Chapter 2: Cryptography Technique

About This Presentation

Title:

Chapter 2: Cryptography Technique

Description:

Chapter 2: Cryptography Technique – PowerPoint PPT presentation

Number of Views:234

Avg rating:3.0/5.0

Slides: 62

Provided by: Shann47

Category:

more less

Transcript and Presenter's Notes

Title: Chapter 2: Cryptography Technique

1
Chapter 2 Cryptography Technique

"You can have everything in life you want if
you'll just help enough other people to get what
they want!" -- Zig Ziglar
Prepared by
SITI ZAINAH ADNAN
If you do have any feedback or comment,
please feel free to email me at
sitizai_at_hotmail.com
Your cooperation is very much appreciated !

2
Chapter 2 Cryptography Technique

TOPICS
Introduction
Terminology Basic Encryption Methods
Secret Code
Monoalphabetic Ciphers
Cryptanalysis of a Monoalphabetic Cipher
Polyalphabetic Substitution Cipher
Transpositions
Stream and Block Ciphers

3
References

Book (available at the Informatics library)
CHAPTER 2, 3 and 4 Security In Computing,
Charles P.Pfleeger, Prentice Hall International
Notes (available at IVC)

4
Encryption

Transforms data so that it is unintelligible to
the outside observer
To maintain secure data in an insecure
environment

5
Encryption
6
Encryption With One Key

Symmetric encryption (Single-key encryption OR
Private Key encryption)

7
Encryption with Two Keys

Asymmetric encryption (Two-key encryption OR
Public-Key encryption)

8
Terminology

Encryption
A process of encoding a message so that its
meaning is not obvious. Also known as
encode/encipher
Decryption
Is the reverse process of encryption.Also known
as decode/decipher
Cryptosystem
A system for encryption and decryption.
Plaintext
The original form of a message.

9
Terminology

Ciphertext
The encrypted form of an original message.
Secret Code
Use of simple secret code to represent the
original message.
Example, apple means go ahead.

10
Terminology

Cryptography
The science of using mathematics to encrypt and
decrypt data
Enables user to store sensitive information or
transmit it across insecure networks so that it
cannot be read by anyone except the intended
recipient
Cryptanalysis
The science of analyzing and breaking secure
communication
Done by cryptanalyst (attackers)
Cryptology
The research into and study of encryption and
decryption include cryptography and cryptanalyst

11
Terminology

Key
A value that is used together with the plaintext
as input into encryption algorithms to produce
ciphertext
Allows different encryption of a plaintext
Provide additional security
If the encryption algorithm is revealed, future
message can still be kept secret because the
interceptor will not know the key value
Basically really big numbers, measured in bits
e.g. 1024 bit key

12
Cryptosystem model
13

An opponent, observing Y but not having access to
K or X, may attempt to recover X or K or both X
and K - assume that opponent knows the encryption
E and decryption D algorithms
To recover X and K, plaintext estimate X and
estimate K are recovered

Input are message X and the encryption key K,
the encryption algorithm forms the chipertext as
Y Y1, Y2....Yn OR Y Ek (X)
Y is produced by encryption algorithm E as a
function of plaintext X, which determined by key
K value
The intended receiver, in possession of the key,
is able to invert the transformation
X Dk (Y)

15
Encryption algorithms

Two basic methods
Substitution
Monoalphabetic ciphers
Polyalphabetic ciphers
Transposition (permutation)

16
Monoalphabetic Ciphers

Each letter is translated or substituted by a
fixed letter after it in the alphabet.
E.g. Caesar Cipher uses a shift 3.
The plaintext letter pi is encipher as ciphered
letter ci by the rule.
ci E(pi) pi 3
A translation chart of the Caesar cipher is as
shown below.
Plain text ABCD E FG H IJKLMNOPQRSTUVWXYZCipher
text defg h ij k lmnopqrstuvwxyzabc
E.g. Happy New Year would be kdssb qhz bhdu

17
Monoalphabetic Cipher Cryptanalysis

Some letters are used more often than others.
Example of the clues
The letter E, T and A occur more than J, Q and Z
The break between the two words, the SS can be
translated to VV
Therefore cryptanalysis uses such occurrence
patterns to decipher the cipher text easily
Count do help to narrow the possibilities
The frequent occurring letters in the ciphertext
are likely to be among the more frequently
occurring letters in English

18
Monoalphabetic Cipher Cryptanalysis
19
Polyalphabetic Cipher

The weakness of monoalphabetic cipher is that
their frequency distribution reflects the
distribution of the underlaying alphabet.
A cipher that is more cryptographically secure
would display flat distribution.
One way to flatten the distribution is to combine
distribution that are high with that are low.
Uses multiple mappings between plaintext and
ciphertext and it is not just a single mapping

20
Polyalphabetic Cipher

Example of mapping
Odd position mapping
ABCDEFGHIJKLMNOPQR S T UVWXYZ..
Adgjmpsvybehknqtwz c f ilorux
Even position mapping
ABCDEFGHIJKLMN O PQR S TUVWXYZ..
Nsxchmrwbglqva f kpu z ejotydi
Example of text
TREAT YIMPO SSIBL E ? fumnf dyvtf czysh h

