Cryptography

Mr S. D Kanengoni
Masters in International
Computer Science
 Session Agenda
Cryptography
Basics
Cryptology and Cryptanalysis

Motivation
Network

Symmetric
algorithms

Asymmetric
algorithms,

Block ciphers and

Stream ciphers

Authentication,
integrity and non-
repudiation,

Key handling,
multiple public key cryptography, secret sharing
 Topic – Session 1
Cryptography

One way encryption

Two way encryption

Public key, Private Key

Secure Socket Layer (SSL) Digital Certificate

 Cryptography
Goal Of This Lecture

1. Cryptography basics
• History -
• Cipher and Deciphering

2. One way encryption algorithms (MD5, SHA1)

3. Two way encryption algorithms (DES, AES, Triple

DES, RSA)

4. Public key private key encryption

5. Secure Socket Layer (SSL) Digital Certificate

Cryptography
What is Cryptography
• Cryptography or cryptology (from
Ancient Greek: κρυπτός, romanized: kryptós "hidden,
secret"; and γράφειν graphein, "to write", or -λογία -logia, "study",
respectively)

• is the practice and study of

techniques for secure
communication in the presence of
third parties called adversaries.
Cryptography
Cryptology
Cryptanalysis
 Cryptography terminology

Cryptography
Study of methods, mathematic technics related to security
concept

Cryptosystem
Set of algorithm, key and secured protocol

Cryptanalysis
Study of existing cryptosystem

© 2011 SAP AG. All rights reserved.

Using a clearly labelled diagram explain the Network
Security Model highlighting the components involved.
 Motivation

Increase of the exchanges over the Internet :

) informations
) commercial

Changing work habits :

) more communications
) more mobility
) more subcontractors.

Thus, less control on information

 Networking «Environment»

• Yesterday :
) centralized
) paper exchange
) no remote access
• Today :
) distributed, either on different sites or locally
) remote access
) subcontractors increase
More and more computer-dependant : I S become crucial. 98%
of the companies admit an addiction from moderate to severe.
 Goals of security

Increase the security in front of identified threats. Try to reach

• Confidentiality : keep the information

secret

• Integrity : no information change by

unauthorized people

• Authentication : determine whether

someone or something is, in fact, who
or what it is declared to be
 Two kinds of security

Data security : concerns what is inside the

computer (crypto+error correcting codes)

Network security : concerns data when they

are on the move between end systems.
 Data protection

5 main characteristics :
• Confidentiality : The information shouldn’t be available to
an unauthorized user nor a process
• Integrity : information should not be modified nor
destroyed by an unauthorized user
• authentication : determine whether someone or
something is, in fact, who or what it is declared to be
• Disponibility : information has to be available to
authorized users
• Provability : usage of logs
 C R Y P T O L O G Y : C R Y P T O G R A P H Y + C RY P TA N A LYS I S

Cryptology = science of secrecy.

How :
encipher a plaintext into a ciphertext to protect its secrecy.
The recipient deciphers the ciphertext to recover the plaintext.
A cryptanalyst shouldn’t complete a successful cryptanalysis.
Attacks [6] :
• known ciphertext : access only to the ciphertext
• known plaintexts/ciphertexts : known pairs
(plaintext,ciphertext) ; search for the key
• chosen plaintext : known cipher, chosen cleartexts ;
search for the key
 Cryptanalysis
Techniques
Cryptanalysis is the process of breaking an encryption code
Tedious and difficult process
Several techniques can be used to deduce the algorithm
Attempt to recognize patterns in encrypted messages, to be able to break
subsequent ones by applying a straightforward decryption algorithm
Attempt to infer some meaning without even breaking the encryption,
such as noticing an unusual frequency of communication or
determining something by whether the communication was short or
long
Attempt to deduce the key, in order to break subsequent messages easily
Attempt to find weaknesses in the implementation or environment of use
of encryption
Attempt to find general weaknesses in an encryption algorithm, without
necessarily having intercepted any messages
 Short history

J. Stern [8] : 3 ages :

• craft age : hieroglyph, bible, ..., renaissance, → WW2
• technical age : complex cipher machines
• paradoxical age : P K C

Evolves through maths’ history, computing and cryptanalysis :

• manual
• electro-mechanical
• by computer
 Polybius’s square
Polybius, Ancient Greece : communication with torches

1 2 3
4 5
1 a b c d
e
2 f g h ij
k
3 l m n o
p
4 q r s t
u
5 v w x y
z

TEXT changed in 44,15,53,44. Characteristics

• encoding letters by numbers
 History – ancient Greece

500 B C : scytale of Sparta’s generals

Secret key : diameter of the stick

 History – Caesar

Change each char by a char 3 positions farther

Abecomes d, B becomes e. . .
The plaintext TOUTE LA GAULE becomes wrxwh od jdxoh.
 Why enciphering ?

• Yesterday :
) for strategic purposes
(the enemy shouldn’t be able to read messages)
) by the church
) diplomacy

• Today, with our numerical environment

) confidentiality
) integrity
) authentication
 Goals of cryptology

Increasing number of goals :

• secrecy : an enemy shouldn’t gain access to information
• authentication : provides evidence that the message
comes from its claimed sender
• signature : same as auth but for a third party
• minimality : encipher only what is needed.
 The tools

• Information Theory : perfect cipher

• Complexity : most of the ciphers just ensure computational
security
• Computer science : all make use of algorithms
• Mathematics : number theory, probability, statistics,
algebra, algebraic geometry,...
Cryptography as a toolbox
 Cryptography Basic

Plain Text

tryto
re
adthis
mess
a

© 2011 SAP AG. All rights reserved.

 Cryptography Basic

tryto
re
adthis
Cipher
mess
a

© 2011 SAP AG. All rights reserved.

