Upload
baldric-sharp
View
218
Download
0
Embed Size (px)
Citation preview
Information Systems Security
Introduction to Cryptography
What is Cryptography
It is an applied branch of mathematics It is used to provide
Confidentiality Integrity Authentication Authorization Non-repudiation
Why Cryptography
Encrypting data against disclosure, modification
Signing data against modification, repudiation To provide security for eCommerce
Application area Storing data encrypted
Even access would not lead to disclosure Transmitting data securely
Prevent eavesdropping Identifying your partner
Prevent man in the middle attack Proof of identity
Avoiding impersonation
Terms used Encryption
The process of encoding a message so that the meaning is not obvious
Decryption The reverse process of encryption
Plaintext The original form of the message
Cipher text The disguised (encrypted) text
Terms used
P – plaintext C – cipher text E – encryption algorithm D – decryption algorithm
C = E(P)P = D(C)P = D(E(P))
Terms used
The encryption process involves An algorithm – mostly public A key – must be private
C = EK(P)
P = DK(C)
P = DK(EK(P))
Software components Hash functions: handling the whole document
takes too long Encryption/decryption: same algorithm for
symmetric but different for asymmetric and signature
Signature: combine a document with a private key
Key agreement: creating a shared secret Key generation: creating secure keys
Classification of Cryptographic Systems The way the plaintext is processed
Block cipher Stream cipher
Type of operations performed Substitution Transposition
Number of keys used Symmetric Asymmetric
Block encryption
Data divided into fixed size blocks and symmetric encryption worked on them one at a time (e.g. 64 bits in 64 bits out)
Main method is substitution and permutation by using S-boxes
Early block cipher: Playfair Present block cipher: DES, AES
Stream encryption
Symmetric encryption done on the bit stream (1 bit in, 1 bit out)
The usual method is to use symmetric encryption in chain mode (cipher block chaining) where the previous cipher block is XOR to next plaintext block
Early stream cipher: Vigerene Present stream cipher: RC4
Classical techniques - Substitution
Substitute a character, digit or symbol for each character in plaintext
Examples Mono alphabetic cipher
Caesar cipher Atbash cipher
Poly alphabetic cipher Playfair cipher
The Caesar cipher - Cryptanalysis
Try all 25 possible keys Use the nature of the plain text
Single character occurrences Digrams Trigrams
The Caesar cipher – CryptanalysisFrequency Table of single letters
The Caesar cipher – CryptanalysisDigrams and Trigrams
Digrams an, re, er, nt, th, on, in, am, is, to, be, he,
we, no, ofTrigrams
ent, ion, and, the, are, you, she, not
Playfair cipher Use a 5 x 5 matrix Use a keyword Use 2 characters at a time
Playfair cipher - rules
Repeating plaintext letters are separated with a filling letter e.g. X
Plaintext letters on the same row is replaced by letters right to it
Plaintext letters on the same column is replaced by letters beneath it
Else, replace plaintext by the corner letters of the rectangle formed by the 2 letters
Playfair example
Key: PLAYFAIR EXAMPLE
P L A Y F
1 R E X M
B C D G H
J K N O S
T U V W Z
Playfair example
Plain text
Hide the gold in the tree stump Change into capital letters
HI DE TH EG OL DI NT HE TR EE ST UM P Check for repeating letters
HI DE TH EG OL DI NT HE TR EX ES TU MP Encrypt
Playfair example
What is the cipher text? BM ND ZB XD KY BE JV DM UI XM MN UV
IF
Transposition
Change the location of a character Examples
Rail fence cipher Columnar transposition Enigma machine
Rail fence cipher Plain text
we are discovered flee at onceRail fence cipher of 3 rails
W..R..I..O..R..F..E..O..E .E..E..S..V..E..L..A..N.. ..A..D..C..E..D..E..T..C.
Cipher text WRIORFEOEEESVELANADCEDETC
Symmetric encryption
Based on a shared secret by the participants and an algorithm
The secret is used for both encryption and decryption key
To protect the confidentiality of the data Are usually efficient and fast Main weakness is the need for the shared
secret
Symmetric encryption
Asymmetric encryption
Designed to overcome issues relating to key distribution
Also offers authenticity 2 keys
Public key – known by everyone Private key – known only by owner
Keys operate as inverse, one key can decrypt message encrypted by the other
Asymmetric encryption
Symmetric vs Asymmetric
Symmetric Asymmetric
Number of keys 1 2
Protection Must be secret Public & Private
Key distribution Out of band Used to exchange other keys
Speed Fast 10,000 times slower
Usage Security & integrity of data
Key exchange, authentication
Hash A hash is a cryptographic one way function
that produces a record smaller than the plaintext
The plaintext cannot be recovered from the hash and for a good hash function it is impossible for 2 plaintexts to produce the same hash (collision)
Hash
A hash encrypted by the document signer’s private key can be used as a signature for a document
Used to produce Message Authentication Codes (MAC) to verify the integrity of a message
Digital signature
Algorithms
Symmetric DES, 3DES, AES
Asymmetric RSA, DSA (only for signature)
Hash Sha-1, MD5
Others Diffie-Hellman for key agreement
PGP (Pretty Good Privacy)
Designed by Phil Zimmermann for providing cryptographic protection of e-mail and file storage
Uses the strong cryptographic algorithm Offers
Authentication using digital signatures Confidentiality with use of encryption
Bytes conversion to ASCII for e-mail
PGP design philosophy
Written for individual technically skilled end users Every user creates and manages their own keys Every user has a freedom to choose whom to
trust No administrative organisation or government
involved in operation
Sending a PGP message
Receiving a PGP message