TCA202-2: Cryptography

Security
Security traid/properties/goals
CIA – Confidentiality, Integrity, and Authentication
AAA – Authentication, Accountability (Non-repudiation), and Accounting
Security Goals Requirements: Authentication, Authorization, and Accountability

Security Mechanisms
Encipherment, Digital Signature, Access Control

Cryptography
• Cryptography comes from Greek words
◦ Kryptos meaning hidden, secrete
◦ Graphein meaning to write
• Thus, cryptography is the art of secret writing for secure communication
• Cryptology - the study of hidden codes, or the art of writing and solving them.
• Based on representing information as numbers and mathematically manipulating those
numbers.

Keywords:
• Plaintext/cleartext – a message in its original form
• Ciphertext – the mangled information
• Encryption/Encipher – producing ciphertext from plaintext
• Decryption/Decipher – reversing the ciphertext to plaintext
• Cryptanalysts – cryptographers who attempt to break secret codes
• Cryptographic systems need both an algorithm and a secret value.
• Key – the secrete value
• Secret code = cipher, means any method of encrypting data.

Computational Difficulty
• Cryptographic algorithms reasonably efficient for the good guys to compute.
• Cryptographic algorithms are not impossible to break without the key.
• A bad guy can simply try all possible keys until one works.
• Good guys for the cryptographers, and
• Bad guys for the cryptanalysts
• If the best possible scheme will take 10 million years to break using all of the computers in the
world, then it can be considered reasonably secure. E.g. using combination lock: a combination
of 3 numbers, each number is between 1 and 40. If a combination needs 10 seconds for the good
guy, whereas 40^3 combinations = 640,000 seconds for the bad guy. !key length!

Cryptography has Three-Dimensions

 1. Number of keys used
1. Single key: symmetric/conventional/secret-key cryptography
2. Two keys: asymmetric/public-key cryptography
3. Zero key: hashing function
2. The way a plaintext to ciphertext conversion process
1. Stream cipher
2. Block cipher
3. Types of operations used for encryption – all encryption algorithms are based on:
1. Substitution cipher: mono
2. Transposition cipher

Secret-key Cryptography
Substitution Cipher
Mono-alphabetic and Poly-alphabetic Substitution Cipher
Example of Cryptography Algorithms: 1. Caesar Cipher 4. Playfair Cipher

Transposition Cipher
1. Rail Fence Cipher
2. Columnar Transposition Cipher

Stream Cipher
Vernam Cipher

Block Cipher
1. Simplified Data Encryption Standard (S-DES) Cipher
More examples: DES, IDEA, AES, etc

Avalanche Effect
Feistel Cipher

Ciphers Modes of Operation

1. Encrypting a Large Message
1.1. Electronic Code Book (ECB)

Generating Message Authentication Code (MAC)

Public Key Cryptography

Public key cryptography also know as two-keys cryptography or asymmetric cryptography
This type of cryptography can be used for confidentiality, authentication or both.
It has two keys
1. Public key – it is known by anyone. It’s used for message encryption and signature verifications
2. Private key – known only by the owner. It’s used for message decryption and signature creation
(signing)
It is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or
create signatures.

Principles of Public Key Cryptosystems

 • Developed to address two key issues associated with secret key cryptography
• Key distribution – how to make a secure communication without trusted KDC
• KDC stands for Key Distribution Center
• Digital signature – how to verify messages come from the claimed sender
• Public and private keys: This is a pair of related keys that have been selected so that if one is
used for encryption, the other is used for decryption
• It has plaintext as input, ciphertext as output, encryption algorithm, and decryption algorithm
like the secret key cryptography has.
• Que: compare and contrast secret key cryptography with public key cryptography.
• Note: Public cryptography requires number theory. Please revise it again.

Essential Steps
1. Each user generates a pair of keys – private and public keys
2. Each user shall place the public key in public register
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice's
public key.
4. When Alice receives the message, she decrypts it with her private key.

