Information Security

Unit 3:
Cryptography and Key Management
 Outline
 Basics of cryptography
 Symmetric Cryptography [Data Encryption Standard
(DES), Triple DES, (Advanced Encryption Standard
(AES) , Key distribution)
 Asymmetric cryptography
 Public and private keys
 RSA (Rivest Shamir Aleman)
 Elliptic curve
 Hash function
 Digital signatures
 PKI (Public Key Infrastructure)
 Applied cryptography
 Why Cryptography?
Cryptography is a component of many security systems
It applies to numerous aspects of the security models
( Confidentiality, Authentication, Integrity, Authorization,
Non-repudiation)
Desired Property Threat Solution

Confidentiality Disclosure Encryption for secrecy

Disguising traffic
patterns

Authentication Spoofing Digital signature

Integrity Modification, Message digests, hashing,

replay time stamps

Non-repudiation Denial Digital signature

3
 What Is Cryptography
 Cryptography is the science of hiding
information in plain sight, in order to conceal it
from unauthorized parties.
 Substitution cipher first used by Caesar
for battlefield communications
 Encryption Terms and Operations
 Plaintext – an original message
 Ciphertext – an encrypted message
 Encryption – the process of transforming
plaintext into ciphertext (also encipher)
 Decryption – the process of transforming
ciphertext into plaintext (also decipher)
 Encryption key – the text value required to
encrypt and decrypt data
 Secure Communications

Encryption Key Decryption Key

plaintext ciphertext
Alice Encrypt Decrypt Bob

Mallory/ Enemy or
Oscar Eve Adversary

Fig. Basic Communication Scenario

 Eve’s Goals
1. Read the message
2. Figure out the key Alice is using and read all the messages
encrypted with that key
3. Modify the content of the message in such a way that
Bob will think Alice sent the altered message.
4. Impersonate Alice and communicate with Bob who thinks
he is communicating with Alice.

Oscar is a passive observer who is trying to perform (1) and (2).

Mallory is more active and evil who is trying to perform

(3) And (4).

7
 Attack Methods
1. Ciphertext only: Alice has only a copy of ciphertext
2. Known Plaintext: Eve has a copy of ciphertext and the
corresponding plaintext and tries the deduce the key.
3. Chosen Plaintext: A chosen-plaintext attack (CPA)
is an attack model for cryptanalysis which presumes
that the attacker has the capability to choose
arbitrary plaintexts to be encrypted and obtain the
corresponding ciphertexts.
4. Chosen Ciphertext: A chosen-ciphertext
attack (CCA) is an attack model for cryptanalysis in
which the cryptanalyst gathers information, at least in
part, by choosing a ciphertext and obtaining its
decryption under an unknown key.
8
Encryption Methodologies
 Substitution Cipher
 Plaintext characters are substituted to form
ciphertext
 “A” becomes “R”, “B” becomes “G”, etc.
 Character rotation
• Caesar rotated three to the right
(A > D, B > E, C > F, etc.)
 A table or formula is used
 ROT13 is a Caesar cipher
 Subject to frequency analysis
attack
 Transposition Cipher
 Plaintext messages are transposed into ciphertext
 Plaintext:
A K C N B
ATTACK AT ONCE VIA
NORTH BRIDGE T A E O R
 Write into columns going down T T V R I
 Read from columns to the right
A O I T D

 Ciphertext: C N A H G

AKCNBTAEORTTVRIAOITDCNAHG
 Subject to frequency analysis
attack
 Mono-alphabetic Cipher
 One alphabetic character is substituted
or another
 Caesar right-three shift:
 Or a more random scheme:

A B C D E F G H I J …Z A B C D E F G H I J …Z
D E F G H I J K L M …C
 Subject to frequency analysis attackW E R T B N P Q C U … X
 Mono-alphabetic Cipher
Here the cipher can be any permutation of
26 alphabet characters.
More immune to Brute-force
Single cipher alphabet is mapped to plain
alphabet in message.
Distance between plaintext and cipher text is
not same.
 Mono-alphabetic Cipher

Problem
Since both Plain Text and Cipher Text are
in English Language
 Nature of plain text can be known.
 Mono-alphabetic Cipher
.eg Let us try to break the following moalphabetic
cipher using Freq analysis chart for
‘GZGEWVGRNCP’ Freq chart in next slide
CT G Z G E W V G R N C P
Freq 3 1 3 1 1 1 3 1 1 1 1
PT E E E
PT E E T E L A N
PT E X E C U T E P L A N

