Contents
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
Basic Terms
Encryption
Scrambling a message or data using a specialized cryptographic algorithm.
Plaintext
The message or data before it gets encrypted.
Ciphertext
The encrypted version of the message.
Cipher
The algorithm that does the encryption.
Decryption
The process of converting ciphertext back to the original plaintext.
Cryptography
Cryptography is the study of
" Secret (crypto-) writing (-graphy)
It can be described as the study of protecting information weather in transit or at rest, by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptanalysis is the science of recovering the plaintext from the ciphertext without access to the key.
Plaintext Ciphertext Plaintext
Encryption Decryption
The General Goals of Cryptography
Confidentiality
Assuring that only authorized parties are able to understand the data.
Integrity
Ensuring that when a message is sent over a network, the message that arrives is the same as the message that was originally sent.
Authentication
Ensuring that whoever supplies or accesses sensitive data is an authorized party.
Nonrepudiation
Ensuring that the intended recipient actually received the message & ensuring that the sender actually sent the message.
Common Types of Attacks
Ciphertext-Only Attack
Known-Plaintext Attack
Chosen-Plaintext Attack
Chosen-Ciphertext Attack
Dictionary Attacks
Substitution Ciphers
Caesar’s Cipher
A B C D E F G H I J K L . . . . . . . .
X Y Z A B C D E F G H I J K L . . . . . . .
Atbash Cipher
A B C D E F G H I J K L . . . . . . . .
Z Y X W V U T S R Q P O. . . . . . .
Vigenere Cipher
Polyalphabetic cipher to overcome the shortcomings of simple substitution ciphers
Plaintext
Caesar’s alphabet
Plaintext
Atbash’s alphabet
ATTACKATDAWN………
LEMONLEMONLE……..
LXFOPVEFRNHR……….
Plaintext
Key
Ciphertext
Transposition Cipher
In a transposition cipher, permutation is used, meaning that letters are scrambled. The key determines the positions that the characters are moved to.
Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency analysis.
example text
examp letex
24153 31524
xmepa tlxee
Message
Broken into groups
Key
Ciphertext
Steganography- “Concealed Writing”
It is the art and science of writing hidden messages in an object(wave file, graphic, audio or video) in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message.
The least significant bit of each byte of the image can be replaced with bits of the secret message.
Example of still imagery steganography. Left hand side image is the original cover image,
where as right hand side does embedding a text file into the cover Image make the stego image.
The advantage of steganography, over cryptography alone, is that messages do not attract attention.
Symmetric Secret Key Encryption
With this approach the sender and the receiver use the same secret key to encrypt and decrypt messages.
The strength of symmetric key encryption is fast, bulk encryption.
Major Challenges
Key distribution- It requires a secure mechanism to deliver keys properly.
Scalability- Each pair of users needs a unique pair of keys, so the number of keys grow exponentially
Examples of symmetric algorithms are as follows:
DES (Data Encryption Standard)
3DES
AES (Advanced Encryption Standard)
Types of Symmetric Algorithms
Block Cipher
Operate by encrypting a fixed amount, or “block,” (64 or 128 bit) of data
It is somewhat faster than stream cipher each time n characters executed.
Transmission errors in one cipher text block have no affect on other blocks.
Identical blocks of plaintext produce identical blocks of cipher text.
Block encryption may be more susceptible to cryptanalysis than either stream mode.
Stream cipher
Treats the message as a stream of bits or bytes and performs mathematical functions on them individually
The same plaintext bit or byte will be transformed into a different ciphertext bit or byte each time it is encrypted
Stream cipher is less vulnerable to insertion or deletion.
Transmission error at the nth bit in the stream cipher may lead to incorrect ciphertext thereafter.
Common Symmetric Algorithms
DES
Designed by IBM in the 1970s and adopted by the National Institute for Standards and Technology (NIST)] in 1977 for commercial and unclassified government applications.
DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks.
DES results in a permutation among the 264 possible arrangements of 64 bits, each of which may be either 0 or 1
Triple DES (3DES) is an enhanced version of DES which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
AES
AES was announced by National Institute of Standards and Technology on November 26, 2001.
