Cryptography and applications

Cryptography and
Applications
PHAM VAN HAU (PVHAU@HCMIU.EDU.VN)
SCHOOL OF COMPUTER SCIENCE AND ENGINEERING-
INTERNATIONAL UNIVERSITY

The History of Cryptography
Cryptography has roots that
begin around 2000 B.C. in Egypt
used to decorate tombs to tell
the life story of the deceased
not so much about hiding the
messages themselves; rather, the
hieroglyphics were intended to
make the life story seem more
noble, ceremonial, and majestic

Some Basic Terminology
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering ciphertext from plaintext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - field of both cryptography and cryptanalysis
3

Classical Substitution Ciphers
 where letters of plaintext are replaced by other letters or by
numbers or symbols
 or if plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit patterns
4

Caesar Cipher
 earliest known substitution cipher
 by Julius Caesar
 first attested use in military affairs
 replaces each letter by 3rd letter on
a b c d e f g h i j k l m n o p q r s t u v w
x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A
B C
 example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
5

Caesar Cipher
 mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y
z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
25
 then have Caesar cipher as:
c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)
6

Cryptanalysis of Caesar Cipher
 only have 26 possible ciphers
 A maps to A,B,..Z
 could simply try each in turn
 given ciphertext, just try all shifts of letters
 do need to recognize when have plaintext
 eg. break ciphertext "GCUA VQ DTGCM"
7

More substitution ciphers
Mono-alphabetic Cipher
Playfair Cipher
Polyalphabetic Cipher
◦ Vigenère Cipher
◦ Autokey Cipher
◦ One Time Pad

Transposition Ciphers
 now consider classical transposition or permutation ciphers
 these hide the message by rearranging the letter order
 without altering the actual letters used
 can recognise these since have the same frequency distribution as
the original text
28

Row Transposition Ciphers
 a more complex transposition
 write letters of message out in rows over a specified number of
columns
 then reorder the columns according to some key before reading off
the rows
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
30

scytale cipher
Around 400 B.C., the Spartans
would write a message on a sheet
of papyrus (a type of paper) that
was wrapped around a staff (a
stick or wooden rod), which was
then delivered and wrapped
around a different staff by the
recipient. The message was only
readable if it was wrapped around
the correct size staff, which made
the letters properly match up

Enigma Code Machine
http://www.youtube.com/watch?v=Hb44bGY2KdU

Product Ciphers
 ciphers using substitutions or transpositions are not
secure because of language characteristics
 hence consider using several ciphers in succession to
make harder, but:
 two substitutions make a more complex substitution
 two transpositions make more complex transposition
 but a substitution followed by a transposition makes a new
much harder cipher
 this is bridge from classical to modern ciphers
33

Block and Stream Ciphers
BLOCK CIPHERS WORK ON
BLOCKS OF BITS
STREAM CIPHERS, WHICH WORK
ON ONE BIT AT A TIME

Initialization Vectors
•Random values that are used with algorithms to ensure patterns are not
created during the encryption process.
•(If IVs are not used, then two identical plaintext values that are
encrypted with the same key will create the same ciphertext. )
•They are used with keys
•Do not need to be encrypted when being sent to the destination.

Key Distribution
• given parties A and B have various key distribution
alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use previous
key to encrypt a new key
4. if A & B have secure communications with a third party C,
C can relay key between A & B

Strengths and Weaknesses
Strengths
 Much faster (less computationally intensive) than asymmetric
systems.
Hard to break if using a large key size.
Weaknesses
Requires a secure mechanism to deliver keys properly.
Each pair of users needs a unique key, so as the number of individuals
increases, so does the number of keys, possibly making key
management overwhelming.
Provides confidentiality but not authenticity or nonrepudiation

Types of Symmetric Systems
•Data Encryption Standard (DES)
•3DES (Triple DES)
•Blowfish
•Twofish
•IDEA (International Data Encryption Algorithm)
•RC4, RC5, RC6
•AES (Advanced Encryption Standard)
•SAFER (Secure and Fast Encryption Routine)
•Serpent

