Encryption on Internet Security PDF

Summary

This is a presentation on encryption, covering its importance in Internet security, different types of attacks, and security mechanisms. It discusses various cryptography techniques used for data protection.

Full Transcript

Encrypti
on
Internet Security - A way
to Cybersecurity
 Main Outlines

01 02
Internet Security
Introduction
and Services

03 04
Cryptography Encryption
Fundamentals Mechanisms
 Introductio
n
In today’s interconnected world, most
activities have shifted to digital platforms,
including communication, shopping, banking,
and business.
This interconnection is enabled by the
Internet, a global network that facilitates
seamless exchange of information.
Modern Communication Examples:
Secure messaging apps like WhatsApp,
Evolution in
Communicating
Techniques
 Need for Network Security
Sensitive Data Protection: Unauthorized users can intercept and
copy sensitive data during transmission, such as payroll records.
Message Integrity: Intruders may intercept and alter transmitted
messages, such as updating authorization files with false entries in
an organization.
Credential Misuse: Attackers can gain access to websites using
stolen credentials and perform unauthorized actions.
Fraudulent Transactions: Attackers can manipulate transaction
messages, causing financial losses and disputes, such as customers
denying sending specific instructions
 Threats and Attacks
A threat is a potential for violation of security,
which exists when ther is a capability, situtaion, or
action that could break security and cause harm
It is a possible danger that migh exploit a
vulnerability

An attack is an intelligent act which is a delibrate
attempt to violate and get away from a security
service
It is any action that endangers the security of
 Types of Attacks
Passive Active
Attempt to learn or make use of information Attempt to alter system resources or affect their
operation
Release of message contents: E-mail, Masquerade: one entity pretend to be a
file information different one
Traffic Analysis: determine location, Modification of messages: message is
identity of hosts, and patterns even if altered or reordered to produce unauthorized
masking the content effect
Denial of Service (DoS): prevents normal
use of a facility or disturb entire network

Hard to detect Can be detected
Can be prevented by means of encryption Difficult to prevent; thus focus on detection and
recover
Don’t affect system resources
Eavesdropping on transmissions
02
Internet
Security and
Services
Protection in the global network
 Internet Security

It refers to security designed to protect
systems and the activities of users while
connected to the internet, web browsers,
online banking and shopping, E-mails,
chatting applications.
To reduce threats facing users
It consists of measures to prevent,
detect, and recover.
 Security Services

Confidential
ity
no one should see
it other than the
sender and
Data Common services receiver
Integrity
no loss in data; to protect system
resources
what has been
sent = what is
received Availabilit
y system should
The
understand if it is an
attack and deal with it
while being open to
receive requests for its
 Security Mechanisms
Mechanis
Description
m
Use of mathematical algorithms to transform data
Encipherment
into a form that is not readily intelligible.

Data appended to a data unit that allows a recipient of
Digital
the data unit to prove the source and integrity of
Signature
the data unit

Authentication A mechanism intended to ensure the identity of an
Exchange entity by means of information exchange

Insertion of bits into gaps in a data stream to frustrate
Traffic Padding
traffic analysis attempts
03
Cryptography
Fundamentals
Mask content
Some Encipherment
Terminologies
Plaintext: An original message is known
Ciphertext: the coded, not readable message

Enciphering (or encryption): is the process of
converting from plaintext to ciphertext
Deciphering (or decryption): is the process of
restoring the plaintext from ciphertext
Secret key: is a secret value independent of
plaintext used by the algorithm

Cryptography: The study of the different schemes
and techniques used for secure communication
Cryptoanalysis: The art of deciphering a message
without any knowledge of enciphering details
Cryptology: Cryptography + Cryptoanalysis
 Cryptography

