MEWAR INTERNATIONAL UNIVERSITY, MASAKA- NIGERIA

Lecture Notes on CYB 303: Introduction to Cryptography

Department of Cyber Security

BY Mr. CELINUS KIYEA

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 1

 Table of Contents

1 INTRODUCTION......................................................................................................................3
2 SYMMETRIC KEY CRYPTOGRAPHY................................................................................3
2.1 SYMMETRIC KEY DISTRIBUTION............................................................................................4
2.2 KEY AGREEMENT...................................................................................................................4
2.3 KEY EXCHANGE.....................................................................................................................4
3 PUBLIC KEY CRYPTOGRAPHY..........................................................................................4
3.1 RSA PUBLIC KEY CRYPTOGRAPHY.........................................................................................6
3.2 ELLIPTIC CURVE CRYPTOGRAPHY...........................................................................................7
3.3 DIGITAL SIGNATURES.............................................................................................................8
3.3.1 Hashing...........................................................................................................................8
3.3.2 Non-repudiation..............................................................................................................8
3.4 DIGITAL CERTIFICATES...........................................................................................................9
3.4.1 PKI Based on X.509........................................................................................................9
3.4.2 PKI Based on PGP..........................................................................................................9
4 CRYPTOGRAPHIC PROTOCOLS........................................................................................9
4.1 SSL........................................................................................................................................9
4.2 IPSEC...................................................................................................................................10
4.3 VIRTUAL PRIVATE NETWORKS..............................................................................................12
4.4 POINT-TO-POINT PROTOCOL................................................................................................12
5 REFERENCES.........................................................................................................................12
6 LIST OF ACRONYMS............................................................................................................13

Cryptography

1 Introduction
Cryptography is Greek for “hidden writing.” In computer-based cryptography, it is the art of
ciphering an easily understood message or “plain text” into one that cannot be easily deciphered.
Cryptography The art or science encompassing the principles and methods of transforming an
intelligible message into one that is unintelligible, and then retransforming that message back to
its original form
The basic components for a cryptographic system are a ciphering engine, a key exchange
mechanism, and a random number generator. A reversible ciphering engine will encrypt or
decrypt the plain text message using the same key, which is a secret known only to the parties

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 2

involved. This is called symmetric key cryptography. It is different from public key cryptography
whereby one key is used for encryption while another mathematically related key is used to
decipher the message. Public key cryptography is also called asymmetric key cryptography and
often involves a hashing function. Ciphering engines are either block ciphers which encrypt
blocks of text at a time, or stream ciphers, which produce an output bit stream in response to an
input bit stream.

Cryptography is essential for maintaining the confidentiality, authenticity, and integrity CIA
triad) of messages that are communicated over untrustworthy channels.

Confidentiality is the assurance that only the owners of the keys can access the data.

Authenticity is the assurance that the originator of the message is not an imposter.

Integrity is the assurance that data has not been altered while in transit.

Type of operations used for transforming plain text to cipher text

All ciphering methods are based on the principles of diffusion and confusion, which are terms
coined by Claude Shannon. Diffusion or transposition is the technique of transposing and
substituting characters or bits. The intent is to disperse the statistical nature of the encrypted
message or cipher text, and thereby hide its relationship with the plain text.

Alternatively, confusion or substitution is the cryptographic principle of hiding the relationship

between the cipher text and the secret key. Given a key length in bits, a strong cryptographic
method has many possible secret keys such that a brute force search for the secret key will be
infeasible.

1.1 Basic Concepts

Plaintext The original intelligible message
Cipher text The transformed message
Cipher An algorithm for transforming an intelligible message into one that is unintelligible by
transposition and/or substitution methods
Key Some critical information used by the cipher, known only to the sender& receiver
Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 3

Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a
key
Cryptanalysis The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called code breaking
Cryptology Both cryptography and cryptanalysis
Code An algorithm for transforming an intelligible message into an unintelligible one using a
code-book

1.2 The way in which the plain text is processed

A block cipher processes the input and block of elements at a time, producing output block for
each input block.
A stream cipher processes the input elements continuously, producing output element one at a
time, as it goes along.

1.3 Cryptographic Attacks

a. Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted.
Passive attacks are of two types:
Release of message contents: A telephone conversation, an e-mail message and a transferred file
may contain sensitive or confidential information. We would like to prevent the opponent from
learning the contents of these transmissions.
Traffic analysis: If we had encryption protection in place, an opponent might still be able to
observe the pattern of the message. The opponent could determine the location and identity of
communication hosts and could observe the frequency and length of messages being exchanged.
This information might be useful in guessing the nature of communication that was taking place.
Passive attacks are very difficult to detect because they do not involve any alteration of data.
However, it is feasible to prevent the success of these attacks.

b. Active attacks
These attacks involve some modification of the data stream or the creation of a false stream.
These

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 4

attacks can be classified in to four categories:
Masquerade – One entity pretends to be a different entity.
Replay – involves passive capture of a data unit and its subsequent transmission to produce an
unauthorized effect.
Modification of messages – Some portion of message is altered or the messages are delayed or
recorded, to produce an unauthorized effect.
Denial of service – Prevents or inhibits the normal use or management of communication
facilities. Another form of service denial is the disruption of an entire network, either by disabling
the network or overloading it with messages so as to degrade performance.
It is quite difficult to prevent active attacks absolutely, because to do so would require physical
protection of all communication facilities and paths at all times. Instead, the goal is to detect them
and to recover from any disruption or delays caused by them.

