Computer Security

Chapter Three:
Cryptography and Encryption Techniques

Contents
 Basic cryptographic terms
 Historical background
Cipher Techniques
 Conventional encryption algorithms
Cryptanalysis
Cryptographic Systems

PREPARED BY:ALEMWORK M. 1
Basic cryptographic terms

Cryptography: process of making and using codes to secure transmission of

information.

The word cryptography,

Comes from Greek words kryptos, meaning hidden, and graphein, meaning to write.
 Meaning “secret writing.” means the art of secret communication.

Cryptology: science of encryption; combines cryptography and cryptanalysis.

 Cryptanalysis: the process of obtaining the original message (or plaintext) from an
encrypted message (or cipher text), without the knowledge of the algorithms and keys
used to perform the encryption. The study of “breaking the code”.
PREPARED BY:ALEMWORK M. 2
Basic cryptographic terms

Cryptosystem: the set of transformations necessary to convert an unencrypted message into

an encrypted message.

Decipher(Decryption): to decrypt or convert cipher text to plaintext.

Encipher(Encryption): to encrypt or convert plaintext to cipher text.

Secret key: Used to set some or all of the various parameters used by the encryption

algorithm. In a classical (symmetric key) cryptography, the same secret key is used for

encryption and decryption

PREPARED BY:ALEMWORK M. 3
 Historical Remarks
History – The Manual Era: Dates back to at least 2000 B.C.
 Pen and Paper Cryptography

History – The Mechanical Era

 Invention of cipher machines

 Examples

 Confederate Army’s Cipher Disk

 Japanese Red and Purple Machines

History – The Modern Era

 Computers!

 Examples

 Lucifer: algorithm was 128 bits, but that of the proposed system was only 56 bits

 Rijndael: used for AES algorithm

 RSA: public-key encryption algorithm

PREPARED BY:ALEMWORK M. 4
Encryption

 Encryption is said to occur when data is passed through a series of

mathematical operations that generate an alternate form of that data; the
sequence of these operations is called an algorithm. Plain
Text
 To hide the meaning

Key Encryption Algorithms

Cipher
Text

PREPARED BY:ALEMWORK M. 5
Encryption

 The two forms of data:

plaintext- unencrypted data and the as

Ciphertext- encrypted data

 The security of encryption lies in the ability of an algorithm to generate ciphertext that is not
easily reverted to the original plaintext.
 Two fundamental approaches are in use:
conventional encryption(symmetric encryption) and
public-key encryption (asymmetric encryption).

PREPARED BY:ALEMWORK M. 6
Cont’d
Cryptography has five ingredients:
• Plaintext
• Encryption algorithm
• Secret Key
• Cipher text
• Decryption algorithm

PREPARED BY:ALEMWORK M. 7
Simplified Encryption Model:

PREPARED BY:ALEMWORK M. 8
Cont’d
Description:

A sender S wanting to transmit message M to a receiver R

To protect the message M, the sender first encrypts it into an
unintelligible message M’
M is called the plaintext
After receipt of M’, R decrypts the message to obtain M
 What we want to encrypt

M’ is called the cipher text

 The encrypted output

PREPARED BY:ALEMWORK M. 9
Cont’d
Given
 P=Plaintext
 C=CipherText
 k=key shared by sender and receiver
C = EK (P) Encryption
P = DK (C) Decryption

PREPARED BY:ALEMWORK M. 10
 Cont’d
o Cryptographic systems are generally classified based on the three independent dimensions:
◦ 1. The type of operation used for transforming plaintext to cipher text: All the encryption
algorithms are based on two general principles,
o Substitution: Here each element in the plain text is mapped into another element.
o Transposition: Here the elements in the plain text are rearranged.
o Most product systems involve multiple stages of substitutions and transpositions.
◦ 2. The number of keys used: Here user may use symmetric or asymmetric keys.
o Symmetric (single key): Both sender and receiver use the same key. E.g. DES, AES
o Asymmetric (two-keys, or public-key encryption): Sender and receiver use a different key.
E.g. RSA(Rivest, Shamir, Adelson) and Diffie and Hellmann
◦ 3. The way in which plain text is processed: It can be in terms of block or stream.
o Block cipher: Encrypts/decrypts a block at a time.
o Stream cipher: Encrypts/decrypts one element a time or process the input elements
continuously.
PREPARED BY:ALEMWORK M. 11
Caesar Cipher
Caesar Cipher: The earliest known example of a substitution
cipher in which each character of a message is replaced by a
character three position down in the alphabet.
Plaintext: Computer
Ciphertext: Frpsxwhu
If we represent each letter of the alphabet by an integer that
corresponds to its position in the alphabet:

