Professional Documents
Culture Documents
Chapter - 3 Information Security
Chapter - 3 Information Security
Chapter -3
Mr.Rajasekhar Boddu
Security Techniques: Cryptography
Terminology
Cryptography: Schemes for encryption and decryption
Encryption: The process by which plaintext is
converted into cipher text.
Decryption: Recovering plaintext from the cipher text
Secret key: Used to set some or all of the various
parameters used by the encryption algorithm. In a
classical (symmetric key) cryptography, the same
secret key is used for encryption and decryption
Cryptanalysis: The study of “breaking the code”.
Cryptology: Cryptography and cryptanalysis together constitute
the area of cryptology.
Cryptography
Given
P=Plaintext
C=CipherText
C = EK (P) Encryption
P = DK ( C) Decryption
P= DK(EK(P))
C= EK(DK(C))
Cryptanalysis
Cryptography is the science and art of creating code
Cryptanalysis is the science and art of breaking those codes
Mono-alphabetic Substitution
The relationship between symbols in plain text to a symbols In cipher text is
always one to one
14
Additive Cipher
Multiplicative Cipher
Affine Cipher
Monoaplhabetic Substitution Cipher
15
Key
Key
Alice k Bob
K
Encryption Decryption
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
16
Cryptography
The simplest mono-alphabetic cipher is the additive
cipher.
This cipher is sometimes called a shift cipher and
sometimes a Caesar cipher, but the term additive
cipher better reveals its mathematical nature
Plain text: are you ready Cipher text: DUH BRX UHDGB for k=3
Cryptography
Intruders
Cryptanalysis
Brute-Force Attack
The intruder tries all possible keys (or passwords), and
checks which one of them returns the correct plaintext.
Exercise
1. Hana has intercepted the ciphertext
“UVACLYFZLJBYL”. Show how she can use a brute-
force attack to break the cipher.
Cryptography
Frequency analysis/ Statistical attack
It is especially useful when attacking a substitution cipher where the statistics of
the plaintext language are known.
In English, for example, some letters will appear more often than others will,
allowing an attacker to assume that those letters may represent the key.
Exercise
1. Eden has intercepted the following cipher text. find the plaintext Using a
statistical attack.
When Eden tabulates the frequency of letters in this cipher text, she gets: I =14, V
=13, S =12, and so on. The most common character is I with 14 occurrences. This
means key = 4 because the distance between e and I is 4.
Key
Key
Alice k Bob
K
Plaintext
Plaintext Cipher text
P
P C
C=(P*K) mod P=(C*K-1)
26 mod 26
Encryption Decryption
29
Multiplicative cipher
Key Key
k1 K2
Alice
Plaintext
P T
C=(P*K1) P=(C+K2)
mod 26 mod 26
Ciphertext
Encryption C
Bob
Plaintext
P C=(P*K-1) mod P=(C-K2)
26 mod 26
Decryption
Key Key
31
k1 K2
EXAMPLE
plaintext = hello
Key pair = (7,2)
Ciphertext=?
32
Transposition Cipher
All the techniques examined so far involve the substitution of a cipher text symbol
for a plaintext symbol.
A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a
transposition cipher.
The simplest such cipher is the rail fence technique
Rail Fence Cipher – write the plaintext in a zig-zag pattern in rows and form the
cipher text by reading off the letters from the first row followed by the second.
Eg. Encipher the message "meet me after the toga party" with a rail fence of
depth 2
Keyless Transposition Cipher
Combination of two
34
Keyless Transposition Ciphers
Simple transposition ciphers, which were used in the past, are keyless.
Example
A good example of a keyless cipher using the first method is the rail fence cipher. The ciphertext
is created reading the pattern row by row. For example, to send the message “Meet me at the
park” to Bob, Alice writes
40
Example
The key used for encryption and decryption is a permutation key, which shows how the character
are permuted.
In late 1974, IBM proposed "Lucifer", which was then modified by NSA
(National Security Agency) in 1976 to become the DES (Data Encryption
Standard). DES was then approved by the NBS in 1978. DES was
standardized by the ANSI under the name of ANSI X3.92, also known as
DEA (Data Encryption Algorithm).
Cryptography
DES- Example of Symmetric Cryptosystem …
DES Utilizes block cipher, which means that during the
encryption process, the plaintext is broken into fixed length blocks
of 64 bits.
The key is 56 bits wide. 8-bit out of the total 64-bit block key is
used for parity check (for example, if odd parity is used, each byte
has an odd number of bits set to 1).
56-bit key gives 256 ( 7.2*1016) possible key variations
DES algorithm involves carrying out combinations, substitutions
and permutations between the text to be encrypted and the key,
while making sure the operations can be performed in both
directions (for decryption).
The combination of substitutions and permutations is called a
product cipher.
Cryptography
DES- Example of Symmetric Cryptosystem …
Output-64 bit
cypher text
Every 8th bit in the key is not used (i.e. bits numbered 8,16, 24, 32, 40, 48, 56, and 64).
We get the 56-bit permutation
K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
Cont’d…
Next, split this key into left and right halves, C0 and D0, where each half has 28
bits.
