Computer Security

Cryptography

Dr. Syed Hamid Hussain Madni

School of Computing, Faculty of Engineering,

UTM, Malaysia
The art of war teaches us to rely not on the likelihood of
the enemy's not coming, but on our own readiness to
receive him; not on the chance of his not attacking, but
rather on the fact that we have made our position
unassailable.
—The Art of War, Sun Tzu

Hazinah Kutty Mammi

 What is Cryptography?

• Cryptography
– The science of secret writing
– Kryptos Graphia
– Hiding what you are writing from being read
• Cryptanalysis
– The science of breaking ciphers
– Reading what you should not be
• Cryptology
– Encompasses both subjects

Hazinah Kutty Mammi

 The changing views/uses of
Cryptography

• Traditionally, encryption is used to prevent a third party gaining

access to information in transit.
• With the advent of e-commerce and the use of cryptography in
everyday life, the need and use for cryptography has changed.
• E-commerce now allows encryption to be leverages to create a
trusted third party

Hazinah Kutty Mammi

 Some Definitions

• Plaintext – the original readable text

• Ciphertext – the result of encryption
• Cryptosystem – a system that provides both
encryption and decryption services
• Algorithm – set of mathematical rules for the
transformation of plaintext to ciphertext

Hazinah Kutty Mammi

 Some more definitions

• Key – the random component used to seed the

encryption algorithm
• Key space – the potential pool of possible keys
• Key clustering – when >1 keys produce the same
ciphertext
• Work factor – how hard an algorithm is to break in
terms of resources

Hazinah Kutty Mammi

 Services, Mechanisms,
Attacks
• need systematic way to define requirements
• consider three aspects of information security:
– Security service
– Security mechanism
– Security attack

Hazinah Kutty Mammi

 Security Service

• is something that enhances the security of the data

processing systems and the information transfers of an
organization
• intended to counter security attacks
• make use of one or more security mechanisms to
provide the service
• replicate functions normally associated with physical
documents
– eg. have signatures, dates; need protection from disclosure,
tampering, or destruction; be notarized or witnessed; be
recorded or licensed

Hazinah Kutty Mammi

 Security Mechanism

• a mechanism that is designed to detect,

prevent, or recover from a security attack
• no single mechanism that will support all
functions required
• however one particular element underlies many
of the security mechanisms in use:
cryptographic techniques
• hence our focus on this area

Hazinah Kutty Mammi

 Security Attack

• any action that compromises the security of

information owned by an organization
• information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
• have a wide range of attacks
• can focus of generic types of attacks

Hazinah Kutty Mammi

 Cryptography Dimensions

• Cryptographic systems can generally be classified along

3 independent dimensions
– The types of operation used to transform plaintext
to ciphertext
– The number of keys used
– The way in which the plaintext is processed

Hazinah Kutty Mammi

 Cryptography Dimensions:
Explained
• The types of operation used to transform plaintext to ciphertext
– All encryption algorithms are based on 2 general principles:
substitution (the mapping) and transposition (the
rearranging)
– Fundamental requirement: no info is lost ➔ i.e. all
operations are reversible
– Most systems involves multiple stages of substitution and
transposition

Hazinah Kutty Mammi

 Cryptography Dimensions:
Explained
• The number of keys used
– Symmetric encryption system
• If both sender and receiver use the same key
• a.k.a. single key, secret key, conventional encryption
– Asymmetric encryption system
• If sender and receiver use a different key
• a.k.a. two key, public key encryption
• The way in which the plaintext is processed
– Block cipher ➔ processes input one block of elements at a
time
– Stream cipher➔ processes input elements continuously

Hazinah Kutty Mammi

 Common Goals of Cryptography
(CAIN)

In essence, cryptography concerns four main goals. They are:

• message Confidentiality: Only an authorised recipient should be
able to extract the contents of the message from its encrypted
form.
• sender Authentication: The recipient should be able to identify
the sender, and verify that the purported sender is who they
claim to be.
• message Integrity: The recipient should be able to determine if
the message has been altered during transmission.
• sender Non-repudiation: The sender should not be able to deny
sending the message.

