INFT 308: INFORMATION

SECURITY

DEPARTMENT OF INFORMATION TECHNOLOGY AND DECISION SCIENCES

2
4 CRYPTOGRAPHY
 INTRODUCTION
The use of cryptography is an integral part of
computing, networking, and the vast set of transactions
that take place over such devices on a daily basis.

We depend on cryptography when we have conversations

on our cell phones, check our e-mail, buy things from
online retailers, file our taxes, and do other activities.

The chief security measure that allows us to make use of

such technologies is cryptography—in the form of
encryption.
 INTRODUCTION
Cryptography is the science of keeping information secure
(secure, in this case, in the sense of confidentiality and
integrity.

Cryptography is also commonly and interchangeably

referred to as encryption.

Encryption itself is actually a subset of cryptography,

referring specifically to the transformation of unencrypted
data, called plaintext or cleartext, into its encrypted form,
called ciphertext.
 TERMINOLOGIES
• Encryption referring to the transformation of
unencrypted data, called plaintext or cleartext, into its
encrypted form, called ciphertext.

• Decryption is the process of recovering the plaintext

message from the ciphertext.

• The plaintext and ciphertext may also be generically

referred to as the message.
 TERMINOLOGIES

• The science of breaking through the encryption used

to create the ciphertext is referred to as
cryptanalysis.

• The overarching field of study that covers

cryptography and cryptanalysis is referred to as
cryptology.
 TERMINOLOGIES
• The specifics of the process used to encrypt the
plaintext or decrypt the ciphertext is referred to as a
cryptographic algorithm.

• Cryptographic algorithms generally use a key, or

multiple keys, in order to encrypt or decrypt the
message, this being roughly analogous to a password.
 TERMINOLOGIES

• The range of all possible values for the key is

referred to as the keyspace.

• The larger the keyspace, the harder it is to decrypt

the message.

• Cryptosystem is a concept that covers a given

algorithm and all possible keys, plaintexts, and
ciphertexts.
 ASSIGNMENT

The history of cryptography and

Modern cryptographic tools
 CAESAR CIPHER
• The Caesar cipher is a classic example of ancient
cryptography and is said to have been used by Julius
Caesar.
• The Caesar cipher is based on transposition and involves
shifting each letter of the plaintext message by a certain
number of letters, historically three.

• The ciphertext can be decrypted by applying the same

number of shifts in the opposite direction. This type of
encryption is known as a substitution cipher, due to the
substitution of one letter for another in a consistent
fashion.
CAESAR CIPHER
 QUESTIONS
1. Above we saw that "CAESAR" becomes "RPTHPG"
using a key P. Can you find a key that will turn
"RPTHPG" back into "CAESAR"?

2. A plaintext was encrypted with a Caesar cipher,

resulting in the following:
DOOV ZHOO WKDW HQGV ZHOO

work out what the plaintext was?

 QUESTION

You are provided with the ciphertext ZKDWH LV D

PHVVDJH LQ FLSKHU WHAW. Assume the message is in
English.

a. Determine the shift key using brute force methods

and explain how you identified the key.

b. Decrypt the message.

 KERCKHOFFS’ PRINCIPLE
1. The system must be substantially, if not mathematically,
undecipherable.
2. The system must not require secrecy and can be stolen by the
enemy without causing trouble.
3. It must be easy to communicate and remember the keys without
requiring written notes, and it must be easy to change or modify
the keys with different participants.
4. The system ought to be compatible with telegraph communication.
5. The system must be portable, and its use must not require more
than one person.
6. Finally, regarding the circumstances in which such system is
applied, it must be easy to use and must require neither the stress
of mind nor the knowledge of a long series of rules.
 SYMMETRIC VERSUS
ASYMMETRIC CRYPTOGRAPHY
 SYMMETRIC CRYPTOGRAPHY

• Symmetric key cryptography, also known as private key

cryptography, utilizes a single key for both encryption
of the plaintext and decryption of the ciphertext.

• The key itself must be shared between the sender and the
receiver, and this process, known as key exchange.
DIAGRAM OF SYMMETRIC ENCRYPTION
 SYMMETRIC CRYPTOGRAPHY
One of the chief weaknesses of symmetric key cryptography
lies in the use of one key.

If the key is exposed beyond the sender and the receiver, it is
possible for an attacker who has managed to intercept it to
decrypt the message or, alter it, then encrypt it once more and
pass it on to the receiver in place of the original message.

Since such issues are present, symmetric key cryptography

by itself provides only confidentiality, and not integrity, as
we would not be aware that the message in our example had
been altered.
 BLOCK AND STREAM CIPHERS
• A block cipher takes a predetermined number of bits,
known as a block, in the plaintext message and encrypts
that block.

• Blocks are commonly composed of 64 bits but can be

larger or smaller depending on the particular algorithm
being used and the various modes in which the
algorithm might be capable of operating.

• A stream cipher encrypts each bit in the plaintext

message, 1 bit at a time. It is also possible for a block
cipher to act as a stream cipher by setting a block size of
1 bit.
BLOCK CIPHER
STREAM CIPHER
 BLOCK AND STREAM CIPHERS
• Block ciphers are often slower than stream ciphers,
they tend to be more efficient.