RSA
 by Rivest, Shamir & Adleman of MIT in 1977
 best known & widely used public-key scheme
 based on exponentiation in a finite (Galois) field over
integers modulo a prime
nb. exponentiation takes O((log n)3) operations (easy)
 uses large integers (eg. 1024 bits)
 security due to cost of factoring large numbers
nb. factorization takes O(e log n log log n) operations (hard)

Ideas...
Given a big number n, a message M (that is converted to
integer value), if we can choose e and d that satisfy the
following conditions:
C=Me mod n for all M<n
M=Cd mod n=Med mod n
or Med ≡ M mod n (denote Med conguence M modulo n)
It is infeasible to dermine d given e and n.

How RSA Works
 Given two primes p, q, and two integers m, n, such that n=p.q
and 0<m<n, an arbitrary integer k. Because of Euler's
Theorem:
– mø(n)*k+1 ≡ m mod n (1)
in which, the totient ø(n) of a positive
integer n is defined to be the number of
positive integers less than or equal to n that
are coprime to n. ø(9)=6 since the six numbers
1, 2, 4, 5, 7 and 8 are coprime to 9
– We can have med ≡ m mod n, if
ed=ø(n)*k+1 or ed ≡ 1 mod ø(n)
according to rules of modular arithmetic, this
happens only if e (and therefore d) is
relative prime to ø(n). Or gcd(ø(n),e)=1
– Since p, q are two primes, we have
• ø(n)=(p-1)(q-1), it is easy to have e, and d

RSA Key Setup
 each user generates a public/private key pair by:
 selecting two large primes at random - p, q
 computing their system modulus n=p.q
note ø(n)=(p-1)(q-1)
 selecting at random the encryption key e
 where 1<e<ø(n), gcd(e,ø(n))=1
 solve following equation to find decryption key d
–e.d ≡1 mod ø(n) and 0≤d≤n
 publish their public encryption key: PU={e,n}
 keep secret private decryption key: PR={d,n}

RSA Use
 to encrypt a message M the sender:
obtains public key of recipient PU={e,n}
computes: C = Me mod n, where 0≤M<n
 to decrypt the ciphertext C the owner:
uses their private key PR={d,n}
computes: M = Cd mod n
 note that the message M must be smaller than the
modulus n (block if needed)

RSA Example - Key Setup
• Select primes: p=17 & q=11
• Compute n = pq =17 x 11=187
• Compute ø(n)=(p–1)(q-1)=16 x 10=160
• Select e: gcd(e,160)=1; choose e=7
• Determine d: de ≡1 mod 160 and d < 160 Value is
d=23 since 23x7=161= 10x160+1
• Publish public key PU={7,187}
• Keep secret private key PR={23,187}

RSA Example - En/Decryption
 sample RSA encryption/decryption is:
 given message M = 88 (nb. 88<187)
 encryption:
C = 887 mod 187 = 11
 decryption:
M = 1123 mod 187 = 88

RSA Security
 possible approaches to attacking RSA are:
brute force key search (infeasible given big size of keys)
mathematical attacks (based on difficulty of computing
ø(n), by factoring modulus n)
timing attacks (on running of decryption)

Factoring Problem
 mathematical approach takes 3 forms:
factor n=p.q, hence compute ø(n) and then d
determine ø(n) directly and compute d
find d directly
 currently believe all equivalent to factoring
Cryptanalysis have seen slow improvements over the years
currently assume 1024-2048 bit RSA is secure
 ensure p, q of similar size and matching other constraints

Timing Attacks
 developed by Paul Kocher in mid-1990’s
 exploit timing variations in operations
eg. multiplying by small vs large number
or IF's varying which instructions executed
 infer operand size based on time taken
 RSA exploits time taken in exponentiation
 countermeasures
use constant exponentiation time
add random delays
blind values used in calculations

