Introduction to

Cryptography
Lecture 6
Osamah Ahmad
osamah.ahmed@riphah.edu.pk

1
 1) Security and Risk Management
Domain 3: 2) Asset Security
3) Security Engineering
Security 4) Communication and Network
Engineering Security
5) Identity and Access
Security Architecture Management
Cryptography
Physical Security 6) Security Assessment and Testing
7) Security Operations
8) Software Development Security

2
 Lecture 06
• Introduction to Cryptography
• Types of Cryptography
• Symmetric key cryptograpy
• Asymmetric key
crypotgraphy
• Classic Techniques
• History of cryptotgraphy
• Modern Techniques
• Asymmetric key cryptography
• PKI Infrastructure
• Hashing
• Steganography
3
Cryptography
• Cryptography is a mathematical technique for
secure communication in the presence of third
parties called adversaries/attackers.
• It is Greek word, Crypto means “hidden or secret”
and graphein, “to write”.

• We will cover:
• Encryption and decryption (encoding and
decoding of messages)
• Hashing (turning data into digests)
• Digital signatures (proofs that you have created
or approving a message)
Cryptography – Terminologies

• Encryption: is a process of scrambling a message or data

using cryptographic algorithm and secret key.
• Plaintext: the message or data before it gets encrypted.
• Ciphertext: the encrypted (scrambled) version of the
message.
• Cipher: the algorithm that does the encryption.
• Decryption: the process of converting
ciphertext back to the original plaintext.
 Cryptanalysis and Cryptology
• Cryptanalysis
• The study of methods for obtaining the meaning of
encrypted information without accessing the secret
information

• Cryptology
• Cryptography + Cryptanalysis

6
Cryptography Types
 Symmetric Cryptography
• In symmetric-key cryptography, the same key is
used by the sender (for encryption) and the
receiver (for decryption).
• Secret key is shared between sender and receiver.

8
Symmetric Cryptography

9
Model of Symmetric Crypto System

04/11/2021 Hasnat Ali (hasnat.ali@riphah.edu.pk) 11

 Requirements
• Two requirements for secure use of symmetric
encryption:
• a strong encryption algorithm
• a secret key known only to sender / receiver
• mathematically have:
Y = EK(X)
X = DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key

12
 Asymmetric Cryptography
• In Asymmetric-key cryptography, two keys are used
by each user for communication.

• Public key is shared and private key is always kept

hidden
• Message encrypted with public key cannot be
decrypted with same public key.

13
Asymmetric Cryptography

14
Asymmetric Cryptography

15
Asymmetric vs Symmetric cryptography
Cryptography History
• Ancient Egypt
• Nearly 4,000 years ago
• Used a number of unusual symbols to obscure
the meaning of the inscriptions
• This method of encryption is an example of a
substitution cipher
.

.
Cryptography History cont…
• Greece
• In about 500 B.C. the Spartans developed a device called
Scytale
• The device was a cylinder in which a narrow strip
of parchment was wound.
• The message was written length-wise on the
.
parchment.
Cryptography History cont…
• Jefferson Wheel Cipher

• Enigma Encryption Machine

.

.
 Goals of Cryptography

• Cryptography can provides following security Services

• Confidentiality
• Integrity
• Authentication
• Non-Repudiation
Goals of Cryptography

• Confidentiality: assuring that only

authorized parties are able to understand
the data (authorized from the perspective
of the party that encrypted the data)..
• It is okay if unauthorized parties know that
there is data. It is even okay if they copy the
data, so long as they cannot understand it.
Goals of Cryptography

• Integrity: ensuring that when a message (or

any kind of data, including documents and
programs) is sent over a network, the
message that arrives is the same as the
message that was originally sent.
– It is important that the data has not been
tampered with.
• Technical solutions include:
– Encryption
– Hashing algorithms
Goals of Cryptography

