Chapter 4: Security Techniques

M a r c h 17, 2020
Security Techniques

Some Basic Terminology

Plaintext - original message
Ciphertext - coded message
Cipher - algorithm for transforming plaintext to ciphertext Key -
info used in cipher known only to sender/receiver Encipher
(encrypt) - converting plaintext to ciphertext Decipher
(decrypt) - recovering plaintext from ciphertext Cryptography
- study of encryption principles/methods
Cryptanalysis (codebreaking) - study of principles/methods of
deciphering ciphertext without knowing key
Cryptology - field of both cryptography and cryptanalysis
Security Techniques
CRYPTOGRAPHY
Cryptography is a method of protecting information and
communications through the use of codes so t hat only those for
whom the information is intended can read and process it.
The two widely accepted and used cryptographic methods are:

Symmetric
Also called private key or single-key or convectional key
Only one key is used to encrypt and decrypt data.
The key should be distributed before transmission between entities.
Keys play an important role.
If weak key is used in algorithm then everyone may decrypt the
data.
Strength of Symmetric key encryption depends on the size of key
used.
For the same algorithm, encryption using longer key is harder to
break than the one done using smaller key.
DES, AES, Ceaser cipher,
Security Techniques

CRYPTOGRAPHY
Asymmetric
Also called public key cryptography.
These algorithms use two keys in contrast to symmetric algorithms
which uses only one key.
Public key algorithm relies on one key for encryption and a different
but related key for decryption.
The two major reasons which made public key cryptography
algorithms:-
Key distribution and
Key generation
These algorithms are based on mathematical calculations rather
than substitution and permutations like the symmetric
cryptosystem.
Security Techniques

Encryption
Encryption: The process of transforming plain text or data into
cipher text that cannot be read by anyone other than the sender
and receiver
Purpose:
Secure stored information
Secure information transmission
Provides:

5 / 106
Security Techniques

Encryption
Encryption: The process of transforming plain text or data into
cipher text that cannot be read by anyone other than the sender
and receiver
Purpose:
Secure stored information
Secure information transmission
Provides:
Message integrity

5 / 106
Security Techniques

Encryption
Encryption: The process of transforming plain text or data into
cipher text that cannot be read by anyone other than the sender
and receiver
Purpose:
Secure stored information
Secure information transmission
Provides:
Message integrity
Confidentiality

5 / 106
Security Techniques

Symmetric Cipher Model

CRYPTOGRAPHY

Requirements
two requirements for secure use of symmetric encryption:
a strong encryption algorithm
a secret key known only to sender/receiver
Security Techniques

Stream Ciphers and Block Ciphers

A stream cipher is one t hat encrypts a digital data stream one
bit or one byte at a time.
Example: Auto keyed Vigenre cipher and the Ceaser cipher
A block cipher is one in which a block of plaintext is treated as
a whole and used to produce a ciphertext block of equal length.
Example: Playfair cipher and DES
Security Techniques

Classical Substitution and Transposition Ciphers

Substitution cipher is a method of encrypting by which units of
plaintext are replaced with ciphertext
Where letters of plaintext are replaced by other letters or by
numbers or symbols
Or if plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit
patterns
In a transposition cipher, the units of the plaintext are
rearranged in a different and usually quite complex order
Security Techniques

Characteristics of cryptographic system

Characterize cryptographic system by:
1 type of encryption operations used
substitution / transposition / product
2 number of keys used
single-key or private / two-key or public
3 way in which plaintext is processed
block / stream
Security Techniques

Cryptanalysis
objective to recover key not just message
There are two general approaches:
Cryptanalytic attack
Rely on the nature of the algorithm plus perhaps some knowledge of the general
characteristics of the plaintext
Brute-force attack
Try every possible key on a piece of ciphertext until an intelligible translation
into plaintext is obtained.
On average,half of all possible keys must be tried to achieve success.
Security Techniques