PREPARED BY:ALEMWORK M. 12
Caesar Cipher

The formula for encryption would be

c = Ek(p ) = (p + k) mod 26
The formula for decryption would be
 p = Dk(c ) = (c - k) mod 26

PREPARED BY:ALEMWORK M. 13
Conventional encryption
• Symmetric encryption :

 single secret key is used for encryption and decryption

 the only type of encryption used prior to the development of a public key
encryption.

 The most commonly used symmetric encryption algorithms are block ciphers.
 Block encryption algorithms like DES, triple DES and AES are examples for symmetric key
encryption algorithms.

 A block cipher process the plain text input in fixed-sized blocks and produces a block of cipher
text of equal size for each plaintext block.

PREPARED BY:ALEMWORK M. 14
 Symmetric encryption principles:
A symmetric key encryption scheme has five ingredients
Plaintext: This is the original message or data that is fed into the algorithm as
input.
Encryption algorithm: The encryption algorithm performs various substitutions
and transformations on the plain text.
Secret Key: The secret key is also input to the algorithm. The exact number of
substitutions and transformations performed by the algorithm depend on the key.
Cipher text: This is the scrambled message produced as output. It depends on the
plain text and secret key. For any given message two different keys will produce
two different cipher texts.

PREPARED BY:ALEMWORK M. 15
 Symmetric encryption principles:
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It
takes cipher text and secret key as input and produces original plain text.

Simplified model of symmetric encryption.

PREPARED BY:ALEMWORK M. 16
Continued…
There are two requirements for secure use of symmetric encryption:
1. The encryption algorithm must be strong enough.
2. Sender and receiver must have obtained copies of the secret key in secure
fashion and must keep the key secure.
Note: Security of symmetric encryption depends on the secrecy of the key, not the
secrecy of the algorithm.

PREPARED BY:ALEMWORK M. 17
 Cryptanalysis
o The process of attempting to discover the plain text or key is known as
cryptanalysis. The strategy used by the cryptanalyst depends on the
o Nature of the encryption scheme and

o The information available to the cryptanalyst.

PREPARED BY:ALEMWORK M. 18
 Types of cryptographic attacks
 We can classify them as follow.

Classification one : Approach of mounting attack it can be

 Brute force attack

 Cryptanalytic attacks again cryptanalytic attacks can be differential cryptanalytic attack or linear
cryptanalytic attack.

Classification two: Attacks that try to recover keys

 Cipher text only attack: Here the attacker has only the cipher text.

 Known plain text attack: The attacker has the cipher text of some known plain text.

PREPARED BY:ALEMWORK M. 19
 Continued..

 Chosen plain text attacks: The attacker has the cipher text of some chosen plain text

 Chosen cipher text attacks: Here the cipher text and corresponding plain text are
chosen.

Classification three: Attacks that focus upon discovering the difference between the
actual and expected cipher

 Distinguishing attacks: exploit imperfections of encryption functions.

PREPARED BY:ALEMWORK M. 20
 Cryptographic Systems
Fundamentally, there are two types of cryptosystems based on the manner in which
encryption-decryption is carried out in the system −

Symmetric Key cryptography

Asymmetric Key cryptography

PREPARED BY:ALEMWORK M. 21
Symmetric Key cryptography
The encryption process where same keys are used for encrypting and
decrypting the information is known as Symmetric Key Encryption.

The study of symmetric cryptosystems is referred to as symmetric

cryptography. Symmetric cryptosystems are also sometimes referred to
as secret key cryptosystems.
A few well-known examples of symmetric key encryption methods are −
DES
3DES
 AES

PREPARED BY:ALEMWORK M. 22
 Data Encryption Standard
To summarize,

DES is a Feistel cipher with 16 rounds;

DES has a 64‐bit block length;

DES uses 64‐bit key length out of which every eighth bit is taken out for parity checking.

Thus, actually, DES uses a 56‐bit key;

each round of DES uses a 48‐bit sub key and each sub key consists of a 48‐bit subset of
the 56‐bit key.

PREPARED BY:ALEMWORK M. 23
General structure of DES
Encrypts
blocks of
size 64 bits.