• Authentication: ensuring that whoever

supplies or accesses sensitive data is an
authorized party.
– How can we know that a party that provides us
with sensitive data is an authorized party?
– How can we know that the party that is accessing
sensitive data is an authorized party?
• This is a difficult problem on the Internet.
• Can be achieved through “digital signatures”.
Goals of Cryptography

• Non-repudiation: Non-repudiation is the assurance that

someone cannot deny something.
– Ensuring that the alleged sender actually sent the
message.
An entity is prevented from denying its previous commitments or actions
Classical Techniques
 Classical Substitution Ciphers
• Where letters of plaintext are replaced by other
letters or by numbers or symbols
• or if plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns
with ciphertext bit patterns

26
Caesar Cipher

• Earliest known substitution cipher

• By Julius Caesar (100BC-44BC, Roman Emperor)
• First attested use in military affairs
• Replaces each letter by 3rd letter of alphabets
• Example:
.
Caesar Cipher: Cont…

.
Caesar Cipher: Cont…

.
 Generalized Caesar Cipher

• Where:
E : Encryption
D : Decryption
p : Plaintext letter to be replaced into ciphertext
k : offset e.g., 3 as in our example
C : ciphertext
.
 Monoalphabetic Cipher

• Rather than just shifting the alphabet

• Could shuffle (jumble) the letters arbitrarily
• Each plaintext letter maps to a different
random ciphertext letter
• Hence key is 26 letters long

.
Transposition Cipher

• Second basic building block of ciphers

• To rearrange the order of basic units
(letters/bytes/bits) without altering their actual values

.
Transposition Cipher

• Example 2
.
Transposition Cipher

• Example
• A more complex scheme

• Then reorder the columns according to some key before

reading off the rows

.
Product Cipher

• Ciphers using substitutions or transpositions are

not secure because of language characteristics
• Hence consider using several ciphers in succession to make
harder:
• Two substitutions make a more complex substitution
• Two transpositions make more complex transposition
• substitution followed by a transposition provides much harder cipher

• Bridging between classical and modern ciphers

.
Simple Encryption Techniques - Summery

• Four type of encryption operations are used for transforming

plaintext to ciphertext.

• Substitution: A substitution cipher replaces one symbol with

another.
• Transposition: A transposition cipher reorders symbols in a block
of symbols
• Shift: Shift characters from it’s original position.
• Product: Combination of substitution and Transposition
• These techniques are also called Classical Encryption Techniques.
Modern Techniques
Classic vs Modern
• Classic Techniques
 Operates on letters, numbers like simple substitution, transposition, shift
 It is based on hiding encryption procedure (algorithm). Security depends on
the hidden algorithm.
• Modern Techniques
 It operates on binary sequence
.  Stream Cipher, Block Cipher
 It relies on publically known algorithms and security depends upon key instead of
algorithm.

.
Shared Key (Symmetric) Algorithms
• DES (Data Encryption Standard)

• 3DES (Triple DES)

• . IDEA (International Data Encryption Algorithm)

• AES (Advanced Encryption Standard)

.
DES (Data Encryption Standard)
• Authors: NSA & IBM, 1977

• Data block size: 64-bit (64-bit input, 64-bit output)

• Key size: 56-bit key

• Encryption is fast
• DES chips
• DES software: a 500-MIP CPU can encrypt at about 30K octets
per second

• Security
• No longer considered secure: 56 bit keys are vulnerable to
exhaustive search
3DES (Triple DES)

• Data block size: 64-bit

• Key size: 168-bit key; effective key size: 112

• Encryption is slower than DES

• Securer than DES

 IDEA (International Data Encryption Algorithm)

• Authors: Lai & Massey, 1991

• Data block size: 64-bit

• Key size: 128-bit

• Encryption is slower than DES

• Security
• Nobody has yet published results on how to break it

• Having patent protection

AES (Advanced Encryption Standard)

• Authors: Daemen & Rijmen

• Block size:128-bit
• Key size: 128-bit, 192-bit, 256-bit

• Encryption is fast

• Security
• NSA stated it secure enough for non-classified data.
Key Sharing Algorithms

• Diffie-hellman
• Secure exchange
of secret keys.
 Asymmetric/ Public key
Crytography
• Public key cryptography is described as an
asymmetric scheme, because the key used to
decrypt the message is not the same as the key
used to encrypt it.
• This makes it more secure.
• No need of secret key sharing, but need to maintain
public and private keys.

