A basic idea about cryptography and how it is done.

1. Cryptography
A Tutorial on Cryptography
By: Er. Chetan Goyal
Contact for more tutorials on other topics of ethical
hacking
chetangoyal36@Hotmail.com
chetangoyal36@gmail.com
Or visit
www.windowwares.blogspot.com

2. Cryptography
• This module includes
 Related terms
 Symmetric key cryptography
 Asymmetric Key cryptography
 PKI and Digital signatures
 Demonstration: how SSL works..
2

3. Cipher
• Cipher is the actual algorithm.
• We can use cipher and algorithm
interchangeably.
3

4. More definitions
• Cryptosystem
• Encompasses all of the necessary components
of encryption and decryption
» Softwares
» Protocols
» Algorithms
• Plain text – readable data
• Cipher text – encrypted data
4

5. Caesar Cipher
• Julius Caesar, 49 BC
– Securely communicate with friends
• Simple Substitution cipher
– Shift alphabet 3 characters.
5

6. Caesar Cipher Example
• Substitution
6
Plaintext: ET TU BRUTE
Shift Algorithm
3 characters
Cipher text: HW WX EUXWH

7. Symmetric Encryption
• Single key
– - Shared secret
• Examples
Data Encryption Standard (DES)
– - Block Cipher, 56 bit key
– - Triple DES 112 bit key
Advanced Encryption Standard (AES)
- Rijndael Algorithm
• Belgian cryptographers, Joan Daemen and
Vincent Rijmen.
- 128, 192, 256 bit keys
7

8. Symmetric Key Encryption
• Symmetric key encryption is based on
substitution and transposition
• Each algorithm consist many substitution
and transposition “rounds”
• Symmetric key encryption is mostly used
for bulk or mass encryption.
8

9. Key and Algorithm Relationship
• Algorithm consist many static equations
(functions) or rounds these rounds are
basically mathematical formulas –
substitution and transposition.
• Key will decide which function/s or block/s,
their order, values should be used to encrypt
or decrypt data.
9

10. Key Size
• Does key size really matter ?
• Why and how
• Key space – total number of bits available
for key generation
• So for 64 bits we have 2 power 64.
• For 128 bits we have 2 power 128
• So the larger the key space, the more
values an attacker has to bruteforce.
10

11. Types of Symmetric Cipher
• Block Cipher – text is divided into blocks,
and each block is encrypted individually
• Eg: AES, DES, 3DES etc.
• Stream cipher – stream is used instead of
blocks, synchronization of encryption and
decryption ends is needed
• Eg: RC4, RC5
11

12. Symmetric Encryption Example
12
Dear Bob:
How about coming
over to my place
at 1:30?
Love, Alice
Dear Bob:
How about coming
over to my place
at 1:30?
Love, Alice
Alice Bob
decryptencrypt
011100111001001
110011100111001
001110000111111
ciphertext

13. Symmetric cipher downfalls
• Key management
• Does not provide non repudiation and digital
signature facilities
13

14. Asymmetric Key Cryptography
• Two mathematically related keys
– Unable to derive one from the other
– Encrypt with one – decrypt with other
• Public Key Cryptography
– One (public) key published for all to see
– Other (private) key kept secret
• Algorithms
– RSA - Integer Factorization (large primes)
– Diffie-Hellman - Discrete Logarithms
– ECES - Elliptic Curve Discrete Logarithm
14

15. Asymmetric Encryption Example
15
Dear Carol:
I think Alice is
having an affair
with Bob. I
need to see you
right always.
Love, Ted
Dear Carol:
I think Alice is
having an affair
with Bob. I
need to see you
right always.
Love, Ted
Mohan Jagmohan
encrypt decrypt
Jagmohan's
Private KeyJagmohan's
Public Key
011100111001001
110011100111001
001110000111111
ciphertext

16. Asymmetric Advantages
• No shared secret key
• Public key is public
– Can be freely distributed or published
– Key management is much easier
• Private key known ONLY to owner
– Less vulnerable, easier to keep secret
• Supports Non-repudiation
– Sender can not deny sending message
16

