Cryptography & Network Security

Introduction

What is
cryptography?
 Information Transferring

Cryptography and Network Security

 Attack: Interruption

Cryptography and Network Security

 Attack: Interception

Cryptography and Network Security

 Attack: Modification

Cryptography and Network Security

 Attack: Fabrication

Cryptography and Network Security

Secure communication

no eavesdropping
no tampering
 Secure Sockets Layer
Two main parts

1. Record Layer: Transmit data using shared secret key Ensure

confidentiality and integrity

2. Handshake Protocol: Establish shared secret key

using public-key cryptography
Crypto core Talking to Talking to
Bob Alice

Secret key establishment: Alice

Bob

attacker???

Secure communication:
k m1
k
m2
confidentiality and integrity
 But crypto can do much more
• Digital signatures

• Anonymous communication

Alice
Who did I signature
just talk to?

Alice
Bob
 Building block: sym. encryption
Alice Bob
m E(k,m)=c c D(k,c)=m
E D

k k

E, D: cipher k: secret key (e.g. 128 bits)

m, c: plaintext, ciphertext

Encryption algorithm is publicly known

• Never use a proprietary cipher
 Figure 1 Cryptography
components

30.12
 Figure 1.1 Cryptography
components

30.13
 Figure 2 Categories of
cryptography

30.14
 Figure 3 Symmetric-key
cryptography

30.15
 Not
e
In symmetric-key cryptography, the
same key is used by the sender
(for encryption)
and the receiver (for decryption).
The key is shared.

30.16
 Figure 4 Asymmetric-key
cryptography

30.17
 Figure 5 Keys used in
cryptography

30.18
 Figure 6 Comparison between two categories of
cryptography

30.19
 Attacks, Services and Mechanisms
 Security Attacks
 Action compromises the information security
 Security Services
 Enhances the security of data processing
and transferring
 Security mechanism
 Detect, prevent and recover from a security
attack

Cryptography and Network Security

 Important Features of Security
 Confidentiality, authentication, integrity,
non-repudiation, non-deny, availability,
identification, ……

Cryptography and Network Security

 Attacks
 Passive attacks
 Interception
 Release of message contents
 Traffic analysis
 Active attacks
 Interruption, modification, fabrication
 Masquerade
 Replay
 Modification
 Denial of service
Cryptography and Network Security
 Network Security Model
Trusted Third Party

principal principal

Security Security
transformation transformation

opponent
Cryptography and Network Security
 Cryptography
 Cryptography is the study of
 Secret (crypto-) writing (-graphy)
 Concerned with developing algorithms:
 Conceal the context of some message from all except
the sender and recipient (privacy or secrecy), and/or
 Verify the correctness of a message to the recipient
(authentication)
 Form the basis of many technological solutions to
computer and communications security problems

Cryptography and Network Security

 Basic Concepts
 Cryptography
 The art or science encompassing the principles and
methods of transforming an intelligible message into
one that is unintelligible, and then retransforming that
message back to its original form
 Plaintext
 The original intelligible message
 Ciphertext
 The transformed message

Cryptography and Network Security

 Basic Concepts
 Cipher
 An algorithm for transforming an intelligible message
into unintelligible by transposition and/or substitution
 Key
 Some critical information used by the cipher, known
only to the sender & receiver
 Encipher (encode)
 The process of converting plaintext to ciphertext
 Decipher (decode)
 The process of converting ciphertext back into
plaintext
Cryptography and Network Security
 Basic Concepts
 Cryptanalysis
 The study of principles and methods of transforming an
unintelligible message back into an intelligible message
without knowledge of the key. Also called
codebreaking
 Cryptology
 Both cryptography and cryptanalysis
 Code
 An algorithm for transforming an intelligible message
into an unintelligible one using a code-book

Cryptography and Network Security

 Encryption and Decryption

Decipher P = D(K2)(C)
Plaintext ciphertext

Encipher C = E(K1)(P)

K1, K2: from keyspace

Cryptography and Network Security
 Security
 Two fundamentally different security
 Unconditional security
 No matter how much computer power is available,
the cipher cannot be broken
 Computational security
 Given limited computing resources (e.G time
needed for calculations is greater than age of
universe), the cipher cannot be broken