55
 Public key crytography
• Using asymmetric cryptography, if you want to receive
encrypted messages you create two mathematically linked
keys:
• a public key and a private key.
• Together they are called a key pair.
• You can share your public key with the world, and anyone
can use it to encrypt messages for you.
• You use your private key, known only to you, to decrypt
those messages.
• Anyone who sends you encrypted messages using your
public key knows that only you can decrypt them.

56
 Asymmetric/Public-Key
Cryptography (Encryption)

57
 Asymmetric/Public-Key
Cryptography (Decryption)

58
Conventional and Public-Key
Encryption

59
Public-Key Cryptosystem: Secrecy

60
Public-Key Cryptosystem:
Authentication

61
 Public key crytography
•Different Algorhtms:
• PGP (Pretty Good Privacy)
• RSA (Rivest, Shamir, and Adelman)
• ECDSA (Elliptic Curve Digital Signature Algorithm)
• Deffie Hellman Key exchange

62
 Applications for Public-Key
Cryptosystems
• Public-key cryptosystems can be classified into three categories:

• The sender encrypts a message with

Encryption/decryption the recipient’s public key

• The sender “signs” a message with

Digital signature its private key

• Two sides cooperate to exchange a

Key exchange session key

• Some algorithms are suitable for all three applications, whereas others
can be used only for one or two

63
 Applications for Public-Key
Cryptosystems

Table 9.3 Applications for Public-Key Cryptosystems

64
 Public-Key Requirements
• Conditions that these algorithms must fulfill:
• It is computationally easy for a party B to generate a pair
(public-key PUb, private key PRb)
• It is computationally easy for a sender A, knowing the public
key and the message to be encrypted, to generate the
corresponding ciphertext
• It is computationally easy for the receiver B to decrypt the
resulting ciphertext using the private key to recover the original
message
• It is computationally infeasible for an adversary, knowing the
public key, to determine the private key
• It is computationally infeasible for an adversary, knowing the
public key and a ciphertext, to recover the original message
• The two keys can be applied in either order
65
 Rivest-Shamir-Adleman (RSA)
Algorithm
• Developed in 1977 at MIT by Ron Rivest, Adi Shamir
& Len Adleman
• Most widely used general-purpose approach to
public-key encryption
• based on exponentiation in a finite (Galois) field
over integers modulo a prime
• uses large integers (eg. 1024 bits)
• security due to cost of factoring large numbers

66
 Public-Key Infrastructure (PKI)
• A public key infrastructure (PKI) is a set of roles, policies,
hardware, software and procedures needed to create,
manage, distribute, use, store and revoke digital certificates
and manage public-key encryption.

• Trust service objectives respect one or more of the following

capabilities:
• Confidentiality
• Integrity
• Authenticity

67
 Public-Key Infrastructure (PKI)
• A PKI consists of
• A certificate authority (CA) that stores, issues and signs the digital
certificates;
• A registration authority (RA) which verifies the identity of entities
requesting their digital certificates to be stored at the CA;
• A central directory—i.e., a secure location in which keys are stored
and indexed;
• A certificate management system managing things like the access to
stored certificates or the delivery of the certificates to be issued;
• A certificate policy stating the PKI's requirements concerning its
procedures. Its purpose is to allow outsiders to analyze the PKI's
trustworthiness.