Try with High frequency text or permutation of text for breaking cipher
 Mono-alphabetic Cipher

Relative frequency of English Letters

 Mono-alphabetic Cipher
Advantage
•Secured than Caesar Cipher

Disadvantage
• Easy to breakdown using frequency
analysis of english alphabets
 Polyalphabetic Cipher

 Two or more substitution alphabets

Plaintext A B C D E F G H I … Z
Alpha 1 W E R T B N P Q C … X
Alpha 2 R B I K Q D X U N … E
Alpha 3 V B D R H W A X I … U
Alpha 4 M U T X D G P O W … F
Alpha 5 Y D V B J I K E Z … O

 CAGED becomes RRADB

 Not subject to frequency attack
 Running-key Cipher
 Plaintext letters converted to numeric (A=0, B=1, etc.)
 Plaintext values “added” to key values giving ciphertext
 The plaintext(P) and key(K)
 Encryption. Ei = (Pi + Ki) mod 26
 Decryption Di = (Ei - Ki) mod 26

Plaintext A T T A C K A T O N C E V I A N
Key S E C R E T S E C R E T S E C R
Plaintext 0 19 19 0 2 10 0 19 14 13 2 4 21 8 0 13
Key 18 4 2 17 4 19 18 4 2 17 4 19 18 4 2 17
Sum 18 23 21 17 6 3 18 23 16 4 6 23 13 12 2 4
Ciphertext S X V R G D S X Q E G X N M C E

Fig: Vigenere cipher

 One-time Pad
 Works like running key cipher, except
that key is length of plaintext,
and is used only once
 Highly resistant to cryptanalysis

Plaintext A T T A C K A T O N C E V I A N
Key X V G J E R I O Q W J P E K A F
Plaintext 0 19 19 0 2 10 0 19 14 13 2 4 21 8 0 13
Key 23 21 6 9 3 17 8 14 16 22 9 15 4 10 0 5
Sum 23 14 25 9 5 1 8 7 4 9 11 19 25 18 0 18
Ciphertext X O Z J F B I H E J L T Z U A U
 Types of Encryption
Block cipher
 Encrypts blocks of data, often 128 bits
Stream cipher
 Operates on a continuous stream of data
 Block Ciphers
 Encrypt and decrypt a block of data at a time
 Typically 128 bits
 Typical uses for block ciphers
 Files, e-mail messages, text communications, web
 Well known encryption algorithms
 DES, 3DES, AES, CAST, Twofish, Blowfish, Serpent
 Stream Ciphers
 Used to encrypt a continuous stream
of data, such as an audio or video transmission
 A stream cipher is a substitution cipher that typically uses an
exclusive-or (XOR) operation that can be performed very quickly
by a computer.

Plaintext 1 1 0 1 0 0 1 1 0 1 0 0 1 1 0 0
Key 0 1 1 0 1 0 0 1 0 1 1 0 1 0 1 0
Ciphertext 1 0 1 1 1 0 1 0 0 0 1 0 0 1 1 0
Encryption: simple XOR with key
Ciphertext 1 0 1 1 1 0 1 0 0 0 1 0 0 1 1 0
Key 0 1 1 0 1 0 0 1 0 1 1 0 1 0 1 0
Plaintext 1 1 0 1 0 0 1 1 0 1 0 0 1 1 0 0

Decryption: simple XOR with the same key

 Symmetric key
A common secret that all parties must know
Difficult to distribute key securely
Used by DES, 3DES, AES, Twofish, Blowfish, IDEA,
RC5

Secret Key

Secure Channel
Cleartext Cleartext
Message Ciphertext Message
Encrypt Decrypt

0954D-1

Fig. Symmetric cryptography

 Asymmetric key
 Public / private key
 Keys mathematically tied together
 Openly distribute public key to all parties
 Keep private key secret
 Anyone can use your public key to send you a
message
 Used by RSA. El Gamal, Elliptic Curve

Recipient’s Recipient’s
Public Key Private Key

Cleartext Cleartext
Message Ciphertext Message
Encrypt Decrypt

Originator Recipient

Fig. Asymmetric cryptography

 Asymmetric Encryption Uses
 Encrypt message with recipient's public key
 Only recipient can read it, using his or her private key
 Provides confidentiality
 Sign message
 Hash message, encrypt hash with your private key
 Anyone can verify the signature using your public key
 Provides integrity and non-repudiation (sender cannot deny
authorship)
 Sign and encrypt
 Both of the above
 Adding Authenticity

