Cyber Security Part-2.pptx

Continuation to Part-1
Cyber Security Part-2

 Cryptography(Encryption & Decryption)
 Types of Ciphering(Encryption)
 Symmetric & Asymmetric Encryptions
 Cryptography used for Telegraph Communication
 Stream Ciphering & Block Ciphering
 Block Ciphering operation modes
 Location of Encryption Devices
 Message Authentication Code (MAC)
 Secured Hash Algorithms
 HMAC(Hash based Message Authentication Code)
Index

Encryption(Ciphering) &
Decryption(De Ciphering)

 Ciphering or encryption: process of converting information or
data into a code, especially to prevent unauthorized access.
 Objective of encryption is to protect sensitive information
transmitted online.
Plain Text
Key
 Decipher or Decryption: process of taking encoded or
encrypted text converting it back into plain text that you or the
computer can read and understand.
Cipher Text
Key
Encryption
Cipher Text
Decryption Cipher Text

 Encryption:

 Decryption:
Prepend key
before every
character
(Encryption )
Hi (Data)
A (Key)
AHAI
Remove key
character which
is there before
every character
(Decryption )
AHAI
A(Key)
HI (Data)

 Conventional Encryption involves transforming plaintext
messages into ciphertext messages that are to be decrypted
only by the intended receiver.
 Both sender and receiver agree upon a secrete key to be
used in encrypting and decrypting.
Conventional Encryption Principles

 An encryption which is using single key is called as
Symmetric Encryption.
 A Symmetric encryption scheme has five ingredients
 Plain Text: original message or data, which is input to the
encryption algorithm.
 Encryption Algorithm: algorithm performs various
substitutions and transformations on the plain text.
 Secret Key: The key is another input to the algorithm. The
substitutions and transformations performed by algorithm
depend on the key.
 Cipher Text: This is the scrambled (unreadable) message which
is output of the encryption algorithm. This cipher text is
dependent on plaintext and secret key. For a given plaintext,
two different keys produce two different cipher texts.
 Decryption Algorithm: This is the reverse of encryption
algorithm. It takes the cipher text and secret key as inputs and
outputs the plain text.

Classification of Ciphers
Ciphers
Monoalphabetic
Polyalphabetic
Polygraphic
Route Transposition
Columnar
Transposition
Synchronous Stream
Asynchronous Stream
Iterated Block
Fractioned Block
Steganographic

 This is a substitution technique that uses a single
alphabet to replace symbols of plaintext for symbols
of ciphertext as dictated by the key.
 The key often represents the number of symbols to
shift the plaintext from a circular alphabet.
 These techniques are relatively easy to break due to
the fact that symbol frequencies remain invariant
 Example Algorithms:
 Caesar
 ROT13
 Four Square
Monoalphabetic

 The action of a Caesar cipher is to replace each plaintext letter
with a different one a fixed number of places down the alphabet.
The cipher illustrated here uses a left shift of three, so that (for
example) each occurrence of E in the plaintext becomes B in the
ciphertext.
Wiki link
.
Caesar Algorithm

#include <stdio.h>
int main()
{
char array[100], cipher[100];
int c=0, x=0, y=0;
int z;
printf("This Program will encrypt according to your needsn");
printf("Enter the cipher keyn");
scanf("%d",&z);
printf("Enter the sentence");
while((c=getchar()) != 'n')
{
array[x++]=(char)c;
cipher[y++]=(char)(c+z); //for decription need to do (c-z)
}
array[x]=0;
cipher[y]=0;
printf("%sn",cipher);
return 0;
}

 ROT13 is a special case of the Caesar cipher, developed in
ancient Rome
 ROT13 ("rotate by 13 places") is a simple letter substitution
cipher that replaces a letter with the 13th letter after it, in the
alphabet.
Wiki Link
ROT13 Algorithm

#include <stdio.h>
int rot13(int c){
if('a' <= c && c <= 'z'){
return rot13b(c,'a');
} else if ('A' <= c && c <= 'Z') {
return rot13b(c, 'A');
} else {
return c;
}
}
int rot13b(int c, int basis){
c = (((c-basis)+13)%26)+basis;
return c;
}
int main() {
printf("The given args will be rotated");
int c;
while((c = getchar()) != EOF){
c = rot13(c);
putchar(c);
}
return 0;
}