68
Public-Key Infrastructure (PKI)

69
Hashing
 Hashing
•A hash function is a series of
mathematical steps or algorithms that
you can perform on some input data,
resulting in a fingerprint, or digest, or
simply, a hash.
•There are basic hash functions and
cryptographic hash functions
 Cryptographic hash functions
• Hash functions can be used for proving that two things
are the same without revealing the two things.
• For example, let’s say that you want to make a
prediction and don’t want others to know the
prediction, but you want to be able to reveal the
prediction later. You’d write the prediction down
privately, hash it, and display the hash to your audience.
People can see that you’ve committed to a prediction
but can’t back-calculate what your prediction is. Later,
you can reveal the prediction, and others can calculate
the hash and see that it matches the hash you
published.
 Cryptographic hash functions
• Properties of ideal cryptographic hash function:
1. Deterministic
2. Quick
3. Irreversible
4. Small change makes a big difference (nor can you guess what
the message maybe by looking at the hash)
5. Not feasible to find two different messages with the same hash
value
• Only way to guess is through a “brute force attack”
• Evaluate basic hash example using the above.
 Cryptographic hash functions
• Some established industry standard cryptographic
hash function:
• MD5(Message Digest)
• SHA 256 (Secure hash algorithm)
• Output is usually of the same length
 Try it…
• macOSX
• md5 -s “What time is it?
• echo “What time is it?” | shasum -a 256
• Are your results same?
• Now change the input slightly
• Windows:
• Get-FileHash C:\path\to\file.iso (replace C:\path… with path to
your file)
• By default it will run SHA256, however, you can specify the
hashing algorithm
• Get-FileHash C:\path\to\file.iso -Algorithm MD5
Digital Signatures
 Digital signatures
• Digital signatures are used in SSL Certificates, extensively used in
Bitcoin and blockchains
• Used for creating valid transactions ‘signing’ transaction messages to
move coins from your account to someone else’s.
• Digital signatures are a subset of electronic signatures, which can
take a number of forms.
 Digital signatures
• Create a message and sign it with your private key
 Why digital signatures
• A digital signature is created by taking the message you want to sign
and applying a mathematical formula with your private key.
• Anyone who knows your public key can mathematically verify that
this signature was indeed created by the holder of the associated
private key (but without knowing the private key itself).
• So, anyone can independently validate that this piece of data was
signed by the private key holder of this public key.
 How digital signatures are
better?
• How is this better than a wet-ink-on-paper signature?
• The problem with a wet-ink signature is that it is
independent of the data that is being signed, and this
creates two problems:
1. There is no way of knowing if a document has been tampered after
your signature is applied to the bottom.
2. Your signature can easily be copied and re-used with other
documents, without your knowledge.
• Your wet-ink-on-paper signature is your signature and
doesn’t change based on the item being signed: when you
sign a cheque, a letter, or a document, the whole point is
that your signature looks the same. This is easy for other
people to copy! This is really terrible security!
 How digital signatures are
better?
• In contrast, a digital signature is only valid for that exact piece of
data, and so it cannot be copied and pasted underneath another
piece of data, nor can someone else re-use it for their own purposes.
• Any tampering with the message will result in the signature being
invalidated. The digital signature is a one-time ‘proof’ that the person
with the private key really did approve that exact message.
• No one else in the world can create that exact signature unless they
have your private key.
 Digital signatures
• The mathematical process of ‘signing’ a message with a
private key is actually an encryption process.
• Remember that you encrypt data with a public key, and
decrypt it with a private key?
• You can also do it the other way around:
• you can encrypt data with a private key and decrypt it with a public
key.
• So actually the validation process is taking the digital signature and
decrypting it with the well-known public key, and seeing that the
decrypted signature matches the message being signed.
 Digital signatures
• What if the message being signed is really big?
• In most signing schemes, it is actually the hash
(fingerprint) of the message that is signed with the
private key to produce a digital signature which is
small, irrespective of the size of the data being
signed.
Digital signatures
 Digital signatures
• Ensures:
• Authenticate a transaction or a message
• Data integrity
• Also:
• The original owner cannot say: “it wasn’t me”
• This property is called “non-repudiation” and provides
comfort for both parties in a transaction
Cryptography vs. Steganography

