Foundations of Information

Security
Lecture-4: Confidentiality
Today’s Content…

• Confidentiality
• Cryptographic Solution
• Symmetric Approach
• Asymmetric Approach
Basic Setup:
• Communication over an insecure channel
• Types of insecure channel
• Internet (unprotected network of computers)
• Wifi (not password protected)
• Air Waves (GSM connection) etc.
 Confidentiality can be achieved using
encryption/decryption

Encryption Decryption
Secure Network

E ^d@#*^

D
&!h^*hi ^d@#*^
&!h^*hi

Message
(I love you) Message
(I love you)

E: Encryption- Charlie cannot see what is being sent over the channel
D: Decryption- Bob can successfully decrypt the message
Basic Definitions:
• Plaintext (P) – The original message
• Ciphertext (C) – The scrambled message
• E() – Encryption Function
• D() – Decryption Function
Why secrecy of algorithms is not a good idea ?
1. Maintaining secrecy of algorithms is very cumbersome
• Industrial espionage
• Insider Threat
• Reverse Engineering of the code

2. Public design enables establishment of standards

• Designs which withstand years of public scrutiny – likely to gain more
confidence on its robustness
• Better that flaws are revealed by ethical hackers than malicious attackers
But …
• We can’t make everything public
• Eve can easily decrypt then

• Incorporate a second parameter

• The “KEY”
• Short secret data shared by both communicating parties

Kerckhoff’s Principle [1883]:

A cryptosystem should be secure even if the attacker knows all the details of
the system, with the exception of the secret key.
Depending upon the key, cryptosystems can be
divided into:

• Symmetric Cryptosystems
• Asymmetric Cryptosystems
 Symmetric Encryption
• Both the parties use the same key to encrypt and decrypt

Hi, Meet you at xydA@tyhskykb Hi, Meet you at

Starbucks on mc88888*!$6jgj Starbucks on
Friday at 3:00 gb768$gh^kkdv Friday at 3:00
PM. Encryption mmmvmvbb Decryption PM.

Plaintext Ciphertext Plaintext

9
 Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private key
(known only to owner) to encrypt and decrypt
 Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private key
(known only to owner) to encrypt and decrypt

1. Bob gives Alice his

public key
 Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private key
(known only to owner) to encrypt and decrypt

Hi, Meet you at xydA@tyhskykb

Starbucks on mc88888*!$6jgj
Friday at 3:00 gb768$gh^kkdv
PM. Encryption mmmvmvbb

Plaintext Ciphertext

1. Bob gives Alice his 2. Alice uses the public key of Bob
public key to encrypt her message
 Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private
key (known only to owner) to encrypt and decrypt

3. Bob receives Alice’s

encrypted message
 Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private
key (known only to owner) to encrypt and decrypt

xydA@tyhskykb Hi, Meet you at

mc88888*!$6jgj Starbucks on
gb768$gh^kkdv Friday at 3:00
mmmvmvbb Decryption PM.

Ciphertext Plaintext

3. Bob receives Alice’s 4. Bob uses his private key to

encrypted message decrypt her message
Asymmetric Encryption

• Can the reverse be used, i.e., private key is used for encryption and
public key is used for decryption ?
• Why or why not ?
How do we keep this key (symmetric) secret ?
• Either Alice and Bob meet in private
• Exchange the keys used for later communications

• Use special cryptographic key exchange protocol

• Diffie Hellman Key Exchange
Symmetric Cryptosystems
• Formal definition
Example:
• Let us design a small cryptosystem as follows:
• Let 𝒫 = 𝒞 = 𝒦 = {0, 1, 2}
• i.e., 𝒫 = 𝒞 = 𝒦 =3
• 𝐶 = 𝐸𝑘 𝑃 = 𝑃 + 𝑘 𝑚𝑜𝑑 3 𝑓𝑜𝑟 𝑘 ∈ {0,1,2}
• P = 𝐷𝑘 𝐶 = 𝐶 − 𝑘 𝑚𝑜𝑑 3 𝑓𝑜𝑟 𝑘 ∈ {0,1,2}

