Cryptography and Network security # Lecture 4

Lec-4: Cryptography & Network
Security
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanistan
BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬
Bakhtar University 1

Outlines to be discussed…. Today
• Cryptography
• Classification of Cryptography
• History of Cryptography
• Basic Terminology of Cryptography
• Symmetric cryptography
• Ceasor cipher
• Monoalphabetic cipher
• Vienegar cipher
• One time pad cipher
• Rail fence cipher
• Product cipher
• Modern symmetric cipher
• Block cipher
• Stream cipher
• Fiestal cipher

To know that one has a secret is to know half the secret itself
(Henry Ward Beecher)

Cryptography
• Combination of Greek words i.e. Crypto+Graphy
• Crypto = “Secret” and Graphy = “Writing”
• Cryptography means secret writing
10/21/2017 Bakhtar University 4

Classification of Cryptography
• Number of keys used
• Hash functions: no key
• Secret key cryptography: one key
• Public key cryptography: two keys - public, private
• Type of encryption operations used
• substitution / transposition / product
• Way in which plaintext is processed
• block / stream
• The way in which the plaintext is processed (block cipher
processes the input one block of elements at a time,
producing an output block for each input block. Stream
Cipher processes the input elements continuously, producing
output one element at a time, as it goes along

History of Cryptography

Origin of Cryptography
Two secure end systems
communicate over an
insecure channel
The enemy is an
outsider listening
to traffic

Old Paradigm
• A and B communicate over an insecure channel.
• A and B trust each other.
• Intruder can read, delete, and insert messages.
• With cryptography, A and B construct a secure
logical channel over an insecure network
A B
intruder

New Paradigm
• Electronic commerce: A and B are customer and
merchant; they do not “trust” each other.
• We want protection against insider fraud as much
as protection against outsiders.
• Trusted Third Parties help settle disputes.
A B
TTP

Law Enforcement
• In many countries laws regulate how a law enforcement
agency (LEA) can intercept traffic.
• Key recovery makes cryptographic keys available to
their owner.
• Key escrow makes keys available to a LEA.
A B
LEA

Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/ methods of
deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and cryptanalysis

Terminology of Cryptography
• Encryption: plaintext (clear text) x is converted into a ciphertext under the
control of a key K.
• We write eK(x).
• Decryption with key K computes the plaintext from the ciphertext y.
• We write dK(y).
• Symmetric ciphers: the decryption key is essentially the same as the
encryption key.
• Asymmetric ciphers: it is computationally infeasible to derive the private
decryption key from the corresponding public encryption key.

Types of Encryption

Symmetric Encryption
• It is a form of cryptosystem in which encryption and decryption are
performed using the same key. It is also known as conventional
encryption.
• Having five components
 Plaintext
 Encryption algorithm (e.g AES, DES)
 Secret keys
 Ciphertext
 Decryption algorithm (reverse of encryption algorithm)

Symmetric Encryption Model

Caesar Cipher
• The earliest and simplest cipher
• Developed by Julius Caesar
• Replacing each letter of the alphabet with the letter standing three
places further down the alphabet.
• Plain : a b c d e f g h I j k l m n o p q r s t u v w x y z
• Cipher: d e f g h I j k l m n o p q r s t u v w x y z a b c

Caesar Cipher
• Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Mathematically give each letter a number
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
• Then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)

20
The Caesar cipher
• Encrypt “go cavaliers”
• Translate to numbers: g = 6, o = 14, etc.
• Full sequence: 6, 14, 2, 0, 21, 0, 11, 8, 4, 17, 18
• Apply the cipher to each number: f(6) = 9, f(14) = 17, etc.
• Full sequence: 9, 17, 5, 3, 24, 3, 14, 11, 7, 20, 21
• Convert the numbers back to letters 9 = j, 17 = r, etc.
• Full sequence: jr wfdydolhuv
• Decrypt “jr wfdydolhuv”
• Translate to numbers: j = 9, r = 17, etc.
• Full sequence: 9, 17, 5, 3, 24, 3, 14, 11, 7, 20, 21
• Apply the cipher to each number: f-1(9) = 6, f-1(17) = 14, etc.
• Full sequence: 6, 14, 2, 0, 21, 0, 11, 8, 4, 17, 18
• Convert the numbers back to letters 6 = g, 14 = 0, etc.
• Full sequence: “go cavaliers”