Caesar Cipher
earliest known substitution cipher
by Julius Caesar
first attested use in military
affairs
The core idea is to replace one basic unit (letter/byte) with
another
replaces each letter by 3rd letter on
Then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
P = D(c) = (c - k) mod (26)
Security Techniques

Example meet me after the toga party

Plaintext: meet me after the toga party
Key: 3
Ciphertext:PHHW PH DIWHU W KH W R J D SDUWB
Can define transformation as:
a b cd efgh ij k lm n op q r st u v wx y z
DE F G HIJ K LM NO P Q R ST UVW XYZABC
Mathematically give each letter a number
a b cd efgh ij k lm n op q r st u v wx y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
24 25
Security Techniques

Encryption example
Exercise. 1: Information encrypted using key f
Plaintext: Information
Key: f
Ciphertext:???????

Decryption example
Exercise. 2: ”GCUA VQ DTGCM” decrypted using key C
Key: C
Ciphertext:GCUA VQ DTGCM
Plaintext:???????
Security Techniques

Cryptanalysis of Caesar Cipher

With a Caesar cipher, there are only 26 possible keys, of which
only 25 are of any use, since mapping A to A etc.
Can try each of the keys (shifts) in turn, until can recognize the
original message
Security Techniques
Play fair Cipher
One approach to improving security was to encrypt multiple
letters.
If just map one letter always to another, the frequency distribution
is just shuffled.
One approach is to encrypt more than one letter at once.
The Playfair algorithm is based on the use of a 5x5 matrix of
letters constructed using a keyword.
The rules for filling in this 5x5 matrix are:
Fill in letters of keyword
Fill rest of matrix with other letters
eg. using the keyword MONARCHY
Security Techniques

Encrypting and Decrypting

Plaintext is encrypted two letters at a time
If a pair is a repeated letter, insert filler like ’X
If both letters fall in the same row, replace each with letter to
right (wrapping back to start from end)
If both letters fall in the same column, replace each with the letter
below it (again wrapping to top from bottom)
Otherwise each letter is replaced by the letter in the same row and
in the column of the other letter of the pair
Security Techniques

Security of Playfair Cipher

Security much improved over Ceaser cipher
Since have 26 x 26 = 676 digrams
Would need a 676 entry frequency table to analyse (verses 26 for a
monoalphabetic)
Security Techniques

Example for playfair Plaintext:

Why dont you Key:
Keyword
Ciphertext:??????????
Security techniques

Vigenere cipher
Proposed by Blaise de Vigenere
works by using a key and replacing plain text letters for cipher
text letters according to the key
Vigeneres cipher assigned a number to each of the letters in the
alphabet
And then used the value of each letter in the key to add to the
value of each letter in the plain text, to obtaining the cipher text
This process was repeated for each letter in the plain text using
the next letter in the key, and repeating the key as many times as
needed to compensate for the length of the plain text.
Security techniques

Vigenere cipher
A key was constructed for each message, instead of the Caesar
cipher, which used the same key for each message, making it more
secure.
By creating a keyword with multiple letters instead of just a single
letter rotation for the entire message
Write the plaintext out and the keyword repeated above it.
Example: Plain text: Cryptography
Key: Luck
Cipher text: nlazeiibljji
Exercise: Encrypt the ff message using keyword deceptive
Plaintext: We are discovered to save yourself
Key: deceptive
Security techniques

Security of Vigenere cipher

To obtain the plain text from the cipher text by brute-force
methods, trying all possible combinations, would take a very long
time because the size of the key is not known.
So, to attempt every possible keyword you would need to start
with words that are of size 1, then words of size 2 (meaning begin
with words that are one letter in length, then words of two letters
in length), and so on.
Attempting to crack this cipher would require going through all 26
letters in the alphabet with all different sizes of combinations up to
the total size of the message
Security techniques
Autokey Cipher
Vigenre proposed the Autokey cipher with keyword is prefixed to
message as key.
A keyword is concatenated with the plaintext itself to provide a
running key.
Knowing keyword can recover the first few letters use these in turn
on the rest of the message
When deciphering, recover the first letters using the keyword.
Then instead of repeating the keyword, start using the recovered
letters from the message
Eg.1 Given key deceptive
Key: d e c e p t i v e w e a r e d i s c o v e r e d s a v
PT: w e a r e d i s c o v e r e d s a v e y o u r s e l f
Ciphertext: z i c v t w q n g k z e i i g a s x s t s l v v
wla
Security Techniques

