Cryptography

Course outcome

⚫ Develop an in-depth knowledge and understanding of

the principles of cryptography techniques
⚫ Develop a strong mathematical foundation for
understanding cryptography
⚫ Exploring the various Cryptographic primitives-
Encryption/Decryption, authentication techniques, and
hash functions
⚫ Gain practical experience by implementing
cryptographic algorithms and conducting security
experiments
Course evaluation pattern

Total Marks: 100

➢ Quiz exam: 30 (Quiz-1 15 Marks and Quiz-2 15 Marks)
➢ Quiz-1 will be Last week of January
➢ Quiz-2 will be Last week of March
➢ Mid Exam 30 Marks
➢ End Term Examination 40 Marks
Lab assessment: 100 Marks
Course overview

⚫ Symmetric-Key Cryptography
– Stream ciphers, Block ciphers, Encryption algorithms(DES,
AES) Message Authentication codes
⚫ Asymmetric-Key Cryptography
– Number Theory, RSA encryption, Diffe hellman key
exchange, ElGamal encryption algorithm, Digital Signatures
Text Book:
⚫ Introduction to Modern Cryptography by Jonathan
Katz and Yehuda Lindell
⚫ Cryptography: Theory and Practices by Douglas
Stinson
⚫ Cryptography and Network Security: Principles and
Practice, Seventh Edition, William Stallings, 2017,
Pearson, ISBN 10:1-292-15858-1
 Basic notions in our course
⚫ Block or stream
⚫ Text ciphers
⚫ Text ⚫ Secret-key ⚫ Passive and active
⚫ Services Cryptosystems adversary
 Confidentiality ⚫ Public-key ⚫ Crypt analysis
 Integrity Cryptosystems ⚫ Certificates
 Authentication ⚫ Private Key ⚫ Message
⚫ Public Key Authentication
code
⚫ Cipher text
⚫ Hash functions
⚫ Plain Text

Number Theory
Why do we need cryptography

⚫ e-mail
⚫ e-commerce
⚫ Secure card transaction
Cryptography

⚫ Is the science or art of secret writing

⚫ Designing of a set of algorithms to prevent
unauthorized access of sensitive information by
unauthorized entities
⚫ The fundamental objective of cryptography is to
enable
– two people (Alice and Bob) to communicate over an
insecure channel so that an opponent (Mallory) cannot
understand what is being said.
 Process of Cryptography

Cryptanalysis - Art of breaking cryptographic systems,

carried out by cryptanalyst
Elements

⚫ Plaintext: the information that Alice wants to send to

Bob.
⚫ Alice encrypts the plaintext, using a predetermined
key, and sends the resulting cipher text to Bob over
the public channel.
⚫ Upon receiving the cipher text
– Third person cannot determine what the plaintext was
– But Bob knows the encryption key, can decrypt the
ciphertext, and get the plaintext.
 Cryptographic Algorithms
⚫ Single-key or symmetric encryption or Private key cryptography

⚫ The same key is used on both ends

⚫ Computationally efficient
⚫ Key exchange is a big issue
 Asymmetric or Public key cryptography

In Practice
we use both
(symmetric and
Asymmetric)

⚫ The Different key is used on both ends

⚫ Computationally inefficient
⚫ No key exchange is required
Practical cryptosystem should satisfy

⚫ Each encryption and decryption function should be

efficiently computable
⚫ An opponent, upon seeing the ciphertext string y,
should be unable to determine the key k that was used
or the plaintext string x
⚫ The process of attempting to compute the key k, given
a string of cipher text y, is called cryptanalysis
What can a “bad person” do?

⚫ eavesdrop: intercept messages

⚫ actively insert messages into the connection
⚫ impersonation: can fake (spoof) source address in the
packet (or any field in the packet)
⚫ hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
⚫ denial of service: prevent service from being used by
others (e.g., by overloading resources)
 Security services

Confidentiality:
– Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
⚫ A breach of confidentiality means that someone gains
access to information who should not have access to it
⚫ In the context of network security, only the sender and
intended receiver should “understand” message
contents
Contd…

⚫ Privacy: Assures that individuals control or

influence what information related to them may be
collected and stored and by whom and to whom that
information may be disclosed.
 Integrity
⚫ Data integrity: “The property that data has not been
changed, destroyed, or lost in an unauthorized or
accidental manner.”
⚫ In the context of security, the sender and receiver want
to ensure the message is not altered in transit without
detection
⚫ Integrity also means ensuring information authenticity
& non-repudiation
Contd…

