1. Cryptogrphy and Network security By Desta D(2022GC)-WSU
SCHOOL OF INFORMATICS
Department of Information Technology
By Desta Dana(Assistant Prof.)
Email: onenelaa@gmail.com
Course: Cryptography and N/w Security
1
2. Chapters Contents
1 INTRODUCTION: Definition Attacks, Services and
Mechanisms, Security attacks, Security services, A
Model for Internet work Security.
2 CLASSICAL TECHNIQUES: Conventional Encryption
model, Steganography, Classical Encryption
Techniques.
3 MODERN TECHNIQUES: Simplified DES, Block Cipher
Principles, Data Encryption standard, Strength of DES,
Differential and Linear Cryptanalysis, Block Cipher
Design Principles and Modes of operations.
4 CONVENTIONAL ENCRYPTION: Placement of
Encryption function, Traffic confidentiality, Key
Distribution, Random Number Generation.
5 PUBLIC KEY CRYPTOGRAPHY: Principles, RSA
Algorithm, Key Management, Diffie-Hellman Key
exchange, Elliptic Curve Cryptography.
NUMBER THEORY: Prime and Relatively prime
numbers, Modular arithmetic, Fermat’s and Euler’s
theorems, Testing for primality, Euclid’s Algorithm, the
Chinese remainder theorem, Discrete logarithms.
6 Network security framework and current issues
4. Cryptography
• Cryptography is the study of secure communications techniques that
allow only the sender and intended recipient of a message to view
its contents.
• The term is derived from the Greek word kryptos, which means
hidden.
• It is closely associated to encryption, which is the act of scrambling
ordinary text into what's known as ciphertext and then back again
upon arrival.
5. Definition Contd…
• Computer data often travels from one computer to another, leaving the safety of its protected physical
surroundings. Once the data is out of hand, people with bad intention could modify or forge your data, either
for amusement or for their own benefit.
• Cryptography can reformat and transform our data, making it safer on its trip between computers. The
technology is based on the essentials of secret codes, augmented by modern mathematics that protects our
data in powerful ways.
• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected
networks
6. Security Attacks, Services and Mechanisms
• To assess the security needs of an organization effectively, the manager responsible for
security needs some systematic way of defining the requirements for security and characterization
of approaches to satisfy those requirements.
• One approach is to consider three aspects of information security:
• Security attack – Any action that compromises the security of information owned by an
organization.
• Security mechanism – A mechanism that is designed to detect, prevent or recover from a security
attack.
• Security service – A service that enhances the security of the data processing systems and the
information transfers of an organization.
• The services are intended to counter security attacks and they make use of one or more security
mechanisms to provide the service.
7. Basic Concepts
• Cryptography The art or science encompassing the principles and methods of transforming an intelligible
message into one that is unintelligible, and then retransforming that message back to its original form
• Plaintext The original intelligible message
• Cipher text The transformed message
• Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition
and/or substitution methods
• Key Some critical information used by the cipher, known only to the sender& receiver
• Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key
• Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a key
• Cryptanalysis The study of principles and methods of transforming an unintelligible message back into an
intelligible message without knowledge of the key. Also called code breaking
• Cryptology Both cryptography and cryptanalysis
• Code An algorithm for transforming an intelligible message into an unintelligible one using a code-book
8. Cryptanalysis
• The process of attempting to discover X or K or both is known as cryptanalysis. The strategy used by the
cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst.
• There are various types of cryptanalytic attacks based on the amount of information known to the
cryptanalyst.
• Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
• Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext.
• Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They cannot open it
to find the key, however; they can encrypt a large number of suitably chosen plaintexts and try to use the
resulting cipher texts to deduce the key.
• Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses it to decrypt
several string of symbols, and tries to use the results to deduce the key.
9. STEGANOGRAPHY
• A plaintext message may be hidden in any one of the two ways. The
methods of steganography conceal the existence of the message, whereas
the methods of cryptography render the message unintelligible to outsiders
by various transformations of the text.
• A simple form of steganography, but one that is time consuming to
construct is one in which an arrangement of words or letters within an
apparently innocuous text spells out the real message.
Eg: - the sequence of first letters of each word of the overall message
spells out the real (Hidden) message.
- Subset of the words of the overall message is used to convey
the hidden message.
10. SECURITY SERVICES(C-I-A)
• The classification of security services are as follows:
• Confidentiality: Ensures that the information in a computer system and transmitted information
are accessible only for reading by authorized parties.
• E.g. Printing, displaying and other forms of disclosure.
• Authentication: Ensures that the origin of a message or electronic document is correctly
identified, with an assurance that the identity is not false.
• Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.
• Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny
the transmission.
• Access control: Requires that access to information resources may be controlled by or the target
system.
• Availability: Requires that computer system assets be available to authorized parties when needed.
11. SECURITY MECHANISMS
• One of the most specific security mechanisms in use is cryptographic
techniques.
• Encryption or encryption-like transformations of information are the most
common means of providing security.
