1
INTRODUCTION TO
CRYPTOGRAPHY
Chapter 3: Cryptography
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Problems Addressed by Encryption
Suppose a sender wants to send a message to a
recipient. An attacker may attempt to
Block the message
Intercept the message
Modify the message
Fabricate an authentic-looking alternate message
Cryptography conceals data against unauthorized access
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Encryption Terminology
Sender
Recipient
Transmission medium
Interceptor/intruder
Encrypt, encode, or encipher
Decrypt, decode, or decipher
Cryptosystem
Plaintext : material in intelligible form
Ciphertext : encrypted material
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Encryption/Decryption Process
Key
(Optional)
Plaintext
Encryption
Key
(Optional)
Ciphertext
Decryption
Original
Plaintext
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Symmetric vs. Asymmetric
One key
encrypts and
decrypts
Key
Plaintext
Encryption
Ciphertext
Decryption
Original
Plaintext
(a) Symmetric Cryptosystem
Encryption
Key
Plaintext
Encryption
Decryption
Key
Ciphertext
Decryption
One key
encrypts and
one key decrypts
Original
Plaintext
(b) Asymmetric Cryptosystem
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Stream Ciphers
Key
(Optional)
ISSOPMI
Plaintext
wdhuw
Encryption
Ciphertext
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Block Ciphers
Key
(Optional)
.. XN OI TP ES
Plaintext
IH
Ciphertext
Encryption
po
ba
qc
kd
em
..
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Stream vs. Block
Stream
Block
Advantages
Speed of
transformation
Low error
propagation
High diffusion
Immunity to
insertion of
symbol
Disadvantages
Low diffusion
Susceptibility to
malicious
insertions and
modifications
Slowness of
encryption
Padding
Error
propagation
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
DES: The Data Encryption Standard
Symmetric block cipher
Developed in 1976 by IBM for the US National Institute of
Standards and Technology (NIST)
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�10
AES: Advanced Encryption System
Symmetric block cipher
Developed in 1999 by
independent Dutch
cryptographers
Still in common use
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�11
DES vs. AES
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�12
Public Key (Asymmetric) Cryptography
Instead of two users sharing one secret
key, each user has two keys: one public
and one private
Messages encrypted using the users
public key can only be decrypted using the
users private key, and vice versa
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�13
Secret Key vs. Public Key Encryption
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�14
Public Key to Exchange Secret Keys
1 .,
4. ,
a bc
de
4h
3d e f
tu v
5k l
pq
7r
pq r s
8uv
wxyz
mn
6
o
9y
Bill, give me your public key
Here is my key, Amy
Here is a symmetric key we can use
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�15
Key Exchange Man in the Middle
1,
.,
ab
4g
ef
6d
ab c
h
i
7q
rs
t uv
xy z
6o
8t u
3 de f
5j k l
pq r
9x
y
z
Bill, give me
your public key
1a No, give it to me
Here is my key, Amy
Here is the middles key 2a
Here is the symmetric k ey
3a Here is another symmetric k ey
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�16
Error Detecting Codes
Demonstrates that a block of data has been modified
Simple error detecting codes:
Parity checks
Cyclic redundancy checks
Cryptographic error detecting codes:
One-way hash functions
Cryptographic checksums
Digital signatures
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�17
Parity Check
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�18
One-Way Hash Function
M
Encrypted for
authenticity
Hash
function
Message
digest
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�19
Digital Signature
Mark fixed
to
document
Mark only
the sender
can make
Authentic
Unforgeable
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�20
Certificates: Trustable Identities and
Public Keys
A certificate is a public key and an identity
bound together and signed by a certificate
authority.
A certificate authority is an authority that
users trust to accurately verify identities
before generating certificates that bind
those identities to keys.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�21
Certificate Signing and Hierarchy
To create Dianas certificate:
To create Delwyns certificate:
Diana creates and delivers to Edward:
Delwyn creates and delivers to Diana:
Name: Diana
Position: Division Manager
Public key: 17EF83CA ...
Name: Delwyn
Position: Dept Manager
Public key: 3AB3882C ...
Edward adds:
Name: Diana
Position: Division Manager
Public key: 17EF83CA ...
Diana adds:
hash value
128C4
Edward signs with his private key:
Name: Diana
Position: Division Manager
Public key: 17EF83CA ...
Which is Dianas ce rtificate.
Name: Delwyn
Position: Dept Manager
Public key: 3AB3882C ...
hash value
48CFA
Diana signs with her private key:
hash value
128C4
Name: Delwyn
Position: Dept Manager
Public key: 3AB3882C ...
hash value
48CFA
And appends her certificate:
Name: Delwyn
Position: Dept Manager
Public key: 3AB3882C ...
hash value
48CFA
Name: Diana
Position: Division Manager
Public key: 17EF83CA ...
hash value
128C4
Which is Delwyns certificate.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�22
Cryptographic Tool Summary
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
�23
Summary
Encryption helps prevent attackers from revealing,
modifying, or fabricating messages
Symmetric and asymmetric encryption have
complementary strengths and weaknesses
Certificates bind identities to digital signatures
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
