Data & Network Security

Chapter 3 – Cryptography
Outline
3.1 Introduction
3.2 Basic Cryptography Terminology covering:
3.2.1 Notions pertaining to the different (communication)
partners.
3.2.2 Attackers and their capabilities
3.2.3 Encryption
3.2.4 Decryption
3.2.5 Keys and their characteristics, signatures.
3.3 Cipher types (e.g., Caesar cipher, affine cipher)
3.4 Cryptographic Algorithms.
3.5 Cryptographic Tools and its challenges
Learning Outcome
At the end of this chapter the students able to
• Define the cryptography definition
• Explain the terminologist use in cryptography.
• Apply some cryptography techniques/ approaches.
• Understand the concept of Public Key Infrastructure .
• Understand the challenge of Public Key
Infrastructure.
Introduction – Cryptography
• Originate from Greek – “kryptos” (secret) and
“graphia” (writing).
• Cryptography defined as secret writing.
• In technical, cryptography is a mapping of readable
text to a format that cannot be read (unreadable).
• e.g. ‘ME’ to ‘NB’
• In the early days, cryptography used to be performed
by using manual techniques.
Introduction – Cryptography

• 5 Century SM, Sparta people used a method to encrypt message

using a paper made from ‘daun lontar’ attach to a wood.
• Then, information to be hid will be wrote on the ‘daun lontar’.
• When the paper opened from the wood, the words written will
be scattered and hard to understand.
• To get back the original message, the paper must be attached
back to the same wood.
• In this case – the paper and wood used are key to this system.
This encrypted method called Scytale.
Introduction – Cryptography

• In Julius Caesar (around 2000 years ago), he used substitution

cryptography system created by himself.
• In this method – each word in text are move 2 places afterwards in the ABC
character table.
• e.g. word A substitute with C, B with D and so on.
• This method called Caesar cipher.
• However, this method had been broken through analysis towards cipher
text. Arabian is the first race that did the analysis towards substitution
cipher code.
• Qalqashandi created technique to solve the code by collecting all the
cipher characters and counting the frequency usage of each character.
• Base on this table of frequency, cipher text could be decrypted to get back
the original text.
Simple Message Transmission
Sender Transmission Recipient

Outsider
(Block it , intercept , modify, fabricate )
(Intruder)

• Consider the steps involved in sending message from a sender,

to a recipient. If sender entrust the message to T
(transmission) ,who then delivers it to recipient, T becomes
the transmission medium. If an outsider want to access the
message ( to read, change or even destroy it), we call an
outsider the intruder.
Why Used Cryptography?
• Confidentiality – prevent from message being
disclosed to unauthorized users or parties.
Message is disclosed to authorized and to the
intended parties who have rights for that
message only.
• Integrity – ascertain that no modification to
the message being received. This is to ensure
that message didn’t modify when sending
from sender to receiver.
Cont…
• Authentication – permit message receiver to
verify original message being sent. This is to
make sure that message could be verified with
confident and prevent from disguising.
• Non-repudiation – sender cannot deny later
that he/she has sent the message.
Terminology
• Human languages takes the form of plain text or
clear text.
• Message in plain text can be understood by anybody
knowing the language.
• Notably, we use plain text during electronics
conversations.
• e.g. send an email to someone.
• Clear text or plain text signifies a message that can
be understood by the sender, the recipient and also
by anyone else who gets an access to that message
Cont…
• In normal life, we do not bother about the fact
that someone could be overhearing us.
• However, there are situations where we are
concerned about the secrecy of our
conversations.
• e.g. knowing bank account’s balance, secret
message from military officer, secret email,
children or primary school students hide their
conversation through code language.
Cont…
• Given P (plain text) wants to be transferred
through communication channel as a secret
message.
• First, the P must be converted to another
form. The conversion process is called
encryption.
• When this plain text message is codified using
suitable scheme, the resulting message is
called as cipher text (given C).
• Cipher means a code or a secret message.
Cont…
• Cryptography algorithm is a technique or rule to
encrypt that determined how easy or complex
encryption process is.
• Format transformation of the original text, P to a
form or cipher text format, C dependent to an
additional parameter, K called as key.
• Cipher text, C must undergo inverse process to get
back the plain text, P. This process could be done
using second key, K’.
• This inverse process is called decryption.
Cont…
• The learning about encryption and decryption
is called cryptography.
• The process to get the original text from
cipher text without key is called cryptanalysis.
• The discipline that combine the 2 divisions
(cryptography and cryptanalysis) is called
cryptology.Key = K Key = K’

