Professional Documents
Culture Documents
MN502 Lecture 3 Basic Cryptography
MN502 Lecture 3 Basic Cryptography
MN502 Lecture 3 Basic Cryptography
MN502
• Define cryptography
• Explain different types of cryptographic
algorithms
• Describe hash, symmetric, and asymmetric
cryptographic algorithms
• Explain different cryptographic attacks
• List the various ways in which cryptography is
used
March 2018 Compiled by: Dr Fariza Sabrina 3
What is Cryptography?
• Cryptography
– Scrambling information so it cannot be read
– Transforms information into secure form so
unauthorized persons cannot access it
• Steganography
– Hides the existence of data
– An image, audio, or video file can contain hidden
messages embedded in the file
– Achieved by dividing data and hiding in unused portions
of the file
• Encryption
– Changing original text into a secret message using cryptography
• Decryption
– Changing secret message back to original form
• Plaintext
– Unencrypted data to be encrypted or is the output of decryption
• Ciphertext
– The scrambled and unreadable output of encryption
• Cleartext data
– Data stored or transmitted without encryption
• Hash algorithms
– Creates a unique “digital fingerprint” of a set of data and is commonly called
hashing
– This fingerprint, called a digest (sometimes called a message digest or hash),
represents the contents
– Its contents cannot be used to reveal original data set
– Is primarily used for comparison purposes
• Hashing is often used as a check to verify that the original contents of an item has not
been changed
• Important principles
– Key pairs
– Public key
– Private key
– Both directions - keys can work in both directions
• R SA
– Published in 1977 and patented by MIT in 1983
– Most common asymmetric cryptography algorithm
– Uses two large prime numbers
• Downgrade Attack
– A threat actor forces the system to abandon the current higher security
mode of operation and instead “fall back” to implementing an older and
less secure mode
• Improper Implementation
– Known as misconfiguration implementation
– Many cryptographic algorithms have several configuration options
– Unless careful consideration is given to these options the cryptography
may be improperly implemented
• This includes:
– Individual files
– Databases
– Removable media
– Data on mobile devices
“National Meteorological Services (NMS) offers in-depth weather forecasting services to airlines,
trucking firms, event planners, and other organizations that need the latest and most accurate
weather forecasting services. NMS has discovered that their forecast information, which was
being sent out as email attachments to its customers, was being freely distributed without NMS’s
permission, and in some instances was being resold by their competitors. NMS wants to look into
encrypting these weather forecast documents, but is concerned that its customers may find
decrypting the documents cumbersome. The company also wants to provide to their customers a
level of assurance that these documents originate from NMS and have not been tampered with”
[1]. As a technology student you were asked to help NMS proving different solutions for the
above mentioned case.
1. What are the different types of encryption suitable for NMS’s case? Include the advantages
and disadvantages of each in your discussion.
2. What would be your recommendation regarding meeting their needs for encryption?
3. What actions you believe would be best for the company to take?
Reference:
[1] M. Ciampa, "Introduction to Security," in Security+ Guide to Network Security Fundamentals, 5th ed.,
Cengage, 2015.