Hazinah Kutty Mammi

 Types of Ciphers

• Classical ciphers
• Symmetric (secret) key
• Asymmetric (public) key
• Hashing

Hazinah Kutty Mammi

 Classical Ciphers

• Classical ciphers used one of the following methods

for the protection of information
• Substitution
• Caesar cipher – (n+x) mod 26
• Permutation/transposition
• Poly alphabetic ciphers
• One-time pad (vernam ciphers)
• Uses modulo addition

Hazinah Kutty Mammi

 Classical ciphers
• Book/ running key
– A large body of text is used as the key
– Vulnerable to redundancy attacks
• Codes
– Construction of words/phrase mappings to other phrases,
number or symbols
• Steganography
– From the Greek for “covered writing”
– Hiding the existence of a message
– Microdots, watermarks

Hazinah Kutty Mammi

 Substitution
– One letter is exchanged for another
– Monoalphabetic Ciphers.
• Caesar Cipher - letters shifted right or left by a certain
amount
• replaces each letter by 3rd letter on
Ci = E(pi) = pi + 3
COMPUTER → FRPSXWHU
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB

Hazinah Kutty Mammi

 Caesar cipher
• can define transformation as:
ybtktzwrfdsnsjfr
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• mathematically give each letter a number
Key, k = 5
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
• then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)

Hazinah Kutty Mammi

 Cryptanalysis of Caesar
Cipher
• only have 26 possible ciphers
– A maps to A,B,..Z
• could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• eg. break ciphertext "GCUA VQ DTGCM“
• what is the plaintext? _________

23
 Monoalphabetic Cipher

• rather than just shifting the alphabet

• could shuffle (jumble) the letters arbitrarily
• each plaintext letter maps to a different random
ciphertext letter
• hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

24
 Language Redundancy and
Cryptanalysis
• human languages are redundant
– eg "th lrd s m shphrd shll nt wnt"
• letters are not equally commonly used
• in English e is by far the most common letter
• then T,R,N,I,O,A,S
• other letters are fairly rare
– cf. Z,J,K,Q,X
• have tables of single, double & triple letter
frequencies

25
English Letter Frequencies

26
 Use in Cryptanalysis

• key concept - monoalphabetic substitution ciphers

do not change relative letter frequencies
• discovered by Arabian scientists in 9th century
• calculate letter frequencies for ciphertext
• compare counts/plots against known values
• if Caesar cipher look for common peaks/troughs
– peaks at: A-E-I triple, NO pair, RST triple
– troughs at: JK, X-Z
• for monoalphabetic must identify each letter
– tables of common double/triple letters help

27
 Polyalphabetic Ciphers
(PaC)
• Key is a word used repeatedly – e.g. “cash”, “house”,
“heehaa”
• Key = “car” plaintext = “deco”
d = (3 + 2)mod 26 = 5 ➔ f deco
e = (4 + 0)mod 26 = 4 ➔ e carc +
c = (2 + 17)mod 26 = 19 ➔ t ------
o = (14 + 2)mod 26 = 16 ➔ q fetq

Hazinah Kutty Mammi

 …decode PaC

• Key = “car” ciphertext = “fetq” fetq

f = (5 - 2)mod 26 = 3 ➔ d carc -
e = (4 - 0)mod 26 = 4 ➔ e
------
t = (19 - 17)mod 26 = 2 ➔ c
q = (16 - 2)mod 26 = 14 ➔ o
deco
• Try encoding and decoding this
Key = ‘cash’ plaintext = ‘meetmeat’

Hazinah Kutty Mammi

 Polyalphabetic Substitutions

• Polyalphabetic Ciphers.
– Frequency distribution reflects the underlying letters.
– makes cryptanalysis harder with more alphabets to guess
and flatter frequency distribution
• Introduce different algorithms for different order (odd/even)

Example:
Odd ➔ F1(x) = (3 * x)mod 26.
Even ➔ F2(x) = ((5 * x) +13) mod 26.