 Cryptography Basic

Key

tryto
re
adthis
Cipher
mess
a

© 2011 SAP AG. All rights reserved.

 Cryptography Basic

Key Ciphered Text

101101
tryto 010100
re 001111
101010
adthis
Cipher 101010
mess
a

© 2011 SAP AG. All rights reserved.

 Cryptography Basic

k k’
101101
tryto 010100 tryto
re 001111 re
101010 adthis
adthis
Cipher 101010 Decipher mess
mess
a
a

© 2011 SAP AG. All rights reserved.

 Definition

Plain text : An original text to be protected

Cipher : the encryption mechanism

Decipher : the decryption mechanism

Key : main tool for the encryption/decryption

© 2011 SAP AG. All rights reserved.

 Ciphers
Shannon’s Characteristics of “Good” Ciphers
The amount of secrecy needed should determine the
amount of labor appropriate for the encryption
and decryption.
The set of keys and the enciphering algorithm should
be free from complexity.
The implementation of the process should be as
simple as possible.
Errors in ciphering should not propagate and cause
corruption of further information in the
message.
The size of the enciphered text should be no larger
than the text of the original message.
 Encryption Systems
Properties of Trustworthy Systems
It is based on sound mathematics.
Good cryptographic algorithms are are derived from solid
principles.
It has been analyzed by competent experts and found
to be sound.
Since it is hard for the writer to envisage all possible attacks
on the algorithm
It has stood the “test of time.”
Over time people continue to review both mathematical
foundations of an algorithm and the way it builds upon
those foundations.
The flaws in most algorithms are discovered soon after their
release.
Cryptographic primitives
Substitution
Transpositio
n
 Substitution Ciphers
Caesar Cipher
Caesar Cipher is a method in which each letter in the alphabet
is rotated by three letters as shown

ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC

• Let us try to encrypt the message

– Attack at Dawn
Assignment: Each student will exchange a secret message
with his/her closest neighbor about some other person in the
class and the neighbor will decipher it.
 Substitution Ciphers
Caesar Cipher
Encryption
Plain Text Cipher Text
Cipher:
Message: Caesar Cipher Message:
Attack at Dawn Algorithm Dwwdfn Dw Gdyq

Key (3)
Decryption
Cipher Text Plain Text
Cipher:
Message: Caesar Cipher Message:
Dwwdfn Dw Gdyq Algorithm Attack at Dawn

Key (3)

How many different keys are possible?

 Substitution Cipher
Monoalphabetic Cipher

Any letter can be substituted for any other letter

Each letter has to have a unique substitute

ABC D EFGH I J K LM N OPQ RSTUVWXYZ

MNBVCXZASDFGHJ KLPO IUYTREWQ

There are 26! pairing of letters (~1026)
Brute Force approach would be too time consuming
Statistical Analysis would make it feasible to crack the key

Message: Encrypted
Cipher: Message:
Bob, I love you. Monoalphabetic Nkn, s gktc wky.
Alice Cipher mgsbc

Key
 Substitution ciphering:
Mono-alphabetic substitution

Send me the Send me the

recipe of recipe of
the magical the magical
potion potion

Tfoe nf uif Tfoe nf uif

sfdjqf pguif sfdjqf pguif
nbhjdbm nbhjdbm qpujpo
qpujpo

© 2011 SAP AG. All rights reserved.

 Substitution ciphering :
Mono-alphabetic substitution

Original Message
S e n d e ...
m

a b
b c
c d
... ...
z a

Encrypted Message
T f o e f ...
n

© 2011 SAP AG. All rights reserved.

 Substitution Cipher
Polyalphabetic Caesar Cipher
Developed by Blaise de Vigenere
Also called Vigenere cipher
Uses a sequence of monoalpabetic ciphers in tandem
e.g. C1, C2, C2, C1, C2
Example
Plain Text ABCDEFGH I JKLMNOPQRSTUVWXYZ

C1(k=6) F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
C2(k=20) T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

Message: Encrypted
Cipher: Message:
Bob, I love you. Monoalphabetic Gnu, n etox dhz.
Alice Cipher tenvj

Key
 Substitution ciphering:
Polyalphabetic substitution

Vigenere Ciphering
Based on the Caesar cryptosystem.
A key is used to cipher the clear text
h e l l o w o r l d

8 5 12 12 15 27 23 15 18 12 4

a b c d

1 2 3 4

h+a e+b l+c l+d o+a ' '+b w+c o+d r+a l+b d+c

9 7 15 16 16 29 26 19 19 14 7

© 2011 SAP AG. All rights reserved.

 Substitution Cipher
Using a key to shift alphabet
Obtain a key to for the algorithm and then shift the alphabets
For instance if the key is word we will shift all the letters by four and remove the
letters w, o, r, & d from the encryption
We have to ensure that the mapping is one-to-one
no single letter in plain text can map to two different letters in cipher text
no single letter in cipher text can map to two different letters in plain text

Plain Text ABCDEFGH I JKLMNOPQRSTUVWXYZ

C1(k=6) WORDABCEFGH I JKLMNPQSTUVXYZ

Message:
Encrypted
Cipher: Message:
Bob, I love you.
??
Alice

WORD
 Substitution ciphering:
The ‘perfect’ substitution ciphering

The length of the key should be equal to the length of the message to be
encrypted.

One-time pad
Difficult to distribute and store the key

Long random number sequences

Difficulty to synchronizate between the two parties

© 2011 SAP AG. All rights reserved.

