Principles of Information Security

MIS 1201
(Introduction to Cryptography)

Kasun De Zoysa

Department of Communication and Media Technologies

University of Colombo School of Computing
University of Colombo
Sri Lanka

1
Objectives - Cryptography

The Cryptography domain addresses

the principles, means, and methods of
disguising information to ensure its
integrity, confidentiality, authenticity and
non-repudiation(?).

2
 What You Should Know
• Basic concepts and terms within
cryptography
– Public and private key algorithms in terms of
their applications and uses
– Cryptography algorithm construction, key
distribution, key management, and methods of
attack
– Applications, construction, and use of digital
signatures
– Principles of authenticity of electronic
transactions and non-repudiation

3
 Basic Concept

Cipher Algorithm

Cipher Algorithm

Encrypted Data

4
Definitions

• Cryptography
– Art or science of secret writing
– Protects sensitive information from disclosure
– Storing and transmitting information in a form that allows it to be revealed
only to those intended
– Cryptosystem accomplishes this
– Identifies the corruption or unauthorized change of information
– Designed to make compromise too expensive or too time-consuming

• Cryptanalysis
– art/science relating to converting ciphertext to plaintext without the
(secret) key

– descrambling without secret key ; art of breaking ciphers

– Practice of defeating such attempts to hide info

• Cryptology
– Includes both cryptography and cryptanalysis

5
Definitions , continued

• Encipher
– act of scrambling

• Decipher
– descrambling with secret key
• Key
– secret sequence governing en/deciphering

6
 Cryptography Basic
• Why Encrypt?
– Protect stored information
– Protect information in transmission
• Cryptography originally used for secrecy
• Encryption - process by which plaintext
is converted to ciphertext using a key
• Decryption - process by which ciphertext
is converted to plaintext (with the
appropriate key)
• plaintext (cleartext)- intelligible data

7
 Cryptography Basics
• Kerckhoffs' principle (19th century) a cryptosystem should be
secure even if everything about the system, except the key,
is public knowledge.
(Opposite of “security through obscurity”)
• Symmetric Key Encryption Scheme
– Each of the parties involved has to know the secret key

• Public Key Cryptography (Asymmetric)

– Each of the parties own two keys, a private key and a
public key
– The private key must be kept secret
– The public key can be freely distributed
8
 Cryptography Business Use
:
• Prevent unauthorized disclosure of information
• Prevent unauthorized access to information,
computers, web sites, applications,etc.
• Detect tampering
• Detect injection of false data
• Detect deletion of data
• Prevent repudiation

9
 The goal of a cryptosystem
• The goal of a cryptosystem is to provide

• Confidentiality To ensure that unauthorized parties

cannot access the data, message or
information

• AuthenticityTo ensure that the source / sender of the data,

message or information is identifiable

• Integrity To ensure that the data. Message or Information

was not modified during transmission

• Nonrepudiation To ensure that either party cannot

deny sending or receiving the
data, message or information

10
 Cryptography History
 Historic examples...


Earliest cryptography: an Egyptian scribe
using non-standard hieroglyphics

Julius Caesar (“Caesar Cipher”)
Each plaintext letter is replaced by a letter
some fixed number of positions further
down the alphabet (e.g. Belgica (3
positions)  ehojlfd)

The Kama Sutra recommends cryptography
as 44th and 45th art
(of 64) men and women should know
11
 Cryptography History
– ENIGMA Used by the Germans in WW2 –
and the subsequent
code-breaking activities at Bletchley park
(still a popular subject of books and movies)
– 1976: Public Key Cryptography concept
(Whitfield Diffie & Martin Hellman)
– 1977: first (published) practical PKC
cryptosystem invented
(RSA - Rivest, Shamir, Adleman)
– October 2000 Rijndael is chosen as AES
(Advanced Encryption Standard)

12
The Caesar Cipher

Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher Text : D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Ci = E(Pi)= Pi+3

13
 Kamasutra
One of the earliest descriptions of encryption by
substitution appears in the Kama-sutra, a text written in
the 4th century AD by the Brahmin scholar Vatsyayana,
but based on manuscripts dating back to the 4th
century BC.

How it work
The kamasutra generate list of 26 alphabet with no
duplicate. Then divide by 2 row. Find for each letter of
message text in table and choose the opposite of the
letter

14
 kamasutra
for example:
Key = G H A J R I O B E S Q C L F V Z T Y K M X W N U D P

divide by 2 rows
G H A J R I OB E S Q C L
F V Z TY KMX WN U D P

Given String = KAMASUTRA

K is at 2nd row and 5th column. Get the opposite of K that
is I. Do each letter until the end

Cipher : IZOZNQJYZ

15
Monoalphabetic Substitutions

Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher Text : K E Y G H I J K L M N O P Q R S T U V W X Y Z A B C

Letter Frequency

ABCDEFGHIJKLMNOPQRSTUVWXYZ

16
Polyalalphabetic Substitutions

Table for Odd Positions

Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text : A D G J N O S V Y B E H K N Q T W Z C F I L O R U X

Table for Even Positions

Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher Text : N S X C H M R W B G I Q V A F K P U Z E J O T Y D I

Plain Text : SSIBL

Cipher Text : czysh

17
 Transposition / Permutation

Columnar Transposition

c1 c2 c3 c4 c5
c6 c7 c8 c9 c10
c11 c12 etc.