 Digital signatures
 used to verify authenticity of origin

Originator’s Originator’s
Private Key Public Key

Cleartext Originator’s Cleartext

Message Signed Message Message
Sign Verify
Originator Recipient

27
 Using Symmetric and
Asymmetric Together
 Key exchange Recipient’s Recipient’s
Public Key Private Key
using asymmetric Session Session
cryptography Key
Encrypt
Ciphertext
Decrypt
Key

 Uses asymmetric
keys to distribute
bulk encryption
keys
 Allows rapid Cleartext Cleartext
distribution of short- Message
Encrypt
Ciphertext
Decrypt
Message

term keys
Originator Recipient

28
Symmetric Cryptography
 Data Encryption Standard (DES)
 The Data Encryption Standard (DES) is a symmetric-key
block cipher published by the National Institute of
Standards and Technology (NIST).
 In 1973, NIST published a request for proposals for a
national symmetric-key cryptosystem. A proposal from
IBM, a modification of a project called Lucifer, was
accepted as DES. DES was published in the Federal
Register in March 1975 as a draft of the Federal
Information Processing Standard (FIPS).
 There has been considerable controversy over the
design, particularly in the choice of a 56-bit key.
 DES Overview

Figure Encryption and decryption with DES

DES Overview
DES Overview
 DES Structure
 The encryption process is made of two permutations (P-
boxes), which we call initial and final permutations, and
sixteen rounds of complex key dependent calculation.
 DES - Basics
 Fundamentally DES performs only two
operations on its input, bit shifting (permutation),
and bit substitution.
 The key controls exactly how this process works.
 By doing these operations repeatedly and in a
non-linear manner you end up with a result
which can not be used to retrieve the original
without the key.
 By applying relatively simple operations
repeatedly a system can achieve a state of near
total randomness.
 Each Iteration Use of a Different Sub-key
 DES works on 64 bits of data at a time. Each 64 bits of
data is iterated on from 1 to 16 times (16 is the DES
standard).
 For each iteration a 48 bit subset of the 56 bit key is fed
into the encryption block
 Decryption is the inverse of the encryption process.
 DES Key Processing
 The key is usually stored as a 64-bit number, where
every eighth bit is a parity bit.
 The parity bits are pitched during the algorithm, and the
56-bit key is used to create 16 different 48-bit subkeys -
one for each round.
 Subkeys Generation
 First, the key is loaded according to the PC-1 and then halved.
 Then each half is rotated by 2 bits in every round except the first,
second, 9th and last rounds.
 The reason for this is that it makes it secure against related-key
cryptanalysis.
 Then 48 of the 56 bits are chosen according to a compression
permutation.
 The Key Schedule
 The subkeys used by the 16 rounds are formed
by the key schedule which consists of:
 An initial permutation of the key (PC1) which selects
56-bits in two 28-bit halves
 16 stages consisting of
 selecting 24-bits from each half and permuting
them by PC2 for use in function f,
 rotating each half either 1 or 2 places
depending on the key rotation schedule
 Security of DES
 DES, as the first important block cipher, has
gone through much scrutiny. Among the
attempted attacks, three are of interest:
1. Brute-Force Attack
2. Differential Cryptanalysis
3. Linear Cryptanalysis

6.39
 6.5.1

Attack Methods
 Brute-Force Attack
 the most basic method of attack is brute force — trying every
possible key in turn.
 Combining the weakness of short cipher key with the key
complement weakness, it is clear that DES can be broken using
255 encryptions.
 Differential Cryptanalysis
 In the broadest sense, it is the study of how differences in
an input can affect the resultant difference at the output.
 To break the full 16 rounds, differential cryptanalysis requires
247 chosen plaintexts.
 It has been revealed that the designers of DES already knew
about this type of attack and designed S-boxes and chose 16 as
the number of rounds to make DES specifically resistant to this
type of attack.
 Attack Methods-II
 Linear cryptanalysis
 Linear cryptanalysis is newer than differential cryptanalysis.
 Linear cryptanalysis tries to take advantage of high probability
occurrences of linear expressions involving plaintext bits,
"ciphertext" bits, and subkey bits.
 Linear cryptanalysis is a known plaintext attack and uses a linear
approximation to describe the behavior of the block cipher. Given
sufficient pairs of plaintext and corresponding ciphertext, bits of
information about the key can be obtained and increased
amounts of data will usually give a higher probability of success.
 DES is more vulnerable to linear cryptanalysis than to differential
cryptanalysis. S-boxes are not very resistant to linear
cryptanalysis.
 It has been shown that DES can be broken using 2 43 pairs of
known plaintexts. However, from the practical point of view,
finding so many pairs is very unlikely.
 DES- Current State
 Currently DES is no longer certified for US federal
use.
 The availability of faster hardware, and access to
large distributed systems meant that 56-bit DES keys
could be recovered by brute force searches in an
unreasonably short time (days or even hours).
 DES should almost certainly not be used in any new
product, and should not be used in existing products
to protect information with a lifetime of more than a
few minutes.
Double DES
 Double DES

