Applied Cryptography 6COSC019W- Cyber Security PDF

Summary

Lecture notes on Applied Cryptography, covering topics such as Modern Cryptosystems Algorithms, Key Management and Distribution, Digital Signature and Certifcates, and Cryptanalysis. The document includes information about DES, 3DES, and AES algorithms, and block cipher modes. It's intended for an undergraduate computer science course.

Full Transcript

Applied Cryptography
6COSC019W- Cyber Security

Dr Ayman El Hajjar
February 22, 2024
School of Computer Science and Engineering
University of Westminster
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

O UTLINE

1. Modern Cryptosystems Algorithms

2. Key Management and Distribution

3. Digital Signature and Certifcates

4. Cryptanalysis

1
Modern Cryptosystems
Algorithms
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

DATA E NCRYPTION S TANDARD (DES) AND 3DES

❏ Data Encryption Standard (DES)
❐ Developed by IBM and adopted by NIST in 1977
❐ 64-bit blocks and 56-bit keys
❐ Small key space makes exhaustive search attack feasible
since late 90s
❐ Is a symmetric encryption Algorithm
❏ Triple DES (3DES)
❐ Nested application of DES with three different keys KA ,
KB , and KC
❐ Effective key length is 168 bits, making exhaustive search
attacks unfeasible
❐ C = EKC (DKB (EK A(P))); P = DKA (EK B(DK C(C)))
❑ Note the Encrypt and Decrypt combination
❐ Equivalent to DES when KA=KB=KC (backward
compatible)
2
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

A DVANCED E NCRYPTION S TANDARD (AES)

❏ Advanced Encryption Standard (AES)
❐ Selected by NIST in 2001 through open international
competition and public discussion
❐ 128-bit blocks and several possible key lengths: 128, 192
and 256 bits
❐ Exhaustive search attack not currently possible
❐ AES-256 is the symmetric encryption algorithm of choice

Figure 1: The Advanced Encryption Standard (AES) 3
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

A DVANCED E NCRYPTION S TANDARD (AES) (C ONT.)

❏ The 128-bit version of the AES
encryption algorithm proceeds in ten
rounds.
❏ Each round performs an invertible
transformation on a 128-bit array,
called state.
❏ The initial state X0 is the XOR of
the plaintext P with the key K:
❐ X0 = PXORK
❏ Round i(i = 1,... , 10) receives
state Xi-1 as input and produces
state Xi.
❏ The ciphertext C is the output of
the fnal round: C = X1 0. Figure 2: AES Round Structure
4
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

B LOCK C IPHER M ODES

❏ A block cipher mode describes the way a block cipher encrypts
and decrypts a sequence of message blocks.
❏ Electronic Code Book (ECB) Mode (is the simplest):
❐Block P[i] encrypted into ciphertext block C[i] = EK(P[i])
❐ Block C[i] decrypted into plaintext block M[i] = DK(C[i])

5
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

B LOCK C IPHER M ODES

❏ Weakness:
❏ Strengths: ❐ Documents and images
❐ Is very simple are not suitable for ECB
❐ Can tolerate the loss or encryption since patterns in
damage of a block the plaintext are repeated in
the ciphertext

6
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

C IPHER B LOCK C HAINING (CBC) M ODE

❏ In Cipher Block Chaining (CBC) Mode
❐ The previous ciphertext block is combined with the current
plaintext block C[i] = EK(C[i − 1] ⊕ P[i])
❐ C[−1] = V, a random block separately transmitted
encrypted (known as the initialization vector)
❐ Decryption: P[i] = C[i − 1] ⊕ DK(C[i])
❐ Is a symmetric encryption Algorithm

Figure 3: CBC Encryption Figure 4: CBC Decryption

7
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

R IVEST C IPHER 4 (RC4)

❏ Designed in 1987 by Ron Rivest for RSA Security
❏ Trade secret until 1994
❏ Is a Symmetric encryption algorithm with up to 2,048 bits keys
❏ Simple algorithm and remarkable speed

Figure 5: Rivest Cipher 4 (RC4)

8
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

A SYMMETRIC C IPHERS : RSA

❏ RSA (Rivest–Shamir–Adleman) is
a Public key Cryptosystem that uses
Block Cipher.
have a look at this example online -
RSA Visual

9
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

O NE TIME PAD (OTP)

❏ A one-time pad is an extremely powerful type of substitution cipher.
❏ For a one-time pad encryption scheme to be considered
unbreakable, each pad in the scheme must be
❐ Made up of truly random values
❐ Used only one time
❐ Securely distributed/generated for both sides
❐ Secured at sender’s and receiver’s sites
❐ At least as long as the message
One time Pad is a form of Stream Cipher.