Uses 16 rounds
which all perform
the identical
operation

PREPARED BY:ALEMWORK M. 24
 Cont..

Encryption

PREPARED BY:ALEMWORK M. 25
Encryption

PREPARED BY:ALEMWORK M. 26
Encryption (IP, IP-1)

PREPARED BY:ALEMWORK M. 27
Encryption (Round)
(Key Generation)

PREPARED BY:ALEMWORK M. 28
Encryption (Round) (1)

PREPARED BY:ALEMWORK M. 29
 Encryption (Round) (2)

S-box

PREPARED BY:ALEMWORK M. 30
 Encryption (Round) (3)
Separate plaintext as L0R0
L0: left half 32 bits of plaintext

R0: right half 32 bits of plaintext

F
Expansion/permutation: E( )

Substitution/choice: S-box( )

Permutation: P( )
Ri  Li 1 ~ P ( S _ box ( E ( Ri 1 ) ~ Key i ))

Li  Ri 1

PREPARED BY:ALEMWORK M. 31
Encryption (Round) (4)

PREPARED BY:ALEMWORK M. 32
 Encryption (Round) (5)
S-box

PREPARED BY:ALEMWORK M. 33
 Key Generation
(Encryption)

PREPARED BY:ALEMWORK M. 34
Key Generation (1)

PREPARED BY:ALEMWORK M. 35
Key Generation (2)
Original Key: Key0

Permuted Choice One: PC_1( )

Permuted Choice Two: PC_2( )

Schedule of Left Shift: SLS( )

(C0 , D0 )  PC _ 1( Key 0 )
(Ci , Di )  SLS (Ci 1 , Di 1 )

Keyi  PC _ 2( SLS ( Ci 1 , Di 1 ))

PREPARED BY:ALEMWORK M. 36
 Decryption of DES
The same algorithm as encryption.

Reversed the order of key (Key16,

Key15, … Key1).

For example:
IP undoes IP-1 step of encryption.

1st round with SK 16 undoes 16th

encrypt round.

PREPARED BY:ALEMWORK M. 37
Example of Des Encryption and Decryption
Given:
Plaintext: 0123456789ABCDEF

Key: 133457799BBCDFF1

S_Box :s1,s2,…s8 (Refer from textbook/ Cryptography and Network Security,

William Stallings, 5th Ed.)

What is the Cipher text?

PREPARED BY:ALEMWORK M. 38
 Home work
Given plaintext message
"8787878787878787“ and
encrypt it with the DES key "0E329232EA6D0D73“

PREPARED BY:ALEMWORK M. 39
AES(Advanced Encryption system)
Its origin
AES is a block cipher intended to replace DES for commercial applications.

Can use Triple-DES – but slow, has small blocks

US NIST issued call for ciphers in 1997

15 candidates accepted in Jun 98

5 were shortlisted in Aug-99

Rijndael was selected as the AES in Oct-2000

PREPARED BY:ALEMWORK M. 40
 AES
Designed by Rijmen-Daemen in Belgium

Has 128/192/256 bit keys, 128 bit data

An iterative rather than Feistel cipher

 Processes data as block of 4 columns of 4 bytes

AES does not use a Feistel structure. Instead, each full round consists of four separate functions:

 Byte substitution, Permutation, Arithmetic operations over a finite field, and XOR with a key that operates on entire data block in every
round

Designed to have:

 Resistance against known attacks

 Speed and code compactness on many CPUs

 Design simplicity

PREPARED BY:ALEMWORK M. 41
 AES

AES Encryption Process

PREPARED BY:ALEMWORK M. 42
 CIPHER BLOCK MODES OF OPERATION
block cipher process one block of data at a time.

In case the message longer than the block size (128 bits in the above example) can still
be encrypted with a block cipher by breaking the message into blocks and encrypting
each block individually.

However, in this method all blocks are encrypted with the same key, which degrades
security (because each repetition in the plaintext becomes a repetition in the ciphertext).

To overcome this issue, modes of operation are used to make encryption probabilistic.

PREPARED BY:ALEMWORK M. 43
Electronic codebook (ECB)
o The simplest of the encryption modes is the electronic codebook (ECB) mode.

o The message is divided into blocks and each block is encrypted separately. The term code book is
used because, for a given key there is a unique cipher text for every 64-bit block of plain text.