Plain Text Cipher Text Original Text

P Sender C Recipient P
Encryption Decryption
Using Key in Cryptography

• The cryptosystem involves a set of rules for how to

encrypt the plaintext and how to decrypt the cipher text.
The encryption and decryption rules, called algorithms,
often use a device called a key, denoted by K.
 Symmetric Cryptosystem

P = D (K, E(K,P))
KEY

Original
Plaintext Ciphertext
Plaintext
Encryption Decryption

• The key that were used to encrypt and decrypt

are the same and mirror-image process.
Simplified Model of Symmetric Encryption
Asymmetric Cryptosystem

P = D (KD, E(KE,P))
Encryption Key 1 Encryption Key 2

Original
Plaintext Ciphertext
Plaintext
Encryption Decryption

• The process of converting decrypt message to

original text involves a series of steps and a
key that are different from the encrypt
process.
Cryptanalysis
• Recognize patterns in encrypted message, to
be able to break subsequent ones by applying
a straightforward decryption algorithm.
• Find weakness in the implementation or
environment of use of encryption.
• Find general weaknesses in an encryption
algorithm, without necessarily having
intercepted any messages.
Cipher types
• Cipher method can be divide into two types
– Bit stream
• Each bit in the plaintext is transformed into a cipher bit
one bit at a time.
– Block cipher
• The message is divide into blocks and each block of
plaintext bits is transformed into an encrypted block
cipher bits using an algorithm and a key.
• Example: 8, 16, 32, 64 bit blocks.
Classical Cryptography - Cipher
• In classic cryptography technique, there are 2
basic components; substitution and
transposition.
• Substitution cipher substitutes bit, character
or one block of character (e.g. one character
substitutes to another character: C substitutes
with F).
• Transposition cipher (or called permutation
cipher) arranges back or transposes bit or
character of original text.
 Classical Cryptography

• Example of substitution cipher are Easy

substitution, Homophonic substitution ,
Polyalphabetic substitution and Polygram
substitution .
• Example of transposition cipher are Columnar
transposition, Rail fence and Vernam cipher.
• Elements of substitution and transposition are
also used in modern cryptography algorithm.
Substitution Cipher
• There are 4 kinds of substitution cipher; Mono-
alphabetic, Homophonic, Poly-alphabetic and
Polygram.
• Caesar Cipher – proposed by Julius Caesar.
• Each alphabet in a message is replaced by an alphabet
3 places down the line.
• Very weak scheme of hiding plain text messages – to
break it, reverse Caesar Cipher process with the
alphabet that is 3 places up the line.
• e.g. A with X, B with Y, C with Z, D with A and so on.
Ceaser Cipher
Cipher L V W XG B F U B S W R
text
Plain text I S T UD Y C R Y P T O
• Good in theory but not so good in practice.
• How to make the cipher more difficult can complicated?
• Cipher text alphabets corresponding to the original plain
text alphabets may not necessarily be 3 places down the
order, instead, can be any places down the order.
Ceaser Cipher
• then have Caesar cipher as:
– c = E(k, p) = (p + k) mod (26)
– p = D(k, c) = (c – k) mod (26)
• only have 26 possible ciphers
• A maps to A,B,..Z
• a brute force search - given ciphertext, just try
all shifts of letters
• eg. break ciphertext “VHFXULWB"
Mono-Alphabetic Cipher
• The major weakness of Caesar Cipher is its
predictability.
• Rather than using a uniform scheme, use random
substitution. This means that in a given plain text
message, each A can be replaced by any other alphabet
(B through Z), each B can also be replaced by any other
random alphabet (A or C through Z) and so on.
• The crucial difference, there is no relation between the
replacement of B and replacement of A. That is, if
decided to replace A with D, not necessarily replace
each B with E – can replace B with other character.
Mono-Alphabetic Cipher
• now have a total of 26! = 4 x 1026 keys
• This is extremely hard to crack. It might
actually take years to try out these many
combinations even with the most modern
computers.
• There is only one hitch. The cryptanalyst can
try different attacks based on her knowledge
of the English language.
Language Redundancy and Cryptanalysis
• human languages are redundant
eg "th lrd s m shphrd shll nt wnt"
• letters are not equally commonly used
• other letters like Z,J,K,Q,X are fairly rare
• have tables of single, double & triple letter
frequencies for various languages
• in English E is by far the most common letter
– followed by T,R,N,I,O,A,S
English Letter Frequencies
Use in Cryptanalysis
• key concept – mono alphabetic substitution
ciphers do not change relative letter
frequencies
• discovered by Arabian scientists in 9th century
• calculate letter frequencies for ciphertext
• compare counts/plots against known values
• for mono-alphabetic must identify each letter
– tables of common double/triple letters help
Example Cryptanalysis
• given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• count relative letter frequencies (see text)
• guess ‘P & Z’ are ‘e’ and ‘t’
• guess ‘ZW’ is ‘th’ and hence ZWP is ‘the’
• proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
Homophonic Substitution Cipher
• Very similar to Mono-alphabetic Cipher.
• The difference between the 2 techniques is that
replacement alphabet set in simple substitution technique
is fixed (A with D..) whereas in the case of Homophonic, one
plain text alphabet can map to more than one cipher text
alphabet.
• e.g. A can be replaced by D, H, P, R; B can be replaced by E,
I, Q, S….
• Difficult to analyze compare with mono-alphabetic because
the frequency didn’t show the real usage of each alphabet.
Polygram Substitution Cipher
• Rather replacing one plain text alphabet with
one cipher text alphabet at a time, a block of
alphabets is replaced with another block.
• It is done by dividing plain text to a group of
alphabet. This group can be 2 alphabets or
more than that.
• Playfair Cipher and Hill Cipher are examples of
cipher that used Polygram Substitution Cipher.
Playfair Cipher
• not even the large number of keys in a mono-
alphabetic cipher provides security
• one approach to improving security was to encrypt
multiple letters
• the Playfair Cipher is an example
• invented by Charles Wheatstone in 1854, but named
after his friend Baron Playfair
Playfair Cipher
• Playfair cipher algorithm based on 5 x 5 matrix and one key.
This matrix created using the key. There are 5 rules to obey.
• e.g. given a key = LEDANG and plain text =
DATANETWORKSECURITY, what is the cipher text?

