Chapter 2

A Cryptography Primers
Main Goals of Information Security

CIA
 Types of Threats(1)

• Interruption:
– An asset of the system is destroyed of becomes unavailable
or unusable
– Attack on availability
– Destruction of hardware
– Cutting of a communication line
– Disabling the file management system
 Types of Threats(2)

• Interception:
– An unauthorized party gains access to an asset
– Attack on confidentiality
– Wiretapping to capture data in a network
– Illicit copying of files or programs
 Types of Threats(3)
• Modification:
– An unauthorized party not only gains access but
tampers with an asset
– Attack on integrity
– Changing values in a data file
– Altering a program so that it performs differently
– Modifying the content of messages being
transmitted in a network
 Types of Threats(4)

• Fabrication:
– An unauthorized party inserts counterfeit objects into the
system
– Attack on authenticity
– Insertion of spurious messages in a network
– Addition of records to a file
 Security threats
Information Information
source destination

a) Normal flow

b) Interruption

c) Interception

d) Modification e) Fabrication
Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate “securely”
• Trudy (intruder) may intercept, delete, add messages

Alice Bob
channel data, control
messages

data secure secure data

sender s receiver

Trudy

Network Security
 Terminology
• Cryptography:
-process/study of making and using codes to secure
information transmission. Schemes for encryption and
decryption
– the practice/study of rendering information unintelligible
(Meaningless) to everyone except the
intended recipient.
• Cryptanalysis: study of obtaining plaintext without knowing key
and/or algorithm. The study of “breaking the code”.
• Cryptology: study of science of encryption, incl.cryptography
• Steganography: process of hiding messages (and the existence
thereof) in images, text, etc.
• Plaintext: unencrypted message
• Ciphertext: encrypted message
 Terminology (2)
• Cipher, cryptosystem: encryption method consisting of algorithm, key,
and encryption/decryption procedures
• Key: secret info used with algorithm to form cipher
• Encrypt: convert plaintext to ciphertext
• Decrypt: convert ciphertext to plaintext
• Keyspace: # of values that can be used in a key
– Ranges of possible and actual values may vary
– This can greatly affect cipher security
• Entropy: # of different actual values something can have
– Not keyspace, which specifies total # of possible values
– Example keyspace: # of 16-char. passwords using upper-,lowercase
letters, numbers, punctuation. If someone always uses 4-char.
password, entropy much smaller!
– Security problems have originated in seeds of pseudo-random number
generators with low entropy
 Terminology (3)
• Work factor: amount of CPU time needed to analyze ciphertext
(get plaintext) without knowing key or algorithm
• Pseudo-Random Number Generator (PRNG): algorithm that
creates “random” number sequence whose properties are similar
to those of “real” random number sequences
• One-way hash function: converts message to a value (message
digest – MD)
– One-way: can’t determine message from MD
– Examples: MD5, SHA-1, etc.
• Hash collision: two messages produce same MD
– Aim: given a message and an MD, you should not be able to
find another message that hashes to same MD
• Nonce: number only used once, helps prevent replay attacks
 Cypher-Methods (1)
• Plaintext can be encrypted via bit stream or block cipher methods
• Bit stream: each plaintext bit transformed into cipher bit one bit at
a time
• Block cipher: message divided into blocks (e.g., sets of 8- or 16-bit
blocks) and each is
transformed into encrypted block of cipher bits using algorithm and
key
 Cryptographic Algorithms (1)

