Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Cryptography
1.
2. Cryptography derived its name from a
Greek word called “Kryptos” which
means “Hidden Secrets”.
Cryptography is the practice and study
of hiding information. It is the Art or
Science of converting a plain intelligible
data into an unintelligible data and
again retransforming that message into
its original form.
It provides Confidentiality, Integrity,
Accuracy.
3. Cryptography is required for:
• National Defence security. E.g. storing army secrets
• Individual information security. E.g. E-mails
• Securing electronic transactions. E.g. Online shopping sites, credit
cards, A.T.M.s
Fig: Various uses of cryptography
4. Encryption : It’s the process where the message (plaintext) is converted to a text
making no sense.
Decryption : It’s the process where the encrypted text is converted into the
plaintext.
Key : It’s a variable that’s applied to a plaintext to produce an encrypted text
and to an encrypted text to produce an unencrypted text through a cipher. The
length of the key determines the security of the message.
Cipher : It’s the method/ algorithm for encryption and decryption. It could be by
replacing the alphabets ( see slide 6) or changing the order of alphabets ( see slide 8). A
cipher has a key.
key
5. Cryptography was a part of human’s life for a long period of time. Before the
modern era, cryptography was concerned solely with message confidentiality
(i.e., encryption)—conversion of messages from a comprehensible form into an
incomprehensible one and back again at the other end, making it unreadable
by interceptors.
It considerably changed after the development of computers.
Now it ‘s security ranges from digital signatures to identity authentication.
Therefore history of cryptography has been divided into types:
Classic Era
Computer Era
Fig: An old ciphered text
Fig: Digital signature
6. Cryptography existed in the ancient ages. But at that period many
people were illiterate, so its requirement was minimum. Some classic
methods of cryptography are -
Substitution ciphers
Fig: Julius Caesar. He used
substitution ciphers to
communicate with his generals.
His technique is known as
Caesar Cipher.
Transposition Cipher
Fig: Rail Fence Cipher. This is a type of
Transposition cipher
7. It’s a method of cryptography where alphabets of the text is converted
into another alphabet/digit or a set of alphabets/digits, making the text
senseless. For e.g.. Hi buddy is converted to 8 9 2 4 4 20 ( transferring
each alphabet with its respective position ) Examples of it are:
Caesar Cipher Atbash
As the name suggests it
was used by Julius Caesar.
Here, each letter of the
message is converted to an
alphabet some fixed
number of position down
it. For e.g. If A is taken as
d then b will be e and so
on. Hi buddy will read Kl
eggw
This technique was used
for the Hebrew alphabets.
Here the first alphabet is
replaced by the last
alphabet and the second
alphabet is replaced by the
second last alphabet and so
on. Hi buddy will read Sr
yfwwb
8. It’s another type of substitution. Here, there isn’t any fixed variable for each alphabet
/digit. For e.g. According to Caesar cipher A is written as D but if polyalphabetic
cipher is applied then A can be written as D and then another alphabet/digit
(depending on the key.) It is claimed to be developed by Arab polymath Al Kindi, but
Leon Batista Alberati is given the credit. The most famous polyalphabetic cipher is :
Vig`enere Cipher
It was developed by Giovanni Batista Bellasso in 1533. This is a secure cipher and
wasn’t decrypted till 300 yrs. Here a table was made (shown in the pic.) of 26
rows and columns. Each row and column has all the 26 alphabets.
For encoding , a key is taken, for e.g. take HAT.
Let the plaintext be Hi Buddy. The key is
written as : hathath ( hi buddy has 7 alphabets,
therefore the key should have 7 alphabets.)
Now, through Vig'enere table we encrypt the
text. The first alphabet of the plaintext and the
key is H, so we take the alphabet in row and
column h i.e. O then we take the second
Alphabet i.e. A for key and I for plaintext, we
see the alphabet in row A & column I and so on.
The final text is: OI UBDWF.
9. In this artificial intelligence dominating era, substitution ciphers hardly
have any role. It is used nowadays for entertainment like puzzles. It has
also been used in many T.V. shows, video games and books.