Autokey cipher
Exercise 1: Encrypt the ff message
PT: Authokey cipher
Key: key
Ciphertext: ??????
Exercise 2:
Decrypt the ff
message
CT: EOA
Key:Lhw
Security Techniques

Hill Cipher
Developed by the mathematician Lester Hill.
Concepts from linear algebra and requires elementary
understanding of matrix.
It also make use of Modulo arithmetic.
Because of this the cipher has a significantly more mathematical
nature.
The Hill cipher is an example of a block cipher.
The substitution is determined by M linear equations in which
each character is assigned a numerical value (a = 0, b = 1 z=25).
For, M = 2 the algorithm can be described as:
C1 = (K11P1 + K12P2)mod (26)
C2 = (K21P1 + K22P2)mod (26)
Security Techniques

(C1 C2) = (P1P2) mod (26)

C = P K mod(26)

Encryption using Hill Cipher

1 Turn the keyword into a key matrix.
2 Also turn the pt into column vectors.
3 Then perform matrix multiplication
4 modulo on each vector.
Then convert these vectors back into letters to produce the
ciphertext.
C = P*K mod(26)
Security techniques
Decryption using Hill Cipher
1 Find the inverse key matrix
1 Find the multiplicative inverse of the determinants
Determinant is a number that relates directly to the entries of the matrix.
It is founded by multiplying the top left number by the bottom right number
and subtracting from this the product of the top right number and bottom left
number.
Now we have to find the multiplicative inverse of the determinant working
modulo 26.
That is the number between 1 and 25 that gives an answer of 1 when we
multiply it by the determinant.
2 Find the adjugate matrix
Is just moving the elements to different positions and changing a couple of
signs.
That is we swap the top left and bottom right numbers in the key matrix, and
change the sign of the top right and bottom left numbers. Add 26 to the
negative values
3 Multiply the Multiplicative inverse of the determinant by the
M a r c h 17 , 20 20 27 / 106
Security techniques

Decryption using hill cipher

1 Then multiply the inverse key matrix by the column vectors ( C T
vectors)
2 Take the results modulo the length of the alphabet
3 Finally convert the number back to letter.

P = C*K-1 mod(26)
Security techniques

Example for hill cipher

Pt: Short example
Key: Hill and a key matrix 2*2 matrix
CT:??????
Exercise: Decrypt the following ciphertext
Ciphertext: T F T W L F J
QUIZ

Question1. Given Keyword QUEEN decrypt the following

ciphertext by using Authokey cipher
Ct: QNXEPKMAEGKLAAELDTPDLHN
Security techniques

Transposition Ciphers
Is the second basic building block of ciphers.
The core idea is to rearrange the order of basic units
(letters/bytes/bits) without altering their actual values.
These hide the message by rearranging the letter order.
Without altering the actual letters used.
Security techniques

Rail Fence cipher

The plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows.
Write message letters out diagonally over a number of rows
Then read off cipher row by row

Encryption
First you need to have a key which is for this cipher the number of
depth you are going to have and the size of plaintext.
Then start writing the letters of the plaintext diagonally down to
the right until you reach the number of rows specified by the key.
Then go back to diagonally until you hit the first row again.
Continue until the end of the plaintext.
Example: ”Defend the east wall” with a depth of 3.
Security techniques

