CRYPTOGRAPHY SYMMETRIC

ISAS

  
Name          :1 . Pangeran Nicola Alfiano
                     2. Latif Arif Putranto
Faculty       : Riza Muhammad Nurman
Semester     : 4
Quarter       : 1
Class           : 4SC7
 

 
Continuing Education Center for Computing and Information
Technology Faculty of Engineering, University of Indonesia

2020
 PREFACE

Praise be to Allah Almighty, Most Merciful, because thanks to His grace

and guidance, the writer can arrange and present a paper that contains about
Asymmetric Cryptography. The writer also thanked to Mr. Riza Muhammad
Nurman as lecturer Introductory IT courses that have provided guidance to the
writer in the process of preparing this paper. Not to forget the writer thank the
various parties who have given encouragement and motivation.

The author realizes that in the preparation of this paper there are still far
from perfection. Therefore, the authors expect constructive criticism and
suggestions to improve this paper and can be a reference in preparing the papers
or subsequent tasks.

The authors also apologize if in writing this paper there are typos and
errors that confuse the reader in understanding the author's intent.

Depok, March 2020

Author

ii
 TABLE OF CONTENTS

Contents
CRYPTOGRAPHY SYMMETRIC..................................................................i
PREFACE................................................................................................................ii
TABLE OF CONTENTS.......................................................................................iii
TABLE OF FIGURES............................................................................................iv
CHAPTER I INTRODUCTION..............................................................................1
CHAPTER II BASIC THEORY..............................................................................3
1. Application security......................................................................................4
2. Cloud security...............................................................................................4
3. Cryptography................................................................................................4
4. Infrastructure security...................................................................................4
2.3 History of cryptography...........................................................................5
2.4 Cryptography............................................................................................5
CHAPTER III PROBLEM ANALYSIS..................................................................6
DES.................................................................................................................11
AES.................................................................................................................11
3.2 What is Symmetric Encryption Used For?..............................................13
CHAPTER IV CONCLUSION AND SUGGESTION..........................................15
1 Conclusion:.....................................................................................................15
2 Suggestion:.....................................................................................................15
BIBLIOGRAPHY..................................................................................................16

iii
 TABLE OF FIGURES

FIGURE III. 1 SYMMETRIC VS ASYMMETRIC

(SRC:HTTPS://WWW.CCEXPERT.US/SCND-2/IMAGES/7936_209_149-
SYMMETRIC-ASYMMETRIC-ENCRYPTION.JPG.....................................................8

FIGURE III. 2 HOW TO USE CRYPTO SYMMTRIC

(SRC:HTTPS://EHINDISTUDY.COM/2015/10/01/SYMMETRIC-AND-ASYMMETRIC-
KEY-CRYPTOGRAPHY-IN-HINDI)......................................................................10

iv
 1

CHAPTER I INTRODUCTION

I.1.    Background

Information security is a concept that becomes ever more enmeshed in

many aspects of society, largely as a result of early all over adoption of
computing technology. In everyday lives, many people work with computer
for employers, play on computers at home, go to school online, buy goods
from merchants on the internet, and so on, endlessly.
Although this technology enables people to be more productive and allows
people to access a host of information with only a click of the mouse, it also
carries with it a host of security issues. One of the issues is, when a user
wants to sign in into a website and enters the password. Password must be
secret so that other people even administrator cannot see and use it.

I.2.    Writing Objective

The following is the purpose of writing a paper entitled "Big data":
● Understand the background of Cryptography symmetric
● Understand Components of a Cryptography symmetric

I.3.    Problem Domain

This paper will discuss about Cryptography symmetric for science that
applies complex mathematics and logic to design strong encryption methods and
security
I.4.    Writing Methodology

This paper is written by studying literature review from various sources,

either in the form of material from internet.
I.5.    Writing Framework

Here is a systematic writing of a paper entitled "Database Architecture for".

CHAPTER I INTRODUCTION
I.1 Background
I.2 Writing Objective
I.3 Problem Domain
I.4 Writing Methodology

CHAPTER II BASIC THEORY

II.1 Information Security
II.2 Type of Information Security
II.3 History of cryptography
II.4 Cryptography
CHAPTER III PROBLEM ANALYSIS