• Some of the mechanisms are:-
1. Encipherment
2. Digital Signature
3. Access Control
12. SECURITYATTACKS(Passive Vs Active)
• Interruption:- An asset of the system is destroyed or becomes
unavailable or unusable.
• Interception:- An unauthorized party gains access to an asset.
• Modification:- An unauthorized party not only gains access to but
tampers with an asset.
• Fabrication:- An unauthorized party inserts counterfeit objects into
the system.
13. Cryptographic Attacks
• Passive Attacks
• Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted. Passive attacks are of two types:
• Release of message contents: A telephone conversation, an e-mail message
and a transferred file may contain sensitive or confidential information. We
would like to prevent the opponent from learning the contents of these
transmissions.
• Traffic analysis: If we had encryption protection in place, an opponent
might still be able to observe the pattern of the message.
14. Active attacks
• These attacks involve some modification of the data stream or the creation of a
false stream.
• These attacks can be classified in to four categories:
• Masquerade – One entity pretends to be a different entity.
• Replay – involves passive capture of a data unit and its subsequent transmission to
produce an unauthorized effect.
• Modification of messages – Some portion of message is altered or the messages
are delayed or recorded, to produce an unauthorized effect.
• Denial of service – Prevents or inhibits the normal use or management of
communication facilities.
15. Symmetric and public key algorithms
• Encryption/Decryption methods fall into two categories.
• Symmetric key Public key
• In symmetric key algorithms, the encryption and decryption keys are known
both to sender and receiver.
• The encryption key is shared and the decryption key is easily calculated
from it. In many cases, the encryption and decryption keys are the same.
• In public key cryptography, encryption key is made public, but it is
computationally infeasible to find the decryption key without the information
known to the receiver.
16. Symmetric Key
In symmetric-key cryptography, the same key is used by the sender(for
encryption) and the receiver (for decryption).
The key is shared.
• Advantages:
• Simple
• Faster
• Disadvantages:
• Key must exchanges in secure way
• Easy for hacker to get a key as it is passed in unsecure way.
17. Symmetric Key Encryption
• Data Encryption Standard (DES)
• Triple Data Encryption Standard (Triple DES)
• Advanced Encryption Standard (AES)
• International Data Encryption Algorithm (IDEA)
• TLS/SSL protocol.
18. Asymmetric Key
• An asymmetric-key (or public-key) cipher uses two keys: one private
(To encrypt data) and one public(To decrypt data).
• Asymmetric Key Cryptography (Public Key Cryptography)
• 2 different keys are used(Public keys and private keys)
• Users get the Key from an Certificate Authority
Advantages
1. More Secured
2. Authentication
Disadvantages
1. Relatively Complex
25. Classical encryption techniques
• Encryption :-
• Encryption is something like making a secret letter by changing, swapping or
replacing characters in previously defend order. The format of the message is
not changed.
• Encoding :-
• In coding the format of data is changed. For example we record a voice
sample, the recorder will encode the analog voice signals into digital signals &
store.
25
26. Basic terminology
• Plaintext: original message to be encrypted
• Ciphertext: the encrypted message
• Enciphering or encryption: the process of converting plaintext into
ciphertext
• Encryption algorithm: performs encryption
• Two inputs: a plaintext and a secret key
26
28. • Deciphering or decryption: recovering plaintext from
ciphertext
• Decryption algorithm: performs decryption
• Two inputs: ciphertext and secret key
• Secret key: same key used for encryption and
decryption
• Also referred to as a symmetric key
28
29. • Cipher or cryptographic system : a scheme for
encryption and decryption
• Cryptography: science of studying ciphers
• Cryptanalysis: science of studying attacks against
cryptographic systems
• Cryptology: cryptography + cryptanalysis
29
30. Ciphers
• Symmetric cipher: same key used for encryption
and decryption
• Block cipher: encrypts a block of plaintext at a time
(typically 64 or 128 bits)
• Stream cipher: encrypts data one bit or one byte at a
time
• Asymmetric cipher: different keys used for
encryption and decryption
30
31. Symmetric Encryption
• or conventional / secret-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are symmetric
31
32. Symmetric Encryption
• Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)
• X = plaintext
• Y = ciphertext
• K = secret key
• E = encryption algorithm
• D = decryption algorithm
• Both E and D are known to public
32
33. Cryptanalysis
• Objective: to recover the plaintext of a ciphertext or, more
typically, to recover the secret key.
• Kerkhoff’s principle: the opponent knows all details about a
cryptosystem except the secret key.
• Two general approaches:
• brute-force attack
• non-brute-force attack (cryptanalytic attack)
33
34. 34
Language Redundancy and
Cryptanalysis
• Human languages are redundant
• e.g. "th lrd s m shphrd shll nt wnt"
• Letters are not equally commonly used
• In English
• E is by far the most common letter
• Followed by T, R, N, I, O, A, S
• Other letters like Z, J, K, Q, X are fairly rare
• Which set of characters are most commonly used in Chinese?
