Cryptography: The study of mathematical techniques related to aspects of providing information security services (to construct). Cryptanalysis: The study of mathematical techniques for attempting to defeat information security services (to break). Cryptology: The study of cryptography and cryptanalysis (both).

1. Data Protection Techniques andData Protection Techniques and
CryptographyCryptography
ÇankayaÇankaya UniversityUniversity
Talha SAVAŞTalha SAVAŞ
b20500686@hacettepe.edu.trb20500686@hacettepe.edu.tr

2. Outline of theOutline of the
PresentationPresentation
Basic Terminology in Cryptography
Basic Security Goals
Encryption & Decryption
Basic Ciphers
Block Ciphers
Encryption Modes
Secret Sharing (Threshold)
IPSEC
SSL/TLS
Malicious Software
References

3. Basic Terminology in Cryptography

4. Cryptography:
The study of mathematical techniques related to aspects
of providing information security services (to construct).
Cryptanalysis:
The study of mathematical techniques for attempting to
defeat information security services (to break).
Cryptology:
The study of cryptography and cryptanalysis (both).
Basic Terminology in Cryptography

5. Computer Security:
Ensure security of data kept on the computer.
Network Security:
Ensure security of communication over insecure medium.
Approaches to Secure Communication:
Steganography:
Hides the existence of a message.
Cryptography:
Hide the meaning of a message.
Information Security = CS + NS
Basic Terminology in Cryptography

6. Information Security

7. Basic Security Goals

8. Privacy (secrecy, confidentiality):
Only the intended recipient can see the communication.
Authenticity (integrity):
The communication is generated by the alleged sender.
Authorization:
Limit the resources that a user can access.
Availability:
Make the services available 99.999…% of time.
Non-repudiation:
No party can refuse the validity of its actions.
Auditing:
Take a log of everything done in the system.
Basic Security Goals

9. Encryption & Decryption

10. Encryption (encipherment):
The process of transforming information (plaintext) using
an algorithm (cipher) to make it unreadable to anyone
except those possessing special knowledge.
Decryption (decipherment):
The process of making the encrypted information
readable again.
Key:
The special knowledge shared between communicating
parties.
Plaintext:
The data to be concealed.
Ciphertext:
The result of encryption on the plaintext.
Encryption & DecryptionEncryption & Decryption

11. Encryption & Decryption

12. Basic Ciphers

13. Shift Cipher:
A substitution cipher
The Key Space: [1 .. 25]
Encryption given a key K:
Each letter in the plaintext P is replaced with the K’th
letter following corresponding number (shift right).
Decryption given K: (shift left).
Basic CiphersBasic Ciphers

14. Shift Cipher: An Example
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
P = CRYPTOGRAPHYISFUN
K = 11
C = NCJAVZRCLASJTDQFY
C 2+11 mod 26 = 13→ → N
R 17+11 mod 26 = 2→ → C
…
N 13+11 mod 26 = 24→ →Y

15. General Mono - alphabetical Substitution Cipher:
The key space: all permutations of Σ = {A, B, C, …, Z}
Encryption given a key :̟
Each letter X in the plaintext P is replaced with π(X).
Decryption given a key :̟
Each letter Y in the ciphertext P is replaced with π-1(Y).̟
Example:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
π=B A D C Z H W Y G O Q X S V T R N M S K J I P F E U
BECAUSE→AZDBJSZ
Cryptanalysis: The key space size is 26!
Basic CiphersBasic Ciphers

16. Frequency Analysis:
Frequency Features of English:
Vowels, which constitute 40 % of plaintext, are often
separated by consonants.
Letter A is often found in the beginning of a word or
second from last.
Letter I is often third from the end of a word.
Letter Q is followed only by U.
Some words are more frequent, such as:
the, and, at, is, on, in.
Basic CiphersBasic Ciphers

17. Frequency Analysis

18. Summary:
• Shift ciphers are easy to break using brute force
attacks,they have small key space.
• Substitution ciphers preserve language features and are
vulnerable to frequency analysis attacks.
Basic CiphersBasic Ciphers

19. The Vigenère Cipher:
Definition:
Given m, a positive integer, P = C = (Z26)n, and
K = (k1, k2, …, km) a key, we define:
Encryption:
ek(p1, p2… pm) = (p1+k1, p2+k2…pm+km) (mod 26)
Decryption:
dk(c1, c2… cm) = (c1-k1, c2-k2 … cm-km) (mod 26)
Example:
Plaintext: C R Y P T O G R A P H Y
Key: L U C K L U C K L U C K
Ciphertext: N L A Z E I I B L J J I
Basic CiphersBasic Ciphers

20. Vigenere Cipher: Cryptanalysis
Find the length of the key.
• Divide the message into that many shift cipher encryptions.
• Use frequency analysis to solve the resulting shift ciphers.
Vigenere cipher is vulnerable: once the key length is found, a
cryptanalyst can apply frequency analysis.
How to Find the Key Length?
• For Vigenere, as the length of the keyword increases, the letter
frequency shows less English-like characteristics and becomes
more random.
• One method to find the key length:
Kasisky test.
Basic CiphersBasic Ciphers

