ITSE202

CYBERSECURIT
Y II
LECTURE II – Cryptography
 1.WHY WE NEED
CRYPTOGRAPHY
 While networks can be made relatively secure, there
is always the possibility that the information can be
intercepted at some point or unauthorized access
gained. When this happens, there is a final defense –
encryption.
1.WHY WE NEED CRYPTOGRAPHY

(Cont….)
2. WHAT IS CRYPTOGRAPHY?
 It is coming from a Greek word “krypto’s” means
“Hidden Secrets”.
 The goal is to conceal the information even if the
information is intercepted by the others.
 Thus, it takes an exceedingly important role to have
Confidentiality, Integrity, Availability (CIA Triad) in our
technology such as network communications,
internet, e-mails, cell phones, etc.
3. BASIC TERMS IN CRYPTOGRAPHY
 Plain text; the message.
 Cipher Text; unintelligible version of the message.
 Encryption; the operation to transform the plain text into the
cipher text.
 Decryption; the operation to transform the cipher text into
the
plain text.
 Cipher (or cypher); the algorithm to carry out encryption
and
decryption.
 Key; crucial information used by cipher and only known for
4. HISTORY OF CRYPTOGRAPHY
 Since ancient times the division between one side and
its adversary has made it important to search for a way
of hiding messages while information is in transit.
 Classical algorithms are usually defined as those
invented pre-computer, up to around the 1950s. These
techniques tended to work on the actual letters
themselves, rather than other representations such as
bits and bytes.
 During World War II, ciphers were developed, which rely
on complex gearing mechanisms to encipher the text.
These include the Enigma Cipher and the Lorenz
Cipher.
4.1. Hieroglyph
The first known cryptography method used by
Egyptians 4000 years ago. They make contact by
messages written in hieroglyph.
4.1. Hieroglyph
 4.2. Caesar Cipher
 Perhaps the most famous of these ancient encryption
systems is the Caesar cipher, so called by the ancient
historian of Rome, Suetonius.
 This cipher is a shift cipher; that is it relies on a shift of the
alphabet according to some key.
 It is said that Caesar used a simple version with a shift of
3, but, of course, any number of shifts could be applied
from 1 to 25. Another shift, that is shift 26, will bring the
alphabet back to its original state, as there are 26
characters in the alphabet.
A B C D E F

A B C D E F

Encryptio internet ———— lqwhuqh

n ———> w

A B C D E F

A B C D E F

Decryptio internet lqwhuqh

<
n w
————
SEE https://cryptii.com/pipes/caesar-cipher
———
DECODE https://www.dcode.fr/caesar-cipher
5. TYPES OF CRYPTOGRAPHY
Symmetric Key Cryptography

Asymmetric Key Cryptography

Hash Functions
5.1. Symmetric Key Cryptography
The sender and the receiver use the same key to
encrypt and decrypt the message. Also, known as
private key encryption.
same pre- same pre-
shared key shared key
Plain Cipher Plai
Sende Receive
Text encryption Text decryption n
r Text r
5.1.1. Symmetric Encryption
Algorithms
 3DES (triple DES)
 IDEA
 AES
 3DES (triple DES)
 Digital Encryption Standard (DES) is a symmetric block
cipher with 64-bit block size that uses a 56-bit key. It
takes a 64-bit block of plaintext as input and outputs
a 64-bit block of ciphertext. It always operates on
blocks of equal size and it uses both permutations and
substitutions in the algorithm. A permutation is a way
of arranging all elements of a set.
 Triple DES encrypts data three times and uses a
different key for at least one of the three passes,
giving it a cumulative key size of 112 to 168 bits. 3DES
is more resistant to attack, but it is much slower than
DES.
The 3DES encryption cycle is as follows:

1. Data encrypted by first DES. (56 bit)

2. Data decrypted by second DES. (112 bit)

3. Data re-encrypted by third DES. (168 bit)

The reverse process decrypts the ciphertext.

Students must watch:

https://www.youtube.com/watch?v=23JangqRhIc
 IDEA
 The International Data Encryption Algorithm (IDEA) uses
64-bit blocks and 128-bit keys. IDEA performs eight
rounds of transformations on each of the 16 blocks that
results from dividing each 64-bit block (64 / 4).

 IDEA was the replacement for DES, and now PGP (Pretty
Good Privacy) uses it. PGP is an encryption program
that provides privacy and authentication in data
communication. GNU Privacy Guard (GnuPG) is a
licensed, free version of PGP.

 See Video:
https://www.youtube.com/watch?v=909pwcyqVFQ
 AES
 The Advanced Encryption Standard (AES) has a fixed
block size of 128 bits with a key size of 128, 192, or
256 bits. The National Institute of Standards and
Technology (NIST) approved the AES algorithm in
December 2001. The U.S. government uses AES to
protect classified information.

 AES is a strong algorithm that uses longer key lengths.

AES is faster than DES and 3DES, so it provides both a
solution for software applications as well as hardware
use in firewalls and routers.

