Cryptography Fundamentals

Lecture-3

Department of CSE, IUT

Security: Issues

• Alice and Bob: Alice wants to send a message to Bob

Alice Bob

• Eve: an eavesdropper
Usually a passive attacker
• Mallory: a malicious attacker (active attacker);
Unlike Eve, Mallory can modify messages, substitute her own messages,
replay old messages, and so on
2
 Security: Issues
• A sends a file to B: E intercepts it and reads it
• How to send a file that looks gibberish to all but the intended receiver?
• A send a file to B: M intercepts it, modifies it, and then forwards it to B
• How to make sure that the document has been received in exactly the form it has been
sent
• M sends a file to B pretending it is from A
• How to make sure your communication partner is really who (s)he claims to be
• A sends a message to B: M is able to delay the message for a while
• How to detect old messages
• A sends a message to B. Later A (or B) denies having sent (received) the message
• How to deal with electronic contracts
• E learns which user accesses which information although the information itself remains
secure
• M prevents communication between A and B: B will reject any message from A because they
look unauthentic

Cryptography is a strong tool to Resolve all Security Issues & Threats 3

Cryptography Overview: Basic Terminologies

• Cryptography, a word with Greek origins, means “Secret Writing”.

• The science and art of transforming messages to make them secure and immune to
attacks.

• Cryptography: science of secret writing with ciphers

• Cryptanalysis: science of breaking ciphers
• Cryptology: cryptography + cryptanalysis
• Cryptosystem (or cryptographic system)
• Provides information security services
• Through a combination of cryptographic primitives, protocols, operational
procedures, documentation, user training, etc…
• Encompasses systems of various sizes
• One algorithm (e.g. RSA cryptosystem)
• Or widely: protocols, hardware, customer training, etc.

4
 Cryptographic Primitives

• Kerckhoffs’ Principle – Public Algorithm, Secret Key

• The security of a cryptographic system shouldn't rely on the secrecy of the

algorithm
• Instead, it should be based on the secrecy of the cryptographic key
• A good cryptographic system should remain secure even if the algorithm used is
known

5
Cryptographic Approaches

1. Un-Keyed (Hash Function)

2. Secret Key (Symmetric) – “man made”
3. Public Key (Asymmetric) – “math made”

6
Cryptographic Approaches

• Examples
• (Symmetric) encryption – DES, 3DES, AES, Blowfish, RC4
• (Asymmetric) encryption – RSA, DSA
• (Unkeyed) hashing – MD5, SHA1, SHA{256,384,512}
• (Symmetric) message authentication – HMAC{MD5,SHA1}
• (Asymmetric) digital signatures – RSA, DSA
• (Asymmetric) key exchange – DiffieHellman (DH)

7
Cryptographic Approaches:: Un-Keyed
(Hash Function)
Hashing:
• A fixed-length message digest is created out of a variable-length message.
• The digest is normally much smaller than the message.
• To be useful, both the message and the digest must be sent to Bob.
• Hashing is used to provide check values, to providing data integrity.

8
Cryptographic Approaches:: Symmetric-Key
Symmetric-Key Encipherment:
• The keys used for encryption and decryption are same
• Also known as Secret Key Cryptography

9
Cryptographic Approaches:: Asymmetric-Key
Asymmetric-Key Encipherment:
• Also known as Public key Cryptography.
• Two keys Public & Private.
• The keys used for encryption and decryption are different.

10
Cryptographic Primitives
• What is a Cryptographic Primitive?
• basic building block or fundamental algorithm used in cryptography
• Mathematical entity which meets defined (security) requirements

• Five components
• Plaintext: the original message
• Encryption algorithm: runs on the plaintext and the encryption key to yield the ciphertext
• Secret key: an input to the encryption algorithm, value independent of the plaintext; different
keys will yield different outputs
• Ciphertext: the scrambled text produced as an output by the encryption algorithm
• Decryption algorithm: runs on the ciphertext and the key to produce the plaintext