⚫ Authentication ensures that you are talking to whom

you think you are talking
– It involves verification of sender/receiver using
passwords/certificates
⚫ Non-repudiation: someone can’t repudiate (deny)
something
– It ensures that the sender of information is provided with
proof of delivery and the recipient is provided with proof of
the sender’s identity, so neither can later deny having
processed the information.
 Availability

⚫ The property of a system or a system resource being

accessible and usable upon demand by an authorized
system entity, according to performance specifications
for the system
– i.e., a system is available if it provides services according to
the system design whenever users request them
⚫ Turning off a computer provides confidentiality and
integrity, but hurts availability!
⚫ Denial of Service (DoS) attacks are direct assaults on
availability
Contd…
⚫ Authentication is the process of verifying the identity
of a user or information
⚫ Access control: provides the protection against
unauthorized use of data
⚫ For example,
– any customer of a bank can create and use an identity (e.g., a
user name) to log into that bank's online service.
– but the bank's authorization policy must ensure that only
you are authorized to access your individual account online
once your identity is verified.
Definitions

⚫ Security attack: Any action that compromises the

security of information owned by an organization
⚫ Security mechanism: A process that is designed to
detect, prevent, or recover from a security attack
⚫ Security service: intended to counter security attacks,
and they make use of one or more security
mechanisms to provide the service
Relationship between Security
services and Mechanism

Services Mechanism

Confidentiality Encryption, Routing control

Integrity Digital signature and

Encryption
Authentication Encryption and Digital
signature
Non Repudiation Digital signature

Access control Access control mechanism

and policies
Contd…
Vulnerability

⚫ A flaw in the software, firmware, hardware, or service

component resulting from a weakness that can be exploited,
causing a negative impact to the confidentiality, integrity, or
availability of an impacted component or components
– Vulnerabilities can allow attackers to run unauthorized code,
access system information and steal, modify and destroy
data
⚫ Vulnerabilities in
– Design or specification, Implementation, Operation &
management
 More Definitions: Threat and Attack
⚫ Threat: An adversary that is motivated and capable of
exploiting a vulnerability in the system by launching
attacks
– Different enemies have different abilities
– You can’t design a secure system unless you know who the
enemy is
⚫ Attack: An intentional act by which an entity attempts
to evade security services and violate the security
policy of a system
 Attack Types
⚫ Passive attack: attempts to learn or make use of
information from a system but does not affect system
resources of that system
– Monitoring of network traffic
– Very difficult to detect, but feasible to prevent them /w
encryption
⚫ Active attack: attempts to alter system resources or affect its
operation
– Man-in-the-middle (MITM) & DDoS attacks
– Very difficult to prevent them due to a wide variety of vulnerabilities
The main goal is to detect attacks and recover the system to normal operation
Types of Network Attacks

⚫ Eavesdropping attacks
⚫ Man-in-the-middle (MITM) attacks
⚫ Denial of Service (DoS) attacks
Contd…
Eavesdropping Attacks

⚫ Easy to intercept traffic, almost impossible to detect

⚫ By default, everything is transmitted in clear text
– Usernames, passwords, content ...
– No security is offered by the transmission medium
⚫ Different tools available on internet
– Wireshark/Kismet/Tcpdump/airdump-ng/...
⚫ Affects Confidentiality of data exchanged
⚫ Countermeasures
– Encryption
 MITM Attacks
⚫ Attacker intercepts, blocks or modifies communication
between sender and receiver
⚫ Attacker actively eavesdrop the communication
⚫ Affects Integrity, availability, and Confidentiality
Denial of Service (DoS) Attacks

⚫ Attacks on higher levels

– SYN Flooding
– Ping of death (targeting them with oversized data packets), Ping
flood
⚫ IP spoofing
⚫ Spoofed MAC control packets in Wi-Fi
⚫ ARP spoofing
⚫ Spoofed deauthentication / disassociation messages
– can target one specific user
 Cryptanalysis and Brute-Force
Attack

⚫ Cryptanalytic attacks:
– Rely on the nature of the algorithm, general characteristics of
the plaintext, and some sample plaintext–ciphertext pairs.
– Goal: to attempt to deduce a specific plaintext or to deduce
the key being used
⚫ Brute-force attack:
– Tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained
 cryptanalytic attacks

⚫ Based on the amount of information known to the

cryptanalyst
⚫ Possible attacks:
– Cyphertext Only Attack (COA)
– Known Plaintext Attacks (KPA)
– Choosen Plaintext Attack (CPA)
– Chooses Ciphertext Atatck (CCA)
Cypher text Only Attack (COA)

