CENP 3120: Data Security, Integrity and Cryptography

Chapter 1: Generalities of Computer Security and Cryptography

By: Mr. Asoh Christian M.

The University of Bamenda, Cameroon College of

Technology, Bambili Departement of Computer
Engineering

2024/2025 Academic year

Asoh Christian Computer Network Security: Generalities 1/25

CHAPTER THREE

CRYPTOGRAPHY
 What is Cryptology ?

Cryptography
Cryptography is the science that uses (mathematics) algorithms to ensure computer
security objectives.i.e. mainly to ensure confidentiality, authenticity, integrity and
non repudiation of data/users/information exchange.

Cryptanalysis
Cryptography is the study of weaknessess of cryptographic algorithm

Cryptology
Cryptology= Cryptography + Cryptanalysis

We are mainly interested in Cryptography.

Mr. Asoh Christian M. Computer Network Security: Generalities 3/25

 Generalities on Cryptography

A cryptographic algorithm is defined by a cryptosystem.

A cryptosystem
A cryptosystem is a 5-tuple (P, C, K, E, D) where
P is the space of plaintext.
C is the space of ciphertext.
K is the space of keys.
E = {E k , k ∈ K } with Ek : P → C (enciphering/encryption functions).
D = {D k , k ∈ K } avec Dk : C → P (decryption functions).
For each key e of K is associated d of K such that Dd (E e (p)) = p for all p in P.

Mr. Asoh Christian M. Computer Network Security: Generalities 4/25

 Generalities on Cryptography

A cryptographic algorithm is defined by a cryptosystem.

Example/exercise
Construct a simple cryptosystem

Mr. Asoh Christian M. Computer Network Security: Generalities 5/25

 Generalities on Cryptography
Cryptographic systems are characterized along three independent dimensions:
The type of operations used for transforming plaintext to ciphertext. All
encryption algorithms are based on two general principles: substitution, in
which each element in the plaintext (bit, letter, group of bits or letters) is
mapped into another element, and transposition, in which elements in the
plaintext are rearranged (positions). The fundamental requirement is that no
information be lost (that is, that all operations are reversible). Most systems,
referred to as product systems, involve multiple stages of substitutions and
transpositions.
The number of keys used. If both sender and receiver use the same key, the
system is referred to as symmetric, single-key, secret-key, or conventional
encryption. If the sender and receiver use different keys, the system is referred
to as asymmetric, two-key, or public-key encryption.
The way in which the plaintext is processed A block cipher processes the
input one block of elements at a time, producing an output block for each input
block. A stream cipher processes the input elements continuously, producing
output one element at a time, as it goes along.
Mr. Asoh Christian M. Computer Network Security: Generalities 6/25
 The two branches of Cryptography

Cryptography is divided into two main branches:

Symmetric or private key cryptography

Is a cryptosystem in which the encryption key e is always equal to the decryption key
d, or if d can be easily computed from e.

characteristics
All cryptography from ancient times until 1976 was exclusively based on
symmetric methods. Symmetric ciphers are still in widespread use, especially
for data encryption and integrity check of messages
Common problems are key exchange and key management ( solve with
asymmetric cryptography)
very fast, good for encryption of bid quantity of data
Examples include DES, AES,....

Mr. Asoh Christian M. Computer Network Security: Generalities 7/25

 The two branches of Cryptography
Cryptography is divided into two main branches:
Asymmetric or public key cryptography
Is a cryptosystem in which the encryption key e and the decryption key d distinct, and
the computation of d from e is infeasible. In such systems, the encryption key can be
made public.

characteristics
Introduced in 1976 by Whitfield Diffie, Martin Hellman and Ralph Merkle. In
public-key cryptography, a user possesses a secret key as in symmetric
cryptography but also a public key. Asymmetric algorithms can be used for
applications such as digital signatures and key establishment, and also for
classical data encryption.
Common problem is slowness in encryption, not suitable for encryption of big
quantity of datas
ease key management
Examples include RSA, El Gamal, ECC.....
Mr. Asoh Christian M. Computer Network Security: Generalities 8/25
 A note on Cryptanalysis

Typically, the objective of attacking an encryption system is to recover the key in use
rather than simply to recover the plaintext of a single ciphertext. There are two
general approaches to attacking a conventional encryption scheme:

Cryptanalysis
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some
knowledge of the general characteristics of the plaintext or even some sample
plaintext–ciphertext pairs. This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Brute-Force attack
The attacker tries every possible key on a piece of ciphertext until an intelligible
translation into plaintext is obtained. On average, half of all possible keys must be
tried to achieve success.