PREPARED BY:ALEMWORK M. 44
 Cipher-block chaining (CBC)
o In the cipher-block chaining (CBC) mode, each block of plaintext is XORed with the
previous cipher text block before being encrypted.
o This way, each cipher text block is dependent on all plaintext blocks processed up to that
point.
o Also, to make each message unique, an initialization vector must be used in the first block.

PREPARED BY:ALEMWORK M. 45
 Block vs. Stream Ciphers
Block ciphers process messages in blocks, each of which is then encrypted/decrypted

Like a substitution on very big characters

64-bits or more

Stream ciphers process messages a bit or byte at a time when encrypted/decrypting

Many current ciphers are block ciphers

broader range of applications

PREPARED BY:ALEMWORK M. 46
 Public key cryptography
Probably most significant advance in the 3000 year history of cryptography

Uses two keys – a public key and a private key

Asymmetric since parties are not equal

A public-key, which may be known by anybody, and can be used to encrypt messages,
and verify signatures

A private-key, known only to the recipient, used to decrypt messages, and sign (create)
signatures

Those who encrypt messages or verify signatures cannot decrypt messages or create
signatures

PREPARED BY:ALEMWORK M. 47
Public Key Encryption - Encryption

PREPARED BY:ALEMWORK M. 48
Public Key Encryption – Authentication

PREPARED BY:ALEMWORK M. 49
Public Key Encryption - Operation
One key made public
Used for encryption
Other kept private
Used for decryption
Infeasible to determine decryption key given encryption key and algorithm
Either key can be used for encryption, the other for decryption
Steps
User generates pair of keys
User places one key in public domain
To send a message to user, encrypt using public key
User decrypts using private key

PREPARED BY:ALEMWORK M. 50
Why Public-Key Cryptography
developed to address two key issues:
key distribution – how to have secure communications in general without
having to trust insecure systems

digital signatures – how to verify a message comes intact from the claimed
sender
Public-Key Applications
can classify uses into 3 categories:
encryption/decryption (provide secrecy)
digital signatures (provide authentication)
key exchange

PREPARED BY:ALEMWORK M. 51
RSA
 Stands for rivest, shamir & adleman .

Proposed around 1977

Best known & widely used public-key scheme

Based on exponentiation in a finite field over integers modulo a prime

Uses large integers (eg. 1024 bits)

Security due to cost of factoring large numbers

PREPARED BY:ALEMWORK M. 52
 RSA Key Setup
Each user generates a public/private key pair by:
Selecting two large primes at random :- p, q
Computing their system modulus n=p.Q
Note ø(n)=(p-1)(q-1)
Selecting at random the encryption key e
Where 1<e<ø(n), gcd(e,ø(n))=1
Solve following equation to find decryption key d
E.D=1 mod ø(n) and 0≤d≤n
Equivalent to e.d mod ø(n)=1

Publish their public encryption key: {e,n}

Keep secret private decryption key: {d,n}

PREPARED BY:ALEMWORK M. 53
Encryption using RSA
To encrypt a message M the sender:
Obtains public key of recipient {e,n}
Computes: c=me mod n, where 0≤m<n
To decrypt the ciphertext C the owner:
 Uses their private key {d,n}
Computes: m=cd mod n
Note that the message M must be smaller than the modulus n (block if needed)

PREPARED BY:ALEMWORK M. 54
 RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161=
160+1
6. Publish public key {7,187}
7. Keep secret private key {23,187}

PREPARED BY:ALEMWORK M. 55
RSA Example cont
sample RSA encryption/decryption is:
given message M = 88 (NB. 88<187)
encryption:
C = 887 mod 187 = 11
decryption:
M = 1123 mod 187 = 88

PREPARED BY:ALEMWORK M. 56
RSA signature generation and verification

RSA may be used directly as a digital signature scheme

Choose large primes p and q
Choose e such that gcd(e, (p-1)(q-1))=1, 1<e<p-1)(q-1)
Choose d such that ed=1 mod(p-1)(q-1), 1<d<p-1)(q-1)
Then RSA scheme with public key (n, e), (d,p,q)}
to sign a message M, compute: S = Md(mod pq)
to verify a signature, compute: M = Se(mod pq) = Me.d(mod pq) = M(modpq)

PREPARED BY:ALEMWORK M. 57
RSA signature generation and verification

RSA can be used both for encryption and digital signatures, simply by reversing
the order in which the exponents are used: the secret exponent (d) to create the
signature, the public exponent (e) for anyone to verify the signature. Everything
else is identical.