21
Polyalphabetic Cipher

As compared with monoalphabetic cipher
E.g. encryption using Odd position mapping
TREATY IMPOSSIBLE ? fzmafu yktq cc ydhm

22
Transposition

Rearrange the order of bits, characters or blocks
of characters that are being encrypted or
decrypted.
The original letters of the plaintext are
preserved only their positions change.
E.g. Columnar Transposition
The rearrangement of the characters of the
plaintext into columns
The resulting ciphertext is formed by traversing
the columns

23
Columnar Transposition
24
Columnar Transposition

The plaintext is
THIS IS A MESSAGE TO SHOW HOW A COLUMNAR
TRANSPOSITION IS WORKING
The ciphertext is
TAGO CASIR HMEW ORPOK IETH LTONS SSOO URSS
ISSW MAIW SAHA NNTO

25
Stream Ciphers

ISSOPMI wdhuw
Plaintext cihertext
Encryption

It converts one symbol of plaintext immediately
into a symbol of ciphertext
The transformation depends only on the symbol,
the key, and control information of the
encipherment algorithm
E.g. substitution encryption

26
Stream Ciphers - Advantages

Speed of transformation
Each symbol is encrypted without regard for any
other plaintext symbols, each symbol can be
encrypted as soon as it is read
Low error propagation
Each symbol is separately encoded, an error in
the encryption process affects only that character

27
Stream Ciphers - Disadvantages

Low diffusion
Each symbol is separately enciphered
Susceptible to malicious insertions and
modifications
Since, each symbol is separately enciphered, an
active interceptor who has broken the code can
splice together pieces of previous messages and
transmit a spurious message that may look
authentic

28
Block Ciphers

OITPYR
Encryption ba
qc
kd
em

It encrypts a group of plaintext symbols as one
block , e.g. 64 bits or more
It works on blocks of plaintext and produce
blocks of ciphertext
E.g. transposition encryption

29
Block Ciphers - Advantages

Diffusion
Information from plaintext is diffused into
several ciphertext symbols
One ciphertext block may be depend on several
plaintext letters
Immunity of insertions
Since blocks of symbols are enciphered, it is
impossible to insert a single symbol into one
block
The length of the block would then be incorrect,
and decipherment would reveal the insertion

30
Block Ciphers - Disadvantages

Slowness of encryption
Block ciphers must wait until an entire block of
plaintext symbols has been received before
sorting the encryption process
Error propagation
An error will affect the transformation of all
other characters in the same block

31
Key Management Protocols

Attack to Remote communications
When two remote systems transfer messages along
communication medium, several potential attack
scenarios arise. There are three main types of
attacks
Disclosure to an unauthorised listener.
Receipt of a message from a masquerading sender.
Corruption or blocking of sent messages.

32
Key Management Protocols

a. Disclosure to an unauthorised listener
Involves a malicious entity or an intruder
gaining access to the message by simply observing
and interpreting the data travelling along the
communication medium.
b. Receipt of a message from a masquerading
sender
This attack involves an unauthorised masquerading
entity claiming to be some authorised entity.
The result is that a bad message might be sent
from an intruder.

33
Key Management Protocols

c. Corruption or blocking of sent messages
Refers to messages sent by a sender being
corrupted or blocked by an unauthorised intruder.
Intruders corrupt the good message and replace
it with a bad message.

34
Key Management Protocols

Encryption systems provide an important tool in
computer security, it gives a user the ability to
transmit information in a concealed form.
It is very useful to transmit documents and data
over a channel that may be intercepted.
Protocol is established to orderly sequence the
steps of the encryption by two or more parties
in their communication
Three type of encryption protocols
Private key protocol
Public key protocol
Arbitrated protocol

35
Private Key Protocol

A protocol that may be used between communicating
entities to authenticate systems and hide
messages.
Assumed that communicating entities have access
to encryption routines M that encrypts and
decrypts using some key K.
Both sender and receiver knows K.
Sender Receiver
message Mk Mkk message
encrypt decrypt

36
Encryption With Private Key
37
Private Key Protocol - Advantages

Fast
Useful for encrypting data for a short distance

38
Private Key Protocol - Disadvantages

If the key is revealed (stolen etc.), the
interceptors can decrypt all the information in
both direction.
Distribution of keys becomes a problem, as keys
must be transmitted with utmost security.
The number of keys increases with the square of
the number of users exchanging secret
information.

39
Public Key Protocol

Deviced by Whitfield Diffie and Martin Hellman in
1996.
This scheme overcomes the exchange of private key
problem.
Makes use of two encryption keys, public key and
private key.
Allows remote entities to advertise part of the
encryption key, that is public key.
Requires both public key and private key to
encrypt and decrypt a message.
Addresses several problems of key distribution
and key loss issues.

