Class 16

Cryptography

Objectives of Information Security

• Confidentiality (secrecy)– Only the sender and intended receiver should be able to understand the

contents of the transmitted message

• Authentication– Both the sender and receiver need to confirm the identity of other party involved

in the communication

• Data integrity– The content of their communication is not altered, either maliciously or by

accident, in transmission.

• Availability– Timely accessibility of data to authorized entities.

Friday, 11 March 2016 2

Objectives of Information Security

• Non-repudiation

– An entity is prevented from denying its previous commitments or actions

• Access control

– An entity cannot access any entity that it is not authorized to.

• Anonymity

– The identity of an entity if protected from others.


Basic Terminology

• plaintext - the original message

• ciphertext - the coded message

• cipher - algorithm for transforming plaintext to ciphertext

• key - info used in cipher known only to sender/receiver

• encipher (encrypt) - converting plaintext to ciphertext

• decipher (decrypt) - recovering ciphertext from plaintext

• cryptography - study of encryption principles/methods

• cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key

• cryptology - the field of both cryptography and cryptanalysis


Basic Terminology

• unconditional security

– no matter how much computer power is available, the cipher cannot be broken

since the ciphertext provides insufficient information to uniquely determine the

corresponding plaintext

• computational security

– given limited computing resources (eg time needed for calculations is greater

than age of universe), the cipher cannot be broken


History – The Manual Era

• Dates back to at least 2000 B.C.

• Pen and Paper Cryptography

• Examples

– Scytale – Spartan method involved wrapping a belt around a rod of a given

diameter and length

– Atbash – Hewbrew cipher which mirrored the normal alphabet (shown in The

DaVinci Code)

– Caesar – Shift all letters by a given number of letters in the alphabet

– Vignère – Use of a key and multiple alphabets to hide repeated characters in an

encrypted message


History – The Mechanical Era

• Invention of cipher machines

• Examples

– Confederate Army’s Cipher Disk

– Japanese Red and Purple Machines

– German Enigma


History – The Modern Era

• Computers!

• Examples

– Lucifer

– Rijndael

– RSA

– ElGamal


Cryptography

• Cryptography is a method of storing and transmitting data in a

particular form so that only those for whom it is intended can read and

process it.


Cryptographic Methods

• Symmetric

– Same key for encryption and decryption

– Key distribution problem

• Asymmetric

– Mathematically related key pairs for encryption and decryption

– Public and private keys


Symmetric

• Fast

• Only provide confidentiality

• Need secure channel for key distribution

• Key management headaches from large number of key pairs to

maintain


Symmetric or Private Key


Symmetric Algorithms

• DES– Modes: ECB, CBC, CFB, OFB, CM

• 3DES

• AES

• IDEA

• Blowfish

• RC4

• RC5

• CAST

• SAFER

• Twofish


Asymmetric

• Large mathematical operations make it slower than symmetric

algorithms

• No need for out of band key distribution (public keys are public!)

• Scales better since only a single key pair needed per individual

• Can provide authentication and nonrepudiation


Asymmetric or Public Key


Asymmetric Algorithms

• Diffie-Hellman

• RSA

• El Gamal

• Elliptic Curve Cryptography (ECC)


Hybrid

• Combines strengths of both methods

• Asymmetric distributes symmetric key

– Also known as a session key

• Symmetric provides bulk encryption

• Example:

– SSL negotiates a hybrid method


Cipher text

PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD

KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL,

QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV

EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: 'DJOXL EYPD, ICJ X

LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM

LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL

EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ

SXGOKLU?'

Any Guesses???


THE SOLUTION

• Code

• X Z A V O I D B Y G E R S P C F H J K L M N Q T U W

• A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


Plaintext

• Now during this time Shahrazad had borne King Shahriyar three sons.

On the thousand and first night, when she had ended the tale of

Ma'aruf, she rose and kissed the ground before him, saying: 'Great

King, for a thousand and one nights I have been recounting to you the

fables of past ages and the legends of ancient kings. May I make so

bold as to crave a favour of your majesty?’