L E D A N
G B C F H
I/J K M O P
Q R S T U
V W X Y Z
Playfair Cipher
• plaintext is encrypted two letters at a time
• Below are set of rules of Playfair Cipher:
– divide plain text to a group of 2 alphabets each. DA, TA, NE, TW, OR,
KS, EC, UR, IT, Y. If a group is lack of one alphabet, fill it with X. Y
become YX.
– if a pair is a repeated letter, insert filler like 'X’
– if both letters fall in the same row, replace each with letter to right
(wrapping back to start from end)
– if both letters fall in the same column, replace each with the letter
below it (wrapping to top from bottom)
– otherwise each letter is replaced by the letter in the same row and in
the column of the other letter of the pair
Playfair Cipher

• DA, TA, NE, TW, OR, KS, EC, UR, IT, YX.

• DA – AN, TA – YF, NE – LD, TW – RY, OR – KT, KS – MR, EC – DB,

UR – QS, IT – OQ, YX – ZY
• Cipher Text = ANYFLDRYKTMRDBQSOQZY
Poly-Alphabetic Substitution Cipher
• Leon Battista invented the Polyalphabetic Cipher in
1568. This cipher has been broken many times, and
yet it has been used extensively. The Vigenere Cipher
and Beaufort Cipher are the examples of it.
• The cipher uses multiple one-character keys. Each of
the keys encrypts one plain text character.
Poly-Alphabetic Substitution Cipher
• The first key encrypts the first plain text character,
the second key encrypts the second plain text
character and so on.
• After all the keys are used, they are recycled. Thus, if
we have 30 one-letter keys, every 30th character in
the plain text would be replaced with the same key.
Vigenere Cipher
• Created by Blaise de Vigenere in 16 century. In this
cipher scheme, one rule set of Mono-alphabetic
substitution that is build from 26 Caesar Cipher with
a value started from 0 to 25 used with one value of
key.
• Base on this key, value for each cipher character is
determined.
• e.g. DATANETWORKSECURITY with LEDANG as key
value.
Vigenere Cipher
Vigenere Cipher
• P: D A T A N E T W O R K S E C U R I T Y
• K: L E D A N G L E D A N G L E D A N G L
• C: OE W A A K E A R R X Y P G X R V Z J

