Cryptography

1
 Learning Objectives
Upon completion of this lecture, student should be
able to:
• Explain the basic principles of cryptography
• Describe the operating principles of the most
popular cryptographic tools
• List and explain the major protocols used for
secure communications.

2
 Introduction
Cryptology: the field of science that encompasses
cryptography and cryptanalysis.
Cryptanalysis: the process of obtaining the plaintext
message from a ciphertext message without knowing
the keys used to perform the encryption.
Cryptography: the process of making and using codes
to secure information.
Plaintext or cleartext: The original unencrypted
message that is encrypted and is the result of
successful decryption. 3
 Crypto Terminology
Algorithm: The mathematical formula or method
used to convert an unencrypted message into an
encrypted message. This sometimes refers to the
programs that enable the cryptographic processes.
Bit stream cipher: An encryption method that
involves converting plaintext to ciphertext one bit at a
time
Block cipher: An encryption method that involves
dividing the plaintext into blocks or sets of bits and
then converting the plaintext to ciphertext one block
at a time. 4
 Crypto Terminology
Cipher: The transformation of the individual components
(characters, bytes, or bits) of an unencrypted message
into encrypted components or vice versa.
NB: when used as a noun, the process of encryption or
the algorithm used in encryption.

Ciphertext or cryptogram: The unintelligible encrypted or

encoded message resulting from an encryption.

Code: The process of converting components (words or

phrases) of an unencrypted message into encrypted
components.
5
 Crypto Terminology
Encipher/Encryption: The process of converting an
original message (plaintext) into a form that cannot be
used by unauthorized individuals (ciphertext). Also
referred to as enciphering.

Decryption/deciphering: The process of converting an

encoded or enciphered message (ciphertext) back to its
original readable form (plaintext).

Key/cryptovariable: The information used in conjunction

with the algorithm to create the ciphertext from the
plaintext; a series of bits.
6
 Crypto Terminology
Keyspace: The entire range of values that can be used
to construct an individual key.

Link encryption: A series of encryptions and

decryptions between a number of systems, wherein
each system in a network decrypts the message sent
to it and then re-encrypts the message using different
keys and sends it to the next neighbor.
NB: This process continues until the message reaches
the final destination.

7
 Crypto Terminology
Steganography: The process of hiding messages; for
example, hiding a message within the digital encoding of
a picture or graphic so that it is almost impossible to
detect that the hidden message even exists.

Work factor: The amount of effort (usually expressed in

units of time) required to perform cryptanalysis on an
encoded message.

8
 Cipher Methods
There are two methods of encrypting plaintext: the
bit stream method or the block cipher method.

Bit stream: each plaintext bit is transformed into a

cipher bit one bit at a time.

Block cipher: message is divided into blocks (e.g., sets

of 8- or 16-bit blocks), and each is transformed into
encrypted block of cipher bits using algorithm and
key.

9
 Cipher Methods
Bit stream methods commonly use algorithm
functions like the exclusive OR operation (XOR),
whereas block methods can use substitution,
transposition, XOR, or some combination of these
operations.

10
 Cipher Methods
Exclusive OR (XOR)
A function within Boolean algebra used as an encryption
function in which two bits are compared.

• If the two bits are identical, the result is a binary 0.

• If the two bits are not identical, the result is a binary 1.

Very simple to implement and simple to break; should

not be used by itself when organization is
transmitting/storing sensitive data.

11
 Cipher Methods
Exclusive OR (XOR)

12
 Cipher Methods
Example of Exclusive OR (XOR) Encryption

13
 Cipher Methods
Substitution Cipher
Substitutes or exchanges one value for another.
Monoalphabetic substitution: only incorporates a
single alphabet in the encryption process.
Polyalphabetic substitution: incorporates two or more
alphabets in the encryption process.
Vigenère cipher: advanced type of substitution cipher
that uses a simple polyalphabetic code; made up of 26
distinct cipher alphabets.
14
 Cipher Methods
Transposition Cipher
Also known as a permutation cipher; involves simply
rearranging the values within a block based on an
established pattern.

Can be done at the bit level or at the byte (character)

level.

To make the encryption even stronger, the keys and

block sizes can be increased to 128 bits or more.
15
 Cipher Methods
Vernam Cipher
A cryptographic technique developed at AT&T and
known as the “one-time pad.”
This cipher uses a set of characters for encryption
operations only one time and then discards it.

How Vernam Cipher works:

• The pad values are added to numeric values that
represent the plaintext that needs to be encrypted.
• Each character of the plaintext is turned into a
number and a pad value for that position is added.
16
 Cipher Methods
Cont…
How Vernam Cipher works:
• The resulting sum for that character is then
converted back to a ciphertext letter for
transmission.
• If the sum of the two values exceeds 26, then 26 is
subtracted from the total.

