Week 2

About This Presentation

Title:

Week 2

Description:

Week 2 Cryptography * * * * Stallings Fig 9-1. * * * * * The idea of public key schemes, and the first practical scheme, which was for key distribution only, was ... – PowerPoint PPT presentation

Number of Views:458

Avg rating:3.0/5.0

Slides: 162

Provided by: jal3

Category:

more less

Transcript and Presenter's Notes

Title: Week 2

1
Week 2 Cryptography
2
Cryptography Concepts
3
Cryptography
Latin
Crypt
secret
Cryptography
Graphia
writing

Concerned with developing algorithms
Conceal the context of some message from all
except the sender and recipient (privacy or
secrecy),
and/or

4
Cryptography

Concerned with developing algorithms
Verify the correctness of a message to the
recipient
(authentication)
Form the basis of many technological solution to
computer
and communications security problems

cryptography - study of encryption
principles/methods
5
Goals Setting

To ensure security of communication across
an insecure channel.
The ideal channel

Dedicated, untappable, impenetrable
Pipe/tube
6
Secure Channel
ISP/Office
7
Secure Channel
8
Secure Channel
9
Secure Channel
10
Secure Channel
11
Secure Channel
12
Secure Channel
Authenticated
13
Secure Channel
14
Secure Channel
Connected
15
Secure Channel
Connection Established
ISP/Office
16
Goal Setting
Adversary (Attacker)
The source of all possible threats
Not all aspect of an ideal channel can be
emulated
17
Basic Terminology

plaintext - the original message
ciphertext - the coded message
cipher - algorithm for transforming plaintext to
ciphertext
key - info used in cipher known only to
sender/receiver
encipher (encrypt) - converting plaintext to
ciphertext
decipher (decrypt) - recovering ciphertext to
plaintext

18
Simple Process
Receiver
Sender
Plaintext
Plaintext
The secret message is You can get A-/A in
SKR5200 (however depend on you)
The secret message is You can get A-/A in
SKR5200 (however depend on you)
Encryption
Decryption
ciphertext
hjfjghkf_at__at_jklll 098GHJFD!_at_
19
Categories of cryptography
20
Comparison between two categories of cryptography
21
Encryption Method
Cryptography
Symmetric Encryption
Asymmetric Encryption

uses two keys a public a private key
asymmetric since parties are not equal
uses clever application of number
theoretic concepts to function
complements rather than replaces
private key crypto

conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are
private-key

22
Symmetric Encryption
23
Symmetric Encryption Technique
Symmetric Encryption
Classical
Modern
Stream cipher
Block cipher
24
Symmetric Encryption

conventional / private-key / single-key
sender and recipient share a common key
2 Techniques Classical Modern
Classical Techniques
Substitution
Caesar Cipher
Monalphabatic Cipher
Playfair Cipher
Hill Cipher
Polyalphabetic Cipher
One-Time Pad
Transposition
Rotor Machines
Steganography
Modern Techniques

25
Basic of Symmetric Cryptography
Classical Substitution Cipher
Classical Transpositions Cipher
Summary
26
Symmetric Encryption

or conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are
private-key
was only type prior to invention of public-key in
1970s

27
Basic Terminology

plaintext - the original message
ciphertext - the coded message
cipher - algorithm for transforming plaintext to
ciphertext
key - info used in cipher known only to
sender/receiver
encipher (encrypt) - converting plaintext to
ciphertext
decipher (decrypt) - recovering ciphertext from
plaintext
cryptography - study of encryption
principles/methods
cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext
without knowing key
cryptology - the field of both cryptography and
cryptanalysis

28
Symmetric Cipher Model
29
Requirements

two requirements for secure use of symmetric
encryption
a strong encryption algorithm
a secret key known only to sender / receiver,
have
plaintext X
ciphertext Y
key K
encryption algorithm Ek
decryption algorithm Dk
Ciphertext Y EK(X) Plaintext X DK(Y)
assume encryption algorithm is known
implies a secure channel to distribute key

30
Cryptography

can characterize by
type of encryption operations used
substitution / transposition / product
number of keys used
single-key or private / two-key or public
way in which plaintext is processed
block / stream

31
Types of Cryptanalytic Attacks

ciphertext only
only know algorithm / ciphertext, statistical,
can identify plaintext
known plaintext
know/suspect plaintext ciphertext to attack
cipher
chosen plaintext
select plaintext and obtain ciphertext to attack
cipher
chosen ciphertext
select ciphertext and obtain plaintext to attack
cipher
chosen text
select either plaintext or ciphertext to
en/decrypt to attack cipher

32
Simple Question

What are the essential ingredients of a symmetric
cipher?
How many keys are required for two people to
communicate via a cipher?

33
Simple Question

What are the essential ingredients of a symmetric
cipher?
Plaintext, encryption algorithm, secret key,
ciphertext, decryption algorithm.
How many keys are required for two people to
communicate via a cipher?
One secret key.

