2. Properties of secure communication
• Secrecy
• only B should understand
• Authentication
• B should be sure that sender is A
• Message integrity
• Content of the message not altered by intruder
3. Types of intrusion
• Passive intrusion
• eavesdropping—sniffing and recording control and data messages on the channel
• Active intrusion
• modification, insertion, or deletion of messages or message content
4.
5. • key, KA, a string of numbers or characters, as input to the encryption
algorithm
• Plaintext message is m
• KA(m) refers to the ciphertext form (encrypted using the key KA) of the
plaintext message, m
• Decryption is KB(KA(m)) = m
8. Symmetric Key Cryptography
• Caesar cipher
• by taking each letter in the plaintext message and substituting the letter that is k letters
later. 25 possibilities
• Monoalphabetic cipher
• each letter is replaced by a letter a random number of letters away. 10 ^ 26 possibilities
• Attacker could break if he had some information about the message content
9. Scenarios for attacker
• Ciphertext only attack
• Known plaintext attack
• When an intruder knows some of the (plaintext, ciphertext) pairings
• Chosen plaintext attack
10. Polyalphabetic encryption
• use multiple monoalphabetic ciphers. One for each letter
• Example two Caesar ciphers, C1 and C2, in the repeating pattern C1, C2, C2,
C1, C2
• How ‘Cryptography basics’ will be encrypted?
11. Block Ciphers
• the message to be encrypted is processed in
blocks of k bits
• To encode a block, the cipher uses a one-to-
one mapping to map the k-bit block of
cleartext to a k-bit block of ciphertext
• If k = 3 , then one possible mapping is table
• 2^3 (= 8) possible inputs
• 8! = 40,320 permutations
• For 64 bit key, both users should have table
of 2^64 possible inputs
12. Challenge
• For k = 64 and for a given mapping, Alice and Bob would need to maintain a
table with 2^64 input values, which is an infeasible task
• What’s the solution
13.
14. Popular Block Ciphers
1. DES (standing for Data Encryption Standard)
2. 3DES
3. AES (standing for Advanced Encryption Standard)
• Each of these standards uses functions, rather than predetermined tables
• DES uses 64-bit blocks with a 56-bit key.
• AES uses 128-bit blocks, can operate with keys that are 128, 192, and 256 bits long
• An algorithm’s key determines “mini-table” mappings and permutations within the algorithm’s
internals
• A machine that crack 56-bit DES ( all 2^56 keys) in 1 second will take 149 trillion years for 128-
bit AES key
15. Cipher-Block Chaining
• Two identical plaintext blocks will produce identical cipher text blocks
• Solution is to use cipher text of previous block while encrypting new block
19. RSA Algorithm
1. Choose two large prime numbers, p and q. (5,7)
2. Compute n = pq and z = (p – 1)(q – 1). N=35, z=24
3. Choose a number, e, less than n, that has no common factors (other than 1) with z.
e=5
4. Find a number, d, such that ed – 1 is exactly divisible (that is, with no remainder) by
z. d=29 as (5x29) – 1 = 144. And 144 is exactly divisible by 24
We can also say ed mod z = 1 (5x29) mod 24 = 1
5. The public key that Bob makes available to the world, KB+, is the pair of numbers
(n, e); his private key, KB–, is the pair of numbers (n, d) public(35,5) private(29)
20. RSA encryption
Plain Text letter m: numeric representation m^e Ciphertext c = m e mod n
F 6 7776 6
I 9 59049 4
R 18 1889568 23
S 19 2476099 24
T 20 3200000 20
RSA encryption e=5, n=35
21. RSA Decryption
Cipher Text c^d
m=c^d mod
n plain text
6 36845653286788892983296 6 F
4 288230376151711744 9 I
23 3.09105864309353752279954583854e+39 18 R
24 1.062E+40 19 S
20 5.36871E+37 20 T
Decryption d=29, n=35
22. Session keys
• RSA is slow
• In practice it is used to encrypt session keys at start of communication
• Actual communication is encrypted using DES or some other technique
25. Digital Signature
• Whoever signed the message must have used the private key, K–B, in
computing the signature K-B(m), such that K+B(K –B(m)) = m.
• The only person who could have known the private key, K–B, is Bob
26. Public key certification
• An important application of digital signatures is public key certification,
that is, certifying that a public key belongs to a specific entity
• Binding a public key to a particular entity is typically done by a Certification
Authority (CA), whose job is to validate identities and issue certificates
28. Integrity
• Bob takes message m and applies his private key to it: dB(m).
• Bob sends the pair (m,dB(m)) to Alice.
• Alice uses Bob’s public key and applies it to the second half of the pair,
eB(dB(m)), checking to see whether the result matches the first half, i.e.
eB(dB(m)) = m. If this is the case then:
• only Bob could have sent the message (why?)
• the message was not modified in transit (again, why?).
29. Digest
• encryption/decryption using public key cryptography is computationally
complex. Data needs to
• be tested that the sender of the data is as claimed
• be tested that it has not been changed since the sender created and signed
the data.
• solution is only to encrypt a shortened version (aka digest)
30. Digest
• Digest is obtained by many to one Hash function. It has 2 properties
1. Given a message digest value, x, it is computationally infeasible to find a
message, y, such that H(y) = x. In other words, it is computationally
infeasible to reconstruct the whole message knowing its digest.
2. It is computationally infeasible to find any two messages x and y such that
H(x) = H(y). In other words it is extremely unlikely that two messages have
the same abstract
31. Digital Signature via Hash
• Bob takes message m and applies the hashing function, obtaining H(m).
• He then applies his private key to it: dB(H(m)).
• Bob sends the pair (m,dB(H(m))) to Alice.
• Alice uses Bob’s public key and applies it to the second half of the pair,
eB(dB(H(m))), and applies the hashing function to the first half of the
message, obtaining H(m). She then checks to see if the result of the two
computations are identical, i.e. that eB(dB(H(m))) = H(m).
33. Secure email
• Use public/private key
• Excellent but infeasible with long messages
• Use symmetric session keys
34.
35. Sending message
Alice
1. selects a random symmetric session key, KS,
2. encrypts her message, m, with the symmetric key,
3. encrypts the symmetric key with Bob’s public key, KB+,
4. concatenates the encrypted message and the encrypted symmetric key to
form a “package,” and
5. sends the package to Bob’s e-mail address
36. Receiving message
Bob
1. uses his private key, KB –, to obtain the symmetric key, KS, and
2. uses the symmetric key KS to decrypt the message m