• First character in plain text, D is moved 11 steps (L key) and

so on.
• From this encryption scheme, it is found that alphabet ‘T’ is
encrypted to several alphabet such as ‘W’, ‘E’ and ‘Z’. So,
the peak in the frequency alphabet table could be reduced.
Vernam Cipher
• Created by Gilbert Vernam, AT&T engineer in
1918.
• This invention is a starts to modern
cryptography.
• It can be called as a strong cipher that is
immune to attack because of the key
characteristics.
• The characteristics are:
– The key must be one random value and
– The key length as long as the plain text
Vernam Cipher
E.g.:
T :V E R N A M S I F E R
Char Value : 21 4 17 13 0 12 18 8 5 4 17
Random K : 76 48 16 82 44 3 58 11 60 5 48
Add T + K : 97 52 33 95 44 15 76 19 65 9 65
C : T A H R S P Y T N J N
 One-Time Pads (OTP) Cipher

• OTP Cipher is a new version from Vernam Cipher. Also

from Gilbert Vernam in 1917.
• OTP is a strongest cryptography system in term of
security and cannot be broken using the latest
technology.
• This cipher is said as a perfect encryption scheme. It is
perfect because the cipher text production is a
random value that is not show any corresponding with
the plain text statistically.
One-Time Pads (OTP) Cipher
• OTP characteristics:
– Key that is randomly perfect
– Key that is no repetition and no meaning
– Key that is used one-time only for encryption and decryption
towards one plain text
• In theory, this cipher cannot be broken but till now, no hard
mathematical proof to explain the integrity of this system.
• However, this cipher cannot be practiced because of key
requirement.
• It is hard to generate a key that is random perfectly and in big size.
Transposition Cipher
• Transposition techniques differ from substitution
techniques in the way that they do not simply replace
one alphabet with another.
• They also perform some permutation over the plain text
alphabets.
• these hide the message by rearranging the letter order
• without altering the actual letters used
• can recognise these since have the same frequency
distribution as the original text
Transposition Cipher
• Usually, the mapping done with geometric diagram
or matrix.
• The transposition encryption done by 2 steps:
– Plain text is arranges in the desired form. This
process referred to writing process
– Reading process. Is a method to transform plain
text that has gone through writing process to
produce cipher text
Plain text Form Cipher text
Writing process Reading process
Rail Fence Technique

• The Rail Fence is an example of transposition. It uses

a simple geometric form as below:
• Encryption : write message letters out diagonally
over a number of rows
• then read off cipher row by row
• eg. Encrypt msg “defend the east wall” with key is 2

d f n t e a t a l
e e d h e s w l
decryption: dfnteataleedheswl
Rail Fence Technique
• encryption process for the Rail Fence Cipher involves
reconstructing the diagonal grid used to encrypt the message.
• write the message, but leaving a dash in place of the spaces yet
to be occupied.
• Then, replace all the dashes with the corresponding letters, and
read off the plaintext from the table.
• eg. Decrypt msg “dfnteataleedheswl” with key is 2
d f n t e a t a l
- - - - - - - -

d f n t e a t a l
e e d h e s w l

Clear text: defend the east wall

Rail Fence Technique
• Quiz: write the following sentence using Rail fence
technique (the key here is 3)

– “ defend the east wall of the castle”

Symmetric Encryption
• the universal technique for providing confidentiality
for transmitted or stored data

• also referred to as conventional encryption or single-

key encryption

• two requirements for secure use:

– need a strong encryption algorithm
– sender and receiver must have obtained copies
of the secret key in a secure fashion and must
keep the key secure
Figure 2.1 Simplified Model of Symmetric Encryption
Attacking Symmetric Encryption
Cryptanalytic Attacks Brute-Force Attack
– rely on:
• try all possible keys on
• nature of the algorithm
• some knowledge of the general some ciphertext until an
characteristics of the plaintext
• some sample plaintext-ciphertext
intelligible translation into
pairs plaintext is obtained
– exploits the characteristics of the
– on average half of all possible
algorithm to attempt to deduce a
specific plaintext or the key being used keys must be tried to achieve
• if successful all future and past success
messages encrypted with that key are
compromised
Table 2.1

Average Time Required for Exhaustive Key Search

Table 2.2

Comparison of Three Popular Symmetric

Encryption Algorithms
 Asymmetric Encryption
• Also called as Public Key Cryptography, 2
different keys (which form a key pair) are
used.
• One key is used for encryption and only the
other corresponding key must be used for
decryption.
• No other key can decrypt the message – not
even the original (the first) key used for
encryption!
• The beauty of this scheme is that every
Public-Key Encryption Structure

asymmetric
• uses two
publicly separate keys some form of
proposed by based on • public key and protocol is
Diffie and mathematical private key needed for
Hellman in functions • public key is distribution
1976 made public for
others to use
Asymmetric Encryption
• One of the 2 keys is called as public key and the
other is the private key.
• The private key remains with you as a secret.
• The private key must not disclose to anybody
• However, the public key is for the general public.
• It is disclosed to all parties that you want to
communicate with.
• In this scheme, in fact, each party publishes its
public key.
Asymmetric Encryption
• Suppose A wants to send a message to B
without having to worry about its security.
• Then, A and B should each have a private key
and a public key.
– A should keep her private key secret
– B should keep her private key secret
– A should inform B about her public key
– B should inform A about her public key
• Thus, we have a matrix as shown next.
 Asymmetric Encryption
Key details A should know B should know