10
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

O NE TIME PAD (OTP) E XAMPLE

Example
❐ Message stream 1001010111
❐ Keystream 0011101010
❐ Ciphertext stream 1010111101

To encrypt:

❐ The frst bit of the message is XORed to the frst bit of the onetime pad and so
on. The result in the ciphertext value.

To decrypt:

❐ The receiver takes the frst bit of the encrypted message and XORs it with the
frst bit of the pad. The receiver continues this process for the whole encrypted
message, until the entire message is decrypted.

11
Key Management and
Distribution
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

K EYS , K EYSPACE , AND K EY M ANAGEMENT

Key
❏ Uses a message digest

Keyspace
❏ The set of all possible keys

Key management
❏ One of the most diffcult and critical parts of a cryptosystem
❏ The best key management system in the world does not
protect against a brilliant cryptanalyst if the encryption algorithm
itself has any weaknesses

12
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

K EY D ISTRIBUTION T ECHNIQUES

❏ Paper distribution
❐ It requires no technology to use.
❐ However, it does require a person to do something to
install the key.
❐ Digital distribution
❐ can be in the form of CDs or email but must be protected
during transmission.
❐For electronic distribution, a higher-level key, must protect
the keys in transit and storage.
❐ The Internet Security relies on this form of Keys
distribution called public key infrastructure (PKI).
❐ Hardware distribution
❐ Keys Distributed via hardware such as a smart card, or a
plug-in module.
❐ The advantage is that no copies exist outside of these
components. 13
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

P URPOSE OF P UBLIC K EY I NFRASTRUCTURE (PKI)

❏ Provides a mechanism through which two parties can
establish a trusted relationship even if the parties have no prior
knowledge of one another
❏ PKI brings trust, integrity, and security to electronic
transactions
❏ PKI framework used to manage, create, store, and distribute
keys and digital certifcates

14
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

D IFFIE -H ELLMAN K EY E XCHANGE

❏ The purpose of the algorithm is to enable two users to
exchange a secret key securely that can then be used for
subsequent encryption of messages.
❏ The algorithm itself is limited to the exchange of the keys.
1 Alice and Bob agree on a public prime number
and a base.
2 Alice chooses a secret number and calculates
her public value.
3 Bob chooses his secret number and calculates
his public value.
4 Alice and Bob exchange their public values.
5 Each of them calculates the shared secret key
using their private number and the other’s public
value.
6 Alice and Bob can now use this shared secret 15
key for secure communication.
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

D IFFIE -H ELLMAN K EY E XCHANGE EXAMPLE

1 Common Paint: both Alice and Bob 6 Alice bob now have a
agree on using a large prime number and
common secret colour
a base which are public and known to
(key) that no one knows.
everyone.
They can use it to
2 Secret Colours: Alice and Bob each
exchange data securely.
choose a secret number (a private key)
that they don’t share with anyone.
3 Mixing Colours: Alice and Bob mix their
secret colours with the publicly agreed
colours.
4 Creating the Shared Secret: Using the
Public Transport, Alice and Bob mix
exchange their mixed colours.
5 The common secret: Using their
previously obtained secret colours, each
respectively use it with the shared secret
16
to create the common secret.
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

K EY D ISTRIBUTION C ENTRES /C ERTIFICATE DISTRIBUTION SYS -
TEM

❏ Rather than each organization creating the infrastructure to
manage its own keys, a number of hosts could agree to trust a
common key-distribution center (KDC)
❏ All parties must trust the KDC
❏ With a KDC, each entity requires only one secret key
pair—between itself and the KDC
❏ Kerberos use the concept of a KDC.
❐ We will look at Kerberos in Week 10- AAA and Access Control
lecture

17
Digital Signature and
Certifcates
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

H ASH AND D IGITAL S IGNATURE

❏ Digital signatures combine public key cryptography and
hashing.
❏ Digital signatures (certifcates) are stored in a public Key
Infrastructure domain
❏ Creating a digital signature of existing data requires two main
steps:
1 The message or information to be sent is passed through a
hashing algorithm that creates a hash to verify the integrity
of the message.
2 The hash is passed through the encryption process using
the sender’s private key as the key in the encryption process.
❏ The sender then sends the signature along with the original
unencrypted message to a recipient who can reverse the
process.

