Information Security and Cryptography 1- Confidentiality. 4- Non-repudiation.

• Information security is the process which describes all measures taken to prevent unauthorized use of electronic 2- Authentication. 5- Accessibilit
data, whether this unauthorized use takes the form of destruction, use, disclosure, modification, or 3- Integrity.
disruption. Cryptography services :
• Information security and Cryptography are interconnected and share the common services of protecting the
1 Confidentiality: Confidentiality is a service used to guarantee information it is accessible only to authorized
confidentiality, integrity and availability of the information ignoring data form (electronic document, printed
document). entities and is inaccessible to others.

• In the encryption process, information security uses Cryptograph to shift the information into the cipher form 2 Authentication: Authentication is a service used to provide the identity of an entity.

which does not allow it to be used by unauthorized personnel. 3 Integrity: Integrity is a service used to guarantee that the information remains unchanged from the source entity
Security Cycle to the destination entity.
Three Keywords: 4 Non-repudiation: Non-repudiation is a service used to confirm the involvement of an entity in a certain form
1. Threats A possible danger to the system 2. Vulnerabilities Is a point where a system is susceptible to attack communication, and prevents any party from denying the sent message.
3. Countermeasures Techniques for protecting system 5 Accessibility: Accessibility is a service put in place to allow the use of information resources by authorized
entities.
• Cryptography provides the information security for other useful applications such as in encryption, message
THREATS

digests, and digital signatures.

SECURITY
CYCLE
Cryptography system
COUNTERMEASURES VULNERABILITIES

Threats
Threats fall into three main categories: natural, unintentional, and intentional:
1. Natural and physical threats 2. Unintentional threats 3. Intentional threats
Vulnerabilities
Every Information system is vulnerable to attack. The types of vulnerability in Information systems are:
History of Cryptograph
1. Physical vulnerabilities 2. Natural vulnerabilities 3. Hardware and software vulnerabilities
4. Emanation vulnerabilities 5. Communications vulnerabilities 6. Human vulnerabilities Cryptography has a long and fascinating history:

Countermeasures • Cryptography which appeared in ancient times was most likely developed by the Egyptians, and Assyrian

There are many different types of countermeasures: civilizations.

1. Information System security 2. Communications security3 . Physical security • The Greeks are considered the pioneers in the science of Cryptography.

Security Attacks • In 4 century B.C., the Greek was the first to introduce the method of encryption called "Polybius checkerboard”

Def: Any action that compromises the security of information owned by an organization which was symbols duplication.

-Classified into 1- Passive attacks 2- Active Attacks • In addition to the Greek civilization the Romans also, used primitive tools of encryption.

Security Attacks – Passive Attacks • Arabs were the first to understand the principles of Cryptography. They created the substitution and transposition

• Attempts to learn or make use of information from the system but does not affect system resources ciphers and discovered some cryptanalysis techniques

• Difficult to detect because they do not involve any alternation of the data • In Europe encryption started in the Middle Ages specifically in Vatican, and also in Italian city states. In the

• Two types of passive attacks • era of Pope VII, the first European manual encryption was produced by Gabriele de Lavinde of Parma

• obtain message contents
. Traffic analysis (monitor traffic flows)
• By 1860, the use of encryption had become more commonplace in diplomatic communication. Encryption was used
for most military communications,
• During the First World War, the two sides used encryption on tactical communication devices, and a popular
method at the time was the German ADFGVX fractionation cipher
• After the end of World War II, the electronics that were developed to support radar, were adapted to cryptosystem
machines.

Cryptography Techniques
• The main Cryptographic system is grouped to the type of key system that uses:
Security Attacks - Active Attacks
• Single key/symmetric/secret key/one key Cryptography.
. Attempts to alter system resources or affect their operation
--Subdivided into four categories • Two keys/public key/asymmetric Cryptography.

1. Masquerade, when one entity pretends to be another entity 2. Reply, capture the message then retransmit •

3. Modification, alter some portion of the message 4. Denial of service, prevents or inhibits the normal use Single Key Cryptosystem (Secret-Key / Symmetric/one-key)
or management of communication facilities

A Two-Key Cryptosystem (Public-Key / Asymmetric)

Passive and Active Attacks - Discussion
Differentiate between the Active and passive attacks.
Is it hard or simple to detect passive attacks?
How can we avoid passive attacks? How can we prevent them?
Is it hard or simple to detect active attacks? Why?
Can we prevent the active attacks? How?

Information Security and Cryptography

Cryptography is one of the most important fields in computer security. It is a method of transferring private
information and data through open network communication, so only the receiver who has the secret key can read
the encrypted messages which might be documents, phone conversations, images or other form of data.
Cryptography services :
Cryptography is used to achieve the following:

Substitution Ciphers
There are many others substitution cipher algorithms proposed since the Playfair method was introduced.
Among these are Vigenère cipher, Gronsfeld cipher and etc.