 The four-square cipher is a manual symmetric encryption technique.
 The technique encrypts pairs of letters (digraphs), and thus falls into
a category of ciphers known as polygraphic substitution ciphers.
 as the analysis Four-square cipher algorithm provides 676 possible
digraphs rather than just 26 for monographic substitution.
 The four-square cipher uses four 5 by 5 (5x5) matrices arranged in a
square.
 Each of the 5 by 5 matrices contains the letters of the alphabet
(usually omitting "Q" or putting both "I" and "J" in the same location
to reduce the alphabet to fit)
 As an example, here are the four-square matrices for the keywords
"example" and "keyword." The plaintext matrices are in lowercase
and the cipher text matrices are in caps to make this example visually
more simple:
Four-square cipher Algorithm

Lower case letters indicates plain text
Upper case letters indicates cipher text
Wiki link

 Algorithm:
 Split the payload message into digraphs. (hello world becomes he ll 0w or ld)
 Find the first letter in the digraph in the upper-left plaintext matrix.
 The first letter of the encrypted digraph is in the same row as the first plaintext letter and the same
column as the second plaintext letter. It is therefore in the upper-right ciphertext matrix.
 The second letter of the encrypted digraph is in the same row as the second plaintext letter and the
same column as the first plaintext letter. It is therefore in the lower-left ciphertext matrix.
h=>F
e=>Y

 This is a substitution technique that uses multiple
alphabets to replace symbols of plaintext for symbols
of cipher text as dictated by the key.
 The keyword is repeated throughout the length of
the message.
 These techniques suppress individual symbol
frequency making these ciphers harder to break.
 Sample algorithms.
 Running Key
 Vigenere
 One Time Pad
Polyalphabetic

 The 'key' for a running key cipher is a long piece of
text.
Running Key Algorithm

 Key : XABYX TRQNM
 Pain text: HELLO WORLD
 Now we take the letter we will be encoding, ‘H', and find it on the first column on the
tableau. Then, we move along the ‘H' row of the tableau until we come to the column with
the ‘x' at the top.(The ‘x' is the keyword letter for the first ‘h'), the intersection is our cipher
text character, ‘E'. Repeats same process to complete all characters of plain text.
 Encryption:
 H -> E
 E -> E
 L -> M
 L -> J
 O -> L
 W -> P
 O -> F
 R -> H
 L -> Y
 D -> P
 “”HELLO WORLD” =>
 “EEMJL PFHYP”

 Key : XABYX TRQNM
 Cipher text: EEMJL PFHYP
 Now we take the letter we will be decoding, ‘E', and find key ‘X’ on the first
row on the tableau. Then, we move along the ‘X' column of the tableau until
we come to ‘E’. From E left move and identify first column value ‘H’ .(The ‘x'
is the keyword letter for the first ‘E'), the value in first column is plain text .
Repeats same process to complete all characters of cipher text.
 Decryption:
E -> H
E -> E
M -> L
J -> L
L -> O
P -> W
F -> O
H -> R
Y -> L
P -> D
“EEMJL PFHYP” =>
“HELLO WOR LD”

 In the above Encryption algorithm data is mail
reference.
 Encryption Uses Line Flow from Left to Right.
 Decryption uses the line flow from top to bottom.
 Reference Link

 Vigenère can also be described algebraically. If the letters A–
Z are taken to be the numbers 0–25 (i.e., a=0, b=1 etc), and
addition is performed modulo 26, then Vigenère
encryption E using the key k can be written.
 and decryption D using the key K.
Vigenère cipher

 Vigenère Enryption
 Plain Text : HELLO WORLD
 Key : XYDZM NRCLJ
H
7
X
23
4
E
E
4
Y
24
2
C
(7+23)%26
(4+24)%2
6
L
11
D
3
14
O
(11+3)%26
L
11
D
3
14
O
(11+3)%26
O
14
M
12
0
A
(14+12)%2
6
W
22
N
13
9
J
O
14
R
17
5
F
(22+13)%2
6
(14+17)%2
6
R
17
C
2
19
T
(17+2)%26
L
11
D
3
14
O
(11+3)%26
D
3
J
9
12
M
(3+9)%26