• Since block ciphers operate on larger blocks of the

message at a time, they do tend to be more resource
intensive and are more complex to implement in
hardware or software.

• Block ciphers are also more sensitive to errors in

the encryption process as they are working with more
data.
 BLOCK AND STREAM CIPHERS

• An error in the encryption process of a block cipher

may render unusable a larger segment of data than
what we would find in a stream cipher, as the stream
cipher would only be working with 1 particular bit.

• Typically, block ciphers are better for use in

situations where the size of the message is fixed or
known in advance, such as when we are encrypting a
file or have message sizes that are reported in
protocol headers.
BLOCK AND STREAM CIPHERS

• Stream ciphers are often better for use in situations

where we have data of an unknown size or the data
is in a continuous stream, such as we might see
moving over a network.
ASYMMETRIC CRYPTOGRAPHY
• Asymmetric key cryptography, also known as public
key cryptography, utilizes two keys: a public key and
a private key.

• The public key is used to encrypt data sent from the

sender to the receiver and is shared with everyone.

• Private keys are used to decrypt data that arrives at

the receiving end and are very carefully guarded by
the receiver.
 ASYMMETRIC CRYPTOGRAPHY

The main advantage of asymmetric key cryptography over symmetric

key cryptography is the loss of the need to distribute the key.
When we use a symmetric algorithm, we need to distribute the
key in some way. We might do this by exchanging keys in
person, sending a key in e-mail, or repeating it verbally over
the phone, but we generally need to communicate the key in an
out-of-band manner, meaning that we do not want to send the
key with the message, as this would leave our message easily
available to an eavesdropper.

When we use asymmetric key cryptography, we have no need

to share a single key. We simply make our public key easily
available, and anyone who needs to send us an encrypted
message makes use of it.
 ASYMMETRIC KEY ALGORITHMS

The RSA algorithm, named for its creators Ron Rivest, Adi
Shamir, and Leonard Adleman.

Elliptic curve cryptography (ECC)

ECC implemented in a variety of cryptographic algorithms,

including Secure Hash Algorithm 2 (SHA-2) and Elliptic Curve
Digital Signature Algorithm (ECDSA).

ElGamal, DiffieHellman, and Digital Signature Standard

(DSS).
 HASH FUNCTIONS
Hash functions, also referred to as message digests, do
not use a key, but instead create a largely unique and
fixed-length hash value, commonly referred to as a
hash, based on the original message, something along
the same lines as a fingerprint.

Any slight change to the message will change the hash.

 HASH FUNCTIONS
Hashes cannot be used to discover the contents of the
original message, or any of its other characteristics, but can
be used to determine whether the message has changed.

In this way, hashes provide confidentiality, but not

integrity.

The receiver simply hashes the message again using the

same algorithm, then compares the two hashes. If the
hashes match, the message has not changed. If they do not
match, the message has been altered.
 DIGITAL SIGNATURES
Digital signatures allow us to sign a message in order to
enable detection of changes to the message contents, to
ensure that the message was legitimately sent by the
expected party, and to prevent the sender from denying
that he or she sent the message, known as
nonrepudiation.

The sender would then send the digital signature along

with the message, usually by appending it to the message
itself.
 PROTECTING DATA AT REST, IN MOTION,
AND IN USE
We can divide practical uses of cryptography into two major
categories: protecting data at rest and protecting data in
motion.

Protecting data at rest is important because of the large amount

of stored data that can be found on devices such as backup tapes,
flash drives, and hard drives in portable devices such as laptops.

Protecting data in motion is vital as well because of the

enormous amount of business that is conducted over the Internet,
including financial transactions, medical information, tax filings,
and other similarly sensitive exchanges.
 PROTECTING DATA AT REST

Data is generally considered to be at rest when it is on a

storage device of some kind and is not moving over a
network, through a protocol, and so forth.

Somewhat illogically, data at rest on media can also be

in motion; for example, we might ship a load of backup
tapes containing sensitive data, carry in our pocket a
flash drive containing a copy of our tax forms, or leave
in the back seat of our car a laptop containing the
contents of a customer database.
 PROTECTING DATA AT REST

The primary method we use to protect this type of data

is encryption, particularly when we know that the
storage media, or the media and the device in which it
is contained, will be potentially exposed to physical
theft, such as on a backup tape or in a laptop.

Physical security is another important step in

protecting data at rest.
PROTECTING DATA IN MOTION
Another major concern to protecting our data comes
when it is in motion over a network of some variety.
This might be over a closed WAN or LAN, over a
wireless network, over the Internet, or in other ways.

The primary method of securing data from exposure on

network media is encryption, and we may choose to
apply it in one of two main ways: by encrypting the data
itself to protect it or by protecting the entire connection.
 PROTECTING DATA IN USE
The last category of protecting data involves securing it
while it is being used. Although we can use encryption to
protect data while it is stored or moving across a network,
we are somewhat limited in our ability to protect data while
it is being used by those who legitimately have access to it.

Authorized users can print files, move them to other

machines or storage devices, e-mail them, share them on
peer-to-peer (P2P) file-sharing networks, and generally
make a mockery of our carefully laid security measures.
THANK YOU