Chapter 8. Cryptography is the science of keeping information secure in terms of confidentiality and integrity. Cryptography is also referred to as.

CryptographyChapter 8

Prepared by Saher H. Mohammed 2

Cryptography is the science of keeping information secure in terms of confidentiality and integrity.

Cryptography is also referred to as encryption.

Encryption is specifically the transformation of unencrypted data (plaintext) into encrypted form (cipher-text).

Decryption is the process of recovering the plaintext message from the cipher-text.

The process used to encrypt the plaintext or decrypt the cipher-text is referred to as cryptography algorithm.

Cryptographic algorithms generally use a key, or multiple keys, in order to encrypt or decrypt the message.

Cryptography


The Caesar cipher involves shifting each letter of the plaintext message by a certain number of letters.

SECURE can be transformed to VHFUHW by using 3 forward shifts.

ROT13 moves each letter 13 places forward.

Caesar Cipher


Modern cryptographic algorithms can be broadly classified into two types◦ Symmetric cryptography ◦ Asymmetric cryptography

Each approach has its own pros and cons.

Generally, symmetric cryptography is faster but has some issues with key exchange.

Modern Cryptographic Mechanisms


Symmetric key cryptography is also called as private key cryptography.

Symmetric key cryptography uses only a single key for both encryption and decryption.

The key is shared between the sender and receiver.

The weakness of symmetric key cryptography lies in the use of one key. If the key is exposed beyond the sender and receiver, it is possible for attacker to intercept the message.

Symmetric key cryptography provides only confidentiality, and not integrity.

Symmetric Cryptography


Symmetric key cryptography makes use of two types of ciphers: block cipher and stream cipher.

A block cipher takes a predetermined number of bits, known as block, in the plaintext message and encrypts that block.

Blocks are commonly composed of 64 bits, but can be larger or smaller.

Block cipher are slower, but more efficient. They are also very complex to implement on hardware and software.

Block versus Stream Cipher


Block ciphers are also more sensitive to errors in the encryption process.

Block ciphers are used in the situations where the message size is constant or known in advanced.

A stream cipher encrypts each bit in the plaintext message, 1 bit at a time.

Since stream cipher encrypt a single bit at a time, they are slow.

A stream cipher is used when the message size is unknown.

Common example of symmetric key algorithms are DES, 3DES and AES.

Block versus Stream Cipher


Asymmetric cryptography uses two keys; a public key and a private key.

The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone.

The private key are used to decrypt data that arrives at the receiving end and are carefully guarder by the receiver.

Complex mathematical operations are used to create the private and public keys.

Asymmetric Cryptography


The main advantage of asymmetric key cryptography is the loss of the need to distribute the key.

Common example of asymmetric key algorithms are RSA algorithm, ECC and DSS.

Asymmetric Cryptography


Hash functions are third type of cryptography, also called as keyless cryptography.

Hash functions are also referred to as message digests, they create a large unique and fixed–length hash value (hash).

Hash functions perform one-way encryption. Meaning that once the algorithm is processed, there is no way to take the cipher-text and retrieve the plaintext.

Common examples of hash functions are SHA, MD2, MD4 and MD5.

Hash Functions


Digital signatures allow us to sign a message in order to enable detection of changes to the message contents.

This ensures that the message was legitimately sent by the expected party.

This also prevents the sender from denying that he or she sent the message, know as non-repudiation.

The sender would generate a hash of the message, then use the private key to encrypt the hash, this is called as digital signature. Digital signature is attached with the message.

The receiver would use the sender’s public key to decrypt the digital signature.

Digital Signatures


Digital Signatures

Sender

Hash

Mathematical Hash Function

Digital Signature

Use private key to encrypt the hash

code

Receiver

Original Message + Digital signature

Use public key of the sender to

decrypt the digital signature


Protecting Data at Rest◦ Data Security◦ Physical Security

Protecting Data in Motion◦ Protecting the data itself◦ Protecting the connection

Protecting Data in Use◦ Policies and procedures

Protecting Data at Rest, In Motion and In Use.


A hash is a special mathematical function that performs one-way

encryption.

One the hashing algorithm is processed, there is no feasible way to

take cipher-text and retrieve the plaintext that was used to generate

it.

Common use of hashing functions are storing computer passwords

and ensuring message integrity.

Hashing


Hashing function can produce a unique value corresponding to the

data entered, but the hashing value is also reproducible by everyone

else running the same algorithm against the same data.

The hashing algorithm can be attacked with what is called collision

attack.

Hashing


Hashing

Hashing Function/ Hashing Algorithm

Plain Text

Hashing Code/ Message Digest/

Message Authentication

Code (MAC)


Hashing


Plain Text

Hashing Code


Hashing Code

Plain Text


Hashing – Collision Attack


Plain Text 2

Hashing Code

Plain Text 1


SHA accepts an input of up to 264 bits or less and then compresses the input

plain text to a hash of 160 bits.