 SEE: https://www.youtube.com/watch?v=aaDcV4gLX40
5.2. Asymmetric Key Cryptography
It is also known as public key encryption. It requires two
different keys. Public key is used to encrypt the message
and the private key is used to decrypt the message. There
is no key exchange. If Alice wants to send a message to
Bob. First, Alice
has to request Bob’s public key to encrypt the message.
Then, Bob opens that message with his private key. So,
the keys are asymmetric.
Requesting Bob’s public key

Alice Bob
Bob sends his public key
5.2.2. Key Management
 Key management includes the generation, exchange,
storage, use and replacement of keys used in an
encryption algorithm.
 It is the most difficult part of designing a
cryptosystem.
 Many cryptosystems have failed because of mistakes
in their key management procedures.
 In practice, most attacks on cryptographic systems
target the key management level, rather than the
cryptographic algorithm itself.
 There are several essential characteristics of key
management to consider. Two terms used to describe
keys are:
 Key length — Also called the key size, this is the length
of the key in bits.
 Keyspace — This is the number of possibilities that a
specific key length can generate.

As key length increases, the keyspace increases

exponentially. The keyspace of an algorithm is the set of all
possible key
values. Longer keys are more secure; however, they are
also
more resource intensive. Almost every algorithm has some
weak keys in its keyspace that can enable a criminal to
5.2.3. Comparing Encryption Types
5.3. Hash Functions

 Accept a variable size message M as input and

produce a fixed size output, referred to as a hash
value or message digest.

 A change in any bit of M results in a huge change in

it’s hash value.
5.3.1. Properties of Hash Functions
A cryptographic hash function has the following
properties:

 The input can be any length.

 The output has a fixed length.
 The hash function is one-way and is not reversible.
 Two different input values will almost never result
in the same hash.

SEE: https://www.youtube.com/watch?v=cczlpiiu42M
5.3.2. Hash Algorithms
Hash functions help to ensure that a user or
communication error does not change data
accidentally.
For instance, a sender may want to make sure that no
one
alters a message on its way to the recipient.

The sending device inputs the message into a hashing

algorithm and computes its fixed-length digest or
fingerprint.
5.3.2.1. Latest Hash Algorithms
 Message Digest 5 (MD5)Algorithm

 Secure Hash Algorithm (SHA)

Differences between (MD5) and (SHA)
 The primary differences between SHA (Secure Hash Algorithm) and
Algorithm
MD5 (Message Digest Algorithm 5) lie in their cryptographic properties
and level of security.
 While both are cryptographic hash functions, SHA produces longer
hash values (e.g., SHA-256 generates a 256-bit hash) compared to
MD5 (which produces a 128-bit hash).
 Additionally, SHA is designed to be more secure against collision
attacks and pre-image attacks, meaning it's more resistant to finding
two different inputs that produce the same hash value and reversing
the hash function to obtain the original input, respectively.
Differences between (MD5) and (SHA)
 MD5, on the other hand, has known vulnerabilities, making it
Algorithm
unsuitable for cryptographic purposes where strong security
guarantees are required.

***Therefore, SHA is generally recommended for secure cryptographic

applications over MD5 due to its stronger security properties.***
 Hashing Files and Digital Media

Integrity ensures that data and information is complete

and unaltered at the time of its acquisition. It is
important for users to have confidence in this when
downloading a file from the Internet, or if a forensic
examiner is looking for evidence on digital media, and
so on.
  Salting
 Salting makes password hashing more secure.

 If two users have the same password, they will also

have the same password hashes. A salt, which is a
random string of characters, is an additional input
added to the password before hashing.
 This creates a different hash result even when the two
passwords are identical. Then, the database stores
both the hash and the salt. The same password
generates a different hash for different users, because
the salt in each instance is different. Meanwhile, the
salt does not have to be secret since it is a random
Salting prevents an attacker from using a dictionary
attack to try to guess passwords. Salting also makes it
impossible to use
lookup tables and rainbow tables to crack a hash.111
 Implementing Salting
The following recommendations will help ensure
successful implementation of salting:

 The salt needs to be unique for every user

 password.
Never reuse a salt.
 Always hash on the server, in a web application.
To validate a password:

 Retrieve a user’s salt and hash from the database.

 Add the salt to the password and hash it with the
same hash function.
 Compare the hash of the password just submitted by
the user trying to log in to the one stored in the
database.
 If the hashes do not match, the password the user
has just tried to log in with is incorrect.
6. REFERENCES
 Ralph Moseley, (2022). Advanced Cybersecurity Technologies, 1th
Edition.
 Tim Rains, (2020). Cybersecurity Threats, Malware Trends, and
Strategies. Preetha S, P. Lalasa & Pradeepa R, (2021). A
 Comprehensive Overview on
Cybersecurity: Threats and Attacks.

 William
 Pollock, (2019). Linuz Basics for Hackers.
Na. Vikraman, (2021). Cryptography and Network Security.

 Nathan House, (2017). The Complete Cyber Security Course, 1th



Edition.
 Seepanshu Rajput, (2020). Cryptography in Network Security.