Hazinah Kutty Mammi

 Polyalphabetic Substitutions
Example:
Odd ➔ F1(x) = (3 * x)mod 26.
= (3 * 0) mod 26 = 0 ➔ A → A
Even ➔ F2(x) = ((5 * x) +13) mod 26.
= ((5 * 0) +13) mod 26 = 13 ➔ A → N
Table for Odd Positions
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADGJMPSVYBEHKNQTWZCFILORUX
Table for Even Positions
ABCDEFGHIJKLMNOPQRSTUVWXYZ
NSXCHMRWBGLQVAFKPUZEJOTYDI

Hazinah Kutty Mammi

 Contd…

Encryption for : TREATY IMPOSSIBLE

TREAT YIMPO SSIBL E

would be
FUMNF DYVTF CZYSH H

32
 Cryptanalysis of polyalphabetic
• If we can decide the number of alphabets,we
can use the frequency distribution of each
alphabet the deduce the substitutions
– Kasiski method
– Index of coincidence

33
 Kasiski Method

• Relies on the regularity of English

• Examples
– th, -ing, -ed, -ion, -tion, etc. are often repeated
– of, and, to, with, are, etc. are often repeated
• If a message is encoded with n alphabets in cyclic
rotation, and if a word or letter group appears k
times in the plain-text, it should be encoded
approximately k/n times to the same ciphertext

34
 Kasiski Method
12345 67123 45671 23456 71234 56712 34567 12345
itwas thebe stoft imesi twast hewor stoft imesi
67123 45671 23456 71234 56712 34567 12345 67123
twast heage ofwis domit wasth eageo ffool ishne
45671 23456 71234 56712 34567 12345 67123 45671
ssitw asthe epoch ofbel iefit wasth eepoc hofin
• itwasthe is enciphered using the 67123456 alphabets
once in the first row and twice in the third row.
• The distance between these occurrences must be a
multiple of the key-length (the number of alphabets)

35
 Kasiski Method

• Distances:
Starting Distance Factors
position from previous
20 63 3,7,9,21,63
83 21 3,7,21
104
• The number of alphabets is probably 3 or 7
• Then use e.g. frequency analysis on each alphabet

36
 Kasiski Method

• Identify repeated patterns of three or more

characters
• Compute the distances between the starting
points of successive instances of a pattern
• Determine all factors of each distance
• The key length will probably be one of the
factors that appears often in step 3.

37
 Index of Coincidence

• Measures the variation between

frequencies in a distribution
• Monoalphabetic substitution of English text
has a index of coincidence of about 0.068
– 2 alphabets: 0.52, 3 alphabets : 0.47,
etc.
• We can use this to validate the predictions
from the Kasiski method

38
 One Time Pad

• The One Time Pad or Vernam Cipher is an "upgrade" of the

Caesar Cipher.
• Instead of using only one number as a key, we now use one
number/letter per plain text letter. Thus, the key has to be at
least as long as the plain text.
• The benefit: It guarantees perfect security.
In fact this cipher is the only cipher that is guaranteed to be
perfectly secure.
• However, the usage is anything but practical.
• Shortcomings:
– Keywords may only be used once
– Keywords must be at least same length as word
Hazinah Kutty Mammi
• Mathematically, the encryption and decryption functions can
be described as follows:
• Say the sender wants to encode his plain text P - consisting of
the letters P1 P2 P3...Pn etc. - using the key b -- consisting of the
letters b1 b2 b3...bn etc. The sender first encodes plain letter P1
using the key letter b1, then P2 using b2, etc. as follows:
C1 = (P1 + b1) mod 26,
C2 = (P2 + b2) mod 26,
C3 = (P3 + b3) mod 26,
...
Cn = (Pn + bn) mod 26 .

Hazinah Kutty Mammi

• The recipient receives the the cipher text C - consisting
of the letters C1 C2 C3...Cn. He first decodes cipher
letter C1 using the key letter b1, then C2 using b2, etc.
as follows:
P1 = (C1- b) mod 26,
P2 = (C2 - b) mod 26,
P3 = (C3 - b) mod 26,
...
Pn = (Cn - b) mod 26.