A’s private key Yes No

A’s public key Yes Yes

B’s private key No Yes

B’s public key Yes Yes

• Asymmetric key cryptography works as follows:

– when A wants to send a message to B, A encrypts the message
using B’s public key. This is possible because A knows B’s public key.
– A sends this message (which was encrypted with B’ public key) to
B.
– B decrypts A’s message using B’s private key.
Asymmetric Encryption
– Note that only B knows about her private key.
– Also note that the message can be decrypted only by
B’s private key and nothing else!
– Thus, no one else can make any sense out of the
message even if one can manage to intercept the
message.
– This is because the intruder (ideally) does not know
about B’s private key. It is only B’s private key that can
decrypt the message.
– Similarly, when B wants to send a message to A, exactly
reverse steps take place.
 Sender Receiver
(A) (B)
Encrypt Decrypt
with B’s with B’s
public private key
key

Network
Plain Plain Plain Plain
text text text text

A encrypts the message using B’s public key. Therefore only B can
decrypt the message back to its original form, using her private
key.
Real Life Implementation
• We can consider a practical situation that describes
asymmetric cryptography as used in real life.
• Suppose a bank accepts many requests for transaction
from its customers over an insecure network.
• The bank can have a private key-public key pair. The
bank can publish its public key to all its customers.
• The customers can use this public key of the bank for
encrypting messages before they send them to the
bank. The bank can decrypt all these encrypted
messages with its private key, remains with itself.
Applications for Public-Key Cryptosystems
Requirements for Public-Key Cryptosystems
computationally easy to
create key pairs

computationally easy
useful if either key can for sender knowing
be used for each role public key to encrypt
messages

computationally
computationally easy
infeasible for
for receiver knowing
opponent to
private key to decrypt
otherwise recover
ciphertext
original message

computationally
infeasible for opponent
to determine private
key from public key
Asymmetric Encryption Algorithms
RSA (Rivest, most widely accepted and
block cipher in which the

Shamir, developed in 1977 implemented approach to

public-key encryption
plaintext and ciphertext are
integers between 0 and n-1
for some n.
Adleman)

Diffie-Hellman enables two users to

securely reach agreement

key exchange about a shared secret that

can be used as a secret key
limited to the exchange of
the keys
for subsequent symmetric
algorithm encryption of messages

Digital provides only a digital

Signature signature function with SHA-
1
cannot be used for
encryption or key exchange

Standard (DSS)

Elliptic curve
cryptography security like RSA, but with
much smaller keys

(ECC)
Key Exchange/Distribution
• How nice to combine two cryptography mechanisms? Problems
before?
• Combination must meet following obj:
– Solution completely secure
– Encryption & decryption -> not take a long time
– Generated cipher text -> compact in size
– Solution scale to a large number of users
– Key distribution problem must be solved
• In practice, symmetric & asymmetric are combined -> very
efficient security solution
Key Exchange/Distribution
• Suppose you need to send a protected message to
someone you do not know and who does not know
you
• Eg. Online income tax return
• You want the information to be protected
• And you do not necessarily know the person who is
receiving the information
• Situation : being able to exchange encryption key 
nobody can intercept it
Rivest, Shamir, Adleman (RSA) Key
• first public-key cryptosystems and is widely used for
secure data transmission
• the encryption key is public and it is different from
the decryption key which is kept secret (private)
• based on the practical difficulty of the factorization of
the product of two large prime numbers, the
"factoring problem“
• Ron Rivest, Adi Shamir, and Leonard Adleman, who
first publicly described the algorithm in 1978
Rivest, Shamir, Adleman (RSA) Key - Process

• Choose 2 prime numbers.