Decryption
Decryption process involves reconstructing the diagonal grid used
to encrypt the message.
We start by making the grid with as many rows as the keys is and
as many columns as the length of the ciphertext.
We then place the first letter in the top left square and dashes
diagonally downwards where the letters will be.
When we get back to the top row, place the next letter in the
ciphertext.
Continue like this across the row and start the next row when you
reach the end.
Then read the plaintext by following the diagonals.
Example: ”TEKHRACIEATANYTG” with a depth of 4.
Security techniques

Exercise
Exercise: ”They are attacking from the north” with a depth of 4.
Exercise: ”TEKOOHRACIRMNREATANFTETYTGHH” with a
depth of 4
Security techniques

Row Transposition Ciphers

Write letters of message out in rows over a specified number of
columns
Plaintext is written row by row in a rectangle.
Then write out the columns in an order specified by key to
produce a ciphertext
Example: Attack postponed until two am.
Key: 3 4 2 1 5 6 7
Ciphertext: AP TM TTNA AODW TSUO
COIX KNLX P E T X
Security techniques
Row Transposition Decryption
You must have to now the length of the ciphertext and keyword.
Then divide the length of the ciphertext by the length of the
keyword.
The answer to this is the number of rows you need to add to the
grid.
You then write the ciphertext down the first column until you
reach the last row.
Then read row by row
Example: Decrypt the following ciphertext
Ct:PENGD LLTAH TFAXT ENHMW XOIIA IEXOS THEYL
ARESA SX
Keyword: COLUMN
Pt: potatoes are in the nightshade family as well
Security techniques

Data Encryption Standard (DES)

Most widely used block cipher in world
Adopted in 1977 by National Bureau of Standards(NBS) (now
NIST)
Encrypts 64-bit data using 56-bit key
As with any encryption scheme, there are two inputs to the
encryption function:
The plaintext to be encrypted and
The key.
In this case, the plaintext must be 64 bits in length and
The key is 56 bits in length.
Security techniques

Data Encryption Standard (DES)

Security techniques

Initial Permutation IP
First step of the data computation
Defined by tables
The input to a table consists of 64 bits numbered left to right from
1 to 64.
The 64 entries in the permutation table contain a permutation of
the numbers from 1 to 64.
Each entry in the permutation table indicates the position of a
numbered input bit in the output, which also consists of 64 bits.
Example:0123456789ABCDEF
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010
1010 1111 0000 1010 1010 (CC00CCFFF0AAF0AA)
Security techniques

Initial Permutation IP
Security techniques

Inverse Initial Permutation

Security techniques

Expansion Permutation (E)

Security techniques

Permutation Function (P)

Security techniques

S-BOX
Security techniques

Permuted Choice One (PC-1)

Security techniques

DES Round Structure

Illustrates the internal structure of the DES round function F.
Uses two 32-bit L & R halves
As for any Feistel cipher can describe as:

Ln = Rn-1
Rn = Ln-1 + f(Rn-1,Kn)
F takes 32-bit R half and 48-bit subkey:
Expands R to 48-bits using perm E
The resulting 48 bits are XORed with
Ki
This 48-bit result passes through 8 S-boxes to get 32-bit
result(each map 6 input bits to 4 output bits)
Finally permutes using 32-bit perm P
Security techniques

Function f Structure
Security techniques

Substitution Boxes S
have eight S-boxes which map 6 to 4 bits
each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one row of 4
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
row selection depends on both data & key
Security techniques

DES Key Schedule

Forms subkeys used in each round
Initial permutation of the key (PC1) which selects 56-bits in two
28-bit halves
16 stages consisting of:
Rotating each half separately either 1 or 2 places depending on the
key rotation schedule K
Selecting 24-bits from each half & permuting them by PC2 for use
in round function F
Security techniques