⚫ The attacker has access to the Cypher text only

⚫ Most encryption algorithms are NOT vulnerable
⚫ The attackers/cryptanalyst's probability of success
is VERY low
 Known plaintext attack
⚫ The attacker has access to several (Plain-text, Cipher text)
pairs (m1, c1), (m2, c2), under the same key
 All encrypted messages do remain indefinitely privately
⚫ The goal is to compute some function of the underlying
plaintext with Cipher text

⚫ The encryption process should be randomized

Choosen Plaintext Attack (CPA)
⚫ The sender encrypts any message of the adversary’s choice
under the key k.
 Not aware that actually it is encrypting messages of the adversary’s
choice and providing that ciphertext to the adversary.
Chooses Ciphertext Attack (CCA)
⚫ The analyst gets the decryption of the cipher text of its choice
⚫ The goal is to compute some function of the underlying plain
text with a cipher text
Kerckhoffs's principle Auguste Kerckhoffs
Dutch cryptographer
⚫ The principle is
– A cryptographic system should be secure even if everything
about the system, except the key, is public knowledge
⚫ Maintaining the privacy of a key is a relatively easier task
compared to maintaining the privacy of a pair of algorithms
– Approximately key size is 100 bits and the algorithm size
is 1000 times larger
⚫ if your keys leak, it is very easy to replace the key
⚫ if I want to do secure communication with 100 parties, I
cannot come up with 100 secret algorithms
Contd…

⚫ Private cryptographic algorithms may not know

what kind of loopholes might be present,
⚫ So it is always recommended to go or use algorithms
which have been available in the public domain and
have been scrutinized publicly.
Traditional Cyphers

⚫ Shift Cyphers
⚫ Mono-alphabetic Cyphers
⚫ Poly-alphabetic substitution
Shift (Caesar) Ciphers

⚫ A shift cipher involves replacing each letter in the

message by a letter that is some fixed number of
positions further along in the alphabet
⚫ Encryption: Shift each instance of the plain text character
by k positions forward
⚫ Decryption: Shift each instance of the cipher text character
by k positions backward
Example:

⚫ Plain text is cookie

⚫ K=3
⚫ Ciphertext: FRRNLH
⚫ We do the wraparound by doing the modulo operation,
modulo 26 operation
 Security analysis
⚫ Ciphertext only attack is
possible
– Brute-force cryptanalysis
was easily performed on the
shift cipher by trying all 25
possible keys
– Given a ciphertext string,
Oscar successively try the
decryption process with
k = 0, 1, 2, etc. until getting
a meaningful text.
 Mono Alphabetric Substitution Cipher

⚫ Lesson is
– enormously large key space, so that it becomes impractical
for that adversary to do a brute force kind of attack
⚫ Idea is
– Map each plain character to an arbitrary cipher text character
in one to one
⚫ So there are candidates of 26! or
 Cryptanalysis on Monoalphabetic
Ciphers
⚫ Frequency Analysis:
– Exploit the redundancy present in the underlying natural
language
–
The character E occurs
more frequently
compared to any other
character

The character T occurs

more frequently compared
to the character U

Cipher text only attack is possible

Polyalphabetic cipher (Vigenere Cipher)
⚫ In each instance, a plain text character is mapped to a
different cipher text character
⚫
Example:

⚫ Keyword is “CIPHER”, this corresponds to the

numerical equivalent k = (2, 8, 15, 7, 4, 17)
⚫ Plaintext: “thiscryptosystemisnotsecure”.
⚫ Encryption: add modulo 26

Ciphertext: “VPXZGIAXIVWPUBTTMJPWIZITWZT
Summary of historical Ciphers

⚫ Cipher Text Only attack is possible

⚫ Sufficient key space principle
– Keyspace should be sufficiently large to make Brute-force
attack infeasible
⚫ Designing a secure cipher is indeed a tough and
challenging task
Classical VS Modern Cryptography
⚫ Classical cryptography:
– The art of secret writing
– The communication is secure as long as the encoding
algorithm is a secret
– Disadvantages: Reverse engineering, easy coding algorithm
⚫ Classical cryptography was restricted to the military.
Modern cryptography is influencing almost everyone
 Contd…

⚫ Modern Cryptography
– Strong scientific foundation and principles
⚫ Principle 1:
– is formal security definitions
⚫ Principles 2:
– Precisely stating any (unproven) assumption used in the
construction
⚫ Principles 3:
– Rigorous proof of security