Mr. Asoh Christian M. Computer Network Security: Generalities 9/25

 A note on Cryptanalysis (1)

Here are some examples of chryptanalysis attacks based on the amount of

information known to the cryptanalyst. The most difficult problem is presented when
all that is available is the ciphertext only. In some cases, not even the encryption
algorithm is known, but in general, one assumes that the opponent does know the
algorithm used for encryption ( Kerckoff Principle).
Ciphertext-only attack:The attacker only knows a ciphertext. This is the
weakest attack. A simple ciphertext-only attack is the following. The attacker
decrypts the ciphertext with all keys from the key space. He finds the correct
plaintext among the few plaintexts that make sense. That attack is called
exhaustive search. It works for cryptosystems with too small key spaces. Other
ciphertext-only attacks use statistical properties of the plaintext language ( letter
frequence)
Known plaintext attack: The attacker knows a plaintext and the corresponding
ciphertext or several such pairs. She tries to decrypt other ciphertexts. An
example: Many letters end with ”Sincerely yours”. If the attacker knows the
corresponding ciphertext, then she can mount a known plaintext attack.

Mr. Asoh Christian M. Computer Network Security: Generalities 10/25

 A note on Cryptanalysis (2)

Here are some examples of chryptanalysis attacks based on the amount of

information known to the cryptanalyst. The most difficult problem is presented when
all that is available is the ciphertext only. In some cases, not even the encryption
algorithm is known, but in general, one assumes that the opponent does know the
algorithm used for encryption ( Kerckoff Principle).
Chosen plaintext attack. The attacker is able to encrypt plaintexts of his choice
but does not know the decryption key . He tries to decrypt other ciphertexts. In
a public-key cryptosystem such an attack is always possible since the
encryption key is publicly known. An example: The attacker intercepts a
ciphertext. He knows that the corresponding plaintext is either ”yes” or ”no”.
To find out which plaintext was encrypted, he encrypts ”yes” and he encrypts
”no”. Then he compares the two ciphertexts with the intercepted ciphertexts.
Chosenciphertext attack. The attacker can decrypt ciphertexts of his choice
but does not know the decryption key. He tries to find the decryptionkey

Mr. Asoh Christian M. Computer Network Security: Generalities 11/25

 Secure Schemes

Perfectly/Inconditionally Secure encryption scheme

An encryption scheme is unconditionally secure if the ciphertext generated by the
scheme does not contain enough information to determine uniquely the
corresponding plaintext, no matter how much ciphertext is available. The only known
such encryption scheme is One Time Pad
Therefore, all that the users of an encryption algorithm can strive for is an algorithm
that meets one or both of the following criteria:
The cost of breaking the cipher exceeds the value of the encrypted information.
The time required to break the cipher exceeds the useful lifetime of the
information.

Computationally Secure encryption scheme

An encryption scheme is said to be computationally secure if either of the foregoing
two criteria are met. Unfortunately, it is very difficult to estimate the amount of effort
required to cryptanalyze ciphertext successfully.

Mr. Asoh Christian M. Computer Network Security: Generalities 12/25

 Where is Cryptography applied/used

Army/Governments ( states security)

Banking system

Internet
TV cables, DVD,
Health cards, Electonic voting
Telecommunication networks: Phones,......

Mr. Asoh Christian M. Computer Network Security: Generalities 13/25

 What is steganography ?

steganography
steganography is the practice of concealing a file, message, image, or video within
another file, message, image, or video.
Whereas cryptography is the practice of protecting the contents of a message alone,
steganography is concerned with concealing the fact that a secret message is being
sent as well as concealing the contents of the message.

Mr. Asoh Christian M. Computer Network Security: Generalities 14/25

 What is steganography ?
Example/Exercise: Find the main message ( in French) in the following text sent by
George Sand to Alfred de Musset
Je suis très émue de vous dire que j’ai
bien compris, l’autre jour, que vous avez
toujours une envie folle de me faire
danser. Je garde un souvenir de votre
baiser et je voudrais que ce soit
là une preuve que je puisse être aimée
par vous. Je suis preˆte a`vous montrer mon
Affection toute désintéressée et sans cal-
cul. Si vous voulez me voir ainsi
de´voiler, sans aucun artifice mon aˆme
toute nue, daignez donc me faire une visite
Et nous causerons en amis et en chemin.
Mr. Asoh Christian M.
Je vous prouverai que je suis la femme
since`re capable de vous offrir l’affection
la plus profonde et la plus e´troite
Amitie´, en un mot, la meilleure amie
que vous puissiez reˆver. Puisque votre
aˆme est libre, alors que l’abandon ou` je
vis est bien long, bien dur et bien souvent
pénible, ami très cher, j’ai le coeur
gros, accourez vite et venez me le
faire oublier. A l’amour, je veux me sou-
mettre.
Computer Network Security: Generalities 15/25