III.1 Cryptography symmetric use in network

III.2 How does it work
III.3 Advantage and disadvantage

CHAPTER IV CONCLUSION AND SUGGESTION

IV.1 Conclusion

IV.2 Suggestion

BIBLIOGRAPHY

2
3
 3

CHAPTER II BASIC THEORY

2.1 Information Security

  Information Security is not all about securing information from unauthorized access.
Information Security is basically the practice of preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or destruction of information. Information can be
physical or electrical one. Information can be anything like your details or we can say your
profile on social media, your data in mobile phone, your biometrics etc. Thus Information
Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics,
Online Social Media etc.
Information Security programs are built around 3 objectives, commonly known as CIA
Confidentiality, Integrity, Availability.
1. Confidentiality
Confidentiality refers to protecting information from being accessed by
unauthorized parties. In other words, only the people who are authorized to do so can
gain access to sensitive data. Imagine your bank records. You should be able to
access them, of course, and employees at the bank who are helping you with a
transaction should be able to access them, but no one else should. A failure to
maintain confidentiality means that someone who shouldn't have access has managed
to get it, through intentional behavior or by accident. Such a failure of confidentiality,
commonly known as a breach, typically cannot be remedied.
Once the secret has been revealed, there's no way to un-reveal it. If your bank
records are posted on a public website, everyone can know your bank account number,
balance, etc., and that information can't be erased from their minds, papers, computers,
and other places. Nearly all the major security incidents reported in the media today
involve major losses of confidentiality.

2. Integrity
Integrity means maintaining accuracy and completeness of data. Integrity refers to
the ability to prevent data from being changed in an unauthorized or undesirable
 manner. This could be mean the unauthorized change or deletion of data or portions
of data, or it could mean an authorized, but undesirable, change or deletion of data.
 Example of a failure of integrity is when you try to connect to a website and a
malicious attacker between you and the website redirects your traffic to a different
website. In this case, the site you are directed to is not genuine.
3. Availability
Availability means that information is accessible by authorized users. If an
attacker is not able to compromise the first two elements of information security they
may try to execute attacks like denial of service that would bring down the server,
making the website unavailable to legitimate users due to lack of availability

2.2 Type of Information Security

1. Application security
Application security is a broad topic that covers software vulnerabilities in web and mobile
applications and application programming interfaces (APIs). These vulnerabilities may be found
in authentication or authorization of users, integrity of code and configurations, and mature
policies and procedures.
2. Cloud security
Cloud security focuses on building and hosting secure applications in cloud environments and
securely consuming third-party cloud applications. “Cloud” simply means that the application is
running in a shared environment. Businesses must make sure that there is adequate isolation
between different processes in shared environments.
3. Cryptography
Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Digital
signatures are commonly used in cryptography to validate the authenticity of data.
4. Infrastructure security
Infrastructure security deals with the protection of internal and extranet networks, labs, data
centers, servers, desktops, and mobile devices.
5. Incident Response
Incident response is the function that monitors for and investigates potentially malicious
behavior.
6. Vulnerability management

4
Vulnerability management is the process of scanning an environment for weak points (such as
unpatched software) and prioritizing remediation based on risk.

2.3 History of cryptography

The word "cryptography" is derived from the Greek kryptos, meaning hidden. The origin
of cryptography is usually dated from about 2000 B.C., with the Egyptian practice of
hieroglyphics. These consisted of complex pictograms, the full meaning of which was only
known to an elite few. The first known use of a modern cipher was by Julius Caesar (100 B.C. to
44 B.C.), who did not trust his messengers when communicating with his governors and officers.
For this reason, he created a system in which each character in his messages was replaced by a
character three positions ahead of it in the Roman alphabet.
2.4 Cryptography
Cryptography is a method of protecting information and communications through the use
of codes so that only those for whom the information is intended can read and process it. The
pre-fix "crypt" means "hidden" or "vault" and the suffix "graphy" stands for "writing."

In computer science, cryptography refers to secure information and communication

techniques derived from mathematical concepts and a set of rule-based calculations called
algorithms to transform messages in ways that are hard to decipher. These deterministic
algorithms are used for cryptographic key generation and digital signing and verification to
protect data privacy, web browsing on the internet and confidential communications such as
credit card transactions and email.

5
 CHAPTER III PROBLEM ANALYSIS
3.5 How to use crypto symmetric

Figure III. 1 how to use crypto symmetric (src:https://ehindistudy.com/2015/10/01/symmetric-and-

asymmetric-key-cryptography-in-hindi)

Alice put a secret message in the box and locked the box using a padlock and she had the
key. Then he sent a box to Bob by regular mail. When Bob receives the box, he uses the exact
copy key Alice has to open the box and read the message. Bob can then use the same padlock to
reply to a secret message.