• Have tables of single, double & triple letter frequencies for various
languages
36. 36
Use in Cryptanalysis
• Key concept
• Monoalphabetic substitution ciphers do not change relative letter
frequencies
• Discovered by Arabian scientists in 9th century
• Calculate letter frequencies for ciphertext
• Compare counts/plots against known values
• Caesar cipher looks for common peaks/troughs
• Peaks at: A-E-I triple, NO pair, RST triple
• Troughs at: JK, X-Z
• Monoalphabetic must identify each letter
• Tables of common double/triple letters help
37. 37
Example Cryptanalysis
• Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• Count relative letter frequencies (see text)
• Guess which two individual letters are for e & t (with the highest
frequencies)?
• P & Z
• Guess what “ZW” is for?
• “th” and hence “ZWP” is “the”
• Proceed with trial and error finally get:
it was disclosed yesterday that several informal but direct
contacts have been made with political
representatives of the viet cong in moscow
38. 38
Cryptanalytic Attacks
• May be classified by how much information needed by the attacker:
• Ciphertext-only attack
• Known-plaintext attack
• Chosen-plaintext attack
• Chosen-ciphertext attack
39. Classical Ciphers
• Plaintext is viewed as a sequence of elements (e.g., bits
or characters)
• Substitution cipher: replacing each element of the
plaintext with another element.
• Transposition (or permutation) cipher: rearranging the
order of the elements of the plaintext.
39
40. Caesar Cipher
• Earliest known substitution cipher
• Invented by Julius Caesar
• Ciphertext is derived from the plaintext alphabet by
shifting each letter a certain number of spaces.
• Each letter is replaced by the letter three positions further
down the alphabet.(+3)
• Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Example: Meet me after the tea party phhw ph diwhu
wkh sduwb
40
41. Caesar Cipher
• Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
• Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
• Can be generalized with any alphabet.
41
42. Monoalphabetic Substitution Cipher
• Shuffle the letters and map each plaintext letter to a
different random ciphertext letter:
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
• What does a key look like?
42
43. Playfair Cipher
•
• One approach to improving security is to encrypt multiple letters at a time.
• The Playfair Cipher is the best known such cipher.
• Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.
• Simplest substitution cipher with two letters combination.
• Encryption algo takes 5x5 matrix of letters.
• Generate the key table. (drop any duplicate letter).
• Key alphabets are filled in matrix from left to right & top to bottom.
• Rest of the letters are filled in matrix in remaining spaces.
• Letters I & j takes the same place.
43
44. Playfair Cipher
• Rules:
• If pair letters are same, add an X (uncommon letter) after the first letter.
• Balloon will be (ba lx lo on).
• If the letter appear in same row / column of the table, replace them with the
letter to immediate right respectively.
• If the letters are not on same row or column , replace with letter in the
corners of rectangle.
45. Playfair Key Matrix
• Use a 5 x 5 matrix.
• Fill in letters of the key (w/o duplicates).
• Fill the rest of matrix with other letters.
• E.g., key = MONARCHY.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
45
46. Encrypting and Decrypting
Plaintext is encrypted two letters at a time.
1. If a pair is a repeated letter, insert filler like 'X’.
2. If both letters fall in the same row, replace each with the
letter to its right (circularly).
3. If both letters fall in the same column, replace each with
the the letter below it (circularly).
4. Otherwise, each letter is replaced by the letter in the same
row but in the column of the other letter of the pair.
46
47. Vigenere cipher
• In this scheme, the set of related monoalphabetic substitution rules
consisting of 26 caesar ciphers with shifts of 0 through 25.
• Each cipher is denoted by a key letter. e.g., Caesar cipher with a shift of 3
is denoted by the key value 'd‟(since a=0, b=1, c=2 and so on).
• To aid in understanding the scheme, a matrix known as vigenere table is
Constructed
• Each of the 26 ciphers is laid out horizontally, with the key letter for each
cipher to its left. A normal alphabet for the plaintext runs across the top.
49. …
• Given a key letter X and a plaintext letter y, the cipher text is at the intersection of the row labeled
x and the column labeled y; in this case, the ciphertext is V.
• To encrypt a message, a key is needed that is as long as the message. Usually, the key is a
repeating keyword. e.g., key = d e c e p t i v e d e c e p t i v e d e c e p t i v e PT = w e a r e
d i s c o v e r e d s a v e y o u r s e l f CT = ZICVTWQNGRZGVTWAVZHCQYGLMGJ
• Decryption is equally simple. The key letter again identifies the row. The position of the cipher
text letter in that row determines the column, and the plaintext letter is at the top of that column.
• Strength of Vigenere cipher
oThere are multiple cipher text letters for each plaintext letter.
oLetter frequency information is obscured.
50. Hill Cipher
• The algo takes n x n matrix.
• The cipher C of P derived by multiplying P by K.
• When decrypt the message the inverse of K is used.
