Click here to load reader
Dec 23, 2015
CryptographyChapter 8
Prepared by Saher H. Mohammed 2
Cryptography is the science of keeping information secure in terms of confidentiality and integrity.
Cryptography is also referred to as encryption.
Encryption is specifically the transformation of unencrypted data (plaintext) into encrypted form (cipher-text).
Decryption is the process of recovering the plaintext message from the cipher-text.
The process used to encrypt the plaintext or decrypt the cipher-text is referred to as cryptography algorithm.
Cryptographic algorithms generally use a key, or multiple keys, in order to encrypt or decrypt the message.
Cryptography
Prepared by Saher H. Mohammed 3
The Caesar cipher involves shifting each letter of the plaintext message by a certain number of letters.
SECURE can be transformed to VHFUHW by using 3 forward shifts.
ROT13 moves each letter 13 places forward.
Caesar Cipher
Prepared by Saher H. Mohammed 4
Modern cryptographic algorithms can be broadly classified into two types◦ Symmetric cryptography ◦ Asymmetric cryptography
Each approach has its own pros and cons.
Generally, symmetric cryptography is faster but has some issues with key exchange.
Modern Cryptographic Mechanisms
Prepared by Saher H. Mohammed 5
Symmetric key cryptography is also called as private key cryptography.
Symmetric key cryptography uses only a single key for both encryption and decryption.
The key is shared between the sender and receiver.
The weakness of symmetric key cryptography lies in the use of one key. If the key is exposed beyond the sender and receiver, it is possible for attacker to intercept the message.
Symmetric key cryptography provides only confidentiality, and not integrity.
Symmetric Cryptography
Prepared by Saher H. Mohammed 6
Symmetric key cryptography makes use of two types of ciphers: block cipher and stream cipher.
A block cipher takes a predetermined number of bits, known as block, in the plaintext message and encrypts that block.
Blocks are commonly composed of 64 bits, but can be larger or smaller.
Block cipher are slower, but more efficient. They are also very complex to implement on hardware and software.
Block versus Stream Cipher
Prepared by Saher H. Mohammed 7
Block ciphers are also more sensitive to errors in the encryption process.
Block ciphers are used in the situations where the message size is constant or known in advanced.
A stream cipher encrypts each bit in the plaintext message, 1 bit at a time.
Since stream cipher encrypt a single bit at a time, they are slow.
A stream cipher is used when the message size is unknown.
Common example of symmetric key algorithms are DES, 3DES and AES.
Block versus Stream Cipher
Prepared by Saher H. Mohammed 8
Asymmetric cryptography uses two keys; a public key and a private key.
The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone.
The private key are used to decrypt data that arrives at the receiving end and are carefully guarder by the receiver.
Complex mathematical operations are used to create the private and public keys.
Asymmetric Cryptography
Prepared by Saher H. Mohammed 9
The main advantage of asymmetric key cryptography is the loss of the need to distribute the key.
Common example of asymmetric key algorithms are RSA algorithm, ECC and DSS.
Asymmetric Cryptography
Prepared by Saher H. Mohammed 10
Hash functions are third type of cryptography, also called as keyless cryptography.
Hash functions are also referred to as message digests, they create a large unique and fixed–length hash value (hash).
Hash functions perform one-way encryption. Meaning that once the algorithm is processed, there is no way to take the cipher-text and retrieve the plaintext.
Common examples of hash functions are SHA, MD2, MD4 and MD5.
Hash Functions
Prepared by Saher H. Mohammed 11
Digital signatures allow us to sign a message in order to enable detection of changes to the message contents.
This ensures that the message was legitimately sent by the expected party.
This also prevents the sender from denying that he or she sent the message, know as non-repudiation.
The sender would generate a hash of the message, then use the private key to encrypt the hash, this is called as digital signature. Digital signature is attached with the message.
The receiver would use the sender’s public key to decrypt the digital signature.
Digital Signatures
Prepared by Saher H. Mohammed 12
Digital Signatures
Sender
Hash
Mathematical Hash Function
Digital Signature
Use private key to encrypt the hash
code
Receiver
Original Message + Digital signature
Use public key of the sender to
decrypt the digital signature
Prepared by Saher H. Mohammed 13
Protecting Data at Rest◦ Data Security◦ Physical Security
Protecting Data in Motion◦ Protecting the data itself◦ Protecting the connection
Protecting Data in Use◦ Policies and procedures
Protecting Data at Rest, In Motion and In Use.
Prepared by Saher H. Mohammed 14
A hash is a special mathematical function that performs one-way
encryption.
One the hashing algorithm is processed, there is no feasible way to
take cipher-text and retrieve the plaintext that was used to generate
it.
Common use of hashing functions are storing computer passwords
and ensuring message integrity.
Hashing
Prepared by Saher H. Mohammed 15
Hashing function can produce a unique value corresponding to the
data entered, but the hashing value is also reproducible by everyone
else running the same algorithm against the same data.
The hashing algorithm can be attacked with what is called collision
attack.
Hashing
Prepared by Saher H. Mohammed 16
Hashing
Hashing Function/ Hashing Algorithm
Plain Text
Hashing Code/ Message Digest/
Message Authentication
Code (MAC)
Prepared by Saher H. Mohammed 17
Hashing
Hashing Function/ Hashing Algorithm
Plain Text
Hashing Code
Hashing Function/ Hashing Algorithm
Hashing Code
Plain Text
Prepared by Saher H. Mohammed 18
Hashing – Collision Attack
Hashing Function/ Hashing Algorithm
Plain Text 2
Hashing Code
Plain Text 1
Prepared by Saher H. Mohammed 19
SHA accepts an input of up to 264 bits or less and then compresses the input
plain text to a hash of 160 bits.
