Hierarchy of management that covers different levels of management
Â
Cryptography introduction
1. Course name :Crytography
Course Code :18UCAE64
PART III :Elective
Credits :04
Programme :Computer Applications
Course Instructor :R.Vasuki,M.C.A.,M.Phil,NET,
Assistant Professor,
Dept of Computer Science
1.1
2. UNIT I
ďŽ Introduction-Security Goals-Cryptographic Attacks-
Services and Mechanism-Techniques-Traditional
Symmetric-Key ciphers: Introduction-Substitution
ciphers-Transposition ciphers-Stream and Block
cipher.
1.2
6. 1.1.1 Confidentiality
â˘Confidentiality is probably the most common aspect of
information security.
⢠need to protect our confidential information.
â˘An organization needs to guard against those malicious
actions that endanger the confidentiality of its
information.
â˘Example:
In Military -Need to concealment of sensitive information
is the major concern
In Industry - Need to Hiding information from the
competitors
In Banking - Customers accounts need to be kept secret
7. 1.7
⢠It not only applies to storage of the
information , it also applies to the
transmission of Information in remote
computers
8. 1.1.2 Integrity
â˘Information needs to be changed constantly.
â˘Integrity means that changes need to be done only by
authorized entities and through authorized mechanisms.
⢠Integrity violation is not necessarily the result of a
malicious act, it may be accrue based on the system
interruption such as a power surge.
⢠Example:In Bank when a Customer deposit, With-draws
money and balance need to be changed time by time.
9. 1.1.3 Availability
â˘The information created and stored by an organization
needs to be available to authorized entities.
â˘Information needs to be constantly changed, which means
it must be accessible to authorized entities.
⢠Unavailability of information in a right time is harmful
for an organization, it leads lack of Confidentiality or
Integrity.
11. Cryptographic attacks
1.Cryptanalytic Attacks
â˘These attacks are a combination of statistical and
algebraic techniques aimed at ascertaining the secret
key of a cipher.
â˘These methods inspect the mathematical properties of
the cryptographic algorithms from uniform
distributions.
12. Cryptographic attacks
2.Non-Cryptanalytic Attacks
These are the attacks which do not exploits the
mathematical weakness of the cryptographic algorithm.
However, the three goals of security, namely
confidentiality, integrity, and availability are still
threatened.
13. 1-2 ATTACKS
The three goals of securityďžconfidentiality, integrity,
and availabilityďžcan be threatened by security
attacks.
1.2.1 Attacks Threatening Confidentiality
1.2.2 Attacks Threatening Integrity
1.2.3 Attacks Threatening Availability
1.2.4 Passive versus Active Attacks
Topics discussed in this section:
14. Figure 1.2 Taxonomy of attacks with relation to security goals
1.2 Continued
15. 1.2.1 Attacks Threatening Confidentiality
Snooping refers to unauthorized access to or interception
of data.
Example:
ď A file transferred through the internet may contain
confidential information.
ď An unauthorized entity(person) may intercept the
transmission and use the contents for his own
benefits.
Traffic analysis refers to obtaining some other type of
information by monitoring online traffic.
16. 1.2.1 Attacks Threatening Confidentiality
Traffic analysis refers to obtaining some other type of
information by monitoring online traffic.
Example:
ď A person can find the electronic address(Such as the
email address) of the sender or receiver
ď He can collect pairs of requests and responses to
help his guess the nature of transaction
17. 1.2.2 Attacks Threatening Integrity
Modification means that the attacker intercepts the
message and changes it.
Masquerading or spoofing happens when the attacker
impersonates somebody else.
Replaying means the attacker obtains a copy
of a message sent by a user and later tries to replay it.
Repudiation means that sender of the message might later
deny that she has sent the message; the receiver of the
message might later deny that he has received the message.
18. 1.2.3 Attacks Threatening Availability
Denial of service (DoS) is a very common attack. It may
slow down or totally interrupt the service of a system.
19. 1.2.4 Passive Versus Active Attacks
Table 1.1 Categorization of passive and active attacks
20. 1-3 SERVICES AND MECHANISMS
ITU-T provides some security services and some
mechanisms to implement those services. Security
services and mechanisms are closely related because a
mechanism or combination of mechanisms are used to
provide a service..
