Computer Security:

Principles and Practice

IS-820: Computer Security
Dr. Mehdi Hussain
MSIS
Current Status
• Introduction/Overview
• Why and What to Secure?
• Computer Security Concepts
• Threats, Attacks, and Assets
• OSI Security Architecture
• Security Functional Requirements
• Fundamental Security Design Principles
• Attack Surfaces and Attack Trees
• Computer Security Strategy

Assignment 1/3
Quiz 0/4
Project 0/1
MSE 0/1
ESE 0/1
Outline
• Cryptographic Tools
• Confidentiality with Symmetric Encryption
• Message Authentication and Hash Functions
• Internal Structure of DES
• Public-Key Encryption
• Digital Signatures and Key Management
• Random and Pseudorandom Numbers
Objective
• Explain the basic operation of symmetric block encryption algorithms.
• Compare and contrast block encryption and stream encryption.
• Discuss the use of secure hash functions for message authentication.
• List other applications of secure hash functions.
• Explain the basic operation of asymmetric block encryption algorithms.
• Present an overview of the digital signature mechanism and explain the concept
of digital envelopes.
• Explain the significance of random and pseudorandom numbers in cryptography
Cryptographic Tools
• Cryptographic algorithms are the important elements in security services

• Consists of various classifications

• Block and Stream ciphers
• Symmetric Encryption
• Public-key (asymmetric) Encryption
• Digital signatures and key management
• Secure hash functions
Brief History of Cryptography
Cryptography Basics

• Plaintext – A message in its natural format readable by an attacker

• Encryption algorithm: The encryption algorithm performs various substitutions
and transformations on the plaintext.
• Secret key: The secret key is also input to the encryption algorithm. The exact
substitutions and transformations performed by the algorithm depend on the
key.
• Ciphertext – Message altered to be unreadable by anyone except the intended
recipients
• Keyspace – Total number of possible values of keys in a crypto algorithm
• Decryption algorithm: This is essentially the encryption algorithm run in reverse.
It takes the ciphertext and the secret key and produces the original plaintext.
Confidentiality by Encryption
Encryption

1110010 0110100

0110100 1110010
1000110 1000110

Kerkhoff’s principle
The adversary knows all details about a cryptosystem except the secret key.

“The security of a system lies in keeping the keys secret”

Encryption
Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)

• X = plaintext
• Y = ciphertext/ encrypted text
• K = secret key
• E = encryption algorithm
• D = decryption algorithm
• Both E and D are known to public

Without knowledge of the key it would be difficult for the attacker to decrypt.

10
Cryptography Classifications
1. Types of operations
• Substitution
• Transposition
• Combinations are called product ciphers
2. The number of key used
• Symmetric
• Asymmetric
3. The way in which the plaintext is processed
• Block ciphers
• Stream ciphers
Substitution:
Caesar Cipher/ Shift Cipher/ Additive Cipher

• Earliest known substitution cipher invented by Julius Caesar

• A very basic substitution cipher
• E.g.: Each letter is replaced by the letter three positions further down
the alphabet.

Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• Example: ohio state  RKLR VWDWH

12
Caesar Cipher

• Mathematically, map letters to numbers:

a, b, c, ..., x, y, z
1, 2, 3, ..., 24, 25, 26

• Then the general Caesar cipher for a single character is:

c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26

13
Transposition: Railfence cipher
• A transposition cipher rearranges the plaintext letters according to a secret
transformation defined by the key.

• The simplest example is railfence cipher, in which the plaintext is written in rows of
n-letter blocks (the number of columns, n is the key) and then the ciphertext is
read in columns

• Example:
• Plaintext: TRANSPOSITIONCIPHERX
• Key is: 5
• Re-write as rows of 5-letter blocks:
TRANS
POSIT
IONCI
PHERX

• Cipher text: TPIPROOHASNENICRSTIX

Transposition: Railfence cipher
• Problems with the railfence cipher:
• The first and last letters of the plaintext do not move
• The key is a number that divides the total message length

• In a single columnar transposition cipher, the key is a word or phrase whose

letters, in alphabetic order, indicate the order of the columns as they are read

• Example:
• Plaintext: TRANSPOSITIONCIPHER
• Key is “SECRET”, so re-write as rows of 6-letter blocks:
SECRET CEERST
521436 123456
TRANSP ARSNTP
OSITIO ISITOO
NCIPHE ICHPNE
R R
• Cipher text: AIIRSCSIHNTPTONRPOE
Transposition: Railfence cipher
• Modified Example :

• Plaintext: TRANSPOSITIONCIPHER
• Key is “SECRET”, so re-write as rows of 6-letter blocks:
SECRET CEERST
521436 123456
TRANSP ARSNTP
OSITIO ISITOO
NCIPHE ICHPNE
RABCDE BADCRE
• Ciphertext: AIIB RSCA SIHD NTPC TONR POEE
Confidentiality by Symmetric Encryption
• Keypoints for symmetric encryption
• Sender and recipient share a common key
• All classical/ historical encryption algorithms are symmetric
• Anybody having the key can carry out encryption/ decryption

• There are two requirements for secure use of symmetric encryption:

• Strong encryption algorithm
• Assume attacker know the algorithm with multiple ciphertexts, but still
unable to figure out the key.
• Sender and receiver must obtain the copies of secret key in secure
manners and must be able to kept secure.