Cryptanalysis of Caesar Cipher
• Only have 25 possible ciphers
• A maps to B,..Z
• Given ciphertext, just try all shifts of letters
• Do need to recognize when have plaintext
• E.g., break ciphertext "GCUA VQ DTGCM"

Monoalphabetic Cipher
• Rather than just shifting the alphabet
• Could shuffle (jumble) the letters arbitrarily
• Each plaintext letter maps to a different random
ciphertext letter
• Key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher Security
• Now have a total of 26! = 4 x 1026 keys
• Is that secure?
• Problem is language characteristics
• Human languages are redundant
• Letters are not equally commonly used

Transposition Ciphers
• Now consider classical transposition or permutation ciphers
• These hide the message by rearranging the letter order, without
altering the actual letters used
• Can recognise these since have the same frequency distribution as
the original text

One-Time Pad
• Proposed by Gilbert S. Vernam of AT&T in 1917
• Effective for short message, such as nuclear launch
codes
• If a truly random key as long as the message is used, the
cipher will be secure - One-Time pad
• Unbreakable since ciphertext bears no statistical
relationship to the plaintext
• For any plaintext, it needs a random key of the same
length
• Hard to generate large amount of keys
• Have problem of safe distribution of key

One time pad
• There 26 characters in English alphabets so assign a single number for
each character in a sequence. Starting from A=1, B=2……….Z=26.
• Example
• Plaintext: DINOSAUR
• Replace the text with the numbers, so the numbers for DINOSAUR is
4,9,14,15,19,1,21,18
• Key: 6,2,21,14,7,8,12,9
• Now add up the key with corresponding plaintext number

Continued….
• So the corresponding cipher numbers for DINASOUR is
10,11,35,29,26,9,33,27
• Note:
• One time pad for English has a 26 position maximum, so that is why, the
concept of modular arithmetic is used.
• After modular arithmetic
• The cipher numbers for DINASOUR become: 10,11,9,3,0,9,7,1
• Now mapping the cipher numbers with corresponding character of the
English alphabet.
• Ciphertext: JKICZIGA

Decryption of One time Pad
• Reverse the process
• Note: keep one thing in mind that when ever you are subtracting the
key from the cipher numbers and it give you negative value, then add
26 with the number and then subtract the key.

Rail Fence cipher
• Write message letters out diagonally over a number of rows
• Then read off cipher row by row
• E.g., write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
• Giving ciphertext
MEMATRHTGPRYETEFETEOAAT

Product Ciphers
• Ciphers using substitutions or transpositions are not
secure because of language characteristics
• Hence consider using several ciphers in succession to
make harder, but:
• Two substitutions make a more complex substitution
• Two transpositions make more complex transposition
• But a substitution followed by a transposition makes a new
much harder cipher
• This is bridge from classical to modern ciphers

Modern Symmetric Ciphers

Block vs Stream Ciphers
• Block ciphers process messages in into blocks, each of
which is then en/decrypted
• Like a substitution on very big characters
• 64-bits or more
• Stream ciphers process messages a bit or byte at a time
when en/decrypting
• Many current ciphers are block ciphers, one of the most
widely used types of cryptographic algorithms

Block Cipher Principles
• Most symmetric block ciphers are based on a Feistel
Cipher Structure
• Block ciphers look like an extremely large substitution
• Would need table of 264 entries for a 64-bit block
• Instead create from smaller building blocks
• Using idea of a product cipher

Substitution-Permutation Ciphers
• Substitution-permutation (S-P) networks [Shannon, 1949]
• modern substitution-transposition product cipher
• These form the basis of modern block ciphers
• S-P networks are based on the two primitive
cryptographic operations
• substitution (S-box)
• permutation (P-box)
• provide confusion and diffusion of message

