ADCS Chapter 2: Cryptography Technique "You can have everything in life you want if you'll just help enough other people to get what they want!" -- Zig Ziglar Prepared by: SITI ZAINAH ADNAN If you do have any feedback or comment, please feel free to email me at [email protected] Your cooperation is very much appreciated ! CS262/0898/V1 Chapter 2 - 1 ADCS Chapter 2: Cryptography Technique TOPICS • Introduction – – – – – – – Terminology & Basic Encryption Methods Secret Code Monoalphabetic Ciphers Cryptanalysis of a Monoalphabetic Cipher Polyalphabetic Substitution Cipher Transpositions Stream and Block Ciphers CS262/0898/V1 Chapter 2 - 2 ADCS References • Book (available at the Informatics library) – CHAPTER 2, 3 and 4: Security In Computing, Charles P.Pfleeger, Prentice Hall International • Notes (available at IVC) CS262/0898/V1 Chapter 2 - 3 ADCS Encryption • Transforms data so that it is unintelligible to the outside observer • To maintain secure data in an insecure environment CS262/0898/V1 Chapter 2 - 4 ADCS Encryption encryption plain text input CS262/0898/V1 decryption Transmitted plain text ciphertext output Chapter 2 - 5 ADCS Encryption With One Key Symmetric encryption (Single-key encryption OR Private Key encryption) Secret key shared by sender and recipient encryption plain text input CS262/0898/V1 decryption Transmitted plain text ciphertext output Chapter 2 - 6 ADCS Encryption with Two Keys Asymmetric encryption (Two-key encryption OR Public-Key encryption) Encryption key Decryption key encryption plain text input CS262/0898/V1 decryption Transmitted plain text ciphertext output Chapter 2 - 7 ADCS Terminology • Encryption – A process of encoding a message so that its meaning is not obvious. Also known as encode/encipher • Decryption – Is the reverse process of encryption.Also known as decode/decipher • Cryptosystem – A system for encryption and decryption. • Plaintext – The original form of a message. CS262/0898/V1 Chapter 2 - 8 ADCS Terminology • Ciphertext – The encrypted form of an original message. • Secret Code – Use of simple secret code to represent the original message. – Example, apple means go ahead. CS262/0898/V1 Chapter 2 - 9 ADCS Terminology • Cryptography –The science of using mathematics to encrypt and decrypt data –Enables user to store sensitive information or transmit it across insecure networks so that it cannot be read by anyone except the intended recipient • Cryptanalysis –The science of analyzing and breaking secure communication –Done by cryptanalyst (attackers) • Cryptology –The research into and study of encryption and decryption; include cryptography and cryptanalyst CS262/0898/V1 Chapter 2 - 10 ADCS Terminology • Key – A value that is used together with the plaintext as input into encryption algorithms to produce ciphertext – Allows different encryption of a plaintext – Provide additional security – If the encryption algorithm is revealed, future message can still be kept secret because the interceptor will not know the key value – Basically really big numbers, measured in bits e.g. 1024 bit key CS262/0898/V1 Chapter 2 - 11 ADCS X’ Cryptanalyst X Message Encryption Source Algorithms Y Decryption K’ X Destination Algorithms K Key Secure channel Source Cryptosystem model CS262/0898/V1 Chapter 2 - 12 ADCS • An opponent, observing Y but not having access to K or X, may attempt to recover X or K or both X and K - assume that opponent knows the encryption E and decryption D algorithms • To recover X and K, plaintext estimate X’ and estimate K’ are recovered CS262/0898/V1 Chapter 2 - 13 ADCS • Input are ; message X and the encryption key K, the encryption algorithm forms the chipertext as: Y + [Y1, Y2....Yn] OR Y= Ek (X) Y is produced by encryption algorithm E as a function of plaintext X, which determined by key K value • The intended receiver, in possession of the key, is able to invert the transformation: X = Dk (Y) CS262/0898/V1 Chapter 2 - 14 ADCS Encryption algorithms • Two basic methods: – Substitution • Monoalphabetic ciphers • Polyalphabetic ciphers – Transposition (permutation) CS262/0898/V1 Chapter 2 - 15 ADCS Monoalphabetic Ciphers • Each letter is translated or substituted by a fixed letter after it in the alphabet. • E.g. Caesar Cipher uses a shift 3. • The plaintext letter pi is encipher as ciphered letter ci by the rule. ci = E(pi) = pi + 3 • A translation chart of the Caesar cipher is as shown below. Plain text Cipher text ABCD E FG H IJKLMNOPQRSTUVWXYZ defg h ij k lmnopqrstuvwxyzabc E.g. Happy New Year CS262/0898/V1 would be kdssb qhz bhdu Chapter 2 - 16 ADCS Monoalphabetic Cipher Cryptanalysis • Some letters are used more often than others. • Example of the clues: – The letter E, T and A occur more than J, Q and Z – The break between the two words, the SS can be translated to VV • Therefore cryptanalysis uses such occurrence patterns to decipher the cipher text easily • Count