• Compute n
Key • Calculate totient
Generation
• Choose public key e ;1<e<totient
• Determine private key d

Key • Sender send the public key (e, n) to

Distribution receiver
𝑒
Encryption 𝑀𝑒𝑠𝑠𝑎𝑔𝑒 ( 𝑀𝑜𝑑 𝑛)
𝑑
Decryption 𝑀𝑒𝑠𝑠𝑎𝑔𝑒 ( 𝑀𝑜𝑑 𝑛)
RSA Key - Example
Salmi want send a secrete message to his colleague, Aiza. Aiza
need to send a pair public key to Salmi so that Salmi can use her
public keys to encrypted the message. Then, Aiza can decrypted
the message by using her pair of private key. Assume that Aiza
use two Prime numbers for p=7 and q=17. show the steps
involve until Aiza can open the message
Compute n=p*q
n=7*17 = 119
Aiza still not know the e value that can be use.
calculate totient = (p-1)(q-1) = (6)(16)=96
Thus e = 1<e<96 ; e coprime of totient
let say Aiza select e= 5
RSA Key - Example
Aiza send her public key (e,n) to Salmi
Aiza Public key (5, 119)
Salmi used Aiza’s Public key (5, 119) to decrypt message
below:
REDANG.
Convert the message into value (asci key)
82 69 68 65 78 71
P=82

= = 80
RSA Key - Example
After all message has been encrypted, Salim get
following message that will be send to Aiza.

Message: 80 69 17 46 57 22
P E DC1 . 9 SYN

When received the message, Aiza need to decrypted

this message. Aiza need to have private key, d.

d * e Mod totient (n)=1

RSA Key - Example
• To generate Private key 1st Aiza need to Calculate
totient = (p-1)(q-1) = 96
• Using Mathematic
d * e Mod totient (n)=1 +> d*13 Mod 96
• Euclidean Algorithm:
Let say 96y+5x=1,
Thus we need to use Substitution (Factorial)
96 = 19(5)+1 =96-19(5)
d = 96-19 = 77
Thus to decrypted

119 = 82
119 = 69
119 = 68
119 = 65
119 = 78
119 = 71
Exercise
• Let say Tat Tun want to send a message to Nira. The
message is “petaling”. Use RSA, show your steps.
Given 2 prime numbers p= 11 and q = 13.
Diffie-Hellman Key
• Whitefield Diffie and Martin Hellman
– devised an amazing solution to the problem
– called Diffie-Hellman Key Exchange/Agreement
Algorithm.
• The beauty of this scheme – two parties who want
to communicate securely can agree on a
symmetric key using this technique.
• However, must be noted DHKE/AA can be used
only for key agreement but not for encryption or
decryption of messages.
 Description and Mathematical Theory of the Algorithm

• Alice and Bob want to agree upon a key to be used for encrypting /
decrypting messages that be exchanged between them.
• 1. Firstly, Alice and Bob agree on one prime number, n and one
root number, g. These 2 integers need not be kept secret. Alice
and Bob can use an insecure channel to agree on them.
Let n = 11, g = 7.
 Diffie-Hellman Algorithm

Let n = 11, g = 7.

2. Alice chooses a private large random number

x, and calculates A: A=
Let x = 3. Then we have, A = 7 mod 11 = 343 mod 11 = 2.
3

3. Alice sends the number A (public) to Bob.

Alice sends 2 to Bob.

4. Bob independently chooses another private

large random number y and calculates B such
that: B=
Let y = 6. Then we have, B = 7 mod 11 = 117649 mod 11 = 4.
6
 Diffie-Hellman Algorithm

• 5. Bob sends the number B (public) to Alice

Bob sends 4 to Alice.

• 6. Alice now computes the secret key K1 as

follows: K1 =
We have, K1 = 43 mod 11 = 64 mod 11 = 9.

• 7. Bob now computes the secret key K2 as

follows: K2 =
We have, K2 = 26 mod 11 = 64 mod 11 = 9.

• Therefore in this case we have: K1 = K2 = K.

 Alice Bob
Using Diffie-Hellman
Shared Secret Calc Shared Secret Calc

1 23, 5 1 23, 5
3
2 6 56mod 23 = 8 8

1. Alice and Bob agree to use the same two numbers. For example, the base
number g=5 and prime number p=23
2. Alice now chooses a secret number x=6.
3. Alice performs the DH algorithm: gx modulo p = (56 modulo 23) = 8 (Y) and
sends the new number 8 (Y) to Bob.
Using Diffie-Hellman
Alice Bob
Shared Secret Calc Shared Secret Calc