DES Example
Example: Let M be the plain text message M =
0123456789ABCDEF
Rewriting M in binary format, we get the 64-bit block of text:
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111
And K be the hexadecimal key K = 133457799BBCDFF1
K = 00010011 00110100 01010111 01111001 10011011 10111100
11011111 11110001
The DES algorithm uses the following steps:
Security techniques
DES Example
Step 1: Create 16 subkeys, each of which is 48-bits long.
The 64-bit key is permuted according to the following table, PC-1.
Since the first entry in the table is ”57”, this means t hat the 57th
bit of the original key K becomes the first bit of the permuted key
K+.
The 49th bit of the original key becomes the second bit of the
permuted key. The 4th bit of the original key is the last bit of the
permuted key.
Note only 56 bits of the original key appear in the permuted key.
Security techniques

DES Example
From the original 64-bit key
K = 00010011 00110100 01010111 01111001 10011011 10111100
11011111 11110001
we get the 56-bit permutation
K + = 1111000 0110011 0010101 0101111 0101010 1011001
1001111 0001111
Next, split this key into left and right halves, C0 and D0, where
each half has 28 bits.
From the permuted key K + , we get
C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
With C0 and D0 defined, we now create sixteen blocks Cn and
Dn
Security techniques

DES Example
Each pair of blocks Cn and Dn is formed from the previous pair
Cn-1 and Dn-1, respectively, for n = 1, 2, ..., 16,
using the following schedule of ”left shifts” of the previous block.
To do a left shift, move each bit one place to the left, except for
the first bit, which is cycled to the end of the block.
Security techniques

DES Example
To do a left shift, move each bit one place to the left, except for
the first bit, which is cycled to the end of the block.
This means, for example, C3 and D3 are obtained from C2 and
D2, respectively, by two left shifts, and C16 and D16 are obtained
from C15 and D15, respectively, by one left shift.
From original pair pair C0 and D0 we obtain:
C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111
C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110
Security techniques
DES Example
We now form the keys Kn, by applying the following permutation
table to each of the concatenated pairs CnDn.
Each pair has 56 bits, but PC-2 only uses 48 of these.

Therefore, the first bit of Kn is the 14th bit of CnDn, the second
bit the 17th, and so on
C1D1 = 1110000 1100110 0101010 1011111 1010101 0110011
0011110 0011110
K1 = 000110 110000 001011 101111 111111 000111 000001
110010
Security techniques
DES Example
Step 2: Encode each 64-bit block of data
So much for the subkeys. Now we look a t the message itself.
There is an initial permutation IP of the 64 bits of the message
data M.
This rearranges the bits according to the following table, where
the entries in the table show the new arrangement of the bits from
their initial order.
The 58th bit of M becomes the first bit of IP.
The 50th bit of M becomes the second bit of IP.
The 7th bit of M is the last bit of IP.
Security techniques

DES Example
Applying the initial permutation to the block of text M, given
previously, we get
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000
1010
1010 1111 0000 1010 1010
Here the 58th bit of M is ”1”,which becomes the first bit of IP.
The 50th bit of M is ”1”,which becomes the second bit of IP.
Next divide the permuted block IP into a left half L0 of 32 bits,
and a right half R0 of 32 bits.
From IP, we get L0 and R0
L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
Security techniques

DES Example
We now proceed through 16 iterations, using a function f which
operates on two blocks: a data block of 32 bits and a key Kn of 48
bits–to produce a block of 32 bits.
Then for n going from 1 to 16 we calculate

Ln = Rn-1
Rn = Ln-1 + f(Rn-1,Kn)
This results in a final block, for n = 16, of L16R16.
T ha t is, in each iteration, we take the right 32 bits of the previous
result and make them the left 32 bits of the current step.
For the right 32 bits in the current step, we XOR the left 32 bits
of the previous step with the calculation f .
Security techniques

DES Example
For n = 1, we have
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0 + f(R0,K1)
To calculate f, we first expand each block Rn-1 from 32 bits to 48
bits.
This is done by using a expansion table that repeats some of the
bits in Rn-1.
Thus E(Rn-1) has a 32 bit input block, and a 48 bit output
block.
Security techniques