do help to narrow the possibilities • The frequent occurring letters in the ciphertext are likely to be among the more frequently occurring letters in English CS262/0898/V1 Chapter 2 - 17 ADCS Monoalphabetic Cipher Cryptanalysis 20 15 10 5 0 A C E G I K M O Q S U W Y SP CS262/0898/V1 Chapter 2 - 18 ADCS Polyalphabetic Cipher • The weakness of monoalphabetic cipher is that their frequency distribution reflects the distribution of the underlaying alphabet. • A cipher that is more cryptographically secure would display flat distribution. • One way to flatten the distribution is to combine distribution that are high with that are low. • Uses multiple mappings between plaintext and ciphertext and it is not just a single mapping CS262/0898/V1 Chapter 2 - 19 ADCS Polyalphabetic Cipher • Example of mapping: Odd position mapping – ABCDEFGHIJKLMNOPQR S T UVWXYZ….. – Adgjmpsvybehknqtwz c f ilorux Even position mapping – ABCDEFGHIJKLMN O PQR S TUVWXYZ….. – Nsxchmrwbglqva f kpu z ejotydi • Example of text: TREAT YIMPO SSIBL E fumnf dyvtf czysh h CS262/0898/V1 Chapter 2 - 20 ADCS Polyalphabetic Cipher • As compared with monoalphabetic cipher • E.g. encryption using Odd position mapping TREATY IMPOSSIBLE fzmafu yktq cc ydhm CS262/0898/V1 Chapter 2 - 21 ADCS Transposition • Rearrange the order of bits, characters or blocks of characters that are being encrypted or decrypted. • The original letters of the plaintext are preserved; only their positions change. • E.g. Columnar Transposition – The rearrangement of the characters of the plaintext into columns – The resulting ciphertext is formed by traversing the columns CS262/0898/V1 Chapter 2 - 22 ADCS Columnar Transposition c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c 1 1 c 1 2 e tc . CS262/0898/V1 T A G O C A S I R H M E W O R P O K I E T H L T O N S S S O O U R S S I S S W M A I W Chapter 2 - 23 S A H A N N T O ADCS Columnar Transposition • The plaintext is : THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION IS WORKING • The ciphertext is : TAGO CASIR HMEW ORPOK IETH LTONS SSOO URSS ISSW MAIW SAHA NNTO CS262/0898/V1 Chapter 2 - 24 ADCS Stream Ciphers Key (optional) ISSOPMI Plaintext wdhuw cihertext Encryption • It converts one symbol of plaintext immediately into a symbol of ciphertext • The transformation depends only on the symbol, the key, and control information of the encipherment algorithm • E.g. substitution encryption CS262/0898/V1 Chapter 2 - 25 ADCS Stream Ciphers - Advantages • Speed of transformation – Each symbol is encrypted without regard for any other plaintext symbols, each symbol can be encrypted as soon as it is read • Low error propagation – Each symbol is separately encoded, an error in the encryption process affects only that character CS262/0898/V1 Chapter 2 - 26 ADCS Stream Ciphers - Disadvantages • Low diffusion – Each symbol is separately enciphered • Susceptible to malicious insertions and modifications – Since, each symbol is separately enciphered, an active interceptor who has broken the code can splice together pieces of previous messages and transmit a spurious message that may look authentic CS262/0898/V1 Chapter 2 - 27 ADCS Block Ciphers OI TP YR Key (optional) Encryption ba qc kd em • It encrypts a group of plaintext symbols as one block , e.g. 64 bits or more • It works on blocks of plaintext and produce blocks of ciphertext • E.g. transposition encryption CS262/0898/V1 Chapter 2 - 28 ADCS Block Ciphers - Advantages • Diffusion – Information from plaintext is diffused into several ciphertext symbols – One ciphertext block may be depend on several plaintext letters • Immunity of insertions – Since blocks of symbols are enciphered, it is impossible to insert a single symbol into one block – The length of the block would then be incorrect, and decipherment would reveal the insertion CS262/0898/V1 Chapter 2 - 29 ADCS Block Ciphers - Disadvantages • Slowness of encryption – Block ciphers must wait until an entire block of plaintext symbols has been received before sorting the encryption process • Error propagation – An error will affect the transformation of all other characters in the same block CS262/0898/V1 Chapter 2 - 30 ADCS Key Management Protocols Attack to Remote communications: – When two remote systems transfer messages along communication medium, several potential attack scenarios arise. There are three main types of attacks: • Disclosure to an unauthorised listener. • Receipt of a message from a masquerading sender. • Corruption or blocking of sent messages. CS262/0898/V1 Chapter 2 - 31 ADCS Key Management Protocols a. Disclosure to an unauthorised listener: – Involves a malicious entity or an intruder gaining access to the message by simply observing and interpreting the data travelling along the communication medium. b. Receipt of a message from a masquerading sender: – This attack involves an unauthorised masquerading entity