PREPARED BY:ALEMWORK M. 58
RSA signature generation and verification

Example: Try to communicate with your friend by exchanging with your

signature.

Use primes p and q with p=5, q=7, n = 35 to send the message "the first letter of
your name” over the alphabet Z26.

PREPARED BY:ALEMWORK M. 59
 RSA signature generation and verification
RSA may be used directly as a digital signature scheme
Choose large primes p and q
Choose e such that gcd(e, (p-1)(q-1))=1, 1<e<p-1)(q-1)
Choose d such that ed=1 mod(p-1)(q-1), 1<d<p-1)(q-1)
Then RSA scheme with public key (n, e), (d,p,q)}
to sign a message M, compute: S = Md(mod pq)
to verify a signature, compute: M = Se(mod pq) = Me.d(mod pq) = M(modpq)

60
RSA signature generation and verification
RSA can be used both for encryption and digital signatures, simply by reversing
the order in which the exponents are used: the secret exponent (d) to create the
signature, the public exponent (e) for anyone to verify the signature. Everything
else is identical.

61
 RSA signature generation and verification
Example: Try to communicate with your friend by exchanging with your
signature.

Use primes p and q with p=5, q=7, n = 35 to send the message "the first letter of
your name” over the alphabet Z26.

62
 RSA signature generation and verification
Example: let e = 5; d = 5. Public key: (35,5) Private key: d=5

Now my name starts at M, which is 12 in Z26.

Thus signature s=12d=125 mod 35=17

Your friend has to verify the signature as follows

message m = s5 mod 35 = 175mod 35= 12 [A, Z].

63
ElGamal Algorithm

Published in 1985 by ElGamal.

Its security is based on the intractability of the DL problem.
Discrete Logarithm Problem - even harder than FACTORIZE.
Message expansion: the ciphertext is twice as big as the original message.
Uses randomization, each message has p-1 possible different encryptions.

64
 ElGamal Algorithm
Definition:

An element g of is said to be primitive if and only if 1, a, a2, . . . , ap−2 are all

distinct.

Note: Primitive elements always exist in any finite field.

65
Elgamal Key Generation
Generate a large random prime p such that DLP(Data Loss Prevention) is
infeasible in Zp and a generator g of the multiplicative group Zp of the integers
modulo p
Select a random integer x, 1 < x < p-1, and compute gx mod p
Public key is (p, g , y)
Private key is x.

66
 Encryption and Decryption
If B wants to send secret message m to A then
B obtains A’s public key (p , g , y)
B generates random integer k.
B sends a=gk (mod p) and b = myk (mod p) to A.
Ciphertext C = (a, b).
Decryption:
To decrypt, compute a-x as (a)p-1-x = a-x mod p
M= a-xb mod p

67
Why Elgamal is Correct
The correctness of the deciphering is verified as follows:
a-xb = ((gk)-x)M(gx)k=M mod p
Note: Even if Eve intercepts the ciphertext (a, b), she cannot perform the
calculation above because she doesn’t know x.
y=gxmod p and so x = logg y.

68
Elgamal Example:

Alice choses her public key (17, 6, 7):

Prime p = 17 , Generator g = 6, Private key part x = 5, Public key part gx mod
p = 65 mod 17
= 64+1 mod 17
= 64 (6) mod 17
=4(6) mod 17
=7
Bob encrypts his message m = 13:

69
Elgamal Example:

He chooses a random k = 10
He calculates a= gk mod p = 610 mod 17 = 68+2
=(62)4 62 mod 17=24 2 mod 17= 15
He encrypts b= Myk mod p = (13 ( 710) mod 17
= 13 (72)472 =13 (154) 15=13(16)15 mod 17
=9

70
Elgamal Example:

Bob sends a= 15 and b = 9 to Alice.

Alice receives a = 15 and b = 9 from Bob.
Her public key is (p; g; gx) = (17; 6; 7)
Her private key is x = 5
Alice now decrypts the message using her private key:

71
Elgamal Example:

Bob sends a= 15 and b = 9 to Alice.

