CRYPTOGRAPHY

INTRODUCTION

MS Information Security
Instructor
UMER WAQAS
MS (Information Security)
Riphah Institute of System Engineering (RISE)
With specialization in Cryptography
RIPHAH International University
Experience of 15 years in the filed of Cryptography
MSc (Mathematics)
Department of Mathematics
Peshawar University
Email: umer_waqass@yahoo.com
Phone: +92-321-9834668
TA: Maira Sultan
Phone:
Email:

2
Pre Requisites
Understanding of
Mathematical (Number Theory)
Statistics
Some understanding of security issues
Vulnerabilities
Attacks
Counter measures etc

3
Recommended Reading
Understanding Cryptography
Springer-Verlag Berlin Heidelberg 2010
By: Christof Paar and Jan Pelzl
Cryptography Engineering
WILEY, 2010
By: Niel Ferguson, Bruce Schneier and Tadayoshi
Kohno

Selected Research Papers & RFCs

4
Marks Distribution
Quizzes ... 10%
Assignments ... 10%
Projects ... 20%
Mid-Term ... 20%
Final ... 40%

Note: This is tentative distribution

5
Course Objective

In this course, we will

Make understanding of
Cryptography and its application in information
security

6
Course Objective
We will study:
What is Cryptography
What are the security concerns?
What are the counter-measures?
How cryptography can help us?
How Cryptographic algorithms are designed?
What are the popular cryptographic attacks?

7
Tentative Course Contents
Classical Techniques
Substitution
Transposition
Product Ciphers
Modern Techniques
Symmetric Key Algorithms
Block Ciphers
Feistal Structure
DES, 3-DES, IDEA etc
Secure Permutation Network (SPN)
AES
Stream Ciphers
Encryption Modes

8
Tentative Course Contents
Public-Key/Asymmetric Key Algorithms
Diffie Hellman Key Exchange
RSA Key Generation, Encryption, Decryption
Elliptic Curve Cryptography, ECDH, ECDSA
Hash Function
HASH
MD5, SHA-I, II, III
MAC
HMAC
Cryptanalysis Basics
Popular Attacks on Cryptographic Algorithms
Classical Techniques
Introduction of Modern Techniques

9
Some Terminologies
Data Security:
Generic name for the collection of tools designed to
protect data on hosts as well as data in transit
Host Security:
Collection of tools designed to protect computer
systems and to thwart attacks (Computer security)
Network Security:
Measures to protect data during their transmission
Internet Security:
Measures to protect data during their transmission
over the collection of interconnected networks i.e.
Internet

10
Some Terminologies
Security Attack:
Any action that compromises the security of information
Vulnerability:
Weakness exploiting which security attack can be launched
Security Service:
A service that enhances the security of the data
A security service makes use of one or more security
mechanisms
Security Mechanism:
A mechanism that is designed to detect, prevent or recover
from a security attack
Tool that is used to develop some security service

11
Some Terminologies
Plaintext: the message or data before it gets
encrypted (i.e. in readable form).
Ciphertext: the encrypted (scrambled) version
of the message (i.e. in unreadable form)..
Encryption: scrambling a message or data
using a specialized cryptographic algorithm.
Cipher: the algorithm that does the encryption.
Decryption: the process of converting
ciphertext back to the original plaintext

12
Some Terminologies
Cipher/Secret/Encryption Key: The Key used to
encrypt the message.
XOR: The addition performed under mod 2
Alphabet: a collection of symbols, also referred
as characters.
Bit: a character 0 or 1 of the binary alphabet.
String: a finite sequence of characters or bits

13
Security Attacks

14
Security Attacks
Interruption:
This is attack on availability
e.g. DoS (Denial of Service attack)
Interception:
This is attack on confidentiality
Eavesdropping
Modification:
This is attack on integrity
Fabrication:
This is attack on authenticity

15
Classification of Attacks

16
Classification of Attacks
Passive attacks:
Hidden Enemy!
Eavesdropping/ monitoring of transmission to:
Obtain message contents, or
Monitor traffic flows
Active attacks:
Open Enemy!
Modification of data stream to:
Masquerade of one entity as some other (spoofing)
Modify messages in transit
Replay previous messages
Denial of service

17
Passive Attacks
Release of Message Contents

18
Passive Attacks
Traffic Analysis

19
Active Attacks
Masquerade

20
Active Attacks
Replay attack

21
Active Attacks
Modification of Messages

22
Active Attacks
Denial of Service

23
Security Model

24
Introduction to Cryptography
Over View of Cryptology

25
Introduction to Cryptography
Cryptography
In a narrow sense
Cryptography is the science of secret writing with the goal of hiding
the meaning of a message
In a broader sense
Mathematical techniques used to mangling the information into
apparently unintelligible form
About securing the communication in the presence of adversaries
Cryptanalysis
The study of methods for obtaining the meaning of
encrypted information without accessing the secret
information
Cryptology
Cryptography + Cryptanalysis

26
Standard Algorithm Requirement
Kerckhoffs Principle:
NO SECURITY BY OBSCURITY
The security of an encryption system must
depend only on the key, not on the secrecy
of the algorithm.
The attackers know the algorithm and
some cipher text and try to recover the key
by using this information