Confusion and Diffusion
• Cipher needs to completely obscure statistical properties
of original message
• More practically Shannon suggested S-P networks to
obtain:
• Diffusion – dissipates statistical structure of plaintext over
bulk of ciphertext
• Confusion – makes relationship between ciphertext and
key as complex as possible

Feistel Cipher Structure
• Feistel cipher implements Shannon’s S-P network
concept
• based on invertible product cipher
• Process through multiple rounds which
• partitions input block into two halves
• perform a substitution on left data half
• based on round function of right half & subkey
• then have permutation swapping halves

What is DES?
Symmetric Key algorithm for Encryption

DES - Basics
 DES uses the two basic techniques of cryptography -
confusion and diffusion.
 At the simplest level, diffusion is achieved through numerous
permutations and confusion is achieved through the XOR
operation.

History of DES
In 1971, IBM developed an algorithm,
named LUCIFER which operates on a block
of 64 bits, using a 128-bit key
Walter Tuchman, an IBM researcher,
refined LUCIFER and reduced the key size
to 56-bit, to fit on a chip.

History of DES
In 1977, the results of Tuchman’s project of
IBM was adopted as the Data Encryption
Standard by NSA (NIST).

How Data Encryption Standard (DES) work?

Illustration of DES algorithm
• There are four Steps involved in the DES
1. Initial Permutation (IP)
2. 16 Feistal Rounds
3. Left right Swapping
4. Final Permutation (FP) which is reverse permutation (IP- )

What is done inside F function?

0 1 1 0 0 1 0 1
K0
R0L0
K1
R1L1
Kn
Rn Ln XOR f(Kn,Rn)
Li+1 = Ri
Ri+1 = Li XOR f ( Ri , Ki )
C = (Rn+1,Ln+1)
m
C

Decryption
• The same algorithm as
encryption.
• Reversed the order of key
(Key16, Key15, … Key1).
• For example:
• IP undoes IP-1 step of
encryption.
• 1st round with SK16 undoes
16th encrypt round.
[1]

0 1 1 0 0 1 0 1
Kn
Kn-1
Rn-1Ln-1
K0
L0 R0
Ri = Li+1
Li = Ri+1 XOR f ( Li+1, Ki )
m = (L0 , R0)
Ln XOR f(Kn,Rn)
c
m

DES Cracked
• In 1998, a DES-encrypted message was cracked in 3 days
• In 1999, a network of 10,000 desktop systems cracked a DES-
encrypted message in less than 1 day

Triple DES
• DES algorithm used three times
• K1 is used to encrypt a message (p) resulting in C1 cipher text
• K2 is used to decrypt C! resulting in C2 cipher text
• K3 is used to encrypt C2 resulting in C3 cipher text

3DES Technical Details
• Still using the DES block cipher with 56 bit keys
• Applying three different keys yields effective key length of 168 bits

7/3/01
Advanced Encryption Standard
• DES cracked, Triple-DES slow: what next?
• 1997: AES announced, call for algorithms
• August 1998: 15 candidate algorithms
• August 1999: 5 finalists
• October 2000: Rijndael selected
• Two Belgians: Joan Daemen, Vincent Rijmen
• May 2001: Comment period ended
• Summer 2001: Finalized, certified until ‘06

7/3/01
AES Technical Details
• Similar to DES: block cipher (with different modes), but 128-bit
blocks
• 128-bit, 192-bit, or 256-bit key
• Mix of permutations, “S-boxes”
• S-boxes based on modular arithmetic with polynomials:
• Non-linear
• Easy to analyze, prove attacks fail

Thank You
For Your Patience

Cryptography and Network security # Lecture 4

In this document

More Related Content

What's hot

Similar to Cryptography and Network security # Lecture 4

More from Kabul Education University

Recently uploaded

Cryptography and Network security # Lecture 4