 Transposition Cipher
Columnar Transposition
This involves rearrangement of characters on the plain text into columns
The following example shows how letters are transformed
If the letters are not exact multiples of the transposition size there may be a few
short letters in the last column which can be padded with an infrequent letter
such as x or z

Plain Text Cipher Text

T H I S I T S S O H
S A M E S O A N I W
S A G E T H A A S O
O S H O W L R S T O
H O W A C I M G H W
O L U M N U T P I R
A R T R A S E E O A
N S P O S M R O O K
I T I O N I S T W C
W O R K S N A S N S
 Transposition
Columnar transposition

HELLO WORLD is encrypted as HORE LLWDLO

H E L L

O W O

R L D

© 2011 SAP AG. All rights reserved.

 Transposition
Columnar transposition

HELLO WORLD is encrypted as HORE LLWDLO

H E L L

O W O

R L D

© 2011 SAP AG. All rights reserved.

Ciphering mode
Stream
Block
 Stream ciphering

Stream ciphering is done bit per bit without waiting the whole encryption of
the message.

Key generator

Message substitution bit per bit ciphered bit

Hello world! wdfesratrtde

Example
XOR
One-time pad

© 2011 SAP AG. All rights reserved.

Block ciphers modes of operation
 Modes of operation pictured

h tt p :/ /e n . wi k i p e d i a . o rg / wi k i / Bl o c k _ ci p h er _ mo d e _o f _ o p er a t i o n
 Block ciphering

The plain text is divided into blocks.

A block cipher encrypts a group of plaintext symbols in one
block

Key

hel
lo
wor
ld!

P lainte xt Bl ock cipher Ci ph ere d text

df g
tyu

opt

wer

© 2011 SAP AG. All rights reserved.

 Block ciphering

A strong cipher contains the right level of two main attributes:

confusion and diffusion. Confusion is commonly carried out
through substitution, while diffusion is carried out by using
transposition. For a cipher to be considered strong, it must
contain both of these attributes to ensure that reverse-
engineering is basically impossible. The randomness of the
key values and the complexity of the mathematical functions
dictate the level of confusion and diffusion involved.

© 2011 SAP AG. All rights reserved.

 EBC Mode

Electronic Book Code

Each block of 64 bits encode
Prone to Replay Attack

HEL LO RLD
B1 B2 Bn

...
K Cipher K Cipher K Cipher

C1 C2 Cn

WCS TSF GFS

© 2011 SAP AG. All rights reserved.

 CBC Mode

Cipher Block Chaining

Use the last encrypted block
Need of a Initialization Vector

HEL LO WOR
IV B1 B2 B3

...
K Cipher K Cipher K Cipher

C1 C2 C3

AGF GSF GFS

© 2011 SAP AG. All rights reserved.

 Message.length mod Key.size !=0 ???

Pad with space

Input block: A B C D _ _ _
_ Hex : 41 42 43 44 20 20 20 20

Pad with zero

Input block: A B C D _ _ _
_ Hex : 41 42 43 44 00 00 00 00

Pad with zero expect the last

one equals to the padding byte
number
Input block: A B C D _ _ _
_ Hex : 41 42 43 44 00 00 00 04

© 2011 SAP AG. All rights reserved.

Encryption algorithms
One way function
Symmetric algorithm
Asymmetric algorithm
Hybrid algorithm
 One-way function

Definition
A one-way function(OWF) is a function f such that for each x in the domain of f,
 it is easy to compute f(x)
 but for essentially all y in the range of f, it is computationally infeasible to find any x such
that y = f(x).
 Anti collusion property: x has a single representation f(x).

Example Easy
Hash function
Random sequences
x f(x)

Difficult

© 2011 SAP AG. All rights reserved.

H a s h functions
 H a s h functions

Signature can be used only for small sized messages.

Naive soluti on : cut the message to sign into fixed sized
blocks; then sign independently each block
Many problems
• the size of the signature becomes huge
• signing algorithms are pretty slow
 Solution : u s e a h a s h function

Use a cryptographic hash functi on, quick to compute ;

transforms a message of arbitrary length into a fingerprint of
fixed size. Then, sign the fingerprint
message x arbitrary length
↓
fingerprint z = h(x) 160 bits
↓
signature y = si g (z) depends upon the signature
sk

Principle : When Bob signs x he first computes the fingerprint

z = h(x), then he signs with y = sig s k (z) and sends the pair
(x, y ). Everyone can check the validity by

1. re-computing the fingerprint zˆ = h(x)

2. using the verification algorithm, verpk (zˆ, y ).

 Conditions to fulfill

A hash function h computes

z = h(m)

for m a message of arbitrary length ; z is a fixed size fingerprint.

We require h to be one way, i.e.
• h(m) must be easy to compute from m
• z must be hard to invert
Collision of h : pair of distinct words (x, x j ) st h(x) = h(x j ).
h is weak collision resistant if, given a x, it is difficult to find a
collision.
h is strong collision resistant if it is difficult to find any
collision (x, x j ).
 One-way compression function

Like MD5, m is split into n blocs, each of fixed length and the
following is applied :

message

bloc 1 bloc 2 bloc n

valeur valeur
initiale MD5 MD5 MD5 haché
e
 Modern h a s h functions

The hash functions which are commonly used are designed

according to the previous construction.
name bits round×steps relative speed
MD5 128 4×16 1
SHA 160 4×20 0,28

Applicati on to D S A
Digital Signature Algorithm is a signature standard combining
the use of a hash function (MD5 or S H A) and D S S , the latter
being an improvement of El Gamal’s signature scheme.
 Encryption
Symmetric Algorithms
Algorithms in which the key for encryption and
decryption are the same are Symmetric

Example: Caesar Cipher

Types:
1. Block Ciphers
– Encrypt data one block at a time (typically 64 bits, or 128 bits)
– Used for a single message
2. Stream Ciphers
– Encrypt data one bit or one byte at a time
– Used if data is a constant stream of information
 Symmetric Encryption
Key Strength
Strength of algorithm is determined by the size of the key
The longer the key the more difficult it is to crack
Key length is expressed in bits
Typical key sizes vary between 48 bits and 448 bits
Set of possible keys for a cipher is called key space
For 40-bit key there are 240 possible keys
For 128-bit key there are 2128 possible keys
Each additional bit added to the key length doubles the security
To crack the key the hacker has to use brute-force
(i.e. try all the possible keys till a key that works is found)
Super Computer can crack a 56-bit key in 24 hours
It will take 272 times longer to crack a 128-bit key
(Longer than the age of the universe)
 One-way function:
Hash function

A hash function is any function that can be used to map data of arbitrary size
to data of fixed size.