1.3.1 Security Services
1.3.2 Security Mechanism
1.3.3 Relation between Services and Mechanisms
Topics discussed in this section:
22. 1. Security Services
Data Confidentiality:
⢠Ensures that the information in a computer system and transmitted
information are read and accessible by authorized parties
Data Integrity:
⢠Ensures that only authorized parties are able to modify computer
system assets and transmitted information
Authentication:
⢠Ensures that the origin of a message or electronic document is
correctly identified
Non repudiation:
⢠Requires that neither the sender nor the receiver of a message be
able to deny the transmission.
Access control:
⢠Requires that access to information resources may be controlled by
or the target system.
24. 2. Security Mechanism
1. Encipherment :
⢠This security mechanism deals with hiding and covering of data
which helps data to become confidential.
⢠It is achieved by applying mathematical calculations or algorithms
which reconstruct information into not readable form.
⢠It is achieved by two famous techniques named Cryptography and
Encipherment.
2. Data Integrity :
⢠The data integrity mechanism appends a short check value to the
data which is created by a specific process from the data itself.
⢠The receiver receives the data and the check value. The receiver
then creates a new check value from the received data and
compares the newly created check value with the one received.
⢠If the two check values match, the integrity of data is being
preserved.
25. 2. Security Mechanism
3. Digital Signature :
⢠This security mechanism is achieved by adding digital data that is
not visible to eyes.
⢠It is form of electronic signature which is added by sender which
is checked by receiver electronically.
⢠This mechanism is used to preserve data which is not more
confidential but senderâs identity is to be notified.
4. Authentication exchange :
⢠In this two entities exchange some messages to prove their identity
to each other.
5. Traffic Padding:
⢠Traffic padding means inserting some bogus(false) data into the
data traffic to frustrate the adversaryâs attempt to use the traffic analysis.
6. Routing Control:
⢠Routing control means selecting and continuously changing
different available routes between sender and receiver to prevent
the opponent from eavesdropping on a particular route.
26. 2. Security Mechanism
7. Notarization:
⢠Notarization means selecting a third trusted party to control the
communication between two entities.
⢠The receiver can involve a trusted third party to store the sender
request in order to prevent the sender from later denying that she
has made a request.
8. Access Control:
⢠Access control used methods to prove that a user has access right
to the data or resources owned by a system.
⢠Examples of proofs are passwords and PINs.
27. 1.3.3 Relation between Services and Mechanisms
Table 1.2 Relation between security services and mechanisms
28. 1-4 TECHNIQUES
Mechanisms discussed in the previous sections are
only theoretical recipes to implement security. The
actual implementation of security goals needs some
techniques. Two techniques are prevalent today:
cryptography and steganography.
1.4.1 Cryptography
1.4.2 Steganography
Topics discussed in this section:
29. 1.4.1 Cryptography
Cryptography, a word with Greek origins, means âsecret
writing.â However, we use the term to refer to the science
and art of transforming messages to make them secure and
immune to attacks.
30. 1.4.2 Steganography
The word steganography, with origin in Greek, means
âcovered writing,â in contrast with cryptography, which
means âsecret writing.â
Example: covering data with text
32. 1.32
Some Important technical Terms
Plain text: The original intelligible(understandable) message
Cipher text : The transformed unintelligible message
Cipher: An algorithm for transforming an intelligible message into
one that is unintelligible by transposition and/or
substitution methods
Key : Some critical information used by the cipher, known only to
the sender & receiver
Encipher (encode): The process of converting plaintext to cipher
text using a cipher and a key
Decipher (decode): the process of converting cipher text back into
plaintext using a cipher and a key
33. Cryptography: The principles and methods of transforming an
intelligible message into one that is unintelligible, and
then retransforming that message back to its original
form
Cryptanalysis: The study of principles and methods of transforming
an unintelligible message back into an intelligible
message without knowledge of the key. It is also called
code breaking
Cryptology : Both cryptography and cryptanalysis
34. 3.34
Copyright Š The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 3
Traditional Symmetric-Key Ciphers
35. ďś To define the terms and the concepts of symmetric
key ciphers
ďś To emphasize the two categories of traditional
ciphers: substitution and transposition ciphers
ďś To describe the categories of cryptanalysis used to
break the symmetric ciphers
ďś To introduce the concepts of the stream ciphers and
block ciphers
ďś To discuss some very dominant ciphers used in the
past, such as the Enigma machine
Objectives
37. 3.1 INTRODUCTION
General idea behind a symmetric-key cipher.