40
Encryption with Public Keys
41
Public Key Protocol

Based on mathematical functions rather than on
substitution and permutation
Asymmetric involving the use of two separate
keys, in contrast to symmetric conventional
encryption, which uses only one key
Has profound consequences in the area of
confidentiality, key distribution, and
authentication

42
Public Key Cryptosystem

Each end system in a network generates a pair of
keys to be used for encryption and decryption of
messages that it will receive
Each system publishes its encryption key by
placing it in a public register or file. This is
the public key. The companion key is kept private
(eg. Verisign provide security service for
international e-commerce, DigiCert mainly for
local e-commerce)
If A wishes to send a message to B, it encrypts
the message using Bs public key
When B receives the message, B decrypts it using
Bs private key. No other recipient can decrypt
the message because only B knows Bs private key.

43
Public Key - Advantages

All participants have access to public keys and
private keys are generated locally by each
participant and therefore need never be
distributed
As long as system controls its private key, its
incoming communication is secure
At any time,a system can change its private key
and publish the companion public key to replace
its old public key
It is computationally infeasible to deduce the
private key from the public key
Anyone who has a public key can encrypt
information but cannot decrypt it
Only the person who has the corresponding private
key can decrypt the information

44
Public Key Examples

Elgamal (named for its investor, Taher Elgamal)
RSA (named for its investors Ron Rivest, Adi
Shamir and Leonard Adleman)
Diffie-Hellman (named for its investors)
DSA Digital Signature Algorithm (invented by
David Kravitz)

45
Public Key Cryptosystem Encryption
46
Public Key Cryptosystem Authentication
47
Public Key Cryptosystem Applications
48
Public Key Protocol

Sender (B)
Receiver (A)
Message MSBPA
MSBPASAPB Message Encrypt
Decrypt
Legend
SBSecret key of B PBPublic key of B
SASecret key of A PAPublic key of A

49
Arbitration Protocols with Third Party

An alternative to the point key management
protocols between senders and receivers.
Protocol that uses third party to ensure
authentication between communicating entities.
Two types of arbitrated key management protocols
might be envisioned.

50
Arbitration Protocols with Third Party

1) All data communication is performed through a
third party, so that A might communicate with C
through arbiter B. This requires that A and B
agree on some key management protocol and that B
and C agree on a protocol as well.
A B C
Arbitrator

51
Arbitration Protocols with Third Party

2) The third party arbiter establishing
authentication between the sender and receiver
e.g. visiting prisoner at prison, have to go thru
the prison warden

52
Reasons why an arbiter is not desirable

Difficult to find a trusted arbitrator e.g.
recognize and valid authority
Cause delay in communication e.g. have to go thru
arbiter for any communication
Costly in maintaining an arbiter e.g. fees
payment, service charges
Bottleneck happens if many users access to same
arbiter e.g. delay in communication
Not secure since arbiter has access to sensitive
information e.g. no 100 confidentiality

53
Key Distribution

This scheme involves distribution of public and
secret keys by transmission over a secure
channel.
Uses private key management protocol between
remote systems and the KDC - Key Distribution
Centre.
This approach allows two entities to receive keys
from KDC for their communication.
Secrecy of their transmission to the KDC is
assured by the distribution process.

54
Pretty Good Privacy (PGP)

It is a hybrid cryptosystem by Philip Zimmerman
Fast ,easy and free ported to most popular
computer platforms, PCs and Macs as well to
protect messages on the Internet
Used in email e.g. Netscape Messager, MS Outlook
Express and Qualcomm Eudora Pro

55
PGP Encryption

PGP compresses the plaintext to save transmission
time and disk space and to strengthen
cryptographic security
Compression reduces plaintext pattern and
enhances resistance to cryptanalysis
PGP creates session key, one-time-only secret
key from the random movement of users mouse and
keystrokes type
Using the IDEA algorithm with the session key,
the message is encrypted.
The session key is encrypted with the RSA
algorithm and the recipients public key
The encrypted message and session key is then
bundled together and ready to be mailed or stored

56
PGP Encryption
57
PGP Decryption

The recipients copy of PGP uses his/her the
private key to recover the temporary session key
Then, PGP uses it to decrypt the ciphertext

58
PGP Decryption
59
Secure Socket Layer (SSL)

Developed by Netscape in 1994
Provides two functions
Encrypting the information flow between client
and server
Client/server authentication
Latest version is SSL 3.0 (1996)
Supported by
Client applications (Netscape Navigator,
Microsoft Internet Explorer)
Server applications (Netscape, Microsoft, Apache,
Oracle, NSCA etc.)
Certification Authorities (VeriSign)

60
Secure Socket Layer (SSL)

Comes with two strength 40-bit and 128-bit which
refer to the length of the session key
generated by every encrypted transaction
HTTPS - Hypertext Transfer Protocol Secure
https// represent secure site using SSL services
(HTTP SSL)

61
Secure Socket Layer (SSL)

Fundamental concerns about communication over
the Internet and other TCP/IP networks
SSL server authentication allows a user to
confirm a server's identity
SSL client authentication allows a server to
confirm a user's identity
An encrypted SSL connection requires all
information sent between a client and a server to
be encrypted by the sending software and
decrypted by the receiving software, thus
providing a high degree of confidentiality