18
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

H ASH AND D IGITAL S IGNATURE (C ONT.)

❏ When the receiver receives the message with the signature,
that receiver will frst validate the identity of the sender and then
retrieve the public key to decrypt the signature.
❏ Once the signature is decrypted, the resulting cleartext is
actually the message hash from the sender.
❏ Then, the receiver will run the same hashing algorithm to
generate a local hash of the received message.
❏ Then, the hashes, both the original and the one newly created,
should match.
❐ If they do not, the message has been altered because the
sender calculated the hash.
❐ If the hash values do match, the message has been
proven to come from the stated sender and has not been
altered.
19
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

H ASH AND D IGITAL S IGNATURE

20
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

D IGITAL C ERTIFICATES

❏ To ensure compatibility between CAs, digital certifcates are
commonly built and formatted using the X.509 certifcate
standard.
❏ X.509 certifcate is used to bind the identity of owner of a
public key containing information such as the public key, the
hostname, the issuer, etc..

21
Cryptanalysis
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

C RYPTANALYSIS

❏ Cryptanalysis involves a variety of methods used by hackers
and cybersecurity experts to decipher encrypted data.
❏The objective is to break cryptographic security systems
and gain access to the contents of encrypted messages,
without necessarily having access to the secret key used to
encrypt the messages.

22
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

C RYPTANALYSIS METHODS

❏ Brute Force Attack: This method involves trying every
possible key until the correct one is found. It is often
time-consuming and requires signifcant computational power,
especially against systems with long and complex keys.
❏ Dictionary Attack: This method involves the attacker using a
list of common words, phrases, and previously leaked passwords
to attempt to guess a password.
❏ Frequency Analysis: This technique is particularly effective
against simple substitution ciphers. It involves analysing the
frequency of characters or groups of characters in the ciphertext
and comparing them to the expected frequencies in the language
of the plaintext.
❏ Known Plaintext Attack: If the attacker has access to both
the plaintext and its corresponding ciphertext, they might be able
to deduce the key or identify a weakness in the encryption
algorithm. 23
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

C RYPTANALYSIS METHODS

❏ Differential Cryptanalysis: This method involves analysing
the differences in the input that lead to differences in the output.
It’s often used against block ciphers to fnd a correlation that can
help in deducing the key.
❏ Rainbow Table Attack: This method is used against hash
functions and involves using precomputed tables of hash values
to fnd plaintexts that produce certain hash values.
❏ Quantum Computing: Though still in its infancy, quantum
computing poses a potential future threat to traditional
cryptographic algorithms, as it could theoretically break many of
the current encryption methods.

24
 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis

R EFERENCES

❏ The lecture notes and contents were compiled from my own
notes and from various sources.
❏ Figures and tables are from the recommended books
❏ The lecture notes are very detailed. If you attend the
lecture, you should be able to understand the topics.
❏ You can use any of the recommended readings! You do
not need to read all the chapters!
❏ Recommended Readings note: Focus on what was covered
in the class.
❐ Chapter 13- Cryptography, CEH v11 Certifed Ethical
Hacker Study Guide
❐ Chapter 7, Cryptography, Fundamentals of Information
Systems Security
❐ Chapter 10 Cryptography & Chapter 18 Applied
Cryptography, CyBOK, The Cyber Security Body of
Knowledge 25
Cryptography
6COSC019W- Cyber Security

Dr Ayman El Hajjar
February 13, 2024
School of Computer Science and Engineering
University of Westminster
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

O UTLINE

1. Cryptography- The Math

2. Cryptography- An overview

3. Cryptographic Systems

1
Cryptography- The Math
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

W HY THE M ATH ?

