INTRODUCTION TO

CRY1PTOGRAPHY
 Objectives

• Define cryptography and steganography, and

differentiate between them.
• Introduce cryptography goals, services, and
terminology.
• Introduce symmetric-key cryptography and
asymmetric-key cryptography.
• Study the cryptanalysis attacks.
 What is Cryptography?

Cryptography
• Comes from Greek word meaning “secret writing”
• It refers to the science of transforming information into a
secure form while it is being transmitted or stored so that
unauthorized users cannot access it [3].
 What is Cryptography? (cont.)

Intruder
?
“ajhsfrjimnfuplkmzwvtbkl
giofqwgpklotfgyklooyrf”
Alice Bob

“My account number is

485853 and my PIN is “My account n4 umbe is
r PIN is
485853 and my
4984”
4984”
 Steganography

Steganography [1, 3]
• Hides the existence of the data
• What appears to be a harmless image can contain hidden
data embedded within the image
• Can use image files, audio files, or even video files to
contain hidden information
 Steganography (cont.)

Reference [3]
 Cryptography vs Steganography

 Cryptography [1]
• “Hidden writing”
• Hides the meaning of a message

 Steganography [1]
• “Covered writing”
• Hides the existence of a message
 Security Attack
 any action that compromises the security of
information owned by an organization
 information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
 often threat & attack used to mean same thing
 have a wide range of attacks
 can focus of generic types of attacks
 passive
 active
Passive Attacks
Passive Attack - Interception
Passive Attack: Traffic Analysis

Observe traffic pattern

Active Attacks
Active Attack: Interruption

Block delivery of message

Active Attack: Fabrication

Fabricate message
Active Attack: Replay
Active Attack: Modification

Modify message
 Handling Attacks
 Passive attacks – focus on Prevention
• Easy to stop
• Hard to detect
 Active attacks – focus on Detection and
Recovery
• Hard to stop
• Easy to detect
 Goals of Cryptography

 Secure communication [4]

 Goals of Cryptography (cont.)

 Secure storage [4]

 Services Provided by Cryptography

Goal Descrip-on

Confidentiality Keeping information secret and allow

only authorized parties to access it [3].
Authentication Verifying an entity’s identity (e.g:
user, computer) [3].
Integrity Ensuring that information is correct
and has not been altered by
unauthorized person or a malicious
software [3].
Non-repudiation Proving that a user performed an
action and preventing him/her from
denying the performed action (e.g:
sender/receiver sent/received a
message) [3].
 Cryptography Components

Reference [2]
 Cryptography Terminology

• Plaintext: Original unencrypted information.

• Ciphertext: The information after being encrypted by
an encryption algorithm.
• Encryption: Producing ciphertext from plaintext using
cryptosystem (also called encipherment).
• Decryption: Reverse process of encryption (also called
decipherment).
• Algorithm: Process of encrypting and decrypting
information based on a mathematical procedure .
 Cryptography Terminology (cont)

• Key: Value used by an algorithm to encrypt or

decrypt a message, and should only known to sender/
receiver.
• Weak key: Mathematical key that creates a detectable
pattern or structure.
• Cipher: Encryption or decryption algorithm tool used
to create encrypted or decrypted a text.
 Categories of Cryptography

Reference [2]
 Symmetric-key Cryptography

Reference [2]
 Symmetric-key Cryptography (cont.)

In symmetric-key cryptography, the

same key is used by the sender (for
encryption)
and the receiver (for decryption).
The key is shared.

Reference [2]
 Asymmetric-key Cryptography

Reference [2]
 Aymmetric-key Cryptography (cont.)

Asymmetric key cryptography uses two

separate keys: one public for encryption
(receiver’s public key), and one private
for decryption (receiver’s private key).
 Keys Used in Cryptography

Reference [2]
 Comparison Symmetric/Asymmetric
Cyptography

Reference [2]
 Kerckhoff’s Principle

• Based on Kerckhoff’s principle, one should always

assume that the adversary, Eve, knows the
encryption/decryption algorithm. The resistance of
the cipher to attack must be based only on the secrecy
of the key [1].
 Cryptanalysis

As cryptography is the science and art of creating secret

codes, cryptanalysis is the science and art of breaking
those codes.

Reference [1]
 Cryptanalysis (Cont.)

Ciphertext-Only Attack

Reference [1]
 Cryptanalysis (Cont.)

Ciphertext-Only Attack methods

• Brute Force Attack
• Called also exhaustive key search method
• Eve tries to use all possible keys in the key domain until the
plaintext makes sense
• How to prevent this type of attack?
• Statistical Attack
• Cryptanalyst can benefit from some inherent characteristics
of the plaintext language
• How to prevent this type of attack?
• Pattern Attack
• Some ciphers may hide the characteristics of the language,
but may create some pattern in the ciphertext
• How to prevent this type of attack?

Reference [1]
 Cryptanalysis (Cont.)

Known-Plaintext Attack

Reference [1]
 Cryptanalysis (Cont.)

Chosen-Plaintext Attack

Reference [1]
 Cryptanalysis (Cont.)

Chosen-Ciphertext Attack

Reference [1]
 References

[1] Chapter 1&3, Cryptography and Network Security, Behrouz

A.Forouzan
[2] Chapter 30, Data Communications and Networking, Behrouz
A.Forouzan
[3] Chapter 11, Security+ Guide to Network Security
fundamentals, Third Edition
[4] http://www.qatar.cmu.edu/cs/15349/slides/crypto-intro.pdf
[5] Cryptography and Network Security”, 4/e, by William
Stallings, Chapter 1 “Introduction”.