Properties

∀ m ∈ M , H (m) = n
For each m, n is unique.
From n is not possible to find m.
H easy to compute

n is called DIGEST

© 2011 SAP AG. All rights reserved.

 Symmetric algorithm

Encryption: E: MxK  C; E(m, k)=c

D: CxK  M; D(c, k)=m

Decryption: D( E(m, k), k)=m

Property:

k k
101101
tryto 010100 tryto
re 001111 re
101010 adthis
adthis
E(M, K)=M’ 101010 D(M’, K)=M mess
mes
a
sa

© 2011 SAP AG. All rights reserved.

 Symmetric key

The same key is used for the encryption and decryption

Each part should be aware of the key.

© 2011 SAP AG. All rights reserved.

 Symmetric algorithms

Algorithm Block size(bits) Key size(bits)

BlowFish 64 32 or 448

Lucifer - 64 64 bits
DES (1974) 56 bits payload – 8 bits parity
3DES 64 128 – 192

IDEA 64 128

RC2/5/6 64 1-1024
64 usually
Rjindael 128 128,192,256
-AES (1997)

© 2011 SAP AG. All rights reserved.

DES (Data Encryption Standard) :
The algorithm encrypts a 64-bits plaintext block using a 64-bit key .
It has two transposition blocks (P-boxes) and 16 complex round ciphers.
The heart of DES is DES Function. It applies a 48-bit key to the rightmost 32
bits Ri to produce a 32-bit O/P.
It is made up of four operations: an XOR, an Expansion permutation, a group
of
S-boxes and a straight permutation.
AES (Advanced Encryption Standard) :
It was designed because DES’s key was too small.
It is designed with three key sizes:
a. 128
b. 192
c. 256
It is very complex round cipher.
It has three different configurations with respect to the number of rounds and
key size.
 Data Encryption Standard (DES)
Basics
Goal of DES is to completely scramble the data and
key so that every bit of cipher text depends on
every bit of data and ever bit of key
DES is a block Cipher Algorithm
Encodes plaintext in 64 bit chunks
One parity bit for each of the 8 bytes thus it reduces to 56
bits
It is the most used algorithm
Standard approved by US National Bureau of Standards for
Commercial and nonclassified US government use in
1993
 3DES encryption
DES-EDE3

trytore

adthis

messa

000011
DES 001010
101010
Ciphering 101001
101010

101010
DES 101010
101101
Deciphering 010010
010101

010101
DES 010101
010101
Ciphering 010001
010100

© 2011 SAP AG. All rights reserved.

 3DES encryption
DES-EDE3

trytore
adthis

messa

000011
001010
DES 101010
Deciphering 101001
101010

101010
101010
DES 101101
Ciphering 010010
010101

010101
010101
DES 010101
Deciphering 010001
010100

© 2011 SAP AG. All rights reserved.

 Symmetric Encryption
Limitations
Any exposure to the secret key compromises secrecy
of ciphertext
A key needs to be delivered to the recipient of the
coded message for it to be deciphered
Potential for eavesdropping attack during transmission of key
 Asymmetric Encryption
Basics
Uses a pair of keys for encryption
Public key for encryption
Private key for decryption
Messages encoded using public key can only be decoded by the
private key
Secret transmission of key for decryption is not required
Every entity can generate a key pair and release its public key

Plain Text Cipher Text Plain Text

Cipher Cipher

Public Key Private Key

 Asymmetric algorithm

Encryption E: MxK C; E(m, k1)=c

Decryption D: CxK D(c, k2)=m

M;
Property D( E(m, k1), k2)=m

k1 k2
101101
tryto 010100 tryto
re 001111 re
101010 adthis
adthis
Cipher 101010 Decipher mess
mes
a
sa

© 2011 SAP AG. All rights reserved.

 Asymmetric algorithm

K1 and K2 are respectively

Private key
Public key

The private key is not distributed

Keep it secret
Used to decrypt message encrypted with public key.

Public key is distributed

The public has to be distributed
Used to decrypt message encrypted with the private key

© 2011 SAP AG. All rights reserved.

 Public key encryption

Confidentiality

Public key Private key

101101
tryto 010100 tryto
001111 re
re
101010 adthis
adthis
Cipher 101010 Decipher mess
mes
a
sa

© 2011 SAP AG. All rights reserved.

 Private key encryption

Private key Public key

101101
tryto 010100 trytore
re 001111
101010 adthis
adthis
Cipher 101010 Decipher mess
mes
a
sa

Non Repudiation of origin

Authentication
© 2011 SAP AG. All rights reserved.
 Asymmetric Encryption
Types
Two most popular algorithms are RSA & El Gamal
RSA
Developed by Ron Rivest, Adi Shamir, Len Adelman
Both public and private key are interchangable
Variable Key Size (512, 1024, or 2048 buts)
Most popular public key algorithm
El Gamal
Developed by Taher ElGamal
Variable key size (512 or 1024 bits)
Less common than RSA, used in protocols like PGP
 Asymmetric Encryption
RSA
RSA is an algorithm used by modern computers to encrypt and decrypt
messages. It is an asymmetric cryptographic algorithm. Asymmetric
means that there are two different keys. This is also called public key
cryptography, because one of the keys can be given to anyone. The
other key must be kept private.