Public Key Cryptography Notations

• Source, say Alice, generates the plaintext P
• Bob with related keys, PR bob and PU bob , where PR bob is known only to Bob.
• Alice gets PU bob from the public key registry.
• Alice computes Ciphertext, C = E (PU bob , P) and sends it to Bob.
• Bob then decrypts the ciphertext to get the original plaintext as
• Plaintext, P = D (PR bob , C)

Public Key Cryptography Applications

Applications of public key cryptography are categorized into three:
1. Encryption and decryption – to provide confidentiality
2. Digital signatures – to provide authentication
3. Key exchanges – to exchange session keys

Some algorithms are suitable for all uses, while others are specific to one of them.
It is much secure than the secret key cryptography though slow in processing. Thus, recommended to
use for the two last applications.

Distribution of Public Keys

Users’ public keys can be distributed using one of the following:
1. Public announcements
• Broadcast using emails or related announcements
• Vulnerable for forgery
2. Public available directory
• Better trusted with entry details, which contains {name, public-key}
• With secure, periodically updating directory
3. Public-key authority
• Users know the public key of the directory. Check for steps on online resources
4. Certificate authority
• In public key authority each time the user must appeal to the authority for a public key
Simple Secret Key Distribution
• Alice generates a public/private key pair {PU Alice , PR Alice } and transmits a message to Bob
consisting of PU Alice and an identifier of Alice, ID Alice .
• Bob generates a secret key, K, and transmits it to Alice, encrypted with Alice's public key as
E(PU Alice , K)
• Alice computes D(PR Alice , E(PU Alice , K)) to recover the secret key, K. Because only Alice
can decrypt the message, only Alice and Bob will know the identity of K.
• Alice discards PU Alice and PR Alice and Bob discards PU Alice .

RSA Cryptosystem
By Rivest, Shamir & Adleman of MIT in 1977
• It is best known and widely used public-key scheme
• Based on exponentiation in a finite field over integers modulo a prime
• Uses large integers (e.g., 1024 bits)
• Security due to cost of factoring large numbers
• Makes use of an expression with exponentials
• Plaintext is encrypted in blocks
• With each block having a binary value less than some number n
• For some plaintext block M and ciphertext block C:
◦ C = M e mod n
◦ M = C d mod n = (M e ) d mod n = M ed mod n
• Both sender and receiver must know the value of n
• The sender knows the value of e, and only the receiver knows the value of d
• Thus, this is a public-key encryption algorithm with
• Public key, PU = {e, n}
• Private key, PR = {d, n}
• It is infeasible to determine d given e and n
More Examples: ElGamal, Elliptic Curve Cryptography (ECC)

Hashing Functions
A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value.
It is one way function {0, 1} # -> {0, 1} #
• Easy to compute
• Hard to invert
E.g., Phone book
Properties: preimage resistance, second preimage resistance, collision resistance, avalanche effect.
Implementation use cases: hash table, hash chain, hash trees, checksum
Algorithms: Message Digest (MD4,5), Secure Hash Algorithm (SHA-1)

Cryptographic Hash Function

Used to protect data integrity. Fixed sized hash value.

Applications: message authentication, digital signature, one-way password file, intrusion detection,
virus detection, pseudonumber generator, etc.
Applications of Cryptography
It’s a tool for Cybersecurity. Authentication, Encryption, Digital Signature, Key-exchange, Password
masking, etc

Critical Problem
Feel free to use output of a given problem in the next problems.
1. Use openssl1 Ubuntu command with RSA to generate pair of private and public keys.
2. Generate an AES secret key and write it here. Hint: use hex decimal of any 128-bits text.
3. Compute hash sum of your homework answer document and write the hash value herewith. Hint:
use Ubuntu command sha256sum [filename].
4. Encrypt the AES secret key with my public key, PU and write hereunder. Finally, encrypt your
answers using the AES private key. Hint: my PU uses RSA. Use openssl enc -aes-128-cbc 2ubuntu
command and the salt you used in number 2 as a random number.
5. Append encrypted result in number 11 at the end of your answer document and submit a single pdf
file.

My PU:
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7gLz2a0QKSS8mEy7brnLu0fjBOpHq4
xcyNtrJ6G38o6LejbNk11B0FpCHHnHumkXAnGYTDLAZJxwJu5oAJMTkCAwEAAQ==
-----END PUBLIC KEY-----

1 https://rietta.com/blog/2012/01/27/openssl-generating-rsa-key-from-command/
2 https://www.openssl.org/docs/man1.1.1/man1/enc.html