• Two categories: symmetric and asymmetric

– Today’s cryptosystems use hybrid combination of both
types of algorithms
– Distinguishing features: #, types of keys used for
encryption
• Symmetric: use same “secret key” for message encryption,
decryption
– Computationally efficient
– Both sender, receiver must have key beforehand
– If either copy of key is compromised, attacker can
decrypt and read messages
 Example of Symmetric Encryption
• Data Encryption Standard (DES): one of most
popular symmetric encryption cryptosystems
– 64-bit block size; 56-bit key
– Adopted by NIST in 1976 as federal standard
for encrypting non-classified information
• Triple DES (3DES): created to provide security far beyond DES
• Advanced Encryption Standard (AES): developed to replace both
DES and 3DES
 Asymmetric (public key) encryption
• One key made public
– Used for encryption
• Other kept private
– Used for decryption
• Infeasible to determine decryption key given encryption
key and algorithm
• Ingredients
– Plain text
– Encryption algorithm
– Public and private key
– Cipher text
– Decryption algorithm
 Cryptography Tools
• Public Key Infrastructure (PKI): combination of software,
encryption methodologies, protocols, contracts, and third-party
services enabling secure communications among users
• PKI systems use public-key encryption
– Include digital certificates, cert. authorities (CAs)
 Digital Signatures
• Encrypted messages whose authenticity can be mathematically
proven
• Created to address need for info. Verification in electronic
communications (e.g., ecommerce, online healthcare portals,
etc.)
• Digital signatures use asymmetric crypto.

-Sender encrypts message with their private key

-Receiver can decrypt using senders public key
-This authenticates sender, who is only person who has the
matching key
-Does not give privacy of data
– Decrypt key is public
 Digital Certificates
• Electronic document containing key value and identifying
information about entity that controls key
• Digital signature attached to certificate’s container file to certify
file is from entity it claims to be from
Examples of Protocols for Secure Communications:
• Transport Layer Security (TLS): Public-key crypto. protocol for
secure HTTP communications
§ Secure Socket Layer (SSL): older protocol that achieves similar
purpose
• Email encryption: S-MIME, PGP
§ Secure Multipurpose Mail Extensions (S-MIME):
-Adds encryption, authentication to existing mail extensions
§ Pretty Good Privacy (PGP): Free software that encrypts email
 Cryptography
Notation:

Given
P=Plaintext
C=CipherText
 k=key shared by sender and receiver
C = EK (P) Encryption
P = DK (C) Decryption
 Caesar Cipher
• Is one the earliest cipher type which shifts all the letters in a piece of
text by a certain number of places.

• Caesar ciphers are very simple to create but are also quite easy to crack.
• One method we can use to crack ciphers is called Frequency Analysis.
-This is where we look at the frequency (i.e. the number of times) that each
letter appears.
-The most common letters in the ciphertext are related to the most common
letters in the plaintext.
-The most common letters in the plaintext are likely to be the most common
letters in the language.
• Another way to crack ciphers is by looking at one and two letter words.
If we see a single letter word in the ciphertext then it is likely to be A or
I. Also we can look at repeated letters (such as \t" in \letter").
 Caesar Cipher - early example:
• The key for this cipher is a letter which represents the number
of place for the shift.
So, for example,
 A key D means \shift 3 places"
 A key M means \shift 12 places".
 Note that a key A means \do not shift" and
 A key Z can either mean \shift 25 places" or \shift one place
backwards".

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

For example, the word \CAESAR" with a shift P becomes \RPTHPG".

 Caesar Cipher Example
Questions
(a) Above we saw that \CAESAR" becomes \RPTHPG" using a key P. Can
you find a key that will turn \RPTHPG" back into \CAESAR"?
(b) What does \CAESAR" become with a shift of F?
(c) What key do we need to make \CAESAR" become \MKOCKB"?
(d) What key do we need to make \CIPHER" become \SYFXUH"?
(e) Use the Caesar cipher to encrypt your First name
 Substitution Cipher

• To use a substitution cipher we replace (substitute) each

letter of the plain-text with a different letter in the cipher
text. To use this cipher we need a table of letter replacements.
For example, look at the following table:
Plain C D E H I N P R S T Y
Cipher X J L A Z E V K H O M

Plain Text: THIS IS ETHIOPIA.

Cipher Text: OAZH ZH LOAZTVZH.

