Lesson 10

Topics for the Week 10 & 11

Cryptography
 
 Cryptography
• Foundations of Cryptology
• Cipher Methods
• Cryptographic Algorithms
• Cryptographic Tools
• Protocol for Secure Communications
• Attacks on Cryptosystems
• Cryptography
• Cryptography, which comes from the Greek words kryptos, meaning
“hidden,” and graphein, meaning “to write,” is the process of making and
using codes to secure the transmission of information.
• Cryptanalysis - is the process of obtaining the original message (called the
plaintext) from an encrypted message (called the ciphertext) without
knowing the algorithms and keys used to perform the encryption.
• Encryption - is the process of converting an original message into a form
that is unreadable to unauthorized individuals—that is, to anyone without
the tools to convert the encrypted message back to its original format.
• Decryption - is the process of converting the ciphertext message back into
plaintext so that it can be readily understood.
Foundations of Cryptology

• Table 13 History of Cryptology

• Table 13 History of Cryptology

Table 13 History of Cryptology (continued)
Table 13 History of Cryptology (continued)
• Cipher Methods
• 
• Substitution Cipher - To use a substitution cipher, you substitute one value
for another, for example a letter in the alphabet with the letter three values to
the right. Or you can substitute one bit for another bit that is four places to its
left. A three-character substitution to the right results in the following
transformation of the standard English alphabet:
• Initial alphabet yields:ABCDEFGHIJKLMNOPQRSTUVWXYZ Encryption
alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC
 • Transposition Cipher - (or permutation cipher) simply rearranges the values
within a block to create the ciphertext. This can be done at the bit level or at
the byte (character) level.

Figure 35 Word Jumble

Source: Course Technology/Cengage
Learning
 
• Key pattern: 1 -> 4, 2 -> 8, 3 -> 1, 4 -> 5, 5 -> 7, 6 -> 2, 7 -> 6, 8 -> 3
• 
• In this key, the bit or byte (character) in position 1 (with position 1 being at the far right) moves
to position 4 (counting from the right), and the bit or byte in position 2 moves to position 8, and
so on.
• The following rows show the numbering of bit locations for this key; the plaintext message
00100101011010111001010101010100, which is broken into 8-bit blocks for clarity; and the
ciphertext that is produced when the transposition key depicted above is applied to the
plaintext:
• Bit locations: 87654321 87654321 87654321 87654321
• Plaintext 8-bit blocks: 00100101|01101011|10010101|01010100
• Ciphertext: 00001011|10111010|01001101|01100001
• Exclusive OR - The exclusive OR operation (XOR) is a function of Boolean
algebra in which two bits are compared, and if the two bits are identical, the
result is a binary 0. If the two bits are not the same, the result is a binary 1.
Table 14 XOR Truth Table

Table 15 Example XOR Encryption

• Vernam Cipher - Also known as the one-time pad, the Vernam cipher, which
was developed by AT&T, uses a set of characters only one time for each
encryption process (hence the name one-time pad).

• Figure 36 Example of Vernam Cipher

• Book or Running Key Cipher - The ciphertext consists of a list of codes representing the page
number, line number, and word number of the plaintext word. The algorithm is the mechanical
process of looking up the references from the ciphertext and converting each reference to a word by
using the ciphertext’s value and the key (the book).
• Hash Functions - are mathematical algorithms that generate a message summary or digest
(sometimes called a fingerprint) to confirm the identity of a specific message and to confirm that
there have not been any changes to the content. While they do not create a ciphertext, hash
functions confirm message identity and integrity, both of which are critical functions in e-commerce.
• Hash algorithms - are public functions that create a hash value, also known as a message digest, by
converting variable-length messages into a single fixed-length value. The message digest is a
fingerprint of the author’s message that is compared with the recipient’s locally calculated hash of
the same message. If both hashes are identical after transmission, the message has arrived without
modification.
• 
 Cryptographic Algorithms
• Two Categories:
• Symmetric Encryption
• Encryption methodologies that require the same secret key to encipher
and decipher the message are using what is called private key encryption or
symmetric encryption.
• One of the most widely known is the Data Encryption Standard (DES),
which was developed by IBM and is based on the company’s Lucifer
algorithm, which uses a key length of 128 bits.
Figure 37 Example of Symmetric Encryption
Source: Course Technology/Cengage Learning
 - uses two different but related keys, and either key can be used to encrypt or decrypt
the message. If, however, key A is used to encrypt the message, only key B can
decrypt it, and if key B is used to encrypt a message, only key A can decrypt it.

