Cryptography

• The name encryption or cryptography means secret writing.

• It is probably the strongest defense in the arsenal of computer
security protection.
• Well disguised data can not be easily read, modified or fabricated.
• However weak or flawed encryption creates only the illusion of
protection.
• Cryptography has its roots in communication security.
• Assuming two parties A and B below communicate over an insecure
channel.
• The antagonistic is an intruder who has full control over the channel,
being able to read, delete or insert messages. They want protection
from the intruder.
• Cryptography gives them the means to create secure logical channel
over an insecure physical connection.
•Cryptography is the practice and study of techniques
for secure communication in the presence of third
parties called adversaries.
•It is the art of transforming information (encrypting)
into unreadable format (cypher text). Only those who
posses a secret key can transform it back (decrypt)
into plain text.
•It conceals data against unauthorized access.
Problems Addressed by Encryption
• When a message is sent from point A to B, it is vulnerable to
exploitation and third parties may try to access it in any of the
following ways:
Block it, by preventing it reaching B, thereby affecting the availability
of the message.
Intercept it, by reading or listening to the message, thereby affecting
the confidentiality of the message.
Modify it, by seizing the message and changing it in some way,
affecting the message’s integrity.
Fabricate an authentic-looking message, arranging for it to be
delivered as if it came from A, thereby also affecting the integrity of
the message.
• Fortunately, encryption is a technique that can address all these
problems.
Terminology
• Encryption is the process of encoding a message so that it’s meaning
is not obvious;
• Decryption is the reverse process, transforming an encrypted
message back into its normal, original form.
• Alternatively, the terms encode and decode or encipher and
decipher are used instead of encrypt and decrypt.
• A system for encryption and decryption is called a cryptosystem.
• The original form of a message is known as plaintext and the
encrypted form is called ciphertext.
 Plaintext and Ciphertext
• Formal notation: C = E(P) and P = D(C) where C represents the
ciphertext, E is the encryption rule, P is the plaintext and D is the
decryption rule. We seek a cryptosystem for which P = D(E(P)).
Encryption Keys
•The encryption and decryption rules, called algorithms, often
use a device called a key, denoted by K.
•So the resulting ciphertext depends on the original plaintext
message, the algorithm and the key value.
•This dependence is written as C = E(K, P). Essentially, E is a
set of encryption algorithms, and the key K selects one
specific algorithm from the set.
Secret key encryption
• Secret key or single-key or symmetric encryption uses single key for
both encryption and decryption.
• So P = D(K,E(K,P), meaning that the same key, K, is used both to
encrypt a message and letter decrypt it.
• This form of encryption is called symmetric because D and E are
mirror-image processes.
• Trivial example: The encryption algorithm might be to shift each
plaintext letter forward n positions in the alphabet. For n = 1, A is
changed to b, B to c,…P to q, … and Z to a. So in this case the key
value is n, moving n positions forward for encryption and backward
for decryption.
Secret Key Encryption
•
Public key encryption
•
Secret key and Public key encryption
Cryptanalysis
• In cryptanalysis, cryptanalysts’ chore is to break an encryption. So
the cryptanalyst attempts to deduce the original meaning of a
ciphertext message.
• Better yet, the cryptanalyst hopes to determine the decrypting
algorithm, and ideally the encryption key to be able to break other
messages encoded in the same way.
• The analyst works with the variety of information: encrypted
messages, known encryption algorithms, intercepted plaintext, data
items known or suspected to be in the ciphertext message,
mathematical or statistical tools and techniques, and properties of
languages, as well as plenty of ingenuity and luck.
Cryptanalysis
• Each piece of evidence can provide a clue.
• The analyst puts the clues together to try to form a larger picture of a
message’s meaning in the context of how the encryption is done.
• In cryptanalysis, there are no clues, an interceptor can use any means
available to tease out the meaning of the message.
• Work factor: Is the difficulty or amount of work needed to break an
encryption.
• Security administrators job is to make sure they implement
encryption algorithm whose work factor is high.
Symmetric and Asymmetric Encryption Systems.
• Symmetric algorithm (secret key) use one key, which works for both
encryption and decryption.
• The symmetric systems provide a two-way channel to their users.
• As long as the key remains secret, the system also provides
authenticity.
• Authenticity is ensured because only the legitimate sender can
produce a message that will decrypt properly with the shared key.
• Symmetry is the major advantage with this type of encryption.
• Managing keys is the major weakness with symmetric encryption:
• Asymmetric or public key systems typically have precisely matched
pairs of keys.
