Cryptography and Public key
Infrastructure
                    Cryptology
• Cryptography
  The area of study containing the principles and methods of
  transforming an intelligible message in to one that is
  unintelligible, and then retransforming that message back
  to its original form.
• Cryptanalysis(Hacking)
  is art and science of decoding non readable data without
  knowing techniques of encoding.
• Cryptology
  Both Cryptography and Cryptanalysis Known as Cryptology
      Symmetric Key Encryption
• Encryption and Decryption is done with single
  key
• A symmetric encryption scheme has five
  ingredients
  – Plain Text
  – Encryption algorithm
  – Secret Key
  – Cypher Text
  – Decryption algorithm
Simplified Model of Conventional Encryption
                 Basic Requirement
1. Strong encryption algorithm:
The opponent should be unable to decrypt cipher text or discover
  the key even if he or she is in possession of a number of cipher
  texts together with the plaintext that produced each cipher text.
2. Key must be secret.
The key must be shared in secret manner by sender or some third
  party.
3.No need to make algorithm secret
     Types of Attacks on Encrypted Messages
Type of Attack       Known to Cryptanalyst
Ciphertext only &    ● Encryption algorithm
Frequency Analysis   ● Ciphertext
Known plaintext      ● Encryption algorithm
                     ● Ciphertext
                     ● One or more plaintext-ciphertext pairs
                     formed with the secret key
Chosen plaintext     ● Encryption algorithm
                     ● Ciphertext
                     ●Plaintext    message     chosen by
                     cryptanalyst,    together   with its
                     corresponding ciphertext generated
                     with the secret key
       Types of Attacks on Encrypted Messages
Type of Attack Known to Cryptanalyst
Chosen ciphertext ● Encryption algorithm
                  ● Ciphertext
                  ● Purported ciphertext chosen by
                  cryptanalyst,     together    with      its
                  corresponding       decrypted    plaintext
                  generated with the secret key
Chosen text       ● Encryption algorithm
                  ● Ciphertext
                  ●    Plaintext    message     chosen     by
                  cryptanalyst,     together     with      its
                  corresponding ciphertext generated with
                  the secret key
                  ● Purported ciphertext chosen by
                  cryptanalyst,     together     with      its
                  corresponding       decrypted     plaintext
• brute-force attack
       Asymmetric Key Encryption
• referred to as public key encryption.
• It uses two keys one is public key that is known by
  all and other is private key
• A symmetric encryption system has the following
  components:
  –   Plaintext:
  –   Encryptional gorithm:
  –   Public and PrivateKey
  –   Ciphertext:
  –   Decryptional gorithm:
Public-Key Cryptosystem: Secrecy
          Y = E(PUb, X)
                          X = D(PRb, Y)
Public-Key Cryptosystem:
     Authentication
      Y = E(PRa, X)   X = D(PUa, Y)
 Public-Key Cryptosystem:
Authentication and Secrecy
        Z = E(PUb, E(PRa, X))
                                X = D(PUa, E(PRb, Z))
           Requirements for Public-Key
                  Cryptography
1. It is computationally easy for a party B to generate a
   pair (public key PUb, private key PRb).
2. It is computationally easy for a sender A, knowing
   the public key and the message to be encrypted, M,
   to generate the corresponding ciphertext:
                  C = E(PUb, M)
3.       It is computationally easy for the receiver B to
     decrypt the resulting ciphertext using the private key
     to recover the original message:
        M = D(PRb, C) = D[PRb, E(PUb, M)]
4.           It is computationally infeasible for an
     adversary, knowing the public key, PUb, to
     determine the private key, PRb.
5. It is computationally infeasible for an adversary,
  knowing the public key, PUb, and a ciphertext, C,
  to recover the original message, M.
6. The two keys can be applied in either order:
       M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
         Substitution Technique
• Substitution Technique
  – Letters of plain text are replaced by other letters or by
    numbers or symbols.
1.Caesar Cipher(Shift Cipher)
2.Playfair Cipher
3.Hill Cipher
4.Vigenere Cipher(Polyalphabetic Cipher)
5.Vernam Cipher
6.One Time Pad Cipher(Vermin Cipher)
                  Caesar Cipher
• In this cipher, Each letter in the plaintext is replaced
  by a letter some fixed number position (Key) down
  the alphabet.
• For Example with shift 3 A would be replaced by D.
• The alphabet is wrapped around so that Z follows A.
• Example:
• Plaintext: MEET ME AFTER THE PARTY
• Ciphertext: PHHW PH DIWHU WKH SDUWB
• Mathematically, starting from a=0, b=1 and so
  on, Caesar cipher can be written as:
  E(p) = (p + k) mod (26)
  D(C) = (C –k) mod (26)
• This cipher can be broken:
1) If we know one plaintext-cipher text pair since
  the difference will be same.