Alice receives a = 15 and b = 9 from Bob.
Her public key is (p; g; gx) = (17; 6; 7)
Her private key is x = 5
Alice now decrypts the message using her private key:

72
Elgamal Example:

Decryption factor
(a-x) mod p = 15-5 mod 17 = 1511 mod 17 = 9
= 1511 mod 17 =158+2+1mod 17 =(152)4 152 15 mod 17
=44 4(15) mod 17 = 1(4)(15)mod 17 =9
Decryption: b( 9) mod p = (9 * 9) mod 17 = 13
Alice has now decrypted the message and received: 13

73
El Gamal Signature Algorithm

Parameters for the key:

Choose p - large prime number
Choose g primitive root of p
Choose x - randomly chosen in the range {2, . . . , p - 2}
Compute  = gx( mod p)
Declare: (p, g,  ) is your public
x is kept secret key.

74
Signature algorithm

We want to sign message m.

1. Select random k such that gcd(k, p ) = 1.
2. Compute r = gk (mod p).
3. Compute s = (m - xr)( mod (p)).
4. The signature is the pair (r, s) and the signed message is (m, (r, s)).

75
Verification algorithm

The user who makes the verification knows

(p, g,  ) - the public key and (m; (r; s)) - the signed message

The verification is done by computing

v1 = r rs( mod p) and v2 = gm ( mod p).

If v1 = v2, then the signature is valid, otherwise it is not.

76
Why Elgamal signature is valid?
Theorem: The above signature is valid.
Proof:
s = k-1 (m - xr)( mod (p )).
sk=m-xr(mod (p))
m=sk+xr (mod(p))

Hence the above signature algorithm is valid.

77
 Example: of ElGamal Signature Scheme
given p=11, g=2

choose private key x=8

compute:  = gx mod p = 28 mod 11 = 3

public key is: (p, g,  )=(11, 2, 3)

78
 Example: of ElGamal Signature Scheme

to sign a message M=5

choose random k=9
confirm gcd(10,9)=1
compute: r = gk mod p = 29 mod 11 = 6
solve: m=sk+xr (mod(p-1)), that is, 5 = 8*6+9*S mod 10; but 9-1 = 9 mod 10; hence S = (5-8*6)*9-1 = 3 mod 10
signature pair is (r=6, S=3)= (6,3)
The signed message is (5,(6,3))

79
 to verify the signature, confirm:

public key: (p, g, )=(11, 2, 3)

Signed message is (5,(6,3))
v1 = r rs ( mod p) = 36*63 =3*7 = 10 mod 11
v2 = gm ( mod p) = 25 mod 11 =10 mod 11
Hence the signature is valid.

80
The Diffie-Hellman Algorithm
“It is insufficient to protect ourselves with laws; we need to protect
ourselves with mathematics.”
-Bruce Schneier

Discovered by Whitfield Diffie and Martin Hellman

Diffie-Hellman key agreement protocol
Allows two users to exchange a secret key
Requires no prior secrets
Applicable over an un trusted network

81
 The Diffie-Hellman Algorithm
Security of transmission is critical for many network and Internet applications
Requires users to share information in a way that others can’t decipher the flow of
information

82
The Diffie-Hellman Algorithm
Based on the difficulty of computing discrete logarithms of large numbers.
No known successful attack strategies*

Requires two large numbers, one prime (P), and g, a primitive root of P

83
 Diffie Helman Algorithm
P and g are both publicly available numbers
P is at least 512 bits
Users pick private values a and b
Compute public values
x = ga mod p
y = gb mod p
Public values x and y are exchanged

84
 Diffie Helman Algorithm
Compute shared, private key
ka = ya mod p
kb = xb mod p

Algebraically it can be shown that ka = kb

Users now have a symmetric secret key to encrypt

85
Diffie Example
Alice and Bob get public numbers
P = 23, G = 9
Alice and Bob compute public values
X = 94 mod 23 = 6561 mod 23 = 6
Y = 93 mod 23 = 729 mod 23 = 16
Alice and Bob exchange public numbers

86
Diffie Example
Alice and Bob compute symmetric keys
ka = ya mod p = 164 mod 23 = 9
kb = xb mod p = 63 mod 23 = 9
Alice and Bob now can talk securely!

