Chapter 3

Introduction to Cryptography
 Outline
Topics
Integrity and Authenticity
Confidentiality
Public Key Cryptography
Digital Certificates and Digital Signatures
Applications and Impacts of Cryptography
Objectives
Explain the role of cryptography in ensuring the integrity
and authenticity of data.
Explain how cryptographic approaches enhance data
confidentiality.
Explain public key cryptography.
Explain the role of digital certificates.
Explain how the use of cryptography affects
cybersecurity operations.
Integrity and Authenticity

Elements of Secure Communication

• Data Integrity
• Origin Authentication
• Data Confidentiality
• Data Non-Repudiation
Hash Functions Overview

• Hashes are used to verify and

ensure data integrity.

• Hashing is based on a one-

way mathematical function
that is relatively easy to
compute, but significantly
harder to reverse.

Creating a hash
What is A Cryptographic Hash Functions

• Mathematically, the equation h= H(x) is used to explain how a

hash algorithm operates. As shown in the figure, a hash function H
takes an input x and returns a fixed-size string hash value h.

Hashing Formula
 A simple Hash Function
• Input: a number consisting of several digits
• Output: a number consisting of 2 digits and is less than 32.
• Computation: Repeatedly Add the digits of the number until the results
becomes less than 32.
• Hash: The result/output is hash value

For example:
Number: 84139784
Computation: 8+4+1+3+9+7+8+4 =44
4+4=8
Hash: 08
How Do Hash Algorithms Work?
Uses of Cryptographic Hash Functions -
Origin Authentication

Origin Authentication
• To add origin authentication
and integrity assurance, use a
keyed-hash message
authentication code (HMAC).

• HMAC uses an additional

secret key as input to the
hash function.
Uses of Cryptographic Hash Functions -
Origin Authentication

Creating the HMAC Value

• As shown in the figure, the
sending device inputs data (such
as Terry Smith’s pay of $100 and
the secret key) into the hashing
algorithm and calculates the
fixed-length HMAC digest.
• This authenticated digest is
then attached to the message
and sent to the receiver.
 Uses of Cryptographic Hash
Functions - Origin Authentication

• In the figure, the receiving device removes

the digest from the message and uses the
plaintext message with its secret key as input
into the same hashing function. If the digest
that is calculated by the receiving device is
equal to the digest that was sent, the message
has not been altered.
• Additionally, the origin of the message is
authenticated because only the sender
possesses a copy of the shared secret key. The
HMAC function has ensured the authenticity
of the message.
Uses of Cryptographic Hash Functions - Data
Confidentiality
Symmetric Encryption

Symmetric algorithms use the same pre-shared key to encrypt and

decrypt data. A pre-shared key, also called a secret key, is known by
the sender and receiver before any encrypted communications can
take place.

Symmetric Encryption Example

Asymmetric Encryption

Asymmetric algorithms, also called public-key algorithms, are designed so

that the key that is used for encryption is different from the key that is
used for decryption, as shown in the figure. The decryption key cannot, in
any reasonable amount of time, be calculated from the encryption key
and vice versa.

Asymmetric Encryption Example

Asymmetric Encryption –
Confidentiality
Step 1: Alice requests and obtains Bob’s public key.

Step 1
 Asymmetric Encryption –
Confidentiality
Step 2: Alice uses Bob’s public key to encrypt a message using an agreed-
upon algorithm. Alice sends the encrypted message to Bob.

Step 2
 Asymmetric Encryption – Confidentiality
Step 3: Bob then uses his private key to decrypt the message. Since
Bob is the only one with the private key, Alice's message can only be
decrypted by Bob and thus confidentiality is achieved.

Step 3
Uses of Cryptographic Hash Functions - Data Integrity

Combining Symmetric and Asymmetric Encryption – Digital

Envelop

• Combining the two asymmetric encryption processes

provides message confidentiality, authentication, and
integrity.

• The following example will be used to illustrate this process.

In this example, a message will be ciphered using Bob’s
public key and a ciphered hash will be encrypted using
Alice’s private key to provide confidentiality, authenticity,
and integrity.
Digital Envelop - 1

Step 1: Alice wants to send a

message to Bob ensuring that
only Bob can read the
document. In other words,
Alice wants to ensure message
confidentiality.

Alice uses the public key of

Bob to cipher the message.
Only Bob will be able to
decipher it using his private
key.

Step 1
Digital Envelop - 2

Step 2: Alice also wants to ensure

message authentication and
integrity.

Authentication ensures Bob that

the document was sent by Alice,
and integrity ensures that it was
not modified.

Alice uses her private key to

cipher a hash of the message.
Alice sends the encrypted
message with its encrypted hash
to Bob.
Step 2
Digital Envelop - 3

Step 3: Bob uses Alice’s public

key to verify that the message
was not modified.

The received hash is equal to

the locally determined hash
based on Alice’s public key.

Additionally, this verifies that

Alice is definitely the sender of
the message because nobody
else has Alice’s private key.

Step 3
 Digital Envelop - 4
Step 4: Bob uses his private key to decipher the message.

Step 4
 Digital Signatures
Digital signatures are a mathematical technique used to provide
authenticity, integrity, and nonrepudiation. Digital signatures have
specific properties that enable entity authentication and data
integrity. In addition, digital signatures provide nonrepudiation of the
transaction. In other words.
Properties of digital signatures
The signature cannot be forged and provides proof that
Authentic
the signer, and no one else, signed the document.

Unalterable After a document is signed, it cannot be altered

The document signature cannot be transferred to another

Not Reusable
document.
The signature is proof that the document has been signed
Non-Repudiated
by the actual person.
Digital Certificates
Applications and Impacts of
Cryptography
Where can PKI be used by an enterprise? The following
provides a short list of common uses of PKIs:
• SSL/TLS Secure network traffic using IPsec VPNs
• HTTPS Web traffic
• Secure email using the S/MIME protocol
• Secure instant messaging
• Approve and authorize applications with Code Signing
• Protect user data with the Encryption File System (EFS)
• Implement two-factor authentication with smart cards
• Securing USB storage devices
Encryption and Security
Monitoring
• Network monitoring becomes more challenging when
packets are encrypted. However, security analysts
must be aware of those challenges and address them
as best as possible. For instance, when site-to-site
VPNs are used, the Intrusion Prevention System (IPS)
should be positioned so it can monitor unencrypted
traffic.
• However, the increased use of HTTPS in the enterprise
network introduces new challenges. Since HTTPS
introduces end-to-end encrypted HTTP traffic (via
TLS/SSL), it is not as easy to peek into user traffic.
Summary

• Integrity and Authenticity

• Authentication
• Public Key Cryptography
• Digital Signatures and Certificates
• Impacts of Cryptography