2) There are only 26 possible keys.
3) Does not change the frequency of an
  alphabate
             Playfair Cipher
• In this technique multiple (2) letters are
  encrypted at a time.
• based on the use of a 5 x 5 matrix of letters
  constructed using a keyword.
• The plaintext is encrypted two letters at a
  time
  1) Break the plaintext into pairs of two consecutive
     letters.
  2) If a pair is a repeated letter, insert a filler like
     ‘X‘inthe plaintext, eg. "balloon" is treated as
     "balx lo on“
  3) If in the last there is only one letter then insert X
     after it to make a pair.
  4) If both letters fall in the same row of the key
     matrix, replace each with the letter to its right
     (wrapping back to start from end), eg. “AR"
     encrypts as "RM"
  5) If both letters fall in the same column, replace each
    with the letter below it (again wrapping to top from
    bottom), eg. “MU" encrypts to "CM“
  6) Otherwise each letter is replaced by the one in its
    row in the column of the other letter of the pair, eg.
    “HS" encrypts to "BP", and “EA" to "IM" or "JM" (as
    desired)
  Try:
  Key:COMPUTER
  WORD: ENGINEERING(RLHDLRRASGN)
• Advantage:
  – 26 x 26 = 676 digrams
  – frequency analysis is much more difficult
                Hill Cipher
• This cipher is based on linear algebra
• The substitution is determined by m linear
  equations. For m = 3, the system can be
  described as:
  c1 = (k11p1 + k12p2 + k13p3)mod 26
  c2 = (k21p1 + k22p2 + k23p3)mod 26
  c3 = (k31p1 + k32p2 + k33p3)mod 26
• Cipher =(PT*Key) mod 26
• PlainText =(Cipher*Key-1)mod 26
• Matrix inverse:
     [Determinant(key)]-1 * Adjoint (Key)
• Adj(Key):
        – Transpose(KEY)
        – Find Minor
        – Find co factor
• TEXT Matrix is:
• KEY Matrix is:
 Polyalphabatic Cypher(Vigenère)
• The table consists of the alphabets written out 26
  times in different rows, each alphabet shifted
  cyclically to the left compared to the previous
  alphabet, corresponding to the 26 possible
  Caesar Ciphers.
• At different points in the encryption process, the
  cipher uses a different alphabet from one of the
  rows.
• The alphabet used at each point depends on a
  repeating keyword.
Polyalphabatic Cypher(Vigenère)
    One time pad (vermin cipher)
• This system works on binary data (bits) rather than
  letters, The technique can be expressed as follows:
  ci = ki ⊕ pi
where
     pi = ith binary digit of plaintext
     ci = ith binary digit of ciphertext
     ki = ith binary digit of key
    ⊕= exclusive-or (XOR) operation
• Thus, the ciphertext is generated by
  performing the bitwise XOR of the plaintext
  and the key.
• •Decryption simply involves the same bitwise
  operation
           pi = ki ⊕ ci
              Steganography
• The art and science of hiding information (it
  can be Plain Text, Cipher Text, Images , etc) by
  embedding messages within other is called
  Steganography.
• It is used when encryption is not permitted.
•It has three types(Ex.for Images)
      1.LSB(Least Significant Bit)
      2.DCT(Discrete Cosine Transform)
      3.Append Algorithm
                       Hashing
• Hashing is technique of obtain hash function which
  provides digital signature to the content
• Some of the Application of the hash function are listed
  below,
  –Digital signature
  –Password hashing
  –Time Stamping
• Hash function maps a message of any length into a
  fixed-length hash value, which serves as the
  authenticator
       General Structure of Hash
               Function
• 1.The input message is partitioned into L fixed-sized
  blocks of b bits each, If necessary, the final block is
  padded to b bits.The final block also includes the value
  of the total length of the input message.
• 2.The hash algorithm involves repeated use of a
  compression function, f, that takes two inputs And
  produces an n-bit output
• 3.At the start of hashing, the chaining variable has an
  initial value that is specified as part of the algorithm,
  The final value of the chaining variable is the hash value.
