Information Security

CCS 1306

Kasunika Guruge
Lecturer (P)
School of IT & Computing
SLTC Research University
Information Security
CCS 1306

Cryptography II
“The art and the science of keeping messages
secure is cryptography”

“Cryptography is the science of transforming

information into a secure form so that
unauthorized persons cannot access it”

3
Hashing Algorithms
● Hashing algorithms are most basic type of cryptographic algorithm.
● A hash function / hashing algorithm produces a unique identifier usually
referred as a hash, hash value, message digest or fingerprint.
● Hash function is a one-way function, meaning that the hash value is
created from the original message, but you cannot use a reverse function
to derive the original message from the hash value.

4
Hashing Algorithms
● Hash functions always produce a fixed-length output regardless of the
size of the original message.
● Hash functions also use the technique of avalanche effect. (Changing one
character in the original document will the entire hash value)
● Example: Typing the letter ‘a’ anywhere in the document will change the
hash value completely. Typing another letter ‘a’ in the document will
completely change the hash value again.
● This ensures that an attacker would not be able to determine what
character was typed by studying the hash value.
5
Hashing Algorithms
● Hashing is used primarily to determine the integrity of a message or
contents of a file. In this case, the hash value serves as a check to verify
that the original contents have not changed.
● Examples for hashing algorithms:
Message Digest (MD) –MD4, MD5
Secure Hash Algorithm –SHA1, SHA224, SHA256, SHA512
RIPEMD Message MD5 hash value

Hello world 3E25960A79DBC69B674CD4EC67A72C62

Helloo world A9D3F295C2CBFB91727C8AEED24EF6CC

6
Hashing Algorithms
A hashing algorithm is considered secure if it has these characteristics:

● Fixed size: A hash value of a short set of data should produce the same
size as a hash value of a long set of data.
● Unique: Two different sets of data cannot produce the same hash value,
which is known as a collision. Changing a single letter in one data set
should produce an entirely different hash value.
● Original: It should be impossible to produce a data set that has a desired
or predefined hash.
● Secure: The resulting hash cannot be reversed in order to determine the
original plaintext. 7
Digital Signature

● Digital signatures are widely used to sign messages. This provides both
proof of origin and message integrity.
● Steps:
○ Bob hash the plaintext message and get the hash value of the message.
○ Then Bob encrypts the hash value with his private key.
○ Bob append this digital signature to the message he need to send to Alice.

● Note that, a digital signature does not provide the confidentiality; it only
provides proof of origin, message integrity and non-repudiation.
● If confidentiality is required Bob need to encrypt the entire message
using the Alice’s public key. 8
Digital Signature

9
Steganography

● Whereas cryptography scrambles a message so that it cannot be

understood, steganography hides the existence of the data. What
appears to be a harmless image can contain hidden data, usually some
type of message, embedded within the image.
● Steganography takes the data, divides it into smaller sections, and hides
it in unused portions of the file.
● Steganography can use a wide variety of file types: image files, audio
files, video files, etc… to hide messages and data.
● Most popular steganographic technique in used is, hiding a text
message inside an image file such as JPG or GIF. 10
Cryptanalysis
Study of principles/ methods of deciphering ciphertext is known as cryptanalysis.

● Attackers try to recover either plaintext or key.

● An attempted cryptanalysis is known as a cryptanalytic attack.
● There are few types of cryptanalytic attacks
○ Ciphertext only attack
○ Known plaintext attack
○ Chosen plaintext attack
○ Chosen ciphertext attack
○ Rubber horse cryptoanalysis
11
Cryptanalytic attacks
● Ciphertext only attack –Attacker only has access to a set of ciphertext. If the
attacker able to deduce the plaintext or key by analyzing only the ciphertext, then
it is considered as a successful attack.
● Known plaintext attack –Attacker has the set of the ciphertext and as well as the
corresponding plaintexts. If the attacker can recover the key by using ciphertexts
and plaintext, then the attack is successful.
● Chosen plaintext attack –Attacker can choose plaintexts to be encrypted and
obtain the corresponding ciphertexts and analyze them to recover the decryption
key.
● Chosen ciphertext attack–attackers gather information by obtaining the
decryptions of chosen ciphertexts. From these pieces of information, the
12
adversary can attempt to recover the hidden secret key used for decryption.
Cryptanalytic attacks
● Rubber horse attack –Attackers cause physical harm or blackmail the user to
obtain the key.
Known plaintext and chosen plaintext attacks are the most common cryptanalytic
attacks.

13
Cryptoanalysis in Use
Language Redundancy and Cryptanalysis
● Human languages are redundant.
● Letters are not equally used. Some letters are used more than the others.
● In English language letter ‘E’ is the most frequently used letter followed by
T,R,N,I,O,A and S.
● Other letters like Z,J,K,Q,X are used very rarely.
● Have tables of single, double & triple letter frequencies for various languages (
eg: a, an ,of , th, ion ….

14
Cryptoanalysis in Use
English letter frequencies

15
Cryptoanalysis in Use
Letter Frequencies and Language Redundancy in Cryptoanalysis
● Monoalphabetic substitution ciphers do not change relative letter frequencies.
● Can be used to calculate letter frequencies of the ciphertext
● Example: UZ QSO VUOHXMOPV GPOZPEVSG ZWSZ OPFPESX UDBMETSX
AIZ VUEPHZ HMDZSHZO WSFP APPD TSVP QUZW YMXUZUHSX
EPYEPOPDZSZUFPO MB ZWP FUPZHMDJUD TMOHMQ
● Count relative letter frequencies of above ciphertext.

16
Cryptoanalysis in Use
Letter Frequencies and Language Redundancy in Cryptoanalysis
● Monoalphabetic substitution ciphers do not change relative letter frequencies.
● Highest frequencies are for P and Z. So, we can guess that P=E and Z=T.
● Guess ZW is ‘TH’ and hence ZWP is ‘THE’
● Example: UZ QSO VUOHXMOPV GPOZPEVSG ZWSZ OPFPESX UDBMETSX
AIZ VUEPHZ HMDZSHZO WSFP APPD TSVP QUZW YMXUZUHSX
EPYEPOPDZSZUFPO MB ZWP FUPZHMDJUD TMOHMQ
● Proceed with trial and error until you get meaningful words
● Plaintext: it was disclosed yesterday that several informal but direct contacts
have been made with political representatives of the Vietcongin Moscow
17
QUESTIONS?

Thank You!

18