Cipher text formed by c1 c6 c11 c2 c7 c12 c3 c8 ...

c1 c2 c3 c4 c5
c6 c7 c8 c9 c10
c11 c12 etc.

18
 One Time Pad / Vernam Cipher
• Invented in 1917 by Gilbert Vernam and Joseph Mauborgne.
Usually implemented as a stream cipher using the XOR
function.
• Key is used once and discarded by both sender and receiver.
Length of the Key character stream is equal to the message
length.
• Not practical for large amounts of data (MB / GB).
• Pad is theoretically unbreakable by exhaustive brute force.
• Implementation uses a Key that consists of a set of random
• non-repeating characters.
• Each Key letter and Plaintext are added modulo 26 to each
other and then converted back into a letter.
19
 One - Time Pad

Two identical pads (keys), one with sender, one

with recipient
The random pads (keys) are the same length as
the message
Unbreakable by exhaustive search
Relies on physical security of the pads
Pads can only be used once

•Recipient need identical pad

•Pad position should be synchronized
•Plain text length = Key length

20
 One Time Pad / Vernam Cipher

Plain Text :V E R NA M C I P H E R
Numeric Equivalent : 21 4 17 13 0 12 2 8 15 7 4 17
+Random Number : 76 48 16 82 44 3 58 11 60 5 48 88

= Sum : 97 52 33 95 44 15 60 19 75 12 52 105
=Mod 26 : 19 0 7 17 18 15 8 19 23 12 0 1

Cipher text : t a h r s p I t x m a b

Binary Vernam Cipher

Plain Text :101000111001101

+ Random Stream : 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1
Cipher text :111110010111000
21
 Random Numbers

1. Truly Random numbers

•Books
•CD

2. Pseudo Random numbers

•Linear congruential random number generation

Ri+1 = (a * Ri+b) mod n

22
 Encipherment Modes
• Stream Ciphers - Message broken into
characters or bits and enciphered with a
“key stream”
key stream - should be random and
generated independently of the message
stream

• Block ciphers process messages in blocks,

each of which is then en/decrypted

23
Stream Cipher
Key (Optional)

ISSOPMI WEHTUA..
Y
Plain text Cipher text

Cipher
Advantage

•Speed of transformation
Cipher text(F)
•Low error propagation Plain text (A)

Disadvantage

•Low diffusion
•Susceptibility to malicious insertion and modifications

24
 Block Cipher
XN
OI BA
TP QC
YR Key (Optional) KD
CN EM
ES MC

Y
Disadvantage Plain text Cipher text
Cipher
•Slowness of encryption
•Error propagation
Cipher text(FRWSU)
Advantage
Plain text
•Diffusion (AKEDF)
•Immunity to insertion

25
 Block vs Stream Ciphers
•Block ciphers process messages in blocks, each of which
is then en/decrypted
•Like a substitution on blocks of characters
•64-bits or more

•Stream ciphers process messages a bit or byte at a time

when en/decrypting
•E.g. Vernam cipher, one time pad

•Many current ciphers are block ciphers

26
 Secrecy Requirements
• If ciphertext and plaintext are known, it should
be computationally infeasible to determine the
deciphering algorithm
• It should be computationally infeasible to
systematically determine plaintext from
intercepted ciphertext (Even if you decrypt
ciphertext once, it should require the same
amount of work to do it again.)
• Note: “systematically” allows for a lucky
guess
• Note: “Computationally infeasible” means
great effort, doesn’t account for advances in
computing, mathematics
27
Characteristic
Characteristic of
of “Good”
“Good” Cipher
Cipher
Shannon Characteristics - 1949

•The amount of secrecy needed should determine

the amount of labor appropriate for encryption and decryption

•The set of keys and the encryption algorithm should be free from comp

•The implementation of the process should be as simple as possible

•Errors in the ciphering should not propagate and cause corruption of

further information in the message

•The size of enciphered text should be no larger than the

text of the original message

28
Kerckhoff’s
Kerckhoff’s Principle
Principle

The security of the encryption scheme must depend

only on the secrecy of the key and not on the
secrecy of the algorithms.

Reasons:
•Algorithms are difficult to change
•Cannot design an algorithm for every pair of users
•Expert review
•No security through obscurity!

29
Confusion
Confusion and
and Diffusion
Diffusion

Goal: cipher needs to completely obscure statistical

properties of original plaintext (like a one time pad)

30
Confusion
Confusion

Confusion
The interceptor should not be able to
predict what changing one character in
the plaintext will do to the ciphertext

Plaintext

Ciphertext
31
Diffusion
Diffusion

Diffusion
The characteristics of distributing the
information from single plaintext letter
over the entire ciphertext
Plaintext
KASUN

ANHYJ
Ciphertext
32
Brute
Brute Force
Force Search
Search
•Always possible to simply try every key
•Most basic attack, proportional to key size
•Assume either know/recognize plaintext

Key Size Number of Time required at 106

(bits) Alternative Keys Decryption/µs

32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years

33
Unconditional/Computational
Unconditional/Computational Security
Security

Unconditional security
no matter how much computer power is
available, the cipher cannot be broken since the
ciphertext provides insufficient information to
uniquely determine the corresponding plaintext

Computational security
given limited computing resources (e.g. time
needed for calculations is greater than age of
universe), the cipher cannot be broken

34
e-mail: kasun@ucsc.lk

35