34
Basic of Symmetric Cryptography
Classical Substitution Cipher
Classical Transpositions Cipher
Summary
35
Classical Substitution Ciphers

where letters of plaintext are replaced by other
letters or by numbers or symbols
or if plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns

36
Caesar Cipher

earliest known substitution cipher
by Julius Caesar
first attested use in military affairs
replaces each letter by 3rd letter on
example
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB

37
Caesar Cipher

can define transformation as
Plain a b c d e f g h i j k l m n o p q r s t u
v w x y z
CipherD E F G H I J K L M N O P Q R S T U V W X
Y Z A B C
mathematically give each letter a number
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
then have Caesar cipher as
C E(p) (p k) mod (26)
p D(C) (C k) mod (26)

38
Example 1

Caesar used a shift of 3
Using this encryption, the message
treaty impossible
Would be encoded as
t r e a t y i m p o s s i b l e
WUHDWB LP S RVVLEOH

39
Example 2

Caesar used a shift of 5
Using this encryption, the message
treaty impossible
Would be encoded as
t r e a t y i m p o s s i b l e

40
To test your understanding
Ceasar wants to arrange a secret meeting with
Marc Anthony, either at the Tiber (the river) or
at the Colisuem (the arena). He sends the
ciphertext EVIRE. However, Anthony doest not know
the key, so he tries all possibilities. Where
will he meet Caesar?
41
To test your understanding
Ceasar wants to arrange a secret meeting with
Marc Anthony, either at the Tiber (the river) or
at the Colisuem (the arena). He sends the
ciphertext EVIRE. However, Anthony doest not know
the key, so he tries all possibilities. Where
will he meet Caesar? Among the shifts of EVIRE,
there are two words arena and river. Therefore,
Anthony cannot determine where to meet Caesar.
42
Cryptanalysis of Caesar Cipher

only have 26 possible ciphers
A maps to A,B,..Z
could simply try each in turn
a brute force search
given ciphertext, just try all shifts of letters
do need to recognize when have plaintext
eg. break ciphertext "GCUA VQ DTGCM"

43
Summary of Substitutions
Substitutions are effective cryptographic
devices. In fact, they were the basis of many
cryptographic algorithms used for diplomatic
communication through the first half of the
century. But substitution is not only kind of
encryption technique. The goal of substitution is
confusion the encryption method is an attempt
to make it difficult for cryptanalyst or intruder
to determine how a message and key were
transformed into ciphertext.
44
Basic of Symmetric Cryptography
Classical Substitution Cipher
Classical Transpositions Cipher
Summary
45
Transpositions (permutations)
A transposition is an encryption in which the
letters of the message are re arranged. With
transposition is an encryption in which the
letters of the message are rearranged. With
transposition, the cryptography aims for
diffusion, widely spreading the information from
the message or key across the ciphertext.
Transpositions try to break established patterns.
Because a transposition is re arranged of the
symbols of a message, it also known as a
permutation.
46
Transposition Ciphers

now consider classical transposition or
permutation ciphers
these hide the message by rearranging the letter
order
without altering the actual letters used
can recognise these since have the same frequency
distribution as the original text

47
Rail Fence cipher

write message letters out diagonally over a
number of rows
then read off cipher row by row
eg. write message out as
meet me after the toga party
giving ciphertext
MEMATRHTGPRYETEFETEOAAT

48
Row Transposition Ciphers

a more complex scheme is to write the message in
a rectangle, row by row, and read the message
off, column by column, but permute the order of
the columns. The order of the columns then
becomes the key of the algorithm.
write letters of message out in rows over a
specified number of columns
then reorder the columns according to some key
before reading off the rows
Key 4 3 1 2 5 6 7
Plaintext a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ

49
Product Ciphers

ciphers using substitutions or transpositions are
not secure because of language characteristics
hence consider using several ciphers in
succession to make harder, but
two substitutions make a more complex
substitution
two transpositions make more complex
transposition
but a substitution followed by a transposition
makes a new much harder cipher
this is bridge from classical to modern ciphers

50
Basic of Symmetric Cryptography
Classical Substitution Cipher
Classical Transpositions Cipher
Summary
51
Summary
Stream cipher that is, they convert one symbol
of plaintext immediately into a symbol of
ciphertext. (The exception is the columnar
transposition cipher). The transformation depends
only on the symbol, the key, and the control
information of the enciperment algorithm. A
model of stream enciphering is shown
Encryption
wdhuw
ISSOPMI
Plain text
Ciphertext
Key (optional)
52
Summary
Some kinds of errors, such as skipping a
character in the key during encryption, affect
the encryption of all future characters. However,
such errors can sometimes be recognized during
encryption because the plan text will be
properly recovered up to a point, and then all
following characters will be wrong.
If that is the case, the receiver may be able to
recover from the error by dropping a character of
the key on the receiving end. Once the receiver
has successfully recalibrated the key with the
ciphertext, there will be no further effects from
this error.
To address this problem and make it harder for
cryptanalyst to break the code, Therefore, a
block chipper has been introduced.
53
Summary easy to break
The Caesar Cipher allows simple straightforward
encoding and decoding. Therefore, it allows
unauthorized message recipients to crack such
encoded messages easily. If an eavesdropper
manages to obtain the encoded message, he only
has to test the 26 possible shifts in order to
find the original message. This message-cracking
attack is called brute force and is best
performed with the aid of computers. In our
example, however, the pen and pencil approach is
sufficient.
54
Summary easy to break
eulqj fvmrk gwnsl hxotm iypun jzqvo karwp lbsxq mc
tyr nduzs oevat pfwbu ogxcv
rhydw sizex tjafy ukbgz vlcha wmdib xnejc yofkd zp
gle aqhmf arena csjoh dtkpi
55
Classical Techniques
Substitution Technique

where letters of plaintext are replaced by other
letters or by numbers or symbols
or if plaintext is viewed as a sequence of bits,
then substitution involves replacing
plaintext bit patterns with ciphertext bit
patterns.

Transposition Technique

transposition or permutation ciphers
these hide the message by rearranging the letter
order
without altering the actual letters used
can recognise these since have the same
frequency distribution as the original text

56
Stream Cipher Structure

A typical stream cipher encrypts plaintext one
byte at a time.
Use a key as input to a pseudorandom bit
generator that
produces a stream of 8-bit numbers that are
apparently random.
Pseudorandom stream is one that is unpredictable
without knowledge of the
input key.