It is the way of transforming intelligible (or ordinary) message into one that is
unintelligible (or unreadable), and then retransforming that message back into its
original form. In which only authorized parties can decode.
It is based on mathematical algorithms in addition to a key which is a secret
value used to encrypt and decrypt the message. It is usually a string of
characters.
It should be a reversible process (that is Deck(Enck(m)) = m holds)
Its goal is to prevent intruder from intercepting messages
Model of Conventional
Cryptosystem
 Categorization of
Cryptography Techniques
Type (or Way of
Type of operations
number) of proceeding
used
keys plaintext
Substitution Symmetric Block Cipher
Replacement of Cryptography Process one
letters by other Same key used by block of
letters or symbols encryption and elements at a
decryption algorithms. time; an output
Transposition Examples: RC4, DES, AES block for each
Changes in letters’ input block
positions Asymmetric
Cryptography Stream Cipher
Different key for Operate input
encryption process than elements
that for decryption continuously
 Cryptoanalysis
Typically, the goal of the attacker is to identify the key used in encryption
rather than recovering the current plaintext
Two general approaches to attack a conventional encryption scheme
○ Cryptanalysis
It relies on nature of algorithm and might be some knowledge of
general characteristics of the plaintext or even some sample plaintext-
ciphertext pairs
○ Brute-force attack (or exhaustive search)
The attacker tries every possible key on some ciphertext until an
intelligible form of plaintext is obtained. That is the plaintext makes sense
 Types of Cryptanalytic Attacks
Based on information Type of Attack Known to Cryptanalyst Comment

known to the Ciphertext only Encryption algorithm Most difficult to defend
Ciphertext but the easiest one to
happen
cryptanalyst
Known Plaintext Encryption algorithm Aim is to determine PT
They are ordered based Ciphertext that was encrypted to
One or more PT-CT pairs give some other new CT
on their severity Chosen Plaintext Encryption algorithm Inserting a message and
(CPA) Ciphertext get its cipher and identify
The first two are PT chosen by cryptanalyst the patterns to reveal the
with generated CT structure of the key
passive in which the Chosen Ciphertext Encryption algorithm The attacker can obtain
(CCA) Ciphertext the decryption of any CT
attacker receives some CT chosen by cryptanalyst
with its decrypted PT
ciphertexts
Last two are active in
which the attacker can
 Encryption Schemes’
An encryption scheme Requirements
can be viewed as consisting of a way for
1. generating keys,
2. obtaining algorithm for encrypting, and
3. obtaining algorithm for decrypting
A scheme can be more secure, but not necessarily a sufficient way, by making the
key larger
Any algorithm should be:
○ Computationally secure
Attacker taking too long time to break the cipher; that is (1) the cost of breaking
the cipher exceeds the value of the encrypted information, and (2) the time
required by the attacker to break the ciphertext exceeds the of the encrypted
information

○ Unconditionally secure
It cannot be broken even with infinitely computational power and resources and
time; a ciphertext generated by the scheme doesn’t contain enough information to
uniquely determine the corresponding plaintext
 Symmetric VS Asymmetric
Symmetric Asymmetric
Known as private key cryptography;
Known as public key cryptography. Each
cannot be globally shared, only sender and
entity has a public and private key
receiver know

Receiver’s public key is used in encryption
Sender’s key is used in both encryption
and Receiver’s private key used in
and decryption
decryption

Ciphertext expands in size that it can be a
Ciphertext is same size as plaintext
double or triple of plaintext sent

Ideal for bulk data Ideal for limited size data

Strong encryption algorithm needed and
secure way to exchange key
04
Encryption
Mechanisms
Classical and Modern Algorithms
 Classical Encryption
Techniques
Substitution Technique A E
○ Letters are replaced by other letters or symbols B Q
○ For example, we use the following substitution C N
that is considered the key thus we get the
ciphertext
○ Ciphertext for the following message “cab” is
… ??