Choose two large prime numbers p & q

Compute n=pq and z=(p-1)(q-1)
Choose number e, less than n, which has no common factor (other than 1) with z
Find number d, such that ed – 1 is exactly divisible by z
Keys are generated using n, d, e
Public key is (n,e)
Private key is (n, d)
Encryption: c = me mod n
m is plain text
c is cipher text
Decryption: m = cd mod n
Public key is shared and the private key is hidden
 Asymmetric Encryption
RSA
P=5 & q=7
n=5*7=35 and z=(4)*(6) = 24
e=5
d = 29 , (29x5 –1) is exactly divisible by 24
Keys generated are
Public key: (35,5)
Private key is (35, 29)
Encrypt the word love using (c = me mod n)
Assume that the alphabets are between 1 & 26

Plain Text Numeric Representation me Cipher Text (c = me mod n)

l 12 248832 17
o 15 759375 15
v 22 5153632 22
e 5 3125 10
 Asymmetric Encryption
RSA
Decrypt the word love using (m = cd mod n)
n = 35, c=29

Cipher cd (m = me mod n) Plain

Text Text
17 481968572106750915091411825223072000 17 l
15 12783403948858939111232757568359400 15 o
22 85264331908653770195619449972111000000 22 v
0
10 100000000000000000000000000000 10 e
 Asymmetric Encryption
Weaknesses
Efficiency is lower than Symmetric Algorithms
A 1024-bit asymmetric key is equivalent to 128-bit symmetric
key
Potential for man-in-the middle attack
It is problematic to get the key pair generated for the
encryption
 Asymmetric Encryption
Man-in-the-middle Attack
Hacker could generate a key pair, give the public key away and
tell everybody, that it belongs to somebody else. Now,
everyone believing it will use this key for encryption,
resulting in the hacker being able to read the messages. If
he encrypts the messages again with the public key of the
real recipient, he will not be recognized easily.
Trudeau’s Trudeau’s
Bob
Message Encrypted
+ public key Cipher Message
David’s
Public Key

David’s
Bob’s Bob’s Public Key
Message Trudeau
Cipher Encrypted David
+ Public key (Middle-man)
Message

Bob’s Attacker Trudeau’s

Public Key Public Key

Trudeau’s David’s
Trudeau’s Trudeau’s
New Message Message
Encrypted Cipher + public key Encrypted Cipher + public key
Message Message
 Asymmetric Encryption
Session-Key Encryption
Used to improve efficiency
Symmetric key is used for encrypting data
Asymmetric key is used for encrypting the symmetric key

Plain Text Cipher Cipher Text

(DES)

Send to Recipient

Encrypted
Cipher Key
(RSA)
Session Key

Recipient’s Public Key

 Asymmetric Encryption
Encryption Protocols
Pretty Good Privacy (PGP)
Used to encrypt e-mail using session key encryption
Combines RSA, TripleDES, and other algorithms
Secure/Multipurpose Internet Mail Extension (S/MIME)
Newer algorithm for securing e-mail
Backed by Microsoft, RSA, AOL
Secure Socket Layer(SSL) and Transport Layer Socket(TLS)
Used for securing TCP/IP Traffic
Mainly designed for web use
Can be used for any kind of internet traffic
 Asymmetric Encryption
Key Agreement
Key agreement is a method to create secret key by exchanging only public
keys.
Example
Bob sends Alice his public key
Alice sends Bob her public key
Bob uses Alice’s public key and his private key to generate a session key
Alice uses Bob’s public key and her private key to generate a session key
Using a key agreement algorithm both will generate same key
Bob and Alice do not need to transfer any key

Alice’s
Private Key

Bob’s Cipher
Public Key
(DES) Alice and Bob
Bob’s Session Key
Generate Same
Private Key Session Key!
Alice’s Cipher
Public Key
(DES)
 Asymmetric Encryption
Key Agreement con’t.
Diffie-Hellman is the first key agreement algorithm
Invented by Whitfield Diffie & Martin Hellman
Provided ability for messages to be exchanged securely
without having to have shared some secret information
previously
Inception of public key cryptography which allowed keys to
be exchanged in the open
No exchange of secret keys
Man-in-the middle attack avoided
 Asymmetric Encryption
Key Diffie-Hellman Mathematical Analysis
Bob & Alice
agree on non-secret
Bob prime p and value a Alice

Generate Secret Generate Secret

Random Number x Random Number y

Bob & Alice

Compute Public Key exchange Compute Public Key
ax mod p public keys ay mod p

Compute Session Key Compute Session Key

(ay)x mod p (ax)y mod p

Identical Secret Key

 Other Asymmetric algorithms

• Diffie Hellman
• DSA
• McEliece
• Merkle-Hellman
• Chor-Rivest
• Goldwasser-Micali
• Blum-Goldwasser

© 2011 SAP AG. All rights reserved.

Comparison between symmetric and asymmetric algorithms

Symmetric cipher for confidentiality

+ Good performances
- Key delivery problems

Asymmetric cipher for confidentiality, integrity

and authentication
- Poor performances
+ No key delivery problems

© 2011 SAP AG. All rights reserved.

 Hybrid ciphering

Let’s combine symmetric and asymmetric algorithms for

secure communications
Asymmetric cipher for session key exchange
Secret key for fast message encryption/decryption

© 2011 SAP AG. All rights reserved.

 Hybrid cipher – scenario (1/5)

???
Symmetric key

Alice Bob
SessionKey

SessionKey
Man in the Middle

© 2011 SAP AG. All rights reserved.