• C=(KP) mod (26)
• P= K-1 C mod (26)
51. Hill Cipher
• Example :-
• Plaintext is “paymoremoney” and key is
• K= |17 17 5 |
|21 18 21|
|2 2 19|
• 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
• A B C D E F G H I J K L M N O P Q R S T
• 20 21 22 23 24 25
• U V W X Y Z
• KEY PAY MOR EMO NEY
52. Hill Cipher
• PAY = |15 0 24|, P = 15
• C = (KP) mod 26 0
24
C = 17 17 5 15
21 18 21 X 0 mod 26
2 2 19 24
C= 255+0+120
315+0+504 mod 26
30+0+456
54. Polyalphabetic Substitution Ciphers
• A sequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk) is used in
turn to encrypt letters.
• A key determines which sequence of ciphers to use.
• Each plaintext letter has multiple corresponding ciphertext letters.
• This makes cryptanalysis harder since the letter frequency
distribution will be flatter.
54
55. Vigenère Cipher
• Simplest polyalphabetic substitution cipher
• Consider the set of all Caesar ciphers:
{ Ca, Cb, Cc, ..., Cz }
• Key: e.g. security
• Encrypt each letter using Cs, Ce, Cc, Cu,Cr, Ci, Ct, Cy in turn.
• Repeat from start after Cy.
• Decryption simply works in reverse.
55
56. Example of Vigenère Cipher
• Keyword: deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
56
57. Security of Vigenère Ciphers
• There are multiple (how many?) ciphertext letters corresponding
to each plaintext letter.
• So, letter frequencies are obscured but not totally lost.
• To break Vigenere cipher:
1. Try to guess the key length. How?
2. If key length is N, the cipher consists of N Caesar ciphers. Plaintext
letters at positions k, N+k, 2N+k, 3N+k, etc., are encoded by the
same cipher.
3. Attack each individual cipher as before.
57
58. Transposition Ciphers
• Also called permutation ciphers.
• Shuffle the plaintext, without altering the actual letters used.
• Example: Row Transposition Ciphers
• Example 2: Rail fence(2,3..)
58
59. Row Transposition Ciphers
• Plaintext is written row by row in a rectangle.
• Ciphertext: write out the columns in an order specified by a key.
Key: 3 4 2 1 5 6 7
Plaintext:
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
59
60. Product Ciphers
• Uses a sequence of substitutions and transpositions
• Harder to break than just substitutions or transpositions
• This is a bridge from classical to modern ciphers.
60
61. Unconditional & Computational Security
• A cipher is unconditionally secure if it is secure no
matter how much resources (time, space) the
attacker has.
• A cipher is computationally secure if the best
algorithm for breaking it will require so much
resources (e.g., 1000 years) that practically the
cryptosystem is secure.
• All the ciphers we have examined are not
unconditionally secure.
61
62. An unconditionally Secure Cipher
62
1 2 3 4
1 2 3 4
1 2 3 4
Key = (random, )
Plaintext =
Cipherte
Vernam’s one-time pad cip
used one-time only
xt =
where
Can be proved to be unconditionally sec
her
ur .
e
i i i
k k k k
m m m m
c c c c
c m k
63. Steganography
• Hide a message in another message.
• E.g., hide your plaintext in a graphic image
• Each pixel has 3 bytes specifying the RGB color
• The least significant bits of pixels can be changed w/o greatly
affecting the image quality
• So can hide messages in these LSBs
• Advantage: hiding existence of messages
• Drawback: high overhead
63
64. Different Types of Steganography
1. Text Steganography − There is steganography in text files, which entails secretly storing
information. In this method, the hidden data is encoded into the letter of each word.
2. Image Steganography − The second type of steganography is image steganography, which
entails concealing data by using an image of a different object as a cover. Pixel intensities
are the key to data concealment in image steganography.
3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it protects
against unauthorized reproduction. Watermarking is a technique that encrypts one piece of
data (the message) within another (the "carrier"). Its typical uses involve media playback,
primarily audio clips.
4. Video Steganography − Video steganography is a method of secretly embedding data or
other files within a video file on a computer. Video (a collection of still images) can function
as the "carrier" in this scheme. Discrete cosine transform (DCT) is commonly used to insert
values that can be used to hide the data in each image in the video, which is undetectable to
the naked eye. Video steganography typically employs the following file formats: H.264,
MP4, MPEG, and AVI.
5. Network or Protocol Steganography − It involves concealing data by using a network
protocol like TCP, UDP, ICMP, IP, etc., as a cover object. Steganography can be used in the
case of covert channels, which occur in the OSI layer network model.
65. Steganography Examples Include
• Writing with invisible ink
• Embedding text in a picture (like an artist hiding their initials in a
painting they’ve done)
• Backward masking a message in an audio file (remember those stories of
evil messages recorded backward on rock and roll records?)
• Concealing information in either metadata or within a file header
• Hiding an image in a video, viewable only if the video is played at a
particular frame rate
• Embedding a secret message in either the green, blue, or red channels of
an RRB image
• Watermarking
66. 66
• Take a 640x480 (=30,7200) pixel image.
• Using only 1 LSB, can hide 115,200 characters
• Using 4 LSBs, can hide 460,800 characters.