Strengths and Weaknesses
Strengths
•Better key distribution than symmetric systems
•Better scalability than symmetric systems
•Can provide authentication and nonrepudiation
Weaknesses
•Works much more slowly than symmetric systems
•Mathematically intensive tasks

Key Management
 public-key encryption helps address key distribution
problems
 have two aspects of this:
distribution of public keys
use of public-key encryption to distribute secret keys

Distribution of Public Keys
 can be considered as using one of:
public announcement
publicly available directory
public-key authority
public-key certificates

Public Announcement
 users distribute public keys to recipients or broadcast
to community at large
eg. append PGP keys to email messages or post to news
groups or email list
 major weakness is forgery
anyone can create a key claiming to be someone else and
broadcast it
until forgery is discovered can masquerade as claimed
user

Publicly Available Directory
 can obtain greater security by registering keys with a
public directory
 directory must be trusted with properties:
contains {name,public-key} entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
 still vulnerable to tampering or forgery

Public-Key Authority
 improve security by tightening control over
distribution of keys from directory
 has properties of directory
 and requires users to know public key for the
directory
 then users interact with directory to obtain any
desired public key securely
does require real-time access to directory when keys are
needed

Public-Key Certificates
 certificates allow key exchange without real-time
access to public-key authority
 a certificate binds identity to public key
usually with other info such as period of validity, rights of
use etc
 with all contents signed by a trusted Public-Key or
Certificate Authority (CA)
 can be verified by anyone who knows the public-key
authorities public-key

Public-key infrastructure (PKI)
A public-key infrastructure (PKI) is a set of hardware, software, people,
policies, and procedures needed to create, manage, distribute, use,
store, and revoke digital certificates
PKI is an arrangement that binds public keys with respective user
identities by means of a certificate authority (CA)

Differences Between Symmetric
and Asymmetric Systems
Attribute Symmetric Asymmetric
Keys One key is shared between
two or more entities
One entity has a public key,
and the other entity has the
corresponding private key.
Key exchange Out-of-band through secure
mechanisms.
A public key is made available
to everyone, and a private key
is kept secret by the owner.
Speed Algorithm is less complex
and faster.
The algorithm is more
complex and slower.
Use Bulk encryption, which
means encrypting files and
communication paths.
Key distribution and digital
signatures.
Security service
provided
Confidentiality. Authentication and
nonrepudiation

Types of Asymmetric Systems
The Diffie-Hellman Algorithm
RSA
El Gamal
Elliptic Curve Cryptosystems
LUC
Knapsack
Zero Knowledge Proof

Public-Key Distribution of Secret Keys
 use previous methods to obtain public-key
 can use for secrecy or authentication
 but public-key algorithms are slow
 so usually want to use private-key encryption to
protect message contents
 hence need a session key
 have several alternatives for negotiating a suitable
session

Simple Secret Key Distribution
 proposed by Merkle in 1979
A generates a new temporary public key pair
A sends B the public key and their identity
B generates a session key K sends it to A encrypted using
the supplied public key
A decrypts the session key and both use
 problem is that an opponent can intercept and
impersonate both halves of protocol

Public-Key Distribution of Secret Keys
 if have securely exchanged public-keys:

Hybrid Key Distribution
 retain use of private-key KDC
 shares secret master key with each user
 distributes session key using master key
 public-key used to distribute master keys
especially useful with widely distributed users
 rationale
performance
backward compatibility

Diffie-Hellman Key Exchange
 first public-key type scheme proposed
 by Diffie & Hellman in 1976 along with the exposition
of public key concepts
note: now know that Williamson (UK CESG) secretly
proposed the concept in 1970
 is a practical method for public exchange of a secret
key
 used in a number of commercial products

 a public-key distribution scheme
cannot be used to exchange an arbitrary message
rather it can establish a common key
known only to the two participants
 value of key depends on the participants (and their private
and public key information)
 based on exponentiation in a finite (Galois) field (modulo a
prime or a polynomial) - easy
 security relies on the difficulty of computing discrete
logarithms (similar to factoring) – hard

