Info Security Technology

Topic 5
Cryptography

1
 References

• Security+ Guide to Network Security

Fundamentals, 4th Edition; Mark
Ciampa.
– Chapter 11: Basic Cryptography

2
 Objectives
• Define Cryptography
• Define Steganography
• Understand Cipher, Encryption and Decryption
• Describe Hashing, Symmetric and Asymmetric
algorithms
• Define Digital Certificates

3
 What Is Cryptography?
• Cryptography
– The science of transforming information into an unintelligible
form while it is being transmitted or stored so that
unauthorized users cannot access it.
– The transforming process scrambles a message so that it
cannot be viewed.

4
 What Is Steganography?
• Steganography
– Hides the existence of the data
– What appears to be a harmless image can contain hidden
data embedded within the image
– Can use image files, audio files, or even video files to
contain hidden information

5
 Cryptography and Security
Cryptography can provide basic security protection for information:
1. Cryptography can protect the confidentiality of information
– Confidentiality – Ensures only authorised parties can view the information

2. Cryptography can protect the integrity of the information

– Integrity – Ensures no unauthorised person or malicious software has altered the data

3. Cryptography can help ensure the availability of the data

– Availability – Ensures that data is accessible to authorised users

4. Cryptography can verify the authenticity of the sender

– Authenticity – Provides proof of the genuineness of the user

5. Cryptography can enforce non-repudiation

– Non-repudiation – Proves that a user performed an action

6
 Cryptographic Algorithms
• There are three categories of cryptographic
algorithms:
– Symmetric algorithm
– Asymmetric algorithm
– Hashing algorithm

7
 Symmetric Algorithm
• Symmetric algorithm
– The same identical key is used to encrypt and decrypt a
document.
– The key must be kept secret

Sender Recipient
Key
Key Ciphertext
‫ למעאع‬₪
Encryption Decryption
Algorithm Algorithm
Plaintext Plaintext
“ABC” “ABC”

8
 Symmetric Algorithm
• Also called private key cryptography; uses the
same single key to encrypt and decrypt a
message
• Encryption is the process of transforming
information (referred to as plaintext) using an
algorithm to make it unreadable.
• Decryption is, the reverse process, to make the
encrypted information readable again.
• A cipher is an algorithm for performing
encryption or decryption

9
 Symmetric Algorithm
• Classified into 2 categories:
– Stream Cipher
• Works on one character at a time
• Examples: Shift, Substitution and Polyalphabetic Ciphers
– Block Cipher
• Manipulates an entire block of plaintext at a time
• The plaintext is divided into separate blocks.
• Each block is encrypted independently.

10
 Shift Cipher
• One of the most famous ancient
cryptographers was Julius Caesar
• Caesar shifted each letter of his messages to
his generals three places down in the
alphabet

Table : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Key : 3

Plaintext : ATTACK AT DAWN

Ciphertext : DWWDFN#DW#GDZQ

11
 Substitution Cipher
• The weakness of shift ciphers led to substitution ciphers.

– Substitution ciphers work on the principle of substituting a

different letter for every letter.

– This system permits 26 possible values for every letter in a

message.

– The cipher is more complex than a standard shift cipher.

Table : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Key : THE QUICKBROWNFXJMPDVRLAZYG

Plaintext : ATTACK AT DAWN

Ciphertext : HVVH OTHVTQHAF

12
Polyalphabetic cipher

Plaintext : ATTACK AT DAWN

Key : LEMONLEMONLE
Ciphertext : LXFOPVEFRNHR

13
 Symmetric Algorithm
• Information protections by Symmetric Cryptography

14
 Symmetric Algorithm
Popular Symmetric Algorithms:
• Data Encryption Standard (DES)
– DES is a block cipher and encrypts data in 64-bit blocks
• Triple Data Encryption Standard (3DES)
– Designed to replace DES
– Uses three rounds of encryption instead of just one
• Advanced Encryption Standard (AES)
– Approved as a replacement for DES
– AES performs three steps on every block (128 bits) of plaintext
• Other symmetric algorithms:
– Rivest Cipher (RC) family from RC1 to RC6
– International Data Encryption Algorithm (IDEA)
– Blowfish
– Twofish

15
 Asymmetric Algorithm
• Asymmetric algorithm
– Uses 2 keys to encrypt and decrypt a document.
– The public key is known to everyone and can be freely
distributed
– The private key is known only to the recipient of the message

Sender Recipient
Private Key
Public Key Ciphertext
‫ למעאع‬₪
Encryption Decryption
Algorithm Algorithm
Plaintext Plaintext
“ABC” “ABC”

16
 Asymmetric Algorithm
• Also called public key cryptography; requires a
pair of keys.
• Public key is designed to be “public” and do not
need to be protected.
• Private key should be kept confidential and never
shared.
• Asymmetric keys can work in both directions. A
document encrypted in a public key can be
decrypted in with the corresponding private key.
In the same way, a document encrypted with a
private key can be decrypted with its public key.