B-Transposition Ciphers
• Transposition cipher rearranges the position of the letters of the plaintext.
• Rail Fence is a very simple transposition cipher, in which the plaintext is rearranged between two rows.
• In two rows Rail Fence the message: plaintext = "FRACTAL CRYPTOGRAPHY" is encrypted to display as
follows:

Rail fence

B-Transposition Ciphers
• Transposition cipher rearranges the position of the letters of the plaintext.
• Rail Fence is a very simple transposition cipher, in which the plaintext is rearranged between two rows.
• In two rows Rail Fence the message: plaintext = "FRACTAL CRYPTOGRAPHY" is encrypted to display as
follows:

Decryption (by the Receiver)

Ciphertext= FATLCYTGAHRCA RPORPY
……..
……..
Ciphertext=Row 1+Row 2 Plaintext = FRACTAL CRYPTOGRAPHY

Ciphertext= FATLCYTGAHRCA RPORPY

C-Product Ciphers

-A product cipher is a useful device for Cryptographer which is based on matrices.

- The product cipher can be produced by combining the substitution and the transposition ciphers.

-Whereby, product cipher has many important classes, the most important one is called fractionation
system.

- Product cipher is considered a block cipher.

-The fractionation system has many field ciphers one of which was employed by the German army during the First
World War, which was called ADFGVX cipher. This system uses 6x6 Matrix to substitute and encrypt the 26 letters of • Data Encryption Standard (DES) was published by the Federal Register and developed by IBM and
the alphabet and 10 digits into pair of the symbols "A", "D", "F", "G", "V", and "X“. the National Security Agency (NSA).

ADFGVX matrix with keyword "CRYPTO" • DES is a widely use symmetric algorithm and it is considered as a famous block cipher design.

• The following is a working example for the ADFGVX matrix that is used to encrypt the phrase
"FRACTAL" with the keyword "CRYPTO“.

• There are many examples of modern product ciphers including the Lucifer cipher, LOKI , and others.

ADFGVX

E- Stream Ciphers
• A stream cipher breaks the plaintext into units. Normally, the unit is a single character.
• A stream cipher generates a key stream as a sequence of bits, and the key stream is used as a secret
key.
• The key stream in stream cipher is generated by two methods:
1. one is independent of plaintext and ciphertext method (synchronous stream cipher),
2. The other is dependent on the data and its corresponding encrypted data (self-synchronizing).

D- Block Ciphers

• Block ciphers split the plaintext to fixed sizes and transform them into ciphertext block.
• The block cipher encrypts a fixed length of plaintext as a block to the ciphertext with the same
length.
• A block cipher is one of the symmetric-key algorithms and it does the encryption/decryption work
by the same secret key.
• Feistel cipher is a special class of iterated block ciphers which is calculated from the repeated
application of the same round function

Cryptography Techniques
• The main Cryptographic system is grouped to the type of key system that uses:
• single key Cryptography,
• and two keys Cryptography.

• A stream cipher is classified into two types based on the generated key stream method as
synchronous stream ciphers and self-synchronizing stream ciphers.
• Both classifications have many others stream cipher algorithms. Among others are RC4 , Helix,
A Two-Key Cryptosystem (Public-Key / Asymmetric)
ISAAC, etc.
• A two-key system is based on the idea that a user can possess two keys, one is public and the other
• Whereby, there are some block cipher modes which are used to build the stream ciphers such as
is private.
cipher feedback (CTR), and output feedback (OFB).
• The two-key cryptosystem works to encrypt the data to be sent by using the public key, while the
Characteristics of symmetric-key cryptosystems
private key can only be used to decrypt the encrypted data.
Advantages:
• The two-key Cryptography must be made easy for the user to calculate a pair of keys (private and
• Speed - the symmetric-key is the fastest cryptosystem. In terms of the practical
public). However, these techniques must have at least one private key to make it impossible for the
computational intensiveness of its underlying operations, symmetric-key cryptography is
cryptanalyst to attack the ciphertext
considered hundreds of times less intensive than its asymmetrical-key counterpart.
Main branches of Cryptography
• Small key size - the key size for symmetric-key cryptosystems is several orders of
magnitude smaller than the key size of asymmetric-key cryptosystems.
Disadvantages:
Key distribution problem - requires a communication channel that is both confidential and authentic to
exchange the symmetric-key securely between parties. To reduce the impact of being discovered by an
opponent, the shared secret key should be changed regularly and kept secure during distribution and
when in service. Also, it is to be noted that the number of keys required for communicating
between parties increases dramatically with each new party being added to the communication network
A Two-Key Cryptosystem (Public-Key / Asymmetric)
• A two-key system is based on the idea that a user can possess two keys, one is public and the other
is private.
• The two-key cryptosystem works to encrypt the data to be sent by using the public key, while the
private key can only be used to decrypt the encrypted data.
• The two-key Cryptography must be made easy for the user to calculate a pair of keys (private and
public). However, these techniques must have at least one private key to make it impossible for the
cryptanalyst to attack the ciphertext
Main branches of Cryptography

• Basically, the three major types of mathematical hard problem that had been successfully being used
in Cryptography are described in the following subsections of this part. These problems are:
– the integer factorization problem (IFP)
– the discrete logarithm problem (DLP)
– the Elliptic Curve discrete logarithm problem (ECDLP).
– Chaotic Hard problem