DES Example

Thus the first three bits of E(Rn-1) are the bits in positions 32, 1
and 2 of Rn-1 while the last 2 bits of E(Rn-1) are the bits in
positions 32 and 1.
We calculate E(R0) from R0 as follows:
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
E(R0) = 011110 100001 010101 010101 011110 100001 010101
010101
Security techniques

DES Example
(Note that each block of 4 original bits has been expanded to a
block of 6 output bits.)
Next in the f calculation, we XOR the output E(Rn-1) with the
key Kn:
Kn + E(Rn-1)
For K1 , E(R0), we have
K1 = 000110 110000 001011 101111 111111 000111 000001
110010
E = 011110 100001 010101 010101 011110 100001 010101
010101
= 011000 010001 011110 111010 100001 100110 010100 100111
Security techniques

DES Example
To this point we have expanded Rn-1 from 32 bits to 48 bits, using
the selection table, and XORed the result with the key Kn.
We now have 48 bits, or eight groups of six bits.
We now do something strange with each group of six bits:
we use them as addresses in tables called ”Sboxes”.
Each group of six bits will give us an address in a different S box.
Located at t hat address will be a 4 bit number.
This 4 bit number will replace the original 6 bits. Write
the previous result, which is 48 bits, in the form:
Kn + E(Rn-1) =B1B2B3B4B5B6B7B8,
where each Bi is a group of six bits. We now calculate
Security techniques
DES Example
S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)

where Si(Bi) referres to the output of the i-th S box

To repeat, each of the functions S1, S2,..., S8, takes a 6-bit block
as input and yields a 4-bit block as output.
The table to determine S1 is shown and explained below:

If S1 is the function defined in this table and B is a block of 6 bits,

then S1(B) is determined as follows:
Security techniques

DES Example
The first and last bits of B represent 2 a number in the decimal
range 0 to 3 (or binary 00 to 11)
Let that number be i.
The middle 4 bits of B represent a number in the decimal range 0
to 15 (binary 0000 to 1111).
Let that number be j.
Look up in the table the number in the i-th row and j-th column.
It is a number in the range 0 to 15 and is uniquely represented by
a 4 bit block.
For example, for input block B = 011011 the first bit is ”0” and
the last bit ”1” giving 01 as the row.
This is row 1.
The middle four bits are ”1101”.
Security techniques
DES Example
This is the binary equivalent of decimal 13, so the column is
column number 13.
In row 1, column 13 appears 5.
This determines the output; 5 is binary 0101, so t hat the output is
0101.
Hence S1(011011) = 0101.
The tables defining the functions S1,...,S8 are the following:
Security techniques

DES Example
For the first round, we obtain as the output of the eight S boxes:
K1 + E(R0) = 011000 010001 011110 111010 100001 100110
010100 100111.
S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101
1100 1000 0010 1011 0101 1001 0111
The final stage in the calculation of f is to do a permutation P of
the S-box output to obtain the final value of f:
f = P(S1(B1)S2(B2)...S8(B8))
The permutation P is defined in the following table.
P yields a 32-bit output from a 32-bit input by permuting the bits
of the input block.
Security techniques
DES Example

From the output of the eight S boxes:

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101
1100 1000 0010 1011 0101 1001 0111
we get
f = 0010 0011 0100 1010 1010 1001 1011 1011
R1 = L0 + f(R0 , K1 )
= 1100 1100 0000 0000 1100 1100 1111 1111
+ 0010 0011 0100 1010 1010 1001 1011 1011
= 1110 1111 0100 1010 0110 0101 0100 0100
Security techniques

DES Example
In the next round, we will have L2 = R1, which is the block we
just calculated, and then we must calculate R2 =L1 + f(R1, K2),
and so on for 16 rounds.
At the end of the sixteenth round we have the blocks L16 and R16.
We then reverse the order of the two blocks into the 64-bit block
R16L16
and apply a final permutation IP-1.
Decryption is simply the inverse of encryption, follwing the same
steps as above, but reversing the order in which the subkeys are
applied.
Security techniques