Hazinah Kutty Mammi

 Try this…
• Try encoding and decoding
– Key = ‘twister’ plaintext = ‘nuclear’
– Key = ‘sleepingbeauty’ plaintext =
‘whohasthemoney’
– Key = ‘carts’ plaintext = ‘lorry’

Hazinah Kutty Mammi

 Running Key/Book Cipher

• Key does not repeat, but is not random. It may

be text extracted from a book, specified by a
starting page number and line number
• Please refer to Pfleeger pg.50 for an example.

Hazinah Kutty Mammi

 Transposition Ciphers

• Transposition ciphers encrypt plaintext by moving

small pieces of the message around.
• Anagrams are a primitive transposition cipher.
• This example shows "VOYAGER" being encrypted with
a primitive transposition cipher where every two
letters are switched with each other:
VOYAGER
OVAYEGR

Hazinah Kutty Mammi

 Columnar Transposition

• A rearrangement of characters of the plaintext into

columns
WE HACK TONIGHT AT SEVEN
WCNTE EKIAV HTGTE AOHSN
W E H A
C K T O
N I G H
T A T S
E V E N

Hazinah Kutty Mammi

 Columnar Transposition
Cipher
Key: 1 2 3 4 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: aodwtsuottnaaptmcoixknlypetz

Key: 3 4 2 1 5 6 7
Ciphertext: ttnaaptmtsuoaodwcoixknlypetz

46
 Row Transposition Cipher
Key: 1 2 3 4 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z

Key: 4 3 1 2 5 6 7
Plaintext: a t a t c k p
p t o s o n e
t n d u i l t
m a w o x y z

Ciphertext: atatckpptosonetnduiltmawoxyz
47
 Some Thoughts

• Space depends directly on the length of the

message
• Cannot produce output until all the message
have been read
– May prove to be a delay
– Not appropriate for long urgent messages
• Example : page 52 of Pfleeger

Hazinah Kutty Mammi

 Encryption Algorithm

• Some encryption algorithm use a key, K. The

ciphertext, C message depends on both the
original plaintext, P message and the key value.
• E is a set of encryption algorithms.
• C = E(K, P)
Original
Plaintext Plaintext
Ciphertext
Encryption Decryption

Hazinah Kutty Mammi

 Symmetric Encryption

• Symmetric Encryption – D and E are mirror-image

process.
• Encryption and decryption keys are the same.
• P = D(K, E(K, P))

Symmetric Cryptosystem
Key
Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Hazinah Kutty Mammi

• The process makes use of public and
private components
• Public - known
– Algorithm to be used
– The ciphertext
• Private - secret
– The key to be used

Hazinah Kutty Mammi

 Asymmetric Encryption

• Encryption and decryption keys come in pairs.

• P = D(KD, E(KE, P))

Asymmetric Cryptosystem
Encryption Key Decryption Key
(KE) (KD)
Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Hazinah Kutty Mammi

• Makes use of multiple keys for greater security,
and solving the problem of key distribution
• Each party has their own keys, no need for a
shared secret key
• Based on the works by Diffie & Hellman; and
Rivest, Shamir & Adleman
• Finding large prime factors of numbers is a
problem

Hazinah Kutty Mammi

 Asymmetric Cryptography

• Some points to note:

– Public key cannot decrypt a message it encrypted
– Ideally a private key cannot be derived from a public
key
– A message encrypted with one key can only be
decrypted with the corresponding half
– The private key must be kept private

Hazinah Kutty Mammi

• Kp = Public Key ; Ks = Private Key
• C = Ciphertext ; P = Plaintext
C = Kp(P) ➔ P = Ks(C)

Hazinah Kutty Mammi

 Which is better?: Asymmetric

• Strengths
– Better key distribution
– Scalability
– Provides confidentiality, authentication and non-
repudiation
• Weakness
– Slower and more resource intensive than symmetric
systems

Hazinah Kutty Mammi

 Which is better?: Symmetric

• Strengths
– Faster than asymmetric systems
– Hard to break if a sufficiently large key is used
• Weaknesses
– Key distribution
– Scalability
– Limited security
• Confidentiality only
• No authentication and non-repudiation

