COMP821 SEMESTER 1 2023

Session 2 Cryptography part 1

O R I E N TAT I O N
• Session 1 introduced the threat environment and the planning phase of the

plan-protect-respond cycle

• Sessions 2 and 3 introduce cryptography, part of the protection phase.

• In particular , Session 2 introduces some crypto techniques such as

encryption and hashing, crypto systems and their stages , and some of the
protocols used for initial authenticating and keying

3 - 2
CRYPTOGRAPHY AND SECURITY
OBJECTIVES
Cryptography is the use of mathematical operations to protect messages
traveling between parties or stored on a computer

• Confidentiality means that someone intercepting your communications

cannot read them

• Integrity means that the message cannot be changed or, if it is changeg, that
this change will be detected

• Authentication means proving one’s identity to another party so they can

trust you

Crypto techniques: provide cryptographic protection to meet one or more

security objectives

3 - 3
ENCRYPTION – A CRYPTO
TECHNIQUE

• Encryption for confidentiality needs a cipher (a mathematical method) to

encrypt and to decrypt. The cipher is not secret

• The two parties using the cipher also need to know a secret key (or keys)
Key: a (long) stream of bits (1s and 0s)
The key or keys must be kept secret. Cryptanalysts attempt to crack (find) the
key

3 - 4
SYMMETRIC KEY ENCRYPTION FOR
CONFIDENTIALITY

3 - 5
 Plaintext Key Ciphertext
EXAMPLE
n 4 r
SYMMETRIC KEY o 8 w
CIPHER w 15 l
(SUBSTITUTION) i 16 …
s 23 …
t 16 …
+4 h 3 …
e 9 …
n o p q r
t 12 …
This is a very weak cipher.
i 20 …
Real ciphers use complex m 6 …
math. e 25 …
3 - 6
TYPES OF SYMMETRIC CIPHERS
• Substitution Ciphers
Substitute one letter (or bit) for another in each place

• Transposition Ciphers
Transposition ciphers do not change individual letters or bits, but they change
their order

• Most ciphers use both substitution and transposition

3 - 7
TRANSPOSITION CIPHER

Key (Part 1)

Key (Part 2) 1 3 2
2
3
1
Key = 132 231

3 - 8
• The order of adding letters to the cipher text

Column 1, row 1; col 1. row 2; col 1 , row3; col 2, row 1; col 2, row 2 ; col 2, row 3; col3,
ro1; col3,row 2;col 3,row 3
I.e. the fist letter r in the cipher text will be the one that is in the cell with 1 in part 1 and 1
in part 2

the second letter in the cipher text will be the one that is in the cell with 1 in part 1 and 2
in part 2
….
 P L A I N T E X T S N A K E C O B R A . B L O C K S O F 9 L E T T E R S . F I R S T
B L O C K I S S N A K E C O B R

1 , 1 I S L E T T E R O
1 , 2 I S L E T T E R S
1 . 3 L E T T E R K
2 . 1 L E T T E R R
2 . 2 L E T T E R A
2 . 3 L E T T E R C
3 . 1 B
3 . 2 N
3 . 3 E

C I P H E R T E X T I S O S K R A C B N E

1 3 2
2 s n a
3 k e c
1 o b r
CODES
• Ciphers : can encrypt any message expressed in binary
(1s and 0s). Felxible, fast ciphers  dominant for
encryption today

• Codes : for example, another word or a number for a

word,

3 - 1 1
• Ciphers : can encrypt any message expressed in binary Message Code
(1s and 0s). Flexible, fast. Ciphers  dominant for
encryption today From 17434
• Codebooks: more complex. for example, substitute
anotherJword
Akagi 63717
A PorAa N
number
ESE for a word
N AVA L To 83971
O P E R AT I O N A L
Truk 11131
CODE JN-25
(SIMPLIFIED) STOP 34058
ETA 53764
Transmitted: 6 PM 73104
174346371783971… STOP 26733
Require 29798
B 72135
N 54678
STOP 61552
3 - 1 2
3KEY LENGTH AND EXHAUSTIVE
SEARCH TIME
Key Length in Number of Possible Keys
Bits Each extra bit
doubles the number
1 of keys 2
2 4
4 16
8 256
16 65,536
40 1,099,511,627,776
56 72,057,594,037,927,900
112 5,192,296,858,534,830,000,000,000,000,000,000
112 5.1923E+33
168 Shaded keys are 3.74144E+50
256 Strong symmetric 1.15792E+77
512 keys (>=100 bits) 1.3408E+154
3 - 1 3
 MAJOR SYMMETRIC KEY
ENCRYPTION CIPHERS
RC4 DES 3DES AES
Key Length 40 bits or 56 112 or 168 128, 192, or
(bits) more 256
Key Strength Very weak at Weak Strong Strong
40 bits
Processing Low Moderate High Low
Requirements
RAM Low Moderate Moderate Low
Requirements
Remarks Can use keys Created in Applies Today’s gold
of variable the 1970s DES three standard for
length times with symmetric
two or three key
different encryption
DES keys