17
Types of Attacks
Types of Attacks
• Opponent’s goal is to break cryptosystem: adversary
• Assume adversary knows the algorithm but not key, so may attack like
• A ciphertext only: when an attacker has a quantity of ciphertext
• Goal is to recover the plaintext or the key
• A known plaintext: when an attacker has a quantity of ciphertext and its
corresponding plaintext
• Goal is to recover the key
• A chosen plaintext: Attacker can generate ciphertext w.r.t plaintext;
supplied by the attacker (Public keys available)
• Goal is to recover the key
• A chosen ciphertext: Ciphertext chosen by attacker with corresponding
decrypted plaintext with the Key
• Goal is to recover the key
Cryptanalysis
• Cryptanalysis is the study of breaking ciphers (also called code breaking or
cracking) or reading encrypted messages without knowledge of the key

• Goals:
• Decrypt a message
• Recover the key

• Types of attacks depend on:

• The type of information available
• Interaction with the cipher
Attacking Symmetric Encryption
• Cryptanalysis (non-brute-force)
• rely on nature of the algorithm
• plus some knowledge of plaintext characteristics
• even some sample plaintext-ciphertext pairs
• exploits characteristics of algorithm to deduce specific plaintext or
key
• brute-force attack
• try all possible keys on some ciphertext until get an intelligible
translation into plaintext
Exhaustive Key Search
Brute-Force Attack
• Try every key to decipher the ciphertext.
• On average, need to try half of all possible keys: x/2
• Time needed depends on the key size and the computation resources
Cracking the Caesar cipher
Example: Exhaustive key search
Suppose we have the ciphertext:
TYQZCXLETZYDPNFCTEJ
We decrypt the ciphertext by trying all 25 possible valid keys:
1. UZRADYMFUAZEQOGDUFK
2. VASBEZNGVBAFRPHEVGL
3. WBTCFAOHWCBGSQIFWHM
14.HMENQLZSHNMRDBTQHSX
4. XCUDGBPIXDCHTRJGXIN 15.INFORMATIONSECURITY
5. YDVEHCQJYEDIUSKHYJO 16.JOGPSNBUJPOTFDVSJUZ
6. ZEWFIDRKZFEJVTLIZKP 17.KPHQTOCVKQPUGEWTKVA
7. AFXGJESLAGFKWUMJALQ 18.LQIRUPDWLRQVHFXULWB
19.MRJSVQEXMSRWIGYVMXC
8. BGYHKFTMBHGLXVNKBMR
20.NSKTWRFYNTSXJHZWNYD
9. CHZILGUNCIHMYWOLCNS
21.OTLUXSGZOUTYKIAXOZE
10. DIAJMHVODJINZXPMDOT 22.PUMVYTHAPVUZLJBYPAF
11. EJBKNIWPEKJOAYQNEPU 23.QVNWZUIBQWVAMKCZQBG
12. FKCLOJXQFLKPBZROFQV 24.RWOXAVJCRXWBNLDARCH
13. GLDMPKYRGMLQCASPGRW 25.SXPYBWKDSYXCOMEBSDI
Cracking the Caesar cipher
Example: Exhaustive key search
Suppose we have the ciphertext:
TYQZCXLETZYDPNFCTEJ
14.HMENQLZSHNMRDBTQHSX
We decrypt the ciphertext by trying all 25 possible valid keys:
15.INFORMATIONSECURITY
1. UZRADYMFUAZEQOGDUFK 16.JOGPSNBUJPOTFDVSJUZ
2. VASBEZNGVBAFRPHEVGL 17.KPHQTOCVKQPUGEWTKVA
3. WBTCFAOHWCBGSQIFWHM 18.LQIRUPDWLRQVHFXULWB
4. XCUDGBPIXDCHTRJGXIN 19.MRJSVQEXMSRWIGYVMXC
5. YDVEHCQJYEDIUSKHYJO 20.NSKTWRFYNTSXJHZWNYD
6. ZEWFIDRKZFEJVTLIZKP 21.OTLUXSGZOUTYKIAXOZE
7. AFXGJESLAGFKWUMJALQ 22.PUMVYTHAPVUZLJBYPAF
8. BGYHKFTMBHGLXVNKBMR 23.QVNWZUIBQWVAMKCZQBG
9. CHZILGUNCIHMYWOLCNS 24.RWOXAVJCRXWBNLDARCH
10. DIAJMHVODJINZXPMDOT 25.SXPYBWKDSYXCOMEBSDI
11. EJBKNIWPEKJOAYQNEPU
12. FKCLOJXQFLKPBZROFQV
13. GLDMPKYRGMLQCASPGRW
Cracking the simple substitution cipher
• There are 26! = 4.0329146112661E+26 possible keys (27 digits)

• Exhaustive key search is not practical

• Simple substitution ciphers were considered strong for many centuries

• Arab/Iraqi scientist Abu Yusuf Yaqub ibn Ishaq al-Kindi published his book
“Risalah fi Istikhraj al-Mu’amma” (A Manuscript on Deciphering Cryptographic
Messages), which contains the first ever published description of how to crack
simple substitution ciphers

• The method he described is now known as frequency analysis

Cryptanalysis: Frequency analysis
Attacking the Cipher
• Anagramming
• If 1-gram frequencies match English frequencies, but other n-gram
frequencies do not, probably transposition
• Rearrange letters to form n-grams with highest frequencies

• Example
Example: Transposition Cipher
• Rearrange letters in plaintext to produce ciphertext

• Example (Rail-Fence Cipher)

• Plaintext is HELLO WORLD
• Key ?
• Rearrange as
HLOOL
ELWRD

• Ciphertext is HLOOL ELWRD

Example
• Ciphertext: HLOOLELWRD
• Frequencies of 2-grams beginning with H
• HE 0.0305
• HO 0.0043
• HL, HW, HR, HD < 0.0010
• Frequencies of 2-grams ending in H
• WH 0.0026
• EH, LH, OH, RH, DH ≤ 0.0002
• Implies E follows H
Example
• Arrange it so the H and E are adjacent
HE
LL
OW
OR
LD
• Read off across, then down, to get original plaintext
Statistical Attack

• Compute frequency of each letter in ciphertext:

G 0.1 H 0.1 K 0.1 O 0.3
R 0.2 U 0.1 Z 0.1
• Apply 1-gram model of English
• Frequency of characters (1-grams) in English is on next slide
Character Frequencies

a 0.080 h 0.060 n 0.070 t 0.090

b 0.015 i 0.065 o 0.080 u 0.030
c 0.030 j 0.005 p 0.020 v 0.010
d 0.040 k 0.005 q 0.002 w 0.015
e 0.130 l 0.035 r 0.065 x 0.005
f 0.020 m 0.030 s 0.060 y 0.020
g 0.015 z 0.002
Statistical Analysis
• f(c) frequency of character c in ciphertext

• (i) correlation of frequency of letters in ciphertext with

corresponding letters in English, assuming key is i
• (i) = f(c)p(c – i), where as 0 ≤ i ≤ 25
(i) = 0.1p(6 – i) + 0.1p(7 – i) + 0.1p(10 – i) + 0.3p(14 – i) + 0.2p(17 – i) +
0.1p(20 – i) + 0.1p(25 – i)
• p(x) is frequency of character x in English
Correlation: (i) for 0 ≤ i ≤ 25
i (i) i (i) i (i) i (i)
0 0.0482 7 0.0442 13 0.0520 19 0.0315

1 0.0364 8 0.0202 14 0.0535 20 0.0302

2 0.0410 9 0.0267 15 0.0226 21 0.0517

3 0.0575 10 0.0635 16 0.0322 22 0.0380

4 0.0252 11 0.0262 17 0.0392 23 0.0370

5 0.0190 12 0.0325 18 0.0299 24 0.0316

6 0.0660 25 0.0430
The Result
• Most probable keys, based on :
• i = 6, (i) = 0.0660
• plaintext EBIIL TLOLA
• i = 10, (i) = 0.0635
• plaintext AXEEH PHKEW
• i = 3, (i) = 0.0575
• plaintext HELLO WORLD
• i = 14, (i) = 0.0535
• plaintext WTAAD LDGAS
• Only English phrase is for i = 3
• That’s the key (3 or ‘D’)
Other English language features
• Digram frequencies
• Common digraphs: EN, RE, ER, NT, TH

• Trigram frequencies
• Common trigrams: THE, ING, THA, ENT

• Vowels other than E are rarely followed by another vowel

• The letter Q is followed only by U

Symmetric Encryption
• Conventional / private-key / single-key
• Sender and recipient share a common key
• Techniques: Classical & Modern
Classical Techniques:
Modern Techniques:
• Substitution: • DES
• Caesar Cipher • 3DES
• Monalphabatic Cipher • AES
• Playfair Cipher • RC4
• Hill Cipher
• Polyalphabetic Cipher
• One-Time Pad
• Transposition
• Rotor Machines
One of Security Implementations

ATM PIN SECURITY

38
ATM Introduction
• Automated Teller Machines (ATM) have become ubiquitous and let you
withdraw money from your bank account 24 hrs a day and 7 days a week
with your ATM card. The ATM card constitutes of two things:

• Card number and

• Personal Identification Number or PIN.

• Each bank issues a card number that is unique to each customer. If it is a

debit card, the card number will also be unique worldwide.

• The PIN is like a password to verify a customer’s authenticity.

• Cash dispensers in the ATM verify both the card number and the PIN.

39
Working Principle of ATM

Leased Line

PIN Machine ATM Server

Customer Account
Holding Server

• After the customer enters an ATM counter, he inserts his ATM card into the machine
and types his PIN on a numeric keypad.
• The Cash dispenser reads the card number from the magnetic strip and the PIN that
he has typed and sends them to the ATM Server.
• The ATM Server verifies the PIN against the card number with the help of the PIN
machine and sends a positive or negative acknowledgement to the Cash dispenser.
• At this point, the customer is authenticated and can use his account.
41
ATM PIN Security
• The security of the ATM PIN is a critical element in the entire process.

• There are two ways that an attacker could try to get the ATM PIN:

 He could either sniff the network when the Cash dispenser is transmitting
the PIN to ATM Server or

 He could compromise the ATM Server and PIN machine to extract the PIN of
a user.

• How these threats have been addressed in today’s ATM systems?

42
ATM PIN Security
• To prevent the sniffing of the PIN during the transmission, PIN is encrypted
using DES or 3DES encryption algorithm and then transmitted from Cash
dispenser to ATM Server.
• The shared secret key is stored in Cash dispenser as well as in ATM
Server. This application stores the shared DES key in encrypted form
using vendor’s proprietary algorithm (e.g. ACI ATM software).

• The solution for the second problem is interesting.

• The system splits each customer’s PIN into two parts and stores them in two
different machines. So even if one of the machines is compromised, still PIN
will be secured.

• Now the problem is how to split the PIN securely into two parts?
• Plus have to keep in mind that customer can always change his PIN.
43
ATM PIN Security
• An algorithm has been designed that allows the customer’s PIN to be split and also
allows the customer to change his PIN.
• Let the customer PIN be a and let’s say it is split into two parts b and c .
a=b+c
 b is a variable part of the PIN and is called PIN Offset. The PIN Offset is stored in
the ATM Server.
 c is the constant part of the PIN and is called Natural PIN. The Natural PIN is
generated in the PIN machine each time.

• How does the PIN Machine generate the constant c for each customer and yet keep
it a secret?

• Remember that the ATM card number of a customer is unique. So, the constant
part c can be a cryptographic function of the card number.
c = f (card # ) 44
ATM PIN Security
• There are different methods to derive a constant number from a card number.
• Derive it using the DES algorithm
• The PIN machine stores a DES key in its Electrically Erasable Programmable
Read Only Memory (EEPROM). This key is used to encrypt the card number
and generate DES encrypted value.
• The DES key is stored in the EEPROM of the machine. EEPROM is chip
which is fixed on machine’s circuit board. To retrieve the key, one has to
open the box case, remove the circuit board from the box, connect the
EEPROM to a EEPROM reader to get the key. So physical security is very
important for ATM Server room.
45
ATM PIN Security
• Card # + DES key = DES encrypted value
• This DES encrypted value is then converted into decimalized form and
the first four digits of the value are taken. That is the Natural PIN, c
• Summarize :
DES encrypted value → Decimalized value → First 4 digits of the value = c

• The Natural PIN, the constant part, c is not stored anywhere in the entire
process.
• Hence, Nobody can get the PIN by compromising the PIN machine.