87
Cont..

88
Applications

Diffie-Hellman is currently used in many protocols, namely:

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

Secure Shell (SSH)

Internet Protocol Security (IPSec)

Public Key Infrastructure (PKI)

89
Conclusion
Authenticated Diffie-Hellman Key Agreement (1992)
Defeats middle person attack
Diffie-Hellman POP Algorithm
Enhances IPSec layer
Diffie-Hellman continues to play large role in secure protocol creation

90
Digital Signature
Digital signatures are created by encrypting a hash of the data with my private
key
The resulting encrypted data is the signature
This hash can then only be decrypted by my public key
Why Digital Signatures?
To provide Authenticity, Integrity and Non repudiation to electronic
documents

To use the Internet as the safe and secure medium for any data exchange
between two users

PREPARED BY:ALEMWORK M. 91
Digital Signatures Using Public Key
Example of digital signatures are like

RSA and

ElGamal Public key cryptographic algorithm that used for digital signature as we
have seen in the previous session .

PREPARED BY:ALEMWORK M. 92
Digital Signature Using Message Digest
More commonly use a hash function to create a separate Message Digest (MD)
which is then signed.

 MD4family

SHA family

RIPEMD

PREPARED BY:ALEMWORK M. 93
 Hashing Functions
used to condense an arbitrary length message to a fixed size
usually for subsequent signature by a digital signature algorithm
length should be large enough to resist birthday attacks
64-bits is now regarded as too small
using 128-512 is regarded as suitable
Hash functions are used to "digest" or "condense" a message down to a fixed
size

PREPARED BY:ALEMWORK M. 94
MD2
original member of a family of hash functions
all designed by Ronald Rivest (R in RSA)
MD2 is the oldest
produces a 128-bit hash value
is regarded as slower and less efficient than MD4 and MD5
specified as an Internet standard (RFC1320)
This is the first generally used hash function designed by Ronald Rivest. Whilst
not broken, it is no longer favored for use due to its greater complexity and
slower speed.

PREPARED BY:ALEMWORK M. 95
MD4
MD4 produces a 128-bit hash of the message

uses bit operations on 32-bit operands for fast implementation

specified as an Internet standard (RFC1186)

design goals:

collision resistant (hard to find collisions)

direct security (no dependence on "hard" problems)

fast, simple, compact

One of the widely used hash functions - has appeared in a number of security
uses, eg secure email ,passwords etc

PREPARED BY:ALEMWORK M. 96
MD5
MD5 was designed as a strengthened version of MD4

uses four, more complex, rounds compared to MD4

a small number of collisions have been found

MD5 is in use and is considered reasonably secure in most practical

applications

specified as an Internet standard (RFC1321)

PREPARED BY:ALEMWORK M. 97
SHA (Secure Hash Algorithm)
SHA was designed by NIST & NSA in 1993, revised 1995
produces 160-bit hash values
now the generally preferred hash algorithm
based on design of MD4/5 with some key differences
SHA is one of the newer generation of hash functions, more resistant to
cryptanalysis, and now probably preferred for new applications.

PREPARED BY:ALEMWORK M. 98
RIPEMD
RIPEMD was developed in Europe
by researches involved in attacks on MD4/5
somewhat similar to MD5/SHA
uses 2 parallel lines of 5 rounds of 16 steps
creates a 160-bit hash value
slower, but probably more secure, than SHA
if security a concern, then suggested for use
RIPEMD was developed in Europe as a result of an EC call for new
authentication algorithms in the early-90's. The original version evolved into
this, which was finally accepted. It is similar to SHA/MD5 - slower, but likely
more secure.

PREPARED BY:ALEMWORK M. 99
Public key Infrastructure (PKI)
The set of standards related to the creation, distribution, use, and revocation of
digital certificates is referred to as the Public Key Infrastructure (PKI).

Trusted Third Party

Guarantee for the correct identity is provided by a third party that assures to each of
the communication partners that the other partner is authentic.

PREPARED BY:ALEMWORK M. 100

Role of a PKI
Create

Manage

Store

Distribute and revoke certificates !

For: – Authentication, Integrity, Confidentiality, Nonrepudiation, (access

control)

PREPARED BY:ALEMWORK M. 101

KEY DISRTIBUTION
Distribution of secret keys can be achieved in a number of ways for two parties A and B.

A. Key could be selected by A and physically delivered to B

B. A third party could select the key and physically deliver it to A and B.

C. If A and B have previously and recently used a key, one party could transmit
the new key to the other, encrypted using the old key.

D. If A and B each have an encrypted connection to a third party C, and C could

deliver a key on the encrypted links to A and B.

PREPARED BY:ALEMWORK M. 102

End of the Chapter!!!