9/1/2019

Course Name: Ethical Hacking

Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic
Lecture 26: Basic Concepts of Cryptography

 Security attacks

 Security services

 Cryptographic primitives

1
 9/1/2019

Security Attacks

• Any action that compromises the security of information.

• Four types of attack:
a) Interruption
b) Interception
c) Modification
d) Fabrication
• Basic model: S D

Source Destination

• Interruption:
S D
• Attack on availability

S D
• Interception:
• Attack on confidentiality
get copies of packets to you I

2
 9/1/2019

S D
• Modification:
• Attack on integrity
I

S D
• Fabrication:
• Attack on authenticity
I

Passive and Active Attacks

• Passive attacks
• Obtain information that is being transmitted (eavesdropping).
• Two types:
a) Release of message contents.
b) Traffic analysis. when the hacker initially has no idea of the network but listens to the traffic and
figures out which computer is mostly used and then attacks that computer
• Very difficult to detect.

3
 9/1/2019

• Active attacks
• Involve some modification of the data stream or the creation of a false stream.
• Four categories:
a) Masquerade:‐ One entity pretends to be a different entity.
b) Replay:‐ Passive capture of a transaction and subsequent replay. see how an access is being made into a system and
replicate the sequence on your own to gain acess to it as
c) Modification:‐ Some portion of a message is altered on its way. well. kinda like getting figerprint and using it to access
system
d) Denial of service:‐ Prevents access to resources.

Security Services

• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non‐repudiation (parties cannot later deny) receipts and proof that you actually did what you did

• Access control (prevent misuse of resources)

• Availability (permanence, non‐erasure)
• Denial of Service Attacks
• Virus that deletes files

4
 9/1/2019

Network Access Security Model

Internal
Network
Opponent: G
Human A Computers
T
Virus ACCESS CHANNEL E Software resources
Worm W Databases
A
Y

Security Control

Cryptography Primitives

5
 9/1/2019

Encryption

• Most important concept behind network security is encryption.

• Two forms of encryption:
1. Private (or Symmetric)
• Single key shared by sender and receiver.
2. Public‐key (or Asymmetric)
two keys one with public and i will decrypt with my key
• Separate keys for sender and receiver.

11

Trusted Third
Party
SENDER RECEIVER

Message E Channel D Message

A A
Key 1 Key 2

Intruder

12

6
 9/1/2019

Authentication

• Techniques to uniquely identify the sender of a message.

• Various approaches:
• Encryption techniques
• Cryptographic hash functions
• Digital signature  a combination of various cryptographic primitives.

13

14

7
 9/1/2019

Course Name: Ethical Hacking

Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic
Lecture 27: Private‐Key Cryptography (Part I)

 Private/symmetric key cryptography

 Classical encryption techniques

1
 9/1/2019

Introduction

• Private or Symmetric Key Cryptography

• A common secret value K (called key) is shared between sender and receiver.
• Sender encrypts a message P (called plaintext) using K to generate a ciphertext C.
 C = EA (P, K) Encryption Algorithm
• Receiver decrypts the ciphertext C using K to get back the plaintext P.
 P = DA (C, K)

Illustration
Shared Key K Shared Key K

Plaintext Plaintext
Ciphertext C
P EA DA P

2
 9/1/2019

Point to Note

• Security of the scheme

• Should depend only on the secrecy of the key.
• Should not depend on the secrecy of the algorithm.

• Assumptions that we make:

• Algorithms for encryption/decryption are known to the public.
• Keys used for encryption/decryption are kept secret.

Some Points to Observe

• Key distribution problem of secret key

A
systems:
• Establish key before communication.
B E
• Need n(n‐1)/2 keys with n different parties.

• Overall, very large number of keys are

required. D
C
• Difficult to maintain secrecy.

3
 9/1/2019

Classical Private‐Key Encryption Techniques

• Broadly falls under two categories:

1. Substitution ciphers
• Each letter or group of letters of the plaintext are replaced by some other letter or
group of letters, to obtain the ciphertext.
2. Transposition ciphers
• Letters of the plaintext are permuted in some form.