• As the PIN Offset or b is the variable part.

• When a customer changes his/her PIN only this part is changed.

• So even if the ATM Server is compromised, only b will be revealed and it is
useless without c to get actual Customer PIN a .
46
ATM PIN Security Authentication Process
• When a customer inserts his ATM card and type the PIN, the card number and PIN are sent to the ATM
Server in encrypted form.
• The ATM Server decrypts the card number and the PIN;
• It first validates the card number against its database.

• The valid card number, the PIN Offset b of that card and the PIN typed by the customer are sent to
the PIN machine.

• Now the PIN machine generates the Natural PIN c from the card no., adds it with PIN Offset b and
generates the true Customer PIN a .

• Then it compares the actual Customer PIN a with the customer supplied PIN. If the two of them
matched then it sends positive acknowledgement to ATM Server indicating that the customer is
authenticated.

• Note that in this process, the Natural PIN never leaves the tamper proof PIN Machine, and the PIN
machine does not have to store individual PINs of all the users. Instead, it securely stores the DES key
for generating the Natural PIN from each user’s card number.
47
Symmetric Block Encryption
Algorithms
Symmetric Block Encryption Algorithms
• Process the plaintext in to fixed-size series of blocks
• Produces the equal size of chipertext block against plaintext block

• Data Encryption Standard (DES)

• Triple DES
• Advanced Encryption Standard (AES)
DES and Triple-DES
• Data Encryption Standard (DES) is the most widely used encryption scheme
• Uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block
• Concerns about algorithm & use of 56-bit key
• Numerous attempt to exploit the weakness, most studied algorithm.
• Key length concern: 56 bit, 7.2 x 1016, easily broken (10 hours, 1 trillion
1012).
• EEF(1998): DES cracker broken in 3 days ($250000)
• Key size of 128 is still unbreakable through brute-force attacks
• Still take over 100,000 years to break a code
• Compressed/Encoded/general type of data, files ?
• Triple-DES
• Life of DES is Extended 3DES: Repeats basic DES algorithm three times
• Using either two or three unique keys (112, 168)
• More secure but also much slower
DES and Triple-DES
• Drawbacks
• 3DES sluggish in software
• DES was originally produced in 1970s hardware, does not produced efficient
software codec.
• Firstly, 1985 used in financial applications.
• 3DES required 3 times calculation, 168-bit key length
• Both DES and 3DES
• Use 64-bit block size, however for the purpose of efficiency and security
larger block size is desirable.
• Application
• Triple DES is widely used in e-commerce and online payment applications as well
as securing data in Microsoft Outlook. By current projections of the growth in
computer power, Triple DES will remain secure from a brute force attack until at
least 2030. (
https://www.open.edu/openlearn/ocw/mod/oucontent/view.php?id=48322&section=3)
Advanced Encryption Standard (AES)
• Needed a better replacement for DES, 3DES
• NIST called for proposals in 1997
• Efficiency, memory, security, HW/SW suitability, 128, 256, 256 keys
• 15 proposal were accepted, 2nd round 5, and finally
• Selected Rijndael in Nov 2001 (FIPS 197)
• Symmetric block cipher
• Uses 128 bit data & 128/192/256 bit keys
• Now widely available commercially
• Protect archive files, encrypting computer file systems (such as Windows
onwards), encrypting hard disks and for secure file transmission
Feistel Cipher Structure
• Many symmetric block encryption algorithms, including
DES, have a structure first described by Horst Feistel of
IBM in 1973.
• The plaintext block is divided into two halves, L0 and R0
• The subkeys Ki are different from K
• All rounds have the same structure
• A substitution is performed on the left half of the data
with round function F
• Apply exclusive-OR (XOR)

• Substitution, a permutation is performed that consists of

the interchange of the two halves of the data
Feistel Cipher Structure
• Block size: Larger block sizes mean greater security but reduced speed.
• block size of 128 bits is a reasonable tradeoff and is nearly universal among
recent block cipher designs
• Key size: Larger key size means greater security but may decrease encryption/
decryption speed. The most common key length in modern algorithms is 128 bits.
• Number of rounds: The essence of a symmetric block cipher is that a single round offers
inadequate security but that multiple rounds offer increasing security. A typical size is 16
rounds.
• Subkey generation algorithm: Greater complexity in this algorithm should lead to
greater difficulty of cryptanalysis
• Round function: Again, greater complexity generally means greater resistance to
cryptanalysis.
Data Encryption Standard 1/10
• The plaintext is 64 bits in length
and the key is 56 bits in length;
longer plaintext amounts are
processed in 64-bit blocks

• DES structure is a minor

variation of the Feistel network

• There are 16 rounds of

processing

• From the original 56-bit key, 16

subkeys are generated, one of
which is used for each round.
Data Encryption Standard 2/10
• The initial key consists of 64 bits. Every 8th bit are discarded to produced 56 bit key
• DES apply, substitution (also called confusion) and transposition (also called diffusion).
• Broad-level steps in DES are
• In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP)
function.
• The initial permutation is performed on plain text.
• Next, the initial permutation (IP) produces two halves of the permuted block; saying Left
Plain Text (LPT) and Right Plain Text (RPT).
• Now each LPT and RPT go through 16 rounds of the encryption process.
• In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the
combined block
• The result of this process produces 64-bit ciphertext.
Data Encryption Standard 3/10
Data Encryption Standard 4/10
• Initial Permutation (IP)
• Apply only once in start: jugglery of bit positions
• It suggests how the transposition in IP should proceed