⢠The original message from Alice to Bob is called plaintext
⢠The message that is sent through the channel is called the
ciphertext.
⢠To create the ciphertext from the plaintext, Alice uses an
encryption algorithm and a shared secret key.
⢠To create the plaintext from ciphertext, Bob uses a
decryption algorithm and the same secret key.
43. 3.1.2 Cryptanalysis
ď§ As cryptography is the science and art of creating secret
codes
ď§ cryptanalysis is the science and art of breaking those codes.
ď§ The study of cryptanalysis help us create better secret codes
Four types of Cryptanalysis attacks
44. 1. Cipher text-Only Attack
ď§ In this attack on the encryption, attacker/cryptanalyst can only observe the
cipher text
ď§ He has no idea what the plaintext data or the secret key may be.
ď§ The goal is to recover as much plaintext messages as possible or
(preferably) to guess the secret key.
45. 2.Known-Plaintext Attack
⢠In this attack, the attacker/cryptanalysts know the plaintext that generates
the cipher text. They can't select the plaintext, but they can observe
plaintext-cipher text pairs.
⢠The goal is to guess the secret key (or a number of secret keys) or to
develop an algorithm which would allow him to decrypt any further
messages
46. 3. Chosen-Plaintext Attack
â˘In this attack, the attacker/cryptanalyst can select or choose the
plaintext that is sent through the encryption algorithm and observe the
ciphertext that it generates.
â˘This is an active model where the attacker actually gets to chose the
plaintext and do the encryption.
47. 4. Chosen-Cipher text Attack
⢠In this attack, the attacker can both encrypt and decrypt.
⢠This means that they can select plaintext, encrypt it, observe the
cipher text and then reverse the entire process.
49. Traditional Symmetric-Key Ciphers
ď§ Symmetric Key Exchange
ď§ Face to face.
ď§ Trusted third party
ď§ Envelope it using asymmetric ciphers
ď§ How many keys do you need for a group ofm
persons?
Number of keys = (m(m-1))/2
50. Categories of Traditional Symmetric- Key Ciphers
ď§Traditional symmetric-key ciphers can be
classified into two categories:
1. Substitution Ciphers (3-2)
ďą Monoalphabetic Ciphers
ďą Polyalphabetic Ciphers
2. Transposition Ciphers (3-3)
ďą Keyless Transposition Ciphers
ďą Keyed Transposition Ciphers
ďą Combining two approaches
51. 3-2 Substitution Ciphers
A substitution cipher replaces one symbol with another. Substitution
ciphers can be categorized as either monoalphabetic ciphers or
polyalphabetic ciphers.
Topicsdiscussed in thissection:
1.
2.
Monoalphabetic Ciphres
Polyalphabetic Ciphers
A substitution cipher replaces one symbol
with another.
Note
52. 3.2.1 Monoalphabetic Ciphers
In monoalphabetic substitution, the relationship between a
symbol in the plaintext to a symbol in the ciphertext is always
one-to-one.
⢠For example
Letter A in the plain text is changed to letter D, every
Letter A is changed to letter D
53. The following shows a plaintext and its corresponding ciphertext.
The cipher is probably monoalphabetic because both lâs (els) are
encrypted as Oâs.
Example 3.1
3.
The following shows a plaintext and its corresponding ciphertext.
The cipher is not monoalphabetic because each l (el) is encrypted
by a different character.
Example 3.2
ABNZF
3.2.1 Monoalphabetic Ciphers
55. ⢠The simplest mono alphabetic cipher is the additive cipher.
⢠This cipher is sometimes called a shift cipher and sometimes a
Caesar cipher. But the term additive cipher better reveals its
mathematical nature.
⢠The key space of Additive cipher is 26
Additive Cipher
Figure 3.8 Plaintext and ciphertext in Z26
56. Additive cipher
When the cipher is additive, the plaintext,
ciphertext, and key are integers in Z26.