Author Eoin Colfer used it in his bestselling series ‘ Artemis Fowl’, which he
termed as gnomish language. Every alphabet was substituted by an image
It was applied in Warner Brothers produced show Babylon 5.
It was even used in 2013 released video game Bio-shock: Infinite
Fig: Poster of video game
Bio-shock: Infinite
Fig: Artemis Fowl Fig: Babylon 5
10. It’s another ancient technique of encryption. Here the position alphabets of
the words are shifted in a pattern. For e.g. Hi buddy can be transformed to Ih
yddub. (The first alphbet is transposed to last one and second into second
last one and so on.) Some examples are:
Rail-Fence Cipher Route Cipher
In this technique, a no. of rows
(known as rails) are selected. The
message is then written downwards
and moved up when reached the
bottom. For e.g. Hi buddy can be
written as:
H . . u . . y
. i . . . d
. . b . . . d
Which can be encrypted as huyidbd.
Here, the message is written
in a grid form. Then its
encrypted in a certain route.
It’s decrypted in that similar
route. For e.g. if Hi Buddy is
taken in a grid of 3X3.
H i b
u d d
y x x ( x used for
empty letters) It’s encrypted
as xxyuHibdd( following the
route clockwise from bottom
and spiral inwards)
11. Transposition and substitution ciphers played a very important
role in cryptography. Apart from these two there were other forms
too. Such as :
Steganography
In this method a secret message
is concealed into another
message. For e.g. Invisible ink,
image in an image.
Cryptex
It was used in the medieval period.
It’s basically a device consisting a
closed cylinder. On the curved
surface there are 6 disks. It’s
mechanisms resembles that of a
combination lock, where the six discs
have the combination alphabets. The
message is written in a paper and
kept inside the cylinder. There is also
a vial of vinegar kept inside. If the
cylinder is forcefully broken open,
then the vinegar dissolves the paper.
Fig: Cryptex
12. Early 20th century saw a remarkable change in cryptography. This age is
often termed as the mechanical age of cryptography. In this period machines
were used for encryption and decryption.
In 1837, Charles Babbage designed the analytical engine, a machine which
was capable of calculations. After that the concept of cryptography through
machine was taken.
Many ventures for creating a cryptographic machine took place. Out
of it rotor machines were successful. Apart from rotor machines, there
were some other ventures such as:
M-94
M- 94 was invented in 1917 in
U.S.A. It consisted of 25 disc
around a rod ( acting as an axle.)
Each disc had a 26 alphabets in a
scrambled order. The message
was encrypted by changing the
order of the discs.
Kryha
It was a German machine for
cryptography. It was invented
in early 1920s. But it wasn’t
secure and was deciphered by
a third party in 2 hrs. 41 mins.
13. They were the first cryptography machines where electricity was used. Their
prominent use was during the Second World War.
They comprised of rotating discs and an array of electrical switches and there
was wiring between them. They produced polyalphabetic ciphers.
Some prominent machines were
Lorenz SZ
Lacida
Enigma
Typex
Snippet!!
Germans used Enigma in the WWII for sending top secret
messages and thought they can’t be deciphered.
Alan Turing deciphered Enigma code for Allies.
He also gave the concept of artificial intelligence.
14. The main principle behind these machines is a typewriter with each
key attached to a bulb through a wire. Each bulb stands for one
alphabet. For e.g. if letter A is connected to bulb S, then when A is
pressed, bulb S would light up.
This principle is followed in rotor machines. However, there was a
rotor (rotating disc) outside every wiring and was rotated after every
letter was pressed. Therefore a new letter was implemented for every
alphabet and polyalphabetic cipher was obtained.
But after 26 alphabets the substitution started to
repeat itself.
So more no. of rotors were added for more security.
So, for 2 rotors no. of letters were increased to
26x26=676
Fig: Enigma
15. Invention of computer revolutionized cryptography. At classical era cryptography
was solely concerned with language patterns. At modern era it was concerned
about language patterns but after the development of computers, it became
mathematical.
Cryptography through rotor machines was labouriuos so the idea of developing a
computer was taken.
The world’s first programmable computer was built for this purpose only. It was
Colossus and was built by the British army to intercept the messages by the
German rotor machine Lorenz SZ.
