cryptography

1. Cryptography

2. Course outcome
⚫ Develop an in-depth knowledge and understanding of
the principles of cryptography techniques
⚫ Develop a strong mathematical foundation for
understanding cryptography
⚫ Exploring the various Cryptographic primitives-
Encryption/Decryption, authentication techniques, and
hash functions
⚫ Gain practical experience by implementing
cryptographic algorithms and conducting security
experiments

3. Course evaluation pattern
Total Marks: 100
➢Quiz exam: 30 (Quiz-1 15 Marks and Quiz-2 15 Marks)
➢Quiz-1 will be Last week of January
➢Quiz-2 will be Last week of March
➢Mid Exam 30 Marks
➢End Term Examination 40 Marks
Lab assessment: 100 Marks

4. Course overview
⚫ Symmetric-Key Cryptography
– Stream ciphers, Block ciphers, Encryption algorithms(DES,
AES) Message Authentication codes
⚫ Asymmetric-Key Cryptography
– Number Theory, RSA encryption, Diffe hellman key
exchange, ElGamal encryption algorithm, Digital Signatures

5. Text Book:
⚫ Introduction to Modern Cryptography by Jonathan
Katz and Yehuda Lindell
⚫ Cryptography: Theory and Practices by Douglas
Stinson
⚫ Cryptography and Network Security: Principles and
Practice, Seventh Edition, William Stallings, 2017,
Pearson, ISBN 10:1-292-15858-1

6. Basic notions in our course
⚫ Text
⚫ Secret-key
Cryptosystems
⚫ Public-key
Cryptosystems
⚫ Private Key
⚫ Public Key
⚫ Cipher text
⚫ Plain Text
⚫ Block or stream
ciphers
⚫ Passive and active
adversary
⚫ Crypt analysis
⚫ Certificates
⚫ Message
Authentication
code
⚫ Hash functions
⚫ Text
⚫ Services
 Confidentiality
 Integrity
 Authentication
Number Theory

7. Why do we need cryptography
⚫ e-mail
⚫ e-commerce
⚫ Secure card transaction

8. Cryptography
⚫ Is the science or art of secret writing
⚫ Designing of a set of algorithms to prevent
unauthorized access of sensitive information by
unauthorized entities
⚫ The fundamental objective of cryptography is to
enable
– two people (Alice and Bob) to communicate over an
insecure channel so that an opponent (Mallory) cannot
understand what is being said.

9. Process of Cryptography
Cryptanalysis - Art of breaking cryptographic systems,
carried out by cryptanalyst

10. Elements
⚫ Plaintext: the information that Alice wants to send to
Bob.
⚫ Alice encrypts the plaintext, using a predetermined
key, and sends the resulting cipher text to Bob over
the public channel.
⚫ Upon receiving the cipher text
– Third person cannot determine what the plaintext was
– But Bob knows the encryption key, can decrypt the
ciphertext, and get the plaintext.

11. Cryptographic Algorithms
⚫ Single-key or symmetric encryption or Private key cryptography
⚫ The same key is used on both ends
⚫ Computationally efficient
⚫ Key exchange is a big issue

12. Asymmetric or Public key cryptography
⚫ The Different key is used on both ends
⚫ Computationally inefficient
⚫ No key exchange is required
In Practice
we use both
(symmetric and
Asymmetric)

13. Practical cryptosystem should satisfy
⚫ Each encryption and decryption function should be
efficiently computable
⚫ An opponent, upon seeing the ciphertext string y,
should be unable to determine the key k that was used
or the plaintext string x
⚫ The process of attempting to compute the key k, given
a string of cipher text y, is called cryptanalysis

14. What can a “bad person” do?
⚫ eavesdrop: intercept messages
⚫ actively insert messages into the connection
⚫ impersonation: can fake (spoof) source address in the
packet (or any field in the packet)
⚫ hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
⚫ denial of service: prevent service from being used by
others (e.g., by overloading resources)

15. Security services
Confidentiality:
– Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
⚫ A breach of confidentiality means that someone gains
access to information who should not have access to it
⚫ In the context of network security, only the sender and
intended receiver should “understand” message
contents

16. Contd…
⚫ Privacy: Assures that individuals control or
influence what information related to them may be
collected and stored and by whom and to whom that
information may be disclosed.