Cryptography and Network Security

 History
 Ancient ciphers
 Have a history of at least 4000 years
 Ancient Egyptians enciphered some of their
hieroglyphic writing on monuments
 Ancient Hebrews enciphered certain words in the
scriptures
 2000 years ago Julius Caesar used a simple substitution
cipher, now known as the Caesar cipher
 Roger bacon described several methods in 1200s

Cryptography and Network Security

Classical Cryptographic Techniques
 Two basic components of classical ciphers:
 Substitution: letters are replaced by other letters
 Transposition: letters are arranged in a different order
 These ciphers may be:
 Monoalphabetic: only one substitution/ transposition
is used, or
 Polyalphabetic:where several substitutions/
transpositions are used
 Product cipher:
 several ciphers concatenated together
Cryptography and Network Security
 Encryption and Decryption

Plaintext
ciphertext

Encipher C = E(K)(P) Decipher P = D(K)(C)

Key source

Cryptography and Network Security

 Key Management
 Using secret channel
 Encrypt the key
 Third trusted party
 The sender and the receiver generate key
 The key must be same

Cryptography and Network Security

 Attacks
 Recover the message
 Recover the secret key
 Thus also the message
 Thus the number of keys possible must be
large!

Cryptography and Network Security

 Possible Attacks
 Ciphertext only
 Algorithm, ciphertext
 Known plaintext
 Algorithm, ciphertext, plaintext-ciphertext pair
 Chosen plaintext
 Algorithm, ciphertext, chosen plaintext and its ciphertext
 Chosen ciphertext
 Algorithm, ciphertext, chosen ciphertext and its plaintext
 Chosen text
 Algorithm, ciphertext, chosen plaintext and ciphertext

Cryptography and Network Security

 Steganography
 Conceal the existence of message
 Character marking
 Invisible ink
 Pin punctures
 Typewriter correction ribbon

 Cryptography renders message

unintelligible!

Cryptography and Network Security

 Contemporary Equiv.
 Least significant bits of picture frames
 2048x3072 pixels with 24-bits RGB info
 Able to hide 2.3M message

 Drawbacks
 Large overhead
 Virtually useless if system is known

Cryptography and Network Security

 Caesar Cipher
 Replace each letter of message by a letter a
fixed distance away (use the 3rd letter on)
 Reputedly used by Julius Caesar
 Example:

L FDPH L VDZ L FRQTXHUHG

I CAME I SAW I CONGUERED
 The mapping is
ABCDEFGHIJKLMNOPQ
RSTUVWXYZ
DEFGHIJKLMNOPQRST
Cryptography and Network Security
UVWXYZABC
 Mathematical Model
 Description

 Encryption E(k) : i  i + k mod 26

 Decryption D(k) : i  i - k mod 26

Cryptography and Network Security

 Cryptanalysis: Caesar Cipher
 Key space: 26
 Exhaustive key search
 Example
 GDUCUGQFRMPCNJYACJCRRCPQ
HEVDVHRGSNQDOKZBDKDSSDQR
 Plaintext: JGXFXJTIUPSFQMBDFMFUUFSTKHYGYKUJVGRNCEGNG VVGTU
 Ciphertext: LIZHZLVKWRUHSODFHOHWWHUVMJAIAMWXSVITPEGI PIXXIVW

Cryptography and Network Security

 Character Frequencies
 In most languages letters are not equally common
 in English e is by far the most common letter
 Have tables of single, double & triple letter frequencies
 Use these tables to compare with letter frequencies in ciphertext,
 a monoalphabetic substitution does not change relative letter frequencies
 do need a moderate amount of ciphertext (100+ letters)

Cryptography and Network Security

 Letter Frequency Analysis
 Single Letter
 A,B,C,D,E,…..

 Double Letter
 TH,HE,IN,ER,RE,ON,AN,EN,….

