Introductory Lecture on Cryptography and Information Security
1. Dr. Bikramjit Sarkar
Associate Professor
Dept. of Computer Science and Engineering
Techno India – Salt Lake
Kolkata, India.
Email: sarkar.Bikramjit@gmail.com
2. “THREE PEOPLE CAN KEEP A SECRET IF
TWO OF THEM ARE DEAD!”
- Benjamin Franklin
Human tendency is that when told that something
is secret and asked to keep it secret, people
become quite eager to share that secret to
everyone else.
Keeping secret is not that easy...
3. We are living in the Information age where there is
a need to keep information of every aspect of life.
And the information, like any other asset, needs
to be secured.
With the advent of computers, information storage
became electronic. And a need for computer
security became a real challenge.
4. Security goals:
Confidentiality – Information needs to be
hidden from unauthorized access.
Integrity – Information needs to be protected
from unauthorized alteration.
Availability – Information needs to be available
to authorized entity, as and when required.
5. The actual implementation of the security goals
needs some techniques. Two techniques are
prevalent today:
Cryptography – Concealing the contents of a
message by enciphering.
Steganography – Concealing the message itself
by covering it with something else.
6. Cryptography
Cryptography (or cryptology), a word with Greek
origin (Secret Writing), is the art and science
towards achieving information security by
encoding (enciphering) the original message to
some non-readable form.
It is about constructing and analyzing protocols
that overcome the influence of adversaries,
considering various security goals.
7. Cryptography – contd..
The sender, say Alice, encodes (encrypts) the
original message (plain text) into some non-
readable form (cipher text) and transmit the
cipher text over the communication channel.
The receiver, say Bob, receives the cipher text and
decodes (decrypts) the cipher text to its original
form (plain text).
Nevertheless, there is a high probability that the
intruder, say Oscar, listens to the
communication.
8. Cryptography – contd..
Although, in the past, cryptography referred only
to the encryption and decryption of messages
using secret keys, today it is defined as involving
three distinct mechanisms:
Symmetric-key cryptography (Classical)
Asymmetric-key cryptography
Hashing
9. Cryptography – contd..
Symmetric-key cryptography uses a single
secret key for both encryption and decryption.
Here encryption / decryption can be thought of as
electronic locking / unlocking. Alice puts the
message in a box and locks the box using the
shared secret key. Bob unlocks the box with the
same key and takes out the message. It is
assumed that Oscar cannot understand the content
of the transmitted message by simply
eavesdropping over the channel.
10. Cryptography – contd..
Asymmetric-key cryptography works on a pair
of keys instead of a single key: one public key and
one private key.
Here Bob generates one public key and one private
key and broadcasts the public key. Alice encrypts
the message with Bob’s public key and transmits
over the channel. At the receiver end, Bob decrypts
the encrypted message by the private key and gets
back the original message.
11. Cryptography – contd..
Hashing is a technique where fixed-length
message digests are obtained out of variable
length messages using some cryptographic hash
functions.
Here Alice sends both the message and the
message digest to Bob to provide check values.
12. Classical Cryptography – Definition
The crypto-system is a 5-tuple: (P, C, K, E, D), where,
P is a finite set of possible plaintexts
C is a finite set of possible cipher texts
K is a finite set of possible keys (key space)
For each k € K, there exist one encryption rule ek€ E
and one decryption rule dk€ D, such that,
ek (x) = y and dk (y) = x, where, x € P and y € C .
dk (ek (x)) = x
14. Classical Cryptography – Properties
Encryption rules and Decryption rules should
be computable.
Given a cipher text, it should be difficult for an
opponent to identify the encryption key and hence
the plaintext.
For the last to hold, the key space must be
large enough. Otherwise, the intruder might be
able to iterate through all the keys (brute-force
attack).
15. Classical Cryptography – Caesar cipher
Caesar cipher, also known as Caesar's cipher,
the shift cipher, Caesar's code or Caesar shift, is
one of the simplest and most widely
known encryption technique. It is a type
of substitution cipher in which each letter in
the plaintext is replaced by a letter some fixed
number of positions down the alphabet. For
example, with a right / left shift of 3, D would be
replaced by G / A, E would become H / B, and so
on. The method is named after Julius Caesar,
who used it in his private correspondence.