 Hybrid cipher – scenario (2/5)

Bob Public Key

Alice Bob
SessionKey
{ ,

}
public, private

Bob Public Key

Man in the Middle

© 2011 SAP AG. All rights reserved.

 Hybrid cipher – scenario (3/5)

Encrypt ( )
SessionKey
Bob Public Key

Alice Bob
SessionKey
{ ,

}
public, private

Man in the Middle

© 2011 SAP AG. All rights reserved.

 Hybrid cipher – scenario (4/5)

Decrypt [ Encrypt ( )]
SK
BPrivateK
BPublicK

Alice Bob
SessionKey { , }
public, private

Man in the Middle

© 2011 SAP AG. All rights reserved.

 Hybrid cipher – scenario (5/5)

Decrypt ( aMessage )
SessionKey
Encrypt ( aMessage )
SessionKey

Alice Bob
SessionKey
SessionKey

Man in the Middle

© 2011 SAP AG. All rights reserved.

Use of cryptography for security
controls
 Authentication
Basics
Authentication is the process of validating the identity
of a user or the integrity of a piece of data.
There are three technologies that provide
authentication
Message Digests / Message Authentication Codes
Digital Signatures
Public Key Infrastructure
There are two types of user authentication:
Identity presented by a remote or application participating in a
session
Sender’s identity is presented along with a message.
 Authentication
Message Digests
A message digest is a fingerprint for a document
Purpose of the message digest is to provide proof that data has
not altered
Process of generating a message digest from data is called
hashing
Hash functions are one way functions with following properties
Infeasible to reverse the function
Infeasible to construct two messages which hash to same digest
Commonly used hash algorithms are
MD5 – 128 bit hashing algorithm by Ron Rivest of RSA
SHA & SHA-1 – 162 bit hashing algorithm developed by NIST

Message Message Digest

Digest
Algorithm
 Message Authentication Codes
Basics
A message digest created with a key
Creates security by requiring a secret key to be
possesses by both parties in order to retrieve the
message

Message
Message Digest Digest
Algorithm

Secret Key
 Password Authentication
Basics
Password is secret character string only known to user and
server
Message Digests commonly used for password authentication
Stored hash of the password is a lesser risk
Hacker can not reverse the hash except by brute force attack
Problems with password based authentication
Attacker learns password by social engineering
Attacker cracks password by brute-force and/or guesswork
Eavesdrops password if it is communicated unprotected over the network
Replays an encrypted password back to the authentication server
 Authentication
Digital Signatures
A digital signature is a data item which accompanies or is
logically associated with a digitally encoded message.
It has two goals
A guarantee of the source of the data
Proof that the data has not been tampered with

Sender’s Sender’s
Private Key Public Key

Message Digest Digest Message

Sent to Algorithm Algorithm Digest
Receiver

Same?

Digital
Message Signature Signature Signature Message
Digest Algorithm Sent to Algorithm Digest
Receiver

Sender Receiver
 Use of cryptography for digital signature

A digital signature of a message is a number dependent

on some secret known only to the signer, and, on the
content of the message being signed
Security goals
Message integrity
Non repudiation of origin of the message
Digital signature schemes is composed of
Signature processing
Verification processing

© 2011 SAP AG. All rights reserved.

 Signature process:
Document
hashing

S:MxK1
C
Contract
S(m, k1)=c
........... Signature
............ 1.Hash 10101010101001101101 2.Cipher 10111011101001101101
......................
.......................

Contract

3 ...........
101110 3
............ 111010
...................... 011011
.......................
01

© 2011 SAP AG. All rights reserved.

 Signature process:
Asymmetric encryption

Private key
Contract

........... Signature
............ 1.Hash 10101010101001101101 2.Cipher 10111011101001101101
......................
.......................

Contract

3 ...........
101110 3
............ 111010
...................... 011011
.......................
01

© 2011 SAP AG. All rights reserved.

 Signature process

Contract

........... Signature
............ 1.Hash 10101010101001101101 2.Cipher 10111011101001101101
......................
.......................

Contract

3 ...........
101110 3
............ 111010
...................... 011011
.......................
01

© 2011 SAP AG. All rights reserved.

 Signature verification process:
Document hashing

Contract

...........
101110
............ 111010
...................... 011011
.......................
01

Contract

...........
............ Signature
......................
.......................

5. Hash 5. Decipher the signature

Contract hashed 6. ?= Contract hashed

© 2011 SAP AG. All rights reserved.

Signature verification process:

Contract

...........
101110
............ 111010
...................... 011011
.......................
01

Contract

...........
............ Signature
......................
.......................

5. Hash 5. Decipher the signature

Contract hashed 6. ?= Contract hashed

© 2011 SAP AG. All rights reserved.

Signature verification process:

Contract

...........
101110
............ 111010
...................... 011011
.......................
01

Contract

...........
............ Signature
......................
.......................

5. Hash 5. Decipher the signature

Contract hashed 6. ?= Contract hashed

© 2011 SAP AG. All rights reserved.

 Certificate authentication
Definition Certificate
Certificate are based on asymmetric
cryptographic primitives

Public Key
Private Key

© 2011 SAP AG. All rights reserved.

 DIGITAL CERFTIFICATES
A digital certificate is a signed statement by a trusted party that another party’s public
key belongs to them.
This allows one certificate authority to be authorized by a different authority (root CA)
Top level certificate must be self signed
Any one can start a certificate authority
Name recognition is key to some one recognizing a certificate authority
Verisign is industry standard certificate authority

Identity
Information

Signature Certificate
Sender’s
Algorithm
Public Key

Certificate
Authority’s
Private Key
 Certificate

Information Part

Certification Authority Name

Certificatie Owner Name

IP hashed
Certificate Validity Period

Ciphering Algorithm used

Owner Public key

IP Hashed

Trusted Part IP Hashed signature

Trusted Part Signature Trusted Part
with the CA private key

© 2011 SAP AG. All rights reserved.