1.4 The number of keys used in Encryption

If the sender and receiver use same key then it is said to be symmetric key (or) single key (or)
conventional encryption.
If the sender and receiver use different keys then it is said to be public key or Asymmetric
encryption.

2 Symmetric Key Cryptography

In symmetric key cryptography the same key, which is a secret, both encrypts and subsequently
decrypts a message. This type of cryptography is an attractive means for secure communications
among low-cost computing devices such as sensors because it involves less computationally
expensive ciphering methods than public key cryptography. However, its strength ultimately
depends on the robustness of a system for distributing secret keys to the network participants.

Data Encryption Standard (DES) was one of the most popular symmetric encryption
algorithms, which was a published standard since 1977. However, in 1999, a team from the
Electronic Frontier Foundation managed to break the DES encryption in less than 24 hours.
Around the time of this event, the National Institute of Standards and Technology (NIST)
requested algorithm submissions for a new federal Advanced Encryption Standard (AES.) Five
contenders made it to the last round of selection. In October 2000 NIST selected the Rijndael
algorithm, which was developed by two Belgian cryptographers, Joan Daemen and Vincent

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 5

Rijmen. While this standard was being ratified, Walter Tuchman of IBM proposed Triple DES,
which was an effort to improve the security of the DES algorithm. With triple DES, the DES
algorithm is applied three times with two different secret keys.

2.1 Symmetric Key Distribution

A trusted third party or key distribution center (KDC) is often used to distribute copies of the
keys. Key distribution can become a significant problem when the number of keys to distribute
grows exponentially with the addition of as new network clients. Therefore, the KDC can
become the bottleneck of information exchange and is also a likely target for hackers. One way
around this is to use public key encryption as a secure means of exchanging secret keys so that
subsequent communications will use the less computationally expensive symmetric key methods.

2.2 Key Agreement

The Diffie-Hellman (DH) algorithm developed by Whitfield Diffie and Martin Hellman of
Stanford in 1976 is a popular method of key agreement. That is, the common secret key is
derived, rather than distributed by another system, via plain text communications across an
untrustworthy network. Correspondents agree on a large prime generator g and a large prime
number modulus n, each of which can be made public. The generator, g must have the property
that its exponentiation with a random number from the selected number space will result in a
large number of unique outcomes The simple idea of understanding to the DH Algorithm is the
following.

1. The first party picks two prime numbers, g and p and tells them to the second party.

2. The second party then picks a secret number (let’s call it a), and then it computes g a mod p
and sends the result back to the first party; let’s call the result A. Keep in mind that the secret
number is not sent to anyone, only the result is.

3. Then the first party does the same; it selects a secret number b and calculates the result B
similar to the

4. step 2. Then, this result is sent to the second party.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 6

. The second party takes the received number B and calculates Ba mod p

6. The first party takes the received number A and calculates Ab mod p

This is where it gets interesting; the answer in step 5 is the same as the answer in step 4. This
means both parties will get the same answer no matter the order of exponentiation.

(ga mod p)b mod p = gab mod p

(gb mod p)a mod p = gba mod p

Example

1. Alice and Bob both use public numbers P = 23, G = 5

2. Alice selected private key a = 4, and Bob selected b = 3 as the private key

3. Both Alice and bob now calculate the value of x and y as follows:

 Alice: x = (54 mod 23) = 4

 Bob: y = (53 mod 23) = 10

4. Now, both Alice and Bob exchange public numbers with each other.

5. Alice and Bob now calculate the symmetric keys

 Alice: ka = ya mod p = 104 mod 23 = 18

 Bob: kb = xb mod p = 43 mod 23 = 18

6. 18 is the shared secret key.

The following table summarizes the DH algorithm for secret key agreement:

Correspondent-A Correspondent-B
Publicly known: {g, n}

Generate random number A (secret) Generate random number B (secret)

Calculate X = gA MOD n Calculate Y = gB MOD n

Transmit X Transmit Y

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 7

 Calculate Key = YA MOD n = Calculate Key = XB MOD n =
(gB)A MOD n = gBA MOD n (gA)B = gAB MOD n
Shared Key = gAB MOD n

For a key that is 1024 bits long, an eavesdropper will need to compute the discrete log of both X
and Y many times in order to discover the random numbers A and B. The security of this method
relies on the fact that the computational intensity of the discrete log problem is expensive
because it will take existing computers many years to compute. However, as computing
technologies evolve, the computational time will continuously decrease.

2.3 Key Exchange

Even though the DH algorithm allows each party to create a shared secret key with publicly
exchanged parameters it does not provide authentication. That is, neither correspondent can be
assured that the other is genuine. Therefore, public key techniques are used to first exchange
keys that correspondents can subsequently utilize.

Uses of Diffie Hellman Algorithm

Aside from using the algorithm for generating public keys, there are some other places where
DH Algorithm can be used:

 Encryption: The Diffie Hellman key exchange algorithm can be used to encrypt; one of
the first schemes to do is ElGamal encryption. One modern example of it is called
Integrated Encryption Scheme, which provides security against chosen plain text and
chosen clipboard attacks.
 Password Authenticated Agreement: When two parties share a password, a password-
authenticated key agreement can be used to prevent the Man in the middle attack. This
key Agreement can be in the form of Diffie-Hellman. Secure Remote Password Protocol
is a good example that is based on this technique.
 Forward Secrecy: Forward secrecy-based protocols can generate new key pairs for each
new session, and they can automatically discard them when the session is finished. In
these forward Secrecy protocols, more often than not, the Diffie Hellman key exchange is
used.

Advantages of the Diffie Hellman Algorithm

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 8

  The sender and receiver don’t need any prior knowledge of each other.
 Once the keys are exchanged, the communication of data can be done through an insecure
channel.
 The sharing of the secret key is safe.