meet in the middle attack

 3DES or Triple-DES
 Triple-DES is a block cipher, which applies
the Data Encryption Standard (DES) cipher
algorithm three times to each data block.
 DES used a single 56-bit key.
 3DES uses three 56-bit keys (often just referred to
as a 3DES key), and performs three rounds of
DES operations on the data.
 The result is that DES technology could be used
until long term solution (the Advanced Encryption
Standard) is found.
Triple DES - More Secure
 3DES
 A typical application of 3DES is known as
EDE (Encrypt-Decrypt-Encrypt).
 In this case, the first and third keys are equal, so
the effective key length is 112-bits.
 In the first operation, the plaintext is encrypted with
the first DES key, K1.
 3DES
 In the second step, the results of the first
step, C1, is decrypted using the second key,
K2
 Since K2 ≠ K1, this does not result in the
original plaintext message.
 3DES
 In the final step, the results of the second step,
C2, is encrypted using the third key, K3
 The output ciphertext C3 is the final encrypted
message.
 Recall that K3 = K1 in this case, so even though
there are three 56-bit keys, the effective key
length is only 112-bits.
 3DES or Triple-DES

Decryption in this case follows the

reverse of the encryption process, as
shown below.

Nance - INFA 640

 3DES or Triple-DES
 Although the length of the key has doubled,
there are 256 (= 72,057,594,037,927,936)
times as many keys.
 Therefore a brute force search for a 3DES-EDE
key would take 256 times longer on the same
hardware than a brute force search for a DES key.
 There are some approaches that can recover
3DES keys more quickly than brute force
searches, but for many kinds of data 3DES is
still an acceptable encryption method.
 AES
 DES is near end of useful life

 NIST has begun process to look for successor to DES

 The Advanced Encryption Standard (AES) was the

result of an open international search organized by
NIST for a replacement for DES.
 AES Process:
• Proposals submitted 3/98
• AES Workshop - 8/98
• 15 proposals selected
• Key sizes of 128, 192, and 256 bits

52
 AES
 Rules:
 Unclassified
 Royalty-free
 Worldwide
 Public domain
 Significantly More Efficient than 3DES
 Symmetric Block Cipher

 AES Timeline:
 Public comment through April 1999
 Candidate Conference, March 22-23, 1999, Rome
 Finalists selected summer 1999
 AES3 conference, April 13 -14, 2000, New York 53
 AES
 Algorithms were submitted, and five finalists
were selected.
 Finalists for the AES standard are:
• MARS (IBM - USA)
• RC6 (RSA Labs - USA)
• Rijndael (Daemen and Rijmen - Belgium)
• SERPENT (Anderson, Biham, and Knudsen -
UK, Israel, Norway)
• TWOFISH (Schneier, Kelsey, et al. - USA)
 AES
 The finalists were subjected to open review by
the cryptographic community.
 The entire process took over 3 years to
complete.
 The Rijndael algorithm was declared by NIST
to be the eventual winner, and is now generally
referred to as AES.
 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