68. Cryptogrphy and Network security By Desta D(2022GC)-WSU
SCHOOL OF INFORMATICS
Department of Information Technology
By Desta Dana(Assistant Prof.)
Email: onenelaa@gmail.com
Course: Cryptography and N/w Security
Chapter 3 and 4
68
71. Criteria for „Good” Ciphers (1)
„Good” depends on intended application
Substitution
C hides chars of P
If > 1 key, C dissipates high frequency chars
Transposition
C scrambles text => hides n-grams for n > 1
Product ciphers
Can do all of the above
What is more important for your app?
What facilities available to sender/receiver?
E.g., no supercomputer support on the battlefield
72. Criteria for „Good” Ciphers (2)
Claude Shannon’s criteria (1949):
1. Needed degree of secrecy should determine amount of labor
How long does the data need to stay secret?
2. Set of keys and enciphering algorithm should be free from complexity
Can choose any keys or any plaintext for given E
E not too complex
3. Implementation should be as simple as possible
Complexity => errors
73. Criteria for „Good” Ciphers (3)
Shannon’s criteria (1949) – cont.
4. Propagation of errors should be limited
Errors happen => their effects should be limited
One error should not invlidate the whole C
5. Size / storage of C should be restricted
Size (C) should not be > size (P)
More text is more data for cryptanalysts to work with
Need more space for storage, more time to send
Proposed at the dawn of computer era –
still valid!
74. Criteria for ‘Good” Ciphers (4)
Characteristics of good encryption schemes
Confusion:
interceptor cannot predict what will happen to C when she changes one char in P
E with good confusion:
hides well relationship between P”+”K, and C
Diffusion:
changes in P spread out over many parts of C
Good diffusion => attacker needs access to much of C to infer E
75. Criteria for „Good” Ciphers (5)
Commercial Principles of Sound Encryption Systems
1. Sound mathematics
Proven vs. not broken so far
2. Verified by expert analysis
Including outside experts
3. Stood the test of time
Long-term success is not a guarantee
Still. Flows in many E’s discovered soon after their release
Examples of popular commercial E’s:
DES / RSA / AES DES = Data Encryption Standard
RSA = Rivest-Shamir-Adelman
AES = Advanced Encryption Standard (rel. new)
76. Stream and Block Ciphers (1)
a. Stream ciphers
b. Problems with stream ciphers
c. Block ciphers
d. Pros / cons for stream and block ciphers
77. a. Stream Ciphers (1)
Stream cipher: 1 char from P 1 char for C
Example: polyalphabetic cipher
P and K (repeated ‘EXODUS’):
YELLOWSUBMARINEFROMYELLOWRIVER
EXODUSEXODUSEXODUSEXODUSEXODUS
Encryption (char after char, using Vigenère Tableaux):
(1) E(Y, E) c (2) E(E, X) b (3) E(L, O) z ...
C: cbzoiowlppujmksilgqvsofhbowyyj
C as sent (in the right-to-left order):
Sender
S
Receiver
R
jyywobhfosvqgliskmjupplwoiozbc
78. Stream Ciphers (2)
Example: polyalphabetic cipher - cont.
C as received (in the right-to-left order):
C and K for decryption:
cbzoiowlppujmksilgqvsofhbowyyj
EXODUSEXODUSEXODUSEXODUSEXODUS
Decryption:
(1) D(c, E) Y (2) D(b, X) E (3)D(z, O) L ...
Decrypted P:
YEL...
Q: Do you know how D uses Vigenère Table?
Sender
S
Receiver
R
jyywobhfosvqgliskmjupplwoiozbc
79. Problems with Stream Ciphers (1)
Problems with stream ciphers
Dropping a char from key K results in wrong decryption
Example:
P and K (repeated ‘EXODUS’) with a char in K missing:
YELLOWSUBMARINEFROMYELLOWRIVER
EODUSEXODUSEXODUSEXODUSEXODUSE
Encryption
(using VT):
1) E(Y,E) c
2) E(E,O) s
3) E(L,D) o
...
Ciphertext: cso...
C in the order as sent (right-to-left):
...osc
missing X in K ! (no errors in repeated K later)
80. C and correct K (‘EXODUS’) for decryption:
cso...
EXO...
Decryption (using VT, applying correct key):
1) D(c, E) Y
2) D(s, X) V
3) D(o, O) A
Decrypted P:
YVA... - Wrong!
We know it’s wrong, Receiver might not know it yet!
C as received (in the right-to-left order):
...osc
Problems with Stream Ciphers (2)
81. Problems with Stream Ciphers (3)
The problem might be recoverable
Example:
If R had more characters decoded, R might be able to
detect that S dropped a key char, and R could recover
E.g., suppose that R decoded:
YELLOW SUBMAZGTR
R could guess, that the 2nd word should really be:
SUBMARINE
=> R would know that S dropped a char from K after
sending „SUBMA”
=> R could go back 4 chars, drop a char from K
(„recalibrate K with C”), and get „resynchronized” with S
82. Block Ciphers (1)
We can do better than using recovery for stream ciphers
Solution: use block ciphers
Block cipher:
1 block of chars from P 1 block of chars for C
Example of block cipher: columnar transposition
Block size = „o(message length)” (informally)
83. Block Ciphers (2)
Why block size = „o(message length)” ?