 Vigenère Deryption
 Plain Text : EBOOA JFTOM
 Key : XYDZM NRCLJ
E
4
X
23
7
h
C
2
Y
24
4
E
(4-23)%26
(2--
24)%26
O
14
D
3
11
L
(14-3)%26
O
14
D
3
11
L
(14-3)%26
A
0
M
12
14
O
(0-12)%26
J
9
N
13
22
W
F
5
R
17
14
O
(9-13)%26 (5-17)%26
T
19
C
2
17
R
(19-2)%26
O
14
D
3
11
L
(14-3)%26
M
12
J
9
3
D
(12-9)%26

 One-time padding Cipher algorithm.
 if ((Mi+Ki )<0) Then
 Ci=(Mi+Ki+26)%26
 Else
 Ci=(Mi+Ki-26)%26
 One-time padding Decipher algorithm.
 if ((Mi-Ki )<0) Then
 Ci=(Mi-Ki+26)%26
 Else
 Ci=(Mi-Ki-26)%26
 Wiki Link
One-time pad Cipher

 The Playfair Cipher is a manual symmetric encryption cipher
invented in 1854 by Charles Wheatstone, however it’s name and
popularity came from the endorsement of Lord Playfair.
 The Playfair cipher encrypts pairs of letters (digraphs), instead of
single letters as is the case with simpler substitution ciphers such as
the Caesar Cipher.
 Frequency analysis is still possible on the Playfair cipher, however it
would be against 600 possible pairs of letters instead of 26 different
possible letters.
 For this reason the Playfair cipher is much more secure than older
substitution ciphers, and it’s use continued up until WWII.
 The playfair cipher starts with creating a key table. The key table is a
5×5 grid of letters that will act as the key for encrypting your
plaintext.
 Each of the 25 letters must be unique and one letter of the alphabet
(usually Q) is omitted from the table (as there are 25 spots and 26
letters in the alphabet).
Playfair Cipher

 Playpair Algorithm:
 The 'key' for a playfair cipher is generally a word, for the
sake of example we will choose ‘MONARCHY'. This is then
used to generate a 'key square', e.g.
 Any sequence of 25 letters can be used as a key, so long as
all letters are in it and there are no repeats. Note that there
is no 'j', it is combined with 'i'. We now apply the
encryption rules to encrypt the plaintext.
M O N A R
C H Y B D
E F G I K
L P Q S T
U V W X Z

1. Remove any punctuation or characters that are not present in the key square
(this may mean spelling out numbers, punctuation etc.).
2. Identify any double letters in the plaintext and replace the second occurence
with an 'x' e.g. 'hammer' -> 'hamxer'.
3. If the plaintext has an odd number of characters, append an 'x' to the end to
make it even.
4. Break the plaintext into pairs of letters, e.g. 'hamxer' -> 'ha mx er'
5. The algorithm now works on each of the letter pairs.
6. Locate the letters in the key square, (the examples given are using the key
square above)
1. If the letters are in different rows and columns, replace the pair with the
letters on the same row respectively but at the other pair of corners of the
rectangle defined by the original pair. The order is important – the first
encrypted letter of the pair is the one that lies on the same row as the first
plaintext letter. 'ha' -> 'bo', 'es' -> 'il'
2. If the letters appear on the same row of the table, replace them with the
letters to their immediate right respectively (wrapping around to the left side
of the row if a letter in the original pair was on the right side of the row). 'ma'
-> 'or', 'lp' -> 'pq'
3. If the letters appear on the same column of the table, replace them with the
letters immediately below respectively (wrapping around to the top side of
the column if a letter in the original pair was on the bottom side of the
column). 'rk' -> 'dt', 'pv' -> 'vo'