Key K
Key K
Pseudorandom byte Generator (key stream
generator)
Pseudorandom byte Generator (key stream
generator)
K
K
Ciphertext Byte stream C
Plaintext Byte stream M
Plaintext Byte stream M

Encryption
Decryption
57
Stream Cipher Structure

The output of the generator, called a keystream,
is combined one byte at a time
with the plaintext stream using the bitwise
exclusive-OR (XOR) operation.

11001100 Plaintext
01101100 key stream

10100000 Ciphertext
Decryption requires the use of the same
pseudorandom sequence
10100000 Ciphertext
01101100 key stream

11001100 Plaintext
58
Symmetric Encryption Technique
Symmetric Encryption
Classical
Modern
Focus
Stream cipher
Block cipher
59
Block Ciphers / Feistel Cipher
60
Block Ciphers

A block cipher is one in which a block of
plaintext is treated as a
whole and used to produce a ciphertext block of
equal length.
Typically, a block size of 64 or 128 bits is
used.
Block cipher algorithms can operate in many
Modes. A block cipher
algorithm can be a
Electronic Codebook Mode
Cipher block Chaining Mode
Cipher Feedback Mode
Output Feedback Mode
Counter Mode
provide secrecy and/or authentication services

61
Feistel Cipher Design Principles

block size
increasing size improves security, but slows
cipher
key size
increasing size improves security, makes
exhaustive key searching harder, but may slow
cipher
number of rounds
increasing number improves security, but slows
cipher
subkey generation
greater complexity can make analysis harder, but
slows cipher
round function
greater complexity can make analysis harder, but
slows cipher
fast software en/decryption ease of analysis
are more recent concerns for practical use and
testing

62
Block Cipher Design

Divide input bit stream into n-bit sections,
encrypt only that section, no
dependency/history between sections

In a good block cipher, each output bit is a
function of all n input bits and all k key bits

63
Fiestel Cipher Encryption
Plaintext
Ln 1 Rn
64
Fiestel Cipher Encryption
65
Fiestel Cipher Decryption
Rn Ln - 1
Ln
66
Fiestel Cipher Decryption
Plaintext
Rn
Ln
Round 1
Round i
Round n
Ciphertext
67
Fiestel Cipher Decryption
Plaintext
Rn
Ln
Round 1
Round i
Round n
Ciphertext
68
Fiestel Cipher Algorithm
Input T 2t bits of clear text k1, k2, ...,
kr r round keys f a block cipher with bock
size of t Output C 2t bits of cipher
text Algorithm (L0, R0) T, dividing T in
two t-bit parts (L1, R1) (R0, L0 f(R0,
k1)) (L2, R2) (R1, L1 f(R1, k2)) ......
C (Rr, Lr), swapping the two parts is the
XOR operation.
69
One of Security Implementations
ATM PIN SECURITY
70
ATM Introduction

Automated Teller Machines (ATM) have become
ubiquitous and let you withdraw money from
your bank account 24 hrs a day and 7 days a week
with your ATM card. The ATM card
constitutes of two things
the Card number and
the Personal Identification Number or PIN.
Each bank issues a card number that is unique to
each customer. If it is a debit card, the card
number will also be unique worldwide.
The PIN is like a password to verify a
customers authenticity.
Cash dispensers in the ATM verify both the card
number and the PIN.

71
Working Principle of ATM

The ATM systems have three main components
Cash dispenser, ATM Server and PIN machine.
The Cash dispenser reads the Card number and the
PIN entered by a customer and sends
them to a central ATM Server.
The ATM Server has a database which stores ATM
card no. and PIN details.
The third component, the PIN machine is used to
authenticate the customer s ATM PIN.
It is directly connected to the ATM Server and
is a tamper proof device that stores a single
secret key.

72
Working Principle of ATM
Leased Line
ATM Server
PIN Machine
Customer Account Holding Server
73
Working Principle of ATM

After the customer enters an ATM counter, he
inserts his ATM card into the machine and
types his PIN on a numeric keypad.
The Cash dispenser reads the card number from
the magnetic strip and the PIN that he has
typed and sends them to the ATM Server.
The ATM Server verifies the PIN against the card
number with the help of the PIN machine
and sends a positive or negative
acknowledgement to the Cash dispenser.
At this point, the customer is authenticated and
can use his account.

74
ATM PIN Security

The security of the ATM PIN is a critical
element in the entire process.
There are two ways that an attacker could try to
get the ATM PIN
He could either sniff the network when the Cash
dispenser is transmitting the PIN to
ATM Server or
he could compromise the ATM Server and PIN
machine to extract the PIN of a user.
How these threats have been addressed in todays
ATM systems?
how.

75
ATM PIN Security

To prevent the sniffing of the PIN during the
transmission, PIN is encrypted using DES
or 3DES encryption algorithm and then
transmitted from Cash dispenser to ATM Server.
The shared secret key is stored in Cash
dispenser as well as in ATM Server. This
application
stores the shared DES key in encrypted form
using vendors proprietary algorithm (e.g. ACI
ATM software).
The solution for the second problem is
interesting. The system splits each customers
PIN into
two parts and stores them in two different
machines. So even if one of the machines is
compromised, the PIN is still secure. Now the
problem is of course how to split the PIN
securely into two parts. Here we also have to
keep in mind that customer can always change
his PIN.