From that example, the symmetric key algorithm can be shared with stream ciphers and
block ciphers. Stream ciphers encrypt one by one bits of messages, and block ciphers take
several bits, usually 64 bits, and encrypt them into one piece. There are many different
algorithms from symmetric including, Serpent, AES, Blowfish, CAST5, RC4, TDES, and IDEA.

 plaintext – information that can be directly read by humans or a machine (this article is
an example of plaintext). Plaintext is a historic term pre-dating computers, when encryption

6
 was only used for hardcopy text, nowadays it is associated with many formats including
music, movies and computer programs
 ciphertext – the encrypted data
 cipher – the mathematics (or algorithm) responsible for turning plaintext into ciphertext
and reverting ciphertext to plaintext (you might also see the word ‘code’ used – there is a
technical difference between the two but it need not concern us now)
 encryption – the process of converting plaintext to ciphertext (occasionally you may see
it called ‘encipherment’)
 decryption – the process of reverting ciphertext to plaintext
3.1 What is Symmetric Encryption?
Symmetric encryption is a type of encryption where only one key (a secret key) is used
to both encrypt and decrypt electronic information. The entities communicating via symmetric
encryption must exchange the key so that it can be used in the decryption process. This
encryption method differs from asymmetric encryption where a pair of keys, one public and one
private, is used to encrypt and decrypt messages.
By using symmetric encryption algorithms, data is converted to a form that cannot be
understood by anyone who does not possess the secret key to decrypt it. Once the intended
recipient who possesses the key has the message, the algorithm reverses its action so that the
message is returned to its original and understandable form. The secret key that the sender and
recipient both use could be a specific password / code or it can be random string of letters or
numbers that have been generated by a secure random number generator

There are two types of symmetric encryption algorithms:

1. Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the
use of a specific secret key. As the data is being encrypted, the system holds the data in its
memory as it waits for complete blocks.
2. Stream algorithms. Data is encrypted as it streams instead of being retained in the
system’s memory.

Some examples of symmetric encryption algorithms include:

 AES (Advanced Encryption Standard)

7
 DES (Data Encryption Standard)
 IDEA (International Data Encryption Algorithm)

 RC2 (Rivest Cipher 2)

 RC4 (Rivest Cipher 4)
 RC5 (Rivest Cipher 5)
 RC6 (Rivest Cipher 6)

DES
In “modern” computing, DES was the first standardized cipher for securing electronic
communications, and is used in variations 2-key or 3-key 3DES. The original DES is not used
anymore as it is considered too “weak”, due to the processing power of modern computers. Even
3DES is not recommended by NIST and PCI DSS 3.2, just like all 64-bit ciphers. However,
3DES is still widely used in EMV chip cards.

AES
The most commonly used symmetric algorithm is the Advanced Encryption Standard
(AES), which was originally known as Rijndael. This is the standard set by the U.S. National
Institute of Standards and Technology in 2001 for the encryption of electronic data announced in
U.S. FIPS PUB 197. This standard supersedes DES, which had been in use since 1977. Under
NIST, the AES cipher has a block size of 128 bits, but can have three different key lengths as
shown with AES-128, AES-192 and AES-256.

IDEA

International Data Encryption algorithm (IDEA) is a block cipher algorithm designed by

Xuejia Lai and James L. Massey of ETH-Zürich and was first described in 1991.The original
algorithm went through few modifications and finally named as International Data Encryption
Algorithm (IDEA). The mentioned algorithm works on 64-bit plain text and cipher text block (at
one time). For encryption, the 64-bit plain text is divided into four 16 bits sub-blocks. In our
discussion, we denote these four blocks as P1 (16 bits), P2 (16 bits), P3 (16 bits) and P4 (16
bits). Each of these blocks goes through 8 ROUNDS and one OUTPUT TRANSFORMATION

8
 phase. In each of these eight rounds, some (arithmetic and logical) operations are performed.
Throughou
the eight ROUNDS, the same sequences of operations are repeated. In the last phase, i.e., the
OUTPUT TRANSFORMATION phase, we perform only arithmetic operations.

At the beginning of the encryption process, the 64 bit plain text is divided in four equal
size blocks and ready for ROUND1 input. The output of ROUND1 is the input of ROUND2.
Similarly, the output of ROUND2 is the input of ROUND3, and so on. Finally, the output of
ROUND8 is the input for OUTPUT TRANSFORMATION, whose output is the resultant 64 bit
cipher text (assumed as C1 (16bits), C2 (16 bits), C3 (16 bits) and C4 (16 bits)). As the IDEA is
a symmetric key algorithm, it uses the same key for encryption and for decryption. The
decryption process is the same as the encryption process except that the sub keys are derived
using a different algorithm. The size of the cipher key is 128bits.

 RC2 (Rivest Cipher 2)

RC2 is a 64-bit source-heavy unbalanced Feistel cipher with an 8 to 1024-bit key size, in
steps of 8. The default key size is 64 bits. It was designed in 1987. It has a heterogenous round
structure with a total of 18 rounds (16 "MIXING" rounds and 2 "MASHING" rounds). It is a
complex cipher using secret indices to select key material. It performs bitwise rotations, AND,
NOT, and XOR, as well as modular addition. It is vulnerable to a related-key attack given 234
known plaintexts. It is defined in RFC 2268, though it was originally leaked to a mailing list
through reverse engineering software that used it in 1996.