• For example, it says that the IP replaces the first bit of the original plain text block
with the 58th bit of the original plain text, the second bit with the 50th bit of the
original plain text block, and so on.
Data Encryption Standard 10/10
Practical Security Issues
• Typically, symmetric encryption employ the fixed size of data unit 64-bit, 128 bit
etc. (block cipher)
• Email, network packet, database record are broken down into series of fixes length data unit
• A simplest approach to encrypt multiple-block is electronic codebook (ECB) mode,
b bits data with same key.
• b=128, plaintext length of nb is divided into n b-bit blocks (P1, P2…Pn), cipher text (C1, C2…)

• ECB mode is not secure for lengthy messages

• Cryptanalyst may exploit regularities, lack of diffusion. If message start with predefined pattern fields with
known plaintext & cipher text pair then easily identified.
• Therefore, mode of operation were introduced discussed later.
Practical Security Issues
Practical Security Issues
Practical Security Issues
• Stream cipher process the input elements continuously (bit or byte level) and
producing output one element at a time.
• App required enc/dec of stream of data over communication channel,
Web/Browser.
• A key is used for pseudorandom bit generator
• Produces a 8 bit number apparently random.
• That unpredictable without knowledge of input key
• The output of generator is called a keystream and XOR with plaintext.

• Security depends on PNR and can be comparable

with block cipher
• More secure, faster and less code than block
ciphers
Revision
• Cryptographic Tools
• Confidentiality with Symmetric Encryption
• Encryption (DES, AES)
• Confidentiality by Symmetric Encryption
• Classical Cryptography
• Substitution ciphers
• Transposition ciphers
• Types of Attacks
• Cryptanalysis
• Brute force
• Practical Issues of Block and Steam Ciphers
• Message Authentication and Hash Functions
• Public-Key Encryption
• Digital Signatures and Key Management
• Random and Pseudorandom Numbers
Outline
• Message Authentication and Hash Functions
• Message Security Requirements
• Message authentication
• Message encryption
• Hash functions
• Message authentication code (MAC)
• HMAC
• Public-Key Encryption
• Digital Signatures and Key Management
• Random and Pseudorandom Numbers
Message Authentication and Hash Functions
• What type of attacks are protected by Encryption (active or passive)?
• Passive attack
• What are the requirement to protect against active attack (falsification of
data and transactions).
• Message or Data authentication
• Why or What are the requirements?
• Masquerade: Insertion of messages into the network from a fraudulent
source
• Content modification: Modification of the contents of a message
• Sequence modification: Modification to a sequence of messages
between parties
• Timing modification: Delay or replay of messages
• Source repudiation: Denial of transmission of message by source
• Destination repudiation: Denial of receipt of message by destination
Message Authentication
• Message authentication is concerned with
• Protecting the integrity of a message
• Validating identity of originator
• Non-repudiation of origin (dispute resolution)

• Three alternative functions used

• Message Encryption
• Message Authentication Code (MAC)
• Hash Functions

• In short, it verifies received message is authentic/genuine, make sure contents is

unaltered, also from authentic source, timeline and correct sequence manners.
Authentication using Symmetric Encryption
Symmetric message encryption
If symmetric encryption is used then:
• Receiver know that sender must have created it, Since only sender and
receiver used the same key, means recognized message
• Know content cannot be altered, otherwise corrupted.
• If message has suitable structure, redundancy or a checksum to detect any
changes, it assure the authentication of message.
Authentication using Symmetric Encryption
• In fact, symmetric encryption alone is not suitable tool for Message
authentication.
• E.g. ECB mode of encryption, if an attacker can reordered the block of
cipher text, then the block still be decrypted successfully.

• However, the reordering may alter the meaning of the overall data
sequence.

• Thus block reordering is a Threat.

• However, it is possible to combine authentication and confidentiality in a

single algorithm by encrypting a message plus its authentication tag.
Authentication without Message
Encryption
• Now, we will discuss Message Authentication approaches that do not rely
on message encryption.
• Separate authentication mechanisms
• Authentication tag is generated and attached into text message
• Message itself is not encrypted and can be read independently on
receiver end
• Why Message authentication without confidentiality
• Alarm Signal etc. broadcast in control system
• Notification of unavailability of server (destination responsible)
• Exchange scenario, one side is resource hungry, cannot decode, so
authentication carried out selective basis or randomly checks
• Still problems exists of message authentication
• Money transfer etc.
• Can we combine authentication with confidentiality?
Message Authentication Codes
• A use of secret key to generate a small block of data MAC
• Appended to the message
• Assume A and B, share a common secret key KAB.
• When A has a message send to B, it calculates the MAC
• MACM = F(KAB, M).
• The message plus code are transmitted to the intended recipient
• The recipient performs the same calculation and compare MAC, if yes then
• Assured that the message is from the legal sender, no one has key
• If the message includes a sequence number, then the receiver can be
assured of the proper sequence.
• Various algorithms could be used to generate the code.
• The NIST recommends the use of DES and the last number of bits of
ciphertext are used as the code. A 16- or 32-bit code is typical.
Message Authentication Codes

Because messages may be any size and the message authentication code is a small fixed
size, there must theoretically be many messages that result in the same MAC. However, it
should be infeasible in practice to find pairs of such messages with the same MAC. This is
known as collision resistance
Limitations of MAC
• Establishment of Shared Secret
• It can provide message authentication among predefined legitimate users
who have shared key.
• This requires establishment of shared secret prior to use of MAC.
• Inability to Provide Non-Repudiation
• MAC technique does not provide a non-repudiation service.
• If the sender and receiver get involved in a dispute over message
origination, MACs cannot provide a proof that a message was indeed
sent by the sender.
• Though no third party can compute the MAC
• Still sender could deny having sent the message and claim that the
receiver forged it, as it is impossible to determine which of the two
parties computed the MAC.
One way Hash Functions
• An alternative to the message authentication
code is the one-way hash function.