76
ATM PIN Security

An algorithm has been designed that allows the
customers PIN to be split and
also allows the customer to change his PIN.
Let the customer PIN be a and lets say it is
split into two parts b and c .
a b c
b is a variable part of the PIN and is called
PIN Offset.
The PIN Offset is stored in the ATM
Server
c is the constant part of the PIN and is called
Natural PIN.
The Natural PIN is generated in the
PIN machine each time.
How does the PIN Machine generate the constant c
for each customer and yet keep it a secret?
Remember that the ATM card number of a customer
is unique. So, the constant part c can be
a cryptographic function of the card number.
c f (card)

77
ATM PIN Security
There are different methods to derive a constant
number from a card number and a popular method is
to derive it using the DES algorithm. The PIN
machine stores a DES key in its Electrically
Erasable Programmable Read Only Memory (EEPROM).
This key is used to encrypt the card number and
generate DES encrypted value.
The DES key is stored in the EEPROM of the
machine. EEPROM is chip which is fixed on
machines circuit board. To retrieve the key,
one has to open the box case, remove the circuit
board from the box, connect the EEPROM to a
EEPROM reader to get the key. So physical
security is very important for ATM Server room.
78
ATM PIN Security
Card DES key DES encrypted value This DES
encrypted value is then converted into
decimalized form and the first four digits of the
value are taken. That is the Natural PIN, c .
Once again, to summarize, the path is DES
encrypted value ? Decimalized value ? First 4
digits of the value c The Natural PIN, the
constant part, c is not stored anywhere in the
entire process. Nobody can get the PIN by
compromising the PIN machine. The PIN Offset or
b is the variable part. When a customer changes
his/her PIN only this part is changed. So even if
the ATM Server is compromised only b will be
revealed and it is useless without c to get
actual Customer PIN a .
The DES key is stored in the EEPROM of the
machine. EEPROM is chip which is fixed on
machines circuit board. To retrieve the key,
one has to open the box case, remove the circuit
board from the box, connect the EEPROM to a
EEPROM reader to get the key. So physical
security is very important for ATM Server room.
79
ATM PIN Authentication Process

The mechanism for authenticating the ATM PIN is
quite simple. When a customer inserts his
ATM card and type the PIN, the card number and
PIN are sent to the ATM Server encrypted.
The ATM Server decrypts the card number and the
PIN it first validates the card number
against its database.
The valid card number, the PIN Offset b of that
card and the PIN typed by the customer are
sent to the PIN machine.
Now the PIN machine generates the Natural PIN c
from the card no., adds it with PIN Offset b
and generates the true Customer PIN a .
Then it compares the actual Customer PIN a with
the customer supplied PIN. If the two of
them matched then it sends positive
acknowledgement to ATM Server indicating that the
customer is authenticated.
Note that in this process, the Natural PIN never
leaves the tamper proof PIN Machine, and
the PIN machine does not have to store
individual PINs of all the users. Instead, it
securely
stores the DES key for generating the Natural
PIN from each users card number.

80
Generation Distribution of ATM PIN

The ATM system deals with critical customer
information and is more secure by design.
But there can still be security risks during the
generation and distribution of a new card and PIN
.
The Card number is generated by the ATM Server
and the PIN is generated by the PIN
machine from the card number as mentioned
above.
But for the first time, the PIN Offset of the
new PIN is randomly generated by the PIN machine.
There are two ways to print the PIN mailer.
In the first method, the operator will generate
a new PIN using the PIN machine,
get the PIN and generate the printout of the
PIN mailer.
In the second method, the operator requests the
PIN machine to generate a new PIN.
The PIN machine generates the PIN and
directly prints it to a connected printer and
seals
the print mailer before giving it to the
operator.
The second method is clearly more secure than
first one as the operator never comes to know

81
Modern Techniques (Block Ciphers) Asymmetric
Cipher
82
Using Key in Cryptography
83
Definition of Key

A sequence of symbols that controls the operation
of a cryptographic transformation (e.g.
encipherment, decipherment).
In practice a key is normally a string of bits
used by a cryptographic algorithm to transform
plain text into cipher text or vice versa. The
key should be the only part of the algorithm that
it is necessary to keep secret.

84
Key Length

The key length is usually expressed in bits, 8
bits to one byte. Bytes are a more convenient
form for storing and representing keys because
most computer systems use a byte as the smallest
unit of storage (the strict term for an 8-bit
byte is octet).
Just remember that most encryption algorithms
work with bit strings. It's up to the user to
pass them in the required format to the
encryption function they are using. That format
is generally as an array of bytes, but could be
in hexadecimal or base64 format.
In theory, the longer the key, the harder it is
to crack encrypted data. The longer the key,
however, the longer it takes to carry out
encryption and decryption operations.

85
Analogy - Strength
86
Analogy - Breaking
87
Key Length

Block cipher encryption algorithms like AES and
Blowfish work by taking a fixed-length block of
plaintext bits and transforming it into the same
length of ciphertext bits using a key.
Most other block cipher encryption methods have a
fixed length key. For example, DES has a 64-bit
key (but only uses 56 of them) and Triple DES has
a 192-bit key (but only uses 168 of them).
IDEA uses a 128-bit key.
The Advanced Encryption Algorithm (AES) has a
choice of three key lengths 128, 192 or 256
bits.
Public key encryption algorithms like RSA
typically have key lengths in the order of
1000-2000 bits. Be careful with the difference in
key lengths for block cipher algorithms and
public key algorithms.
192-bit Triple DES key is equivalent in security
terms to a 2048-bit RSA key, and an AES-128 key
is equivalent to a 3072-bit RSA key

88
Relevant of Key Length

To crack some ciphertext encrypted with a 64-bit
key by the brute-force method of trying every
combination of keys possible means you have 264
possible combinations or 1.8 x 1019 (that's 18
followed by 18 naughts).
We can expect, on the average, to find a correct
answer in half this number of tries. If we have a
computer that can carry out one encryption
operation every millisecond, it will take about
292 million years to find the correct value.
Speed up your computer by a million times and it
will still take about 3 centuries to solve.
The equivalent brute force technique for a
128-bit key will, in theory, take a "long time",
probably past the expected life of the universe.
But, in practice, a set of supercomputers
operating in parallel can crack a 64-bit key in a
relatively short time.
If an attacker has access to a large selection of
messages all encrypted with the same key, there
are other techniques that can be used to reduce
the time to derive the key.