Disadvantages of the Diffie Hellman Algorithm

 The algorithm cannot be sued for any asymmetric key exchange.

 Similarly, it cannot be used for signing digital signatures.

Since it doesn’t authenticate any party in the transmission, the Diffie Hellman key exchange is
susceptible to a man-in-the-middle attack

Written Assignment: Write short notes on Advanced Encryption Algorithm showing how key
exchange takes place on it. Submit in the next class

3 Public Key Cryptography

Unlike secret key cryptography, public key cryptography provides a better way to publicly
distribute keys while keeping the secret or private key safely guarded. Public key cryptography is
also known as asymmetric key cryptography because one key is used for encryption while
another mathematically related key is used for decryption. Asymmetric or public key encryption
methods typically use the concept of modular inverses to create public/private key pairs.

Modular inverses are a pair of numbers in modular arithmetic that when multiplied together yield
unity. For example, the numbers 3 and 7 are modular inverses in modulo 10 arithmetic because

(3 x 7) MOD 10 = 1.

To encrypt a message, we essentially multiply numeric equivalents of it with the first number,
transmit the result as the encrypted message, and then multiply the received encryption with the
second number so as to recover the original message. We can view the overall process as

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 9

multiplying the message by unity whereby the first number is the public key, and it’s inverse as
the private key or vice versa.

The success of public key cryptography for worldwide electronic commerce depends on the
establishment of a trusted third party that will authenticate and distribute public keys. This will
prevent imposters from claiming any public key as their own without first presenting proof of
authenticity. Even though public key cryptography can provide all of the needed security
functions while secret key cryptography cannot, it is not as practical to implement across all
platforms primarily because of its high computational complexity. Therefore, secret key
techniques are used for many networking applications, while public key techniques are used
when necessary to facilitate authentication and secret key exchanges.

RSA and Pretty Good Privacy (PGP), which was created in 1991 by Philip Zimmerman are
probably the two most well-known public key cryptographic systems. Figure 1 illustrates the
basic operation of a public key based message exchange.

Figure 1: Secure communications over an untrusted network using public key methods.

The sender first obtains the recipient’s public key from a trusted third party that vies for its
authenticity. Section 3.4 describes public key distribution and digital certificates. With the
assurance that the public key is indeed assigned to the intended recipient, the sender encrypts the
plain text message with the recipient’s public key B and transmits the encrypted message. The
recipient decrypts the ciphered message with its securely held private key B. However, this
process only provides confidentiality, which is the assurance that no one else could have
deciphered the message in transit, other than the recipient. However, the message itself could
have been intercepted, substituted, re-encrypted with the recipient’s public key, and delivered

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 10

instead of the original message. Therefore, in order to authenticate the message, the sender adds a
digital signature to the transmitted packet by encrypting a highly compressed form (a hash) of the
original message with the sender’s private key. Upon receiving the message, the recipient also
decrypts the hash with the sender’s public key and compares the result with its own hash of the
received message, thereby validating the authenticity of the message. Section 3.3 describes
hashing and digital signatures in greater detail.

3.1 RSA Public Key Cryptography

RSA is named after its inventors, Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman of
MIT. It is a popular public key encryption algorithm that many cryptographers scrutinize. Its
strength is based on the difficulty of factoring a very large number into two large prime numbers.
The algorithm, developed from a basic theory by Pierre de Fermat in the 1600’s, specifies m(p-1)
MOD p = 1

3.1.1 How does RSA encryption work?

The following is going to be a bit of a simplification, because too many readers have probably
been scarred by their high school math teacher. To keep the math from getting too out-of-hand,
we will be simplifying some concepts and using much smaller numbers. In reality, RSA
encryption uses prime numbers that are much larger in magnitude and there are a few other
complexities.

There are several different concepts you will have to get your head around before we can explain
how it all fits together. These include trapdoor functions, generating primes, Carmichael’s
totient function and the separate processes involved in computing the public and private
keys used in the encryption and decryption processes.

a. Trap door functions

RSA encryption works under the premise that the algorithm is easy to compute in one direction,
but almost impossible in reverse. As an example, if you were told that 701,111 is a product of
two prime numbers, would you be able to figure out what those two numbers are?

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 11

Even with a calculator or a computer, most of us wouldn’t have any idea of where to start, let
alone be able to figure out the answer. But if we flip things around, it becomes much easier.
What’s the result of:

907 x 773

It is known that the answer is the previously mentioned 701,111. This 907 and 773 are the prime
numbers that answer our first question, which shows us that certain equations can be easy to
figure out one way, but seemingly impossible in reverse.

Another interesting aspect of this equation is that it is simple to figure out one of the prime
numbers if you already have the other one, as well as the product. If you are told that 701,111 is
the result of 907 multiplied by another prime number, you can figure it out the other prime with
the following equation:

701,111 ÷ 907 = 773

Since the relationship between these numbers is simple to compute in one direction, but
incredibly hard in reverse, the equation is known as a trap door function. Be aware that while
the above example is hard for people to figure out, computers can do the operation in a trivial
amount of time.

Because of this, RSA uses much larger numbers. The size of the primes in a real RSA
implementation varies, but in 2048-bit RSA, they would come together to make keys that are 617
digits long. To help you visualize it, a key would be a number of this size:

b. Generating primes

The trap door functions mentioned above form the basis for how public and private-key
encryption schemes work. Their properties allow public keys to be shared without
endangering the message or revealing the private key. They also allow data to be encrypted
with one key in a way that can only be decrypted by the other key from the pair.