❏ Cryptography is no different from most computer science
disciplines in that it fnds its foundations in the science of
mathematics.
❏ To fully understand cryptography, you must frst understand the
basics of binary mathematics, and the logical operations used to
manipulate binary values.
❏ We also need to understand some arithmetic concepts and
prime numbers.

2
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

B OOLEAN M ATHEMATICS M ATHEMATICS

❏ Boolean mathematics defnes the rules used for the bits and
bytes that form the nervous system of any computer. You’re most
likely familiar with the decimal system.
❏ It is a base 10 system in which an integer from 0 to 9 is used in
each place and each place value is a multiple of 10.
❏ It’s likely that our reliance on the decimal system has biological
origins—human beings have 10 fngers that can be used to
count.
❏ The Boolean mathematics of cryptography uses a variety of
logical functions to manipulate data.

3
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

AND OPERATION

❏ The AND operation (represented by the ∧ symbol) checks to
see whether two values are both true.
❏ The truth table that follows illustrates all four possible outputs
for the AND function.

4
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

OR OPERATION

❏ The OR operation (represented by the ∨ symbol) checks to
see whether at least one of the input values is true.
❏ The following truth table for all possible values of the OR
function

5
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

NOT OPERATION

❏ The NOT operation (represented by the ∼ or ! symbol) simply
reverses the value of an input variable.
❏ This function operates on only one variable at a time.
❏ Here’s the truth table for the NOT function:

6
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

XOR OPERATION

❏ The fnal logical function we’ll examine is perhaps the most
important and most commonly used in cryptographic
applications—the exclusive OR (XOR) function.
❏ It’s referred to in mathematical literature as the XOR function
and is commonly represented by the ⊕ symbol.
❏ The XOR function returns a true value when only one of the
input values is true.
❏ If both values are false or both values are true, the output of
the XOR function is false. Here is the truth table for the XOR
operation:

7
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

XOR OPERATION

8
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

P RIME NUMBER

❏ Prime numbers only have divisors of 1 and itself
❐ They cannot be written as a product of other numbers
❏ Prime numbers are central to number theory

First few prime numbers
The frst few prime numbers are 2, 3, 5, 7, 11, 13, 17, 19, 23 and 29.

9
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

M ODULUS F UNCTION

Modulus
If a is an integer and n is a positive integer, we defne amodn to be the
remainder when a is divided by n; the integer n is called the modulus

❏ The modulo function is extremely important in the feld of
cryptography.
❏ Computers don’t naturally understand the decimal system, and these
remainder values play a critical role when computers perform many
mathematical functions.
❏ The Modulus function is, quite simply, the remainder value left over
after a division operation is performed.

10
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

M ODULUS F UNCTION

❏ The modulo function is usually represented in equations by the
abbreviation mod although it’s also sometimes represented by the %
operator.
❏ Thus, for any integer a:
a = qn + r0 ≤ r ≤ n; q = [ na ]
❐ a = [ na ] ∗ n + (a%n)

Modulus Examples
❐ 11 mod(7) = 4 , or 11%7 = 4
❐ 11 mod(7) = 3 , or 11%7 = 3

11
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

N ONCE

❏ Cryptography often gains strength by adding randomness to
the encryption process.
❏ One method by which this is accomplished is through the use
of a nonce.
❏ A nonce is a random number generator. It acts as a
placeholder variable in mathematical functions.
❏ When the function is executed, the nonce is replaced with a
random number generated at the moment of processing.
❏ The nonce produces a unique number each time it is used.

12
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

N ONCES : I NITIALIZATION V ECTORS

❏ Initialization vectors (IVs) are random values that are used with
algorithms to ensure patterns are not created during the
encryption process.
❏ They are used with keys and do not need to be encrypted
when being sent to the destination.
❏ If IVs are not used, then two identical plaintext values that are
encrypted with the same key will create the same ciphertext.
❏ Providing attackers with these types of patterns can make their
job easier in breaking the encryption method and uncovering the
key.