3 - 1 4
 D E S ( D AT A E N C R Y P T I O N S TA N D A R D ) :
BLOCK ENCRYPTION

The DES cipher

encrypts messages of
64 bits at a time.
Stronger:128 bit 3DES
(3 keys. encrypt-
decrypt-encrypt)
112bit 3DES (2 keys )

3 - 1 5
 CRYPTOGRAPHIC SYSTEMS AND
S TA G E S
• (Crypto protections are organized into complete
cryptographic systems that provide a broad set of
cryptographic protection. Operate as a sequence of
stages)

1. Two parties first agree upon a particular

cryptographic system to use

2. Each cryptographic system dialogue begins with

three brief handshaking stages and parameter
exchange

3. The two parties engage in cryptographically

protected communication. This ongoing
communication stage usually constitutes
almost all of the dialogue between the two
parties

3 - 1 6
S TA G E 1 : S E L E C T E D S S L / T L S C I P H E R
SUITES
Cipher Suite Key Digital Symmetric Hashing Strength
Negotiation Signature Key Method
Method Encryption for
Method HMAC

RSA_EXPORT_WITH_ RSA RSA RC4 (40-bit MD5 Weak

RC4_40_MD5 export export key)
strength (40 strength
bits) (40 bits)
RSA_WITH_DES_CBC_ RSA RSA DES_CBC SHA-1 Stronger
SHA but not
very
strong
DH_DSS_WITH_3DES_ Diffie- Digital 3DES_ SHA-1 Strong
EDE_CBC_SHA Hellman Signature EDE_CBC
Standard
RSA_WITH_AES_256_CB RSA RSA AES SHA-256 Very
C_SHA256 256 bits strong

3 - 1 7
S TA G E 2 : A U T H E N T I C AT I O N

3 - 1 8
HASHING: A CRYPTO TECHNIQUE
• A hashing algorithm can be applied to a bit string of any length
• The result of the calculation is called the hash
• For a given hashing algorithm, all hashes are pf the same short length
• Used in authentication protocols

Hashing Hash: a bit string of

Bit string of any length
Algorithm small fixed length

3 - 1 9
H A S H I N G & E N C RY P T I O N C O M PA R E D

Characteristic Encryption Hashing

Result length About the same Short fixed length

length as the regardless of
plaintext message length

Reversible? Yes. Decryption No. There is no way

to get from the short
hash back to the long
original message

3 - 2 0
HASHING ALGORITHMS

MD5 (128-bit hashes)

SHA-1 (160-bit hashes)

SHA-224, SHA-256, SHA-384, and SHA-512 (name gives hash length in bits)

Note: MD5 and SHA-1 should not be used because they have been shown to be unsecure

3 - 2 1
P R O TO C O L ( PAR T O F S TAG E 2 ) . C O M P R I S E S A
DIALOGUE,7 EXCHANGES

3 - 2 2
3 - 2 3
S TA G E 3 : K E Y I N G ( T H E
SThere
E are
CtwoUtypes
R ofEciphersEused
X forCconfidentiality
HANGE OF
In symmetric key encryption for confidentiality, the two sides
S EuseCtheRsame
ET key.SFor)each dialogue (session), a new
symmetric key is generated: the symmetric session key. There
is a need to transmit the symmetric key from one party to
other

In public key encryption, each party has a public key and a

private key that are ‘never ‘changed.
A person’s public key is available to anyone – safe to be transmitted
A person keeps his or her private key secret – not required to be
transmitted
3 - 2 4
HOW DOES IT WORK: PUBLIC KEY
ENCRYPTION FOR CONFIDENTIALITY

3 - 2 5
HOW IS IT USED: PUBLIC KEY KEYING FOR
SYMMETRIC SESSION KEYS

3 - 2 6
ANOTHER APPROACH TO KEYING:
THE DIFFIE-HELLMAN KEY
AGREEMENT
• The two parties exchange parameters p and g

• Each uses a number that is never shared explicitly to compute a second

number
Each sends the other their second number

• Each does another computation on the second computed number, to get a

third number

• Both get the same third number, which is the key

• All this communication is sent in the clear

3 - 2 7
A B I T O F M AT H : K E Y I N G U S I N G T H E D I F F I E -
HELLMAN ALGORITHM

3 - 2 8
MORE….HOMEWORK

• 1. Diffie –Hellman and RSA

• https://www.encryptionconsulting.com/diffie-hellman-key-exchange-vs-rsa explained

• https://www.youtube.com/watch?v=M-0qt6tdHzk&vl=en explained

2. Man-in the middle attack Diffie-Hellman

3. What is steganography? How different from or similar to cryptography?