27
Services of Cryptography
Cryptography Provide the following
services
Confidentiality
Integrity
Authentication
Non-Repudiation

Eve

Alice Bob
Insecure Channel
28
Services of Cryptography
Confidentiality: assuring that only authorized
parties are able to understand the data
(authorized from the perspective of the party
that encrypt/decrypt the data)..
It is okay if unauthorized parties know that there
is data. It is even okay if they copy (access )the
data, so as long as they cannot understand it.
Technical solutions include:
Encryption

29
Services of Cryptography
Integrity: ensuring that when a message (or
any kind of data, including documents and
programs) is sent over a network, the
message that arrives is the same as the
message that was originally sent.
It is important that the data has not been
tampered with.
Technical solutions include:
Hashing algorithms/MAC algorithms
Digital Signatures

30
Services of Cryptography
Authentication: ensuring that whoever
supplies or accesses sensitive data is an
authorized party.
How can we know that a party that provides us
with sensitive data is an authorized party?
How can we know that the party that is accessing
sensitive data is an authorized party?
This is a difficult problem on the Internet.
Two solutions are:
Passwords/Some Secret
Digital signatures
31
Services of Cryptography
Non-repudiation: ensuring that the intended
recipient actually received the message &
ensuring that the sender actually sent the
message.
Sender cannot deny the message
Receiver cannot deny/alter the message
This is a difficult problem. How do we prove that a
person's cryptographic credentials have not been
compromised?
Technical solutions include:
Digital Signature
32
Types of Cryptographic Algorithms
Secret key Algorithms
Block cipher
Stream Ciphers
MAC, HMAC
Public key Algorithms
Cipher algorithms
Digital Signature

Hash Functions

33
Secret Key Cryptography

Encryption (C = E(K, P))

Plaintext (P) Ciphertext (C)

Key (K)

Ciphertext (C) Plaintext (P)

Decryption (P = D(K, C))

Using a single key for encryption/decryption.

The plaintext P and the ciphertext C having the same size.
Also called symmetric key algorithm

34
Symmetric Algorithms
Two parties have an encryption and decryption method
for which they share a secret key

All cryptography from ancient times until 1976 was

exclusively based on symmetric methods.

Symmetric ciphers are still in widespread use, especially

for data encryption and integrity check of messages

35
Public Key Cryptography
Encryption (C = F(Kpub, P))
Plaintext (P) Ciphertext (C)

Public key (Kpub)

Private key (Kpri)

Ciphertext (C) Plaintext (P)
Decryption (P = F(Kpri, C))
Each individual has two keys
a private key (pri): need not be reveal to anyone
a public key (pub): preferably known to the entire world
Public key algorithm is also called Asymmetric algorithms.

36
Asymmetric (or Public-Key) Algorithms
In 1976 an entirely different type of cipher was
introduced by Whitfield Diffie, Martin Hellman and
Ralph Merkle.

In public-key cryptography, a user possesses a secret

key as in symmetric cryptography but also a public key.

Asymmetric algorithms can be used for applications

such as digital signatures and key establishment, and
also for classical data encryption.

37
Public Key Cryptography
Digital Signatures
Proving that a message is generated by a particular individual
Non-repudiation: the signing individual can not be denied, because only
him/her knows the private key.

Signing (S = F(Kpri, M(P)))

Plaintext (P) Signed
message (S)
Private key (Kpri)

Public key (Kpub)

Signed Plaintext (P)
message Verification (M(P) = F(Kpub, S))
Hash Functions
A mathematical transformation that takes a message of
arbitrary length and computes it a fixed-length (short)
number

Used for the integrity of the message

Can be build by using symmetric algorithm or designed

separately

MD5, SHA-I, SHA-II, SHA-III are the examples of hash

functions
Stream Ciphers
Encrypt bit or byte at a time. The plaintext, the ciphertext and the
key stream consist of individual bits,i.e., Pi,Ci, si {0,1}.
Encryption: Ci = esi (Pi) Pi si mod 2.
Decryption: Pi = dsi (Ci) Ci si mod 2.
Pi-1 Pi Pi+1

Key PRNG + XOR

Pseudo Random
Number Generator

Ci-1 Ci Ci+1
Cryptographic Protocols
Crypto protocols deal with the application of
cryptographic algorithms.

Transport Layer Security (TLS) scheme which is used in

every Web browser, is an example of a cryptographic
protocol

The majority of cryptographic applications in practical

systems, symmetric and asymmetric algorithms (and
often also hash functions) are all used together

41
Cryptography Standards
There are a number of standards related
to cryptography
ISO (International Standard Organization)
IEC (International Electrotechnical Commission)
CRYPTREC (Japanese Government's cryptography
recommendations)
FIPS (Federal Information Processing Standards )
FIPS PUB 46-3 Data Encryption Standard (DES) 1999
FIPS PUB 74 Guidelines for Implementing and Using
the NBS Data Encryption Standard 1981
FIPS PUB 81 DES Modes of Operation 1980
FIPS PUB 186-2 Digital Signature Standard (DSS) 2000 etc
42
Cryptography Standards
NIST (National Institute of Standards and
Technology

43
Questions ???

44