13
Cryptography- An overview
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOGRAPHY TERMS

❏ Cryptography- The area of study of the many schemes used
for encryption
❏ Cryptanalysis- Techniques used for deciphering a message
without any knowledge of the enciphering details
❏ Unencrypted information—Information in understandable
form (plaintext or cleartext)
❏ Encrypted information—Information in scrambled form
(ciphertext)
❏ Encryption—The process of scrambling plaintext into
ciphertext (or Enciphering)
❏ Decryption—The process of unscrambling ciphertext into
plaintext (or Deciphering)
❏ Cryptographic algorithm/cipher - A scheme

14
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOGRAPHY C ONCEPT

Cryptography
❏ Cryptography is a method of storing and transmitting data in a
form that only those it is intended for can read and process.
❏ It is considered a science of protecting information by
encoding it into an unreadable format.
❏ Cryptography is an effective way of protecting sensitive
information as it is stored on media or transmitted through
untrusted network communication paths.

15
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOGRAPHY G OALS

Cryptography Goals
❏ The most important goal is to hide information from
unauthorized individuals.
❏ With enough time, resources, and motivation, hackers can
break most algorithms and reveal the encoded information.
❏ A more realistic goal of cryptography is to make obtaining the
information too work-intensive or time-consuming to be
worthwhile to the attacker.

16
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOSYSTEMS BASICS

Goals of cryptography
Security practitioners use cryptographic systems to meet four
fundamental goals:
❏ confdentiality, integrity, authentication, and non-repudiation.

Achieving each of these goals requires the satisfaction of a number of
design requirements, and not all cryptosystems are intended to
achieve all four goals.

17
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C ONFIDENTIALITY IN CRYPTOSYSTEMS

❏ Two main types of cryptosystems enforce confdentiality.
❐ Symmetric key cryptosystems use a shared secret key
available to all users of the cryptosystem.
❐ Asymmetric cryptosystems use individual combinations of
public and private keys for each user of the system.
❏ When developing a cryptographic system for the purpose of
providing confdentiality, we must think about two different types
of data:
❐ Data at rest is that which resides in a permanent location
awaiting access.
❐ Data in transit, or data (in motion or on the wire), is data
being transmitted across a network between two systems.

18
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

I NTEGRITY IN CRYPTOSYSTEMS

❏ Integrity ensures that data is not altered without authorization.
❏ It allows to:
❏ Check if message received is identical to the sent
message.
❏ Ensure that stored data was not altered between the time
it was created and the time it was accessed.
❏ Protect against all forms of alteration.
❏ Message integrity is enforced through the use of encrypted
message digests, known as digital signatures created upon
transmission of a message
❏ Integrity can be enforced by both public and secret key
cryptosystems.

19
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

AUTHENTICATION IN CRYPTOSYSTEMS

❏ Authentication verifes the claimed identity of system users
and is a major function of cryptosystems

20
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

N ON -R EPUDIATION IN CRYPTOSYSTEMS

❏ Nonrepudiation provides assurance to the recipient that the
message was originated by the sender and not someone
masquerading as the sender.
❏ It also prevents the sender from claiming that they never sent
the message in the frst place (also known as repudiating the
message).

21
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOSYSTEMS

Cryptosystems
A cryptosystem encompasses all of the necessary components for
encryption and decryption to take place. Pretty Good Privacy (PGP)
is just one example of a cryptosystem. A cryptosystem is made up
of at least the following:

❐ Software ❐ Algorithms
❐ Protocols ❐ Keys

22
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOGRAPHY C APABILITIES

❐ Privacy or confdentiality
❐ Certifcation
❐ Integrity
❐ Timestamping
❐ Entity authentication or
❐ Witnessing
identifcation
❐ Ownership
❐ Message authentication
❐ Anonymity
❐ Signature
❐ Non-repudiation
❐ Access control

23
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOGRAPHIC F UNCTIONS AND C IPHERS

❏ Each cipher has specifc characteristics that make it desirable
or undesirable
❏ When evaluating a cipher, consider its intended use
❏ Are you trying to secure data in transit or data at rest?
❏ Different ciphers solve different problems better than
others
❏ After selecting a cipher, you must make additional decisions
about key size, operational mode, etc.
❏ Many symmetric ciphers operate as either a stream cipher or a
block cipher

24
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C ONFUSION AND D IFFUSION

❏ Cryptographic algorithms rely upon two basic operations to
obscure plain-text messages—confusion and diffusion.
❏ Confusion occurs when the relationship between the plain text
and the key is so complicated that an attacker can’t merely
continue altering the plain text and analyzing the resulting cipher
text to determine the key.
❏ Diffusion occurs when a change in the plain text results in
multiple changes spread throughout the cipher text.