5, 23 5, 23
6 56mod 23 = 8 8 15 4

19 515mod 23 = 19

5 196mod 23 = 2 6 815mod 23 = 2

4. Meanwhile Bob has also chosen a secret number x=15, performed the DH
algorithm: gx modulo p = (515 modulo 23) = 19 (Y) and sent the new number
19 (Y) to Alice.
The result ((22)) isis the
The result the same
same for
for
5. Alice now computes Yx modulo p = (196 modulo 23) = 2. both Alice and Bob.
both Alice and Bob.
This
This number
number can can now now be
be used
used
6. Bob now computes Yx modulo p = (86 modulo 23) = 2.
as
as aa shared
shared secret
secret key
key by
by the
the
encryption
encryption algorithm.
algorithm.
 Diffie-Hellman Algorithm
• An obvious question now is, if Alice and Bob can both
calculate K independently, so can an attacker! What
prevent this?
• The fact is, Alice and Bob exchange n, g, A and B
(public). Based on these values, x (Alice private key)
and y (Bob private key) cannot be calculated easily.
• Rouge X knows : n, g, A and B
• Try calculate = A(pubA)y(privB) mod n = 2y mod 11
= B(pubB)x(privA) mod n = 4x mod 11
• y (Bob private key) = 6 , x (Alice private key) = 3
Diffie-Hellman Algorithm

• Mathematically, the calculations do find out x and y

are extremely complicated, if they are sufficiently
large numbers.
• Consequently, an attacker cannot calculate x and y,
and therefore cannot derive K.
Data Encryption Standard
(DES)

the most widely used encryption scheme

• FIPS PUB 46
• referred to as the Data Encryption Algorithm
(DEA)
• uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block

strength concerns:
• concerns about algorithm
• DES is the most studied encryption algorithm in
existence
• use of 56-bit key
• Electronic Frontier Foundation (EFF) announced in July
1998 that it had broken a DES encryption
 Triple DES (3DES)
 repeats basic DES algorithm three times using either two
or three unique keys
 first standardized for use in financial applications in ANSI
standard X9.17 in 1985
 attractions:
168-bit key length overcomes the vulnerability to
brute-force attack of DES
underlying encryption algorithm is the same as in DES
 drawbacks:
algorithm is sluggish in software
uses a 64-bit block size
Advanced Encryption Standard (AES)

needed a NIST called for selected

replacement for proposals for a Rijndael in
3DES new AES in 1997 November 2001
should have a security
strength equal to or better
than 3DES

significantly improved
3DES was not efficiency
published as FIPS
reasonable for long
197
term use
symmetric block cipher

128 bit data and

128/192/256 bit keys
 Practical Security Issues

 typically symmetric encryption is applied to a unit of data

larger than a single 64-bit or 128-bit block
 electronic codebook (ECB) mode is the simplest approach
to multiple-block encryption
each block of plaintext is encrypted using the same key
cryptanalysts may be able to exploit regularities in the
plaintext
 modes of operation
alternative techniques developed to increase the security of
symmetric block encryption for large sequences
overcomes the weaknesses of ECB
Block & Stream Ciphers
Block Cipher

• processes the input one block of elements at a time

• produces an output block for each input block
• can reuse keys
• more common

Stream Cipher
• processes the input elements continuously
• produces output one element at a time
• primary advantage is that they are almost always faster and use far less
code
• encrypts plaintext one byte at a time
• pseudorandom stream is one that is unpredictable without knowledge
of the input key
Block Cipher
Encryption

Stream
Encryption
Block Cipher Modes
Electronic Codebook (ECB) Cipher block chaining (CBC)
Message of Five 64-Bit Blocks Message of Five 64-Bit Blocks
Initialization
Vector
DES

DES
DES

DES

DES

DES

DES

DES

DES

DES
Message Authentication

protects against
active attacks

verifies received • contents have not been altered

message is • from authentic source
• timely and in correct sequence
authentic
can use
• only sender & receiver share a
conventional key
encryption
Message Authentication Codes
Secure Hash
Functions
 Figure 2.6

Message
Authentication
Using a
One-Way
Hash Function
Security of Hash Functions
• there are two approaches to attacking a secure hash function:
– cryptanalysis
– exploit logical weaknesses in the algorithm
– brute-force attack
– strength of hash function depends solely on the length of the hash code
produced by the algorithm
• SHA, MD5 and MD4 most widely used hash algorithm
• additional secure hash function applications:
– passwords
» hash of a password is stored by an operating system
– intrusion detection
» store H(F) for each file on a system and secure the hash values
Digital Signatures
• used for authenticating both source and data
integrity
• created by encrypting hash code with private key
• does not provide confidentiality
• even in the case of complete encryption
• message is safe from alteration but not eavesdropping
Digital Envelopes

 protects a
message without
needing to first
arrange for sender
and receiver to
have the same
secret key

***equates to the same

thing as a sealed
envelope containing
an unsigned letter
 Public Key (Encrypt) + Private Key
(Decrypt) = Confidentiality
Computer A acquires
Computer B’s public key
Can I get your Public Key please? Bob’s Public
1 Key
Here is my Public Key.

