ITSE202

CYBERSECURITY
II
LECTURE II – Cryptography
 1.WHY WE NEED CRYPTOGRAPHY
 While networks can be made relatively secure, there is
always the possibility that the information can be
intercepted at some point or unauthorized access gained.
When this happens, there is a final defense – encryption.
1.WHY WE NEED CRYPTOGRAPHY (Cont….)
2. WHAT IS CRYPTOGRAPHY?

 It is coming from a Greek word “krypto’s” means “Hidden

Secrets”.

 The goal is to conceal the information even if the information

is intercepted by the others.

 Thus, it takes an exceedingly important role to have

Confidentiality, Integrity, Availability (CIA Triad) in our
technology such as network communications, internet, e-
mails, cell phones, etc.
3. BASIC TERMS IN CRYPTOGRAPHY
 Plain text; the message.
 Cipher Text; unintelligible version of the message.
 Encryption; the operation to transform the plain text into the
cipher text.
 Decryption; the operation to transform the cipher text into the
plain text.
 Cipher (or cypher); the algorithm to carry out encryption and
decryption.
 Key; crucial information used by cipher and only known for the
sender and receiver.
4. HISTORY OF CRYPTOGRAPHY
 Since ancient times the division between one side and its
adversary has made it important to search for a way of hiding
messages while information is in transit.

 Classical algorithms are usually defined as those invented pre-

computer, up to around the 1950s. These techniques tended
to work on the actual letters themselves, rather than other
representations such as bits and bytes.

 During World War II, ciphers were developed, which rely on

complex gearing mechanisms to encipher the text. These
include the Enigma Cipher and the Lorenz Cipher.
4.1. Hieroglyph
The first known cryptography method used by Egyptians 4000
years ago. They make contact by messages written in
hieroglyph.
4.1. Hieroglyph
 4.2. Caesar Cipher
 Perhaps the most famous of these ancient encryption systems is
the Caesar cipher, so called by the ancient historian of Rome,
Suetonius.

 This cipher is a shift cipher; that is it relies on a shift of the

alphabet according to some key.

 It is said that Caesar used a simple version with a shift of 3, but, of

course, any number of shifts could be applied from 1 to 25.
Another shift, that is shift 26, will bring the alphabet back to its
original state, as there are 26 characters in the alphabet.
A B C D E F

A B C D E F

Encryption internet ———————> lqwhuqhw

A B C D E F

A B C D E F

Decryption internet lqwhuqhw

<———————
SEE https://cryptii.com/pipes/caesar-cipher
DECODE https://www.dcode.fr/caesar-cipher
5. TYPES OF CRYPTOGRAPHY
Symmetric Key Cryptography

Asymmetric Key Cryptography

Hash Functions
5.1. Symmetric Key Cryptography
The sender and the receiver use the same key to encrypt and
decrypt the message. Also, known as private key encryption.

same pre- same pre-

shared key shared key

Sender Plain Cipher Plain Receiver

Text encryption Text decryption Text
5.1.1. Symmetric Encryption Algorithms
 3DES (triple DES)
 IDEA
 AES
 3DES (triple DES)
 Digital Encryption Standard (DES) is a symmetric block cipher
with 64-bit block size that uses a 56-bit key. It takes a 64-bit
block of plaintext as input and outputs a 64-bit block of
ciphertext. It always operates on blocks of equal size and it
uses both permutations and substitutions in the algorithm. A
permutation is a way of arranging all elements of a set.

 Triple DES encrypts data three times and uses a different key
for at least one of the three passes, giving it a cumulative key
size of 112 to 168 bits. 3DES is more resistant to attack, but it
is much slower than DES.
The 3DES encryption cycle is as follows:

1. Data encrypted by first DES. (56 bit)

2. Data decrypted by second DES. (112 bit)

3. Data re-encrypted by third DES. (168 bit)

The reverse process decrypts the ciphertext.

Students must watch:

https://www.youtube.com/watch?v=23JangqRhIc
 IDEA
 The International Data Encryption Algorithm (IDEA) uses 64-
bit blocks and 128-bit keys. IDEA performs eight rounds of
transformations on each of the 16 blocks that results from
dividing each 64-bit block (64 / 4).

 IDEA was the replacement for DES, and now PGP (Pretty Good
Privacy) uses it. PGP is an encryption program that provides
privacy and authentication in data communication. GNU
Privacy Guard (GnuPG) is a licensed, free version of PGP.

 See Video: https://www.youtube.com/watch?v=909pwcyqVFQ

 AES
 The Advanced Encryption Standard (AES) has a fixed block
size of 128 bits with a key size of 128, 192, or 256 bits. The
National Institute of Standards and Technology (NIST)
approved the AES algorithm in December 2001. The U.S.
government uses AES to protect classified information.

 AES is a strong algorithm that uses longer key lengths. AES is

faster than DES and 3DES, so it provides both a solution for
software applications as well as hardware use in firewalls and
routers.

