Basics of Security &

Cryptography
 Cryptography
• Cryptography is basically science that employs
mathematical logic to keep the information secure.

• It enables some to securely store sensitive information

or transmit information securely through insecure
networks to keep it from being hacked, masqueraded,
or altered.

• The basic idea of cryptography is to scramble

information in such a way that illegitimates entities
cannot extract the concealed information .
Basic Terminology of Cryptography
• Plaintext: The original unencrypted data is known as plaintext.
• Encryption: This the process of encoding of the plaintext using encrypted
algorithm turning it into an unreadable cipher text.
• Cipher text: It is the result of encryption performed on plaintext using an
algorithm, called cipher.
• Decryption: This the process of decoding of the encrypted text (cipher text)
and getting it back in the plain text.
• Cryptographic key: A key is piece of information (parameter) that determines
the functional output of cryptographic algorithm.
• Cypher or crypto system (algorithm): A cypher is an algorithm for
performing encryption or decryption.
• Cryptology — the art and science of making and breaking "secret codes."
• Cryptography — the making of "secret codes."
• Cryptanalysis — the breaking of "secret codes.“
 Digital Signatures and Certificates

• Digital Signature: A digital signature is an electronic signature that can be

used to authenticate the identity of the sender of a message, signer of the
document and possible to ensure that the original content of the message that
has been sent unchanged.
• Hashed value of original message is encrypted with sender’s secret key to
generate the digital signature.
• It provides aauthenticity of Sender, integrity of the document and non-
repudiation.

• Digital Certificate:Digital certificate is a transcription that ensures holder’s

identity and provides security.
• It is generated by CA (Certifying Authority) that involves four steps: Key
Generation, Registration, Verification, Creation.
• It provides security and authenticity of certificate holder.
• Example: credit card contains users name, a card number, expiry date, a copy
of the certificate holder’s public key (used for encrypting message and digital
signature), and digital signature of the certification issuing authority so that a
recipient can verify that the certificate is real.
 Importance of Keys in an
Algorithm
• Keys in the field of cryptography are analogous to the pattern/PIN/password or
physical key applied to a security locker.
• Appropriate management of cryptographic keys is essential for the operative
use of cryptography.
• If an attacker is able to find out the combination of security locker, whatever
state-of-the-art and however strong technology, the locker will fail.
• A security locker is analogous to an encryption algorithm. If the keys are not
managed properly, encryption algorithms will be compromised.
• The 1st and last phases in the life of a key are generation and destruction
respectively.
• The other phases in the life of a key are securing storage, distribution,
modification, renewal, suspension etc.
• Keys require protection in all phases of life. The protection may include
compromise, modification and unauthorized disclosure.
Classification of Cryptography
 Symmetric Cryptography

Symmetric cryptography is a class of algorithms for cryptography that use the

same keys for both encryption of plaintext and decryption of cipher text.
Examples are AES, DES.
 Symmetric Cryptography
• Symmetric keys are securely generated and distributed to the sender and
receiver and are unknown to any other entity. But if a symmetric-key algorithm
is being used by more than one receiver then the key has to be shared with all
entities. If the key is compromised from one entity, communication of all the
entities will be compromised.

• Primary purposes of symmetric key algorithms are:

1. Confidentiality is achieved as encryption and decryption is performed using
single key.
2. Integrity and source authentication is achieved by using Message
Authentication Codes because the MAC is generated and validated by the
same key.
3. Generation of pseudorandom random numbers
 Symmetric Cryptography
Advantages
• It is relatively inexpensive to produce a strong key and process cipher for these
types of ciphers.
• The key is much smaller in size for level of protection they afford.
Disadvantages
• Each pair of users require a unique secret key.
Number of Keys Required-
• If N people in the world wants to use this technique, then there needs to be
N(N-1) / 2 secret keys.
• For 1 million people to communicate, a half billion secret keys would be
needed.
• While sharing the key, attackers might intrude .
 Asymmetric Cryptography

• Asymmetric cryptography uses two mathematically associated keys knows as

public and private keys. One public key is used for data encryption, and the
other is used for decryption of data. Popular asymmetric key encryption
algorithm includes EIGamal, RSA, DSA, Elliptic curve techniques.
 Asymmetric Cryptography
• The combination of a public and private keys is called a key pair.

• The private key is always kept secret by the owner.

• The public key is distributed to the public and everyone can
access it.
• The private key cannot be deduced from the public key.
• The public key is mostly bound to an identity by a Certificate
Authority.
• Main uses of asymmetric algorithms are:
▪ Creation of digital signatures
▪ To establish/distribute session keys such as in case of
Transport Layer Securities (TLS) protocol
 Asymmetric Cryptography
Advantages-
• The advantages of public key cryptography are-
• It is more robust.
• It is less susceptible to third-party security breach attempts.
Disadvantages-
• The disadvantages of public key cryptography are-
• It involves high computational requirements.
• It is slower than symmetric key cryptography.
Number of Keys Required-
• To use public key cryptography,
• Each individual requires two keys- one public key and one private key.
• For n individuals to communicate, number of keys required = 2 x n = 2n keys.
 Hashing

• A hashing is a cryptographic algorithm which is used to transform large

random size data to small fixed size data.
• The data output of the hash algorithm is called hash value or digest.
• The basic operation of hash functions does not need any key and operate in a
one-way manner. The one-way operation means that it is impossible to
compute the input from a particular output.
• Some of the most common hashing algorithms are MD4, MD5, SHA etc.
 Hashing
Advantages-
• It is more robust.
• Generally for any hash function h with input x, computation of h(x) is a fast
operation.
• Computationally hash functions are much faster than a symmetric encryption.
Disadvantages-
• non-reversible
• Number of Keys Required-
• none
Differences between Hash functions,
Symmetric, and Asymmetric
algorithms
 References
1. https://www.cryptomathic.com/news-events/
blog/differences-between-hash-functions-
symmetric-asymmetric-algorithms
2. https://www.thesslstore.com/blog/difference-
encryption-hashing-salting
3. Mark Stamp Information Security, Principles
and practices, Wiley India.