Diffie-Hellman Setup
 all users agree on global parameters:
large prime integer or polynomial q
–a being a primitive root mod q
 each user (eg. A) generates their key
chooses a secret key (number): xA < q
compute their public key: yA = a
xA
mod q
 each user makes public that key yA

 shared session key for users A & B is KAB:
KAB = a
xA.xB
mod q
= yA
xB
mod q (which B can compute)
= yB
xA
mod q (which A can compute)
 KAB is used as session key in private-key encryption scheme
between Alice and Bob
 if Alice and Bob subsequently communicate, they will have the
same key as before, unless they choose new public-keys
 attacker needs an x, must solve discrete log

Diffie-Hellman Example
 users Alice & Bob who wish to swap keys:
 agree on prime q=353 and a=3
 select random secret keys:
A chooses xA=97, B chooses xB=233
 compute respective public keys:
–yA=3
97
mod 353 = 40 (Alice)
–yB=3
233
mod 353 = 248 (Bob)
 compute shared session key as:
–KAB= yB
xA
mod 353 = 248
97
= 160 (Alice)
–KAB= yA
xB
mod 353 = 40
233
= 160 (Bob)

Key Exchange Protocols
 users could create random private/public D-H keys
each time they communicate
 users could create a known private/public D-H key
and publish in a directory, then consulted and used
to securely communicate with them
 both of these are vulnerable to a meet-in-the-
Middle Attack
 authentication of the keys is needed

Kerckhoffs’ Principle
Auguste Kerckhoffs published a paper in 1883 stating that
•the only secrecy involved with a cryptography system should be the key.
•algorithm should be publicly known.
•if security were based on too many secrets, there would be more
vulnerabilities to possibly exploit.

Hash Functions
•condenses arbitrary message to fixed size
h = H(M)
•usually assume that the hash function is public and not keyed
•hash used to detect changes to message
•can use in various ways with message
•most often to create a digital signature

Requirements for Hash
Functions
•can be applied to any sized message M
•produces fixed-length output h
•is easy to compute h=H(M) for any message M
•given h is infeasible to find x s.t. H(x)=h
• one-way property
•given x is infeasible to find y s.t. H(y)=H(x)
• weak collision resistance
•is infeasible to find any x,y s.t. H(y)=H(x)
• strong collision resistance

Various Hashing Algorithms
MD2
MD4
MD5
SHA
SHA-1
SHA-2 family: SHA-256, SHA-384, and SHA-512
HAVAL
Tiger

Attacks Against One-Way Hash
Functions
If the algorithm does produce the same value for two distinctly different
messages, this is called a collision
An attacker can attempt to force a collision, which is referred to as a
birthday attack
How many people must be in the same room for the chance to be
greater than even that another person has the same birthday as you?
Answer: 253
How many people must be in the same room for the chance to be
greater than even that at least two people share the same birthday?
Answer: 23

Message Authentication Code
(MAC)
•generated by an algorithm that creates a small fixed-sized block
• depending on both message and some key
• like encryption though need not be reversible
•appended to message as a signature
•receiver performs same computation on message and checks it
matches the MAC
•provides assurance that message is unaltered and comes from sender

Cryptosystems
A cryptosystem is made up of at least the following:
•Software
•Protocols
•Algorithms
•Keys

Services of Cryptosystems
•Confidentiality Renders the information unintelligible except by
authorized
•entities.
•Integrity Data has not been altered in an unauthorized manner since it
was created, transmitted, or stored.
•Authentication Verifies the identity of the user or system that created
information.
•Nonrepudiation Ensures that the sender cannot deny sending the
message.

