Module 3 Cryptography

1
Module 3 Cryptography

• Cryptography basics
• Ciphers
• Symmetric Key Algorithms
• Public Key Algorithms
• Message Digests
• Digital Signatures

2
Cryptography Basics

• Definitions (Encryption, Decryption, Plaintext,
  Ciphertext)
• Symmetric Key Algorithms
• Public Key Cryptography

Original Plaintext
Plaintext
Ciphertext
Encryption
Decryption
Key
Key
Original Plaintext
Plaintext
Ciphertext
Encryption
Decryption
Encryption Key
Decryption Key
Original Plaintext
Plaintext
Ciphertext
Encryption
Decryption
3
Types of cipher

• Stream cipher
• Each bit (or byte) is encrypted or decrypted
  individually
• Simple substitution ciphers (ROT13, XOR)
• Example - ROT13
• abcdefghijklmnopqrstuvwxyz
• nopqrstuvwxyzabcdefghijklm
• Block cipher
• A sequence of bits (or bytes) is used at each
  step in the encryption and decryption process
  (DES)

rot is insecure ebg vf vafrpher
4
Symmetric Algorithms

• Substitution (ROT13, Cryptoquotes)
• Transposition
• XOR
• One Time Pad
• DES
• IDEA
• RC2, RC4, RC5

Nsail otlnd t g sot. terh hcie eut rhw memo o
r
Not the mo st secure algorithm in the wor ld.
Not the most secure algorithm in the
world. Nsailotlndt g sot.terh hcie eut rhw
memo o r
5
Digital Encryption Standard (DES)

• A block cipher with a 56-bit key length
• Acutally a 64-bit number, but every 8th bit is
  ignored
• Operates on a 64-bit block of plain text at a
  time
• 64 bits of plaintext come in --gt 64 bits of
  ciphertext come out
• Performs 16 rounds, where in each round
• the input bits are permuted
• a key is applied to the resulting permutation
• The key is shifted before each round
• The same algorithm and key are used for
  encryption and decryption, with a different key
  schedule

6
Advanced Encryption Standard (AES)

• A block cipher with a 128-bit block size
• Key lengths of 128, 192, and 256 bits supported
• Operates on a 4x4 array of bytes
• Each round has four steps
• AddRoundKey (uses XOR operation with subkey)
• SubBytes (Each byte is replaced based on a lookup
  table)
• ShiftRows (bytes in each row are shifted to the
  left)
• MixColumns (each column is multiplied by a fixed
  polynomial)

7
Public Key Cryptography

• A public key - private key pair are used, one for
  encryption and the other for decryption

Public Key n - product of two primes, p and q
(p and q are secret) e - relatively prime to
(p-1)(q-1) Private Key d - e-1mod
((p-1)(q-1)) Encrypting c me mod
n Decrypting m cd mod n
8

• Let p3, q11
• npq33
• e must be relatively prime to (p-1)(q-1)20
• choose e 7, then d 7-1 mod 20 3
• Plaintext is 3,4,2 (m13, m24, m32)
• c1m1e mod n 37 mod 33 9
• c2 m2e mod n 47 mod 33 15
• c3 m3e mod n 27 mod 33 29
• Ciphertext is 9,15,29
• m1c1d mod n 93 mod 33 3
• m2c2d mod n 153 mod 33 4
• m3c3d mod n 293 mod 33 2
• Plaintext is 3,4,2

9
Message Digests

• A message digest is a one-way function which maps
  the information contained in a (small or large)
  file to a single large number, typically between
  128 bits and 256 bits in length.
• A good message digest function should have the
  following properties
• Every bit of the output is influenced by every
  bit of the input
• Changing a single bit in the input results in
  every output bit having a 50 chance of changing
• Given an input file, its corresponding digest,
  and the digest function, it is computationally
  infeasible to produce another input file which
  maps to the same digest

10
Message
Digest Algorithm
MAC
Message
Hash
Secret Key
Block Cipher
Operation of a message digest function to produce
a message authentication code
Message Authentication Code
11
Message Digests (continued)

• HMAC
• The Hashed Message Authentication Code uses a
  secret key in combination with a message digest
  function to produce a secret message
  authentication code
• Since an attacker doesnt know the secret, the
  attacker cannot produce a correct authentication
  code if they alter the message in an way
• SHA-1
• Developed by the NSA for use with the Digital
  Signature Standard

12
Originator
Recipient
Transmitted Message
Message
Message
Hash Function
Hash Function
Message
Signature
Public Key
Digest
Decrypt
Private Key
Encrypt
Actual Digest
Expected Digest
Signature
If actual and expected match, the signature is
verified
RSA Digital Signature
13
Roles for Cryptography

• Authentication
• Digital signatures
• Authorization
• Distribution of lists of authorized users
• Confidentiality
• Information is scrambled in transit or on disk
• Integrity
• Digitally signed message digest codes
• Non-repudiation
• Cryptographic receipts

14
Cryptography cant

• protect unencrypted documents
• protect against stolen encryption keys
• protect against DOS (denial of service)
• protect against traffic analysis
• protect against a passerby

15
SSL

• Resides above TCP/IP on the protocol stack
• Adds numerous features to TCP, including
• Authentication to server (digital signature)
• Authentication to client (digital signature)
• Data confidentiality (encryption)
• Data integrity (Message authentication codes)