Information Systems Security Introduction to Cryptography.

Information Systems Security

Introduction to Cryptography

What is Cryptography

It is an applied branch of mathematics It is used to provide

Confidentiality Integrity Authentication Authorization Non-repudiation

Why Cryptography

Encrypting data against disclosure, modification

Signing data against modification, repudiation To provide security for eCommerce

Application area Storing data encrypted

Even access would not lead to disclosure Transmitting data securely

Prevent eavesdropping Identifying your partner

Prevent man in the middle attack Proof of identity

Avoiding impersonation

Terms used Encryption

The process of encoding a message so that the meaning is not obvious

Decryption The reverse process of encryption

Plaintext The original form of the message

Cipher text The disguised (encrypted) text

Terms used

P – plaintext C – cipher text E – encryption algorithm D – decryption algorithm

C = E(P)P = D(C)P = D(E(P))

Terms used

The encryption process involves An algorithm – mostly public A key – must be private

C = EK(P)

P = DK(C)

P = DK(EK(P))

Software components Hash functions: handling the whole document

takes too long Encryption/decryption: same algorithm for

symmetric but different for asymmetric and signature

Signature: combine a document with a private key

Key agreement: creating a shared secret Key generation: creating secure keys

Classification of Cryptographic Systems The way the plaintext is processed

Block cipher Stream cipher

Type of operations performed Substitution Transposition

Number of keys used Symmetric Asymmetric

Block encryption

Data divided into fixed size blocks and symmetric encryption worked on them one at a time (e.g. 64 bits in 64 bits out)

Main method is substitution and permutation by using S-boxes

Early block cipher: Playfair Present block cipher: DES, AES

Stream encryption

Symmetric encryption done on the bit stream (1 bit in, 1 bit out)

The usual method is to use symmetric encryption in chain mode (cipher block chaining) where the previous cipher block is XOR to next plaintext block

Early stream cipher: Vigerene Present stream cipher: RC4

Classical techniques - Substitution

Substitute a character, digit or symbol for each character in plaintext

Examples Mono alphabetic cipher

Caesar cipher Atbash cipher

Poly alphabetic cipher Playfair cipher

The Caesar cipher - Cryptanalysis

Try all 25 possible keys Use the nature of the plain text

Single character occurrences Digrams Trigrams

The Caesar cipher – CryptanalysisFrequency Table of single letters

The Caesar cipher – CryptanalysisDigrams and Trigrams

Digrams an, re, er, nt, th, on, in, am, is, to, be, he,

we, no, ofTrigrams

ent, ion, and, the, are, you, she, not

Playfair cipher Use a 5 x 5 matrix Use a keyword Use 2 characters at a time

Playfair cipher - rules

Repeating plaintext letters are separated with a filling letter e.g. X

Plaintext letters on the same row is replaced by letters right to it

Plaintext letters on the same column is replaced by letters beneath it

Else, replace plaintext by the corner letters of the rectangle formed by the 2 letters

Playfair example

Key: PLAYFAIR EXAMPLE

P L A Y F

1 R E X M

B C D G H

J K N O S

T U V W Z

Playfair example

Plain text

Hide the gold in the tree stump Change into capital letters

HI DE TH EG OL DI NT HE TR EE ST UM P Check for repeating letters

HI DE TH EG OL DI NT HE TR EX ES TU MP Encrypt

Playfair example

What is the cipher text? BM ND ZB XD KY BE JV DM UI XM MN UV

IF

Transposition

Change the location of a character Examples

Rail fence cipher Columnar transposition Enigma machine

Rail fence cipher Plain text

we are discovered flee at onceRail fence cipher of 3 rails

W..R..I..O..R..F..E..O..E .E..E..S..V..E..L..A..N.. ..A..D..C..E..D..E..T..C.

Cipher text WRIORFEOEEESVELANADCEDETC

Symmetric encryption

Based on a shared secret by the participants and an algorithm

The secret is used for both encryption and decryption key

To protect the confidentiality of the data Are usually efficient and fast Main weakness is the need for the shared

secret

Symmetric encryption

Asymmetric encryption

Designed to overcome issues relating to key distribution

Also offers authenticity 2 keys

Public key – known by everyone Private key – known only by owner

Keys operate as inverse, one key can decrypt message encrypted by the other

Asymmetric encryption

Symmetric vs Asymmetric

Symmetric Asymmetric

Number of keys 1 2

Protection Must be secret Public & Private

Key distribution Out of band Used to exchange other keys

Speed Fast 10,000 times slower

Usage Security & integrity of data

Key exchange, authentication

Hash A hash is a cryptographic one way function

that produces a record smaller than the plaintext

The plaintext cannot be recovered from the hash and for a good hash function it is impossible for 2 plaintexts to produce the same hash (collision)

Hash

A hash encrypted by the document signer’s private key can be used as a signature for a document

Used to produce Message Authentication Codes (MAC) to verify the integrity of a message

Digital signature

Algorithms

Symmetric DES, 3DES, AES

Asymmetric RSA, DSA (only for signature)

Hash Sha-1, MD5

Others Diffie-Hellman for key agreement

PGP (Pretty Good Privacy)

Designed by Phil Zimmermann for providing cryptographic protection of e-mail and file storage

Uses the strong cryptographic algorithm Offers

Authentication using digital signatures Confidentiality with use of encryption

Bytes conversion to ASCII for e-mail

PGP design philosophy

Written for individual technically skilled end users Every user creates and manages their own keys Every user has a freedom to choose whom to

trust No administrative organisation or government

involved in operation

Sending a PGP message

Receiving a PGP message