Hazinah Kutty Mammi

 Key Distribution Problem

Symmetric
• Separate key required
for each pair of people
• Key distribution is a
problem
• Only provides C
• Complex to manage
large numbers
Asymmetric
• Each user has their own
keys
• You only need the
public portion of a key
• Provides CIA
• Improved manageability

Hazinah Kutty Mammi

 Asymmetric Algorithms

• Example algorithms
– RSA
– Diffie-Hellman
– El Gamal
– Elliptic Curve Cryptosystems (ECC)
– Digital Signature Standard (DSS)

Hazinah Kutty Mammi

 Symmetric Algorithms

• Example algorithms
– Data Encryption Standard (DES/3DES)
– Blowfish
– IDEA
– RC4, RC5
– Advanced Encryption Standard (AES)
• Rijndael
– Twofish

Hazinah Kutty Mammi

 Properties of a Cipher
• Confusion
– Strong keys cause confusion by introducing unknown values
– E.g. caesar cipher  ; one time pad 
• Diffusion
– Plaintext input is put through many functions, components
are therefore dispersed
– Good diffusion means that the interceptor needs access to
much of the ciphertext to be able to infer the algorithm.

Hazinah Kutty Mammi

 …continued
• Reduced Redundancy
– Reduce the number of time a certain word or alphabet
appear
– E.g. In the English language e is by far the most common
letter; followed by t, r, n, i, o, a, s
– While some are fairly rare like z, j, k, q, x
– Compression helps

Hazinah Kutty Mammi

English Letter Frequencies

63
 Stream and Block Ciphers

• Stream ciphers : convert one symbol of plaintext

into one symbol of ciphertext
– E.g. substitution ciphers
• Block ciphers: encrypts a group of plaintext
symbols as one block
– E.g. columnar transposition

Hazinah Kutty Mammi

 Stream Ciphers
• Stream ciphers, such as the substitution ciphers mentioned previously, can
be encoded by the sender character-for-character as they are sent to the
receiver.
• Stream ciphers are fast, require little storage space and have a low error
propogation which means that encoding errors affect just one character in
the ciphertext.
• Disadvantages with stream ciphers is low diffusion which means that
individual characters in the ciphertext can be analyzed using frequency
distribution counts, digram analysis, index of coincidence and the Kasiski
method.
• Another disadvantages with stream ciphers is susceptibility to malicious
insertions and modifications which means that it is difficult for the
receiver to detect when a nasty third-party has made alterations to the
ciphertext.

66
 Block Ciphers
Block ciphers, such as columnar transposition, encode blocks of plaintext
into ciphertext before sending.
• Block ciphers have a high degree of diffusion since things like digrams are
spread out within the ciphertext and they have a high immunity to
insertions since extra or deleted characters in the ciphertext change the
block length which can be detected by the receiver.
• However, block ciphers are slow, can require large amounts of storage and
display error propagation since one error affects the transformation of all
characters in the same block.

67
 Stream Block
•  Speed of • High diffusion
transformation • Immunity to insertion
• Low error of symbols
propagation • Slowness of
• Low diffusion encryption
• Susceptible to • Error propagation
malicious insertion and
modification

Hazinah Kutty Mammi

 Some Notes
• Encryption can be done at 2 levels
– Link
– End-to-end
• Link
– All data on a communications path is encrypted
– Includes packet headers, payloads, trailers
– Provides CIA to all
– IPSEC

Hazinah Kutty Mammi

• End-to-end
– Application layer, only payloads encrypted
– Headers and other addressing information still
visible
– S/MIME

Hazinah Kutty Mammi

 Link
• Advantages
– All data encrypted, results in minimal leakage of information
– Transparent to users. No special action needed.
• Disadvantages
– Key management complex as each node needs keys
– Depending on architecture, each hop decrypts message,
increasing exposure

Hazinah Kutty Mammi

 End-to-end
• Advantages
– Protection from start to finish
– User discretion/flexibility as to what gets encrypted, and
how
– Higher granularity due to increased keys
– Messages not decrypted at each hop
• Disadvantages
– Headers, addressing, routing info not protected – leakage
– Destination systems need appropriate configuration for end-
users