25
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S TEGANOGRAPHY

❏ Steganography is a method of hiding data in another media
type so the very existence of the data is concealed.
❏ Only the sender and receiver are supposed to be able to see
the message because it is secretly hidden in a graphic, wave fle,
document, or other type of media.
❏ The message is not encrypted, just hidden.
❏ Encrypted messages can draw attention because it tells
the bad guy, “This is something sensitive.”
❏ A message hidden in a picture of your dog would not
attract this type of attention, even though the same secret
message can be embedded into this image.
❏ Steganography is a type of security through obscurity.
❏ Media fles are ideal for steganographic transmission
because of their large size.

26
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

T HE STRENGTH OF THE CRYPTOSYSTEM

❏ The strength of an encryption method comes from
❏ The algorithm
❏ The secrecy of the key
❏ The length of the key
❏ The initialization vectors
❏ How they all work together within the cryptosystem.
❏ The strength of an encryption method correlates to:
❏ The amount of necessary processing power
❏ Resources
❏ and time required to break the cryptosystem or to fgure
out the value of the key.

27
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

T HE STRENGTH OF THE CRYPTOSYSTEM

❏ Breaking a cryptosystem can be accomplished by a brute
force attack
❏ If a key can be broken with a Pentium Core i7 processor in
three hours, the cipher is not strong at all.
❏ If the key can only be broken with the use of a thousand
multiprocessing systems over 1.2 million years, then it is
pretty darn strong.
❏ The introduction of mutli-core processors has really
increased the threat of brute force attacks.

28
Cryptographic Systems
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C RYPTOGRAPHIC S YSTEMS

❏ A cryptographic System is characterized along three
independent dimensions:
❏ The type of operations used for transforming plaintext to
ciphertext
❐ Substitution
❐ Transposition
❏ The number of keys used
❐ Symmetric
❐ Asymmetric
❏ The way in which the plaintext is processed
❐ Block Cipher
❐ Stream Cipher

29
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S UBSTITUTION C IPHERS

❏ A substitution cipher is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols
❏ If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with
ciphertext bit patterns
❏ uses a key to dictate how the substitution should be carried
out.
❏ Keyword mixed alphabet cipher—Uses a cipher alphabet that
consists of a keyword, minus duplicates, followed by the
remaining letters of the alphabet
❏ Simple substitution cipher —Allows any letter to uniquely map
to any other letter

30
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C AESAR C IPHERS

❏ Simplest and earliest known use of a substitution cipher
❏ Involves replacing each letter of the alphabet with the letter standing
three places further down the alphabet
❏ Alphabet is wrapped around so that the letter following Z is A
❏ We simply shift each letter to the right by a specifc number in the
message to generate the cipher text.
❏ For example, you can rotation by 3 (ROT3) cipher in mathematical
terms where A is 0 and Z is 25
❐ The encryption function for the Caesar cipher is:
C = (P + 3) mod 26
❐ The decryption function is
P = (C - 3) mod 26
❏ A stronger cipher algorithm called Vigenère Cipher was
adopted from Caesar.
❐ The strength of this cipher is that there are multiple
ciphertext letters for each plaintext letter 31
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

T RANSPOSITION C IPHERS

❏ Transposition ciphers use an encryption algorithm to rearrange
the letters of a plain-text message, forming the cipher-text
message.
❏ The decryption algorithm simply reverses the encryption
transformation to retrieve the original message.
❏ We can use a keyword to perform a columnar transposition.

32
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

T RANSPOSITION C IPHERS

❏ Message—ATTACK AT DAWN
❏ Ciphertext—ACDTKATAWATN
❏ Key— 1,2,3,4

33
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

T RANSPOSITION C IPHERS E XAMPLE

Example
We’re attempting to encrypt the message ”The fghters will strike the
enemy bases at noon” using the secret key attacker.

1- take the letters of the keyword and number them in alphabetical order. The
frst appearance of the letter A receives the value 1; the second appearance
is numbered 2. The next letter in sequence, C, is numbered 3, and so on.