Because must wait for ”almost” the entire C before can
decode some characters near beginning of P
E.g., for P = ‘HELLO WORLD’, block size is „o(10)”
Suppose that Key = 3 (3 columns):
C as sent (in the right-to-left order):
HEL
LOW
ORL
DXX
xlwlxroedolh
Sender
S
Receiver
R
84. Block Ciphers (3)
C as received (in the right-to-left order):
R knows: K = 3, block size = 12 (=> 4 rows)
=> R knows that characters wil be sent in the order:
1st-4th-7th-10th--2nd-5th-8th-11th--3rd-6th-9th-12th
R must wait for at least:
1 char of C to decode 1st char of P (‘h’)
5 chars of C to decode 2nd char of P (‘he’)
9 chars of C to decode 3rd, 4th, and 5th chars of P
(‘hello’)
10 chars of C to decode 6th, 7th, and 8th chars of P
(‘hello wor’)
etc.
xlwlxroedolh
123
456
789
abc
a=10
b=11
c=12
85. Block Ciphers (4)
Informally, we might call ciphers like the above example
columnar transposition cipher „weak-block” ciphers
R can get some (even most) but not all chars of P before
entire C is received
R can get one char of P immediately
the 1st-after 1 of C (delay of 1 - 1 = 0)
R can get some chars of P with „small” delay
e.g., 2nd-after 5 of C (delay of 5 - 2 = 3)
R can get some chars of P with „large” delay
e.g., 3rd-after 9 of C (delay of 9 – 3 = 6)
There are block ciphers when R cannot even start decoding
C before receiving the entire C
Informally, we might call them „strong-block” ciphers
86. d. Pros / Cons for
Stream and Block Ciphers (1)
Pros / cons for stream ciphers
+ Low delay for decoding individual symbols
Can decode ASA received
+ Low error propagation
Error in E(c1) does not affect E(c2)
- Low diffusion
Each char separately encoded => carries over its
frequency info
- Susceptibility to malicious insertion / modification
Adversary can fabricate a new msg from pieces of
broken msgs, even if he doesn’t know E (just broke
a few msgs)
87. Pros / Cons for
Stream and Block Ciphers (2)
Pros / cons for block ciphers
+ High diffusion
Frequency of a char from P diffused over (a few chars
of) a block of C
+ Immune to insertion
Impossible to insert a char into a block without easy
detection (block size would change)
Impossible to modify a char in a block without easy
detection (if checksums are used)
88. Pros / Cons for
Stream and Block Ciphers (3)
Pros / cons for block ciphers — Part 2
- High delay for decoding individual chars
See example for ‘hello worldxx’ above
For some E can’t decode even the 1st char before whole k
chars of a block are received
- High error propagation
It affects the block, not just a single char
89. DES (Data Encryption Standard)
Background and History of DES
Overview of DES
Double and Triple DES
Security of DES
90. Background and History of DES
Early 1970’s - NBS (Nat’l Bureau of Standards) recognized
general public’s need for a secure crypto system
Encryption for the masses”
Existing US gov’t crypto systems were not meant to be
made public
E.g. DoD, State Dept.
Problems with proliferation of commercial encryption
devices
Incompatible
Not extensively tested by independent body
91. Overview of DES (1)
DES - a block cipher
a product cipher
16 rounds (iterations) on the input bits (of P)
substitutions (for confusion) and
permutations (for diffusion)
Each round with a round key
Generated from the user-supplied key
Easy to implement in S/W or H/W
92. Overview of DES (2)
Basic Structure
Input: 64 bits (a block)
Li/Ri– left/right half of the input block
for iteration i (32 bits) – subject to
substitution S and permutation P
supplied key
Ki - round key:
56 bits used +8 unused
(unused for E but often used for error
checking)
Output: 64 bits (a block)
Note: Ri becomes L(i+1)
All basic op’s are simple logical ops
Left shift / XOR
K1
K16
Input
Input Permutation
L0 R0
S
P
K
R1
L1
L16 R16
Final Permutation
Output
93. Overview of DES (3) -
Generation of Round Keys
key
PC-1
C0 D0
LSH LSH
D1
PC-2 K1
K16
LSH LSH
C1
PC-2
key – user-supplied key (input)
PC-1, PC-2 – permutation tables
PC-2 also extracts 48 of 56 bits
K1 – K16 – round keys (outputs)
Length(Ki) = 48
Ci / Di – confusion / diffusion (?)
LSH –left shift (rotation) tables
94. Overview of DES (4) -
Problems with DES
Diffie, Hellman 1977 prediction: “In a few years, technology
would allow DES to be broken in days.”