Computer A transmits Bob’s Private

Bob’s Public 4
Key The encrypted message Key

to Computer B Encrypted Computer

Computer Text
B
A
Encryption Encryption
Algorithm
2 Algorithm

Encrypted 3 Computer B uses

Text its private key to
decrypt and reveal
Computer A uses Computer B’s
the message
public key to encrypt a message
using an agreed-upon algorithm
 Private Key (Encrypt) + Public Key
(Decrypt) = Authentication
Bob uses the public key to
Alice encrypts a message successfully decrypt the message
with her private key and authenticate that the message
did, indeed, come from Alice.
1 Alice’s Private Encrypted
Key
Text

Encryption
Algorithm Alice transmits the 4
Alice’s Public
Key

encrypted message Encrypted

2 to Bob Text

Encrypted
Computer Text
3 Computer
Encryption
Algorithm
A B
Alice’s Public Can I get your Public Key please?
Key
Here is my Public Key

Bob needs to verify that the message

actually came from Alice. He requests
and acquires Alice’s public key
 The Digital Signature Process
The sending device creates
a hash of the document
The receiving device Validity of the digital
accepts the document signature is verified
Data
Confirm with digital signature
and obtains the public key Signature Verified
Order
0a77b3440…
1
hash Signed Data 6

Signature Confirm
Order 4
Key
____________
Encrypted 0a77b3440…
hash Signature Signature is
2
Algorithm verified with the
The sending device 3 verification
encrypts only the hash key
0a77b3440…
with the private key
of the signer 5
The signature algorithm Verification
generates a digital signature Key
and obtains the public key
13-3 SERVICES

We discussed several security services in Chapter 1

including message confidentiality, message
authentication, message integrity, and nonrepudiation.
A digital signature can directly provide the last three;
for message confidentiality we still need
encryption/decryption.
Topics discussed in this section:
13.3.1 Message Authentication
13.3.2 Message Integrity
13.3.3 Nonrepudiation
13.3.4 Confidentiality
13.104
 13.3.1 Message Authentication

A secure digital signature scheme, like a secure

conventional signature can provide message
authentication.

Note

A digital signature provides message authentication.

13.105
 13.3.2 Message Integrity
The integrity of the message is preserved even if we sign
the whole message because we cannot get the same
signature if the message is changed.

Note

A digital signature provides message integrity.

13.106
13.3.3 Nonrepudiation
Figure 13.4 Using a trusted center for nonrepudiation

Note

Nonrepudiation can be provided using a trusted

party (Digital Certification) 13.107
13.3.4 Confidentiality
Figure 13.5 Adding confidentiality to a digital signature scheme

Note

A digital signature does not provide privacy.

If there is a need for privacy, another layer of
encryption/decryption must be applied.
13.108
Random Numbers
– keys for public-key
algorithms
– stream key for symmetric
stream cipher
– symmetric key for use as a
temporary session key or in
creating a digital envelope
– handshaking to prevent
Uses include replay attacks
generation of:– session key
Practical Application:
Encryption of Stored Data

common to encrypt transmitted data

much less common for stored data

there is often little protection
beyond domain authentication
and operating system access

approaches to encrypt stored

controls

data are archived for indefinite

periods
data:
use a commercially available library based tape background laptop/PC data
back-end appliance
encryption package encryption encryption
even though erased, until disk
sectors are reused data are
recoverable
 Summary
• symmetric encryption • digital signatures
– conventional or single-key only type used
prior to public-key
– hash code is encrypted with
– five parts: plaintext, encryption algorithm, private key
secret key, ciphertext, and decryption
algorithm
• digital envelopes
– two attacks: cryptanalysis and brute force – protects a message without
– most commonly used algorithms are needing to first arrange for
block ciphers (DES, triple DES, AES) sender and receiver to have
• hash functions the same secret key
– message authentication
– creation of digital signatures • random numbers
• public-key encryption – requirements: randomness
– based on mathematical functions and unpredictability
– asymmetric – validation: uniform
– six ingredients: plaintext, encryption
distribution, independence
algorithm, public and private key,
ciphertext, and decryption algorithm – pseudorandom numbers
References