•Cryptography:
• Make the data un-understandable for the opponents
• Captured transmission can not reveal the contents of
message

•Steganography:
• Conceal/hide the existence of message
• If caught, message contents can be revealed
Types of Digital Steganography

• Hiding a Message inside Text

• Hiding a Message inside Images
• Most popular technique
• Hiding a Message inside Audio and Video Files
Dear Friend , Your email address has Dear Friend , Your email address has
been submitted to us indicating your been submitted to us indicating your
interest in our newsletter . If you no interest in our newsletter . If you no
longer wish to receive our publications longer wish to receive our publications
simply reply with a Subject: of "REMOVE" simply reply with a Subject: of "REMOVE"
and you will immediately be removed from and you will immediately be removed from
our club . This mail is being sent in our club . This mail is being sent in
compliance with Senate bill 2116 , Title compliance with Senate bill 2116 , Title
7 , Section 301 ! Do NOT confuse us with 7 , Section 301 ! Do NOT confuse us with
Internet scam artists Apparently
. Why work for neutral’s protest
Internet is
scam artists . Why work for
somebody else when you can become rich somebody else when you can become rich
thoroughly discounted
within 13 DAYS ! Have you ever noticed
and
within 13 DAYS ! Have you ever noticed
ignored.
the baby boomers are more demanding Isman
than hard the
hit.
baby boomers are more demanding than
their parents and nobody is getting any their parents and nobody is getting any
Blockade issue
younger ! Well, now is your chance to
affects pretext
younger ! Well, now is your chance to
for
capitalize on this . WE willembargo
help YOU on by-products,
capitalize on this . WE will help YOU
process your orders within seconds plus process your orders within seconds plus
ejecting suets and vegetable
deliver goods right to the customer's deliver goods right to the customer's
oils.
doorstep . The best thing about our doorstep . The best thing about our
system is that it is absolutely risk system is that it is absolutely risk
free for you ! But don't believe us ! Mr free for you ! But don't believe us ! Mr
Ames who resides in Delaware tried us Ames who resides in Delaware tried us
and says "My only problem now is where and says "My only problem now is where
to park all my cars" ! This offer is to park all my cars" ! This offer is
100% legal ! If not for you then for 100% legal ! If not for you then for
your loved
loved ones
ones - act now ! Sign up a your LOVED
LOVED ONES
ONES - act now ! Sign up a
friend and you'll get a discount of 50% friend and you'll get a discount of 50%
. Thank-you for your serious . Thank-you for your serious
consideration of our offer ! consideration of our offer !

Give us an A- Give us an A+
A Picture is Worth 1,024 Words

•Images have a lot of data:

• Spam Mail: 1,108 Bytes
• Picture of Dave: 152 KB
•Ways to hide information
• Least significant bit (BMP)
• Palette Shifts (GIF)
• Discrete Cosine Transforms (JPG)
 What’s
secret
behind
this face?
Hiding in Audio files
• Audio files contain even more data:
• Spam Mail: 1,108 Bytes
• Picture of Dave: 152 KB
• Sneaker’s Theme: 3,466 KB
• Ways to hide information
• Least significant bit (RAW)
• Complicated stuff we don’t understand (MP3)

• people cannot see any visible changes to the file in which the data is hidden
 Uses of Steganography
• Governments

• Businesses: Digital Watermarking

• Individuals
• Steganography and Cryptography can be used together to produce better
protection
 Fun facts!!!

• Why it is always Alice and Bob.

• They are characters first used by Ron Rivest, Adi Shamir, and
Leonard Adleman in their 1978 paper ‘A method for obtaining
digital signatures and public key cryptosystems’.
• Since then, people use these characters as a nod to the inventors.
• Wikipedia has a list of commonly used characters, like:
• Craig the password cracker
• Eve the eavesdropper
• Grace the government (generally characterised as anti-cryptography)
• Mallory the malicious man-in-the-middle
• Sybil the attacker who uses a lot of pseudonyms to overwhelm Alice
and Bob