• A hash function accepts a variable-size message

M as input and produces a fixed-size message
digest H(M)

• Unlike the MAC, a hash function does not also

take a secret key as input.

• To authenticate a message, the message digest is

sent with the message in such a way that the
message digest is authentic (i.e. fixed size
multiple of 1024 padding etc.).
Message Authentication using HASH function

Still cannot provide a proof that a message was indeed sent by the sender
Message Authentication using HASH function

• It provides a digital signature as well as message authentication; and it does not require the distribution of keys
to communicating parties

• These two approaches have an advantage over approaches that encrypt the
entire message in that less computation is required
Message Authentication using HASH function

• Avoids encryption altogether

• Encryption software is quite slow
• Encryption hardware costs are no negligible
• Encryption hardware is optimized toward large data sizes
• Known as a keyed hash MAC
Secure Hash Functions:
Hash Function Requirements
• H applied to any size data
• H produces a fixed-length output
• H(x) is relatively easy to compute for any given x
• One-way property (Pre-Image Resistance)
• Computationally infeasible to find x such that H(x) = h i.e. computing message from
the hash.
• Weak collision resistance (Second Pre-Image Resistance)
• Computationally infeasible to find y ≠ x such that H(y) = H(x)
• Impossible to find an alternative message with the same hash
• Strong collision resistance (Collision Resistance)
• Computationally infeasible to find any pair (x, y) such that H(x) = H(y)
• If any bits in the message are accidentally altered in transit (birthday attack), the message
digest will error (frame check, sequence etc.). Same message with two hash
• B write a message on behalf of A, and A signed it. i.e. low/high amount
Security of Hash Functions
As with symmetric encryption two approaches to attack on Hash
• Cryptanalysis
• Exploit logical weakness in algorithm
• Brute-force attack
• Try almost all possible inputs
• Strength proportional to size of hash code
• For a hash code of length n, the level of effort required
• One way resistant 2n
• Weak collision resistance 2n
• Collision resistant 2n/2
Hash Algorithms: Message Digest (MD)
• MD5 was most popular used hash function for quite some
years.
• The MD family comprises of hash functions MD2, MD4, MD5
and MD6.
• It was adopted as Internet Standard RFC 1321. It is a 128-bit hash function.
• MD5 digests have been widely used in the software world to
provide assurance about integrity of transferred file.
• For example, file servers often provide a pre-computed MD5 checksum for
the files, so that a user can compare the checksum of the downloaded file
to it.
• In 2004, collisions were found in MD5.
• An analytical attack was reported to be successful only in hour by using
computer cluster. This collision attack resulted in compromised MD5 and
hence it is no longer recommended for use.
• Others like RIPEMD (320 bit ), Whirlpool (512 bit, modified
version of AES)
Hash Algorithms: Secure Hash Function (SHA)
• Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3.
Though from same family, but structurally different.
• SHA-0
• Was the original version, a 160-bit hash function, 1993 by NIST. Few weaknesses were found.
• SHA-1 is the most widely used of the existing SHA hash functions.
• Employed in several widely used apps and protocols Secure Socket Layer (SSL).
• In 2005, uncovering collisions found in SHA-1.
• SHA-2 family has four further SHA variants,
• SHA-224, SHA-256, SHA-384, and SHA-512 depending up on number of bits in their hash value. No
successful attacks have yet been reported on SHA-2 hash function. Though SHA-2 is a strong
hash function.
• In October 2012, the NIST choose the Keccak algorithm as the new SHA-3
standard.
• Keccak offers many benefits, such as efficient performance and good resistance for attacks.
Hash Algorithms: Secure Hash Function (SHA)
• SHA-3 is the latest addition to the SHA family, completely different from MD5,
SHA-1 and SHA-2.
• New cryptographic approach called sponge construction
• NIST doesn’t see SHA-3 as a full replacement of SHA-2.
• SHA3-224,
• SHA3-256,
• SHA3-384,
• SHA3-512,
• SHAKE-128 (output function)
• SHAKE-256 (output function)
Applications of Hash Function
• Caching
• Checksums and Error Detection
• Digital Forensics
• Data Structures
• File and Data Identification
• Blockchain Technology
• Cryptographic Applications
• Data Deduplication
• Data Integrity Verification
Applications of Hash Function
• Password
• Instead of storing password in clear,
mostly all logon processes store the
hash values of passwords in the file.

• The Password file consists of a table

of pairs which are in the form (user
id, h(P)).
Applications of Hash Function
• Intrusion Detection
• Store the H(F) for each file on a system and secure hash value (i.e.
secondary storage).
• Once the intruder change the F without changing H(F), the F is recomputed and
compared with hash value.
• Data Integrity Check
• Data integrity check is a most common application of the hash functions. It
is used to generate the checksums on data files.
Revision
• Cryptographic Tools
• Confidentiality with Symmetric Encryption
• Message Authentication and Hash Functions
• Public-Key Encryption
• Digital Signatures and Key Management
• Random and Pseudorandom Numbers
Public Key Encryption
• Public-key encryption, first publicly proposed by Diffie and Hellman in 1976 is the
first truly revolutionary advance in encryption in literally thousands of years.
• Based on mathematical functions rather than on simple operations on bit
patterns
• Involve the two keys (i.e. public and private)
• The use of two keys has profound consequences in the areas of
confidentiality, key distribution, and authentication.
• Misconceptions
• Public-key encryption is more secure than symmetric encryption w.r.t to
cryptanalysis. (depends on length of key, computational work).
• Public-key encryption is general purpose that obsolete the symmetry
encryption (overheads of public-key are high in term of computations)
• Distribution of keys is trivial in public-key instead of simple handshaking and
key distribution in symmetry. (Some of the protocol is needed, central agent
etc.)
Essential Steps for Public Key Encryption
1. Each user generates a pair of keys to be used for the encryption and
decryption of messages.