claiming to be some authorised entity. – The result is that a bad message might be sent from an intruder. CS262/0898/V1 Chapter 2 - 32 ADCS Key Management Protocols c. Corruption or blocking of sent messages: – Refers to messages sent by a sender being corrupted or blocked by an unauthorised intruder. – Intruders corrupt the “good message” and replace it with a “bad message”. CS262/0898/V1 Chapter 2 - 33 ADCS Key Management Protocols • Encryption systems provide an important tool in computer security, it gives a user the ability to transmit information in a concealed form. • It is very useful to transmit documents and data over a channel that may be intercepted. • Protocol is established to orderly sequence the steps of the encryption by two or more parties in their communication • Three type of encryption protocols: – Private key protocol – Public key protocol – Arbitrated protocol CS262/0898/V1 Chapter 2 - 34 ADCS Private Key Protocol • A protocol that may be used between communicating entities to authenticate systems and hide messages. • Assumed that communicating entities have access to encryption routines M that encrypts and decrypts using some key K. • Both sender and receiver knows K. Sender Receiver message [M]k encrypt CS262/0898/V1 [[M]k]k message decrypt Chapter 2 - 35 ADCS Encryption With Private Key CS262/0898/V1 Chapter 2 - 36 ADCS Private Key Protocol - Advantages • Fast • Useful for encrypting data for a short distance CS262/0898/V1 Chapter 2 - 37 ADCS Private Key Protocol - Disadvantages • If the key is revealed (stolen etc.), the interceptors can decrypt all the information in both direction. • Distribution of keys becomes a problem, as keys must be transmitted with utmost security. • The number of keys increases with the square of the number of users exchanging secret information. CS262/0898/V1 Chapter 2 - 38 ADCS Public Key Protocol • Deviced by Whitfield Diffie and Martin Hellman in 1996. • This scheme overcomes the exchange of private key problem. • Makes use of two encryption keys, public key and private key. • Allows remote entities to advertise part of the encryption key, that is public key. • Requires both public key and private key to encrypt and decrypt a message. • Addresses several problems of key distribution and key loss issues. CS262/0898/V1 Chapter 2 - 39 ADCS Encryption with Public Keys CS262/0898/V1 Chapter 2 - 40 ADCS Public Key Protocol • Based on mathematical functions rather than on substitution and permutation • Asymmetric involving the use of two separate keys, in contrast to symmetric conventional encryption, which uses only one key • Has profound consequences in the area of confidentiality, key distribution, and authentication CS262/0898/V1 Chapter 2 - 41 ADCS Public Key Cryptosystem • Each end system in a network generates a pair of keys to be used for encryption and decryption of messages that it will receive • Each system publishes it’s encryption key by placing it in a public register or file. This is the public key. The companion key is kept private (eg. Verisign provide security service for international e-commerce, DigiCert mainly for local ecommerce) • If A wishes to send a message to B, it encrypts the message using B’s public key • When B receives the message, B decrypts it using B’s private key. No other recipient can decrypt the message because only B knows B’s private key. CS262/0898/V1 Chapter 2 - 42 ADCS Public Key - Advantages • All participants have access to public keys and private keys are generated locally by each participant and therefore need never be distributed • As long as system controls it’s private key, its incoming communication is secure • At any time,a system can change its private key and publish the companion public key to replace its old public key • It is computationally infeasible to deduce the private key from the public key • Anyone who has a public key can encrypt information but cannot decrypt it • Only the person who has the corresponding private key can decrypt the information CS262/0898/V1 Chapter 2 - 43 ADCS Public Key – Examples • Elgamal (named for its investor, Taher Elgamal) • RSA (named for its investors; Ron Rivest, Adi Shamir and Leonard Adleman) • Diffie-Hellman (named for its investors) • DSA – Digital Signature Algorithm (invented by David Kravitz) CS262/0898/V1 Chapter 2 - 44 ADCS Public Key Cryptosystem : Encryption Alice’s public key ring: Joy, Mike, Bob etc Bob’s public key Plaintext input Encryption Algorithm Encryption algorithm eg. RSA CS262/0898/V1 Transmitted chipertext Bob’s private key Decryption Algorithm Plaintext output Decryption algorithm (reverse of encryption algorithm Chapter 2 - 45 ADCS Public Key Cryptosystem : Authentication Bob’s public key ring: Joy, Mike, Alice etc Alice’s private key Plaintext input Encryption Algorithm Encryption algorithm eg. RSA CS262/0898/V1 Transmitted chipertext Alice’s public key