Digital signature for a message

Link Encryption vs. End-to-End
Encryption
Link encryption encrypts all the data (except data link control messaging
information) along a specific communication path, as in a satellite link,
T3 line, or telephone circuit
end-to-end encryption happens within the applications
SSL encryption takes place at the transport layer.

HTTP Secure
HTTP Secure (HTTPS) is HTTP running over SSL (developed by Netscape)
SSL :
◦ it is not an open-community protocol
◦ works at the transport layer
◦ uses public key encryption
◦ provides data encryption, server authentication, message integrity, and
optional client authentication
The open-community version of SSL is Transport Layer Security (TLS)

Pretty Good Privacy
•Freeware e-mail security program and was released in 1991
•PGP is a complete cryptosystem that uses cryptographic protection to
protect e-mail and files.
•It can use RSA public key encryption for key management and use
•IDEA symmetric cipher for bulk encryption of data
•PGP uses “web of trust” in its key management approach

Secure Shell
SSH is a program and a set of protocols that work together to provide a
secure tunnel between two computers.
The two computers go through a handshaking process and exchange
(via Diffie-Hellman) a session key that will be used during the session to
encrypt and protect the data sent
SSH should be used instead of Telnet, FTP, rlogin, rexec, or rsh

Internet Protocol Security
(IPSec)
•IPSec uses two basic security protocols: Authentication Header (AH)
and Encapsulating Security Payload (ESP).
•AH is the authenticating protocol
•ESP is an authenticating and encrypting protocol that uses
cryptographic mechanisms to provide source authentication,
confidentiality, and message integrity
•IPSec can work in one of two modes:
◦ transport mode, in which the payload of the message is protected
◦ tunnel mode, in which the payload and the routing and header information
are protected

Attacks
Cipher-Only Attacks
Known-Plaintext Attacks
Chosen-Plaintext Attacks
Chosen-Ciphertext Attacks
Differential Cryptanalysis
Side-Channel Attacks
Replay Attacks

Steganography
 an alternative to encryption
 hides existence of message
 using only a subset of letters/words in a longer message marked in
some way
 using invisible ink
 hiding in graphic image or sound file
 has drawbacks
 high overhead to hide relatively few info bits
91

Example
92
Removing all but the last 2 bits of each color component produces an almost
completely black image. Making that image 85 times brighter produces the image
on the right hand-side
.

93
Jane S., a chief sub editor and editor, can always be found
hard at work in her cubicle. Jane works independently, without
wasting company time talking to colleagues. She never
thinks twice about assisting fellow employees, and she always
finishes given assignments on time. Often Jane takes extended
measures to complete her work, sometimes skipping
coffee breaks. She is a dedicated individual who has absolutely no
vanity in spite of her high accomplishments and profound
knowledge in her field. I firmly believe that Jane can be
classed as a high-caliber employee, the type which cannot be
dispensed with. Consequently, I duly recommend that Jane be
promoted to executive management, and a proposal will be
sent away as soon as possible.
Project Leader
Example 2: Letter of Recommendation
Jane S., a chief sub editor and editor, can always be found
hard at work in her cubicle. Jane works independently, without
wasting company time talking to colleagues. She never
thinks twice about assisting fellow employees, and she always
finishes given assignments on time. Often Jane takes extended
measures to complete her work, sometimes skipping
coffee breaks. She is a dedicated individual who has absolutely no
vanity in spite of her high accomplishments and profound
knowledge in her field. I firmly believe that Jane can be
classed as a high-caliber employee, the type which cannot be
dispensed with. Consequently, I duly recommend that Jane be
promoted to executive management, and a proposal will be
sent away as soon as possible.
Project Leader
(copied from http://gadgetopia.com/post/2278)

Cryptography and applications

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (18)

Similar to Cryptography and applications

Similar to Cryptography and applications (20)

More from thai

More from thai (11)

Recently uploaded

Recently uploaded (20)

Cryptography and applications