Transposition Plaintext: bag

○ No new letters just changing the position Chiphertext: bga,
abg, agb, gba, or
gab
Examples of classical techniques
Substitution Transposition
Caesar Cipher Rail Fence

Monoalphabetic Cipher Row Column Transposition

Playfair Cipher

Hill Cipher

Polyalphabetic Cipher

One-time Pad
 Caesar Cipher
Algorithm is as follows:
○ Replace each letter in the plaintext with the letter three A B C D
places forward in the alphabet (shift forward).
○ Mathematically,
assign letters a  z numbers 0  25
○ Encryption: C = E(k, p) = (p + 3) mod 26 where k is the key, a ?
p is the plaintext letter
○ Decryption: p = D(k, C)
It is a special case of a shift cipher in which key value is 3. A
key can get any value in the set {0, …, 25}
Advantage
○ Simple to implement and understand
○ Useful for learning the basics of substitution ciphers
Disadvantage
○ Easily broken (26 possible keys to try) and thus not secure
 Caesar Cipher - Example
Encrypt the following message “hello to codezilla”

a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 Monoalphabetic Cipher
Idea is to map each plaintext character to a different ciphertext
character in an arbitrary manner (not fixed as in shift ciphers)
Algorithm is as follows:
○ Use key sequence that replaces each letter with arbitrary letter
that is any permutation of the 26 alphabetic characters
○ A single cipher alphabet mapping is used per message

The mapping is one-to-one, the key space thus consists of all
permutations of the alphabet, thus the key space is 26! (approx. 2 88)
It is easy to break because they reflect the frequency data of the
original alphabet

An example of a key,
 Relative Frequency of English
Utilizing statistical patterns of
Letters
the English language to
attack a cipher

The following is for a unigram;
in which it examines single
letters.

Same applies for most
common two-letter words
(bigram) and three-letter
words (trigram)
 Cryptoanalysis using known-
plain text
Usually, cryptographers do not give word length and
punctuation
Messages were usually sent in blocks
Traditionally the blocks consisted of four or five letters.
THEMO STFAM OUSOF FICTI ONALD ETECT IVESS
HERLO CKHOL MESEN COUNT EREDC …

The beginning and ending of words is hidden by the five-
letter blocks, when searching for an encrypted the, we
must check every three consecutive letters
Cryptoanalysis using known-
plain text
FGWFM FRXNS PTAKN WXYBT WPJIF XFHWD UYTQT
LNXYB NYMYM JBFWI JUFWY RJSY

FGW GWF WFM FMF MFR FRX RXN XNS NSP SPT PTA
TAK AKN KNW NWX WXY XYB YBT BTW TWP WPJ PJI
JIF IFX FXF XFH FHW HWD WDU DUY UYT YTQ TQT
QTL TLN LNX NXY XYB YBN BNY NYM MYM YMJ MJB
JBF BFW FWI WIJ IJU JUF UFW FWY WYR YRJ RJS
JSY
 Polyalphabetic Cipher
It is a substitution technique in which the same plaintext
letter is mapped to different ciphertext letter
Algorithm
○ encrypts each letter with a different alphabet
○ Each plaintext letters in an odd position we encrypt
using the first ciphertext alphabet, whilst the
plaintext letters in even positions we encrypt using
the second alphabet

Solve the problem with the Caesar cipher and the mono- Plaintext: HELLO
Ciphertext: SHLJV
alphabetic cipher was that each plaintext letter always
encrypted to the same ciphertext letter (that is mapping
is fixed).
 Vigenère Cipher
It is a variant of the polyalphabetic substitution cipher
It applies multiple shift ciphers in sequence in which a short
word is chosen as the secret key
The key is now can be easily remembered

In this scheme
○ We use certain key value and replace each letter in the plaintext
with the help of the corresponding letter in the key
○ Use each key letter as a Caesar cipher key

To encrypt a message, a key size that is as long as the
message is needed.
 Vigenère Cipher - Example
Question: Encrypt the message “helloy” with keyword bag

Answer: a b c d e f g h i j k l m n o p q r s t u v w x y z

key: bagbag 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Plaintext: helloy
Key b a g b a g
1 0 6 1 0 6
Plaintext h e l l o y
7 4 11 11 14 24
Cipher 8 4 17 12 14 4
(k+p) mod 26
Ciphertext i e r m o e