        SHA-1
(Arbitrary msg of length X)
         SHA-1
         160 bit H(X)
                          SHA-1
• The algorithm takes as input a message of maximum length of
   less than 2^64 bits and produces a 160-bit message digest, The
   input is processed in 512-bit blocks
•The Algorithm Step are listed below:
1.Initialize variables
   h0=0x67452301
   h1=0xEFCDAB89
   h2=0x98BADCFE
   h3=0x10325476
   h4=0xC3D2E1F0
   ml=message length in bits
                Padding
• Input is divided in 448 Bits
• 64 Bits binary function is padded(original
  length)
• Total of 512 bits
            Compression function
    DEFAULT KEY       DEFAULT REG VALUE
    CONSTANT
•   K1:0x5A827999     •   H0(A) OX67452301
•   K2:06ED9EBA1      •   H0(B) 0XEFCDAB89
•   K3:0X8F1BBCDC     •   H0(C)0X98BADCFE
•   K4:0XCA62C106s    •   H0(D) 0X10325476
                      •   H0(E) 0XC3D2E1F0
                   Function FK
• Stage 1(0..19)
       F(T,B,C,D)=(B AND C) OR(NOT B) AND D
• Stage 2(20..39)
       F(T,B,C,D)=B EX-OR C EX-OR D
• Stage 3(40..59)
       F(T,B,C,D)=(B AND C) OR (B AND D) OR(C AND D)
• Stage 4(60..79)
       F(T,B,C,D)=B EX-OR C EX-OR D
             Digital Signature
• Used for authentication
• The use of digital signature usually involves two
  processes, one performed by the signer (Digital
  Signature Creation) and the other by the
  receiver (digital Signature Verification) of the
  digital signature.
• In situations where there is not complete trust
  between sender and receiver, something more
  than authentication is needed.
• Digital Signature must have the following properties.
 – It must verify the author and the date and time of the
   signature.
 – It must authenticate the contents at the time of the signature.
 – It must be verifiable by third parties, to resolve disputes.
• requirements for a digital signature:
 – The signature must be a bit pattern that depends on the
    message being signed
  – The signature must use some information unique to the
    sender, to prevent both forgery and denial.
– It must be relatively easy to produce the digital
  signature
– It must be relatively easy to recognize and verify
  the digital signature.
– It must be computationally infeasible to forge a
  digital signature
– It must be practical to retain a copy of the digital
  signature in storage.
           What is it actually??
•  one-way hash (encryption)  using your public
  and private key pair.
• How does a Digital Signature Work?
• Consider a scenario where Alice has to
  digitally sign a file or an email and send it to
  Bob.
• Digital certificate includes:
   – Subject name
   – Serial number
   – Validity date range 
   – issuer name, etc.
• Digital signature V/s Certificate
                 Key Escrow
• Key Escrow is a cryptographic key exchange
  process in which a key is held in a escrow(vault)
  or stored by the third party.
• It provide a back up source for cryptographic
  keys, but this system is some what risky because
  a third party is involved.
• The purpose of it is to serve as a back up if the
  parties with access to the cryptographic key loss
  the data.
     Public Key Infrastructure
• Is a set of hardware, software, people,
  policies, and procedures needed to create,
  manage, distribute, use, store, and revoke
  digital certificates.
• A PKI consists of:
  1.CertificateAuthority(CA)((n)code,emudra,
  NIC,TCS,SafeScript)
  2.RegistrationAuthority(RA)
  3.CentralDirectory
  4.CertificateManagementSystem
  5.CertificatePolicy
                              Steps for DC
1.Application Phase:
  1. Applicant will access the CA website to select customer type and class of certificate
    needed.
  2. Online registration form.
  3. Verification of mandatory fields
  4. payment
  2.Authentication Phase:
    1.RA verifies and validates the information
3.Retrieval Phase:
  After verification , Authorization Code will be sent through registered A.D.
     Centralized & Decentralized
           Infrastructure
• The key pairs used in a PKI are generated
  using the two basic methods:
  – Centralized Infrastructure
  – Decentralized Infrastructure
        Private Key Protection
1.Minimize Access to Private Keys
2.Use Physical Security to Protect Keys
                Trust Model
Collection of rules that decide the legitimacy of
  a Digital Certificate.
Three types of Trust Model
1.Hierarchical Model
2.Peer to Peer Model (Bridge Model)
3.Hybrid Model
Hierarchical Trust Model
• In a hierarchical trust model— also known as a
  Tree a root CA at the top provides all the
  information
• The      intermediate     CAs    are    next in
  the hierarchy, and they only trust information
  provided by the root CA
Bridge Model(Peer to Peer)
• Advantage: Can use cross platform
  certification for organizations.
• Disadvantage: If one of the root CAs doesn’t
  maintain tight internal security around its
  certificates, a security problem can be
  created:
  – An illegitimate certificate could become available
    to all the users in the bridge structure and its
    subordinate or intermediate CAs
Hybrid Model
• Notice,the single intermediate CA server on the
  rightside of the illustration is the only server that
  is known by the CA below it
• The subordinates of the middle-left CA are linked
  to the two CAs on its sides.
• These two CAs don’t know about the other CAs,
  because they are linked only to the CA that
  provides them a connection.
• Disadvantage:  complicated and confusing