Types of Cryptography

• Stream-based Ciphers

– One at a time

– Mixes plaintext with key stream

– Good for real-time services

• Block Ciphers

– Amusement Park Ride

– Substitution and transposition


Encryption Systems

• Substitution Cipher

– Convert one letter to another

– Cryptoquip

• Transposition Cipher

– Change position of letter in text

– Word Jumble

• Monoalphabetic Cipher

– Caesar


Encryption Systems

• Polyalphabetic Cipher

– Vigenère

• Modular Mathematics

– Running Key Cipher

• One-time Pads

– Randomly generated keys


Types of Cryptanalytic Attacks

• ciphertext only – only know algorithm / ciphertext, statistical, can identify plaintext

• known plaintext – know/suspect plaintext & ciphertext to attack cipher

• chosen plaintext – select plaintext and obtain ciphertext to attack cipher

• chosen ciphertext – select ciphertext and obtain plaintext to attack cipher

• chosen text – select either plaintext or ciphertext to en/decrypt to attack cipher


Steganography

• Hiding a message within another medium, such as an image

• No key is required

• Example

– Modify colour map of JPEG image


Public Key Infrastructure

• All components needed to enable secure communication

– Policies and Procedures

– Keys and Algorithms

– Software and Data Formats

• Assures identity to users

• Provides key management features


PKI Components

• Digital Certificates

– Contains identity and verification info

• Certificate Authorities

– Trusted entity that issues certificates

• Registration Authorities

– Verifies identity for certificate requests

• Certificate Revocation List (CRL)


Data Encryption standard


History

• In 1971, IBM developed an algorithm, named LUCIFER which operates

on a block of 64 bits, using a 128-bit key

• Walter Tuchman, an IBM researcher, refined LUCIFER and reduced

the key size to 56-bit, to fit on a chip.

• In 1977, the results of Tuchman’s project of IBM was adopted as the

Data Encryption Standard by NSA (NIST).


DES (Data Encryption Standard)

• Authors: NSA & IBM, 1977

• Data block size: 64-bit (64-bit input, 64-bit output)

• Key size: 56-bit key

• Encryption is fast

– DES chips

– DES software: a 500-MIP CPU can encrypt at about 30K octets per second

• Security

– No longer considered secure: 56 bit keys are vulnerable to exhaustive search


Data Encryption Standard (DES)

• Goal of DES is to completely scramble the data and key so that every

bit of cipher text depends on every bit of data and ever bit of key

• DES is a block Cipher Algorithm

– Encodes plaintext in 64 bit chunks

– One parity bit for each of the 8 bytes thus it reduces to 56 bits

• It is the most used algorithm

– Standard approved by US National Bureau of Standards for Commercial and

nonclassified US government use in 1993


DES Encryption


OSI Security Architecture

• ITU-T X.800 “Security Architecture for OSI”

• Defines a systematic way of defining and providing security

requirements


Aspects of Security

• The OSI security architecture focuses on security attacks, mechanisms,

and services. These can be defined briefly as follows:

– Security attack: Any action that compromises the security of information owned

by an organization.

– Security mechanism: A process (or a device incorporating such a process) that

is designed to detect, prevent, or recover from a security attack.

– Security service: A processing or communication service that enhances the

security of the data processing systems and the information transfers of an

organization. The services are intended to counter security attacks, and they

make use of one or more security mechanisms to provide the service.


Security Attack

• any action that compromises the security of information owned by an

organization

• information security is about how to prevent attacks, or failing that, to

detect attacks on information-based systems

• often threat & attack used to mean same thing

• have a wide range of attacks

• can focus of generic types of attacks

– passive

– active


Passive Attacks


Active Attacks


Security Services

• X.800:

• “a service provided by a protocol layer of communicating open

systems, which ensures adequate security of the systems or of data

transfers”

• RFC 2828:

• “a processing or communication service provided by a system to give a

specific kind of protection to system resources”


Model for Network Security


Model for Network Access Security



Business

Class 16