Decryption Algorithm Plaintext output Decryption algorithm (reverse of encryption algorithm Chapter 2 - 46 ADCS Public Key Cryptosystem Applications Source A X Message source Source B Y Encryption Algorithm Z Encryption Algorithm Y Decryption Algorithm X Decryption Algorithm Public Key A Private Key A Public Key B Key pair source Key pair source Private Key B CS262/0898/V1 Chapter 2 - 47 Message dest. ADCS Public Key Protocol Sender (B) Message [[M]SB]PA Encrypt Legend: SB:Secret key of B SA:Secret key of A CS262/0898/V1 Receiver (A) [[[[M]SB]PA]SA]PB Message Decrypt PB:Public key of B PA:Public key of A Chapter 2 - 48 ADCS Arbitration Protocols with Third Party • An alternative to the point key management protocols between senders and receivers. • Protocol that uses third party to ensure authentication between communicating entities. • Two types of arbitrated key management protocols might be envisioned. CS262/0898/V1 Chapter 2 - 49 ADCS Arbitration Protocols with Third Party 1) All data communication is performed through a third party, so that A might communicate with C through arbiter B. This requires that A and B agree on some key management protocol and that B and C agree on a protocol as well. A B Arbitrator C A sends message to C B routes message to C from A C receives message from A CS262/0898/V1 Chapter 2 - 50 ADCS Arbitration Protocols with Third Party 2) The third party arbiter establishing authentication between the sender and receiver e.g. visiting prisoner at prison, have to go thru the prison warden Arbitrator 1) request comm with C B 2) establish communications A C 3) communications between A and C CS262/0898/V1 Chapter 2 - 51 ADCS Reasons why an arbiter is not desirable • Difficult to find a trusted arbitrator e.g. recognize and valid authority • Cause delay in communication e.g. have to go thru arbiter for any communication • Costly in maintaining an arbiter e.g. fees payment, service charges • Bottleneck happens if many users access to same arbiter e.g. delay in communication • Not secure since arbiter has access to sensitive information e.g. no 100% confidentiality CS262/0898/V1 Chapter 2 - 52 ADCS Key Distribution • This scheme involves distribution of public and secret keys by transmission over a secure channel. • Uses private key management protocol between remote systems and the KDC - Key Distribution Centre. • This approach allows two entities to receive keys from KDC for their communication. • Secrecy of their transmission to the KDC is assured by the distribution process. CS262/0898/V1 Chapter 2 - 53 ADCS Pretty Good Privacy (PGP) • It is a hybrid cryptosystem by Philip Zimmerman • Fast ,easy and free ported to most popular computer platforms, PCs and Macs as well to protect messages on the Internet • Used in email e.g. Netscape Messager, MS Outlook Express and Qualcomm Eudora Pro CS262/0898/V1 Chapter 2 - 54 ADCS PGP Encryption • PGP compresses the plaintext to save transmission time and disk space and to strengthen cryptographic security • Compression reduces plaintext pattern and enhances resistance to cryptanalysis • PGP creates session key, one-time-only secret key from the random movement of user’s mouse and keystrokes type • Using the IDEA algorithm with the session key, the message is encrypted. • The session key is encrypted with the RSA algorithm and the recipient’s public key • The encrypted message and session key is then bundled together and ready to be mailed or stored CS262/0898/V1 Chapter 2 - 55 ADCS PGP Encryption CS262/0898/V1 Chapter 2 - 56 ADCS PGP Decryption • The recipients copy of PGP uses his/her the private key to recover the temporary session key • Then, PGP uses it to decrypt the ciphertext CS262/0898/V1 Chapter 2 - 57 ADCS PGP Decryption CS262/0898/V1 Chapter 2 - 58 ADCS Secure Socket Layer (SSL) • Developed by Netscape in 1994 • Provides two functions: – Encrypting the information flow between client and server – Client/server authentication • Latest version is SSL 3.0 (1996) • Supported by: – Client applications (Netscape Navigator, Microsoft Internet Explorer) – Server applications (Netscape, Microsoft, Apache, Oracle, NSCA etc.) – Certification Authorities (VeriSign) CS262/0898/V1 Chapter 2 - 59 ADCS Secure Socket Layer (SSL) • Comes with two strength: 40-bit and 128-bit which refer to the length of the “session key” generated by every encrypted transaction • HTTPS - Hypertext Transfer Protocol Secure • https:// represent secure site using SSL services (HTTP + SSL) CS262/0898/V1 Chapter 2 - 60 ADCS Secure Socket Layer (SSL) Fundamental concerns about communication over the Internet and other TCP/IP networks: • SSL server authentication allows a user to confirm a server's identity • SSL client authentication allows a server to confirm a user's identity • An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality CS262/0898/V1 Chapter 2 - 61
© Copyright 2026 Paperzz