C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
Each pair of blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1,
respectively, for n = 1, 2, ..., 16, using the following schedule of "left shifts" of
the previous block.
Cont’d…
So , that after one left shift the bits order looks like 2, 3,..., 28, 1.
Example: From original pair pair C0 and D0 we obtain:
C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111
C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110
C2 = 1100001100110010101010111111
D2 = 0101010110011001111000111101
C3 = 0000110011001010101011111111
D3 = 0101011001100111100011110101
C4 = 0011001100101010101111111100
D4 = 0101100110011110001111010101
Cont’d…
By applying the following permutation table to each of the concatenated pairs CnDn.
Each pair has 56 bits, but PC-2 only uses 48 of these.
Therefore, the first bit of Kn is the 14th bit of CnDn, the second bit the 17th, and so on,
ending with the 48th bit of Kn being the 32th bit of CnDn
Example: For the first key we have
C1D1 = 1110000 1100110 0101010 1011111 1010101 0110011 0011110 0011110
which, after we apply the permutation PC-2, becomes
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
Step 2: Encode each 64-bit block of data
Example: Let M be the plain text message M = 0123456789ABCDEF, where M is in
hexadecimal (base 16) format.
Rewriting M in binary format, we get the 64-bit block of text:
Cont’d…
There is an initial permutation, IP of the 64 bits of the message data M. This
rearranges the bits according to the following table, where the entries in the table show
the new arrangement of the bits from their initial order.
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010
Cont’d…
Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32
bits.
Example: From IP, we get L0 and R0
L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
Using a function f, which operates on two blocks--a data block of 32 bits and a key Kn
of 48 bits--to produce a block of 32 bits.
To calculate f, we first expand each block Rn-1 from 32 bits to 48 bits. This is done by
using a selection table that repeats some of the bits in Rn-1 . We'll call the use of this
selection table the function E. Thus E(Rn-1) has a 32 bit input block, and a 48 bit output
block.
Cont’d…
Next in the f calculation, we XOR the output E(Rn-1) with the key Kn: Kn + E(Rn-1)
Example: For K1 , E(R0), we have
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.
We now have 48 bits, or eight groups of six bits
We now do something strange with each group of six bits: we use them as addresses in
tables called "S boxes". Each group of six bits will give us an address in a different S box.
The net result is that the eight groups of 6 bits are transformed into eight groups of 4 bits
(the 4-bit outputs from the S boxes) for 32 bits total.
Cont’d…
The first and last bits of B represent in base 2 a number in the decimal range 0 to 3 (or
binary 00 to 11). Let that number be i. The middle 4 bits of B represent in base 2 a
number in the decimal range 0 to 15 (binary 0000 to 1111). Let that number be j.
Look up in the table the number in the i-th row and j-th column. That block is
the output S1(B) of S1 for the input B.
For example, for input block B = 011011 the first bit is "0" and the last bit "1" giving
01 as the row. The middle 4 bits => 13, In row 1, column 13 appears 5. This determines
the output; 5 is binary 0101, so that the
output is 0101. Hence S1(011011) = 0101.
Cont’d…
It results =
0101 1100 1000 0010 1011 0101 1001 0111
The final stage in the calculation of f is to do a permutation P of the S-box
output to obtain the final value of f: using p table below
Major Activities
Key Generation (Algorithm)
Encryption
Digital signing
Decryption
Signature verification
Cryptography
RSA- Key Generating Algorithm
5. The public key is (n, e) and the private key is (n, d).
Keep all the values d, p, q and (φ) n secret
n is known as the modulus
e is known as the public exponent or encryption exponent
d is known as the secret exponent or decryption exponent.
Cryptography
RSA- Encryption
RSA- Decryption
4. Compute d (1<d< (φ) n ) such that d = e-1 mod (φ) n = 7-1 mod 120
i.e. find a value for d such that phi divides ed-1 (120 divides 7d-1.)
Simple testing (d = 2, 3 ...) gives d = 103
Check: ed-1 = 7*103 - 1 = 120, which is divisible by phi (120).
5. Public key = (n, e) = (143, 7)
Private key = (n, d) = (143, 103).
Cryptography
Given
Public key = (n, e) = (143, 7)
Private key = (n, d) = (143, 103)
Message: ATTACKxATxSEVEN
Grouping the characters into blocks of three and computing a
message representative integer for each block:
ATT ACK XAT XSE VEN
In the same way that a decimal number can be represented as the sum
of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could represent our
blocks of three characters in base 26 using A=0, B=1, C=2, ..., Z=25
ATT = 0 x 262 + 19 x 261 + 19 = 513
ACK = 0 x 262 + 2 x 261 + 10 = 62
XAT = 23 x 262 + 0 x 261 + 19 = 15567
XSE = 23 x 262 + 18 x 261 + 4 = 16020
VEN = 21 x 262 + 4 x 261 + 13 = 14313
Cryptography
RSA- More Meaningful Example – Key Generation
Attacker can put in his own key for someone else, and
start signing fake contracts (and even checks!).
Maybe we can secure the phonebook, but then it kills the
idea of keys widely and easily available (publicly) .
Cryptography
Key Distribution: Problems
Digital money
Protection against fraud
It should not be possible to use the money more than once
It should not be possible to use forged money