This invention later paved the way for other
advanced cryptographic techniques, Such as:
Fig: The Colossus Computer
D.E.S.
A.E.S.
16. It’s the form of cryptography where a similar key is used by both the sender and the
receiver. The first forms of cryptography were symmetric keys. They were applied
through :
Stream Ciphers
In this technique, the message is broken into group of 1 bit each. In each bit, the key
and the algorithm were applied.
Block Ciphers
In this technique, the message is broken into
blocks ( say each is of 64 bits). In each block,
the key and the algorithm were applied.
This is a widely used technique. The
advanced cryptography algorithms like
D.E.S. are based on this technique.
Fig: Symmetric key ciphers
17. D.E.S. is the abbreviation for Data Encryption Standard, a form of block cipher
cryptography algorithm, designed by International Business Machines( I.B.M.) in the
1970s. This algorithm was designed to secure U.S.A.’s defence secrets.
The data is broken into blocks of 64 bits. The length of the key is 64 bits and the key
is then applied (the length of the key is 56 bits.) Before encrypting, each block is broken
into two halves.
This system was said to be secure, but was broken two decades later. It’s not
resistant to Brute Force Attack i.e. exhaustive key search.
It’s no longer used by United States but its advanced form has been made known as
triple D.E.S. The length of the key has been increased and now it’s used in A.T.M.s and
Credit cards.
18. A.E.S. is the abbreviation for advanced Encryption Standard, a
form of block cipher cryptography algorithm, designed by
National Institute of Standards and Technology (N. I.S.T.) in 1997.
It was similar to D.E.S. system but here the size of the block was
increased to 128 bits and the key size was increased to multiples
of 32, starting from 128 bits and the maximum of 256 bits.
It’s till now unbreakable but it’s not used commercially. It’s said
that U.S. army uses it.
19. In this technique, there are two keys used i.e. one is used for
encryption (public key) and another for decryption (private key).
This technique was put forward in late 1970s. It’s first practical
algorithm developed in 1978 and is known as RSA.
RSA provided much more security than DES but the algorithm is
very complicated and is not commercially used.
Fig : Public key cryptography
20. The use of biometrics in the field of cryptography has completely transformed it.
Now it’s not just code breaking, but using individual’s biological traits for
authentication.
Biometrics is basically the study of measuring and analyzing individual biological
data. Biometric technology evolved from it. Here the technology is used to measure
individual characteristics such as Fingerprints, iris and retina patterns etc.
Now for obtaining data one has to pass through biometric verification.
Fig: Bio metric system of iris pattern and finger print variation
21. Cryptography, though has improved a lot, still has to develop commercially.
It’s believed that A.E.S. will be used commercially. Also biometric system will be there
in A.T.M.s.
Another form of cryptography that will exist is quantum cryptography (also called
quantum key distribution.) This system has worked well in theory. Here the key is
particles of light i.e. photons. Each photons oscillates (vibrates) and this oscillation can be
manipulated and this property used for creating this cryptography. A device called
polarizer is used to encrypt and decrypt the plaintext. It’s basically a filter which allows a
certain number of protons with similar oscillation. The message is transmitted through
optical fibers. The same polarizer is used for decryption.
At present system isn’t globally commercial, only few swiss and american companies are
said to make it.. But it’s said to be unbreakable.
Fig: quantum cryptography
22. Many sources has been referred to for creating this presentation.
Websites and webpages:
http://swissquantum.idquantique.com
http://science.howstuffworks.com/science-vs-myth/everyday-myths
http://searchsecurity.techtarget.com
http://www.webopedia.com
http://ciphermachines.com
http://users.telenet.be/d.rijmenants/en/timeline.htm
http://en.wikipedia.org
https://www.kettering.edu/sites/default/files/resource-file-download/Vigenere%20Ciph
http://crypto.interactive-maths.com
http://www.britannica.com
magazine and e-book:
PC Quest November 2005 issue
Introduction to modern cryptography By Jonathan Kutz & Yehuda Lindell
Editor's Notes
Defence and national security
Individual security and safety
Securing virtual transaction