Hazinah Kutty Mammi

 Cryptanalysis
• The study of breaking an encryption algorithm
• There a good and bad reason for cryptanalysis
– Good: to test the strength of an algorithm
– Bad: to break and cause damage or harm
• Attacks depends on what info is available
– Ciphertext, full or partial plaintext, algorithm

Hazinah Kutty Mammi

 Cryptanalysis
• Ciphertext only
– Decryption based probabilities, distributions, characteristics
of available ciphertext, publicly available knowledge
– Ciphertext-only attack
• Full or partial plaintext
– Known plaintext attack
• Has a sample of the message and decipherment
– Probable plaintext attack
• May have additional info that helps, such as what type of
message, from whom, to where etc. ➔ like email

Hazinah Kutty Mammi

 Cryptanalysis
• Algorithm and ciphertext
– Chosen ciphertext attack
– Try a whole bunch of plaintext with the algo to get the
specific ciphertext
• Ciphertext and plaintext
– May have some pieces of plaintext with its ciphertext
(LUCKY!!!); and could probably deduce the keys used
• Human fallibility
– Fail to change keys as needed, bribed, coerced, careless,
untrained
– Machines and software may have weaknesses too.
Hazinah Kutty Mammi
 Public Key Cryptography

• Sometimes neither a pure symmetric or asymmetric

approach are suitable
• Symmetric systems are fast, but have a whole bunch of
problem associated with them
• Asymmetric solves some problems, is more secure but
is very slow and complex to implement.
• So, what’s next?

Hazinah Kutty Mammi

 Public Key Cryptography

• Uses 2 keys produced by an asymmetric method

• These are used for the key distribution and for
protecting the encryption key for a message
• Symmetric encryption is used for the bulk
message encryption
• We have the best of both worlds

Hazinah Kutty Mammi

 PKC

Asymmetric Symmetric
key key

Symmetric
Message
Key

Hazinah Kutty Mammi

 Some Notable Points
• Public and private keys used for asymmetric
encryption and decryption
• Secret key used for symmetric crypto operations
• Secret key is used to encrypt the message
• Public/private key is used to encrypt the secret
key

Hazinah Kutty Mammi

 Session Keys
• Secret key used by two parties for the duration
of the communication
• Only good for the single communications
window for which it is generated
• Allows for shorter key, hence performance
improvement

Hazinah Kutty Mammi

 Public Key Infrastructure
(PKI)
• A PKI consists of the software, data formats,
programs, procedures, algorithms,
communications and security policies which
enable a dispersed group of people to
communicate in a secure manner

Hazinah Kutty Mammi

 PKI

• PKI provides
– Authentication
– Confidentiality
– Integrity
– Non-repudiation
– Access control
• Hybrid cryptosystem

Hazinah Kutty Mammi

 Public Key Infrastructure
(PKI)
• Collection of entities and data objects (certificates) that
establishes trust in the binding between subscribers
and their public keys

• Means of distributing public keys over an untrusted

medium (such as the Internet)

• Means of revoking trust in the association between

subscribers and their public keys
 PKI Architectural Entities

Certification Authority Security Policy, Practices

• Trusted Entity and CONOPS Documents
Directory Server/ Repositary
• Generates and Revokes Public Key Certificates • Contains valid Public Key
• Publishes Public Key Certificates and Certificate Certificates and Certificate
Revocation Lists in Directory Servers Revocation Lists

Organization Registration Authority PIN: Relying Party

• trusted entity • attempts to establish trust in subscriber’s
• Verifies and vouches for the identity of users public key
• Generates / Approves Requests for Issuance of a Public
Key Certificate
Subscriber
• obtains public key certificate from CA
• uses private key to interact securely with the Relying Party
 Certificate Authorities (CA)
• CA is an organization that maintains and issues public
key certificates
• CA is trusted by people to perform some kind of
verification on clients
• I trust YOU because the CA trusts YOU
• Should maintain a Certificate Revocation List (CRL)
• Work with Registration Authorities (RA)
• Multiple certificates for improved security

Hazinah Kutty Mammi

 Key Management

• Keys must be protected in order for any

cryptosystem to be effective and secure

• Key management is a problem, particularly

when dealing with large numbers of keys/users

• Generation, distribution, registration, storage

and revocation are all part of the process.
Hazinah Kutty Mammi
 Key Storage

• Keys are stored pre and post distribution

• Where is a secure place to store a key?