Asymmetric cryptosystem
Private Key Cryptography
Traditional private/secret/single key cryptography uses one key
Shared by both sender and receiver.
if this key is disclosed communications are compromised
also is symmetric, parties are equal
Asymmetric encryption is a form of cryptosystem in which
encryption and decryption are performed using the different keys
one a public key and one a private key.
It is also known as public key encryption.
Security techniques

Asymmetric cryptosystem
Asymmetric encryption transforms plaintext into ciphertext using
a one of two keys and an encryption algorithm.
Using the paired key and a decryption algorithm, the plaintext is
recovered from the ciphertext.
Public key cryptography solves symmetric key encryption problem
of having to exchange secret key
Uses two mathematically related digital keys public key (widely
disseminated) and private key (kept secret by owner)
Both keys are used to encrypt and decrypt message
Once key is used to encrypt message, same key cannot be used to
decrypt message
For example, sender uses recipients public key to encrypt message;
recipient uses his/her private key to decrypt it
Security techniques

Asymmetric cryptosystem
Public-key/two-key/asymmetric cryptography involves the use of
two keys:
a public-key, which may be known by anybody, and can be used to
encrypt messages, and verify signatures
a private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures cannot decrypt
messages or create signatures
Security techniques

RSA
The algorithm is named after its inventors Ron Rivest, Adi Shamir
and Leonardo Adleman
Uses two keys a public and a private key
Asymmetric since parties are not equal
Uses clever application of number theoretic concepts to function
The plaintext and ciphertext are integers between 0 and n - 1
RSA makes use of an expression with exponentials
Security techniques

RSA
For some plaintext block M and ciphertext block C

Both sender and receiver must know the value of n.

The sender knows the value of e, and only the receiver knows the
value of d.
Thus, this is a public-key encryption algorithm with a public key
of P U = e, n and a private key of P R = d, n
Security techniques

RSA
The keys were generated as follows
1 Choose two distinct prime numbers p and q.
For security purposes, the integers p and q should be chosen a t
random, and should be similar in magnitude but differ in length by
a few digits to make factoring harder.
prime numbers only have divisors of 1 and self
they cannot be written as a product of other numbers
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime integers can be efficiently found using a
2 primality test
Compute n = pq.
n is used as the modulus for both the public and
private keys.
Security techniques

RSA
1 Totient(n) = (p - 1)(q - 1)
2 Choose an integer e such that 1 < e < Totient(n) and gcd(e,
Totient(n)) = 1.
Select e such th a t e is relatively prime to Totient(n)
Two numbers a, b are relatively prime if have no common divisors
apart from 1
And less than Totient(n)
3 Determine d as d = e - 1 (mod Totient(n)); i.e., d is the modular
multiplicative inverse of e modulo Totient(n).
This means: solve for d the equation d*e = 1 (mod Totient(n)).
e is released as the public key exponent.
d is kept as the private key exponent.
Security techniques

RSA Example
Example: Encrypt the following plaintext message M =88 using
RSA algorithm. Assume the value of p = 17 and q = 11.
Exercise: p = 7 and q = 11, e = ?, d = ?
Encrypt M = 8
Security techniques

Hash function
Cryptographic hash function is a mathematical algorithm t hat
maps an arbitrary size of data to a fixed length of data.
Used to ensure the data integrity.
Well-known examples: MD2, MD4, MD5, SHA
The values returned by hash function are called as hash values A
hash value is generated by a function H of the form h = H(M)
Where M is a variable-length message and H(M) is the fixed-length
hash value.
The hash value is appended to the message a t the source.
The receiver authenticates tha t message by re-computing the hash
value.
Security techniques