 Encryption:
 Plain Text: HELLO WORLD (HE LL OW OR LD)
 KEY : MONARCHY
M O N A R
C H Y B D
E F G I K
L P Q S T
U V W X Z
HE CF
LL VV
OW NV
OR NM
LD TC
HE LL OW OR LD = CF VV NV NM TC

 Decryption: opposite actions to right move to left move.
Bottom move to top move.
Cipher Text: CF VV NV NM TC
KEY : MONARCHY
M O N A R
C H Y B D
E F G I K
L P Q S T
U V W X Z
HE
CF
LL
VV
OW
NV
OR
NM
LD
TC
CF VV NV NM TC = HE LL OW OR LD

 It is also a multiletter encryption cipher. It involves
substitution of ‘m’ ciphertext letters for ‘m’
successive plaintext letters. For substitution purposes
using ‘m’ linear equations, each of the characters are
assigned a numerical values i.e. a=0, b=1, c=2,
d=3,…….z=25.
 For example if m=3, the system can be defined as:
c1 = (k11p1 + k12p2 + k13p3) mod 26
c2 = (k21p1 + k22p2 + k23p3) mod 26
c3 = (k31p1 + k32p2 + k33p3) mod 26
Hill Cipher

 For decryption process, inverse of matrix K i.e. K -1 is
required which is defined by the equation KK-1 = K1 K =
I, where I is the identity matrix that contains only 0’s
and 1’s as its elements. Plaintext is recovered by
applying K1 to the cipher text. It is expressed as

 Example: The plain text is “I can’t do it” and the size of m is 3
and key K is chosen as
Plain Text :
7 11
4 15
H E L P
7 4 11 15

 Assume 2x2 Matrix
 (K*P)%26=E
7 8 0 19 => HIAT

(K-1 *E)%26=D
3 3 -1 5 -3 5 23
= 9-1 = 9-1
2 5 -2 3 24 3
9 * 9-1 = 1
9 * _ = 1 mod 26
9*3=27 % 26 = 1 %26

 Use Different keys at different end points.
 Encryption using Public-Key System
Asymmetric Encryption

 Ciphering two types based on the ciphering entire plain
text or block of the pain text.
 Ciphering entire plain text at a time is called Stream
Ciphering.
 Ciphering block wise (separate the plain text in to parts and
Ciphering each part) is called Block Ciphering.
 Block Ciphering modes of operations.
 Electronic Code Book (ECB)
 Cipher Block Chaining Mode (CBC)
 Cipher Feed Back Mode (CFB)
 Output Feedback Mode (OFB)
 Counter Mode (CTR)
Block Cipher modes of operations

Electronic Code Book (ECB) Encryption:
Block
Cipher
Block
Cipher
Block
Cipher
Block
Cipher
P1 P2 P3 P4
C1 C2 C3 C4
Plaintext => (P1,P2,P3,P4)
Ciphertext => (C1, C2, C3, C4)
Key Key Key Key

Electronic Code Book (ECB) Decryption:
Block
Cipher
Block
Cipher
Block
Cipher
Block
Cipher
C1 C2 C3 C4
P1 P2 P3 P4
Ciphertext => (C1,C2,C3,C4)
Plaintext => (P1,P2,P3,P4)
Key Key Key Key

Advantages & Disadvantages of ECB:
● Advantages
● Encryption/Decryption of each block could be parallelized.
● Disadvantages
1. Two blocks with identical plaintext produces identical ciphertext
2. Bit error in one block affect the whole block.
3. Plaintext patterns are still visible after encryption

Cipher Block Chaining (CBC)
Encryption:
Block
Cipher
Block
Cipher
P1 P2
C1 C2
Plaintext=> (P1,P2,P3,P4)
Ciphertext=>(C1,C2,C3,C4)
IV
Key Key
Block
Cipher
P3
C3
Key
Block
Cipher
P4
C4
Key

Cipher Block Chaining (CBC)
Decryption:
Block
Cipher
Block
Cipher
C1 C2
P1 P2
IV
Key Key
Block
Cipher
C3
P3
Key
Block
Cipher
C4
P4
Key

Advantages & Disadvantages of CBC:
● Advantages
● Diffusion is not easy.
● Decryption could be parallelized
● Disadvantages
1. Encryption has to be done sequential
2. Bit error in one block effects two blocks