17
 Cipher Methods
Book-Based Ciphers
Uses text from a predetermined book as a key to decrypt a
message.
Book cipher: ciphertext consists of a list of codes representing
page, line, and word numbers of plaintext word.
Running key cipher: uses a book for passing the key to cipher
similar to Vigenère cipher; sender provides encrypted
message with sequence of numbers from predetermined
book to be used as an indicator block.
Template cipher: involves use of hidden message in book,
letter, or other message; requires page with specific number
of holes cut into it. 18
 Cipher Methods
Hash Functions
Mathematical algorithms that create a message
summary or digest to confirm message identity and
integrity.
Convert variable-length messages into a single fixed-
length value.
Message Authentication Code (MAC) may be attached
to a message.
Used in password verification systems to store
passwords and confirm the identity of the user. 19
 Cryptographic Algorithms
These are often grouped into two broad categories:
symmetric and asymmetric.

Today’s popular cryptosystems use a combination of

both symmetric and asymmetric algorithms (hybrid)

NB: Symmetric and asymmetric algorithms are

distinguished by the types of keys used for encryption
and decryption operations.

20
 Cryptographic Algorithms
These are often grouped into two broad categories:
symmetric and asymmetric.

Today’s popular cryptosystems use a combination of

both symmetric and asymmetric algorithms (hybrid)

NB: Symmetric and asymmetric algorithms are

distinguished by the types of keys used for encryption
and decryption operations.

21
 Cryptographic Algorithms
Symmetric Encryption
A cryptographic method in which the same algorithm and
“secret” are used both to encipher and decipher the
message; also known as private-key encryption.
Can be programmed into fast computing algorithms and
executed quickly.
Both sender and receiver must possess the same secret
key.
If either copy of the key is compromised, an intermediate
can decrypt and read messages without sender/receiver
knowledge. 22
 Cryptographic Algorithms
Symmetric Encryption
Data Encryption Standard (DES): one of the most popular
symmetric encryption cryptosystems.
• 64-bit block size; 56-bit key

Triple DES (3DES): created to provide security far beyond DES.

Advanced Encryption Standard (AES): developed to replace

both DES and 3DES
• Adopted by NIST in November 2001 as the federal standard
for encrypting non-classified information

23
 Cryptographic Algorithms
Symmetric Encryption
Data Encryption Standard (DES): one of the most popular
symmetric encryption cryptosystems.
• 64-bit block size; 56-bit key

Triple DES (3DES): created to provide security far beyond DES.

Advanced Encryption Standard (AES): developed to replace

both DES and 3DES
• Adopted by NIST in November 2001 as the federal standard
for encrypting non-classified information

24
 Cryptographic Algorithms
Example of Symmetric Encryption

25
 Cryptographic Algorithms
Asymmetric Encryption
A cryptographic method that incorporates
mathematical operations involving two different keys
(commonly known as the public key and the private
key) to encipher or decipher a message.

Either key can be used to encrypt a message, but then

the other key is required to decrypt it.

Also known as public-key encryption.

26
 Cryptographic Algorithms
Asymmetric Encryption
Uses two different but mathematically related keys.

• Either key can encrypt or decrypt a message

• If Key A encrypts a message, only Key B can decrypt
• Greatest value when one key serves as a private key
and the other serves as a public key

RSA algorithm was the first public-key encryption

algorithm developed/published for commercial use.

27
 Cryptographic Algorithms
Example of Asymmetric Encryption

28
 Encryption Key Size
When deploying ciphers, the size of the cryptovariable
or key is very important.

The strength of many encryption applications and

cryptosystems is measured by key size.

For cryptosystems, the security of encrypted data is

not dependent on keeping the encrypting algorithm
secret.

Cryptosystem security depends on keeping some or

all of elements of cryptovariable(s) or key(s) secret.
29
 Encryption Key Size
It is estimated that to crack an encryption key using a
brute force attack, a computer needs to perform a
maximum of 2^k operations (2k guesses), where k is the
number of bits in the key. NB: In reality, the average
estimated time to crack is half that time.

30
 Cryptographic Tools
Potential areas of use include:
• Ability to conceal the contents of sensitive
messages.
• Verify the contents of messages and the identities
of their senders.

Tools must embody cryptographic capabilities so that

they can be applied to the everyday world of
computing.