• Requirements for secure conventional encryption

• Strong encryption algorithm
• An opponent who knows one or more ciphertexts would not be able to find the plaintexts or
the key
• Ideally, even if he knows one or more pairs plaintext-ciphertext, he would not be able to find
the key

11
Model of Conventional Cryptosystem

12
Applications of Cryptography

Applications of Symmetric Cryptography:

• Payment applications and card transactions
• Random number generation
• Verify the sender's signature to be sure they are who
they claim they are

Applications of Asymmetric Cryptography:

•Email messages
•SIM card authentication
•Web security
•Exchange of private keys

13
Model of Conventional Cryptosystem

• Suppose Alice wants to send a message to Bob. She wishes the message not
to be understood by others.
• “secret codes”
• substitute a letter for each letter in the original message.
• The codes must be agreed by Bob

Bob Alice

Encryption Algorithm?
14
Secret Key?
Attacking Encryption Scheme

Brute-force attack:
• tires every possible key on a piece of cihphertext until an intelligible
translation into plaintext is obtained.

Cryptanalysis:
• exploits the characteristics of the algorithm and the traces of structure or
pattern in the plaintext that survive encryption
• break a single message
• deduce the key in order to break the subsequent messages.
• How ? -- Use statistical tools and properties of languages.

15
Cryptanalytic attack classification

16
Cryptanalytic attack classification
Ciphertext only attack
Known to Cryptanalyst:
• encryption algorithm
• ciphertext

Known plaintext attack

Known to Cryptanalyst:
• encryption algorithm
• ciphertext
• one or more plaintext-ciphertext pairs formed with the secret key.

Chosen plaintext attack

Known to Cryptanalyst:
• encryption algorithm
• ciphertext
• chosen plaintext and its corresponding ciphertext generated with the secret key
17
Cryptanalytic attack classification

• Chosen ciphertext attack

Known to Cryptanalyst:
• encryption algorithm
• ciphertext
• chosen ciphertext and its corresponding decrypted plaintext with the secret key

• Chosen text attack

Known to Cryptanalyst:
• chosen plaintext attack + chosen ciphertext attack

18
 Encryption Algorithm Security
• Unconditionally secure
• If it is impossible to determine the plaintext from the generated ciphertext given
enough time and resources.

• Computationally secure
• The cost of breaking the cipher exceeds the value of the encrypted information
• The time required to break the cipher exceeds the useful lifetime of the information

19
Model for Network Security

20
Network Access Security Model

21
Techniques: Steganography
• The word steganography, with origin in Greek, means “covered writing”
• used for secret communication in the past is being revived at the present time

Historical Use:
• In China, war messages were written on thin pieces of silk and rolled into a small
ball and swallowed by the messenger.

• In Rome and Greece, messages were carved on pieces of wood, that were later
dipped into wax to cover the writing.

• Invisible inks (such as onion juice or ammonia salts) were also used to write a
secret message between the lines of the covering message or on the back of the
paper; the secret message was exposed when the paper was heated or treated
with another substance.

22
Techniques: Steganography

Modern Use:
• Text Cover: Single space between words to represent the binary digit 0 and
double space to represent binary digit 1.

23
Techniques: Steganography
Modern Use:
• Image Cover:
• Secret data can also be covered under a color image.
• Digitized images are made of pixels, in which normally each pixel uses 24 bits (three
bytes).
• Each byte represents one of the primary colors (red, green, or blue).
• In a method called LSB (least significant bit), the least significant bit of each byte is
set to zero.
• This may make the image a little bit lighter in some areas, but this is not normally
noticed.
• Now we can hide a binary data in the image by keeping or changing the least
significant bit.
• For example, the following three pixels can represent the letter M.

24
Techniques: Steganography

Modern Use:
Other Covers:
• The secret message, for example,
• can be covered under audio (sound and music) and video.
• Both audio and video are compressed today;
• the secret data can be embedded during or before the compression.

25
References
• Chapter -1 : Cryptography and Network Security- by Behrouz A. Forouzan
• Chapter -2 : Cryptography and Network Security: Principles and Practice- by William
Stallings
• Cryptography Definition: web link- https://www.javatpoint.com/cryptography-definition

26