89
How do encryption schemes fail?

Most encryption schemes are cracked not by brute
force trying of all possible combinations of key
bits, but by using other knowledge about how the
sender derived the key.
This could be a faulty random number generator
known to used by the system, or knowledge that
the user derived the key solely from a password
of only the letters a to z, or just used simple
English words. Or perhaps by finding out the
keystrokes typed on the keyboard by the user with
a keystroke logger, or by bribing (or torturing)
someone to give them the key, or by reading the
post-it note the user has conveniently left on
the side of the computer with the password
written on it. The traps are many and subtle and
even the experts get it wrong.
Why spend hours trying to pick the expensive
security lock when the owner of the house has
left a window open?

90
How do encryption schemes fail?

Strictly, it's not the length of the key, but the
"entropy" in the method used to derive the key.
There is approximately one bit of entropy in an
normal ASCII character.
If you derive a 128-bit key from a password or
pass phrase, you will need a very long pass
phrase to get enough theoretical entropy in the
key to match the security of the underlying key
length Bruce Schneier estimates that you need a
98-character English pass phrase for a 128-bit
key. Most people can't be bothered with such a
cumbersome pass phrase.

91
How do encryption schemes fail?

Using AES with a 128-bit key should provide
adequate security for most purposes. The longer
you intend to keep the encrypted data secret, the
longer the key you should use, on the principle
that cracking techniques will continue to improve
over time. Bruce Schneier recommends a 256-bit
key for data you intend to keep for 20-30 years.
No one is going to criticise you for using a key
that is too long provided your software still
performs adequately. However, the biggest danger
in using a key that is too large is the false
sense of security it provides to the implementers
and users. "Oh, we have n-million-bit security in
our system" may sound impressive in a marketing
blurb, but the fact that your private key is not
adequately protected or your random number
generator is not random or you have used an
insecure algorithm may mean that the total
security is next to useless.
Remember it is the security of the total system
that counts, including procedures followed by
users.

92
Choice of Algorithm

Whatever you use, use an accepted algorithm
DES, Triple DES, RSA, AES, Blowfish, IDEA, etc.
Don't try making up your own algorithm we
(learners) aren't that good. The only secret
should be in the value of the key.

93
Password, Pass Phrase Key

People often get confused between "password" and
"key". A password is typically a series of ASCII
characters typed at a keyboard, e.g. "hello123"
or "my secret pass phrase". This makes it easier
for users to remember. They are, of course, much
easier to crack because there are significantly
fewer combinations to choose from.
A pass phrase is simply a password that consists
of several words in a string, e.g. "she sells sea
shells", so the terms "password" and "pass
phrase" are equivalent for our purposes. In
principle, a pass phrase makes it easier for a
user to remember a long combination of
characters. In practice, this adds to security
only if the pass phrase is something known only
to the user. Don't use quotes from famous
literature - hackers read them, too.

94
Password, Pass Phrase Key

A password is typically a series of ASCII
characters typed at a keyboard, e.g. "hello123"
or "my secret pass phrase". This makes it easier
for users to remember. They are, of course, much
easier to crack because there are significantly
fewer combinations to choose from.
A pass phrase is simply a password that consists
of several words in a string, e.g. "she sells sea
shells", so the terms "password" and "pass
phrase" are equivalent for our purposes. In
principle, a pass phrase makes it easier for a
user to remember a long combination of
characters. In practice, this adds to security
only if the pass phrase is something known only
to the user.
A key used by an encryption algorithm is a bit
string. A 128-bit key will have exactly 128 bits
in it, i.e. 16 bytes. You will often see keys
written in hexadecimal format where each
character represents 4 bits, e.g.
"FEDCBA98765432100123456789ABCDEF" represents 16
bytes or 128 bits. The actual bits in this
example are
1111 1110 1101 1100 1011 1010 1001 1000 0111 0110
0101 0100 0011 0010 0001 0000 0000 0001 0010 0011
0100 0101 0110 0111 1000 1001 1010 1011 1100 1101
1110 1111

95
Just to test 1

In a university, a student needs to encrypt her
password (with a unique symmetric key) before
sending it when she logs in. Does encryption
protect the university or the student? Explain
your answer.

96
Answer for the Just to test 1

In a university, a student needs to encrypt her
password (with a unique symmetric key) before
sending it when she logs in. Does encryption
protect the university or the student? Explain
your answer.
The encryption protects the student and the
university for the first time. However, the
intruder can intercept the encrypted password and
replay the process some other times. The intruder
does not have to know the password in plaintext
the encrypted password suffices for replaying.
The university system cannot determine if the
student has encrypted the message again or the
intruder is replaying it.

How should I derive the key?

98
Just to test 2

What are two basic functions used in encryption
algorithm? Explain how each of these methods
works and please include the example.

99
Answer for the Just to test 2

What are two basic functions used in encryption
algorithm? Explain how each of these methods
works and please include the example.
Substitution and Transposition/Permutation
Substitution
where letters of plaintext are replaced by other
letters or by numbers or symbols. Or if plaintext
is viewed as a sequence of bits, then
substitution involves replacing plaintext bit
patterns with ciphertext bit patterns.
Transposition/Permutation
A transposition is an encryption in which the
letters of the message are re arranged. With
transposition is an encryption in which the
letters of the message are rearranged. With
transposition, the cryptography aims for
diffusion, widely spreading the information from
the message or key across the ciphertext.
Transpositions try to break established patterns.
Because a transposition is re arranged of the
symbols of a message, it also known as a
permutation.

100
Block Cipher

A block cipher is a function E 0,1k x 0,1n ?
0,1n . This notation means that E takes two
inputs, one being a k-bit string and the other an
n-bit string, and returns an n-bit string. The
first input is the key. The second might be
called the plaintext, and the output might be
called a ciphertext. The key-length k and the
block-length n are parameters associated to the
block cipher. They vary from block cipher to
block cipher.

