Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Published in: Technology, Education


  1. 1. Cryptography 101 By Aman Hardikar
  2. 2. Contents / Topics INTRODUCTION SYMMETRIC CRYPTOGRAPHY Block Ciphers  Introduction  Terms  Modes Stream Ciphers  Introduction  Types ASYMMETRIC CRYPTOGRAPHY Introduction Terms Ciphers HASH FUNCTIONS Introduction Merkle Damgard Technique MAC DIGITAL SIGNATURE DIGITAL ENVELOPE Skill Level: Beginner - Intermediate
  3. 3. Introduction Cryptography Securing information in a form only readable by end parties Cryptography Primitives (building blocks of cryptographic protocols) Encryption • Involves the conversion of plain text to cipher text Decryption • Involves the conversion of cipher text to plain text Signature Generation • Involves producing a special string that can be tied to a user Signature Verification • Involves verifying who the user is from the message Key Negotiation and Exchange • Involves negotiation and exchange of keys between the various parties involved Steganography Hiding information in other files Ex: pictures, audio, video, executable files
  4. 4. Types Symmetric Cryptography One key for both encryption and decryption Asymmetric Cryptography (Public Key Cryptography) Two keys : One for encryption, other for decryption
  5. 5. Symmetric Cryptography Advantages Small Key Size • Size ∞ Computational Power Disadvantages Key Management and transfer/sharing • Number of keys required = n(n-1)/2, where n is the number of parties involved. • If there are 5 parties, then number of keys = 10 • If there are 10 parties, then number of keys = 45 • If there are 100 parties, then number of keys = 4950 Provides Confidentiality, Integrity, Origin Authentication [based on the Mode used]
  6. 6. Symmetric Crypto - Types Block Ciphers Divides the text into blocks and acts on each of them Stream Ciphers Acts on each bit of the text
  7. 7. Block Cipher Terms Key Size Effective Key Size Block Size Initialization Vector (IV) Work Factor
  8. 8. Block Cipher Examples Lucifer (64 bits), DES/DEA (56 bits), DESX (184 bits) 3DES / TDES / TripleDES (168 bits)  EEE, EDE, …. AES/Rijndael (Variable Size) IDEA Serpent, Blowfish, RC6
  9. 9. Block Cipher Modes ECB (Electronic Code Book) CBC (Cipher Block Chaining)  CBC$  CBCC PCBC (Propagating CBC) CFB (Cipher FeedBack) OFB (Output FeedBack) CTR (CounTeR)  CTR$  CTRC Above modes provide confidentiality only.
  10. 10. Block Cipher Modes (2) CMAC (Cipher based MAC) Integrity + Authentication CCM (Counter with CBC-MAC) Integrity + Authentication GCM (Galois/Counter Mode) Integrity + Authentication Above modes also provide other security services in addition to confidentiality.
  11. 11. Block Cipher Modes (3) Properties:  Provide Confidentiality  Fast Data Storage and Retrieval  Efficient Use of Disk Space CBC (Cipher Block Chaining) LRW (Liskov, Rivest and Wagner) XEX (Xor Encrypt Xor) XTS (XEX-based Tweaked Codebook Mode) CMC (CBC Mask CBC) EME (ECB Mask ECB) Above modes primarily used in Full Disk Encryption.
  12. 12. Stream Ciphers Uses key streams Acts on bits of text Most Hardware Implementations use these Less complex than block ciphers NOTE: Block Ciphers can also be used as Stream Ciphers.
  13. 13. Stream Cipher Types Synchronous These generate random sequence of bits independent of the plain text and cipher text. Ex: RC4, HC-128 Asynchronous These generate key streams based on a set of former cipher text bits. Ex: CTAK, CFB Mode Block Ciphers
  14. 14. Asymmetric Cryptography Advantages Key Management Disadvantages Large Key Size • Size ∞ Computational Power Provides Confidentiality, Integrity, Authentication, Non-Repudiation
  15. 15. Asymmetric Crypto Terms Trapdoor Functions  Mathematical functions that are easy to apply in one direction, but extremely difficult in the reverse.
  16. 16. Asymmetric Ciphers DH (DHM) Based on discrete logarithms No Authentication • Digital Signature Required RSA Based on factorisation of large numbers Example Key Sizes: 512bits, 1024bits, 2048bits Other Ciphers/Algorithms El Gamal – Based on DH Cramer-Shoup – Based on El Gamal Knapsack
  17. 17. Elliptical Curve Cryptography Mathematical equations that use Elliptical Curves Advantages:  Small Key Size (Size ∞ Computational Power)  256 bit ECC key ≈ 3072 bit RSA/DH key; 384 bit ECC key ≈ 7680 bit RSA/DH key Algorithms  Digital Signatures  ECDSA: Elliptic Curve Digital Signature Algorithm  ECPVS: Elliptic Curve Pintsov Vanstone Signatures  ECNR: Elliptic Curve Nyberg Rueppel  Key Agreement  ECMQV: Elliptic Curve Menezes-Qu-Vanstone  ECDH: Elliptic Curve Diffie-Hellman  Encryption  ECIES: Elliptic Curve Integrated Encryption Standard
  18. 18. Hash Functions Provides condensed representation of a given text or message (Message Digest) Provides Integrity, Origin Authentication Collision Situation when two different texts have the same hash Examples MD5 – 128bits – Insecure – Collisions Possible SHA1 – 160 bits – 263 Hash Operations for identifying a collision instead of 280 operations RIPEMD-160 – 160 bits – Secure (no collisions identified yet) SHA256 – 256 bits – Secure
  19. 19. Merkle Damgard Technique A method to build collision resistant hash functions Used by common hash functions like MD5, SHA1 and SHA256
  20. 20. Block Ciphers - MAC Block Ciphers can also be used as hash functions MDC-2 – 128 bits Whirlpool – 512 bits Used in Message Authentication Code (MAC) Adds a secret key to message during input • Provides Origin Authentication Provides Integrity Popular Implementation: CBC-MAC
  21. 21. Hash Functions - MAC Hash Algorithms can also be used to produce MAC Two Types MDx-MAC Scheme  Uses modified hash functions  SHA1, RIPEMD-160 can be used HMAC  Unmodified hash functions  Secret key added to message  Used in IPSec, NAS, Mobiles  Ref: RFC2104, FIPS PUB 180, ISO 9797-2
  22. 22. Digital Signatures Equivalent to physical signature Provides Integrity, Origin Authentication and Non-Repudiation
  23. 23. Digital Signatures (2) Software Components  Cryptographic Hash Function  Key Generation Algorithm  Signing Algorithm  Verification Algorithm Implemented using Public Cryptosystems: ECC, DSA, RSA, El Gamal DSA – Digital Signature Algorithm Used in Digital Signature Standard Ref: FIPS PUB 186, ISO 9696 and ISO 14888
  24. 24. Digital Envelope Provides Confidentiality in addition to Integrity, Origin Authentication and Non- Repudiation Two possible ways:  Encrypt the message and the digital signature with the recipient's public key  Encrypt the message with a secret key, then encrypt the secret key and the digital signature with recipient’s public key
  25. 25. Further Presentations …. PKI 101 PKI 201 Crypto Attacks 101 Basics of PKI infrastructure and Key Management. Advanced PKI stuff, which includes various PKI models, CRL types and auditing PKI infrastructure. Discussion on various attacks.