Ciphertext: iermoe
 Question

a b c d e f g h i j k l m n o p q r s t u v w x y z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Using the Vigenère cipher, encrypt the word
"explanation" using the key leg
Vernam Cipher (One-Time Pad)
Choose key that results in no statistical relationship between plaintext
and ciphertext
Algorithm to encrypt
○ We use the plaintext in its binary string representation
○ Performing bitwise XOR of each bit with each bit of the key;
Ciphertext =
To decrypt a message
○ Since XORing variable with itself result in 0 and XORing a variable
with 0, keeps the variable as it is, we use
 One-Time Pad Strength
To explain why not to use same key twice, consider that the attacker (Eve,
or E) has chosen-plaintext attack. Assume that A (Alice) always uses the
same key to encrypt a message to B (Bob). If E wishes to determine this
key, they tries to generate m and asks A to encrypt it. Now, E has
ciphertext and plaintext and can easily computes k =

We know that if the key is different for every message and the key is as
long as the message, then such a system can be shown to be perfectly
secure, namely we have the one-time pad.

Note , that is for each plaintext-ciphertext pair will be a different key. It is
perfectly secret because given a ciphertext, there is no way an attacker can
know which plaintext it originated from.
However, the one-time pad is not practical in many situations.
○ We would like to use a short key to encrypt a long message.
○ We would like to reuse keys.
 Modern
Encryption
Algorithms
 Block Cipher
Previously discussed scheme is referred to as a stream
cipher in which encryption is performed by generating a
stream of random bits (the key) and then XORing it with
the plaintext.
Another example of a stream cipher is the RC4

A block cipher treats a fixed-size block of plaintext and
produces a ciphertext block of the same size. Typical size
of a block is 64 or 128 bits
It is slower than a stream cipher
Block cipher’s main property is to behave like a random
permutation; meaning that small changes in the input
 Block Cipher Principal

Operations
Idea is to break the input up into small parts and then feed these
parts through different small random functions.
Outputs of these functions are then mixed, and process is repeated
for a given number
Each application of random functions followed by mixing is called a
round of the network

Small random functions introduce “confusion” into the
construction (that is lack of structure). However, to spread the
confusion throughout, the results are mixed, achieving “diffusion”
Repeated use of confusion and diffusion ensures that any small
changes in the input will be mixed throughout and so the
outputs of similar inputs will look completely different (not
just in small places).

 Block Cipher Principal
Operations (Cont’d)
A substitution-permutation network is a direct implementation
of the previous paradigm
“Substitution” portion refers to small random functions (much like
mono-alphabetic substitution that is random 1-1). substitution
functions are called S-boxes
“Permutation” refers to mixing of the outputs of the random
functions (reordering of the output bits)

The process of defining the specifications on how the S-boxes and
mixing permutations should be chosen is referred to as design
principles for such construction
Choices for them determines whether a block cipher is trivially
breakable or very secure
 Block Cipher – Secret Key
One possibility is to have the key specify the S-boxes and
mixing permutations.

Another possibility is to mix the key into the computation in
between each round of substitution-permutation. Often by
using XOR operation.

Focusing on the second approach, the key to the block cipher
is referred to as a master key, and subkeys for each round
are derived from it; this derivation procedure is known as the
key schedule
 Feistel Structure

A way of constructing a block cipher

Most symmetric block encryption
algorithms are based on the
structure of the Feistel block cipher

The figure shows the encryption and
decryption processes

The input to a Feistel network is
separated into two halves, L and R
Feistel Structure – One Round
This figure is a one stage (or round, ) of the
Feistel structure

Typically, the function F receives a subkey
and contains components like S-boxes and
mixing permutations; thus, obtaining
confusion and diffusion properties of a
cipher
Function F works on half a block a time

