Lecture 11

CRYPTOGRAPHY & NETWORK SECURITY

1

CRYPTOGRAPHY COMPONENTS

Cryptography, a word with Greek origins, means “secret writing.” However, we use the term to refer to the science and art of transforming messages to make them secure and immune attacks.

2

CRYPTOGRAPHY COMPONENTS

the original message, before being transformed, is called plaintext. After the message is transformed, it is called ciphertext. An encryption algorithm transforms the plain-text into ciphertext; a decryption algorithm transforms the ciphertext back into plaintext. The sender uses an encryption algorithm. And the receiver uses a decryption algorithm.

Ciphers referred also to encryption and decryption algorithms

3

CATEGORIES OF CRYPTOGRAPHY All cryptography algorithms (ciphers) divided into two

groups: symmetric-keys (also called secret key) cryptography algorithms and asymmetric-key (also called public-key) cryptography algorithms.

4

SYMMETRIC-KEY CRYPTOGRAPHY In symmetric-key cryptography, the same key is used

by the sender (for encryption) and the receiver (for decryption).

The key is shared. (A key is a number or a set of numbers that the cipher, as an algorithm, operates on).

5

SYMMETRIC-KEY CRYPTOGRAPHY

Symmetric-key cryptography started thousands of years ago when Symmetric-key cryptography started thousands of years ago when people needed to exchange secrets (for example, in a war). We still people needed to exchange secrets (for example, in a war). We still mainly use symmetric-key cryptography in our network security. mainly use symmetric-key cryptography in our network security.

Traditional ciphers

6

TRADITIONAL CIPHERS

A substitution cipher replaces one symbol with another.

Substitution ciphers can be categorized as either monoalphabetic or polyalphabetic ciphers

In monoalphabetic, a character ( or a symbol) in the plaintext is always changed to the same character (or a symbol) in the ciphertext regardless of its position in the text.

7

MONOALPHABETIC EXAMPLE

The following shows a plaintext and its corresponding ciphertext. Is the cipher monoalphabetic?

Solution

The cipher is probably monoalphabetic because both occurrences of L’s are encrypted as O’s.

8

SUBSTITUTION CIPHER

In a polyalphabetic cipher, each occurrence of a character can have a different substitute.

For example,

Solution

The cipher is not monoalphabetic because each occurrence of L is encrypted by a different character. The first L is encrypted as N; the second as Z. 9

SUBSTITUTION CIPHER

The simplest monoalphabetic cipher is probably the shift cipher, assume that the plaintext and ciphertext consist of uppercase letters (A to Z) only. Sometimes referred to as the Caesar cipher.

Example; Use the shift cipher with key = 15 to encrypt the message “HELLO.”

Solution

We encrypt one character at a time. Each character is shifted 15 characters down. Letter H is encrypted to W. Letter E is encrypted to T. The first L is encrypted to A. The second L is also encrypted to A. And O is encrypted to D. The cipher text is WTAAD.

10

TRANSPOSITION CIPHERS In this type, there is no substitution of characters;

instead, their locations change. Its reorders (permutes) symbols in a block of symbols.

Plaintext : 2 4 1 3 Ciphertext: 1 2 3 4 In encryption, move the character at position 2 to position 1, the

character at position 4 to position 2, and so on. In decryption, do the reverse.

11

TRANSPOSITION CIPHERS

Example;Encrypt the message “HELLO MY DEAR,” using the above key

Solution

We first remove the spaces in the message. We then divide the text into blocks of four characters. We add a bogus character Z at the end of the third block. The result is HELL OMYD EARZ. We create a three-block ciphertext ELHLMDOYAZER.

12

SIMPLE MODERN CIPHERS

XOR Cipher Rotation Cipher Substitution Cipher: S-box Transposition Cipher: P-box Modern Round Ciphers Data Encryption Standard (DES) Advanced Encryption Standard (AES)

13

ASYMMETRIC-KEY CRYPTOGRAPHY In asymmetric or public-key cryptography, there are

two keys: a private key and a public key. The private key is kept by the receiver. The public

key is announced to the public. Two algorithms used: RSA and Diffie-Hellman

14

COMPARISON BETWEEN TWO CATEGORIES OF CRYPTOGRAPHY

15

NETWORK SECURITY

16

MESSAGE CONFIDENTIALITY Message confidentiality or privacy means that the

sender and the receiver expect confidentiality. The transmitted message must make sense to only the intended receiver. To all others, the message must be garbage. When a customer communicates with her bank, she expects that the communication is totally confidential.

The concept of how to achieve message confidentiality or privacy has not changed for thousands of years. The message must be encrypted at the sender site and decrypted at the receiver site. This can be done using either symmetric-key cryptography or asymmetric-key cryptography.

17

MESSAGE INTEGRITY Message integrity means that the data must arrive at

the receiver exactly as they were sent. There must be no changes during the transmission, neither accidentally nor maliciously. As more and more monetary exchanges occur over the Internet, integrity is crucial.

For example, it would be disastrous if a request for transferring $100 changed to a request for $10,000 or $100,000.

The integrity of the message must be preserved in a secure communication.

Encryption and decryption provide secrecy, or confidentiality, but not integrity. However, on occasion we may not even need secrecy, but instead must have integrity.

18

MESSAGE INTEGRITY To preserve the integrity of a document, both the

document and the fingerprint are needed. If Alice needs to be sure that the contents of her

document will not be illegally changed, she can put her fingerprint at the bottom of the document. Eve cannot modify the contents of this document or create a false document because she cannot forge Alice's fingerprint. To ensure that the document has not been changed, Alice's fingerprint on the document can be compared to Alice's fingerprint on file. If they are not the same, the document is not from Alice. Message and message digest is example of this one

19

MESSAGE AUTHENTICATION

Message authentication is a service beyond message integrity. In message authentication the receiver needs to be sure of the sender's identity and that an imposter has not sent the message.

20

MESSAGE NONREPUDIATION

Message nonrepudiation means that a sender must not be able to deny sending a message that he or she, in fact, did send. The burden of proof falls on the receiver.

For example, when a customer sends a message to transfer money from one account to another, the bank must have proof that the customer actually requested this transaction.

21

ENTITY AUTHENTICATION

In entity authentication (or user identification) the entity or user is verified prior to access to the system resources (files, for example).

For example, a student who needs to access her university resources needs to be authenticated during the logging process.

This is to protect the interests of the university and the student.

22