SHA works in block mode, separating the data into words first, and then

grouping the words into blocks.

The words are 32 bit strings converted to hex; grouped together as 16

words. This makes up a 512 bit block.

If the plain text data input to SHA is not a multiple of 512 bits, the message is

padded with 0’s and an integer describing the original length of the

message.

SHA Hashing Algorithm



Original message-plaintext

Padding (If required)

Hashing Function

Message Digest


SHA is one of the most secure hashing algorithms, with no known

successful attacks against it.

The cipher code of 160 bits in SHA is very long compared to other

common 128 bit cipher codes.

This added security and resistance to attacks in SHA requires more

processing power.



Message Digest (MD) is the generic version of one of the three

algorithms, all designed to create a MD or hash from the data input

by using algorithms.

All these algorithms were developed by Ronald L. Rivers of MIT.

Various version of MD algorithms are

MD 2

MD 4

MD 5

Message Digest (MD)


MD 2 takes a data input of 16 bytes and produces a hash or MD of

128 bits.

MD 2 is optimized for 8 bit machines.

If the data input is less than16 bytes, then the input is padded.

After padding, a 16 byte checksum is appended to the message.

The message is processed in 16 byte blocks. After the entire

message is processed in 16 bytes blocks, a 128 bit message digest

or hash is produced.

MD 2


The success of MD 2 depends on the addition of checksum to the

message.

If the checksum is not appended to the original message, then MD 2

is vulnerable to collision attack.

MD 2


MD 4 is optimized for 32 bit computers.

MD 4 accepts an input of 512 bits or multiple of 512 bits.

If the input is less than 512 bits, extra bits are padded to make the

input 512 bits.

After this input block of 512 bits is processed, MD 4 produces a hash

or MD of 128 bits.

MD 4 is fast algorithm, but not secure. MD 4 is very vulnerable to

collision attacks.

MD 4


MD 5 is similar to MD 4, but with some addition security.

MD 5 slower, and secure compared to MD 4.

MD 5 accepts an input of 512 bit blocks.

MD 5 produces a 128 bit hash or message digest.

MD 5


Symmetric Encryption

E (P,K) D (C,K)

Plaintext (P)

Secret Key (K)

Ciphertext (C)

Plaintext (P)

Secret Key (K)


Symmetric cryptographic algorithms are also called as secret key

cryptography.

Symmetric cryptographic algorithms rely on only one key, called as

secret key.

Encryption and decryption are carried out with the help of the same key.

Symmetric cryptographic algorithms uses block cipher.

DES, 3DES and AES are some common examples of symmetric

cryptographic algorithms



To accomplish encryption and decryption, most of the secret key

algorithms uses two main techniques known as substitution and

permutation.

Substitution is simply a mapping of one value to another value.

Permutation is a reordering of the bit positions for each of the inputs.

There techniques are used a number of times in iterations called rounds.

In general, the more rounds there are, the more secure the algorithm.



DES-Data Encryption Standard.

DES uses a block size of 64 bits; that means it accepts an input of 64

bits and produces an out of 64 bits.

DES uses the key of 56 bits.

The plain text is divided in block size of 64 bits. If the last block is

less than 64 bits, extra pits are added.

Symmetric Encryption-DES


DES performs permutation and substitution on each block for 16

times. It works in three stages.

◦ The algorithm accepts plaintext P, and performs initial permutation, IP, on P

producing P0.The block is then broken into left and right halves, the left (L0)

begin first 32 bits of P0 and the right begin the last 32 bits of P0.

◦ With L0 and R0, 16 rounds are performed until L16 and R16 are generated.

◦ The inverse permutation IP-1, is applied to L16R16 to produce ciphertext C.





The effectiveness of DES depends on some key factors

◦ The secret key must be distributed over a secure channel.

◦ If weak keys are chosen, then the DES is vulnerable to attacks.

◦ If less than 16 rounds of permutations are substitution are used,

then DES is vulnerable to attacks.



AES - Advance Encryption Standard.

AES can have key size of 128, 192, 256 bits.

Based on the size of the key, multiple rounds are performed.

◦ 128 bit key will require 9 rounds



AES requires an input plaintext of 128 bits, and produces a 128 bit

block of ciphertext.

Symmetric Encryption-AES


The following 4 steps are performed in every round.

◦ Byte sub: Each byte is replaced by its substitute.

◦ Shift row: Bytes are shifted are arranged.

◦ Mix column: Matrix multiplication is performed based upon the

arrangement.

◦ Add round key: This round's sub-key is cored in.

Symmetric Encryption-AES

Chapter 8. Cryptography is the science of keeping information secure in terms of confidentiality and integrity. Cryptography is also referred to as.

Documents

private key cryptography

single key

key exchange

mohammed slide

cryptography algorithm

stream cipher

plaintext message

caesar cipher