Note
57. Use the additive cipher with key = 15 to encrypt the message âhelloâ.
Example 3.3
We apply the encryption algorithm to the plaintext, character by
character:
Solution
58. 3.58
Use the additive cipher with key = 15 to decrypt the message
âWTAADâ.
Example 3.4
We apply the decryption algorithm to the plaintext character by
character:
Solution
59. Historically, additive ciphers are called shift ciphers. Julius Caesar
used an additive cipher to communicate with his officers. For this
reason, additive ciphers are sometimes referred to as the Caesar
cipher. Caesar used a key of 3 for his communications.
Shift Cipher and Caesar Cipher
Additive ciphers are sometimes referred to as
shift ciphers or Caesar cipher.
60. Eve has intercepted the ciphertext âUVACLYFZLJBYLâ. Show how
she can use a brute-force attack to break the cipher.
Example 3.5
Eve tries keys from 1 to 7. With a key of 7, the plaintext is ânot very
secureâ, which makes sense.
Solution
61. Frequency of characters in English
ď This is especially true if the adversary has a long
ď Additive cipher are also subject to statistical attacks
cipher text
ď Here adversary can use the frequency of occurrence of
character for a particular language
63. Eve has intercepted the following ciphertext. Using a statistical
attack, find the plaintext.
Example 3.6
When Eve tabulates the frequency of letters in this ciphertext, she
gets: I =14, V =13, S =12, and so on. The most common character is
I with 14 occurrences. This means key = 4.
Solution
Cryptanalysis
64. Multiplicative Ciphers
ď The multiplicative cipher is similar to additive cipher except the
fact that the key bit is multiplied to the plain-text symbol during
encryption.
ď Likewise, the cipher-text is multiplied by the multiplicative inverse
of key for decryption to obtain back the plain-text.
C = (P x k) mod 26
P = (C x k-1) mod 26
Where, k-1 -> multiplicative inverse of k (key)
The key space of multiplicative cipher is 12. Thus, it is also not very
secure.
65. In a multiplicative cipher, the plaintext and
ciphertext are integers in Z26; the key is an
integer in Z26*.
Note
66. What is the key domain for any multiplicative cipher?
Example 3.7
The key needs to be in Z26*. This set has only 12 members: 1, 3, 5, 7,
9, 11, 15, 17, 19, 21, 23, 25.
Solution
We use a multiplicative cipher to encrypt the message âhelloâ with a
key of 7. The ciphertext is âXCZZUâ.
Example 3.8
67. Affine Cipher
ď The affine cipher is a combination of additive cipher and
multiplicative cipher.
ďThe key space is 26 * 12 (key space of additive * key space
of multiplicative) i.e. 312.
ď It is relatively secure than the above two as the key space is
larger.
68. The affine cipher uses a pair of keys in which the first key is from
Z26* and the second is from Z26. The size of the key domain is
26 Ă 12 = 312.
Example 3.09
Use an affine cipher to encrypt the message âhelloâ with the key pair
(7, 2).
Example 3.10
69. Use the affine cipher to decrypt the message âZEBBWâ with the key
pair (7, 2) in modulus 26.
Example 3.11
Solution
70. Additive, multiplicative, and affine ciphers have small key domains,
they are very vulnerable to brute-force attack.
A better solution is to create a mapping between each plaintext
character and the corresponding ciphertext character. Alice and Bob
can agree on a table showing the mapping for each character.
Figure 3.12 An example key for monoalphabetic substitution cipher
71. We can use the key in Figure 3.12 to encrypt the message
Example 3.12
The ciphertext is
72. 3.2.2 Polyalphabetic Ciphers
⢠In polyalphabetic substitution, each occurrence of a character
may have a different substitute.
⢠The relationship between a character in the plaintext to a
character in the ciphertext is one-to-many.
75. 2. Playfair Cipher
⢠It is used by the British army during World War I.
⢠The Secret key made up of 25 alphabet letters arranged in a 5x5
matrix.
⢠Pair the letters from plaintext if the same letter repeated again
means include BOGUS letter x.Ex:HELLO ď HE LX LO
77. Figure 3.13 An example of a secret key in the Playfair cipher
Let us encrypt the plaintext âhelloâ using the key in Figure 3.13.
