Scribd
Upload
98 views

Introduction To Cryptography: Information Security By. Dr. Maqableh

This document provides an introduction to cryptography. It discusses how cryptography can be used to send information in a way that prevents unauthorized parties from reading it. It also covers encryption, decryption, cryptanalysis techniques, secret key cryptography, public key cryptography, and hash algorithms. The key aspects of each are defined in 1-3 concise sentences.

Uploaded by

Cwezy Zhoor
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
98 views

Introduction To Cryptography: Information Security By. Dr. Maqableh

This document provides an introduction to cryptography. It discusses how cryptography can be used to send information in a way that prevents unauthorized parties from reading it. It also covers encryption, decryption, cryptanalysis techniques, secret key cryptography, public key cryptography, and hash algorithms. The key aspects of each are defined in 1-3 concise sentences.

Uploaded by

Cwezy Zhoor
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 18

Introduction to Cryptography

Information Security By. Dr. Maqableh 0


Cryptography

Cryptography
Original meaning: the art of secret writing
Send information in a way that prevents others from reading it
Other services:
Integrity checking
Authentication
Process data into unintelligible form, reversible, without data loss

1
Information Security By. Dr. Maqableh
Encryption/Decryption

encryption decryption
plaintext ciphertext plaintext

Plaintext: a message in its original form


Ciphertext: a message in the transformed,
unrecognized form
Encryption: the process for producing ciphertext from
plaintext
Decryption: the reverse of encryption
Key: a secret value used to control
encryption/decryption
2
Information Security By. Dr. Maqableh
Computationally Difficult

Cryptographic algorithms need to be reasonably


efficient
Cryptographic algorithms are not impossible to
break with the key
e.g. try all the keys brute-force cryptanalysis
Time can be saved by spending money on more
computers.
A scheme can be made more secure by making the
key longer
Increase the length of the key by one bit
The good guys job just a little bit harder
The bad guys job up to twice as hard.

3
Information Security By. Dr. Maqableh
To Publish or Not to Publish

Not to publish the algorithms


We can achieve better security if we keep the algorithm secret
Hard to keep secret if widely used
Reverse Engineering
Publish the algorithms
Security of the algorithms depend on the secrecy of the keys
Less unknown vulnerabilities if all the smart (good) people
examine the algorithm
Common practice
Commercial: published
Military: kept secret

4
Information Security By. Dr. Maqableh
Some Trivial Cipher

Caesar cipher:
Substitution cipher
Replace each letter with the one 3 letters later
A -> D, O -> R
Caption Midnight Secret Decoder rings
Pick a secret n between 1 and 25
Shift variable by n: HAL -> IBM if n is 1
Monoalphabetic cipher
Arbitrary mapping of one letter to another
26!, approximately 4 x 1026
Statistical analysis of letter frequencies

5
Information Security By. Dr. Maqableh
Cryptanalysis: Break an Encryption Scheme
Ciphertext only
Analyze only with the ciphertext
Exhaustive search until recognizable plaintext
Need enough ciphertext
Known Plaintext
<plaintext, ciphertext> is
obtained
Great for monoalphabetic cipher
Chosen Plaintext:
Choose plaintext, get the ciphertext
Useful if limited set of messages

6
Information Security By. Dr. Maqableh
Types of Cryptographic functions
Secret Key Cryptography
One key
Public Key Cryptography
Two keys: public, private
Hash function
No key

7
Information Security By. Dr. Maqableh
Secret Key Cryptography

encryption decryption
plaintext ciphertext plaintext

key same key key

Same key is used for both encryption and decryption


Symmetric cryptography
Conventional cryptography
Ciphertext is about the same length as the plaintext
Examples: DES, IDEA, AES

8
Information Security By. Dr. Maqableh
Secret Key Cryptography contd
Transmitting over an insecure channel
Challenge: how to share the key?
Secure storage on insecure media
Strong Authentication: prove knowledge of a secret
without revealing it
Send challenge r, and verify the returned encrypted{r}
Challenge should be chosen from a large pool
Integrity Check: a fixed-length cryptographic
checksum for a message
Send MIC (Message Integrity Code) along with the
message

9
Information Security By. Dr. Maqableh
Public Key Cryptography
encryption decryption
plaintext ciphertext plaintext

public key private key

Invented/published in 1975
Each individual has two keys:
Private key is kept secret
Public key is publicly known
Much slower than secret key cryptography
Also known as
Asymmetric cryptography
10
Information Security By. Dr. Maqableh
Public Key Cryptography contd

plaintext
signing Signed verification
plaintext
message
private key public key
Digital Signature
Only the party with the private key can generate a digital
signature
Verification of the signature only requires the knowledge of
the public key
The signer cannot deny he/she has done so.

11
Information Security By. Dr. Maqableh
Applications of Public Key Cryptography
Security uses of public key cryptography
Known public key cryptography is orders of magnitude
slower than the best known secret key cryptographic algo.
Transmitting over an Insecure Channel
Alice Bob
Encrypt mA using eB Decrypt to mA using dB

Decrypt to mB using dA Encrypt mB using eA


Secure Storage on Insecure Media
Because of performance issues, you can randomly generate a secret
key, encrypt the data with that secret key, and encrypt the secret key
with the public key
Using public key of a trusted person

12
Information Security By. Dr. Maqableh
Applications of Public Key Cryptography
Authentication
No need to store secrets, only public keys.
Alice wants to verify Bobs identity

Alice Bob
Encrypt r using eb Decrypt to r using db
r

Secret key cryptography: need to share secret key for every


person to communicate with

13
Information Security By. Dr. Maqableh
Case Study: Applications of Public
Key Cryptography in SSH2
Assume that [email protected] tries to log into
mensa.cs.lamar.edu as bsun:
Run ssh-keygen at galaxy1.cs.lamar.edu
Copy the generated public key in id_rsa.pub to
./ssh/authorized_keys in mensa.cs.lamar.edu
id_rsa (at galaxy1.cs.lamar.edu) holds the generated private key

14
Information Security By. Dr. Maqableh
Applications of Public Key Cryptography

Digital Signatures
Authorship: Prove who generate the information
Integrity: the information has not been modified
Non-repudiation: cannot do with secret key cryptography

15
Information Security By. Dr. Maqableh
Hash Algorithms

Message digests, one-way transformations

Message of A fixed-length
Hash h
arbitrary length short message
Easy to compute h(m)
Given h(m), no easy way to find m
Computationally infeasible to find m1 and m2, so that
h(m1) = h(m2)

16
Information Security By. Dr. Maqableh
Applications of Hash Algorithms
Password hashing
Store the hash of the password
Message integrity
Keyed Hash
Alice and Bob agree on a secret key k
Alice computes h(m|k) and sends it with m
Does not require encryption
Message Fingerprint
For a large data structure: save the message digest of the
data on the tamper-proof backing store.
Digital Signature Efficiency
Compute a message digest and sign it
Public key algorithms are processor-intensive

17
Information Security By. Dr. Maqableh

You might also like