The first step of encrypting a message with RSA is to generate the keys. To do this, we need two
prime numbers (p and q) which are selected with a primality test. A primality test is an
algorithm that efficiently finds prime numbers, such as the Rabin-Miller primality test.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 12

The prime numbers in RSA need to be very large, and also relatively far apart. Numbers that are
small or closer together are much easier to crack. Despite this, our example will use smaller
numbers to make things easier to follow and compute.

Let’s say that the primality test gives us the prime numbers that we used above, 907 and 773. The
next step is to discover the modulus (n), using the following formula:

n=pxq

Where p = 907 and q = 773

Therefore:

n = 907 x 773

n = 701,111

c. Carmichael’s totient function

Once we have n, we use Carmichael’s totient function:

λ(n) = lcm (p − 1, q − 1)

If it’s been a while since you’ve hit the math textbooks, the above might look a bit terrifying. You
can skip over this part and just trust that the math works, otherwise stick with us for a few more
calculations. Everything will be explained in as much detail as possible to help you get your head
around the basics.

For those who aren’t aware, λ(n) represents Carmichael’s totient for n, while lcm means the
lowest common multiple, which is the lowest number that both p and q can divide into. There
are a few different ways to figure this out, but the easiest is to trust an online calculator to do the
equation for you. So let’s put our numbers into the equation:

λ(701,111) = lcm (907 − 1, 773 − 1)

λ(701,111) = lcm (906, 772)

λ(701,111) = 349,716

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 13

d. Generating the public key

Now that we have Carmichael’s totient of our prime numbers, it’s time to figure out our public
key. Under RSA, public keys are made up of a prime number e, as well as modulus n (we
will explain what modulus means in a few paragraphs). The number e can be anything between 1
and the value for λ(n), which in our example is 349,716.

Because the public key is shared openly, it’s not so important for e to be a random number. In
practice, e is generally set at 65,537, because when much larger numbers are chosen randomly, it
makes encryption much less efficient. For today’s example, we will keep the numbers small to
make calculations efficient. Let’s say:

e = 11

Our final encrypted data is called the ciphertext (c). We derive it from our plaintext message (m),
by applying the public key with the following formula:

c = me mod n

As we mentioned, e mod n is the public key. We have already devised e and we know n as well.
The only thing we need to explain is mod. It’s a little bit out of the depth of this article, but it
refers to a modulo operation, which essentially means the remainder left over when you divide
one side by the other. For example:

10 mod 3 = 1

This is because 3 goes into 10 three times, with a remainder of 1.

Back to our equation. To keep things simple, let’s say that the message (m) that we want to
encrypt and keep secret is just a single number, 4. Let’s plug everything in:

c = me mod n

c = 411 mod 701,111

c = 4,194,304 mod 701,111

Again, to make the modulo operation easy, we will be using an online calculator, but you are
welcome to figure it out for yourself. By entering 4,194,304 into the online calculator, it gives us:

c = 688,749

Therefore when we use RSA to encrypt our message, 4, with our public key, it gives us
the ciphertext of 688,749. The previous steps may have seemed a little too math-heavy, but it’s
important to reiterate what has actually happened.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 14

We had a message of 4, which we wanted to keep secret. We applied a public key to it, which
gave us the encrypted result of 688,749. Now that it is encrypted, we can securely send the
number 688,749 to the owner of the key pair. They are the only person who will be able to
decrypt it with their private key. When they decrypt it, they will see the message that we were
really sending, 4.

Generating the private key

In RSA encryption, once data or a message has been turned into ciphertext with a public key, it
can only be decrypted by the private key from the same key pair. Private keys are comprised
of d and n. We already know n, and the following equation is used to find d:

d =1/e mod λ(n)

In the Generating the public key section above, we already decided that in our example, e would
equal 11. Similarly, we know that λ(n) equals 349,716 from our earlier work under Carmichael’s
totient function. Things get a little more complicated when we come across this section of the
formula:

1/e mod

This equation may look like it is asking you to divide 1 by 11, but that’s not the case. Instead, this
just symbolizes that we need to calculate the modular inverse of e (which in this case is 11)
and λ(n) (which in this case is 349,716).

This essentially means that instead of performing a standard modulo operation, we will be
using the inverse instead. This is normally found with the Extended Euclidean Algorithm, but
it’s a little outside of the scope of this article, so we will just cheat and use an online
calculator instead. Now that we understand everything that’s going on, let’s plug our information
into the formula:

d =1/11 mod 349,716

To perform this operation, simply input 11 (or any value you may have for e if you are attempting
this with your own example) where it says Integer and 349,716 (or any value you may have
for λ(n) if you are attempting this with your own example) where it says Modulo in the online
calculator that was linked above. If you have done it correctly, you should get a result where:

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 15

d = 254, 339

Now that we have the value for d, we can decrypt messages that were encrypted with our public
key using the following formula:

m = cd mod n

We can now go back to the ciphertext that we encrypted under the Generating the private
key section. When we encrypted the message with the public key, it gave us a value for c of
688,749. From above, we know that d equals 254,339. We also know that n equals 701,111.
This gives us:

m = 688,749254,339 mod 701,111.

As you may have noticed, trying to take a number to the 254,339th power might be a little bit
much for most normal calculators. Instead, we will be using an online RSA decryption
calculator. If you wanted to do use another method, you would apply the powers as you normally
would and perform the modulus operation in the same way as we did in the Generating the
public key section.