• The keys are produced together or one is derived mathematically
from the other. Thus, a process computes both keys as a set.
• But for both kinds of encryption, a key must be kept well secured.
• Once the symmetric or public key is known by an outsider, all
messages written previously or in future can be decrypted (hence
read or modified) by the outsider.
• So for all encryption algorithms, key management is the major issue.
• Asymmetric systems excel in key management.
• Examples of secret key encryption algorithms are DES and AES. RSA is
a popular example of public key encryption algorithm.
DES: The Data Encryption Standard
• DES is a system developed for US government and was intended for
use by the general public.
• The DES algorithm was developed in the 1970s by IBM.
• DES is a careful and complex combination of two fundamental
building blocks of encryption: substitution and transposition.
• The algorithm derives its strength from repeated application of these
two techniques, one on top of the other, for a total of 16 cycles.
• The algorithm begins by encrypting the plaintext as blocks of 64bits.
• The key is 64 bits long, but in fact it can be any 56-bit number.
AES: Advanced Encryption System/Rijndael
• AES was adopted for by US government in 2001.
• AES is likely to be the commercial grade symmetric algorithm of
choice for years, if not decades.
• It primarily uses substitution, transposition, the shift, exclusive OR,
and additional operations.
• Like DES, AES uses repeat cycles. There are 10, 12 or 14 cycles for
keys 128, 192 and 256 bits respectively. The cycles are called rounds.
Rijndael
The Rivest-Shamir-Adelman Algorithm(RSA)
•
RSA
• Encryption in RSA is done by exponentiation, raising each plaintext
block to a power, that power is a key e.
• Exponentiation is extremely time-consuming on a computer. The time
to encrypt increases exponentially as the exponent(key) grows
longer.
• Thus RSA is markedly slower than DES and AES.
• RSA encrypts blocks of various sizes.
• People tend to use DES and AES as the major cryptographic
workhorses, and reserve slower RSA for limited uses at which it
excels.
Symmetric VS Asymmetric algorithms
Shannon’s characteristics of good ciphers
1. The amount of secrecy needed should determine the amount of
labor appropriate for the encryption and decryption.
2. The set of keys and the enciphering algorithm should be free from
complexity.
3. The implementation of the process should be as simple as possible.
4. Errors in ciphering should not propagate and cause corruption of
further information in the message.
5. The size of the enciphered text should be no larger than the text of
the original message.
Properties of “Trustworthy” encryption
schemes
• Commercial users have several requirements that must be satisfied
when they select an encryption algorithm. A “commercial grade” or
“Trustworthy” encryption meets these constraints:
1. It is based on sound mathematics. Good cryptographic algorithms
are not just invented, they are derived from solid principles.
2. It has been analyzed by competent experts and found to be
sound. A review by critical outside experts is essential.
3. It has stood the “test of time”.
Digital signature
• Digital signature is a protocol that produces the same effect as real
signature.
• It must be unforgeable, authentic, not alterable and not reusable.
• A digital signature consists of:
▪ A file
▪ Demonstration that the file has not been altered
▪ Indication of who applied the signature
▪ Validation that the signature is authentic, that is, it belongs to the signer
▪ Connection of the signature to the file.
• A secure hash code of the file that computes a message digest and is
included in the signature, demonstrates that the file has not been
changed.
• The message digest is then encrypted with the signer’s private
encryption key.
• Finally, the signer’s identity is added to the file.
Digital signature
Important Points to Note about Encryption
❖ Encryption protects only what is encrypted. Data is exposed between
the user’s fingertips and the encryption process.
❖ Designing encryption algorithms is best left to professionals.
❖ Encryption is no more secure than its key management. If an attacker
can guess or deduce a weak encryption key, the game is over.
❖ Encryption is not a silver bullet. A flawed system design with
encryption is still a flawed system design.
Modes of Encryption
•Encryption can be employed in a network through two
general modes: link and end-to-end.
•The two modes perform different functions and have
different strengths and weaknesses.
•They can also be used together even if somewhat redundant.
Link Encryption
•Link encryption is an encryption between two hosts.
•Data is encrypted just before the system places it on the
physical communications link.
•Link encryption protects the message in transit between two
computers but the message is in plaintext inside the hosts.
•Link encryption is invisible to the user.
•Link encryption is especially appropriate when the
transmission line is the point of greatest vulnerability.
End-to-End Encryption
• End-to-end encryption is encryption between two applications.
• As the name suggests, it provides security from one end of a
transmission to the other.
• The message is transmitted in encrypted form through out the
network.