• Traditionally you moved them in a locked box

• Now, most distribution is via automated

process, over secure channels

Hazinah Kutty Mammi

 Good Key Practice

• Like passwords, cryptographic keys require

some care
• Keys should be periodically changed
– Often forced through expiry
• Keys should be verified, and expired
– Security dictates the frequency
• The change and communication of that change
should be secure

Hazinah Kutty Mammi

 Management Principles
• Key length should be long enough to provide the necessary
protection required
• Transmissions and storage should be secure
• Keys should be random, and utilise the full reach of the key-
space
• Lifetime of a key should relate to the sensitivity of the data
being protected
• The more frequent the use the shorter the lifetime. Why?
• Keys should be backed-up or escrowed
• Keys should be properly destroyed at end of life

Hazinah Kutty Mammi

 Uses of Encryption

• Cryptographic hash functions

• Key exchange
• Digital signatures
• Certificates

Hazinah Kutty Mammi

 Cryptographic Hash
Functions
• How do we know when a message has been
read/modified by others?
• Medieval times – uses wax seal
• A ‘seal’ is provided by computing a cryptographic
function, a.k.a as hash/checksum/message digest
• These are reduction functions used to compress a
message of arbitrary length to a fixed length
‘fingerprint’

Hazinah Kutty Mammi

 Continued…
• Based around a one-way function
– y = F(x) is easy to compute but x=F’(y) is not
• A cryptographic hash is a digital fingerprint for a
message
• Reduces a large volume of input data down to a
‘unique’ array of bits

Hazinah Kutty Mammi

 Hash Algos

• MD5 (Message Digest 5)

• MD4
• MD2
• RIPEMD160 (Ripe Message Digest 160bit)
• SHA (Secure Hashing Algorithm)
• SHA1(Secure Hashing Algorithm 160)

Hazinah Kutty Mammi

 Key Exchange

• The question in exchanging keys and secret

document between 2 parties is how can it be
done that nobody else can intercept it?
• To establish an encrypted session, you need an
encrypted means to exchange keys.
• PKC can help.

Hazinah Kutty Mammi

 For Bob to send to Alice

B's private key

KEY

For B to send to A
A's public key

E(kpub_A,E(kpriv_B,K))

Hazinah Kutty Mammi

 Digital Signatures
• A digital signature is a protocol that handles signatures.
A mark that only a sender can make but is recognizable
by others as belonging to the sender.
• A digital signature is a message digest encrypted with a
private key.
• Thus, anyone with the public key will be able to
decrypt it, and then compare the message digest that
has been encrypted against the message digest of the
message.

Hazinah Kutty Mammi

 Certificates

• Trust is a major issue in everyday life, be it

online or off.
• Certificates is used to certify the accuracy of a
claim.
• In PKI there is the Certificate Authority.

Hazinah Kutty Mammi

 Shannon’s Characteristics
of ‘Good’ Ciphers
• The amount of secrecy needed should determine the amount of
labour appropriate for the encryption and decryption
• The set of keys and the enciphering algorithm should be free
from complexity
• The implementation of the process should be as simple as
possible
• Errors in ciphering should not propagate and cause corruption
of further info in the message
• The size of the enciphered text should be no longer than the
text of the original message.

Hazinah Kutty Mammi

 Exercise
• In your group, write
– an introduction to digital signatures
– An introduction to frequency distribution counts, digram
analysis, index of coincidence and the Kasiski method.
• It must be easy to read, that a student in high
school can understand the concepts
• It must not be too deep, but not too shallow
either.
• Please cite all your works.
• Do not plagiarize.
Hazinah Kutty Mammi