Cryptography and Network

Security
Unit 1 Part 2

Abhishek Kumar, CSED, GEC Khagaria

Courtesy: Cryptography and Network Security,8e, William
Stallings
MAC
• Message authentication code (MAC). This technique assumes that two communicating parties, say A and B,
share a common secret key K. When A has a message to send to B, it calculates the MAC as a function of the
message and the key:
MAC = C(K, M)
where
M = input message
C = MAC function
K = shared secret key
MAC = message authentication code
• The message plus MAC are transmitted to the intended recipient. The recipient performs the same calculation
on the received message, using the same secret key, to generate a new MAC. The received MAC is compared
to the calculated MAC.

Abhishek Kumar, CSED, GEC Khagaria

MAC Continued..
• If the received MAC matches the calculated MAC, then
1. The receiver is assured that the message has not been altered. If an attacker alters the message but does not
alter the MAC, then the receiver’s calculation of the MAC will differ from the received MAC. Because the
attacker is assumed not to know the secret key.
2. The receiver is assured that the message is from the alleged sender. Because no one else knows the secret key,
no one else could prepare a message with a proper MAC.

Abhishek Kumar, CSED, GEC Khagaria

Two Key
• Two-key algorithms involve the use of two related keys. A private key is known only to a single user or entity,
whereas the corresponding public key is made available to a number of users. Encryption algorithms that use
two keys are referred to as asymmetric encryption algorithms.
• A digital signature is a value computed with a cryptographic algorithm and associated with a data object in
such a way that any recipient of the data can use the signature to verify the data’s origin and integrity.
Typically, the signer of a data object uses the signer’s private key to generate the signature, and anyone in
possession of the corresponding public key can verify that validity of the signature.
• Key exchange is the process of securely distributing a symmetric key to two or more parties.
• User authentication is the process of authenticating that a user attempting to access an application or service
is genuine and, similarly, that the application or service is genuine.

Abhishek Kumar, CSED, GEC Khagaria

Some Terminologies
• An original message is known as the plaintext, while the coded message is called the ciphertext.
• The process of converting from plaintext to ciphertext is known as enciphering or encryption;
• Restoring the plaintext from the ciphertext is deciphering or decryption.
• The many schemes used for encryption constitute the area of study known as cryptography. Such a scheme
is known as a cryptographic system or a cipher.
• Techniques used for deciphering a message without any knowledge of the enciphering details fall into the
area of cryptanalysis. Cryptanalysis is what the layperson calls “breaking the code.”
• The areas of cryptography and cryptanalysis together are called cryptology.

Abhishek Kumar, CSED, GEC Khagaria

Symmetric Cipher Model
 Requirements
➢ two requirements for secure use of symmetric
encryption:
⚫ a strong encryption algorithm
⚫ a secret key known only to sender / receiver
➢ mathematically have:
Y = E(K, X) = EK(X) = {X}K
X = D(K, Y) = DK(Y)
➢ assume encryption algorithm is known
⚫ Kerckhoff’s Principle: security in secrecy of key alone,
not in obscurity of the encryption algorithm
➢ implies a secure channel to distribute key
⚫ Central problem in symmetric cryptography
 Cryptanalysis
➢ objectiveto recover key not just message
➢ general approaches:
⚫ cryptanalytic attack
⚫ brute-force attack
➢ if either succeed all key use compromised
 Cryptanalytic Attacks
➢ ciphertext only
⚫ only know algorithm & ciphertext, is statistical,
can identify plaintext
➢ known plaintext
⚫ know/suspect plaintext & ciphertext
➢ chosen plaintext
⚫ select plaintext and obtain ciphertext
➢ chosen ciphertext
⚫ select ciphertext and obtain plaintext
➢ chosen text
⚫ select plaintext or ciphertext to en/decrypt
 Cipher Strength
➢ unconditional security
⚫ no matter how much computer power or time
is available, the cipher cannot be broken
since the ciphertext provides insufficient
information to uniquely determine the
corresponding plaintext
➢ computational security
⚫ given limited computing resources (e.g. time
needed for calculations is greater than age of
universe), the cipher cannot be broken
 Brute Force Search
➢ always possible to simply try every key
➢ most basic attack, exponential in key length
➢ assume either know / recognise plaintext

Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
 Classical Substitution
Ciphers
➢ Where letters of plaintext are replaced by
other letters or by numbers or symbols
➢ or if plaintext is viewed as a sequence of
bits, then substitution involves replacing
plaintext bit patterns with ciphertext bit
patterns
 Caesar Cipher
➢ earliest known substitution cipher
➢ by Julius Caesar
➢ first attested use in military affairs
➢ replaces each letter by 3rd letter on
➢ example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
 Caesar Cipher
➢ can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z = IN
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C = OUT

➢ mathematically give each letter a number

a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

➢ then have Caesar (rotation) cipher as:

c = E(k, p) = (p + k) mod (26)
p = D(k, c) = (c – k) mod (26)
 Transposition Ciphers
➢ now consider classical transposition or
permutation ciphers
➢ these hide the message by rearranging
the letter order without altering the actual
letters used
➢ Security Issue: can recognise these since
have the same frequency distribution as
the original text
 Rail Fence cipher
➢ write message letters out diagonally over a
number of rows
➢ use a “W” pattern (not column-major)
➢ then read off cipher row by row
➢ eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
➢ giving ciphertext
MEMATRHTGPRYETEFETEOAAT
 Row Transposition Ciphers
➢ isa more complex transposition
➢ write letters of message out in rows over a
specified number of columns
➢ then reorder the columns according to
some key before reading off the rows
Key: 4312567
Column Out 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
 Block Transposition Ciphers
➢ arbitraryblock transposition may be used
➢ specify permutation on block
➢ repeat for each block of plaintext
Key: 4931285607
Plaintext: attackpost poneduntil twoamxyzab

Ciphertext: CTATTSKPAO DLEONIDUPT MBAWOAXYTZ

 Product Ciphers
➢ ciphers using substitutions or transpositions are
not secure because of language characteristics
➢ hence consider using several ciphers in
succession to make harder, but:
⚫ two substitutions make a more complex substitution
⚫ two transpositions make more complex transposition
⚫ but a substitution followed by a transposition makes a
new much harder cipher
➢ this is bridge from classical to modern ciphers
 Steganography
➢ an alternative to encryption
➢ hides existence of message
⚫ using only a subset of letters/words in a longer
message marked in some way
⚫ using invisible ink
⚫ hiding in LSB in graphic image or sound file
⚫ hide in “noise”
➢ has drawbacks
⚫ high overhead to hide relatively few info bits
➢ advantage is can obscure encryption use