K=0 K=1 K=2

0 0 0 0 0 0
1 1 1 1 1 1
2 2 2 2 2 2
Facts about 𝑬𝑲 ()
• It is injective (one-to-one)
• i.e. EK(x1) = EK(x2) iff x1 = x2
Facts about 𝑬𝑲 ()
• It is injective (one-to-one)
• i.e. EK(x1) = EK(x2) iff x1 = x2
• Why?
• If not, then Bob does not know if the ciphertext came from x1 or x2
Some Traditional
Cryptosystems
Threat Model
Assumptions:
• Attacker has full knowledge of the encryption/decryption algorithm
• Attacker doesn’t know the secret key
Threat Model
Assumptions:
• Attacker has full knowledge of the encryption/decryption algorithm
• Attacker doesn’t know the secret key

• Aim of the attacker:

• Recover the secret key, or,
• Given the ciphertext, recover the original plaintext
even if the key is unknown
Shift Cipher
• Let 𝒫 = 𝒞 = 𝒦 = {Set of English Alphabets}
• i.e., 𝒫 = 𝒞 = 𝒦 = 26
• Algorithm - Shift each letter in the plaintext by a position specified by
the key to form the ciphertext
Shift Cipher
• Let 𝒫 = 𝒞 = 𝒦 = {Set of English Alphabets}
• i.e., 𝒫 = 𝒞 = 𝒦 = 26
• Algorithm - Shift each letter in the plaintext by a position specified by
the key to form the ciphertext
• Let k = 5
• i.e., shift each letter in the plaintext by 5 letters to the right
• E.g., Plaintext = I AM BOND
Ciphertext = N FR GTSI
Shift Cipher Cryptanalysis
• Let us suppose
Plaintext – i am bond
Ciphertext - l dp erqg
Shift Cipher Cryptanalysis
• Let us suppose
Plaintext – i am bond
Ciphertext - l dp erqg

• Can you guess the key ?

Shift Cipher Cryptanalysis
• Let us suppose
Plaintext – i am bond
Ciphertext - l dp erqg

• Can you guess the key ?

• Key = 3
Shift Cipher Cryptanalysis
• Let us suppose
Plaintext – i am bond
Ciphertext - l dp erqg

• Can you guess the key ?

• Key = 3
• You just broke Julius Caesar’s cipher ☺
How did we Cryptanalyze ?
• Try “shift of 1” to check if a valid plaintext is produced
• Else, try shift of 2, 3 etc.
• Only 26 key choices to test and try, breaking is super easy !!
How did we Cryptanalyze ?
• Try “shift of 1” to check if a valid plaintext is produced
• Else, try shift of 2, 3 etc.
• Only 26 key choices to test and try, breaking is super easy !!
• What we did here was to exhaustively search the keyspace
• Attack is known as BRUTE FORCE ATTACK
How did we Cryptanalyze ?
• Try “shift of 1” to check if a valid plaintext is produced
• Else, try shift of 2, 3 etc.
• Only 26 key choices to test and try, breaking is super easy !!
• What we did here was to exhaustively search the keyspace
• Attack is known as BRUTE FORCE ATTACK

• BUT IS BRUTE FORCE ATTACK ALWAYS POSSIBLE ??

Substitution Cipher
• Algorithm
• Substitute each letter in the plaintext by another letter specified by the key
m A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
k G Q B T X U L C H S R W V Z D E Y O K A M N J I F P
Substitution Cipher
• Algorithm
• Substitute each letter in the plaintext by another letter specified by the key
m A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
C
k G Q B T X U L C H S R W V Z D E Y O K A M N J I F P

 Plaintext : elementary dear watson

Ciphertext : xwxvxzagof txgo jgakdz
Substitution Cipher
• Algorithm
• Substitute each letter in the plaintext by another letter specified by the key
m A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
k G Q B T X U L C H S R W V Z D E Y O K A M N J I F P

 Plaintext : elementary dear watson

Ciphertext : xwxvxzagof txgo jgakdz

• Here, one mapping is one key itself !!!