In the calculator linked above, enter 701,111 where it says Supply Modulus: N, 254,399 where it
says Decryption Key: D, and 688,749 where it says Ciphertext Message in numeric form, as
shown below:(see the online calculator)

How RSA encryption works in practice

The above sections should give you a reasonable grasp of how the math behind public key
encryption works. It can be a little confusing, but even those who didn’t understand the
intricacies of the equations can hopefully take away some important information about the
process.

In the steps listed above, we have shown how two entities can securely communicate without
having previously shared a code beforehand. First, they each need to set up their own key
pairs and share the public key with one another. The two entities need to keep their private
keys secret in order for their communications to remain secure.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 16

 Once the sender has the public key of their recipient, they can use it to encrypt the data that
they want to keep secure. Once it has been encrypted with a public key, it can only be
decrypted by the private key from the same key pair. Even the same public key can’t be
used to decrypt the data. This is due to the properties of trap door functions that we
mentioned above.

When the recipient receives the encrypted message, they use their private key to access the
data. If the recipient wants to return communications in a secure way, they can then encrypt
their message with the public key of the party they are communicating with. Again, once it
has been encrypted with the public key, the only way that the information can be accessed is
through the matching private key.

In this way, RSA encryption can be used by previously unknown parties to securely send data
between themselves. Significant parts of the communication channels that we use in our online
lives were built up from this foundation.

How are more complicated messages encrypted with RSA?

In our example, we simplified things a lot to make it easier to understand, which is why we
only encrypted a message of “4”. Being able to encrypt the number 4 doesn’t seem particularly
useful, so you might be wondering how you can encrypt a more complicated set of data,
such as a symmetric key (which is the most common use of RSA), or even a message.

Some people may be perplexed at how a key like “n38cb29fkbjh138g7fqijnf3kaj84f8b9f…” or

a message like “buy me a sandwich” can be encrypted by an algorithm like RSA, which deals
with numbers and not letters. The reality is that all of the information that our computers
process is stored in binary (1s and 0s) and we use encoding standards like ASCII or
Unicode to represent them in ways that humans can understand (letters).

This means that keys like “n38cb29fkbjh138g7fqijnf3kaj84f8b9f…” and messages like

“buy me a sandwich” already exist as numbers, which can easily be computed in the RSA
algorithm. The numbers that they are represented by are much larger and harder for us to
manage, which is why we prefer to deal with alphanumeric characters rather than a jumble of
binary.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 17

 If you wanted to encrypt a longer session key or a more complex message with RSA, it
would simply involve a much larger number.

Padding

When RSA is implemented, it uses something called padding to help prevent a number of
attacks. To explain how this works, we’ll start with an example. Let’s say you were sending a
coded message to a friend:

Dear Karen,
I hope you are well. Are we still having dinner tomorrow?
Yours sincerely,
James

Let’s say that you coded the message in a simple way, by changing each letter to the one that
follows it in the alphabet. This would change the message to:

Efbs Lbsfo,
J ipqf zpv bsf xfmm. Bsf xf tujmm ibwjoh ejoofs upnpsspx?
Zpvst tjodfsfmz,
Kbnft

If your enemies intercepted this letter, there is a trick that they could use to try and crack the
code. They could look at the format of your letter and try to guess what the message might
be saying. They know that people normally begin their letters with “Hi”, “Hello”, “Dear” or a
number of other conventions.

If they tried to apply “Hi” or “Hello” as the first word, they would see that it wouldn’t fit the
number of characters. They could then try “Dear”. It fits, but that doesn’t necessarily mean
anything. The attackers would just try it and see where it led them. So they would change the
letters “e”, “f”, “b”, and “s” with “d”, “e”, “a”, and “r” respectively. This would give them:

Dear Laseo,
J ipqe zpv are xemm. Are xe tujmm iawjoh djooes upnpsspx?
Zpvrt tjoderemz,
Kanet

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 18

 It still looks pretty confusing, so the attackers might try looking at some other conventions, like
how we conclude our letters. People often add “From” or “Kind regards” at the end, but
neither of these fit the format. Instead, the attackers might try “Yours sincerely” and replace the
other letters to see where it gets them. By changing “z”, “p”, “v”, “t”, “j” “o”, “d” and “m”
with “y”, “o”, “u”, “s”, “i”, “n”, “c” and “l” respectively, they would get:

Dear Lasen,
I ioqe you are xell. Are xe tuill iawinh dinnes uonossox?
Yours sincerely,
Kanet

After that modification, it looks like the attackers are starting to get somewhere. They have
found the words “I”, “you” and “are”, in addition to the words that made up their initial
guesses.

Seeing as the words are in correct grammatical order, the attackers can be pretty confident that
they are heading in the right direction. By now, they have probably also realized that the code
involved each letter being changed to the one that follows it in the alphabet. Once they realize
this, it makes it easy to translate the rest and read the original message.

The above example was just a simple code, but as you can see, the structure of a message can
give attackers clues about its content. Sure, it was difficult to figure out the message from
just its structure and it took some educated guesswork, but you need to keep in mind that
computers are much better at doing this than we are. This means that they can be used to
figure out far more complex codes in a much shorter time, based on clues that come from
the structure and other elements.

If the structure can lead to a code being cracked and reveal the contents of a message, then we
need some way to hide the structure in order to keep the message secure. This brings us
to padding.

When a message is padded, randomized data is added to hide the original formatting clues
that could lead to an encrypted message being broken.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 19

 Despite this, adversaries can use a number of attacks to exploit the mathematical properties of a
code and break encrypted data. Due to this threat, implementations of RSA use padding
schemes like OAEP to embed extra data into the message. Adding this padding before the
message is encrypted makes RSA much more secure.