Hash function
The hash function itself is not considered to be secret, some means
is required to protect the hash value.
Cryptographic hashing algorithms can receive any kind of input.
However, a hash function will always produce a fixed-length
output.
Regardless of what the input is, the output will be an
alphanumeric code of fixed length.
Security techniques

Hash function
Security techniques

Hash function
All hash functions operate using the following general principles.
The input (message, file, etc.) is viewed as a sequence of n-bit
blocks.
The input is processed one block at a time in an iterative fashion
to produce an n-bit hash function.
One of the simplest hash functions is the bit-by-bit exclusive-OR
(XOR) of every block.
This can be expressed as follows:
Ci = bi1 bi2 bim
Security techniques

Requirements for Hashing Function

A good cryptographic hash function h should have the following
properties:
H can be applied to a block of data of any size
H produces a fixed-length output
H(x) is relatively easy to compute for any given
x
For any given code h, it is computationally infeasible to find x
such t hat H(x) = h. This is sometimes referred to as the one-way
property.
It is computationally infeasible to find any pair (x, y) such tha t
H(x) = H(y). This is sometimes referred to as strong collision
resistance.
Security techniques

Digital Signatures
Message authentication protects two parties who exchange
messages from any third party.
However, it does not protect the two parties against each
other.
A digital signature is analogous to the handwritten signature, and
provides a set of security capabilities t hat would be difficult to
implement in any other way.
Security techniques

Characteristics of digital signatures

1 Authenticity: the signature convinces the documents recipient t hat
the signer deliberately signed the document.
2 Signature is unforgeable: the signature is a proof that the signer,
no one else, deliberately signed the document.
3 Signature is not reusable: the signature is part of the document,
cannot move the signature to a different document.
4 The signed document is unalterable:- after the document is signed,
it cannot be altered
5 The signature cannot be repudiated: the signer cannot later claim
t hat he or she didnt sign it.
Security techniques

Importance of digital signature

Formally, giving your signature to a document provides the
following services:
1 authentication
2 integrity:- the message cannot be altered after it is signed.
3 proof of origin:- anyone reading the document is sure you signed it.
4 non-repudiation:- a t a later date, you cannot deny signing it.
The recipient of your signed document is assured of these services
by the fact that your pen flourish is unique, and hard to forge.
Security techniques

Singing Documents with Public-Key Cryptography

In some algorithms such as RSA either the public key or the
private key can be used for encryption
Encrypt a document using your private key, and you have a secure
digital signature.
The basic protocol is as follows
1 Alice encrypts the document with her private key, thereby signing
the document
2 Alice sends the signed document to Bob
3 Bob decrypts the document with Alices public key, thereby
verifying the signature
Since public-key algorithms are often inefficient to sign long
documents, digital signature protocols are often implemented with
one-way hash functions.
Security techniques

Singing Documents with Public-Key Cryptography and One-Way Hash

Functions
Since public-key algorithms are often inefficient to sign long
documents, digital signature protocols are often implemented with
one-way hash functions.
Instead of signing a document, Alice signs the hash of the
document
Alice produces a one-way hash of a document
Alice encrypts the hash with her private key, thereby signing the
document
Alice sends the document and the signed hash to Bob
Bob produces a one-way hash of the document th a t Alice sent. He
then, decrypts the signed hash with Alices public key.
If the signed hash matches the hash he generated, the signature is
valid.
Security techniques

How cryptography is used to secure electronic communications

Sending check over an electronic network poses several security
problems:
since anyone could intercept and read the file, you need
confidentiality.
since someone else could create a similar counterfeit file, the bank needs
to authenticate tha t it was actually you who created the file. since
you could deny creating the file, the bank needs
non-repudiation.
since someone could alter the file, both you and the bank need data
integrity.
Security techniques

How cryptography is used to secure electronic communications

The first step is to sign the check with a digital signature.
Once the electronic check is digitally signed, it can be encrypted
using a mathematical transformation with a key that will be used
later to decrypt the document