Cryptography and Public key

Infrastructure
 Cryptology
• Cryptography
The area of study containing the principles and methods of
transforming an intelligible message in to one that is
unintelligible, and then retransforming that message back
to its original form.
• Cryptanalysis(Hacking)
is art and science of decoding non readable data without
knowing techniques of encoding.
• Cryptology
Both Cryptography and Cryptanalysis Known as Cryptology
 Symmetric Key Encryption
• Encryption and Decryption is done with single
key
• A symmetric encryption scheme has five
ingredients
– Plain Text
– Encryption algorithm
– Secret Key
– Cypher Text
– Decryption algorithm
Simplified Model of Conventional Encryption
 Basic Requirement
1. Strong encryption algorithm:
The opponent should be unable to decrypt cipher text or discover
the key even if he or she is in possession of a number of cipher
texts together with the plaintext that produced each cipher text.

2. Key must be secret.

The key must be shared in secret manner by sender or some third
party.

3.No need to make algorithm secret

 Types of Attacks on Encrypted Messages
Type of Attack Known to Cryptanalyst
Ciphertext only & ● Encryption algorithm
Frequency Analysis ● Ciphertext

Known plaintext ● Encryption algorithm

● Ciphertext
● One or more plaintext-ciphertext pairs
formed with the secret key
Chosen plaintext ● Encryption algorithm
● Ciphertext
●Plaintext message chosen by
cryptanalyst, together with its
corresponding ciphertext generated
with the secret key
 Types of Attacks on Encrypted Messages
Type of Attack Known to Cryptanalyst
Chosen ciphertext ● Encryption algorithm
● Ciphertext
● Purported ciphertext chosen by
cryptanalyst, together with its
corresponding decrypted plaintext
generated with the secret key
Chosen text ● Encryption algorithm
● Ciphertext
● Plaintext message chosen by
cryptanalyst, together with its
corresponding ciphertext generated with
the secret key
● Purported ciphertext chosen by
cryptanalyst, together with its
corresponding decrypted plaintext
• brute-force attack
 Asymmetric Key Encryption
• referred to as public key encryption.
• It uses two keys one is public key that is known by
all and other is private key
• A symmetric encryption system has the following
components:
– Plaintext:
– Encryptional gorithm:
– Public and PrivateKey
– Ciphertext:
– Decryptional gorithm:
Public-Key Cryptosystem: Secrecy

Y = E(PUb, X)
X = D(PRb, Y)
Public-Key Cryptosystem:
Authentication

Y = E(PRa, X) X = D(PUa, Y)
 Public-Key Cryptosystem:
Authentication and Secrecy
Z = E(PUb, E(PRa, X))

X = D(PUa, E(PRb, Z))

 Requirements for Public-Key
Cryptography
1. It is computationally easy for a party B to generate a
pair (public key PUb, private key PRb).
2. It is computationally easy for a sender A, knowing
the public key and the message to be encrypted, M,
to generate the corresponding ciphertext:
C = E(PUb, M)
3. It is computationally easy for the receiver B to
decrypt the resulting ciphertext using the private key
to recover the original message:
M = D(PRb, C) = D[PRb, E(PUb, M)]
4. It is computationally infeasible for an
adversary, knowing the public key, PUb, to
determine the private key, PRb.

5. It is computationally infeasible for an adversary,

knowing the public key, PUb, and a ciphertext, C,
to recover the original message, M.
6. The two keys can be applied in either order:
M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
 Substitution Technique
• Substitution Technique
– Letters of plain text are replaced by other letters or by
numbers or symbols.
1.Caesar Cipher(Shift Cipher)
2.Playfair Cipher
3.Hill Cipher
4.Vigenere Cipher(Polyalphabetic Cipher)
5.Vernam Cipher
6.One Time Pad Cipher(Vermin Cipher)
 Caesar Cipher
• In this cipher, Each letter in the plaintext is replaced
by a letter some fixed number position (Key) down
the alphabet.
• For Example with shift 3 A would be replaced by D.
• The alphabet is wrapped around so that Z follows A.
• Example:
• Plaintext: MEET ME AFTER THE PARTY
• Ciphertext: PHHW PH DIWHU WKH SDUWB
• Mathematically, starting from a=0, b=1 and so
on, Caesar cipher can be written as:
E(p) = (p + k) mod (26)
D(C) = (C –k) mod (26)

• This cipher can be broken:

1) If we know one plaintext-cipher text pair since
the difference will be same.
2) There are only 26 possible keys.
3) Does not change the frequency of an
alphabate
 Playfair Cipher
• In this technique multiple (2) letters are
encrypted at a time.
• based on the use of a 5 x 5 matrix of letters
constructed using a keyword.
• The plaintext is encrypted two letters at a
time
1) Break the plaintext into pairs of two consecutive
letters.
2) If a pair is a repeated letter, insert a filler like
‘X‘inthe plaintext, eg. "balloon" is treated as
"balx lo on“
3) If in the last there is only one letter then insert X
after it to make a pair.
4) If both letters fall in the same row of the key
matrix, replace each with the letter to its right
(wrapping back to start from end), eg. “AR"
encrypts as "RM"
 5) If both letters fall in the same column, replace each
with the letter below it (again wrapping to top from
bottom), eg. “MU" encrypts to "CM“
6) Otherwise each letter is replaced by the one in its
row in the column of the other letter of the pair, eg.
“HS" encrypts to "BP", and “EA" to "IM" or "JM" (as
desired)
Try:
Key:COMPUTER
WORD: ENGINEERING(RLHDLRRASGN)
• Advantage:
– 26 x 26 = 676 digrams
– frequency analysis is much more difficult
 Hill Cipher
• This cipher is based on linear algebra
• The substitution is determined by m linear
equations. For m = 3, the system can be
described as:
c1 = (k11p1 + k12p2 + k13p3)mod 26
c2 = (k21p1 + k22p2 + k23p3)mod 26
c3 = (k31p1 + k32p2 + k33p3)mod 26
• Cipher =(PT*Key) mod 26
• PlainText =(Cipher*Key-1)mod 26
• Matrix inverse:
[Determinant(key)]-1 * Adjoint (Key)

• Adj(Key):
– Transpose(KEY)
– Find Minor
– Find co factor
• TEXT Matrix is:

• KEY Matrix is:

 Polyalphabatic Cypher(Vigenère)
• The table consists of the alphabets written out 26
times in different rows, each alphabet shifted
cyclically to the left compared to the previous
alphabet, corresponding to the 26 possible
Caesar Ciphers.
• At different points in the encryption process, the
cipher uses a different alphabet from one of the
rows.
• The alphabet used at each point depends on a
repeating keyword.
Polyalphabatic Cypher(Vigenère)
 One time pad (vermin cipher)
• This system works on binary data (bits) rather than
letters, The technique can be expressed as follows:
ci = ki ⊕ pi
where
pi = ith binary digit of plaintext
ci = ith binary digit of ciphertext
ki = ith binary digit of key
⊕= exclusive-or (XOR) operation
• Thus, the ciphertext is generated by
performing the bitwise XOR of the plaintext
and the key.
• •Decryption simply involves the same bitwise
operation
pi = ki ⊕ ci
 Steganography
• The art and science of hiding information (it
can be Plain Text, Cipher Text, Images , etc) by
embedding messages within other is called
Steganography.
• It is used when encryption is not permitted.
•It has three types(Ex.for Images)
1.LSB(Least Significant Bit)
2.DCT(Discrete Cosine Transform)
3.Append Algorithm
 Hashing
• Hashing is technique of obtain hash function which
provides digital signature to the content
• Some of the Application of the hash function are listed
below,
–Digital signature
–Password hashing
–Time Stamping
• Hash function maps a message of any length into a
fixed-length hash value, which serves as the
authenticator
 General Structure of Hash
Function
• 1.The input message is partitioned into L fixed-sized
blocks of b bits each, If necessary, the final block is
padded to b bits.The final block also includes the value
of the total length of the input message.
• 2.The hash algorithm involves repeated use of a
compression function, f, that takes two inputs And
produces an n-bit output
• 3.At the start of hashing, the chaining variable has an
initial value that is specified as part of the algorithm,
The final value of the chaining variable is the hash value.
 SHA-1
(Arbitrary msg of length X)

SHA-1

160 bit H(X)

 SHA-1
• The algorithm takes as input a message of maximum length of
less than 2^64 bits and produces a 160-bit message digest, The
input is processed in 512-bit blocks
•The Algorithm Step are listed below:
1.Initialize variables
h0=0x67452301
h1=0xEFCDAB89
h2=0x98BADCFE
h3=0x10325476
h4=0xC3D2E1F0
ml=message length in bits
 Padding
• Input is divided in 448 Bits
• 64 Bits binary function is padded(original
length)
• Total of 512 bits
 Compression function

