled?
Any others?
70
ATTACKS ON DIGITAL SIGNATURE
Suppose digital signatures are being used
as a means of identification.
71
PUBLIC KEY INFRASTRUCTURE (PKI)
Themotivation of using PKI is to facilitate the
use of public key cryptography.
Other players:
Registration Authority (RA) - in some systems the
identification verification is performed by a separate
authority.
Validation Authority (VA) - end users ask the VA if a
given certificate is still valid and receive a yes or no 72
answer.
ESTABLISHING A PKI
When a PKI is established, the following
processes need to take place:
The key pairs for CAs must be generated.
The key pairs for users must be
generated.
Users must request certificates
Users’ identities must be verified.
Users’ key pairs must be verified.
Certificates must be produced.
Certificates must be checked.
Certificates must be removed/updated
(when necessary).
Certificates must be revoked (when 73
necessary).
KEY MANAGEMENT
A typical requirement specification for a
symmetric key system might include each of
the following:
Keys must be generated using a random or
pseudorandom process.
Any key used by a communicating pair must be
unique to them.
A key must be used for only for a purpose, e.g.
the same key should not be used for both
encryption and authentication.
Each key must be replaced within the time
deemed necessary to determine it by an
exhaustive search. 74
KEY MANAGEMENT (CONT.)
A key must not be used if its compromise is either
known or suspected.
Distribution
Destruction
Change Storage
76
Usage
RSA
by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme
Ingredients of RSA:
77
RSA KEY SETUP
each user generates a public/private key pair by:
selecting two large primes at random - p, q
note ø(n)=(p-1)(q-1)
selecting at random the encryption key e
note
that the message M must be
smaller than the modulus n (block if
needed) 79
RSA EXAMPLE - KEY SETUP
1. Select primes: p=17 & q=11
2. Compute n = pq =17 x 11=187
3. Compute ø(n)=(p–1)(q-1)=16 x
10=160
4. Select e: gcd(e,160)=1; choose
e=7
5. Determine d: de=1 mod 160 and d
< 160 Value is d=23
6. Publish public key PU={7,187}
7. Keep secret private key 80
PR={23,187}
RSA EXAMPLE - EN/DECRYPTION
sample RSA encryption/decryption is:
given message M = 88 (number
88<187)
encryption:
C = Me mod n
C = 887 mod 187 = 11
decryption:
M = Cd mod n
M = 1123 mod 187 = 88 81
EXPONENTIATION
can use the Square and Multiply Algorithm
a fast, efficient algorithm for exponentiation
concept is based on repeatedly squaring base
and multiplying in the ones that are needed
to compute the result
look at binary representation of exponent
only takes O(log2 n) multiples for number n
eg. 75 = 74.71 = 3.7 = 10 mod 11
eg. 3129 = 3128.31 = 5.3 = 4 mod 11
82
EXPONENTIATION (ALGORITHM FOR
COMPUTING AB MOD N)
c = 0; f = 1
for i = k downto 0
do c = 2 x c
f = (f x f) mod n
if bi == 1 then
c=c+1
f = (f x a) mod n
return f
83
EFFICIENT ENCRYPTION
encryption uses exponentiation to power e
primes
p,q must not be easily derived from
modulus n=p*q
means must be sufficiently large
typically guess and use probabilistic test
87
OTHER STANDARD ENCRYPTION
ALGORITHM
DES
The Data Encryption Standard (DES) is a block cipher (a
form of shared secret encryption) that was selected by the
National Bureau of Standards as an official Federal Information
Processing Standard (FIPS) for the United States in 1976
based on a symmetric-key algorithm that uses a 56-bit key.
16 complex block of substitution and transposition process
Breakable as shown by distributed.net and the Electronic
Frontier Foundation back in 1999
TRIPLE DES
applies the Data Encryption Standard (DES) cipher algorithm
three times to each data block.
Triple DES provides a relatively simple method of increasing the88
key size of DES to protect against brute force attacks
OTHER STANDARD ENCRYPTION
ALGORITHM
AES
In cryptography, the Advanced Encryption
Standard (AES) is an encryption standard
adopted by the U.S. government.
The standard comprises three block ciphers,
AES-128, AES-192 and AES-256, adopted from
a larger collection originally published as
Rijndael.
Each AES cipher has a 128-bit block size, with
key sizes of 128, 192 and 256 bits, respectively.
89
METHODS OF ATTACK
Four general attacks can be perform against
encrypted information:
Ciphertext
- only attack guessing the plaintext or using
frequency analysis
Known Plaintext
-guess using known plaintext.
Chosen-plaintext
Chosen-ciphertext attack 90
METHODS OF ATTACK (CONT.)
Thereare also specific attacks that can be
launched against encryption systems.
Brute-Force attack
Exhaustive key search - trying every
possible combination.
Replay attacks
Taking encrypted information and playing
it back at a later point in time.
Man-in-the-middle attacks
Fault in Cryptosytem
91
SUMMARY
have considered:
Authentication concepts and techniques
Cryptography concept and techniques
principles of private and public-key
cryptography
RSA algorithm, implementation, security
Methods of attack in Digital Signature,
Encryption and RSA
92
LESSON REVIEW
Decipherthe following cryptogram. It was
obtained from English text by using a
simple substitution cipher. What is the
enciphering key?
93