101
Block Cipher

For each key K ? 0,1k we let Ek 0,1n ?
0,1n be the function defined by EK(M) E(K,M).
For any block cipher, and any key K, it is
required that the function EK be a permutation on
0,1n. This means that it is a bijection (ie., a
one-to-one and onto function) of 0,1n to 0,1n
. (For every C ?0,1n there is exactly one M ?
0,1n such that EK(M) C.) Accordingly EK has
an inverse, and we denote it (EK)-1.

102
Block Cipher

This function also maps
0,1n ? 0,1n , and of course we have
(EK)-1(EK(M)) M and
EK ((EK)-1(C)) C
for all M, C ? 0,1n .
We let
E-1 0,1k x 0,1n ? 0,1n be defined by
E-1(K,C) (EK)-1(C). This is the inverse block
cipher to E.
Note
? implies ? set membership
A ? B means if A is true then B is also true if
A is false then nothing is said about B.
a ? S means a is an element of the set S

103
Block Cipher

The block cipher E is a public and fully
specified algorithm. Both the cipher E and its
inverse E-1 should be easily computable, meaning
given K,M we can readily compute E(K,M), and
given K,C we can readily compute E-1(K,C). By
readily compute" we mean that there are public
and relatively efficient programs available for
these tasks.

104
Before Start, Just Review Back
Block Ciphers / Feistel Cipher
DES
DES of Modes Operation
105
DES Data Encryption Standard

A Block cipher
Data encrypted in 64-bit blocks using a 56-bit
key (effective key) Ciphertext is of 64-bit long
Encrypts by series of substitution and
transpositions (or permutations)

106
DES - Basics

DES uses the two basic techniques of cryptography
- confusion and diffusion.
At the simplest level, diffusion is achieved
through numerous permutations and confusions is
achieved through the XOR operation and the
S-Boxes.
This is also called an S-P network.

107
DES - Basics

Fundamentally DES performs only two operations on
its input, bit shifting (permutation), and bit
substitution.
The key controls exactly how this process works.
By doing these operations repeatedly and in a
non-linear manner you end up with a result which
can not be used to retrieve the original without
the key.

108
Input of DES

Data need to be broken into 64-bit blocks add
pad at the last message if necessary.
e.g. X(3 5 0 7 7 F 1 0 A B 1 2 F C 6 5)HEX
Secret key
Any string of 64 bits long including 8 parity
bits.
1 parity bit in each 8-bit byte of the key may be
utilized for error detection in key generation,
distribution, and storage
K(k1k7k8 k15k16k17k24k32 k40 k48 k56
k64)
The parity bits k8,k16,k24,k32,k40,k48,k56,k64
help ensure that each byte is of odd parity

109
DES Block cipher
110
DES Encryption
111
DES Encryption Diagram
64-bit plaintext
Initial permutation
K1
Iteration 1
Iteration 2
K2
16 subkeys of each 48-bits
Iteration 16
K16
32-bit Swap
Inverse permutation
64-bit ciphertext
112
How to use DES?

Four modes of operations were defined for DES in
ANSI standard ANSI X3.106-1983 Modes of Use
subsequently now have 5 for DES and AES
have block and stream modes

113
Handle long messages

Block ciphers encrypt fixed size blocks
eg. DES encrypts 64-bit blocks, with 56-bit key
How to encrypt arbitrary amount of information ?
Message is broken into blocks of 64 bits
At end of message, handle possible last short
block
by padding either with known non-data value (eg
nulls)
or pad last block with count of pad size
eg. b1 b2 b3 0 0 0 0 5 lt- 3 data bytes, then 5
bytes padcount
Then they are encrypted and decrypted in various
combinations of keys and texts.

114

Details for DES, Please refer and read
Stallings, W. (2006). Cryptography and Network
Security. New Jersey Prentice-Hall. Page 63 - 90

115
Chapter 3 Public-Key Cryptography
116
Overview
Symmetric Cryptography Summary
Public-Key Cryptography
Example RSA
Discussion
117
Categories of cryptography
118
ASYMMETRIC-KEY CRYPTOGRAPHY
An asymmetric-key (or public-key) cipher uses two
keys one private and one public. We discuss one
algorithms RSA
Topics discussed in this section
RSA
119
Asymmetric Cryptography
120
Comparison between two categories of cryptography
121
Symmetric Cryptography Summary
Public-Key Cryptography
Example RSA
Discussion
122
Symmetric Concept
Man needs Woman, Woman Needs Money for
shopping
123456696 096785403 657849302 610395867 567484509
121212347
Man needs Woman, Woman Needs Money for
shopping
Authentication only from Alice, therefore is
cannot be altered in transit
No signature - Bob could forge the message
- Sender could deny the message
123
Symmetric Cryptography Summary
Public-Key Cryptography
Example RSA
Discussion
124
Private-Key Cryptography Definition

public-key/two-key/asymmetric cryptography
involves the use of two keys
a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
a private-key, known only to the recipient, used
to decrypt messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures
cannot decrypt messages or create signatures

125
Private-Key Cryptography - Concept

allows users to communicate securely without
having prior access to a shared secret key,
by using a pair of cryptographic keys, designated
as public key and
private key, which are related mathematically.
the private key is generally kept secret, while
the public key may be widely distributed.
In a sense, one key "locks" a lock while the
other is required to unlock it. It should not be
possible to deduce the private key of a pair
given the public key.