 Triple Letter
 THE,AND,TIO,ATI,FOR,THA,TER,RES,…

Cryptography and Network Security

 Modular Arithmetic Cipher
 Use a more complex equation to calculate
the ciphertext letter for each plaintext letter
 E(a,b) : i ai + b mod 26
 Need gcd(a,26) = 1
 Otherwise, not reversible
 So, a2, 13, 26
 Caesar cipher: a=1

Cryptography and Network Security

 Cryptanalysis
 Key space:23*26
 Brute force search
 Useletter frequency counts to guess a
couple of possible letter mappings
 frequency pattern not produced just by a
shift
 use these mappings to solve 2 simultaneous
equations to derive above parameters
Cryptography and Network Security
 Playfair Cipher
Used in WWI and WWII

s i/j m p l
e a b c d
f g h k n
o q r t u
v w x y z
Key: simple

Cryptography and Network Security

 Playfair Cipher
 Use filler letter to separate repeated letters
 Encrypt two letters together
 Same row– followed letters
 ac--bd
 Same column– letters under
 qw--wi
 Otherwise—square’s corner at same row
 ar--bq
Cryptography and Network Security
 Analysis
 Size of diagrams: 25!
 Difficult using frequency analysis
 But it still reveals the frequency information

Cryptography and Network Security

 Hill Cipher
 Encryption
 Assign each letter an index
 C=KP mod 26
 Matrix K is the key

 Decryption
 P=K-1C mod 26

Cryptography and Network Security

 Analysis
 Difficult
to use frequency analysis
 But vulnerable to known-plaintext attack

Cryptography and Network Security

 Polyalphabetic Substitution
 Usemore than one substitution alphabet
 Makes cryptanalysis harder
 since have more alphabets to guess
 and flattens frequency distribution
 same plaintext letter gets replaced by several
ciphertext letter, depending on which alphabet is
used

Cryptography and Network Security

 Vigenère Cipher
 Basically multiple Caesar ciphers
 key is multiple letters long
 K = k1 k2 ... kd
 ith letter specifies ith alphabet to use
 use each alphabet in turn, repeating from start after d
letters in message
 Plaintext THISPROCESSCANALSOBEEXPRESSED
Keyword CIPHERCIPHERCIPHERCIPHERCIPHE
Ciphertext VPXZTIQKTZWTCVPSWFDMTETIGAHLH

Cryptography and Network Security

 One-time Pad
 GilbertVernam (AT&T)
 Encryption
 C=PK

 Decryption
 P=CK

 Difficulty: key K is as long as message P

Cryptography and Network Security

 Transposition Methods
 Permutation of plaintext
 Example
 Write in a square in row, then read in column
order specified by the key
 Enhance: double or triple transposition
 Can reapply the encryption on ciphertext

Cryptography and Network Security

 Chapter-3

SYMMETRIC-KEY CRYPTOGRAPHY

Symmetric-key cryptography started thousands of years

ago when people needed to exchange secrets (for
example, in a war). We still mainly use symmetric-key
cryptography in our network security. However, today’s
ciphers are much more complex.
Topics discussed in this section:
Traditional Ciphers
Simple Modern Ciphers
Modern Round Ciphers
Mode of Operation

30.58
 Figure 30.7 Traditional
ciphers

30.59
Note

A substitution cipher replaces one

symbol with another.
30.61
 Example 30.1
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?

Solution
The cipher is probably monoalphabetic because both
occurrences of L’s are encrypted as O’s.

30.62
 Example 30.2
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?

Solution
The cipher is not monoalphabetic because each
occurrence of L is encrypted by a different character.
The first L is encrypted as N; the second as Z.

30.63
 The shift cipher is sometimes referred to
as the Caesar cipher.

30.64
 Example 30.3
Use the shift cipher with key = 15 to encrypt the message
“HELLO.”

Solution
We encrypt one character at a time. Each character is
shifted 15 characters down. Letter H is encrypted to W.
Letter E is encrypted to T. The first L is encrypted to A.
The second L is also encrypted to A. And O is encrypted
to D. The cipher text is WTAAD.

30.65
 Example 30.4
Use the shift cipher with key = 15 to decrypt the message “WTAAD.”

•Solution
•We decrypt one character at a time. Each character is shifted
15 characters up. Letter W is decrypted to H. Letter T is
decrypted to E. The first A is decrypted to L. The second A is
decrypted to L. And, finally, D is decrypted to O. The
plaintext is HELLO.