 SEE: https://www.youtube.com/watch?v=aaDcV4gLX40
5.2. Asymmetric Key Cryptography
It is also known as public key encryption. It requires two
different keys. Public key is used to encrypt the message and the
private key is used to decrypt the message. There is no key
exchange. If Alice wants to send a message to Bob. First, Alice
has to request Bob’s public key to encrypt the message. Then,
Bob opens that message with his private key. So, the keys are
asymmetric.
Requesting Bob’s public key

Alice Bob sends his public key Bob

5.2.2. Key Management
 Key management includes the generation, exchange,
storage, use and replacement of keys used in an encryption
algorithm.
 It is the most difficult part of designing a cryptosystem.
 Many cryptosystems have failed because of mistakes in their
key management procedures.
 In practice, most attacks on cryptographic systems target
the key management level, rather than the cryptographic
algorithm itself.
 There are several essential characteristics of key management
to consider. Two terms used to describe keys are:

 Key length — Also called the key size, this is the length of the
key in bits.
 Keyspace — This is the number of possibilities that a specific
key length can generate.

As key length increases, the keyspace increases exponentially. The

keyspace of an algorithm is the set of all possible key
values. Longer keys are more secure; however, they are also
more resource intensive. Almost every algorithm has some
weak keys in its keyspace that can enable a criminal to break
the encryption via a shortcut.
5.2.3. Comparing Encryption Types
5.3. Hash Functions

 Accept a variable size message M as input and produce a

fixed size output, referred to as a hash value or message
digest.

 A change in any bit of M results in a huge change in it’s

hash value.
5.3.1. Properties of Hash Functions
A cryptographic hash function has the following properties:

 The input can be any length.

 The output has a fixed length.
 The hash function is one-way and is not reversible.
 Two different input values will almost never result in the
same hash.

SEE: https://www.youtube.com/watch?v=cczlpiiu42M
5.3.2. Hash Algorithms
Hash functions help to ensure that a user or communication
error does not change data accidentally.
For instance, a sender may want to make sure that no one
alters a message on its way to the recipient.
The sending device inputs the message into a hashing
algorithm and computes its fixed-length digest or
fingerprint.
5.3.2.1. Latest Hash Algorithms

 Message Digest 5 (MD5)Algorithm

 Secure Hash Algorithm (SHA)

Differences between (MD5) and (SHA) Algorithm
 The primary differences between SHA (Secure Hash Algorithm) and MD5
(Message Digest Algorithm 5) lie in their cryptographic properties and level of
security.
 While both are cryptographic hash functions, SHA produces longer hash values
(e.g., SHA-256 generates a 256-bit hash) compared to MD5 (which produces a
128-bit hash).
 Additionally, SHA is designed to be more secure against collision attacks and
pre-image attacks, meaning it's more resistant to finding two different inputs
that produce the same hash value and reversing the hash function to obtain
the original input, respectively.
Differences between (MD5) and (SHA) Algorithm
 MD5, on the other hand, has known vulnerabilities, making it unsuitable for
cryptographic purposes where strong security guarantees are required.

***Therefore, SHA is generally recommended for secure cryptographic applications

over MD5 due to its stronger security properties.***
 Hashing Files and Digital Media

Integrity ensures that data and information is complete and

unaltered at the time of its acquisition. It is important for
users to have confidence in this when downloading a file from
the Internet, or if a forensic examiner is looking for evidence
on digital media, and so on.
  Salting
 Salting makes password hashing more secure.

 If two users have the same password, they will also have the
same password hashes. A salt, which is a random string of
characters, is an additional input added to the password
before hashing.
 This creates a different hash result even when the two
passwords are identical. Then, the database stores both the
hash and the salt. The same password generates a different
hash for different users, because the salt in each instance is
different. Meanwhile, the salt does not have to be secret since
it is a random number.
Salting prevents an attacker from using a dictionary attack to try
to guess passwords. Salting also makes it impossible to use
lookup tables and rainbow tables to crack a hash.111
 Implementing Salting
The following recommendations will help ensure successful
implementation of salting:

 The salt needs to be unique for every user password.

 Never reuse a salt.
 Always hash on the server, in a web application.
To validate a password:

 Retrieve a user’s salt and hash from the database.

 Add the salt to the password and hash it with the same
hash function.
 Compare the hash of the password just submitted by the
user trying to log in to the one stored in the database.
 If the hashes do not match, the password the user has just
tried to log in with is incorrect.
6. REFERENCES
Ralph Moseley, (2022). Advanced Cybersecurity Technologies, 1th Edition.
Tim Rains, (2020). Cybersecurity Threats, Malware Trends, and Strategies.
Preetha S, P. Lalasa & Pradeepa R, (2021). A Comprehensive Overview on
Cybersecurity: Threats and Attacks.
William Pollock, (2019). Linuz Basics for Hackers.
Na. Vikraman, (2021). Cryptography and Network Security.
Nathan House, (2017). The Complete Cyber Security Course, 1th Edition.
Seepanshu Rajput, (2020). Cryptography in Network Security.
Glen E. Clarke, (2022). CompTIA Security + Certification Security Guide, Fourth
Edition.
Abbas Moellam, (2022). Understanding Cybersecurity Technologies, 1th
Edition.