 
Figure 38 Example of
Asymmetric Encryption
Source: Course
Technology/Cengage Learning
 Cryptographic Tools

• Public-Key Infrastructure (PKI) - is an integrated system of software,

encryption methodologies, protocols, legal agreements, and third-party
services that enables users to communicate securely. PKI systems are based
on public-key cryptosystems and include digital certificates and certificate
authorities (CAs).
• Digital certificates - are public-key container files that allow computer
programs to validate the key and identify to whom it belongs.
• A typical PKI solution protects the transmission and reception of secure
information by integrating the following components:
• Certificate Authority (CA) - which issues, manages, authenticates, signs, and revokes users’
digital certificates, which typically contain the user name, public key, and other identifying
information.
• Registration Authority (RA) - which operates under the trusted collaboration of the certificate
authority and can handle day-to-day certification functions, such as verifying registration
information, generating end-user keys, revoking certificates, and validating user certificates.
• Certificate directories - are central locations for certificate storage that provide a single access
point for administration and distribution.
• Management protocols - organize and manage the communications among CAs, RAs, and
end users.
• Policies and procedures - assist an organization in the application and management of
certificates, in the formalization of legal liabilities and limitations, and in actual business use.
 • Digital Signatures - encrypted messages that can be mathematically
proven authentic. Asymmetric encryption processes are used to create
digital signatures.

Figure 39 Digital Certificate

Source: Course Technology/Cengage Learning
Table 16 X.509 v3 Certificate Structure
• Hybrid Cryptography Systems - Except in digital certificates, asymmetric
key encryption in its pure form is not widely used, but it is often used in
conjunction with symmetric key encryption—thus, as part of a hybrid
encryption system. The most common hybrid system is based on the Diffie-
Hellman key exchange, which is a method for exchanging private keys using
public key encryption.
 Figure 40 Example of Hybrid Encryption
Source: Course Technology/Cengage Learning
 

 
• Steganography - the art of secret writing—is derived from the Greek words
steganos, meaning “covered” and graphein, meaning “to write.” While
steganography is technically not a form of cryptography, it is another way of
protecting the confidentiality of information in transit.
 Protocols for Secure Communications
• Securing Internet Communication with S-HTTP and SSL
• S-HTTP (Secure Hypertext Transfer Protocol) and SSL (Secure Sockets Layer) are two
protocols designed to enable secure network communications across the Internet.

• Securing E-mail with S/MIME, PEM, and PGP

• S/MIME (Secure Multipurpose Internet Mail Extensions)
• PEM (Privacy Enhanced Mail)
• PGP (Pretty Good Privacy) 

• Securing Web Transactions with SET, SSL, and S-HTTP 

• SET (Secure Electronic Transactions)
• SSL (Secure Sockets Layer)
• S-HTTP (Secure Hypertext Transfer Protocol)
Securing Wireless Networks with WEP and WPA
• WEP (Wired Equivalent Privacy)
• WPA / WPA2 (Wi-Fi Protected Access)
• Next Generation Wireless Protocols
• Robust Secure Networks (RSN) - a protocol planned for deployment as a
• replacement for TKIP in WPA, uses the Advanced Encryption Standard (AES),
along with 802.1x and EAP.
• AES supports key lengths up to 256 bits, but is not compatible with older
hardware.
• Bluetooth - is a de facto industry standard for short-range wireless
communications between devices. It is used to establish communications
links between wireless telephones and headsets, between PDAs and desktop
computers, and between laptops.
• Two-fold Approach to secure Bluetooth-enabled devices:
• Turn off Bluetooth when you do not intend to use it
• Do not accept an incoming communication pairing request unless you know who the
requestor is.

• Securing TCP/IP with IPSec and PGP 

• IPSec (Internet Protocol Security)
• PGP (Pretty Good Privacy)
• 
 Attacks on Cryptosystems
• Man-in-the-middle attack - attempts to intercept a public key or even to insert a
known key structure in place of the requested public key
• Correlation attacks - are a collection of brute-force methods that attempt to deduce
statistical relationships between the structure of the unknown key and the ciphertext
generated by the cryptosystem.
• Dictionary attack - the attacker encrypts every word in a dictionary using the same
cryptosystem as used by the target in an attempt to locate a match between the target
ciphertext and the list of encrypted words.
• Timing attack - the attacker eavesdrops on the victim’s session and uses statistical
analysis of patterns and inter-keystroke timings to discern sensitive session
information.
•Thank you very much for Listening !!!
•Engr. Joel Correa Cacho
MAED-AS/MSCpE