SHA works in block mode, separating the data into words first, and then
grouping the words into blocks.
The words are 32 bit strings converted to hex; grouped together as 16
words. This makes up a 512 bit block.
If the plain text data input to SHA is not a multiple of 512 bits, the message is
padded with 0’s and an integer describing the original length of the
message.
SHA Hashing Algorithm
Prepared by Saher H. Mohammed 20
SHA Hashing Algorithm
Original message-plaintext
Padding (If required)
Hashing Function
Message Digest
Prepared by Saher H. Mohammed 21
SHA is one of the most secure hashing algorithms, with no known
successful attacks against it.
The cipher code of 160 bits in SHA is very long compared to other
common 128 bit cipher codes.
This added security and resistance to attacks in SHA requires more
processing power.
SHA Hashing Algorithm
Prepared by Saher H. Mohammed 22
Message Digest (MD) is the generic version of one of the three
algorithms, all designed to create a MD or hash from the data input
by using algorithms.
All these algorithms were developed by Ronald L. Rivers of MIT.
Various version of MD algorithms are
MD 2
MD 4
MD 5
Message Digest (MD)
Prepared by Saher H. Mohammed 23
MD 2 takes a data input of 16 bytes and produces a hash or MD of
128 bits.
MD 2 is optimized for 8 bit machines.
If the data input is less than16 bytes, then the input is padded.
After padding, a 16 byte checksum is appended to the message.
The message is processed in 16 byte blocks. After the entire
message is processed in 16 bytes blocks, a 128 bit message digest
or hash is produced.
MD 2
Prepared by Saher H. Mohammed 24
The success of MD 2 depends on the addition of checksum to the
message.
If the checksum is not appended to the original message, then MD 2
is vulnerable to collision attack.
MD 2
Prepared by Saher H. Mohammed 25
MD 4 is optimized for 32 bit computers.
MD 4 accepts an input of 512 bits or multiple of 512 bits.
If the input is less than 512 bits, extra bits are padded to make the
input 512 bits.
After this input block of 512 bits is processed, MD 4 produces a hash
or MD of 128 bits.
MD 4 is fast algorithm, but not secure. MD 4 is very vulnerable to
collision attacks.
MD 4
Prepared by Saher H. Mohammed 26
MD 5 is similar to MD 4, but with some addition security.
MD 5 slower, and secure compared to MD 4.
MD 5 accepts an input of 512 bit blocks.
MD 5 produces a 128 bit hash or message digest.
MD 5
Prepared by Saher H. Mohammed 27
Symmetric Encryption
E (P,K) D (C,K)
Plaintext (P)
Secret Key (K)
Ciphertext (C)
Plaintext (P)
Secret Key (K)
Prepared by Saher H. Mohammed 28
Symmetric cryptographic algorithms are also called as secret key
cryptography.
Symmetric cryptographic algorithms rely on only one key, called as
secret key.
Encryption and decryption are carried out with the help of the same key.
Symmetric cryptographic algorithms uses block cipher.
DES, 3DES and AES are some common examples of symmetric
cryptographic algorithms
Symmetric Encryption
Prepared by Saher H. Mohammed 29
To accomplish encryption and decryption, most of the secret key
algorithms uses two main techniques known as substitution and
permutation.
Substitution is simply a mapping of one value to another value.
Permutation is a reordering of the bit positions for each of the inputs.
There techniques are used a number of times in iterations called rounds.
In general, the more rounds there are, the more secure the algorithm.
Symmetric Encryption
Prepared by Saher H. Mohammed 30
DES-Data Encryption Standard.
DES uses a block size of 64 bits; that means it accepts an input of 64
bits and produces an out of 64 bits.
DES uses the key of 56 bits.
The plain text is divided in block size of 64 bits. If the last block is
less than 64 bits, extra pits are added.
Symmetric Encryption-DES
Prepared by Saher H. Mohammed 31
DES performs permutation and substitution on each block for 16
times. It works in three stages.
◦ The algorithm accepts plaintext P, and performs initial permutation, IP, on P
producing P0.The block is then broken into left and right halves, the left (L0)
begin first 32 bits of P0 and the right begin the last 32 bits of P0.
◦ With L0 and R0, 16 rounds are performed until L16 and R16 are generated.
◦ The inverse permutation IP-1, is applied to L16R16 to produce ciphertext C.
Symmetric Encryption-DES
Prepared by Saher H. Mohammed 32
Symmetric Encryption-DES
Prepared by Saher H. Mohammed 33
The effectiveness of DES depends on some key factors
◦ The secret key must be distributed over a secure channel.
◦ If weak keys are chosen, then the DES is vulnerable to attacks.
◦ If less than 16 rounds of permutations are substitution are used,
then DES is vulnerable to attacks.
Symmetric Encryption-DES
Prepared by Saher H. Mohammed 34
AES - Advance Encryption Standard.
AES can have key size of 128, 192, 256 bits.
Based on the size of the key, multiple rounds are performed.
◦ 128 bit key will require 9 rounds
◦ 192 bit key will require 11 rounds
◦ 256 bit key will require 13 rounds
AES requires an input plaintext of 128 bits, and produces a 128 bit
block of ciphertext.
Symmetric Encryption-AES
Prepared by Saher H. Mohammed 35
The following 4 steps are performed in every round.
◦ Byte sub: Each byte is replaced by its substitute.
◦ Shift row: Bytes are shifted are arranged.
◦ Mix column: Matrix multiplication is performed based upon the
arrangement.
◦ Add round key: This round's sub-key is cored in.
Symmetric Encryption-AES