This round is repeated many times with the
difference being that each round has its
scheduled key
 Feistel Cipher Design Feature
The following parameters differ Subkey generation
from one cipher to another: algorithm: whether using
Block size: how many bits multiple new keys
can be encrypted/decrypted Round function: operations
at a time; for example, 64 for for confusion and diffusion
DES and 128 for AES need to be complex
Key size: for each round Fast
there is a key for it that is encryption/decryption:
originated from the main key; mostly implemented in the
greater security require hardware, so need to be
greater key size, carried very fast to transfer
Number of rounds: needs data quickly
many rounds to not be easily Ease of analysis: to be
broken; higher means complex to cryptanalysis but
 Data Encryption Standard
(DES)
It is a symmetric block cipher. It is also
called Data Encryption Algorithm (DEA)
Replaced by Advanced Encryption
Standard (AES) in 2001

It is a 16-round Feistel network with a
block size of 64 bits
Key length is 56 bits (originally, it is 64
bits but reserving 8 bits for parity check).
Round key (subkey) is 48 bits

The use of IP and IP-1 is to slow down
software implementations of DES; since
hardware implementation takes almost
DES - One Round
 Simplified DES (S-DES)
Just for educational purposes
Key size of 10 bits
Block size is 8 bits
Two rounds
Its scheme as shown in figure:
Key creation is made by permuting
it then do shift process then
perform permutation resulting in a
narrow down of bits
For encryption, we perform IP on
plaintext then apply a function with
the subkey
A swap operation of the L and R
parts
 Simplified DES - Example
Let plaintext be the string 0010 1000; Key is 11 0001 1110

ciphertext = IP-1 fK2 SW fK1((((IP(plaintext)))))

K1 = P8(Shift(P10(key))); K2 = P8(Shift(Shift(P10(key))))

Step 1 and 2 focus on key creation
Step 1. a Bit number 1 2 3 4 5 6 7 8 9 10
Step 1. b Key (K) 1 1 0 0 0 1 1 1 1 0
Step 1. c P10(K) 0 0 1 1 0 0 1 1 1 1
Step 1. d Shift(P10(K)) 0 1 1 0 0 1 1 1 1 0
Step 1. e P8(Shift(P10(K))) 1 1 1 0 1 0 0 1 This is K1
Step 2. a Shift_2(Shift(P10(K))) 1 0 0 0 1 1 1 0 1 1 From d, perform 2
bit shift
Step 2. b P8(Shift_2(Shift(P10(K)))) 1 0 1 0 0 1 1 1 This is K2
 S-DES – Example – Message
Encryption
Round 1
plaintext is 0010 1000; Key is 11
0001 1110
Let P = (L, R), fk (L, R) = (L XOR F(R, ciphertext = IP-1 fK2 SW
SK), R) Step 3. a Bit number 1 2 3 4 5 6 7 8
fK1((((IP(plaintext)))))
S0 box (substitution) is for the Left Step 3. b Plaintext (P) 0 0 1 0
part in which we take B1B4: 11 =
K1 = 1110 10011 0 0 0
Step 3. c IP(P) => (L, R) 0 0 1 0 0 0 1 0
(3)10
Step 3. d L, EP(R) 0 0 1 0 0 0 0 1 0 1 0 0 Fk
B2B3: 11 = (3)10
Step 3. e L, EP(R) XOR K1 0 0 1 0 1 1 1 1 1 1 0 1 F(L,
thus replace with what value in …)
row 3 column 3 that is 2 which is Step 3. f L, Sbox(EP(R) XOR K1) 0 0 1 0 1 0 0 0
(10)2
Step 3. g L, P4(Sbox(EP(R) XOR 0 0 1 0 0 0 0 1 This is
K1)) K2
Step 3. h L XOR (P4(Sbox(EP(R) 0 0 1 1 0 0 1 0 Output
XOR K1))), R of F
Step 3. i Swap 0 0 1 0 0 0 1 1

0 1 2 3
0

1

2

3
 S-DES – Example – Message
Encryption
Round 2
plaintext is 0010 1000; Key is 11
0001 1110
Let P = (L, R), fk (L, R) = (L XOR F(R, ciphertext = IP-1 fK2 SW
SK), R) Step 4. a Bit number fK1((((IP(plaintext)))))
1 2 3 4 5 6 7 8
S0 box (substitution) is for the Left
part in which we take B1B4: 01 =
Step 4. b Swap input (L, R) K1 = 1110
0 0 1 1001
0 0 0 1 1