RSA security and attacks

Like most cryptosystems, the security of RSA depends on how it is implemented and used. One
important factor is the size of the key. The larger the number of bits in a key (essentially how
long the key is), the more difficult it is to crack through attacks such as brute-forcing and
factoring.

3.2 Elliptic Curve Cryptography

Since the RSA key lengths have become long (1024 bits), new techniques such as Elliptic Curve
Cryptography (ECC) have been invented. ECC is based on sets of predefined mathematical rules
for translating coordinates on an elliptic curve in modulo arithmetic.

The elliptic curve is defined as y2 MOD p = (x3 + ax + b) MOD p

The public key includes the curve parameters (p, a, b), a point on the curve defined by an (x,y)
coordinate pair P, and another point on the curve Q that is a “special” translation of the point P
by some secret amount d. This secret amount d is the private key. The “special” translation is
such that d  P = Q

This special translation operation is a one way function. That is, one cannot solve for the secret
translation scalar d simply by knowing the input and output coordinates P and Q respectively.
Therefore, correspondents at each end of the untrustworthy communications channel can easily
derive a shared secret key by combining their private key with the correspondent’s public key as
illustrated in the following table.
Correspondent-A Correspondent-B
Public Key A = {p, a, b, P, Qa} Public Key B = {p, a, b, P, Qb}

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 20

 Private Key A = {da} Private Key B = {db}

Transmit Qa = da  P Transmit Qb = db  P
Shared Key = da  Qb = da  (db  P) Shared Key = db  Qa = db  (da  P)

This form of key exchange works because the correspondent’s public key also contains the
private key in cryptic form. EC keys require about 20 bytes of storage compared with about 256
bytes for RSA keys. Researchers found that a 170 bit EC key length will give approximately the
same level of security as a 1024 bit RSA key. Smaller key sizes provide more flexibility for
storage in lowend computing devices such as smart cards.

3.3 Digital Signatures

Encrypting the plain text or a compressed version of it with the private key rather than the public
key creates a digital signature. The recipient verifies the authenticity of the signature by applying
the associated public key as we illustrated in Figure 1. The U.S. Federal Information Processing
Standard (FIPS) adopted Digital Signature Algorithm (DSA) in the 1990s, even though RSA
could have also been used. DSA is used only for digital signatures. Unlike RSA, DSA cannot be
used with a public key to decipher the original plain text message. In fact, it requires the original
plain text in order to verify the signature. RSA can verify signatures much faster than DSA.
However, DSA can create signatures faster than RSA by using pre-computed values. Therefore, it
is likely to be used for low complexity computing devices such as smart cards where the
verification can be performed on servers which generally has computing capability.

3.3.1 Hashing

A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length. Values returned by a hash function are called message digest or
simply hash values.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 21

When creating a digital signature with the private key, the original plain text message itself is not
used directly. This is because it is not sensible to encrypt the plain text itself with a private key
since it can be decrypted with a public key, as in RSA. Therefore, practical systems sign an
irreversible and highly compressed version of the message so that the recipient can verify the
signature as shown in Figure 1. Hashing is such a one-way function that can produce an
irreversible and highly compressed version of the message. When applied to a message, the
hashing function produces a sequence of numbers known as the “digital fingerprint” since it is
unique and repeatable. The hash value can also be viewed as a form of cryptographic checksum
that must change if the input text changes. The hashing function output is also called a Message
Integrity Code (MIC) or a Modification Detection Code (MDC.) MICs have a one-to-one
mapping with the message. That is, no two messages will produce the same code. This is called
weak collision resistance. MICs also have the reciprocal mapping property whereby each code
uniquely represents only one message. This is called strong collision resistance. The subtle
difference is that weak collision resistance prevents finding any two different messages that will
result in the same code while strong collision resistance prevents finding two different source
messages in the message space when given a specific code. Message Digest 5 (MD5), created by
Ron Rivest, is a popular MIC hashing function. NIST enhanced the previous version of it (MD4)
to produce Secure Hash Algorithm (SHA-1). NIST then released the SHA-2 family in 2001,
which includes an update to SHA-256 in March 2012 used by Bitcoin.

A Message Authentication Code (MAC) is another form of message compression and coding that
utilizes a secret key. Unlike a MIC, the correspondents using a MAC must share a secret key in
order to create and then to later verify the message authenticity. Most MACs are made with
secret key ciphers that are repeatedly applied to intermediate compressions of the message. For
example, Data Authentication Algorithm (DAA), the FIPS standard since 1985, is really a
combination of DES and a compression method. MACs execute much more slowly than MICs.
Therefore in 1996, cryptographers proposed the combination of MIC hashing with secret keys
and called it HMAC.

3.3.2 Non-repudiation
Non-repudiation is the assurance that the sender cannot deny having originated the message
because only one who has possession of the secret key could have constructed the digital
signature in question. In addition to confidentiality, authentication, and integrity, public key

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 22

cryptography also provides non-repudiation. Secret key cryptography cannot provide non-
repudiation.

3.4 Digital Certificates

A correspondent cannot be assured that a public key does indeed belong to the claimed party.
Therefore, the public key must be distributed by a trusted source that is willing to certify its
authenticity. A digital certificate is the method of choice for public key distribution. The third
party authenticates a public key by attaching a digitally signed hash of the plain text message.
The recipient verifies the message authenticity by decrypting the hash (verifying the signature)
with the third party’s public key and comparing the revealed hash with that resulting from
hashing the received plain text. The plain text contains the public key as an attachment and it also
describes attributes of the public key owner.

