Top Banner

Click here to load reader

Cryptography & Steganography

Jul 15, 2015



Cryptography & Steganography

Cryptography & SteganographyPresented ByAnimesh Shaw(Psycho_Coder)Digital Evidence Analyst TraineeDiscussion GoalsCryptography Definition.History of Cryptography.Basic Terminologies.Importance of Cryptography.Types of Cryptography.Cryptography Algorithms.RSA (Public Key)DES (Symmetric)Hash FunctionsDigital SignaturesWatermarkingCryptographyDefinition, History, TypesWhat is Cryptography ?Cryptography is an art of Secret writing

OrCryptography -- from the Greek for secret writing (Kryptos means HIdden, graphein means writing) -- is the mathematical scrambling of data into unreadable form to preserve confidentiality.

OrCryptography is the process of converting plaintext into ciphertext

Friends & Foes : Juvia, Gray, LyonJuvia and Gray wants to communicate securely.Lyon (Intruder) may intercept and tamper the communication.securesendersecurereceiverChannelData, control messagesDataLyon

JuviaGrayBase Cryptography MechanismEncryptionAlgorithmplaintextCiphertextplaintextLyon


DecryptionAlgorithmKey AKey BCryptography Issues

CIA TraidThese three concepts form what is often referred to as the CIA triad (Figure 1.1). The three concepts embody the fundamental security objectives for both data and for information and computing services. FIPS PUB 199 provides a useful characterization of these three objectives in terms of requirements and the definition of a loss of security in each category: Confidentiality (covers both data confidentiality and privacy): preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Integrity (covers both data and system integrity): Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.Although the use of the CIA triad to define security objectives is well established, some in the security field feel that additional concepts are needed to present a complete picture. Two of the most commonly mentioned are: Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

7Confidentiality: only sender, intended receiver should understand message contents.sender encrypts message.receiver decrypts message.

End-Point Authentication: sender, receiver want to confirm identity of each other.

Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection.

..contd.History of CrytographyThere are three eras in the history of Cryptography:The Manual eraThe Mechanical eraThe Modern era

Manual era refers to Pen and Paper Cryptography and dates back to 2000 : Scytale, Atbash , Caesar, Vigenere.

Mechanical era refers to the invention of cipher machines. E.g.: Japanese Red and Purple Machines , German Enigma.

The modern era of cryptography refers to computers.

There are infinite permutations of cryptography available using computers. E.g.: Lucifer, Rijndael , RSA , ElGamal.

9The history of cryptography begins where many stories of history do. in ancient Egypt with hieroglyphics.

Scytale Spartan method involved wrapping a belt around a rod of a given diameter and lengthAtbash Hewbrew cipher which mirrored the normal alphabet (shown in The DaVinci Code)Caesar Shift all letters by a given number of letters in the alphabetVignre Use of a key and multiple alphabets to hide repeated characters in an encrypted message9Basic TerminologiesSome must known TermsBasic TermsCipher: the algorithm that does the encryption.

Ciphertext: the encrypted (scrambled) version of the message. Message altered to be unreadable by anyone except the intended recipients.

Cryptanalysis: the science of breaking cryptographic algorithms.

Cryptanalyst: a person who breaks cryptographic codes; also referred to as the attacker.

..contd.Cryptosystem The combination of algorithm, key, and key management functions used to perform cryptographic operations.

Decryption: the process of converting ciphertext back to the original plaintext.

Encryption: scrambling a message or data using a specialized cryptographic algorithm.

Initialization Vector Random values used with ciphers to ensure no patterns are created during encryption.

5Just like with many technical topics, Cryptography has its own lingo. Learning and using these terms and their definitions are the key to speaking like a crypto geek.12..contd.Key Sequence that controls the operation and behavior of the cryptographic algorithm.

Keyspace Total number of possible values of keys in a crypto algorithm.

Plaintext A message in its natural format readable by an attacker.

13Just like with many technical topics, Cryptography has its own lingo. Learning and using these terms and their definitions are the key to speaking like a crypto geek.13Cryptosystem Services or Security GoalsAuthenticationEnsures that whoever supplies or accesses sensitive data is an authorized party.

