Cryptographic System IS

Secure Communication

Confidentiality
Authentication
Message Integrity
Anti-Replay Protection
Client PC with Server with
Cryptographic Cryptographic
System System
Software Provided Software
Automatically
Confidentiality: Protection against eavesdroppers understanding intercepted messages
Authentication: Assurance that senders are who they claim to be
Message Integrity: Assurance that the message has not been changed on route
Anti-Replay Protection: Assurance that if an attacker captures a message and transmit it again later;
the receiver will not accept the message 2
Terminology IS

• Cryptography: Process/study of making and using codes to secure information

transmission
• Plaintext: Unencrypted message
• Ciphertext: Encrypted message
• Cipher: Encryption method consisting of algorithm, key, and
encryption/decryption procedures
• Key: Secret info used with algorithm to form cipher
• Encrypt: Convert plaintext to ciphertext
• Decrypt: Convert ciphertext to plaintext

Cryptography provides sophisticated approach to security. Encryption converts a

message into a form that unintended recipients cannot read.

3
Terminology IS
Different keys produce different ciphertext from the same plaintext even when the same method is used

Encryption Note:
Key Interceptor Cannot Read
Ciphertext Without the
Decryption Key
Plaintext Encryption Ciphertext “11011101”
“Hello” Method &
Key Interceptor
Network
Decryption
Key

Party A Ciphertext “11011101” Decryption Plaintext

Method & “Hello”
Key

Party B 4
Cryptographic Algorithms-1 IS

Two categories: symmetric and asymmetric

– Today’s cryptosystems use hybrid combination of both types of algorithms

Symmetric: Use same “secret key” for message encryption, decryption

– Computationally efficient
– Both sender, receiver must have key beforehand
– If either copy of key is compromised, attacker can decrypt and read messages

Examples: Data Encryption Standard (DES), Triple DES (3DES), Advanced Encryption
Standard (AES)

5
Cryptographic Algorithms-2 IS

Asymmetric (public key) encryption:

– Uses two different but related keys; either key can encrypt or decrypt message

– If Key A encrypts message, only Key B can decrypt

– Highest value: one key is private, the other is public

6
Symmetric Encryption IS

Symmetric Note:
Key A single key is used to
encrypt and decrypt
in both directions.
Plaintext Encryption Ciphertext “11011101”
“Hello” Method &
Key Interceptor
Network Same
Symmetric
Key

Party A Ciphertext “11011101” Decryption Plaintext

Method & “Hello”
Key

Party B
7
Asymmetric (Public Key) Encryption IS

Encrypted
Encrypt with Decrypt with
Message
Party B’s Public Key Party B’s Private Key

Party A Party B
Decrypt with Encrypt with
Party A’s Private Key Encrypted Party A’s Public Key
Message

8
Key Length and Number of Possible Keys-1 IS

Key Length
Number of Possible Keys
in Bits
1 2
2 4
4 16
8 256
16 65,536
40 1,099,511,627,776
56 72,057,594,037,927,900
112 5,192,296,858,534,830,000,000,000,000,000,000

9
Key Length and Number of Possible Keys-2 IS

Key Length
Number of Possible Keys
in Bits
112 5.1923E+33
168 3.74144E+50
256 1.15792E+77
512 1.3408E+154

Shaded keys, with lengths of more than 100 bits, are considered strong symmetric keys today.

Unshaded keys, with lengths of less than 100 bits, are considered weak symmetric keys today.

Public key/private key pairs must be much longer to be strong because of the disastrous
consequences of learning someone’s private key and because private keys cannot be changed
rapidly.
10
Strong Keys for Symmetric and Public Key Encryption
IS

Strong Symmetric Keys Strong Public and Private Keys

Limited damage if cracked, so Serious damage if cracked, so
can be shorter must be longer
Changed frequently, so can Rarely changed, so must be
be shorter longer
100 bits or more today 1,024 or 2,048 bits for RSA encryption today
Longer for high-value transactions
DES: 56-bits (weak), but 3DES gives 112-bit or 512 bits for ECC encryption today
168-bit security
AES: Key lengths of 128, 192, or 256; yet
places a light load on processor and RAM so
can be used by mobile devices
IDEA: 128 bits
Longer tomorrow as cracking power increases Longer tomorrow as cracking power increases
11
Hashing IS

• Hashing is a one-way function. It cannot be reversed.

From the hash, you cannot compute the original message

• Hashing is repeatable

If two parties apply the same hashing method to the same bit string, they
will get the same hash

12
Encryption vs Hashing IS

Encryption Hashing

Key is usually added

Uses a key as an
to text; the two are
Use of Key input to an
combined, and the
encryption method
combination is hashed

Output is of a fixed
Length of Output is similar in
short length,
Result length to input
regardless of input

Reversible; ciphertext One-way function; hash

Reversibility can be decrypted cannot be “de-hashed” back
back to plaintext to the original string

13
Digital Signature-1 IS

To Create the Digital Signature:

Plaintext
1. Hash the plaintext to create a
Hash
brief message digest; this is
NOT the Digital Signature.
MD
Sign (Encrypt)
2. Sign (encrypt) the message with Sender’s
digest with the sender’s private Private Key
key to create the digital signature.
DS
3. Transmit the plaintext + digital
signature, encrypted with
symmetric key encryption.
DS Plaintext

14
Digital Signature-2 IS

DS Plaintext

4. Encrypted with
Session Key
Sender Receiver

15
Digital Signature-3 IS

To Test the Digital Signature

5. 6.
Received Plaintext DS 5. Hash the received plaintext
with the same hashing algorithm
the sender used. This gives
Decrypt with the message digest.
Hash True Party’s
Public Key 6. Decrypt the digital signature
with the sender’s public key.
This also should give the
message digest.
MD MD
7. 7. If the two match, the
Are they equal? message is authenticated.

16
Certificate Authority (CA) IS
A certificate authority (CA), is a company or organization that acts to validate the
identities of entities (such as websites, email addresses, companies, or individual
persons) and bind them to cryptographic keys through the issuance of electronic
documents known as digital certificates.

◼ CAs are not regulated in any country today

 Anyone can be a CA
 Even an organized crime syndicate
 Some, such as VeriSign, are widely trusted
◼ Companies can be their own CAs
 Assign keys and certificates to their internal computers
 This gets around the need to trust public CAs

17
Certificate Authority (CA) IS

18
Public Key Distribution for Symmetric Session Keys
IS

1. Create
Symmetric
Session Key

Party A Party B

19
Public Key Distribution for Symmetric Session Keys
IS

Party A Party B

2. Encrypt 3. Send the Symmetric 4. Decrypt

Session Key with Session Key Encrypted Session Key with
Party B’s Public Key for Confidentiality Party B’s Private Key

5. Subsequent Encryption with

Symmetric Session Key
20