30.66
 A transposition cipher reorders
(permutes) symbols in a block of
symbols.

30.67
 Figure 30.8 Transposition
cipher

30.68
 Example 30.5
Encrypt the message “HELLO MY DEAR,” using the key shown in Figure 30.8.
•Solution
•We first remove the spaces in the message. We then divide the
into blocks of four characters. We add a bogus character Z at
end of the third block. The result is HELL OMYD EARZ. We crea
three­block ciphertext ELHLMDOYAZER.

30.69
 Example 30.6
Using Example 30.5, decrypt the message
“ELHLMDOYAZER”.

•Solution
•The result is HELL OMYD EARZ. After removing the bogus character a
combining the characters, we get the original message “HELLO MY
DEAR.”

30.70
 Simple Modern
Ciphers

30.71
 Figure 30.9 XOR
cipher

30.72
 Figure 30.10 Rotation
cipher

30.73
 Figure 30.11 S-
box

30.74
 Figure 30.12 P-boxes: straight, expansion, and
compression

30.75
 Modern Round
Ciphers

30.76
 Figure 30.13
DES

30.77
 Figure 30.14 One round in DES
ciphers

30.78
 Figure 30.15 DES
function

30.79
 Figure 30.16 Triple
DES

30.80
 Table 30.1 AES
configuration

30.81
Note

AES has three different configurations

with respect to the number of rounds
and key size.
 Figure 30.17
AES

30.83
 Figure 30.18 Structure of each
round

30.84
 Figure 30.19 Modes of operation for block
ciphers

30.85
 Figure 30.20 Electronic Code Book mode
(ECB)

30.86
 Figure 30.20 Electronic Code Book mode
(ECB)

30.87
 Figure 30.21 Cipher Block Chaining mode
(CBC)

30.88
 Figure 30.21 Cipher Block Chaining mode
(CBC)

30.89
 Figure 30.22 Cipher FeedBack mode
(CFB)

30.90
 Figure 30.22 Cipher FeedBack mode
(CFB)

30.91
 Figure 30.23 Output FeedBack mode
(OFB)

30.92
 Figure 30.23 Output FeedBack mode
(OFB)

30.93
 30-3ASYMMETRIC-KEY
CRYPTOGRAPHY
An asymmetric-key (or public-key) cipher uses two
keys: one private and one public. We discuss two
algorithms: RSA and Diffie-Hellman.

Topics discussed in this section:

RSA
Diffie-Hellman

30.94
 Figure 30.24 Rivest Shamir Adleman
(RSA)

30.95
 In RSA, e and n are announced to the
public; d and  are kept secret.

30.96
30.97
30.98
 Example 30.7
Bob chooses 7 and 11 as p and q and calculates
n = 7 x 11 = 77. The value of  = (7 − 1) (11 − 1) or 60.
Now he chooses two keys, e and d. If he chooses e to be
13, then d is 37. Now imagine Alice sends the plaintext 5
to Bob. She uses the public key 13 to encrypt 5.

30.99
 Example 30.7 (continued)
Bob receives the ciphertext 26 and uses the private key 37
to decipher the ciphertext:

The plaintext 5 sent by Alice is received as plaintext 5 by

Bob.

30.
30.
 Not
e
The symmetric (shared) key in the
Diffie-Hellman protocol is
K = gxy mod p.

30.
 Procedure

30.
 3. Rotor Machines (1870-1943)
Early example: the Hebern machine (single rotor)

A K E N
B S K E
C T S K
. . T S
. . . T
X R . .
Y N R .
Z key E N R
 Rotor Machines (cont.)
Most famous: the Enigma (3-5 rotors)

# keys = 264 = 218 (actually 236 due to plugboard)

 4. Data Encryption Standard
(1974)
DES: # keys = 256 , block size = 64 bits

Today: AES (2001), Salsa20 (2008) (and many others)

 Review: XOR
XOR of two strings in {0,1}n is their bit-wise addition mod 2

0 1 1 0 1 1 1
⊕
1 0 1 1 0 1 0
 An important property of XOR
Thm: Y a rand. var. over {0,1}n , X an indep. uniform var. on {0,1}n
Then Z := Y⨁X is uniform var. on {0,1}n

Proof: (for n=1)

Pr[ Z=0 ] =