126
Public-Key Basic Concept
Message is encrypted
EB
Bobs Public Key (EB)
Bobs Private Key (DB)
127
Public-Key Basic Concept

This model provides no authentication because
any party
could also use Bobs public key to encrypt
Message (M)

128
Private-Key Cryptography
129
Public-Key Cryptography Options
There are many forms of public-key cryptography,
including public key encryption keeping a
message secret from anyone that does not possess
a specific private key. public key digital
signature allowing anyone to verify that a
message was created with a specific private
key. key agreement generally, allowing two
parties that may not initially share a secret
key to agree on one.
130
Private-Key Cryptography
The most obvious application of a public key
encryption system is confidentiality a message
which a sender encrypts using the recipient's
public key can only be decrypted by the
recipient's paired private key. Public-key
digital signature algorithms can be used for
sender authentication. For instance, a user can
encrypt a message with his own private key and
send it. If another user can successfully
decrypt it using the corresponding public key,
this provides assurance that the first user (and
no other) sent it.
131
To Provide Authentication Signature

This model does provide authentication and
digital signature

But, this scheme not provide confidentiality,
because anyone
has Alices public key can decrypt the
ciphertext.

132
To Provide Confidentiality, Authentication and
Signature
Message (M) Plaintext
Message (M) Plaintext
Alice
Ciphertext
Bob
Man needs Woman, Woman Needs Money for
shopping
123456696 096785403 657849302 610395867 567484509
121212347
Man needs Woman, Woman Needs Money for
shopping
123456696 096785403 657849302 610395867 567484509
121212347
123456696 096785403 657849302 610395867 567484509
121212347

Bottleneck The public-key algorithm is complex
and must be exercised
four times rather than two
in each communication

133
Why Public-Key Cryptography?

developed to address two key issues
key distribution how to have secure
communications in general without having to trust
a KDC with your key
digital signatures how to verify a message
comes intact from the claimed sender
Need to read page

134
Public-Key Applications

can classify uses into 3 categories
encryption/decryption (provide secrecy)
digital signatures (provide authentication)
key exchange (of session keys)
some algorithms are suitable for all uses, others
are specific to one

135
Security of Public Key Schemes

like private key schemes brute force exhaustive
search attack is always theoretically possible
but keys used are too large (gt512bits)
security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
more generally the hard problem is known, its
just made too hard to do in practise
requires the use of very large numbers
hence is slow compared to private key schemes

136
Example of Public-Key Cryptographic Techniques

1) Well-regarded public-key techniques include
Diffie-Hellman
RSA encryption algorithm
ElGamal
DSS (Digital Signature Standard), which
incorporates the
Digital Signature Algorithm.
Various Elliptic Curve techniques
Various Password-authenticated key agreement
techniques
Paillier cryptosystem
2) Protocols using asymmetric key algorithms
include
PGP Pretty Good Privacy
GNU Privacy Guard (GPG) an implementation of
OpenPGP
Secure Shell (SSH)
SSL now implemented as an IETF standard
Trasnsport Layer Security (TLS)

137
Course Work Presentation
Symmetric Cryptography Summary
Public-Key Cryptography
Example RSA
Discussion
138
Cryptographers

As previously mentioned, this algorithm was
created by Ron Rivest, Adi Shamir, and Len
Adleman of MIT.
Dr. Ron Rivest received his Bachelors Degree in
Mathematics from Yale University in 1969, while
obtaining his Doctorate Degree in Computer
Science from Stanford University in 1974. He is
most famously known for his work in the RSA
algorithm, along with his creation of the
symmetric key encryption algorithms (RC2, RC4,
RC5, and RC6).
Dr. Rivest is currently working as a senior
Professor of Computer Science in the Department
of Electrical Engineering and Computer Science at
MIT.

139
Cryptographers

Dr. Adi Shamir received his Bachelors Degree in
Mathematics from Tel-Aviv University in 1973, and
received his MSc and PhD Degrees in Computer
Science from the Weizmann Institute of Israel in
1975 and 1977, respectively. During the latter
half of the 1970s Dr. Shamir participated in
research at the facilities of MIT, where he took
part in inventing the RSA algorithm. Apart from
the RSA algorithm, Dr. Shamir is well known for
breaking the Merkle-Hellman cryptosystem and for
his creation of the Shamir secret sharing scheme
(cryptography).
Presently, Dr. Shamir is a faculty member of the
Weizmann Institute in the Department of
Mathematics and Computer Science.

140
Cryptographers

Dr. Len Adleman received his Bachelors Degree in
Mathematics in 1968 and his Doctorate Degree in
Computer Science in 1976 from the University of
California, Berkeley. In addition to his
involvement in designing the RSA algorithm, Dr.
Adleman is widely known for creating the initial
field of DNA Computing at the University of
Southern California (USC).
At the present time Dr. Adleman is working as a
Professor of Computer Science and Molecular
Biology at USC.
In 2002 Dr. Rivest, Dr. Shamir, and Dr. Adleman
received the ACM Turing Award, awarded on behalf
of the Association of Computing Machinery in
recognition of their discovery of the RSA
encryption algorithm. (This award is commonly
referred to as the Nobel Prize of Computer
Science.)

141
RSA
142
Selecting Keys

Bob use the following steps to select the private
and public keys
Bob chooses two very large prime numbers p and q.
Remember that a prime number is one that can be
divided evenly only by 1 and itself.
Bob multiplies the above two primes to find n,
the modulus for encryption and decryption. In
other words, n p x q.
Bob calculate another number ? (p-1) x (q-1).
Bob chooses a random integer e. He then
calculates d so that d x e 1 mod ?.
Bob announces e and n to the public he keeps ?
and d secret.

143
Need To Know
In RSA, e and n are announced to the public d
and F are kept secret.
144
Encryption

Anyone who needs to send a message to Bob can use
n and e. For example, if Alice needs to send a
message to Bob, she can change the message,
usually a short one, to an integer. This is the
plaintext. She then calculates the ciphertext,
using e and n.
Alice sends C, the ciphertext, to Bob.