Key length is fixed (= 56)
256 keys ~ 1015 keys
„Becoming” too short for faster computers
1997: 3,500 machines – 4 months
1998: special „DES cracker” h/w – 4 days
Design decisions not public
Suspected of having backdoors
Speculation: To facilitate government access?
95. Double and Triple DES (1)
Double DES:( 2 Keys)
Use double DES encryption
C = E(k2, E(k1, P) )
Expected to multiply difficulty of breaking the encryption
Not true!
In general, 2 encryptions are not better than one
Only doubles the attacker’s work
96. Double and Triple DES (2)
Triple DES:
Is it C = E(k3, E(k2, E(k1, P) ) ?
Not so simple!
97. Triple DES:
Tricks used:
D not E in the 2nd step, k1 used twice (in steps 1 & 3)
It is:
C = E(k1, D(k2, E(k1, P) )
and
P = D(k1, E(k2, D(k1, C) )
Doubles the effective key length
112-bit key is quite strong
Even for today’s computers
For all feasible known attacks
Double and Triple DES (3)
98. AES (Advanced Encryption Standard)
Outline
What is AES?
Overview of Rijndael
Strength of AES
Comparison of DES and AES
99. What is AES?
• The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the
U.S. government to protect classified information.
• AES is implemented in software and hardware throughout the world
to encrypt sensitive data. It is essential for government computer security,
cybersecurity and electronic data protection.
• The National Institute of Standards and Technology (NIST) started development of
AES in 1997 when it announced the need for an alternative to the Data Encryption
Standard (DES), which was starting to become vulnerable to brute-force attacks.
• AES was created for the U.S. government with additional voluntary, free use in public
or private, commercial or noncommercial programs that provide encryption services.
• AES works self-encrypting disk drives, database encryption and storage encryption
100. How AES encryption works?
AES includes three block ciphers:
• AES-128 uses a 128-bit key length to encrypt and decrypt a block of
messages.
• AES-192 uses a 192-bit key length to encrypt and decrypt a block of
messages.
• AES-256 uses a 256-bit key length to encrypt and decrypt a block of
messages.
•
102. Feature of AES?
• Security. Competing algorithms were to be judged on their ability to
resist attack as compared to other submitted ciphers. Security
strength was to be considered the most important factor in the
competition.
• Cost. Intended to be released on a global, nonexclusive and royalty-
free basis, the candidate algorithms were to be evaluated on
computational and memory efficiency.
• Implementation. Factors to be considered included the algorithm's
flexibility, suitability for hardware or software implementation, and
overall simplicity.
103. Overview of Rijndael/AES
Similar to DES – cyclic type of approach
128-bit blocks of P
# of iterations based on key length
128-bit key => 9 “rounds” (called rounds, not cycles)
192-bit key => 11 rounds
256-bit key => 13 rounds
Basic ops for a round:
Substitution – byte level (confusion)
Shift row (transposition) – depends on key length (diff.)
Mix columns – LSH and XOR (confusion +diffusion)
Add subkey – XOR used (confusion)
104. Strengths of AES
Not much experience so far (since 2001)
But:
Extensive cryptanalysis by US gov’t and independent
experts
Dutch inventors have no ties to NSA or other US gov’t
bodies (less suspicion of trapdoor)
Solid math basis
Despite seemingly simple steps within rounds
105. Comparison of DES & AES (1)
DES AES
Date 1976 1999
Block size [bits] 64 128
Key length [bits] 56 (effect.) 128, 192, 256, or more
Encryption substitution, substitution, shift, bit
Primitives permutation mixing
Cryptographic confusion, confusion,
Primitives diffusion diffusion
Design open open
Design closed open
Rationale
Selection secret secret, but accepted
process public comments
Source IBM, enhan- independent Dutch
ced by NSA cryptographers
106. Comparison of DES & AES (2)
Weaknesses in AES?
20+ yrs of experience with DES eliminated fears of its
weakness (intentional or not)
Might be naïve…
Experts pored over AES for 2-year review period
108. Public Key Cryptography
• New paradigm introduced by Diffie and Hellman
• The mailbox analogy:
• Bob has a locked mailbox
• Alice can insert a letter into the box, but can’t unlock it to take mail out
• Bob has the key and can take mail out
• Encrypt messages to Bob with Bob’s public key
• Can freely distribute
• Bob decrypts his messages with his private key
• Only Bob knows this
109. Diffie-Hellman algorithm
• The Diffie-Hellman algorithm is being used to establish a shared secret that
can be used for secret communications while exchanging data over a public
network using the elliptic curve to generate points and get the secret key
using the parameters.
• For the sake of simplicity and practical implementation of the algorithm,
we will consider only 4 variables, one prime P and G (a primitive root of P)
and two private values a and b.
• P and G are both publicly available numbers. Users (say Alice and Bob) pick
private values a and b and they generate a key and exchange it publicly. The
opposite person receives the key and that generates a secret key, after
which they have the same secret key to encrypt.
•
113. Requirements
• How should a public key scheme work?
