Information Security

By: Muhammad Hanif

Cryptography and Network Security
Chapter 2
“Classical Encryption Techniques”
Quote of the day
 Sahih Al-Bukhari: Volume 1, Book 3,
Number 71:
 Narrated Muawiya:
 I heard Allah's Apostle saying, "If
Allah wants to do good to a person, He
makes him comprehend the religion. I
am just a distributor, but the grant is
from Allah. (And remember) that this
nation (true Muslims) will keep on
following Allah's teachings strictly and
they will not be harmed by any one
going on a different path till Allah's
order (Day of Judgment) is
established."
Agenda
 Symmetric Encryption
 Some Basic Terminology
 Types of Attacks on Encrypted Messages
 Classes of Cryptographic systems
 Model for Conventional Encryption
Symmetric Encryption
 or conventional / private-key / single-key
 sender and recipient share a common key
 all classical encryption algorithms are private-key
 was only type prior to invention of public-key in 1970’s
 and by far most widely used
Symmetric Cipher Model
Requirements
 two requirements for secure use of symmetric encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver
 mathematically have:
Y = E(K, X)
X = D(K, Y)
 assume encryption algorithm is known
 implies a secure channel to distribute key
Some Basic Terminology
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering plaintext from ciphertext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - study of principles/ methods of
deciphering ciphertext without knowing key
 cryptology - field of both cryptography and cryptanalysis
Cryptography
 The term cryptography comes from the Greek words ‘Kryptos’ standing for ‘hidden’ and ‘graphein’ for ‘write’.
The term therefore best paraphrased as ‘hidden writing’
 According to RFC 2828, Cryptography refers to the mathematical science that deals with transforming data to
transfer its meaning unintelligible (not Clear), prevent its undetected alteration (Change) or prevent its
unauthorized use.
 Cryptography
 can characterize cryptographic system by:
 type of encryption operations used
 Substitution (Diffusion)
 Transposition (Confusion, Scrambling)
 product

 number of keys used

 single-key or private
 two-key or public
 way in which plaintext is processed
 block

 stream
Attacking a conventional encryption scheme
 There are 2 general approaches to attack a conventional encryption scheme:
 Cryptanalysis : The attacker exploits characteristics of the algorithm or some
knowledge of the general characteristics of the plaintext in an attempt to deduce a
specific plaintext or to deduce the key being used
 Brute Force Attack: An attacker tries all possible combination of keys on a piece of
cipher text until an intelligible translation into plaintext is obtained. On average, half
of the all possible keys must be tried to achieve success
Cryptanalysis
 The term cryptanalysis comes from the Greek words ‘Kryptos’ standing for ‘hidden’
and ‘analyein’ standing for ‘to loosen’. The term therefore best paraphrased as
‘loosen the hidden word’.
 The paraphrase refers to the process of destroying cryptographic protection or more
generally, to study the security properties an possibilities to break cryptographic
techniques and systems.
 According to RFC 2828, Cryptanalysis refers to ‘mathematical science that deals
with the analysis of a cryptographic system in order to gain knowledge needed to
break the protection that the system is designed to provide’
Cryptanalytic Attacks
➢ ciphertext only
⚫ only know algorithm & ciphertext, is statistical, know or can identify
plaintext
➢ known plaintext
⚫ know/suspect plaintext & ciphertext
➢ chosen plaintext
⚫ select plaintext and obtain ciphertext
➢ chosen ciphertext
⚫ select ciphertext and obtain plaintext
➢ chosen text
⚫ select plaintext or ciphertext to en/decrypt
Brute Force Search
 always possible to simply try every key
 most basic attack, proportional to key size
 assume either know / recognise plaintext

Key Size (bits) Number of Time required at 1 Time required at 106

Alternative Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  6.4  106 years

(permutation) 1012 years
Unconditional and Computational Security
 Unconditionally secure (Perfect secure)
No matter how much computer power is available, the cipher cannot be broken since
the cipher-text provides insufficient information to uniquely determine the
corresponding plaintext
 Computationally secure
The cost of breaking the security exceeds the value of the secured service or
information. The time required to break the security exceeds the useful lifetime of the
information
Steganography
 The term Steganography comes from the Greek words ‘Steganos’ standing for
‘impenetrable’ and ‘graphein’ standing for ‘write’.
 The term therefore best paraphrased as ‘impenetrable writing’.
 According to RFC 2828, Steganography refers to ‘methods of hiding the existence
of a message or other data’. E.g invisible ink.
 That is different from cryptography which hides the meaning of the message but
does not hide the message itself.
What is the difference b/w Cryptographic
algorithm and protocol?
 Algorithm: An algorithm is a well-defined computational procedure that takes a
variable input and generates a corresponding output
 Protocol: A protocol is a set of rules that tells what task to perform and how to
perform.
 Cryptographic algorithm: A cryptographic algorithm is an algorithm that employs
and makes use of cryptographic techniques and mechanisms
 Cryptographic protocol: A cryptographic protocol is a protocol that employs and
makes use of cryptographic techniques and mechanisms
Classes of Cryptographic systems
Cryptographic systems may or may not use secret keys, or may or may not share
parameters. There are at least 3 classes of cryptographic systems
 Unkeyed cryptosystem: An unkeyed cryptosystem is a cryptographic system that
uses no secret parameters
 Secret Key Cryptosystem: A secret key cryptosystem is cryptosystem that uses
secret parameters that are shared between the participating entities
 Public Key Cryptosystem: A public key cryptosystem is a cryptographic system that
uses secret parameters that are not shared between the participating entities
 Conventional Encryption Scheme

 Using this model requires to:

1. design a suitable algorithm for the security transformation
2. generate the secret information (keys) used by the algorithm
3. develop methods to distribute and share the secret information
4. specify a protocol enabling the principals to use the transformation and secret information or a security service
Summary
 Symmetric Encryption
 Some Basic Terminology
 Types of Attacks on Encrypted Messages
 Classes of Cryptographic systems
 Model for Conventional Encryption