2. Each user places one of the two keys in a public register or other accessible
file. This is the public key. The companion key is kept private, each user
maintains a collection of public keys obtained from others.

• If Bob wishes to send a private message to Alice, Bob encrypts the message
using Alice’s public key.

• When Alice receives the message, she decrypts it using her private key. No
other recipient can decrypt the message because only Alice knows Alice’s
private key.
Public Key Encryption
Public Key Authentication

Authentication and/or data integrity

Public Key algorithm Requirements
• Computationally easy to create key pairs
• Computationally easy for sender knowing public key to encrypt messages
• Computationally easy for receiver knowing private key to decrypt ciphertext
• Computationally infeasible for opponent to determine private key from public key
• Computationally infeasible for opponent to otherwise recover original message

• In broad terms, we can classify the use of public-key cryptosystems into three
categories:
• Digital signature
• Symmetric key distribution
• Encryption of secret keys
Asymmetric Encryption Algorithms
• RSA (Rivest, Shamir, Adleman)
• One of the first public-key scheme developed at MIT in 1977
• Only widely accepted public-key encryption algorithm
• Given tech advances need 1024+ bit (300 digits) keys considered strong
• Block cipher
• Exponentiatial cipher
• Relies on the difficulty of determining the number of relatively prime to a large
integer n
Background
• Totient function (n) a) 7 and 9
The factors of 7 are 1 and 7
• Number of positive integers less The factors of 9 are 1, 3, and 9
than n 1 is the only common factor of 7 and 9
• and relatively prime to n HCF of (7, 9) = 1
Thus, (7, 9) is relatively prime because only
• Relatively prime means with no
1 is a common factor.
factors in common with n
gcd(7,9) = 1

a) 8 and 10
• Example: (10) = 4 The factors of 8 are 1, 2, 4, and 8
The factors of 10 are 1, 2, 5, and 10
• 1, 3, 7, 9 are relatively prime to 10 1 and 2 are the common factors of 8 and
10.
HCF (8, 10) = 2
• Example: (21) = 12 Thus, (8,10) is not relatively prime.
gcd(8,10) != 1
• 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19,
20 are relatively prime to 21
Algorithm

• Choose two large prime numbers p, q such that

• Let n = pq ; then (n) = (p–1)(q–1)

• Choose e < n such that e is relatively prime to (n)

• Compute d such that ed mod (n) = 1

• Public key: (e, n); private key: d

• Encipher: c = me mod n
• Decipher: m = cd mod n
Example: Confidentiality

• Take p = 7, q = 11, so n = 77 and (n) = 60

• Alice chooses e = 17, making d = 53 as a private key
• Bob wants to send Alice secret message HELLO (07 04 11 11 14)
• 0717 mod 77 = 28
• 0417 mod 77 = 16
• 1117 mod 77 = 44
• 1117 mod 77 = 44
• 1417 mod 77 = 42
• Bob sends 28 16 44 44 42
Example: Confidentiality
• Alice receives 28 16 44 44 42
• Alice uses private key, d = 53, to decrypt message:
• 2853 mod 77 = 07
• 1653 mod 77 = 04
• 4453 mod 77 = 11
• 4453 mod 77 = 11
• 4253 mod 77 = 14
• Alice translates message to letters to read HELLO
• No one else could read it, as only Alice knows her private key and
that is needed for decryption
Example: Integrity/Authentication

• Take p = 7, q = 11, so n = 77 and (n) = 60

• Alice chooses e = 17, making d = 53
• Alice wants to send Bob message HELLO (07 04 11 11 14) so Bob knows it is
what Alice sent (no changes in transit, and authenticated)

• 0753 mod 77 = 35
• 0453 mod 77 = 09
• 1153 mod 77 = 44
• 1153 mod 77 = 44
• 1453 mod 77 = 49
• Alice sends 35 09 44 44 49
Example: Integrity/Authentication

• Bob receives 35 09 44 44 49
• Bob uses Alice’s public key, e = 17, n = 77, to decrypt message:
• 3517 mod 77 = 07
• 0917 mod 77 = 04
• 4417 mod 77 = 11
• 4417 mod 77 = 11
• 4917 mod 77 = 14
• Bob translates message to letters to read HELLO
• Alice sent it as only she knows her private key, so no one else could have
enciphered it
• If (enciphered) message’s blocks (letters) altered in transit, would not decrypt
properly
Example: Confidentiality + Integrity

• Alice wants to send Bob message HELLO both enciphered and authenticated
(integrity-checked)
• Alice’s keys: public (17, 77); private: 53
• Bob’s keys: public: (37, 77); private: 13

• Alice enciphers HELLO (07 04 11 11 14):

• (0753 mod 77)37 mod 77 = 07
• (0453 mod 77)37 mod 77 = 37
• (1153 mod 77)37 mod 77 = 44
• (1153 mod 77)37 mod 77 = 44
• (1453 mod 77)37 mod 77 = 14

• Alice sends 07 37 44 44 14
Public Key Algorithms
• Diffie-Hellman key exchange algorithm
• only allows exchange of a secret key
• The purpose is that two users securely reach agreement about a shared
secret (key) for symmetric encryption.
• Digital Signature Standard (DSS)
• provides only a digital signature function with SHA-1
• Unlike RSA, it cannot be used for encryption or key exchange.
• Elliptic curve cryptography (ECC)
• Generally, for cryptography, public-key encryption and digital signatures uses
RSA (but bit length increased, memory, load effects the real-time applications)
• new, security like RSA, but with much smaller keys
Public Key Algorithms
Digital Signature
• Public-key encryption can be used for authentication
• E.g. Bob uses a secure hash function, such as SHA-512, to generate a
hash value for the message and then encrypts the hash code with his
private key, creating a digital signature.