21. Kasisky Test:
Note:
Two identical segments of plaintext, will be encrypted to
the same ciphertext, if the they occur in the text at the
distance Δ, (Δ≡0 (mod m), m is the key length).
Algorithm:
Search for pairs of identical segments of length at least 3
Record distances between the two segments: Δ1, Δ2, …
m divides gcd(Δ1, Δ2, …)
PT: T H E S U N A N D T H E M A N I N T H E M O O N
Key: K I N G K I N G K I N G K I N G K I N G K I N G
CT: D P R Y E V N T N B U K W I A O X B U K W W B T
Basic CiphersBasic Ciphers

22. Block Ciphers

23. Block size: In general larger block sizes mean greater
security.
Key size: Larger key size means greater security
(larger key space).
Number of rounds: Multiple rounds offer increasing
security.
Encryption modes: Define how messages larger than
the block size are encrypted, very important for the
security of the encrypted message.
Block CiphersBlock Ciphers

24. Feistel Network:
A Feistel Network is fully specified given
The block size: n = 2w
number of rounds: d
d round functions f1, f2…, fd: {0,1}w {0,1}w→
Each f function is a SP cipher.
Used in DES, IDEA, RC5, and many other block ciphers.
Block CiphersBlock Ciphers

25. Encryption:
L1=R0, R1=L0 ⊕ f1(R0)
L2=R1, R2=L1 ⊕ f2(R1)
...
Ld=Rd-1, Rd=Ld-1⊕ fd(Rd-1)
Decryption:
Rd-1=Ld, Ld-1=Rd ⊕ fd(Ld)
…
R0=L1, L0=R1 ⊕ f1(L1)
Feistel Network

26. Data Encryption Standard (DES):
Features:
Block size = 64 bits
Key size = 56 bits
Number of rounds = 16
16 intermediary keys, each 48 bits
Block CiphersBlock Ciphers

27. DES Structure

28. Details of DES Rounds:
An initial permutation is applied
on the plaintext.
IP(x) = L0 R0
In each round:
Li = Ri-1
Ri = Li-1 f(Ri-1, Ki)⊕
Block CiphersBlock Ciphers

29. Details of DES Rounds:
After the last round
y = IP-1(R16L16)
Block CiphersBlock Ciphers

30. DES f Function:
Block CiphersBlock Ciphers

31. DES S-boxes:
Block CiphersBlock Ciphers
• S-boxes are the only non-linear elements in DES design.
• Each S-box is a 4x16 matrix, values from 0 to 15
B = b1 b2 b3 b4 b5 b6
b1b6 = row
b2b3b4b5 = column
C = 4-bit the result

32. Ex. B = 011011
Row= 01 Column=1101 C = 1001

33. Encryption Modes

34. Electronic Code Book (ECB):
Encryption ModesEncryption Modes
• Message is broken into independent blocks of block_size
bits;
•(ECB): Each block encrypted separately.
• Encryption: ci = Ek(xi)
• Decryption: xi = Dk(ci)

35. Cipher Block Chaining (CBC):
Encryption ModesEncryption Modes
(CBC): Next input depends upon previous output.
• Encryption: Ci = Ek (Mi Ci-1), with C0=IV⊕
• Decryption: Mi= Ci-1 Dk(Ci), with C0=IV⊕

36. Output Feedback Mode (OFB):
Encryption ModesEncryption Modes
• (OFB): Construct a pseudorandom number generator
(PRNG) to obtain a one time pad and XOR the message
with the pad.
• y0=IV yi = Ek[yi-1]

37. Cipher Feedback Mode (CFB):
Encryption ModesEncryption Modes
• (CFB): the message is XORed with the feedback of
encrypting the previous block.

38. Counter Mode (CTR):
Encryption ModesEncryption Modes
• Counter Mode (CTR): Another way to construct PRNG
using DES.
yi= Ek[counter+i]
ci= yi xi⊕
• Sender and receiver share a counter value (does not
need to be secret) and the secret key.
Block Ciphers vs. Stream Ciphers:
• A block cipher operates on blocks of fixed length.
•A stream cipher is a symmetric key cipher where plaintext
bits are combined with a pseudorandom cipher bit stream
(keystream), typically by an exclusive-or (xor) operation.

39. Secret Sharing (Threshold)

40. Counter Mode (CTR):
Secret Sharing (Threshold)Secret Sharing (Threshold)
• Counter Mode (CTR): Another way to construct PRNG
using DES.
yi= Ek[counter+i]
ci= yi xi⊕
• Sender and receiver share a counter value (does not
need to be secret) and the secret key.
Block Ciphers vs. Stream Ciphers:
• A block cipher operates on blocks of fixed length.
•A stream cipher is a symmetric key cipher where plaintext
bits are combined with a pseudorandom cipher bit stream
(keystream), typically by an exclusive-or (xor) operation.

41. Counter Mode (CTR):
• Counter Mode (CTR): Another way to construct PRNG
using DES.
yi= Ek[counter+i]
ci= yi xi⊕
• Sender and receiver share a counter value (does not
need to be secret) and the secret key.
Block Ciphers vs. Stream Ciphers:
• A block cipher operates on blocks of fixed length.
•A stream cipher is a symmetric key cipher where plaintext
bits are combined with a pseudorandom cipher bit stream
(keystream), typically by an exclusive-or (xor) operation.
Secret Sharing (Threshold)Secret Sharing (Threshold)

42. IPSEC

43. SSL/TLS

44. Malicious Software

45. References
Cristina Nita-Rotaru Associate Professor
Department of Computer Science Purdue University
Internet
Wikipedia
Cryptography Decrypted by H.X. Mel, D. M. Baker