• Three main conditions
• It must be computationally easy to encrypt or decrypt a message given the
appropriate key
• It must be computationally infeasible to derive the private key from the public
key
• It must be computationally infeasible to determine the private key from
chosen plaintext attack
• Attacker can pick any message, have it encrypted, and obtain the ciphertext
114. Exchanging keys
• Alice and Bob want to communicate using a block cipher to encrypt
their messages, but don’t have shared key
• How do Alice and Bob get a shared key?
115. Solution 1
• Alice sends the key along with her encrypted message
• Eve sees encrypted message and key
• Uses key to decrypt message
116. Solution 2
• Alice sends the key at some time prior to sending Bob the encrypted
message
• Eve has to wait longer
• If she saw the key transmission, she has the key
• Uses key to decrypt message
117. Solution 3 – Use public key crypto
• Diffie Hellman Key Exchange
• All users share common modulus, p, and element g
• g ≠ 0, g ≠ 1, and g ≠ p-1
• Alice chooses her private key, kA
• Computes KA = gkA mod p and sends it to Bob in the clear
• Bob chooses his private key, kB
• Computes KB = gkB mod p and sends it to Alice in the clear
• When Alice and Bob want to agree on a shared key, they compute a shared
secret S
• SA,B = KB
kA mod p
• SB,A = KA
kB mod p
118. Why does DH work?
• SA,B = SB,A
• (gkA)kB mod p = (gkB)kA mod p
• Eve knows
• g and p
• KA and KB
• Why can’t Eve compute the secret?
• This was the first public key cryptography scheme
SA,B = KB
kA mod p
SB,A = KA
kB mod p
119. Hard problems
• Public key cryptosystems are based on hard problems
• DH is based on the Discrete Logarithm Problem (DLP)
• Given:
• Multiplicative group G
• Element a in G
• Output b
• Find:
• Unique solution to ax = b in G
• x is loga b
• No polynomial time algorithm exists to solve this*
121. RSA
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually
means that it works on two different keys i.e. Public Key and Private Key. As
the name describes that the Public Key is given to everyone and the Private
key is kept private.
• An example of asymmetric cryptography :
• A client (for example browser) sends its public key to the server and
requests some data.
• The server encrypts the data using the client’s public key and sends the
encrypted data.
• The client receives this data and decrypts it.
•
122. RSA
• Since this is asymmetric, nobody else except the browser can decrypt the
data even if a third party has the public key of the browser.
• The idea! The idea of RSA is based on the fact that it is difficult to factorize
a large integer.
• The public key consists of two numbers where one number is a
multiplication of two large prime numbers.
• And private key is also derived from the same two prime numbers.
• So if somebody can factorize the large number, the private key is
compromised.
• Therefore encryption strength totally lies on the key size and if we double
or triple the key size, the strength of encryption increases exponentially.
• RSA keys can be typically 1024 or 2048 bits long, but experts believe that
1024-bit keys could be broken in the near future.
126. Euler’s Totient
• Totient function (n)
• Number of positive numbers less than n that are relatively prime to n
• Two numbers are relatively prime when their greatest common divisor is 1
• Example: (10) = 4
• 1, 3, 7, 9
• Example: (7) = 6
• 1, 2, 3, 4, 5, 6
• If n is prime, (n) = n-1
127. RSA keys
• Choose 2 large primes, p and q
• N = pq
• (N) = (p-1)(q-1)
• Choose e < N such that gcd(e, (N))=1
• d such that ed = 1 mod (N)
• Public key: {N, e}
• Private key: {d}
• p and q must also be kept secret
129. Toy example
• p=7, q=11
• N=77
• (N) = (6)(10) = 60
• Bob chooses e=17
• Uses extended Euclidean algorithm to find inverse of e mod 60
• Finds d=53
• Bob makes {N, e} public
130. Toy example (continued)
• Alice wants to send Bob “HELLO WORLD”
• Represent each letter as a number 00(A) to 25(Z)
• 26 is a space
• Calculates:
• 0717 mod 77 = 28, 0417 mod 77 = 16, …, 0317 mod 77 = 75
• Sends Bob 28 16 44 44 42 38 22 42 19 44 75
• He decrypts each number with his private key and gets “HELLO
WORLD”
131. What could go wrong?
• What was wrong with the toy example?
• Eve can easily find the encryption of each letter and use that as a key to
Alice’s message
• Even without knowing the public key, can use statistics to find likely messages
• Like cryptogram puzzles
132. How it should really happen
• p and q should be at least 512 bits each
• N at least 1024 bits
• The message “HELLO WORLD” would be converted into one very large
integer
• That integer would be raised to the public/private exponent
• For short message, pad them with a random string
133. Is this key yours?
• How to bind a key to an identity?
134. PK Paradigm
• Genkey(some info)
• Creates Kpub and Kpriv
• Encrypt with Kpub
• Decrypt with Kpriv
• Certificate binds key to individual
135. IBE
• Identity-Based Encryption
• Kpub is well-known
• Known to be bound to owner
• Name, email, SSN, etc.
• Owner requests a private key from CA
• No certificates required
