CRYPTOGRAPHY APPLICATIONS AND PRINCIPLES

COURSE CODE: CPE 516

DEPARTMENT OF ELECTRICAL & COMPUTER ENGINEERING

FACULTY OF ENGINEERING

EDO UNIVERSITY IYAMHO

LECTURE TIME: 1pm to 3pm (TUESDAYS)

COURSE LECTURER:
Engr. ALIU DANIEL (PhD)

Email: aliu.daniel@edouniversity.edu.ng
Course Content
• Classical encryption techniques/ Block Ciphers (Data Encryption Standard
(DES))
• Basics of finite field and Number theory
• Advanced Encryption Standard (AES)
• Contemporary symmetric ciphers
• Confidentiality using symmetric encryption
• Key management and public key cryptosystems
• Message Authentication / Hash functions and algorithms
• Digital signatures and authentication protocols
• Network security practice (Application, Email, IP and web security)
• System security against Intruders, Malicious software firewall
 CRYPTOGRAPHY
Cryptography can reformat and transform our data, making it safer on its trip
between computers.
The technology is based on the essentials of secret codes, augmented by
modern mathematics that protects our data in powerful ways.

• Computer Security - generic name for the collection of tools designed to

protect data and to thwart hackers

• Network Security - measures to protect data during their transmission

• Internet Security - measures to protect data during their transmission over a

collection of interconnected networks
 Security Attacks, Services and
Mechanisms
To assess the security needs of an organization effectively, the manager
responsible for security needs some systematic way of defining the
requirements for security and characterization of approaches to satisfy those
requirements.
One approach is to consider three aspects of information security:

Security attack: Any action that compromises the security of information owned by an
organization.
Security mechanism: A mechanism that is designed to detect, prevent or recover from a
security attack.
Security service: A service that enhances the security of the data processing systems and the
information transfers of an organization. The services are intended to counter security
attacks and they make use of one or more security mechanisms to provide the service.
 Basic Concepts
Cryptography The art or science encompassing the principles and methods of
transforming an intelligible message into one that is unintelligible, and then
retransforming that message back to its original form

Plaintext The original intelligible message

Cipher text The transformed message

Cipher An algorithm for transforming an intelligible message into one that is

unintelligible by transposition and/or substitution methods

Key Some critical information used by the cipher, known only to the sender& receiver
OR a string of data used in modifying the data during encryption and recovering the
data during decryption.
 Basic Concepts
Encipher (encode) The process of converting plaintext to cipher text using a cipher and a
key

Decipher (decode) the process of converting cipher text back into plaintext using a
cipher and a key

Cryptanalysis The study of principles and methods of transforming an unintelligible

message back into an intelligible message without knowledge of the key. Also called
code breaking

Cryptology Both cryptography and cryptanalysis

Code An algorithm for transforming an intelligible message into an unintelligible one

using a code-book
 Basic Concepts
Cryptography Cryptographic systems are generally classified along 3
independent dimensions:

Type of operations used for transforming plain text to cipher text

All the encryption algorithms are based on two general principles: substitution,
in which each element in the plaintext is mapped into another element

 transposition, in which elements in the plaintext are rearranged.

 Basic Concepts
The number of keys used If the sender and receiver uses same key then it is
said to be symmetric key (or) Single key (or) conventional encryption.

If the sender and receiver use different keys then it is said to be public key
encryption.

The way in which the plain text is processed

A block cipher processes the input and block of elements at a time, producing
output block for each input block.

A stream cipher processes the input elements continuously, producing output

element one at a time, as it goes along.
 Cryptanalysis
The process of attempting to discover X or K or both is known as cryptanalysis.

The strategy used by the cryptanalysis depends on the nature of the encryption scheme and the
information available to the cryptanalyst.

There are various types of cryptanalytic attacks based on the amount of information known to
the cryptanalyst.

A stream cipher processes the input elements continuously, producing output element one at a
time, as it goes along.

Cipher text only: A copy of cipher text alone is known to the cryptanalyst.

Known plaintext: The cryptanalyst has a copy of the cipher text and the corresponding plaintext.
 Cryptanalysis
Cipher text only: Copy of cipher text alone is known to the cryptanalyst.

Known plaintext: The cryptanalyst has a copy of the cipher text and the
corresponding plaintext.