(1)10 Step 4. d L, EP(R) 0 0 1 0 1 0 0 1 0 1 1 0 Fk

B2B3: 01 = (1)10 Step 4. e L, EP(R) XOR K2 0 0 1 0 0 0 1 1 0 0 0 1 F(L, …)
thus replace with what value in
row 3 column 3 that is 2 which is Step 4. f L, Sbox(EP(R) XOR K2) 0 0 1 0 1 0 1 0
(10)2 Step 4. g L, P4(Sbox(EP(R) XOR 0 0 1 0 0 0 1 1 This is K2
K2))

Step 4. h L XOR P4(Sbox(EP(R) 0 0 0 1 0 0 1 1 Output of F
XOR K2)), R

Step 4. i IP-1 1 0 0 0 1 0 1 0 This is the
cipher text

0 1 2 3
0

1

2

3
 Cryptanalysis of DES
DES has 4 weak keys (64-bit)
○ 01010101 01010101
○ FEFEFEFE FEFEFEFE
○ E0E0E0E0 F1F1F1F1
○ 1F1F1F1F 0E0E0E0E
Using weak keys, the outcome of the Permuted Choice 1
(PC1) in the DES key schedule leads to round keys (K1---K16)
being either all zeros, all ones, or alternating zero-one
patterns.
By using brute force attack: Try all 256 possible keys
(including 4 weak and 12 semi-weak keys)
DES challenges: a series of brute force attack contests
created by RSA Security
 Conclusion

Encryption is a key component of Internet Security, ensuring
confidentiality, integrity, and authenticity of data transmitted over the
internet.
It is the backbone of modern cybersecurity, protecting sensitive data
from unauthorized access and ensuring privacy in digital
communications.
While classical techniques like the Caesar Cipher, Vigenère, and Vernam
were important in cryptography's history, modern ciphers like AES and
RSA offer much stronger security, especially against sophisticated
attacks
 References

Stallings, William. Cryptography and Network Security: Principles and
Practices. 4th ed.
Katz, Jonathan and Lindell, Yehuda. Introduction to Modern Cryptography

Additional Resources:
○ https://cryptii.com/ - Interactive Tool
○ https://www.dcode.fr/en - Interactive Tool
 Discussions
Why not secure the encryption/decryption algorithm from attackers
○ “The cipher method must not be required to be secret, and it must be able
to fall into the hands of the enemy without inconvenience.” by Kerckhoffs.
○ This helps community investigate and revel any threats in an algorithm
that might be not recognized until a cipher is broken in real application
○ Thus, security rely solely on the secrecy of the key
Problem with Caeser cipher is that it is fixed; that is encryption is always
done the same way. Thus, f it was known by attacker, all messages would
be effortlessly decrypted. There is no secret key then
For the monoalphabetic cipher, a brute-force attack on the key space for
this cipher takes much longer than a lifetime, however, this does not
necessarily mean that the cipher is secure
Use a random number generator that is designed for cryptographic use,
rather than a “general-purpose” random number generator which may be
fine for some applications but not cryptographic ones like random() in C
language
 Discussions (Cont’d)
A hash function is a one-way function that takes an input (message) and
produces a fixed-size output (hash value) known as a hash. It is used for
integrity checks, doesn't provide sender authentication. Key features
include:
○ Deterministic: The same input always produces the same hash output.
○ Preimage resistant: Difficult to find the original input from the hash output.
○ Collision resistant: Difficult to find two different inputs that produce the
same hash output
SHA-256 (Secure Hash Algorithm 256): A commonly used standard for hash
functions
SSL/TLS (Secure Sockets Layer/Transport Layer Security): A standard used
for secure communication (thus encryption) over the internet.
Thanks !