Example 3.15
78. 3. Vigenere Cipher
⢠The vigenere cipher is an algorithm that is used to encrypting and
decrypting the text.
⢠It is an example of a polyalphabetic substitution cipher. This algorithm is
easy to understand and implement. This algorithm was first described in
1553 by Giovan Battista Bellaso.
⢠It uses a Vigenere table or Vigenere square for encryption and decryption of
the text. The vigenere table is also called the tabula recta.
⢠The Vigenère cipher is a method of encrypting alphabetic text by using a
series of interwoven Caesar ciphers, based on the letters of a keyword.
79. 1.79
We can encrypt the message âShe is listeningâ using the 6-character
keyword âPASCALâ.
Example 3.16
80. Vigenere cipher can be seen as combinations of m additive ciphers.
Example 3.17
Figure 3.14 A Vigenere cipher as a combination of m additive
ciphers
81. Using Example 3.18, we can say that the additive cipher is a special
case of Vigenere cipher in which m = 1.
Example 3.18
Table 3.3
A Vigenere Tableau
82. 4. Hill Cipher
⢠The Hill cipher was first described by Lester S.Hill in 1929.
⢠hill cipher is a polygraphic substitution cipher based on Linear Algebra
⢠To encrypt a message, each block of n letters (considered as an n- component
vector) is multiplied by an invertible n Ă n matrix, against modulus 26
⢠The Hill cipher works by viewing a group of letters as a vector, and
encryption is done by matrix multiplication.
⢠In hill cipher algorithm every letter (A-Z) is represented by a number moduli
26. Usually, the simple substitution scheme is used where A = 0, B = 1, C =
2âŚZ = 25 in order to use 2x2 key matrix.
83. The key matrix in the Hill cipher needs to
have a multiplicative inverse.
86. For example, the plaintext âcode is readyâ can make a 3 Ă 4 matrix
when adding extra bogus character âzâ to the last block and removing
the spaces. The ciphertext is âOHKNIHGKLISSâ.
Example 3.20
3 X 4 4X 4 3 X 4
3 X 4 4X 4 3 X 4
code is readyz OHKNIHGKLISS
OHKNIHGKLISS code is readyz
87. Assume that Eve knows that m = 3. She has intercepted
three plaintext/ciphertext pair blocks (not necessarily from
the same message) as shown in Figure 3.17.
Example 3.21
Figure 3.17 Example 3.21
1 X 3 1 X 3
3 X 3
K Matrix
88. ⢠One of the goals of cryptography is perfect secrecy.
⢠A study by Shannon has shown that perfect secrecy can be
achieved if each plaintext symbol is encrypted with a key
randomly chosen from a key domain.
⢠This idea is used in a cipher called one-time pad, invented by
Vernam.
5. One-Time Pad
89. 6. Rotor Cipher
Figure 3.19 A rotor cipher
In cryptography, a rotor machine is an electro-
mechanical stream cipher device used for encrypting and
decrypting messages. Rotor machines were the cryptographic
state-of-the-art for a prominent period of history; they were in
widespread use in the 1920sâ1970s.
90. ⢠The Enigma machine is a cipher device developed and used in the early- to
mid-20th century to protect commercial, diplomatic, and military
communication.
⢠It was employed extensively by Nazi Germany during World War II, in all
branches of the German military. The Germans believed, erroneously, that
use of the Enigma machine enabled them to communicate securely and thus
enjoy a huge advantage in World War II
⢠Principle based on Rotor Cipher
A schematic of the Enigma machine
Enigma machine
91. 3-3 Transposition Ciphers
A transposition cipher does not substitute one
symbol for another, instead it changes the location
of the symbols.
Note
Topics discussed in this section:
1.
2.
3.
Keyless Transposition Ciphers
Keyed Transposition Ciphers
Combining Two Approaches
A transposition cipher reorders symbols.