Chosen plaintext: The cryptanalysts gains temporary access to the encryption

machine. They cannot open it to find the key, however; they can encrypt a large
number of suitably chosen plaintexts and try to use the resulting cipher texts to
deduce the key.

Chosen cipher text: The cryptanalyst obtains temporary access to the

decryption machine, uses it to decrypt several string of symbols, and tries to
use the results to deduce the key.
 SECURITY SERVICES
The classification of security services are as follows:
Confidentiality: Ensures that the information in a computer system a n d
transmitted information are accessible only for reading by authorized parties.
E.g. Printing, displaying and other forms of disclosure.

Authentication: Ensures that the origin of a message or electronic document is

correctly identified, with an assurance that the identity is not false.

Integrity: Ensures that only authorized parties are able to modify computer
system assets and transmitted information. Modification includes writing,
changing status, deleting, creating and delaying or replaying of transmitted
messages.
 SECURITY SERVICES
Non repudiation: Requires that neither the sender nor the receiver of a
message be able to deny the transmission.

Access control: Requires that access to information resources may be

controlled by or the target system.

Availability: Requires that computer system assets be available to authorized

parties when needed.
Processes of Encryption/Decryption
Purposes of Encryption
• Privacy: Data encryption is mostly done to ensure privacy of
communication or data saved such that an un-authorised person
(Eavesdropper) or machine can not be able to understand the
message.
PUBLIC KEY SYSTEM

Every Egyptian received two names, which were known respectively

as the true name and the good name, or the great name and the little

name; and while the good or little name was made public, the true or

great name appears to have been carefully concealed.

LEARNING OBJECTIVES
After studying this section, you should be able to:
Present an overview of the basic principles of public-key cryptosystems.

Explain the two distinct uses of public-key cryptosystems.

List and explain the requirements for a public-key cryptosystem.

Present an overview of the RSA algorithm.

Understand the timing attack.

Summarize the relevant issues related to the complexity of algorithms.

PUBLIC KEY SYSTEM
The development of public-key cryptography is the greatest and
perhaps the only true revolution in the entire history of cryptography.

From its earliest beginnings to modern times, virtually all

cryptographic systems have been based on the elementary tools of
substitution and permutation.

After millennia of working with algorithms that could be calculated by

hand, a major advance in symmetric cryptography occurred with the
development of the rotor encryption/decryption machine.
 PUBLIC KEY SYSTEM
The electromechanical rotor enabled the development of fiendishly
complex cipher systems.

With the availability of computers, even more complex systems were

devised, the most prominent of which was the Lucifer effort at IBM that
culminated in the Data Encryption Standard (DES).

But both rotor machines and DES, although representing significant

advances, still relied on the bread-and-butter tools of substitution and
permutation.
 PUBLIC KEY SYSTEM
Public-key cryptography provides a radical departure from all that has gone
before.

For one thing, public-key algorithms are based on mathematical functions

rather than on substitution and permutation.

More important, public-key cryptography is asymmetric, involving the use of

two separate keys, in contrast to symmetric encryption, which uses only one
key.

The use of two keys has profound consequences in the areas of

confidentiality, key distribution, and authentication.
 PUBLIC KEY SYSTEM
There are several common misconceptions concerning public-key encryption.

One such misconception is that public-key encryption is more secure from

cryptanalysis than is symmetric encryption.

In fact, the security of any encryption scheme depends on the length of the key
and the computational work involved in breaking a cipher.

There is nothing in principle about either symmetric or public-key encryption

that makes one superior to another from the point of view of resisting
cryptanalysis.
 PUBLIC KEY SYSTEM
A second misconception is that public-key encryption is a general-purpose
technique that has made symmetric encryption obsolete.

On the contrary, because of the computational overhead of current public-

key encryption schemes, there seems no foreseeable likelihood that
symmetric encryption will be abandoned.

As one of the inventors of public-key encryption has put it, “the restriction of
public-key cryptography to key management and signature applications is
almost universally accepted.”
 PUBLIC KEY SYSTEM
Finally, there is a feeling that key distribution is trivial when using public key
encryption, compared to the rather cumbersome handshaking involved with
key distribution centers for symmetric encryption.