Confidentiality Assures that only authorized parties are able to understand the data.

..contd.IntegrityEnsures that when a message is sent over a network, the message that arrives is the same as the message that was originally sent.

NonrepudiationEnsuring that the intended recipient actually received the message & ensuring that the sender actually sent the message.Importance of CryptographyNeed for CryptographyEstablishing a Secure communication.Fulfil the security goals.Preservation of Authentic information.Secure Transaction.Privacy.Attributes of Strong EncryptionConfusionChange key values each roundPerformed through substitutionComplicates plaintext/key relationship

DiffusionChange location of plaintext in ciphertextDone through transposition18Strong encryption uses a combination of both of these attributes to attain a sufficiently complex algorithm.18Types of CryptographyEncryption SystemsSubstitution CipherConvert one letter to anotherCryptoquip

Transposition CipherChange position of letter in textWord Jumble

Monoalphabetic CipherCaesar20Substitution Cipher: Replacing one letter with anotherTransposition Cipher: World Jumble. Rearranging or reordering the letters within a messageMonoalphabetic Cipher: Algorithm that substitutes one letter in the ciphertext alphabet for one in the plaintext alphabet

20Encryption SystemsPolyalphabetic CipherVigenre

Modular MathematicsRunning Key Cipher

One-time PadsRandomly generated keys21Polyalphabetic Cipher: Algorithm that substitutes a letter from two or more ciphertext alphabets for each plaintext alphabet letter based on position in the message.Modular Mathemaitcs: Sometimes referred to as clock arithmetic, computes operations over a given range of values from 0 to N. Referred to as modulo N.One-time Pads: Offer perfect secrecy if a true source of randomness is used, but is very difficult to use in practice.21Categories of CryptographyTraditional CryptographyCryptography in its early stages.Caesar CipherCaesar cipher is named after the Roman military and political leader Gaius Julius Caesar (100 BC 44 BC).1 Caesar used this relatively simple form of ciphering to encode military messages.Every character C in the message M is replaced by (C+3)

SchemeA B C D E ..D E F G H ..Example :- Plaintext = DADCiphertext = GDG

Rail Fence CipherPlaintext is written in successive rails diagonally. No. of rails is predefined, say 3.After the message exhausts on rails the message is read row-wise and it becomes the cipher text.For example, if we have 3 "rails" and a message of 'WE ARE DISCOVERED. FLEE AT ONCE', the cipher writes out:

W . . . E . . . C . . . R . . . L . . . T . . . E . E . R . D .S . O . E . E . F . E . A . O . C . . . A . . . I . . . V . . . D . . . E . . . N . .

Cipher Text : WECRL TEERD SOEEF EAOCA IVDENKamasutra CipherThe Kamasutra cipher is one of the earliest known substitution methods. The purpose was to teach women how to hide secret messages from prying eyes.

PrincipleThe key is the permutation of the alphabet. The plaintext and the ciphertext alphabet are the same. The alphabet is divided in two halves to pair the letters:F Y M Q G V O P D J R A KC I E U B X T S Z W N L HThe letter F becomes the letter C and B is replaced by G. The word "EXAMPLE" would be encoded by: "MVLESAM".

EnigmaUsed by the Germans during World War IIReplaced letters as they were typedSubstitutions were computed using a key and a set of switches or rotors.


27Symmetric Key CryptographySymmetric Key SchemeSame key for encryption and decryptionKey distribution problem

Cleartext with Key makes Ciphertext

Ciphertext with Key makes Cleartext

29Winning Lotto #s:aWDHOP#@-w9

aWDHOP#@-w9Winning Lotto #s:

29..contd.AdvantagesSymmetric algorithms are fastThey are difficult to break if a large key size is usedOnly one key needed3030..contd.DisadvantagesSymmetric keys must remain secretDifficult to deliver keys (key distribution)Symmetric algorithms dont support authenticity or nonrepudiationYou cant know for sure who sent the messag