31
 Cryptographic Tools
Public-Key Infrastructure (PKI)
An Integrated system of software, encryption
methodologies, protocols, legal agreements, and
third-party services enabling users to communicate
securely.
PKI systems based on public-key cryptosystems

PKI protects information assets in several ways:

1. Authentication 2. Integrity 3. Privacy
4. Authorization 5. Nonrepudiation
32
 Cryptographic Tools
Public-Key Infrastructure (PKI)
Typical PKI solution protects the transmission and
reception of secure information by integrating:

– A Certificate Authority (CA)

– A Registration Authority (RA)
– Certificate directories
– Management protocols
– Policies and procedures

33
 Cryptographic Tools
Digital Signatures
Created in response to rising the need to verify
information transferred via electronic systems.
NB: Asymmetric encryption processes are used to create
digital signatures.
Nonrepudiation: the process that verifies the message
was sent by the sender and thus cannot be refuted.
Digital Signature Standard (DSS) is the NIST standard for
digital signature algorithm usage by federal information
systems. DSS is based on a variant of the ElGamal
signature scheme. 34
 Cryptographic Tools
Digital Signatures
Electronic document/container file containing key value
and identifying information about entity that controls key.

Digital signature attached to certificate’s container file

certifies file’s origin and integrity.
Different client-server applications use different types of
digital certificates to accomplish their assigned functions.

Distinguished name (DN): uniquely identifies a certificate

entity.
35
 Hybrid Cryptography Systems
Except with digital certificates, pure asymmetric key
encryption is not widely used.

Asymmetric encryption is more often used with

symmetric key encryption, as part of a hybrid system.

Diffie-Hellman Key Exchange method:

• Most common hybrid system
• Provides foundation for subsequent developments
in public-key encryption

36
 Hybrid Cryptography Systems
Steganography
The process of hiding messages; for example, hiding a
message within the digital encoding of a picture or graphic
so that it is almost impossible to detect that the hidden
message even exists.
• Also known as the art of secret writing
• Has been used for centuries
• Most popular modern version hides information within
files that contain digital pictures or other images.
Some applications hide messages in .bmp, .wav, .mp3,
and .au files, as well as in unused space on CDs and DVDs.
37
Protocols for Secure Communications
Most of the software currently used to protect the
confidentiality of information are not true
cryptosystems.

They are applications to which cryptographic

protocols have been added.

Particularly true of Internet protocols.

As the number of threats to the Internet grew, so did

the need for additional security measures.
38
 Securing Internet Communication
Secure Sockets Layer (SSL) protocol: developed by
Netscape; uses public-key encryption to secure channel
over public Internet.
Secure Hypertext Transfer Protocol (S-HTTP): extended
version of Hypertext Transfer Protocol; provides for
encryption of individual messages between client and
server across Internet.

NB: S-HTTP is the application of SSL over HTTP: This

allows encryption of information passing between
computers through protected and secure virtual
connection.
39
 Securing E-mails
Secure Multipurpose Internet Mail Extensions
(S/MIME): builds on Multipurpose Internet Mail
Extensions (MIME) encoding format and uses digital
signatures based on public-key cryptosystems.

Privacy Enhanced Mail (PEM): proposed as standard

to use 3DES symmetric key encryption and RSA for key
exchanges and digital signatures.

Pretty Good Privacy (PGP): uses IDEA Cipher for

message encoding.
40
 Securing Web Transactions
In securing Web transactions we use Secure Electronic
Transactions (SET) in together with SSL and S-HTTP

Secure Electronic Transactions (SET): developed by

MasterCard and VISA in 1997 to protect against
electronic payment fraud.
Uses DES to encrypt credit card information transfers.
Provides security for both Internet-based credit card
transactions and credit card swipe systems in retail
stores. .
41
 Securing Wireless Networks
Wired Equivalent Privacy (WEP): early attempt to
provide security with the 8002.11 network protocol.
Wi-Fi Protected Access (WPA and WPA2): created to
resolve issues with WEP.
Next Generation Wireless Protocols: Robust Secure
Networks (RSN), AES–Counter Mode CBC MAC
Protocol (CCMP).
NB: Bluetooth can be exploited by anyone within
approximately 30 foot range, unless suitable security controls
are implemented.
42
 Securing Wireless Networks
Wired Equivalent Privacy (WEP): early attempt to
provide security with the 8002.11 network protocol.
Wi-Fi Protected Access (WPA and WPA2): created to
resolve issues with WEP.
Next Generation Wireless Protocols: Robust Secure
Networks (RSN), AES–Counter Mode CBC MAC
Protocol (CCMP).
NB: Bluetooth can be exploited by anyone within
approximately 30 foot range, unless suitable security controls
are implemented.
43