 Rijndael was developed and submitted by two

European cryptographers, Joan Daemen and
Vincent Rijmen.
 Evaluation Criteria for
AES Proposals
 Security
 Computational Efficiency
 Memory Requirements
 Hardware and Software Suitability
 Flexibility
 Symmetric Key Encryption-
Strength
 The strengths of modern symmetric key
encryption algorithms include:
 Fairly fast encryption/decryption process (in
comparison to public key techniques, for example)
 Several well known, well tested algorithms are
available, including 3DES and AES.
 Library implementations of symmetric key
algorithms are commonly available for many
programming languages.
 AES Algorithm – High Level
 KeyExpansion—round keys are derived from the cipher key using Rijndael's
key schedule
 Initial Round
 AddRoundKey—each byte of the state is combined with the round key using
bitwise xor
 Rounds
 SubBytes—a non-linear substitution step where each byte is replaced with
another according to a lookup table.
 ShiftRows—a transposition step where each row of the state is shifted cyclically
a certain number of steps.
 MixColumns—a mixing operation which operates on the columns of the state,
combining the four bytes in each column.
 AddRoundKey
 Final Round (no MixColumns)
 SubBytes
 ShiftRows
 AddRoundKey
 The State and Key Schedule
 Input is a 128 bit block (16 bytes) that is placed in
the state array
 The key is entered in a block and divided into key
schedule words of 4 bytes/word.
 The key schedule is an expansion of the key—eg,
a 128 bit key is expanded into 44 key schedule
words.
 A square matrix of bytes is used by the standard
to describe the state.
 Rounds and Transformation Stages
 The encryption process executes a round
function, Nr times, with the number of rounds
(Nr) being dependent on key size.
 The round function consists of four
transformation stages.
 SubBytes()
 ShiftRows()
 MixColumns()
 AddRoundKey()
 Rounds and Transformation Stages
 The cipher begins with an AddRoundKey().
 All rounds then execute each of the transformations
except the last round.
 The MixColumns( ) transformation is not executed in
the final round.
 For a 128 bit key, there are 10 rounds.
 12 and 14 rounds are used with keys of 192 and 256.
 SubBytes ( ) Transformation
 The substitute transformation is an S-Box process, that
is independent of the key.
 Each of the bytes of the State is replaced by a different
byte, according to a table.
 The table is fixed and derived from two transformations
defined in the standard.
 The table is an 8 x 8 array, indexed with the State byte.
 ShiftRows( ) Transformation
 The ShiftRows() transformation is a permutation that is
performed row by row on the State array, independently
of the key.
 The first row is not shifted.
 The 2nd row is circularly shifted left 1 byte.
 The 3rd row is circularly shifted left 2 bytes.
 The 4th row is circularly shifted left 3 bytes.
 MixColumns() Transformation
 The MixColumns( ) transformation manipulates each
column of the state array.
 The process can be described as a matrix multiplication
of a polynomial and the state array.
 This process does not depend on the key.
 AddRoundKey( ) Transformation
 The AddRoundKey( ) transformation uses the
key schedule word.
 The process is a bitwise XOR of the columns of
the state array, with the key schedule word.
 AES Decryption
 AES decryption is accomplished using inverses
of the transformations, in the appropriate order.
 The AddRoundKey( ) is its own inverse when
(since A  B  B = A).
Symmetric Key Issues
 Symmetric Key Generation
 Symmetric keys should be generated by an Approved
key generation algorithm (approved method)
 Generated in a controlled access facility
 Should be randomly generated

Key management, keys required = (p*(p-1))/2

Business with 10,000 employees: ~50 million keys
 The Key Exchange Problem
 Although symmetric encryption is commonly used due to
its historical position in the cryptography and its speed, it
suffers from a serious problem of how to safely and
secretly deliver a secret key from the sender to the
recipient. This problem forms the basis for the key
exchange problem.
 The key exchange problem involves:
 ensuring that keys are exchanged so that the sender and
receiver can perform encryption and decryption,
 ensuring that an eavesdropper or outside party cannot break
the code,
 ensuring the receiver that a message was encrypted by the
sender.
 Manual Key Distribution
 Manually distributed symmetric keys should be
either encrypted or use split knowledge
 The distribution mechanism should assure
 The authorized distribution of keys
 That the entity distributing the keys is trusted by both
the transmitter and recipient
 The keys are protected according to relevant standards
(e.g. FIPS)
 The keys are received by the authorized recipient
 The confidentiality and integrity of the keys during
transport
 Electronic Key Distribution/Transport
of Symmetric Keys
 Requires other secret or public keys to have been
previously distributed
 Mechanism should insure that
 The distributed key is not disclosed or modified
 The key is protected in accordance with industry standards
( e.g. FIPS)
 The recipient has received the correct key
 Keys in this category are the secret authentication
key, long and short term data encryption keys, key
encrypting key for wrapping, master key for key
derivation, and secret authorization key.
 Symmetric Key Encryption
 The weaknesses tend to only be important in
some cases.
 In other cases they may not be an issue.
 Consider the case in which you want to encrypt a
file on a disk, so that only you can read it (your
financial records, for example).
 In such a case, there is only 1 user, so there is no
key-distribution problem, nor are there an
excessive number of keys.