Public Key Infrastructure (PKI) is a digital certificate administrative framework for public key
delivery. Well-known PKI standards are X.509 and Pretty Good Privacy (PGP.)

3.4.1 PKI Based on X.509

A root Certificate Authority (CA) in X.509 PKI is the first trusted source for authentic digital
certificates. The CA can also subcontract its responsibilities to trusted Registration Authorities
(RA) and hence form a trusted tree-structure for certificate distribution. Amongst other
information, the digital certificate consists of plain text identifying the issuer, the subject unique
identity (also called a distinguished name), the subject’s public key, signature method used, and a
certificate expiration date. Software vendors typically pay a CA to distribute public keys and so
already include CA public keys in their configuration parameters. These are called root
certificates because they are self-signed by the CA and contains the CA’s trusted public key.
Subjects need the CA’s public key to verify the CA’s digital signature on a certificate that it
issues.

The CA also issues a challenge message in order to be sure that the subject does indeed possess
the associated private key. In doing so, the CA encrypts a random message with the subject’s
public key and sends it. The subject decrypts the message with the private key and responds with
the plain text message. The CA verifies that the response is the same as the challenge plain text.

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 23

In addition to managing public keys, the CA also informs users when certificates have been
prematurely revoked and puts the certificates on a certificate revocation list (CRL.)

3.4.2 PKI Based on PGP

Philip Zimmermann developed Pretty Good Privacy (PGP) because he was not comfortable with
the bureaucratic style architecture of X.509. Rather than using a CA, users in a PKI based on
PGP issue and manage their own digital certificates as well as sign and forward those of other
trusted correspondents. This also means that unlike X.509, each certificate can be signed by more
than one subject thereby adding higher levels of thrust. Therefore, rather than a centralized thrust
model, PGP utilizes a distributed thrust model. PGP is based on RSA public key cryptography
but it also supports DiffieHellman.

4 Cryptographic Protocols

4.1 SSL
Secure Socket Layer (SSL) is a data communications protocol primarily utilized by Internet
browsers to facilitate secret key exchanges and provide authentication, confidentiality, and
message integrity. It operates above TCP/IP. The IETF standardize it as the Transport Layer

DEPARTMENT OF CYBER SECURITY, MEWAR INTERNATIONAL UNIVERSITY Page 24

Security (TLS) in 1998. Microsoft was the first to incorporate TLS into its browser.

SSL/TSL completes a secure transaction by first negotiating which cryptographic algorithms. It

then exchanges public keys via digital certificates, generates shared secret keys, authenticates its
clients, and finally bulk encrypts the transmitted data for confidentiality and integrity. SSL/TSL
uses six secret keys. Both corresponding parties independently generate these from a pre-master
secret, which is a random number that the initiating party generates and sends to the
correspondent in encrypted form. Three keys are used in each communication direction for each
bulk encryption, message integrity check, and cipher engine initialization.

4.2 IPSec
In simplest terms, IPSec can authenticate data entering and encrypt data leaving a
communications device. It is, however, a complex protocol and several books have been
dedicated to the subject (Doraswamy and Harkins 2003). Functionally, IPSec consists or two
main parts, secret key exchanges using Internet Key Exchange (IKE) by default, and bulk
encryption. The IKE manages authentication and key exchanges while the bulk encryption
process provides confidentiality and message integrity. The IKE is a two-phase protocol whereby
the first phase openly negotiates parameters to protect the second phase, which in turn negotiates
parameters in secrecy for the bulk encryption part. Once the parties agree on cryptographic
parameters, the bulk encryption part uses either of two protocols and either of two modes to
provide data packet assurances. Devices that use IPSec must also comply with policies that the
network manager defines in a Security Policy Database (SPD.) Figure 2 illustrates the overall
organization of the IPSec protocol.

IPSEC

SPD
Policies

Bulk
Phase 1 Encryption

Phase 2 ESP AH Tunnel Transport

IKE Protocols Modes

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 25/30
 Figure 2: IPSec protocol architecture.

Unlike SSL/TSL, IKE involves two secret parameter exchanges in two phases so as to add
greater security and speed. These separate secret parameter exchanges or phases are also called
Security Associations (SA) because each result in the generation of many secret keys. Phase one
(also known as IKE-SA) key agreement uses Diffie-Hellman to initially establish an
authenticated and secure channel between the IPSec parties. Each party then derives three
separate keys for symmetric cryptographic exchanges. Phase two (also known as IPSec-SA)
cryptographic parameters and secret keys are then exchanged confidentially using phase one
secret keys. The phase two parameters are used for the bulk encryption process and different
secret keys are generated for different applications that IPSec services. These are derived much
faster than phase one parameters because a secure and authenticated channel has already been
established in phase one via more lengthy public key operations. For added security, IPSec
automatically updates phase two secret keys once they have aged beyond a pre-determined
lifetime. Phase one keys are updated less often because they involve more computationally
intensive public key methods. IPSec also requires a different SA for inbound and outbound
messages of the bulk encryption part of the protocol.

Once the key exchange phases are complete, IPSec is ready to encrypt packets via one of two
protocols and one of two modes. The protocol attribute controls the level of assurance, depending
on whether, or not one or both message confidentiality and integrity is required. The mode
attribute controls how much of the data packet will be protected by the protocol chosen.