In fact, some form of protocol is needed, generally involving a central agent,
and the procedures involved are not simpler nor any more efficient than
those required for symmetric encryption

RSA algorithm, is one of the most important encryption/decryption

algorithm that has been shown to be feasible for public-key encryption.
PUBLIC KEY ECOSYSTEMS
Asymmetric algorithms rely on one key for encryption and a different but
related key for decryption.

These algorithms have the following important characteristic.

It is computationally infeasible to determine the decryption key given only
knowledge of the cryptographic algorithm and the encryption key.

In addition, some algorithms, such as RSA, also exhibit the following
characteristic.

 Either of the two related keys can be used for encryption, with the other used
for decryption.
PUBLIC KEY ECOSYSTEMS
A public-key encryption scheme has six ingredients

FIGURE 2: PUBLIC KEY CRYPTOGRAPHY

PUBLIC KEY ECOSYSTEMS
The essential steps are the following:
Each user generates a pair of keys to be used for the encryption and decryption of
messages.

Each user places one of the two keys in a public register or other accessible file. This is
the public key. The companion key is kept private. As Figure 2.1a suggests, each user
maintains a collection of public keys obtained from others.

If Bob wishes to send a confidential message to Alice, Bob encrypts the message using
Alice’s public key.

 When Alice receives the message, she decrypts it using her private key. No other
recipient can decrypt the message because only Alice knows Alice’s private key.
PUBLIC KEY ECOSYSTEMS
Summarizes some of the important aspects of symmetric and public key encryption.
Table 1: Conventional and Public-Key Encryption
Conventional Encryption
Needed to Work:
1. The same algorithm with the same key is used for
encryption and decryption.
2. The sender and receiver must share the algorithm
and the key.
Needed for Security:
1. The key must be kept secret.
2. It must be impossible or at least impractical to
decipher a message if the key is kept secret.
3. Knowledge of the algorithm plus samples of
ciphertext must be insufficient to determine the key.
Public-Key Encryption
Needed to Work:
1. One algorithm is used for encryption and a related
algorithm for decryption with a pair of keys, one for
encryption and one for decryption.
2. The sender and receiver must each have one of the
matched pair of keys (not the same one).
Needed for Security:
1. One of the two keys must be kept secret.
2. It must be impossible or at least impractical to
decipher a message if one of the keys is kept secret.
3. Knowledge of the algorithm plus one of the keys
plus samples of ciphertext must be insufficient to
determine the other key.
PUBLIC KEY ECOSYSTEMS
In broad terms, we can classify the use of public-key cryptosystems into three
categories

Encryption/decryption: The sender encrypts a message with the recipient’s public

key.

Digital signature: The sender “signs” a message with its private key. Signing is
achieved by a cryptographic algorithm applied to the message or to a small block of
data that is a function of the message.

Key exchange: Two sides cooperate to exchange a session key. Several different
approaches are possible, involving the private key(s) of one or both parties.
PUBLIC KEY ECOSYSTEMS
Summarizes some of the important aspects of symmetric and public key encryption.
Table 1: Conventional and Public-Key Encryption
Conventional Encryption
Needed to Work:
1. The same algorithm with the same key is used for
encryption and decryption.
2. The sender and receiver must share the algorithm
and the key.
Needed for Security:
1. The key must be kept secret.
2. It must be impossible or at least impractical to
decipher a message if the key is kept secret.
3. Knowledge of the algorithm plus samples of
ciphertext must be insufficient to determine the key.
Public-Key Encryption
Needed to Work:
1. One algorithm is used for encryption and a related
algorithm for decryption with a pair of keys, one for
encryption and one for decryption.
2. The sender and receiver must each have one of the
matched pair of keys (not the same one).
Needed for Security:
1. One of the two keys must be kept secret.
2. It must be impossible or at least impractical to
decipher a message if one of the keys is kept secret.
3. Knowledge of the algorithm plus one of the keys
plus samples of ciphertext must be insufficient to
determine the other key.
Relevant Resources
Textbooks: The textbook recommended for this course is stated as
follows:
Title: Cryptography and Network Security (Principles and
Practice)
Author: William Stallings
Publisher: Pearson Education Inc
ISBN-13: 978-0-13-335469-0
Year: 2014
Edition: Sixth