C Pe (mod n)
145
Decryption

Bob keeps ? and d private. When he receives the
ciphertext, he uses his private key d to decrypt
the message.

P Cd (mod n)
146
Example 2 - Question

Bob chooses 7 and 11 as p and q and calculates n
7- 11 77. The value of Ø(7-1) or 60. Now he
chooses two keys, e and d. if he chooses e to be
13, then d is 37. Now Alice sends the plaintext 5
to Bob. She uses the public key 13 to encrypt 5.

147
Example 2 - Answer

Bob chooses 7 and 11 as p and q and calculates n
7 11 77. The value of Ø(7-1) or 60. Now he
chooses two keys, e and d. if he chooses e to be
13, then d is 37. Now Alice sends the plaintext 5
to Bob. She uses the public key 13 to encrypt 5.

Plaintext 5 C 513 26 mod 77 Ciphertext 26
Bob receives the ciphertext 26 and uses the
private key 37 to decipher the ciphertext
Ciphertext 26 P 2637 5 mod 77 Plaintext
5 Intended message sent by Alice
The plaintext 5 sent by Alice is received as
plaintext 5 by Bob.
148
Example 3
Let me give a realistic example. We choose a
512-bit p and q. We calculate n and ?. We then
choose e and test for relative primeness with
?(n). We calculate d. Finally, we show the
results of encryption and decryption. A program
written in Java/C/C to do so this type of
calculation cannot be done by a calculator.
The integer q is a 160-digit number.
149
Example 3
We calculate n. It has 309 digits
We calculate F. It has 309 digits
150
Example 3
We choose e 35,535. We then find d.
Alice wants to send the message THIS IS A TEST
which can be changed to a numeric value by using
the 0026 encoding scheme (26 is the space
character).
151
Example 3
The ciphertext calculated by Alice is C Pe,
which is.
Bob can recover the plaintext from the ciphertext
by using P Cd, which is
The recovered plaintext is THIS IS A TEST after
decoding.
152
Example 4
Bob chooses 7 and 11 as p and q and calculates n
7 11 77. The value of F (7 - 1) (11 - 1)
or 60. Now he chooses two keys, e and d. If he
chooses e to be 13, then d is 37. Now imagine
Alice sends the plaintext 5 to Bob. She uses the
public key 13 to encrypt 5.
153
Example 4
Bob receives the ciphertext 26 and uses the
private key 37 to decipher the ciphertext
The plaintext 5 sent by Alice is received as
plaintext 5 by Bob.
154
Example 5
Jennifer creates a pair of keys for herself. She
chooses p 397 and q 401. She calculates n
159,197 and F 396 400 158,400. She then
chooses e 343 and d 12,007. Show how Ted can
send a message to Jennifer if he knows e and n.
155
Example 5
Solution Suppose Ted wants to send the message
NO to Jennifer. He changes each character to a
number (from 00 to 25) with each character coded
as two digits. He then concatenates the two coded
characters and gets a four-digit number. The
plaintext is 1314. Ted then uses e and n to
encrypt the message. The ciphertext is 1314343
33,677 mod 159,197. Jennifer receives the message
33,677 and uses the decryption key d to decipher
it as 33,67712,007 1314 mod 159,197. Jennifer
then decodes 1314 as the message NO. Figure
30.25 shows the process.
156
Example 5
157
Example 6 - Question

Alice wants to send a cellphone text message to
Bob securely, over an insecure communication
network. Alice's cellphone has a RSA public key
KA and matching private key VA likewise, Bob's
cellphone has KB and VB. Let's design a
cryptographic protocol for doing this, assuming
both know each other's public keys. Here is what
Alice's cellphone will do to send the text
message m
Alice's phone randomly picks a new AES session
key k and computes c RSA- Encrypt(KB, k), c
AES-CBC-Encrypt(k, m), and t RSA-Sign(VA, (c,
c)).
Alice's phone sends (c, c, t) to Bob's phone.
And here is what Bob's cellphone will do, upon
receiving (c, c, t)
Bob's phone checks that t is a valid RSA
signature on (c, c) under public key KA. If
not, abort.
Bob's phone computes k RSA-Decrypt(VB, c) and
m AES-CBC-Decrypt(k, c).
Bob's phone informs Bob that Alice sent message
m.

158
Example 6 - Question

Does this protocol ensure the confidentiality of
Alice's messages? Why or why not?
Does this protocol ensure authentication and data
integrity for every text message Bob receives?
Why or why not?
Suppose that Bob is Alice's stockbroker. Bob
hooks up the output of this protocol to an
automatic stock trading service, so if Alice
sends a text message Sell 100 shares MSFT using
the above protocol, then this trade will be
immediately and automatically executed from
Alice's account. Suggest one reason why this
might be a bad idea from a security point of view.

159
Example 6 - Answer

Does this protocol ensure the confidentiality of
Alice's messages? Why or why not?
Yes. Since AES-CBC-Encrypt is secure, no one can
recover m from c without knowledge of k. Also,
since RSA-Encrypt is secure, only someone who
knows KBnamely, Bobcan recover k.
Does this protocol ensure authentication and data
integrity for every text message Bob receives?
Why or why not?
Yes. Since RSA-Sign is secure, if (c, c) passes
step 1, then only someone who knew vAnamely,
Alicecould have sent (c, c). Now (c, c)
uniquely determines m, the message that Alice
wanted to send.
Conclusion If Bob accepts m in step 3, then
Alice sent m.

160
Example 6 - Answer

Suppose that Bob is Alice's stockbroker. Bob
hooks up the output of this protocol to an
automatic stock trading service, so if Alice
sends a text message Sell 100 shares MSFT using
the above protocol, then this trade will be
immediately and automatically executed from
Alice's account. Suggest one reason why

Write a Comment

User Comments (0)