The two protocol choices are Encapsulating Security Protection (ESP) and Authentication
Header (AH.) The mode choices are tunnel and transport. Therefore, there are four possible
combinations of protocols and modes. ESP provides both message integrity and confidentiality
whereas AH provides only message integrity. The ESP protocol encrypts both the upper layer
payload data and the source/destination IP addresses in tunnel mode but only the payload data in
transport mode. ESP also includes a signed hash (HMAC) of its own header and encrypted
portion of the packet. The encrypted data is also often padded in order to fix the length of the
packets. Fixed length data packets make it more difficult for eavesdropper to analyze the
statistical nature of the traffic flow between hosts. The AH protocol does not encrypt any of the

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 26/30
packet. It provides message integrity by including a signed hash of the payload data in transport
mode and a signed hash of both the payload data and IP addresses in tunnel mode.

The ESP and AH headers contain a Security Parameters Index (SPI), sequence numbers, and
antireplay attributes. The SPI helps the receiver to quickly locate the governing SA in the
database. The sequence numbers and anti-replay attributes are used to detect packets that hackers
may copy and replay in an attempt to overload the IPSec protocol and possibly cause the host
application to ‘hang-up.’ The sender numbers each packet and the receiver looks within a pre-
determined window size for indication of duplicate sequence numbers. The receiver can ignore
packets with duplicate sequence numbers and, thereby, prevent hackers from flooding the system
with old packets.

Transport Tunnel

ESP Host IP ESP Encrypted Gateway IP ESP

Encrypted
Host IP Encrypted
HMAC HMAC
Addresses Header {TCP/Data/Padding } Addresses Header Addresses {TCP/Data/Padding }

Authenticated Authenticated

AH Host IP
Addresses
AH
Header
HMAC
Plain-Text
{TCP/Data }
Gateway IP
Addresses
ESP
Header
HMAC
Host IP
Addresses
TCP/Data

Authenticated Authenticated

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 27/30
 Figure 3: Assurances from the four possible protocol/mode combinations of IPSec.

A Security Policy Database (SPD) stores a set of rules that every IPSec enabled host must follow.

These set of rules limit the degree with which its host can correspond with other computers on
the Internet.

4.3 Virtual Private Networks

A Virtual Private Network (VPN) is a secure communications channel that is established between
two networking devices (e.g. routers) on a transit or public network such that the two entities can
communicate in privacy. Before VPN technology became widespread, corporations leased
dedicated channels on private networks in order to communicate in confidence. VPN’s are also
used for establishing a secure point-to-point communications channel between the server of a
remote client (e.g. a mobile professional) and a corporate server.

Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and IPSec are
examples of technologies used for establishing Virtual Private Networks (VPN’s.) Most IPSec
based VPN products utilize the ESP protocol with tunnel mode because it is the most robust
combination. Tunnel mode must be used when proxy gateways or servers (e.g. firewalls) are
established between the correspondent hosts. Tunnel mode conceals both the packet and the host
address headers. The proxy servers decrypt the packets before forwarding them to the addressed
hosts.

4.4 Point-to-Point Protocol

PPP was designed to send data across dedicated point-to-point connections between a dial-up
client and a Network Access Server (NAS.) It is a four-phase protocol that encapsulates IP (also
IPX or NetBEUI) packets. PPP is often used for MODEM dial up connections over a serial
communications link. It allows two machines on a point-to-point communications channel to
negotiate the network layer protocols that will be used during the session. The phase one portion
of the protocol establishes, maintains, and eventually tears-down the physical connection. This is
also the phase where authentication protocols are selected for the next three phases of

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 28/30
communications. The decision to use encryption and compression are also determined in this
phase but the specific selections are made in the last phase.

Phase two involves client and server authentication and utilizes Password Authentication
Protocol (PAP), or Challenge Handshake Authentication Protocol (CHAP), or Microsoft
Challenge Handshake Authentication Protocol (MSCHAP). PAP communicates user name and
password in plain text and does not provide any security. CHAP utilizes a challenge and response
mechanism whereby the client sends an MD5 hash made with the password, and containing the
password, a random challenge string, and the session identification. The server verifies the MD5
hash with the password linked to the user name and thereby completes the authentication phase.

The third phase of PPP is an optional callback control mechanism whereby the NAS will
disconnect then call back the client at the specified phone number. The fourth and last phase
invokes the various control protocols selected in the previous phases. In addition, both data
compression and encryption protocols will be selected. Finally, data transfer begins with an
encapsulation of the packets with PPP headers.

List of Acronyms

Acronym Meaning
802.11a A section of the IEEE 802.11 standard that specifies WLAN networks for speeds up to 54
MBPS using OFDM for channel access and QPSK or QAM for carrier modulation. In
general, the 802.11 standard specifies channel sharing via CSMA/CA mechanisms that are
managed by the MAC.
802.11b A section of the IEEE 802.11 standard that specifies WLAN networks for speeds up to 11
MBPS using DSSS for channel access and QPSK for carrier modulation.
API Applications programmer interface.
CSMA/CA Carrier sense multiple access/collision avoidance.
HTTP Hypertext transfer protocol.
IP Internetworking protocol.
IPsec IP Security – a set of protocols for secure exchange of Internet packets.
ITU International telecommunications union.
LLC Logical link control – upper sublayer of the data link layer as defined by IEEE 802.2.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 29/30
 MAC Media access control.
MSC Mobile switching center.
NAS Network Authentication Server
PHY Physical (layer.)
PGP Pretty Good Privacy
PKI Public Key Infrastructure
PPP Point to point protocol.
RADIUS Remote Authentication Dial-In User Service.
RTP Real-time protocol.
TCP Transmission control protocol.
UDP User datagram protocol.
VoIP Voice-over-Internetworking protocol.
VPN Virtual private network.
WLAN Wireless local area network.
WWAN Wireless wide area network.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 30/30