17. Asymmetric Disadvantage
• 1000 times slower than Symmetric
encryption so can’t use for bulk encryption.
17

18. Non-repudiation
• Since only the sender knows their private
key, only the sender could have sent the
message.
• Authentication mechanism
• Basis for Digital Signature
18

19. Hash Function
• Hash Function are like CRC functions but
are more then CRC (mathematically)
• Hash provide integrity check
• Hash functions generate finger prints for a
given data, a little change to data will result
completely different fingerprint. (non
guessable)
• When hash function generate same
fingerprint for different data, known as
collision or birthday attack
• Hash functions are one way functions
19

20. Examples of Hash Functions
• MD5
• SHA - 1
• SHA - 256
20

21. Digital Signature
• Combines one-way secure hash functions
with public key cryptography
– Hash function generates fixed length value
– No two documents produce the same hash
value
– Secure Hash Algorithm 1 (SHA-1)
• Characteristics
– Data Integrity - hash value
– Non-repudiation – encrypted with private
key
– Does NOT provide confidentiality
21

22. Digital Signature Creation
22
Dear Mr. Ted:
We have asked the
Court to issue a
restraining order
against you to stay
away from Carol.
Sincerely,
Sue Yew
Dewey, Cheatam & Howe,
Law Firm
Dear Mr. Ted:
We have asked the
Court to issue a
restraining order
against you to stay
away from Carol.
Sincerely,
Sue Yew
Dewey, Cheatam & Howe,
Law Firm
encrypt
Sue's
Private Key
Hash
Function
Sue
0F47CEFF
AE0317DB
AA567C29
Hash
Value
0101011110000110101
1011110101111010111
Digital
Signature

23. Digital Signature Validation
23
Dear Mr. Ted:
We have asked the
Court to issue a
restraining order
against you to stay
away from Carol.
Sincerely,
Sue Yew
Dewey, Cheatam & Howe,
Law Firm
0101011110000110101
1011110101111010111
Sue's
Public Key
decrypt
0F47CEFF
AE0317DB
AA567C29
0F47CEFF
AE0317DB
AA567C29
Signature is valid
if the two hashes
match

24. Source of Public Key
• Can be on a server (common server)
• With PGP - embedded into mail
24

25. But
• How do you know for sure who is the
owner of a public key?
25

26. Public Key Infrastructure
• Public Key Infrastructure (PKI) provides
the means to bind public keys to their
owners and helps in the distribution of
reliable public keys in large heterogeneous
networks. NIST
26

27. Public Key Certificates
• Digital Certificates
– Binds a public key to it's owner
– Issued and digitally signed by a trusted third
party
– Like an electronic photo-id
• Follows X509 V3 standard – RFC 2459
27

28. X509 V3 Basic Fields
• Owner's X.500 distinguished name (DN)
– C=US;O=GOV;O=NIH;OU=CIT;CN=Mark Silverman
• Owner's public key
• Validity period
• Issuer's X.500 distinguished name
28

29. PKI Components
• Certification Authority (CA)
• Registration Authority (RA)
• Repository
• Archive
• Users
29

30. Certification Authority (CA)
• TRUSTED third party
• Issues Certificates
– Creates and signs them
– Publishes current certificates
• Issues Certificate Revocation Lists (CRLs)
– List of invalid (revoked) certificates
– Online Certificate Status Protocol (OCSP)
• Maintains archives of status information
• May retain copy of data encryption private
key, for purposes of key recovery
– government requirement
30

31. Registration Authority (RA)
• Verify certificate contents for CA
– Identity proofing
– RA's public key known to CA
• A CA may have multiple RAs
31

32. Certificate Policy (CP)
• A high level document that describes the
security policy for issuing certificates and
maintaining certificate status information.
• Describes operation of the CA.
• Defines user's responsibilities for requesting,
using and handling certificates and keys.
32

33. Certification Practice Statements (CPS)
• A highly detailed document that describes
how a CA implements a specific CP.
• Specifies the mechanisms and procedures
that are used to achieve the security policy.
• Effectively the CA's operations manual.
33

34. Conclusion
• Enabling technology for E-Gov
– Data Confidentiality
– Data Integrity
– Non-repudiation
• Technology is complicated
– But not unmanageable
• Difficulty is in establishing trust
– 20% technology – 80% policy
34