Cipher text Stealing in CBC
Encryption:
Block
Cipher
Block
Cipher
P1 P2
C1 C2
Key
Block
Cipher
P3
C3
Key
Block
Cipher
P4
C4
Key
00…0
00…0
Key
IV

Cipher text Stealing in CBC
Decryption
Block
Cipher
Block
Cipher
C1 C2
P1 P2
IV
Key Key
Block
Cipher
C3
P3
Key
Block
Cipher
C4
P4
Key
00…0
00…0

Propagating Cipher Block Chaining
(CBC) Encryption:
Block
Cipher
Block
Cipher
P1 P2
C1 C2
IV
Key Block
Cipher
P3
C3
Key Block
Cipher
P4
C4
Key
Key

Propagating Cipher Block Chaining
(CBC) Decryption:
Block
Cipher
Block
Cipher
C1 C2
P1 P2
IV
Key Key
Block
Cipher
C3
P3
Key
Block
Cipher
C4
P4
Key

Output Feedback(OFB) Encryption:
Block
Cipher
Block
Cipher
P1 P2
C1 C2
Key
Key
IV
Block
Cipher
P3
C3
Key Block
Cipher
P4
C4
Key

Output Feedback(OFB) Decryption:
Block
Cipher
Block
Cipher
C1 C2
P1 P2
Key
Key
IV
Block
Cipher
C3
P3
Key Block
Cipher
C4
P4
Key

Advantages & Disadvantages of OFB:
● Advantages
● Keystream can be pre-computed.
● No padding
● Bit error only affect one bit
● Disadvantages
● Keystream computation cannot be parallelized
● Reusing of key an initialization vector is dangerous
● Bit-flipping attacks are easy

Cipher Feedback(CFB) Encryption:
Block
Cipher
Block
Cipher
P1 P2
C1 C2
Key
Key
IV
Block
Cipher
P3
C3
Key Blo
Ciph
P4
C
Key

Cipher Feedback(CFB) Decryption:
Block
Cipher
Block
Cipher
C1 C2
P1 P2
Key
Key
IV
Block
Cipher
C3
P3
Key Bloc
Ciphe
C4
P4
Key

●Advantages
● No padding
● Bit error only affect one bit
● Decryption can be parallelized
●Disadvantages
● Encryption cannot be parallelized
● No pre-computation of the keystream

Counter Mode(CTR) Encryption:
Block
Cipher
Block
Cipher
P1 P2
C1 C2
Key
Key
T1
Block
Cipher
P3
C3
Key
P4
Key
T2 T3

Counter Mode(CTR) Decryption:
Block
Cipher
Block
Cipher
C1 C2
P1 P2
Key
Key
T1
Block
Cipher
C3
P3
Key Blo
Cip
C4
P
Key
T2 T3 T

●Advantages
● No padding
● En-/decryption of each block could be parallelized
● Keystream can be pre-computed
●Disadvantages
● Reusing of key and nonce/counter is dangerous

Location of Encryption Devices:
62

•Link encryption:
–A lot of encryption devices
–High level of security
–Decrypt each packet at every switch
•End-to-end encryption
–The source encrypts and the receiver decrypts
–Payload encrypted
–Header in the clear
•High Security
–Both link and end-to-end encryption are needed

64
Key Distribution
1. Physical delivery
 A key could be selected by A and physically delivered to
B.
A third party could select the key and physically deliver it
to A and B.
2. Network transfer
If A and B have previously used a key, one party could
transmit the new key to the other, encrypted using the old
key.
If A and B each has an encrypted connection to a third
party C, C could deliver a key on the encrypted links to A
and B.
Diffie-Hellman key exchange

Session and Permanent Key
65
•Session key:
–Data encrypted with a one-time session key
–At the conclusion of the session, the key is
destroyed
•Permanent key:
–Used between entities for the purpose of
distributing session keys

Approaches to Message
Authentication
●Authentication Using Conventional Encryption
●Only the sender and receiver should share a key
●Message Authentication without Message
Encryption
●An authentication tag is generated and appended to
each message
●Message Authentication Code
●Calculate the MAC as a function of the message and
the key. MAC = F(K, M)