Substitution Cipher
• How many key choices possible ?
• 26 x 25 x 24 x 23 x ..... = 26!
Substitution Cipher
• How many key choices possible ?
• 26 x 25 x 24 x 23 x ..... = 26!
• 26! = 288 approx. 1026 computations
• Practically impossible to do BRUTE FORCE ATTACK !!!
Substitution Cipher
• How many key choices possible ?
• 26 x 25 x 24 x 23 x ..... = 26!
• 26! = 288 approx. 1026 computations
• Practically impossible to do BRUTE FORCE ATTACK !!!
• So what does it mean … substitution cipher is unbreakable ??
• Unfortunately NO …
Substitution Cipher
• Frequency Analysis Technique
• Cipher is a monoalphabetic cipher
• Each plaintext letter is always going
to be replaced by the same ciphertext
letter
Substitution Cipher
• Frequency Analysis Technique
• Cipher is a monoalphabetic cipher
• Each plaintext letter is always going
to be replaced by the same ciphertext
letter
• Frequency of letters in plaintext is
preserved in the ciphertext
Substitution Cipher
• Frequency Analysis Technique
• Cipher is a monoalphabetic cipher
• Each plaintext letter is always going
to be replaced by the same ciphertext
letter
• Frequency of letters in plaintext is
preserved in the ciphertext
Substitution Cipher
• Frequency Analysis Technique
• Cipher is a monoalphabetic cipher
• Each plaintext letter is always going
to be replaced by the same ciphertext
letter
• Frequency of letters in plaintext is
preserved in the ciphertext
• E.g., if E(plaintext) -> D (ciphertext), then
D will be the most frequently occurring
letter in the ciphertext
• Analyze these mappings to find potential
substitutions
Substitution Cipher
• Frequency Analysis Technique
Frequently occurring 2-letter words
Frequently occurring 3-letter words
Frequently occurring 4-Letter Words
th, he, er, on, an, of, to, in, it, is, be, as, at,
so, we, he, by, or, do, if, me, my, up, an,
go, no, us, am
the, and, for, are, but, not, you, all, any,
can, had, her, was, one, our, out, day, get,
has, him, his, how, man, new, now, old,
see, two, way, who, boy, did, its, let, put,
say, she, too, use
that, with, have, this, will, your, from,
they, know, want, been, good, much,
some, time
Substitution Cipher
• Frequency Analysis Technique
• Correlate most frequently observed letter in ciphertext with most
frequent letter in english language , then second most frequent and
so on …
LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFE
MVEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIMWQL
MGLMXQERIWGPSRIHMXQEREKIETXMJTPRGEVEKEITR
EWHEXXLEXXMZITWAWSQWXSWEXTVEPMRXRSJGSTVRI
EYVIEXCVMUIMWERGMIWXMJMGCSMWXSJOMIQXLIVIQ
IVIXQSVSTWHKPEGARCSXRWIEVSWIIBXVIZMXFSJXL
IKEGAEWHEPSWYSWIWIEVXLISXLIVXLIRGEPIRQIVI
IBGIIHMWYPFLEVHEWHYPSRRFQMXLEPPXLIECCIEVE
WGISJKTVWMRLIHYSPHXLIQIMYLXSJXLIMWRIGXQER
OIVFVIZEVAEKPIEWHXEAMWYEPPXLMWYRMWXSGSWRM
HIVEXMSWMGSTPHLEVHPFKPEZINTCMXIVJSVLMRSCM
WMSWVIRCIGXMWYMX
Substitution Cipher
• Frequency Analysis Technique
• Correlate most frequently observed letter in ciphertext with most
frequent letter in english language , then second most frequent and
so on …
LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFE Frequency Analysis of Ciphertext:
MVEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIMWQL
MGLMXQERIWGPSRIHMXQEREKIETXMJTPRGEVEKEITR I – Most common letter
EWHEXXLEXXMZITWAWSQWXSWEXTVEPMRXRSJGSTVRI XL – Most common bigram
EYVIEXCVMUIMWERGMIWXMJMGCSMWXSJOMIQXLIVIQ
IVIXQSVSTWHKPEGARCSXRWIEVSWIIBXVIZMXFSJXL XLI – Most common trigram
IKEGAEWHEPSWYSWIWIEVXLISXLIVXLIRGEPIRQIVI E – Third most common letter
IBGIIHMWYPFLEVHEWHYPSRRFQMXLEPPXLIECCIEVE
WGISJKTVWMRLIHYSPHXLIQIMYLXSJXLIMWRIGXQER
OIVFVIZEVAEKPIEWHXEAMWYEPPXLMWYRMWXSGSWRM
HIVEXMSWMGSTPHLEVHPFKPEZINTCMXIVJSVLMRSCM
WMSWVIRCIGXMWYMX
Substitution Cipher
• Frequency Analysis Technique
• Correlate most frequently observed letter in ciphertext with most
frequent letter in english language , then second most frequent and
so on …
LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFE Frequency Analysis of Ciphertext:
MVEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIMWQL
MGLMXQERIWGPSRIHMXQEREKIETXMJTPRGEVEKEITR I – Most common letter
EWHEXXLEXXMZITWAWSQWXSWEXTVEPMRXRSJGSTVRI XL – Most common bigram
EYVIEXCVMUIMWERGMIWXMJMGCSMWXSJOMIQXLIVIQ
IVIXQSVSTWHKPEGARCSXRWIEVSWIIBXVIZMXFSJXL XLI – Most common trigram
IKEGAEWHEPSWYSWIWIEVXLISXLIVXLIRGEPIRQIVI E – Third most common letter
IBGIIHMWYPFLEVHEWHYPSRRFQMXLEPPXLIECCIEVE
WGISJKTVWMRLIHYSPHXLIQIMYLXSJXLIMWRIGXQER
OIVFVIZEVAEKPIEWHXEAMWYEPPXLMWYRMWXSGSWRM By Frequency Mapping:
HIVEXMSWMGSTPHLEVHPFKPEZINTCMXIVJSVLMRSCM I→E
WMSWVIRCIGXMWYMX
XL → TH
XLI → THE
E→A
Substitution Cipher
• Frequency Analysis Technique
• Correlate most frequently observed letter in ciphertext with most
frequent letter in english language , then second most frequent and
so on …
heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePF
aMVaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReM
WQhMGhMtQaReWGPSReHMtQaRaKeaTtMJTPRGaVaK
aeTRaWHatthattMZeTWAWSQWtSWatTVaPMRtRSJ
GSTVReaYVeatCVMUeMWaRGMeWtMJMGCSMWtSJOMe
QtheVeQeVetQSVSTWHKPaGARCStRWeaVSWeeBtV
eZMtFSJtheKaGAaWHaPSWYSWeWeaVtheStheVthe
RGaPeRQeVeeBGeeHMWYPFhaVHaWHYPSRRFQMtha
PPtheaCCeaVaWGeSJKTVWMRheHYSPHtheQeMYhtS
JtheMWReGtQaROeVFVeZaVAaKPeaWHtaAMWYaPP
thMWYRMWtSGSWRMHeVatMSWMGSTPHhaVHPFKPaZe
NTCMteVJSVhMRSCMWMSWVeRCeGtMWYMt
Substitution Cipher
• Frequency Analysis Technique
• Correlate most frequently observed letter in ciphertext with most
frequent letter in english language , then second most frequent and
so on …
heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePF Other Possibilities:
aMVaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReM heVe → here
WQhMGhMtQaReWGPSReHMtQaRaKeaTtMJTPRGaVaK
aeTRaWHatthattMZeTWAWSQWtSWatTVaPMRtRSJ Rtate → State
GSTVReaYVeatCVMUeMWaRGMeWtMJMGCSMWtSJOMe atthattMZe → at that time
QtheVeQeVetQSVSTWHKPaGARCStRWeaVSWeeBtV
eZMtFSJtheKaGAaWHaPSWYSWeWeaVtheStheVthe
RGaPeRQeVeeBGeeHMWYPFhaVHaWHYPSRRFQMtha By Frequency Mapping:
PPtheaCCeaVaWGeSJKTVWMRheHYSPHtheQeMYhtS
JtheMWReGtQaROeVFVeZaVAaKPeaWHtaAMWYaPP I→E V -> R
thMWYRMWtSGSWRMHeVatMSWMGSTPHhaVHPFKPaZe XL → TH R -> S
NTCMteVJSVhMRSCMWMSWVeRCeGtMWYMt
XLI → THE M -> I
E→A Z -> M