34
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

T RANSPOSITION C IPHERS E XAMPLE

Example
We’re attempting to encrypt the message ”The fghters will strike the
enemy bases at noon” using the secret key attacker.

2- Next, the letters of the message are written in order underneath the letters
of the keyword

34
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

T RANSPOSITION C IPHERS E XAMPLE

Example
We’re attempting to encrypt the message ”The fghters will strike the
enemy bases at noon” using the secret key attacker.

3- Finally, the sender enciphers the message by reading down each column;
the order in which the columns are read corresponds to the numbers
assigned in the frst step.

34
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

A C RYPTOSYSTEM AT W ORK

❏ Those that use the same key to encrypt and decrypt are
considered a Symmetric encryption
❏ Those that use different keys to encrypt and decrypt are
considered an Asymmetric encryption

35
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S YMMETRIC ENCRYPTIONS

❏ In symmetric cryptography the sender and receiver use two
instances of the same key for encryption and decryption
❏ The key has dual functionality, in that it can carry out both
encryption and decryption processes.
❏ Symmetric keys are also called secret keys
❏ This type of encryption relies on each user to keep the key
a secret and properly protected.
❏ If an intruder were to get this key, they could decrypt any
intercepted message encrypted with it.
❏ Each pair of users who want to exchange data using
symmetric key encryption must have two instances of the same
key.
❏ If 100 people were going to communicate, then 4950 pair
of keys would be involved.
❏ The equation used to calculate the number of symmetric
keys needed is N ∗ (N − 1)/2 = number of keys 36
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S YMMETRIC ENCRYPTIONS

❏ The security of the symmetric encryption method is completely
dependent on how well users protect the key.
❏ This should raise red fags for you if you have ever had to
depend on a whole staff of people to keep a secret.
❏ If a key is compromised, then all messages encrypted with that
key can be decrypted and read by an intruder.
❏ Because both users employ the same key to encrypt and
decrypt messages, symmetric cryptosystems can provide
❐ Confdentiality, but they cannot provide authentication or
nonrepudiation.
❐ There is no way to prove through cryptography who
actually sent a message if two people are using the same
key.

37
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S YMMETRIC ENCRYPTION

When using symmetric algorithms, the sender and receiver use the same key
for encryption and decryption functions

38
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S YMMETRIC ENCRYPTION S TRENGTHS AND W EAKNESSES

❏ Strengths
❐ The major strength of symmetric key cryptography is the
great speed at which it can operate.
❐ Symmetric keying is very fast, often 1,000 to 10,000 times
faster than asymmetric.
❐ Symmetric encryption algorithms are also hard to break if
a large key size is used.
❏ Weaknesses
❐ Requires a secure mechanism to deliver keys properly.
❐ Each pair of users needs a unique key, so as the number
of individuals increases, so does the number of keys,
possibly making key management overwhelming.
❐ Provides confdentiality but not authenticity or
non-repudiation.

39
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

A SYMMETRIC ENCRYPTIONS

❏ In Asymmetric encryptions sometimes called public key
systems each user has two keys:
❐ The public key can be known to everyone, and the private
key must be known and used only by the owner.
❐ The two different asymmetric keys are mathematically
related.
❐ If a message is encrypted by one key, the other key is
required in order to decrypt the message.
❏ In other words, if the public key encrypts a message, then only
the private key can decrypt it, and vice versa.
❏ Each user using an asymmetric encryption algorithm needs
two keys, one public key and one private key.
❏ If 100 people were going to communicate, then 200 keys
would be involved.
❏ The equation used to calculate the number of asymmetric
keys needed is N ∗ 2 = number of keys 40
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

A SYMMETRIC ENCRYPTION FUNCTIONS

❏ Asymmetric algorithms can provide authentication and
nonrepudiation, depending on the type of algorithm being used.
❏ Asymmetric systems also provide for easier and more
manageable key distribution than symmetric systems and do not
have the scalability issues of symmetric systems
❏ How is Authentication provided
❐ A message can be decrypted with a public key only if the
message was encrypted with the corresponding private key.
❐ Bob is the only one who is supposed to have his private
key.
❐ This provides Authentication