• Digital signature does not provide confidentiality. That is, the message
being sent is safe from alteration but not safe from eavesdropping.
• Because any observer can decrypt the message by using the
sender’s public key.

• Digital Signature Algorithm (DSA): The original NIST-approved

algorithm, which is based on the difficulty of computing discrete
logarithms.
• RSA Digital Signature Algorithm: Based on the RSA public-key algorithm.
• Elliptic Curve Digital Signature Algorithm (ECDSA): Based on elliptic-
curve cryptography.
Key Management: Public Key Infrastructure
(PKI)
• In public-key encryption, keys are known thus need a trusted
infrastructure to manage keys.
• Why trusted infrastructure required?
• Key Management
• Cryptographic keys are nothing but special pieces of data.
• Key management deals with entire key lifecycle
• Two important requirements KM
• Secrecy of private keys
• Assurance of public keys
• PKI is required that manage keys for
public- key encryption
Public Key Infrastructure (PKI)
• PKI provides assurance of public key
• With identification of public keys and distribution.

• Public Key Certificate

• Certification Authority
• Registration Authority
• Certificate Management System
• Private Key tokens
Public Key Certificate / Digital Certificate
Public Key Certificate / Digital Certificate
• Like ID card/ driver's license to the person
• Digital Certificates are issued to people, computers, software packages
that proofs identify in electronic world.
• ITU standard X.509.
• Digital certificate managed by CA along with expiration, ids etc. detail.
• CA digitally signs this entire information and includes digital signature in the
certificate.
• For the assurance of a client, we have to initiate signature validation process
using CA’s public key.
• Successful validation assures the public key given in the certificate belongs
to the person
Public Key Certificate / Digital Certificate
Public Key Certificate / Digital Certificate
1. User software (client) creates a pair of keys: one public and one private
2. Client prepares an unsigned certificate that includes the user ID and user’s public key
3. User provides the unsigned certificate to a CA in some secure manner.
• This might require a face-to-face meeting, the use of registered e-mail, or happen via a web form with e-
mail verification.
4. CA creates a signature as follows
I. CA uses a hash function to calculate the hash code of the unsigned certificate.
II. CA encrypts the hash code with the CA’s private key
5. CA attaches the signature to the unsigned certificate to create a signed certificate
6. CA returns the signed certificate to client
7. Client may provide the signed certificate to any other user
8. Any user may verify that the certificate is valid as follows:
I. User calculates the hash code of certificate (not including signature).
II. User decrypts the signature using CA’s known public key.
III. User compares the results of (a) and (b). If there is a match, the certificate is valid
Certifying Authority (CA)
• CA issues certificate to a client and assist other users to verify the
certificate. Responsibilities include

• Generating key pairs

• Issuing digital certificates
• Publishing Certificates (directory form or specific)
• Verifying Certificates
• Revocation of Certificates
Registration Authority (RA)
• CA may use a third-party Registration Authority (RA) to perform

• Necessary checks on the person or company requesting the

certificate to confirm their identity.

• The RA may appear to the client as a CA, but they do not actually sign
the certificate that is issued.

• A Registration Authority (RA) is an authority in a network that verifies

user requests for a digital certificate and tells the Certificate Authority
(CA) to issue it.
Certificate Management System (CMS)
• A management system through which certificates are published
• Temporarily or permanently suspended, renewed, or revoked

• CMS do not normally delete certificates because it may be

necessary to prove their status at a point in time, perhaps for legal
reasons.

• A CA along with associated RA runs certificate management

systems to be able to track their responsibilities and liabilities.
Private Key tokens.
• As public key of a client is stored on the certificate.
• While, associated secret private key can be stored on the owner’s
computer
• But not suitable due to compromising of system

• Therefore, private key is stored on secure removable storage token access

to which is protected through a password.

• Different vendors often use different and sometimes proprietary storage

formats for storing keys.
• Entrust uses the proprietary .epf format
• Verisign, GlobalSign uses standard .p12 format.
The Use of Random Numbers
• A number of network security algorithms based on cryptography make use of
random numbers.
• For example:
• Generation of keys for the RSA public-key encryption algorithm and other
public-key algorithms.
• Generation of a stream key for symmetric stream cipher.
• Generation of a symmetric key for use as a temporary session key or in
creating a digital envelope.
• In a number of key distribution scenarios, such as Kerberos (discuss later),
random numbers are used for handshaking to prevent replay attacks.
• Session key generation, whether done by a key distribution center or by one
of the principals.
Random Numbers
• Random numbers have a range of uses
• key gen, replay attacks, session key
• Requirements:
• Randomness
• Sequence of numbers be random in some well-defined statistical
sense.
• Uniform distribution: frequency of occurrence of each number should be
approximately same.
• Independence : No value can be inferred from others.
• Unpredictability
• successive values not related to previous
• clearly true for truly random numbers
• but more commonly use generator
Pseudorandom
• Cryptographic applications typically make use of algorithmic techniques
for random number generation.
• These algorithms are deterministic and therefore produce
sequences of numbers that are not statistically random. Such
numbers are referred to as pseudorandom numbers
Pseudorandom verses Random Numbers

• Often use algorithmic technique to create pseudorandom numbers

• which satisfy statistical randomness tests
• but likely to be predictable

• True random number generators use a nondeterministic source

• Most operate by measuring unpredictable natural processes
• e.g. radiation, leaky capacitors, increasingly provided on modern
processors
Summary
• Cryptographic algorithms
• Symmetric encryption algorithms for confidentiality
• Message authentication & hash functions
• Public-key encryption
• Digital signatures and key management
• Random numbers