17. Integrity
⚫ Data integrity: “The property that data has not been
changed, destroyed, or lost in an unauthorized or
accidental manner.”
⚫ In the context of security, the sender and receiver want
to ensure the message is not altered in transit without
detection
⚫ Integrity also means ensuring information authenticity
& non-repudiation

18. Contd…
⚫ Authentication ensures that you are talking to whom
you think you are talking
– It involves verification of sender/receiver using
passwords/certificates
⚫ Non-repudiation: someone can’t repudiate (deny)
something
– It ensures that the sender of information is provided with
proof of delivery and the recipient is provided with proof of
the sender’s identity, so neither can later deny having
processed the information.

19. Availability
⚫ The property of a system or a system resource being
accessible and usable upon demand by an authorized
system entity, according to performance specifications
for the system
– i.e., a system is available if it provides services according to
the system design whenever users request them
⚫ Turning off a computer provides confidentiality and
integrity, but hurts availability!
⚫ Denial of Service (DoS) attacks are direct assaults on
availability

20. Contd…
⚫ Authentication is the process of verifying the identity
of a user or information
⚫ Access control: provides the protection against
unauthorized use of data
⚫ For example,
– any customer of a bank can create and use an identity (e.g., a
user name) to log into that bank's online service.
– but the bank's authorization policy must ensure that only
you are authorized to access your individual account online
once your identity is verified.

21. Definitions
⚫ Security attack: Any action that compromises the
security of information owned by an organization
⚫ Security mechanism: A process that is designed to
detect, prevent, or recover from a security attack
⚫ Security service: intended to counter security attacks,
and they make use of one or more security
mechanisms to provide the service

22. Relationship between Security
services and Mechanism
Services Mechanism
Confidentiality Encryption, Routing control
Integrity Digital signature and
Encryption
Authentication Encryption and Digital
signature
Non Repudiation Digital signature
Access control Access control mechanism
and policies

23. Contd…

24. Vulnerability
⚫ A flaw in the software, firmware, hardware, or service
component resulting from a weakness that can be exploited,
causing a negative impact to the confidentiality, integrity, or
availability of an impacted component or components
– Vulnerabilities can allow attackers to run unauthorized code,
access system information and steal, modify and destroy
data
⚫ Vulnerabilities in
– Design or specification, Implementation, Operation &
management

25. More Definitions: Threat and Attack
⚫ Threat: An adversary that is motivated and capable of
exploiting a vulnerability in the system by launching
attacks
– Different enemies have different abilities
– You can’t design a secure system unless you know who the
enemy is
⚫ Attack: An intentional act by which an entity attempts
to evade security services and violate the security
policy of a system

26. Attack Types
⚫ Passive attack: attempts to learn or make use of
information from a system but does not affect system
resources of that system
– Monitoring of network traffic
– Very difficult to detect, but feasible to prevent them /w
encryption
⚫ Active attack: attempts to alter system resources or affect its
operation
– Man-in-the-middle (MITM) & DDoS attacks
– Very difficult to prevent them due to a wide variety of vulnerabilities
The main goal is to detect attacks and recover the system to normal operation

27. Types of Network Attacks
⚫ Eavesdropping attacks
⚫ Man-in-the-middle (MITM) attacks
⚫ Denial of Service (DoS) attacks

28. Contd…

29. Eavesdropping Attacks
⚫ Easy to intercept traffic, almost impossible to detect
⚫ By default, everything is transmitted in clear text
– Usernames, passwords, content ...
– No security is offered by the transmission medium
⚫ Different tools available on internet
– Wireshark/Kismet/Tcpdump/airdump-ng/...
⚫ Affects Confidentiality of data exchanged
⚫ Countermeasures
– Encryption

30. MITM Attacks
⚫ Attacker intercepts, blocks or modifies communication
between sender and receiver
⚫ Attacker actively eavesdrop the communication
⚫ Affects Integrity, availability, and Confidentiality

31. Denial of Service (DoS) Attacks
⚫ Attacks on higher levels
– SYN Flooding
– Ping of death (targeting them with oversized data packets), Ping
flood
⚫ IP spoofing
⚫ Spoofed MAC control packets in Wi-Fi
⚫ ARP spoofing
⚫ Spoofed deauthentication / disassociation messages
– can target one specific user

32. Cryptanalysis and Brute-Force
Attack
⚫ Cryptanalytic attacks:
– Rely on the nature of the algorithm, general characteristics of
the plaintext, and some sample plaintext–ciphertext pairs.
– Goal: to attempt to deduce a specific plaintext or to deduce
the key being used
⚫ Brute-force attack:
– Tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained

33. cryptanalytic attacks
⚫ Based on the amount of information known to the
cryptanalyst
⚫ Possible attacks:
– Cyphertext Only Attack (COA)
– Known Plaintext Attacks (KPA)
– Choosen Plaintext Attack (CPA)
– Chooses Ciphertext Atatck (CCA)