 Certificate example

© 2011 SAP AG. All rights reserved.

 Certificate example

© 2011 SAP AG. All rights reserved.

 X509 Certificate

Standard format for certificates, X.509, contains:

version
serial number
signature algorithm ID
issuer name(X500 Distinguished Name)
validity period
subject(user) name (X500 Distinguished Name)
subject public key information
issuer unique identifier (version 2 and 3 only)
subject unique identifier (version 2 and 3 only)
extensions (version 3 only)
signature on the above fields

© 2011 SAP AG. All rights reserved.

 Certificate request
Information Part

Name

Email

Registration Authority
Alice sends a request to a
Registration Authority for a
certificate creation.

Alice

© 2011 SAP AG. All rights reserved.

 Certificate request

The RA generates a
public,private key pair
The RA sends the private key
Registration Authority
to Alice

Alice

© 2011 SAP AG. All rights reserved.

 Certificate Signature
Information Part

Name
Email
Public Key
Issuer
Certificate Authority Asymmetric Algorithm
Hash function

After security policy

enforcement,the information part
of the certificate is sent to the CA
Registration Authority
to be signed

Alice

© 2011 SAP AG. All rights reserved.

 Certificate Signature
Information Part

Owner Name
Owner Email
Owner Public Key
Issuer info
Certificate Authority Asymmetric Algorithm
Hash function

CA Signature

Registration Authority
The CA signs with its private key
the certificate information part.

The CA signature is added to the

information part.
Alice
The certificate is generated

© 2011 SAP AG. All rights reserved.

 Certificate Publication
Information Part

Owner Name
Owner Email
Directory Owner Public Key
Issuer info
Certificate Authority Asymmetric Algorithm
Hash function

CA Signature

Registration Authority

The CA publishes the Certificate in a Directory (

e.g., LDAP Directory (Lightweight Directory
Access Protocol))

Alice

© 2011 SAP AG. All rights reserved.

 Certificate Revocation

Information Part
Certificate
Public Key Owner Name
Revocation Owner Email
Directory
List Owner Public Key
Certificate Authority Issuer info
Asymmetric Algorithm
Hash function

CA Signature

Registration Authority

A certificate can be revocated by the CA.

All the certificate revocated are registered in a

CRL (Certificate Revocation List)
Alice

© 2011 SAP AG. All rights reserved.

 CA hierarchic
Root CA

Sub CA1

Certification

Sub CA2

SubSubCA1

Certification

SubSubCA1

© 2011 SAP AG. All rights reserved.

 Certificate Verification Bob CA trusted list
 Root CA
 CA3
 CA4
Root CA
certificate

CA1
signed by
certificate

CA2
signed by certificate

signed by Alice certificate

© 2011 SAP AG. All rights reserved.

 Certificate verification Bob CA trusted list
 Root CA
Root Certificate  CA3
IP  CA4

Auto signature

Find a trusted Issuer

CA1 Certificate

IP
signed by
Signature

CA2 Certificate

IP
signed by
Signature

Alice Certificate

IP
signed by
Signature

© 2011 SAP AG. All rights reserved.

 Certificate verification Bob CA trusted list
2. Root Certificate trusted
Root Certificate  Root CA
IP  CA3
Auto signature  CA4

CA1 Certificate

IP
signed by
Signature

CA2 Certificate

IP
signed by
3. For each certificate, check Signature
 T h e validity
 T h e issuer signature

 T h e name, … Alice Certificate

IP
signed by
Signature

© 2011 SAP AG. All rights reserved.

 Authentication Protocols
Basics
Set of rules that governs the communication of data related to authentication
between the server and the user
Techniques used to build a protocol are
Transformed password
Password transformed using one way function before transmission
Prevents eavesdropping but not replay
Challenge-response
Server sends a random value (challenge) to the client along with the authentication
request. This must be included in the response
Protects against replay
Time Stamp
The authentication from the client to server must have time-stamp embedded
Server checks if the time is reasonable
Protects against replay
Depends on synchronization of clocks on computers
One-time password
New password obtained by passing user-password through one-way function n times
which keeps incrementing
Protects against replay as well as eavesdropping
 Authentication Protocols
Kerberos
Kerberos is an authentication service that uses symmetric key
encryption and a key distribution center.
Kerberos Authentication server contains symmetric keys of all
users and also contains information on which user has
access privilege to which services on the network
 Authentication
Personal Tokens
Personal Tokens are hardware devices that generate unique
strings that are usually used in conjunction with
passwords for authentication
Different types of tokens exist
Storage Token: A secret value that is stored on a token and is available
after the token has been unlocked using a PIN
Synchronous one-time password generator: Generate a new password
periodically (e.g. each minute) based on time and a secret code stored
in the token
Challenge-response: Token computes a number based on a challenge value
sent by the server
Digital Signature Token: Contains the digital signature private key and
computes a computes a digital signature on a supplied data value
A variety of different physical forms of tokens exist
e.g. hand-held devices, Smart Cards, PCMCIA cards, USB tokens
 Authentication
Biometrics
Uses certain biological characteristics for
authentication
Biometric reader measures physiological indicia and
compares them to specified values
It is not capable of securing information over the network
Different techniques exist
Fingerprint Recognition
Voice Recognition
Handwriting Recognition
Face Recognition
Retinal Scan
Hand Geometry Recognition
Authentication
Iris Recognition
The scanning process takes advantage of the
natural patterns in people's irises, digitizing them
for identification purposes

Facts
Probability of two irises producing exactly the same
code: 1 in 10 to the 78th power
Independent variables (degrees of freedom) extracted:
266
IrisCode record size: 512 bytes
Operating systems compatibility: DOS and Windows
(NT/95)
Average identification speed (database of 100,000
IrisCode records): one to two seconds
 G. Brassard.
Cryptologie contemporaine.
Logique, mathématiques, informatique. Masson, 1993.