9
 There is never a reason to use RC2. It is an extremely old cipher to be a drop-in
replacement for DES created long before we had a good understanding of block cipher design. It
is relatively poorly-analyzed and could easily have severe security vulnerabilities that have not
been discovered.

 RC4 (Rivest Cipher 4)

RC4 is a stream cipher with a 40 to 2048-bit key written in 1987 with a maximum
theoretical strength of log(256!) 1684 bits. It generates a keystream from a state array composed
of a 256-byte permutation by swapping values based on secret indices. The first portion of the
RC4 keystream shows a significant bias, though the bias shrinks as more keystream is generated.
For that reason, many implementations drop the first few hundred (or even thousand) bytes.
Other biases and problems, such as vulnerabilities in how it uses a nonce, exist that can make it
difficult to use securely. Of Information Security is not all about securing information from
unauthorized access. Information Security is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or destruction of
information

 RC5 (Rivest Cipher 5)

RC5 is a block cipher using a 1–255 round (12 originally suggested) Feistel-like network
with 32, 64, or 128-bit blocks published in 1994. The key size is 0 to 2040 bits. One thing that
makes RC5 unique is its use of data-dependent rotations, a feature that theoretically improves
security but which, in practice, often makes the cipher harder to analyze and can leave
weaknesses that are only found later. Additional operations involved are modular addition and
bitwise XOR.

 RC6 (Rivest Cipher 6)

RC6 is a 20-round Feistel block cipher based off of RC5, with tweaks done to make it
acceptable for the AES competition (including using a fixed block size of 128 bits and
supporting 128, 192, and 256-bit keys). RC6 ultimately lost to Rijndael, but did make it to the
top 5 (along with Twofish, Serpent, Rijndael, and MARS). RC6 uses the same basic operations

8
 as RC5, but also includes multiplication to improve diffusion characteristics of the rotation
operation

3.2 What is Symmetric Encryption Used For?

While symmetric encryption is an older method of encryption, it is faster and more
efficient than asymmetric encryption, which takes a toll on networks due to performance issues
with data size and heavy CPU use. Due to the better performance and faster speed of symmetric
encryption (compared to asymmetric), symmetric cryptography is typically used for bulk
encryption / encrypting large amounts of data, e.g. for database encryption. In the case of a
database, the secret key might only be available to the database itself to encrypt or decrypt.

Some examples of where symmetric cryptography is used are:

 Payment applications, such as card transactions where PII needs to be protected to

prevent identity theft or fraudulent charges
 Validations to confirm that the sender of a message is who he claims to be
 Random number generation or hashing

3.3 What is Encrypt and Decrypt?

Encrypt or encryption is a term used for data that is converted into a code that is
confidential and can only be read by certain systems or people.

While decrypt or decryption is the opposite of encrypt, which is data that was in the form
of encrypted code and then translated back into its original form so that it can be read by the
recipient of the data.

There are four advantages to symmetric cryptography that are more than that of asymmetric
cryptography.
 First, a symmetric cipher key can be created for large data. Some hardware
implementations reach a rate of 100 megabytes per second in encrypting. Implementation
of the software can reach 1 megabytes per second.
 Second, the keys of the symmetric key cipher are relatively short.

9
  Third, the advantages of symmetric key ciphers can be used to form other cryptographic
mechanisms. It also includes PRNG pseudo random number generators, hash functions
and efficient digital signature calculation schemes.
 Fourth, the advantage of a symmetric key cipher can be attached to a strong cipher to be
built.

Two vices of symmetric cryptographic key ciphers.

 First, the key itself must be a secret to the two sides' communication until it is finished.
 Second, on a large network many key pairs must be arranged. A further bad thing is that
the key communication to the user must be updated frequently.

10
 12

CHAPTER IV CONCLUSION AND SUGGESTION

1 Conclusion:

Information Security is not all about securing information from unauthorized access.
Information Security is basically the practice of preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or destruction of information

2 Suggestion:
Studying symmetric cryptography and security systems is very important in order to
secure data from unauthorized users
 13

BIBLIOGRAPHY
Doni Y, (3-march-2020) https://www.geeksforgeeks.org/what-is-information-security/
Daniel, (3-march-2020) https://developer.mozilla.org/en-
US/docs/Web/Security/Information_Security_Basics/Confidentiality,_Integrity,_and_Availabilit
y
Muhammad, (3-march-2020) https://www.cisco.com/c/en/us/products/security/what-is-
information-security-infosec.html
Dani A, (3-march-2020) https://searchsecurity.techtarget.com/definition/cryptography
Rroij, (3-march-2020) http://www.rroij.com/open-access/international-data-encryption-
algorithm-idea-a-typical-illustration-116-118.php?aid=37580
Muhammad, (3-march-2020) https://crypto.stackexchange.com/questions/68460/difference-
between-rc2-rc4-rc5-and-rc6