AES is a block cipher with a block length of 128 bits.
It allows for three different key lengths: 128, 192, or 256 bits.
Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys.
Asymmetric Secret Key Encryption
Asymmetric encryption uses a key pair (Public key and Private key) .
The two different asymmetric keys are mathematically related but cannot be derived from each other.
Each key type can be used to encrypt and decrypt. If data is encrypted with a private key, it must be decrypted with the corresponding public key and vice versa.
Better key distribution and scalability than symmetric systems.
Works much slower than symmetric systems.
Examples of asymmetric key algorithms:
RSA
Elliptic Curve Cryptosystem (ECC)
Common Asymmetric Algorithms
RSA (Ron Rivest, Adi Shamir and Leonard Adleman)
Developed in 1978 at MIT
RSA gets its security from the difficulty of factoring large numbers
Best known & widely used
Each user generates a public/private key pair by applying the RSA algorithm to two large primes at random say p and q
One advantage of using RSA is that it can be used for encryption and digital signatures
RSA is used in many Web browsers with the Secure Sockets Layer (SSL) protocol
Common Asymmetric Algorithms (contd.)
Elliptic Curve Cryptosystems (ECCs)
ECC was introduced by Victor Miller and Neal Koblitz in 1985
For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible
The size of the elliptic curve determines the difficulty of the problem.
ECC requires significantly smaller key size with same level of security as compared to the key size for RSA : faster computations, need less storage space
ECC ideal for constrained environments : Pagers , PDAs , Cellular Phones and Smart Cards
Public Key Cryptography
It is a hybrid use of two different algorithms: asymmetric and symmetric
Public key cryptography uses two keys (public and private) generated by an asymmetric algorithm for protecting encryption keys and key distribution, and a secret key is generated by a symmetric algorithm and used for bulk encryption.
Bill sends a message
Hashing Techniques
Cryptographic hashing functions are used to ensure the integrity of data using an integrity checksum.
Hashing functions are one-way functions. This means that the ciphertext (i.e., the checksum) cannot be used to reconstruct the plaintext.
The checksum (the ciphertext) is much smaller than the plaintext.
Hashing functions provide a kind of digital fingerprint.
The security of the hashing function is related to the size of the resulting checksum (in bits)
Examples of Hashing Algorithms:
MD5 (Message-Digest algorithm 5)
SHA (Secure Hash Algorithm)
Hashing Algorithms
MD5
128- bit hash value typically expressed as a 32-digit hexadecimal number.
MD5 processes a variable-length message into a fixed-length output of 128 bits.
It is easy to compute.
It is infeasible to modify a message without changing its hash.
No two messages have the same hash.
SHA
SHA-1 produces a 160-bit hash value.
SHA-256 uses 32-bit words.
SHA-512 uses 64-bit words.
The collision ratio for SHA is far less than the collision ratio MD5.
Digital Signatures
Goals
Itshould be proof of authenticity and should be impossible to forge.
It should be impossible to alter the signed document without detection.
It should be impossible to transplant the signature to another document.
Technology
A hash function to help generate the digital signature, S.
Symmetric (secret key) cryptography to encrypt the message, M.
Public key cryptography to share the secret key used to encrypt and decrypt the message, M.
Public key cryptography to encrypt and decrypt the digital signature, S.
Transport Layer Security
It provides communication security over the Internet.
Encrypt the segments of network connections at the Application Layer using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.
Widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging etc.
The TLS protocol is made up of two layers.
The record protocol is designed to protect confidentiality
The handshake protocol allows authentication
TLS is application protocol-independent.
A vulnerability (CVE-2011-3389) was reported in The SSL protocol which allows attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack on an HTTPS session.
Public key infrastructure (PKI)
It consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.
PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard protocols
PKI provides authentication, confidentiality, nonrepudiation, and integrity of the messages exchanged
PKI is a hybrid system of symmetric and asymmetric key algorithms
Each person who wants to participate in a PKI requires a digital certificate