Cryptography System Definition Main branches of public-key scheme

• Cryptography is the study of mathematical techniques related to aspects of information security

such as confidentiality, data integrity, entity authentication, and data origin authentication.
• In addition, Cryptography is also known as the science of secret writing.
Cryptography System
• The plaintext is the original message that is considered as input data for the encryption algorithm.
• The ciphertext is of the secret writing and it depends on the plaintext and the secret key.
Cryptography may be divided into two main categories
1. Asymmetric: Ciphering and deciphering using a pair of keys.
2. Non asymmetric: Ciphering and deciphering using the same key (or without key – in the case of
Hash function).
Key Exchange
• The key exchange is an important method in public-key Cryptography.
• Keys are exchanged between the users according to Cryptography protocols which are based on the
key exchange problem.
• Whitfield Diffie and Martin Hellman (Diffie, 1976) were the first who developed key exchange
algorithm.
• They highlighted the most important method of exchanging the keys by using the discrete
logarithm.
Key Exchange Based on Discrete Logarithm: Diffie-Hellman Key Exchange
• The Diffie-Hellman protocol is used to exchange a secret key between two users over an insecure
medium without any prior communication between them.
• The exchanged secret is then used as the secret key for subsequent communication.
DH Protocol

Fast Modular Exponentiation Based on The Right-To-Left Binary Algorithm

C=m^e mod n
The Diffie-Hellman Key Exchange Algorithm
Algorithm for key exchange
Alice must do the following (refer to Steps 1a to 4a in Figure 2.9):
• Choose a prime numbers p randomly, and choose two integer numbers a and g.
• Compute the A (Alice's public key), as follows: A = ga mod p.
• Send the public value A to Bob.
• Compute the secret value K, as follows: K = Ba mod p.
Alice must do the following (refer to Steps 1b to 4b in Figure 2.9):
• Choose an integer numbers b randomly.
• Compute the B (Bob's public-key), as follows: B = gb mod p.
• Send the public value B to Alice.
• Compute the secret value K, as follows: K = Ab mod p.

OmniSecuR1 chooses the private number "a" as 12. OmniSecuR1 computes and sends A to OmniSecuR2. In this
case, A = (5^12) MOD 101 = 92
OmniSecuR2 chooses the private number "b" as 17. OmniSecuR2 computes and sends B to OmniSecuR1. In
this case, B = (5^17) MOD 101 = 54

• Now, you can observe that Key1 = Key2 = 19.

The values Key1/Key2 are never exchanged over
internet.

• The values "p" and "g" can be shared over

internet and no protection is required for
values "p" and "g".
• In real-time, much larger values of a, b, and
p are required for Diffie-Hellman Key
establishment.

• The security of the Diffie-Hellman key exchange protocol is based on the strength of the discrete
algorithm and the size of the key used (refer to Figure 2.8).
• However, the Diffie-Hellman protocol is considered secure against brute force attack if p and g are
chosen properly (Diffie, 1976).
• Currently, the solving of the Diffie-Hellman discrete logarithm problem will make many other
public-key cryptosystem insecure.
• The Diffie-Hellman key exchange has a high level of the security because DH protocol depends on
large numbers which exceeds 1024 bit

Key Exchange
• The key exchange is an important method in public-key Cryptography.
• Keys are exchanged between the users according to Cryptography protocols which are based on the
key exchange problem.
• Whitfield Diffie and Martin Hellman (Diffie, 1976) were the first who developed key exchange
algorithm.
• They highlighted the most important method of exchanging the keys by using the discrete
logarithm.
D.H key exchange example
 CamScanner

CamScanner CamScanner
 Public Key Encryption
• The concept of public-key cryptosystem was developed by Diffie-Hellman in 1976
• the first encryption protocol based on the public-key concept is the RSA algorithm which was published
by Revist, Shamir and Adleman in 1978.
• In RSA, one key is known to public (receiver's public key), and is used to encrypt the information by the
sender.
• The other key is known as a private key, and it is used to decrypt the encrypted data received by the
receiver (receiver's private key).
• There are many others public-key encryption algorithms published since the RSA was made public.
Among them are ElGamal, Elliptic Curve, Rabin, etc.

Only a few public-key algorithms are both secure and practical. Of these, only some are suitable for encryption.
While the others are only suitable for digital signatures. This can be seen in the following list:
Integer factorization (RSA, Rabin).
Discrete logarithm problem (ElGamal).
Knapsack (subset) (Merkle-Hellman, Chor-Rivest).
Probabilistic method (Blum-Goldwasser, Goldwasser- Micali).
Elliptic Curve (Elliptic Curve, modified Elliptic Curve).
Algebraic code theory (Mc Eliece).
Fractal system (Newton Raphson law)

The RSA scheme is the most widely used public-key encryption algorithm. Forward key : public key Inverse key : private key
It may be used to provide both secrecy and digital signatures.
The RSA security is based on the intractability of the integer factorization problem
there are three integers e, d and n used in the encryption and decryption algorithm, where n = p X q, with
p and q being large primes. Below are the details of the RSA algorithm.

CamScanner