17
 Asymmetric Algorithm

Popular Asymmetric Algorithms:

• RSA
• Diffie-Hellman
• Elliptic curve cryptography

18
 Asymmetric Algorithm
• Information protections by Asymmetric Cryptography

19
 Hashing Algorithm
• A hash is a special mathematical function that
performs one-way [encryption] calculation.
• Once the algorithm is processed, there is no way
to reverse the process to obtain the original text
• Hashing is primarily used for comparison
purposes.
 Hashing Algorithm
• Hashing
– A process for creating a unique “signature” for a set of data
• Also called a hash or digest
• The hash serves as a check to verify the message contents
• Hashing is used only for integrity to ensure that:
– No unauthorized person or malicious software has altered the data
• A hashing algorithm has the following characteristics:
– Fixed size: The hash is always the same size regardless of the length
of the plaintext.
– Unique: Two different plaintexts cannot produce the same hash (i.e.
collision)
– Secure: The resulting hash cannot be reversed to determine the
plaintext.
 Hashing Algorithm
• Applications of Hash
 Post hash values of files (eg software applications) on Internet
download sites
• To verify the file integrity of files that can be downloaded
 Use hash to store passwords
• When a password for an account is created, the password is hashed
and stored
 Hashing Algorithm
• Popular hashing algorithms
1. Message Digest (MD) algorithm (128 bits)

2. Secure Hash (SHA) Algorithm (256 bits)

3. Whirlpool (512 bits)

 Hashing Algorithm
• Popular hashing algorithms
1. Message Digest (MD) algorithm (128 bits)

2. Secure Hash (SHA) Algorithm (256 bits)

3. Whirlpool (512 bits)

24
 Hashing Algorithm
• Information protections by Hashing

25
 Comparison of Algorithms
Algorithm Description
Types
Hash  Performs only a one-way encryption.
 There is no way retrieve the plaintext from the hash value.
 Purpose is to verify the file integrity

Symmetric  Uses ONE key to:

 Encrypt data
 Decrypt data
 Is fast & efficient
Asymmetric  Uses TWO related keys:
 Public key to encrypt data
 Private key to decrypt data
 OR vice versa
 Is more secure than symmetric encryption
 Is slower than symmetric encryption

26
 Electronic Key Exchange
• (Asymmetric) Public key, the slower protocol, is used to
exchange the (Symmetric) private key, and then the
communication (document) uses the faster symmetric key
protocol. This process is known as electronic key exchange.

Sender Recipient Recipient’s

Encrypted Private Key
Encrypt Decrypt
Symmetric Sym Key Recipient’s
Symmetric
Public Key
Key Key
Encrypt Ciphertext Decrypt
Plaintext Plaintext
 Digital Signature
– Asymmetric and hashing cryptography can also be used
together to create a digital signature. A digital signature is an
electronic signature.
1. Using hashing software, you obtain a
message hash of the plain text contract.
2. You then use a private key that you have
previously obtained from a public-
private key authority to encrypt the hash.
3. The encrypted hash becomes your digital
signature of the message. (Note that it
will be different each time you send a
message.)
4. You send the plain text contract
(encrypted or not) with the digital
signature.
5. The receiver uses your public key to
decrypt the message hash and compare
with the hash generated from the plain
text contract
 Digital Certificate
• Digital certificate
– A technology used to bind an identity (name of
organisation) to a public key that has been digitally signed
by a reputable source (e.g. Verisign)
• Digital certificate contains
– Subject (Owner’s name)
– Issuer of certificate
– Serial number of digital certificate
– Public key
– Validity
– Signature Algorithm
 Digital Certificate
Amazon’s Certificate

Sender (Alex) Recipient (Amazon)

Amazon’s Public Amazon’s Private Key
Key

Encryption Ciphertext Decryption

Algorithm ‫ למעאع‬₪ Algorithm
Plaintext Plaintext
“CreditCard” “CreditCard”
 Digital Certificate
• Digital certificates are used to:
– Encrypt channels to provide secure web communication
• HTTPS-based web sites.
• A web browser will verify that the web site of the secure
connection is authentic. The user can then feel secure that
his/her interaction with the web site has no eavesdroppers and
that the web site is who it claims to be.
• Weakness: A web browser will give no warning to the user if a
web site presents an invalid certificate.
– Encrypt messages for secure Internet e-mail
communication
• Email certificates provide the strongest levels of confidentiality
and security for electronic communications by allowing you to
digitally sign and encrypt your mail and attachments.
 Summary
• Cryptography is the science of transforming
information into a secure form while it is being
transmitted or stored.
• Hashing creates a unique signature, called a hash or
digest.
• Symmetric cryptography uses a single key to encrypt
and decrypt a message.
• Asymmetric cryptography uses two keys instead of
one.
• Digital certificates bind an identity to a public key