 Main objective of the MAC code to make sure data integrity
and authenticity.
 Make sure the data not altered(data integrity) and data
received from proper sender(authenticity)
Message Authentication Code

 A hash function is a mathematical function that converts a
numerical input value into another compressed numerical
value.
 The input to the hash function is of arbitrary length but
output is always of fixed length.
 Values returned by a hash function are called message digest
or simply hash values.
Hash Functions

 Fixed Length Output (Hash Value)
 Hash function coverts data of arbitrary length to a fixed length.
This process is often referred to as hashing the data.
 the hash is much smaller than the input data, hence hash
functions are sometimes called compression functions.
 Since a hash is a smaller representation of a larger data, it is also
referred to as a digest.
 Hash function with n bit output is referred to as an n-bit hash
function. Popular hash functions generate values between 160
and 512 bits.
 Efficiency of Operation
 Generally for any hash function h with input x, computation of
h(x) is a fast operation.
 Computationally hash functions are much faster than a
symmetric encryption.
Features of Hash Functions

 Pre-Image Resistance:
 if a hash function h produced a hash value z, then it should be a difficult process to find any
input value x that hashes to z.
 This property protects against an attacker who only has a hash value and is trying to find
the input.
 Second Pre-Image Resistance:
 if a hash function h for an input x produces hash value h(x), then it should be difficult to
find any other input value y such that h(y) = h(x).
 This property of hash function protects against an attacker who has an input value and its
hash, and wants to substitute different value as legitimate value in place of original input
value.
 Collision Resistance
 This property means it should be hard to find two different inputs of any length that result
in the same hash. This property is also referred to as collision free hash function.
 In other words, for a hash function h, it is hard to find any two different inputs x and y such
that h(x) = h(y).
 This property makes it very difficult for an attacker to find two input values with the same
hash.
 Also, if a hash function is collision-resistant then it is second pre-image resistant.
Properties of Hash Functions

Applications of Hash Functions
Password Storage Data Integrity
Check

 The input parameters ipad and opad are used to modify the
secret key. They may have various values assigned. It is
recommended to choose the values that would make both
inputs to the hash functions look as dissimilar as possible
(that is, that modify the secret key in two different ways).
 Using a secure hash function (that means the function which
doesn't produce the same outputs for different input data)
guarantees the security of the HMAC algorithm.
 Nowadays, the HMAC algorithm is used in many systems,
including some popular Internet protocols (SSL, IPsec, SSH).
Hash based Message Authentication
Code

1. Select K (0 < K < b)
1. generate K+
1. (If K bits<b bits then pad 0's left side until K bits=b bits)
2. S1=K+ EXOR iPad ( where K+ and iPad are b-bits, so S1 is b-bits,
iPad=0x36=0b0110110)
3. Append Message M to S1( S1 || M)
4. Apply Sha-512 on (S1 || M) => generated Hash is n-bits
5. pad n-bits until length equals to b-bits => output1
6. S2= K+ EXOR oPad(where k+ and oPad are b-bits, so S2 is b-bits,
0x5c=0b1011100)
7. append output of step 5 to S2 ( S2 || output1)
8. apply sha-512 on (S2 || output1) => generated Hash is n-bit
HMAC Algorithm

Hashed Message Authentication
Code

 The input parameters ipad and opad are used to
modify the secret key. They may have various values
assigned. It is recommended to choose the values that
would make both inputs to the hash functions look as
dissimilar as possible (that is, that modify the secret
key in two different ways).
 Using a secure hash function (that means the function
which doesn't produce the same outputs for different
input data) guarantees the security of the HMAC
algorithm.
 Nowadays, the HMAC algorithm is used in many
systems, including some popular Internet protocols
(SSL, IPsec, SSH).

Cyber Security Part-2.pptx

Recommended

Recommended

More Related Content

Similar to Cyber Security Part-2.pptx

Similar to Cyber Security Part-2.pptx (20)

Recently uploaded

Recently uploaded (20)

Cyber Security Part-2.pptx