J. Daemen and V. Rijmen.

A E S proposal : Rijndael.
Technical report, Katholieke
Universiteit Leuven, 1999.

J. Daemen and V. Rijmen.

The Rijndael bloc cipher.
Technical report, A E S proposal,
1999.

E Dawson and L Nielsen.

Automated cryptanalysis of xor
plaintext strings.
Cryptologia, XX(2) :165–181,
May 1996.

D. Kahn.
La guerre des codes secrets.
InterEditions, 1980.

R.L. Rivest.
Cryptography.
In Handbook of Theoretical
Computer Science, volume
A, chapter 13. Elsevier, 1990.

W. Stallings.
Cryptography and Network Security.
Prentice-Hall, 4th. edition, 2006.

J. Stern.
La science du secret.
Odile Jacob, 1998.
 I P Security

Add crypto techniques (IPSec working groups) to the Internet

standard protocols. The IP security architecture provides
security mechanisms (described in RFC1825) which provide
authentication, integrity, access control and confidentiality
services.

SMTP HTTP FTP

TCP (Transmission Control Protocol)

IP Security Protocol
(AH, ESP)

IP Internet Protocol
 T C P security

Protocols used to secure T C P :

• Secure Socket Layer used by SMTP HTTP
netscape
Transport Layer Security
• Private Communicati on (SSL, TLS)
Technology by Microsoft
TCP (Transmission Control Protocol)
(stopped with S S L 3 )
• Transport Layer Security IP (Internet Protocol)
I E T F standard
Current libraries for T L S : B o r i n g S S L designed by Google
(2015) O p e n S S L , L i b r e S S L coming from OpenBSD and
GnuTLS.
 SSL &TLS

S S L provides authentication, compression, integrity,

confidentiality.
allows several auth. or confidentiality mechanisms and secures
all applicative protocol.
S S L becomes T L S , a standard, by IETF. It contains two layers :
• Agreement or Handshake Protocol
• Communicati on or Record Protocol
which provide the following services :
• connecti on confidentiality by A E S , Camellia, D E S ,
3DES
• connecti on integrity by a MAC using a non-zero IV
(SHA-1 or SHA256 or SHA384)
 A uthentication

This is how Alice verifies Bob’s identity.

Let us call S K B Bob’s private key and P K B its public key

A→B r = a random
message
B →A c = {r } S K B

But signing a random message r given by someone and

sending the signature can be dangerous.
An idea would be to use a hash function h : Bob signs h(r ) but
the danger remains.
 A uthentication

It’s better if Bob signs a message he has chosen provided he

avoids sending m and its signature together :

A→B
"Hi, are you Bob?" B → A
m
= "Alice, I’m Bob"
c = {h(m)} S K B
 Identification

Alice does not know Bob’s P K in advance. How to securely

send his P K ?

A→B "Hi"
B →A "Hi, I’m Bob. Here’s
my PK" P K B A → B "Prove it."
B →A m = "Alice, I’m Bob"
c = {h(m)} S K B

Anybody can usurp Bob’s identity for Alice by giving his own P K
(MIM).
 Transmit a certificate

A certificate provides evidence between an identity and the

corresponding PK .

A→B "Hi"
B →A "Hi, I’m Bob. Here’s my
certificate" cert B A → B "Prove it."
B →A m = "Alice, I’m Bob"
c = {h(m)} S K B

Marjorie could usurp Bob’s identity during the 3 first exchanges

but it would fail after. (Tell when it might not be the case)
 E x c h a n g e a secret

Securing communications with public key crypto is costly. Once

the authentication step is completed, it’s better to share a
secret key to use a symmetrical cipher.

A→B "Hi"
B →A "Hi, I’m Bob. Here’s my certificate" cert B
A→B "Prove it".
B →A m = "Alice, I’m Bob"
c = {h(m)} S K B
A→B "Ok Bob, here’s our secret :"
s = {secret} P K B
B → mj = {message from Bob} s e c re t

A
 Attack

Melchior, the man in the middle can be active during the 5 first
steps. At step 6, he can scramble Bob’s message and Alice
receives an un-readable message :

B →M m j = {message from
Bob} s e c re t
M→A m j changed

Alice has no proof of Melchior’s existence, even if she finds

suspicious Bob’s last message.
 SSL
To counter this attack, it’s better to use a
MAC :
M = h( message from Bob||
A→B "Hi"
secret)
B →A "Hi, I’m Bob. Here’s my certificate" cert B
A→B "Prove it".
B →A m = "Alice, I’m Bob"
c = {h(m)} S K B
A→B "Ok Bob, here’s our secret :"
s = {secret} P K B
B → mj = {message from Bob} s ecret ||h(message from Bob||secret)

A
Melchior can scramble everything, but Alice will be warned of
Melchior’s existence.
 Communication

This protocol allows to send messages of arbitrary size. It splits

it into blocks, eventually compresses, adds a MAC, enciphers
and adds a sequence number to ensure integrity.
Discussion

1.Triple DES, Blowfish,

2.Stream Ciphers, RC5 Algorithm

3.Public Key Cryptography and Cryptanalysis

4.Principles of Public Key Cryptosystems

5.RSA Algorithm

6.Key Management

7.Diffe Hellman Key Exchange

 R e ferences

W. Fumy.
Key management techniques.
In State of the art in applied cryptography, number 1528 in L N C S , pages 209–223. Springer Verlag, 1997.

R S A Laboratories.
P K C S #1 v2.0, R S A cryptography standard.
Technical report, R S A Data Security, 1998.
References