34. Cypher text Only Attack (COA)
⚫ The attacker has access to the Cypher text only
⚫ Most encryption algorithms are NOT vulnerable
⚫ The attackers/cryptanalyst's probability of success
is VERY low

35. Known plaintext attack
⚫ The attacker has access to several (Plain-text, Cipher text)
pairs (m1, c1), (m2, c2), under the same key
 All encrypted messages do remain indefinitely privately
⚫ The goal is to compute some function of the underlying
plaintext with Cipher text
⚫ The encryption process should be randomized

36. Choosen Plaintext Attack (CPA)
⚫ The sender encrypts any message of the adversary’s choice
under the key k.
 Not aware that actually it is encrypting messages of the adversary’s
choice and providing that ciphertext to the adversary.

37. Chooses Ciphertext Attack (CCA)
⚫ The analyst gets the decryption of the cipher text of its choice
⚫ The goal is to compute some function of the underlying plain
text with a cipher text

38. Kerckhoffs's principle
⚫ The principle is
– A cryptographic system should be secure even if everything
about the system, except the key, is public knowledge
⚫ Maintaining the privacy of a key is a relatively easier task
compared to maintaining the privacy of a pair of algorithms
– Approximately key size is 100 bits and the algorithm size
is 1000 times larger
⚫ if your keys leak, it is very easy to replace the key
⚫ if I want to do secure communication with 100 parties, I
cannot come up with 100 secret algorithms
Auguste Kerckhoffs
Dutch cryptographer

39. Contd…
⚫ Private cryptographic algorithms may not know
what kind of loopholes might be present,
⚫ So it is always recommended to go or use algorithms
which have been available in the public domain and
have been scrutinized publicly.

40. Traditional Cyphers
⚫ Shift Cyphers
⚫ Mono-alphabetic Cyphers
⚫ Poly-alphabetic substitution

41. Shift (Caesar) Ciphers
⚫ A shift cipher involves replacing each letter in the
message by a letter that is some fixed number of
positions further along in the alphabet
⚫ Encryption: Shift each instance of the plain text character
by k positions forward
⚫ Decryption: Shift each instance of the cipher text character
by k positions backward

42. Example:
⚫ Plain text is cookie
⚫ K=3
⚫ Ciphertext: FRRNLH
⚫ We do the wraparound by doing the modulo operation,
modulo 26 operation

43. Security analysis
⚫ Ciphertext only attack is
possible
– Brute-force cryptanalysis
was easily performed on the
shift cipher by trying all 25
possible keys
– Given a ciphertext string,
Oscar successively try the
decryption process with
k = 0, 1, 2, etc. until getting
a meaningful text.

44. Mono Alphabetric Substitution Cipher
⚫ Lesson is
– enormously large key space, so that it becomes impractical
for that adversary to do a brute force kind of attack
⚫ Idea is
– Map each plain character to an arbitrary cipher text character
in one to one
⚫ So there are candidates of 26! or

45. Cryptanalysis on Monoalphabetic
Ciphers
⚫ Frequency Analysis:
– Exploit the redundancy present in the underlying natural
language
–
The character E occurs
more frequently
compared to any other
character
The character T occurs
more frequently compared
to the character U
Cipher text only attack is possible

46. Polyalphabetic cipher (Vigenere Cipher)
⚫ In each instance, a plain text character is mapped to a
different cipher text character
⚫

47. Example:
⚫ Keyword is “CIPHER”, this corresponds to the
numerical equivalent k = (2, 8, 15, 7, 4, 17)
⚫ Plaintext: “thiscryptosystemisnotsecure”.
⚫ Encryption: add modulo 26
Ciphertext: “VPXZGIAXIVWPUBTTMJPWIZITWZT

48. Summary of historical Ciphers
⚫ Cipher Text Only attack is possible
⚫ Sufficient key space principle
– Keyspace should be sufficiently large to make Brute-force
attack infeasible
⚫ Designing a secure cipher is indeed a tough and
challenging task

49. Classical VS Modern Cryptography
⚫ Classical cryptography:
– The art of secret writing
– The communication is secure as long as the encoding
algorithm is a secret
– Disadvantages: Reverse engineering, easy coding algorithm
⚫ Classical cryptography was restricted to the military.
Modern cryptography is influencing almost everyone

50. Contd…
⚫ Modern Cryptography
– Strong scientific foundation and principles
⚫ Principle 1:
– is formal security definitions
⚫ Principles 2:
– Precisely stating any (unproven) assumption used in the
construction
⚫ Principles 3:
– Rigorous proof of security