 Simple encryption scheme
substitution cipher: substituting one thing for another
– Mono alphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

e.g.: Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc

Encryption key: mapping from set of 26

letters
to set ofSecurity
Network 26 letters
Substitution Cipher

Network Security
Note

In additive cipher, the plaintext, ciphertext,

and key are integers in modulo 26.

TCP/IP Protocol Suite 26

Example encrypt
Use the additive cipher with key = 10 to encrypt the message “dwit”.

Solution
We apply the encryption algorithm to the plaintext, character by
character. The result is “NGSD”.
Ciphertext = 13=n
d=03 Encrypt =(03+10%26)
Ciphertext = 6=g
w=22 Encrypt =(22+10%26)
Ciphertext = 18=s
i=08 Encrypt =(08+10%26)
Ciphertext = 3=d
t=19 Encrypt =(19+10%26)

Ciphertext = 13=n decrypt =(13-10%26) d=03

Ciphertext = 6=g decrypt =(6-10%26) w=22
Ciphertext = 18=s decrypt =(18-10%26) i=08
Ciphertext = 3=d decrypt =(3-10%26) t=19

TCP/IP Protocol Suite 27

 Figure 29.6 Transposition cipher

Plaintext Plaintext
e n emy a t t a c k s t o n i g h t z e n emy a t t a c k s t o n i g h t z

Write row by row Read row by row

e n e m y e n e m y
a t t a c a t t a c
k s t o n k s t o n
i g h t z i g h t z

E E M Y N E E M Y N
T A A C T T A A C T
T K O N S T K O N S
H I T Z G H I T Z G
Read column by column Write column by column

E T T H E AK I MAO T Y C N Z N T S G E T T H E AK I MAO T Y C N Z N T S G
Ciphertext Ciphertext
Transmission
TCP/IP Protocol Suite 28
 RSA Encryption

• RSA encryption is much more complicated than the

encryption methods we have seen so far. The RSA method
encrypts numbers rather than pieces of text.

Here is a description of what you must do to use RSA encryption

(a) Pick two large prime numbers p and q
(b) Work out the products n = p X q and k = (p-1) X (q-1)
(c) Pick a public key e which does not have any factors in common
(apart from 1 of course) with the number k.
(d) Find a private key d so that d X e = 1 (mod k) or so that
e X d has a remainder of 1 when divided by k.
(e) To encrypt a number m work out me (mod n)
(f) To decrypt a number c work out cd (mod n)
 RSA Example

• p = 11 and q = 3.
• n = pXq = 11 X3 = 33:
• k = (p-1)(q-1) = 10 X2 = 20:
• If e = 3 and d = 7, then e X d = 21 has a remainder of 1 when divided
by K = 20 or 3X7%20=1
• Publish (n; e) = (33; 3).
• Sender wants to encrypt message M = 14 :
- (n; e) = (33; 3).
-When Me (143 )= 2744 is divided by 33, the remainder is C = 5.
-Sends ciphertext C = 5 to receiver.
• Receiver to decrypt ciphertext C = 5:
-(n; d) = (33; 7).
-When Cd (57 )= 78125 is divided by 33, the remainder is R = 14.
-R = 14 = M, the original message from Sender!
 RSA Exercise
• Abebe wants to set up his own public and private keys. He chooses
p = 3 and q = 17 with e = 7. Find d so that e X d has a remainder of
1 when divided by (p -1)(q-1).
• n=3x17=51
• k=2X16=32
• Let assign e=3 and suitable value for d is 11 because 3X11% 32=1
• Publish (n; e) = (51; 3).
• Sender wants to encrypt message M = 9 :
-what is ciphertext of M will be sent to receiver?
-How Receiver decrypt ciphertext of M?
 Assignment 2

1) First compare and contrast the following encryption

algorithms. Finally try to select the better one with clear
justifications?
 Data Encryption Standard (DES)
 Triple DES (3DES or TDES)
 RSA Encryption
 Blowfish Encryption Algorithm
 IDEA (International Data Encryption Algorithm)
 The MD5 message-digest algorithm