A Simple Example

Caesar Cipher (a substitution cipher):

• Earliest known substitution cipher.
• Replace each letter of the alphabet with the letter three places after that alphabet.
• Alphabets are assumed to be wrapped around ( Z is followed by A, etc.).

P: HAPPY NEW YEAR

C: KDSSB QHZ BHDU

4
 9/1/2019

• We can generalize the idea by replacing each letter by the kth following letter.
• “k” becomes the secret key.
• If we assign a number to each letter (A=1, B=2, etc), then
C = E (P) = (P + k – 1) % 26 + 1
P = D (C) = (C – k + 25) % 26 + 1

• Drawback:
• Brute force attack is easy
• Number of possibilities are rather small (i.e. 25)

Mono‐alphabetic Cipher:
• Allow any arbitrary substitution.
• There can be 26! or 4 x 1026 possible keys.
• A typical key may be: (Z A Q W S X C D E R F V B G T Y H N M J U I K L O P)
• “A” replaced by “Z”, “B” replaced by “A”, “C” replaced by “Q”, and so on.

• Drawbacks:
• We can make guesses by observing the relative frequency of letters, digrams, and
trigrams in the text.
• Easy to break in general.

10

5
 9/1/2019

Transposition Ciphers

• Many techniques have been proposed under this category.

• A simple scheme:
• Write out the plaintext in a rectangle, row by row, and read the message column by
column, by permuting the order of the columns.
• Order of the column becomes the key.

11

P: welcome to the nptel course on ethical hacking

Key: 4 3 1 2 5 6 7
w e l c o m e
- t o - t h e
- n p t e l -
c o u r s e -
o n - e t h i
c a l - h a c
k i n g - - -
C: lopu-ln c-tre-g etnonai w--cock otesth- mhleha-
ee--ic-

12

6
 9/1/2019

Transposition Cipher … Drawbacks

• The ciphertext has the same letter frequency as the original plaintext.
• Guessing the number of columns and some probable words in the plaintext holds
the key.

13

Practical Ciphers

• They are much more complicated.

• Require computers to perform encryption and decryption.
• Almost impossible to carry out by hand.
• Can encrypt any kind of data, not necessarily only text.

14

7
 9/1/2019

Stream Ciphers vs. Block Ciphers

• A stream cipher encrypts the plaintext bit by bit (in streams).

• A block cipher encrypts n‐bit blocks at a time.
• For example, a 256‐bit cipher encrypts 256‐bit blocks at a time.
• Shorter blocks have to be suitably padded.

15

16

8
 9/1/2019

Course Name: Ethical Hacking

Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic
Lecture 28: Private‐Key Cryptography (Part II)

 Practical private‐key algorithms

 DES and Triple‐DES

 Advanced Encryption Standard (AES)

1
 9/1/2019

Practical Private‐Key Algorithms

a) Data Encryption Standard (DES)
• Block size is 64 bits.
• Key is 56 bits.

b) IDEA
• Block size is 64 bits.
• Key size is 128 bits.

c) Advanced Encryption Standard (AES)

• Also known as Rijndael cryptosystem.
• Block size is 128 bits.
• Key size can be 128, 192, or 256 bits.

Data Encryption Standard (DES)

• The most widely used encryption scheme at one time.

• Also known as the Data Encryption Algorithm (DEA).
• It is a block cipher.

• Some of the features:

• The plaintext is 64‐bits in length.
• The key is 56‐bits in length.
• Longer plaintexts are processed in 64‐bit blocks.

2
 9/1/2019

General Schematic of DES

P (64‐bit) K (56‐bit)

IP PC 1
K1
Round 1 PC 2 LCS
K2
Round 2 PC 2 LCS

K16
Round 16 PC 2 LCS
PC: permuted choice
32‐bit Swap LCS: left circular shift
IP: initial permutation
RIP: reverse initial permutation
RIP
C (64‐bit)
5

DES

• The overall processing at each iteration:

Li = Ri‐1
Ri = Li‐1  F(Ri‐1, Ki ) Fiestel Structure
non linear function
• Concerns about:
• The algorithm and the key length (56‐bits).
• Longer key lengths are essential for critical applications.