41
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

A SYMMETRIC ENCRYPTIONS FUNCTIONS

❏ How is Confdentiality provided
❐ If confdentiality is needed Alice would encrypt the fle with
the receiver’s public key.
❐ This is called a secure message format because it can
only be decrypted by the person who has the corresponding
private key.
❏ How is Non-repudiation provided
❐ If Alice encrypt the message with her private key.
❐ Only her public key can decrypt it.
❐ Alice cannot deny sending this message if her public key
can decrypt it. This is non repudiation

42
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

A SYMMETRIC ENCRYPTIONS

An asymmetric cryptosystem

43
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

A SYMMETRIC ENCRYPTION S TRENGTHS AND WEAKNESSES

❏ Strengths
❐ Better key distribution than symmetric systems.
❐ Better scalability than symmetric systems
❐ Can provide authentication and non-repudiation
❏ weaknesses
❐ Works much more slowly than symmetric systems
❐ Mathematically intensive tasks

44
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S YMMETRIC AND A SYMMETRIC K EY C RYPTOGRAPHY

Differences Between Symmetric and Asymmetric Systems

45
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C IPHERS

❏ Cipher systems have long been used by individuals and
governments interested in preserving the confdentiality of their
communications.
❏ It’s important to remember that these concepts seem
somewhat basic, but when used in combination, they can be
formidable opponents and cause cryptanalysts many hours of
frustration.

The scytale was used by the Spartans to decipher encrypted messages.
46
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

B LOCK C IPHER

❏ Encrypt a block of input to a block of output
❏ Typically, the two blocks are of the same length
❏ Most symmetric key systems block size is 64
❏ In AES block size is 128
❏ Different modes for encrypting plaintext longer than a block

47
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S TREAM C IPHER

❏ A stream cipher does not divide a message into blocks.
❏ A stream cipher treats the message as a stream of bits and
performs mathematical functions on each bit individually.
❏ Stream ciphers use keystream generators, which produce a
stream of bits that is XORed with the plaintext bits to produce
ciphertext
❏ Stream cipher is very similar to the one-time pad substitution
cipher.

48
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

S TREAM C IPHER

49
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

H ASHING A LGORITHMS

❏ The most common hashing functions create the message
digest for digitally signed messages
❏ Hashing is also used to protect user passwords
❏ Hashing-type functions can also be used with symmetric key
cryptography, and the result of the operation is called a message
authentication code (MAC)

50
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

H ASH F UNCTION AND I NTEGRITY

❏ Hash functions:
❐ Help detect forgeries
❐ Compute a checksum of a message
❐ Combine the checksum with a cryptographic function so
that the result is tamperproof
❏ A hash is:
❐ A checksum designed so that no one can forge a
message in a way that will result in the same hash as a
legitimate message
❐ Usually a fxed size, resulting in a hash value, which is
larger than checksum values

51
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

C OMMON HASHING ALGORITHMS

❏ MD5 message digest algorithm—Takes an input of any
arbitrary length and generates a 128-bit message digest that is
computationally infeasible to match by fnding another input
❏ Secure Hashing Algorithm (SHA) variants are the most
common variants of hashing functions found in commercial
software
❐ Secure Hash Algorithm (SHA-1)—Produces a 160-bit
hash from a message of any arbitrary length.
❐ SHA256 with a digest size of 256 bits is one the most
widely used hash algorithms.
❏ Hash message authentication code (HMAC)—A hash function
that uses a key to create the hash, or message digest

52
 Cryptography- The Math Cryptography- An overview Cryptographic Systems

R EFERENCES

❏ The lecture notes and contents were compiled from my own
notes and from various sources.
❏ Figures and tables are from the recommended books
❏ The lecture notes are very detailed. If you attend the
lecture, you should be able to understand the topics.
❏ You can use any of the recommended readings! You do
not need to read all the chapters!
❏ Recommended Readings note: Focus on what was covered
in the class.
❐ Chapter 13- Cryptography, CEH v11 Certifed Ethical
Hacker Study Guide
❐ Chapter 7, Cryptography, Fundamentals of Information
Systems Security
❐ Chapter 10 Cryptography & Chapter 18 Applied
Cryptography, CyBOK, The Cyber Security Body of
Knowledge 53