92. ⢠Simple transposition ciphers, which were used in the
past, are keyless
⢠There are two methods for permutation of characters
Method 1
The text written into a table column by column and then transmitted
row by row
Method 2
The text written into a table column by column and then transmitted
row by row
Keyless Transposition Ciphers
93. A good example of a keyless cipher using the first method is the rail
fence cipher. The ciphertext is created reading the pattern row by
row. For example, to send the message âMeet me at the parkâ to
Bob, Alice writes
Example 3.22
She then creates the ciphertext âMEMATEAKETETHPRâ.
m e m a t e a k
e t e t h p r
or
Method 1
94. Alice and Bob can agree on the number of columns and use the
second method. Alice writes the same plaintext, row by row, in a
table of four columns.
Example 3.23
She then creates the ciphertext âMMTAEEHREAEKTTPâ.
Method :2
95. 2. Keyed Transposition Ciphers
⢠The keyless ciphers permute the characters by using writing
plaintext in one way(for example Row by row) and reading it
in another way(for example column by column)
Method 1
The permutation is done on the whole plaintext to create the whole
ciphertext.
Method 2
Another method is to divide the plaintext into groups of
predetermined size, called blocks, and then use a key to permute
the characters in each block separately.
96. Alice needs to send the message âEnemy attacks tonightâ to Bob.
Example 3.25
The key used for encryption and decryption is a permutation key,
which shows how the character are permuted.
The permutation yields
Char
Char
Char
Char
97. 3. Combining Two Approaches
⢠More recent transposition ciphers combine the two
approaches to achieve better scrambling.
⢠Here Encryptions is done in the following three steps
1. The text written in to a table row by row (Keyless)
2. The permutation is done by reordering the columns
(Method 1 in Keyed Transposition Ciphers)
3. The new table is read column by column (Keyless)
⢠Decryption is done by the reverse of its above
99. We can use matrices to show the encryption/decryption process for a
transposition cipher.
Representation of the key as a matrix in the transposition cipher
Example 3.27
Transposition cipher using Matrices
4 x 5 4 x 5
5 x 5
101. 3-4 STREAM AND BLOCK CIPHERS
⢠Modern symmetric ciphers divided into two broad categories:
102. 3.4.1 Stream Ciphers
⢠Stream Cipher Converts the plain text into cipher text by
taking 1 byte(8 bits) of plain text at a time.
⢠It is more complex.
⢠Here reverse encrypted text is easy.
⢠It works on substitution techniques like Caesar cipher
polygram substitution cipher, etc.
⢠It is fast in comparison to block cipher.
⢠Stream cipher is to make cryptanalysis more difficult
103.
104. ⢠It is also safe against brute force attacks.
Encryption :
ď Plain Text and Keystream produces Cipher Text (Same
keystream will be used for decryption.).
ďThe Plaintext will undergo XOR operation with keystream
bit-by-bit and produces the Cipher Text.
Example :
Plain Text : 1 0 0 1 1 0 0 1
Keystream : 1 1 0 0 0 0 1 1
Cipher Text :0 1 0 1 1 0 1 0
105. Decryption : (Reverse process of Encryption)
ď Cipher Text and Keystream gives the original Plain Text
(Same keystream will be used for encryption.).
ďThe Ciphertext will undergo XOR operation with keystream
bit-by-bit and produces the actual Plain Text.
Example :
Plain Text : 1 0 0 1 1 0 0 1
Keystream : 1 1 0 0 0 0 1 1
Cipher Text :0 1 0 1 1 0 1 0
106. Call the plaintext stream P, the ciphertext stream C, and
the key stream K.
Figure 3.26 Stream cipher
107. ⢠The algorithm modes which are used in stream cipher are:
1. CFB (Cipher Feedback)
2. OFB (Output Feedback).
108. 3.4.2 Block Ciphers
⢠Block Cipher Converts the plain text into cipher text by taking
plain textâs block at a time.
⢠It uses either 64 bits or more than 64 bits.
⢠It is simple to compare stream cipher.
⢠Here reverse encrypted text is hard.
⢠It works on transposition techniques like rail-fence technique,
columnar transposition technique, etc.
⢠It is slow as compared to stream cipher.
⢠The algorithm modes which are used in block cipher are:
1. ECB (Electronic Code Book)
2. CBC (Cipher Block Chaining).
109. 1.ECB (Electronic Code Book) - Basic form of block cipher
2. CBC (Cipher Block Chaining) - Advanced form of block cipher