16. Caesar cipher – Computation
P = C = K = Z26 = {0, 1, 2, ..., 24, 25}
For simplicity, remove spaces and consider only upper
case characters of English alphabet and each character
is assigned with the numeric values as follows:
A = 0, B = 1, C = 2, ..., X = 23, Y = 24, Z = 25.
ek € E: y = ek (x) = (x + k) mod 26
dk € D: x = dk (y) = (y – k) mod 26} x, y, k € Z26
17. Caesar cipher – Illustration
Let us consider the key k = 11 and the original
message (plaintext) WEWILLMEET
So, the sequence of corresponding integers
xi: 22 – 4 – 22 – 8 – 11 – 11 – 12 – 4 – 4 – 19
ek € E: yi = ek (xi) = (xi + 11) mod 26
yi : 7 – 15 – 7 – 19 – 22 – 22 – 23 – 15 – 15 – 4
So, the sequence of corresponding characters
(cipher text): HPHTWWXPPE
The plaintext can be obtained back by the
decryption rule dk € D: xi = dk (yi) = (y – k) mod 26
So, dk: HPHTWWXPPE → WEWILLMEET
18. Caesar cipher – Cryptanalysis
It should be noted that the enciphering
algorithms are public but what makes the
crypto-system applicable is the secrecy of the
key. Cryptanalysis refers to the process of
computing the key, which is concerned to the
intruders.
Caesar cipher is vulnerable mainly to two types of
attacks (cryptanalysis):
Brute-force attack
Statistical attack
19. Caesar cipher – Brute-force attack
The Caesar cipher is vulnerable to brute-force
attacks that uses exhaustive key searches.
The key-domain of the Caesar cipher is very
small. Only 26 possible keys are there, out of
which 0 is useless.
This leaves only 25 possible keys for encryption /
decryption.
The intruder can easily launch a brute-force
attack on the cipher text.
20. Brute-force attack: example
Let us consider that Oscar has intercepted the
cipher text UVACLYFZLJBYL. Now Oscar will
keep trying with all possible keys (1 to 25) and
with the key 7, he will find a character-sequence
NOTVERYSECURE which makes sense (Plaintext).
Key Plaintext
1 TUZBKXEYKIAXK
2 STYAJWDXJHZWJ
3 RSXZIVCWIGYVI
4 QRWYHUBVHFXUH
5 PQVXGTAUGEWTG
6 OPUWFSZTFDVSF
7 NOTVERYSECURE
21. Caesar cipher – Statistical attack
The Caesar cipher is also subject to statistical
attacks that uses the frequency of occurrence of
characters for a particular language.
Frequency of occurrence of letters (English)
Letter Frequency Letter Frequency Letter Frequency Letter Frequency
E 12.7 H 6.1 W 2.3 K 0.08
T 9.1 R 6.0 F 2.2 J 0.02
A 8.2 D 4.3 G 2.0 Q 0.01
O 7.5 L 4.0 Y 2.0 X 0.01
I 7.0 C 2.8 P 1.9 Z 0.01
N 6.7 U 2.8 B 1.5
S 6.3 M 2.4 V 1.0
22. Statistical attack: example
Let us consider that Oscar has intercepted the
cipher text as follows:
XLILSYWIMWRSAJSVWEPIJSVJSYVQMPPMSRHS
PPEVWMXMWASVXLQSVILYVVCFIJSVIXLIWIPPIV
VIGIMZIWQSVISJJIVW
Oscar now tabulates the frequency of letters in the
cipher text and gets I = 14, V = 13, S = 12 and so
on.
23. Statistical attack: example – contd..
This shows that the character I in the cipher text
has the highest frequency of occurrence.
Oscar, therefore, makes a prediction that the
character I in the cipher text probably
corresponds to the character E in the plain text.
And hence the key is possibly 4. With the key of
value 4 if the cipher text is decrypted, it becomes
readable (plaintext):
THEHOUSEISNOWFORSALEFORFOURMILLIOND
OLLARSITISWORTHMOREHURRYBEFORETHESE
LLERRECEIVESMOREOFFERS
24. Conclusion
It is, therefore, prevalent that the Caesar cipher is
not that efficient to be applicable towards
information security in this electronic age. So,
there is a need of more efficient and secure
algorithms.
Due to several reports of failure of different
enciphering algorithms, ultimately Rijndael won
the competition and got selected as Advanced
Encryption Standards by NIST in 2001 – 2002.
But no algorithm has been able to provide
ultimate security.