3
 9/1/2019

Triple DES

• Use three keys and three executions of the DES algorithm (encrypt‐decrypt ‐
encrypt).
C = EK3 [DK2 [EK1 [P]]]

C = ciphertext
P = Plaintext
EK[X] = encryption of X using key K
DK[Y] = decryption of Y using key K

• Effective key length is 168 bits.

Triple DES: Illustration

K1 K2 K3

P E D E C
X Y

K3 K2 K1

C D E D P
Y X

4
 9/1/2019

Need for a new standard

• DES had been in use for a long time.

• A replacement for DES was needed.
• Theoretical attacks can break it.
• Can use Triple‐DES – but slow with small blocks.
• US NIST issued call for ciphers in 1997.
• 15 candidates accepted in June 1998.
• 5 were short‐listed in August 1999.
• Rijndael was selected as the Advanced Encryption Standard
in October 2000.

The AES Cryptosystem

• In the Rijndael proposal, the block length and the key length can be independently
specified to be 128, 192, or 256 bits.
• The AES standard limits the block length to 128 bits.
• Key length can be 128, 192, or 256 bits.

• Easy to implement, both in hardware and software.

• Resistant against all known attacks.

10

5
 9/1/2019

AES Rounds
• AES has 10, 12 or 14 rounds.
• All rounds are identical, except
the first and last one.
• Various steps in each round:
• SubBytes – Non‐linear
substitution just a substitution function
• ShiftRows – Transposition
• MixColumn – Mixing
operations of each column
• AddRoundKey – Round key
added to state.

11

Details of Each Round

12

6
 9/1/2019

Overall
Structure

13

14

7
 9/1/2019

Course Name: Ethical Hacking

Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic
Lecture 29: Public‐Key Cryptography (Part I)

 Public‐key cryptography

 Encryption and authentication

 RSA algorithm

1
 9/1/2019

Public Key Cryptography

• Uses two keys for every simplex logical communication link.

a) Public key
b) Private key

• The use of two keys has profound consequences in the areas of

• Confidentiality
• Key distribution
• Authentication

Illustration :: Encryption
B’s public key KUB B’s private key KRB

Plaintext Plaintext
Ciphertext C
P
EA DA P

Sender A Receiver B

2
 9/1/2019

Key Usage for Encryption

Public key Private key

of B of B
KUB KRB

Illustration :: Authentication
A’s private key KRA A’s public key KUA

Plaintext Plaintext
Ciphertext C
P EA DA P

Sender A Receiver B

3
 9/1/2019

Key Usage for Authentication

Private key Public key

of A
of A
KRA
KUA

Applications

• Three categories:
a) Encryption/decryption:
• The sender encrypts a message with the recipient’s public key.
b) Digital signature / authentication:
• The sender signs a message with its private key.
c) Key exchange:
• Two sides cooperate to exhange a session key.

4
 9/1/2019

Requirements

• Computationally easy for a party B to generate a key pair

a) Public key KUB
b) Private key KRB

• Easy for sender to generate ciphertext:

C = E (M, KUB)

• Easy for the receiver to decrypt ciphertext using private key:

M = D (C, KRB) = D (E (M, KUB), KRB)

• Computationally infeasible to determine KRB knowing KUB.

• Computationally infeasible to recover message M, knowing KUB and
ciphertext C.
• Either of the two keys can be used for encryption, with the other used for
decryption:
M = D (E (M, KUB), KRB) = D (E (M, KRB), KUB)

10

5
with 300 almost digits
factoring of a product of two prime numbers is computationally not possible
before a sends the value of X , intruder will send its own value byb
considering its own random number. now intercepting every single message
cryptographic hash functions