DEFAULT KEY DEFAULT REG VALUE

CONSTANT

• K1:0x5A827999 • H0(A) OX67452301

• K2:06ED9EBA1 • H0(B) 0XEFCDAB89
• K3:0X8F1BBCDC • H0(C)0X98BADCFE
• K4:0XCA62C106s • H0(D) 0X10325476
• H0(E) 0XC3D2E1F0
 Function FK
• Stage 1(0..19)
F(T,B,C,D)=(B AND C) OR(NOT B) AND D
• Stage 2(20..39)
F(T,B,C,D)=B EX-OR C EX-OR D
• Stage 3(40..59)
F(T,B,C,D)=(B AND C) OR (B AND D) OR(C AND D)
• Stage 4(60..79)
F(T,B,C,D)=B EX-OR C EX-OR D
 Digital Signature
• Used for authentication
• The use of digital signature usually involves two
processes, one performed by the signer (Digital
Signature Creation) and the other by the
receiver (digital Signature Verification) of the
digital signature.
• In situations where there is not complete trust
between sender and receiver, something more
than authentication is needed.
• Digital Signature must have the following properties.
– It must verify the author and the date and time of the
signature.
– It must authenticate the contents at the time of the signature.
– It must be verifiable by third parties, to resolve disputes.
• requirements for a digital signature:
– The signature must be a bit pattern that depends on the
message being signed
– The signature must use some information unique to the
sender, to prevent both forgery and denial.
– It must be relatively easy to produce the digital
signature
– It must be relatively easy to recognize and verify
the digital signature.
– It must be computationally infeasible to forge a
digital signature
– It must be practical to retain a copy of the digital
signature in storage.
 What is it actually??
•  one-way hash (encryption)  using your public
and private key pair.
• How does a Digital Signature Work?
• Consider a scenario where Alice has to
digitally sign a file or an email and send it to
Bob.
• Digital certificate includes:
– Subject name
– Serial number
– Validity date range 
– issuer name, etc.
• Digital signature V/s Certificate
 Key Escrow
• Key Escrow is a cryptographic key exchange
process in which a key is held in a escrow(vault)
or stored by the third party.
• It provide a back up source for cryptographic
keys, but this system is some what risky because
a third party is involved.
• The purpose of it is to serve as a back up if the
parties with access to the cryptographic key loss
the data.
 Public Key Infrastructure
• Is a set of hardware, software, people,
policies, and procedures needed to create,
manage, distribute, use, store, and revoke
digital certificates.
• A PKI consists of:
1.CertificateAuthority(CA)((n)code,emudra,
NIC,TCS,SafeScript)
2.RegistrationAuthority(RA)
3.CentralDirectory
4.CertificateManagementSystem
5.CertificatePolicy
 Steps for DC
1.Application Phase:
1. Applicant will access the CA website to select customer type and class of certificate
needed.
2. Online registration form.
3. Verification of mandatory fields
4. payment
2.Authentication Phase:
1.RA verifies and validates the information
3.Retrieval Phase:
After verification , Authorization Code will be sent through registered A.D.
 Centralized & Decentralized
Infrastructure
• The key pairs used in a PKI are generated
using the two basic methods:
– Centralized Infrastructure
– Decentralized Infrastructure

Private Key Protection

1.Minimize Access to Private Keys
2.Use Physical Security to Protect Keys
 Trust Model
Collection of rules that decide the legitimacy of
a Digital Certificate.
Three types of Trust Model
1.Hierarchical Model
2.Peer to Peer Model (Bridge Model)
3.Hybrid Model
Hierarchical Trust Model
• In a hierarchical trust model— also known as a
Tree a root CA at the top provides all the
information
• The intermediate CAs are next in
the hierarchy, and they only trust information
provided by the root CA
Bridge Model(Peer to Peer)
• Advantage: Can use cross platform
certification for organizations.
• Disadvantage: If one of the root CAs doesn’t
maintain tight internal security around its
certificates, a security problem can be
created:
– An illegitimate certificate could become available
to all the users in the bridge structure and its
subordinate or intermediate CAs
Hybrid Model
• Notice,the single intermediate CA server on the
rightside of the illustration is the only server that
is known by the CA below it
• The subordinates of the middle-left CA are linked
to the two CAs on its sides.
• These two CAs don’t know about the other CAs,
because they are linked only to the CA that
provides them a connection.
• Disadvantage:  complicated and confusing