Cryptography Presented By: Yogita Dey Amardeep Kahali Dipanjan Devnagar Minhaajuddin Ahmad Khan ECE4, NIT Securing the Information Age

Background Information Security requirements have changed in recent times Traditionally provided by physical and administrative mechanisms Computer use requires automated tools to protect files and other stored information Use of networks and communications links requires measures to protect data during transmission

Need for Information Security Defending against external/internal hackers Defending against industrial espionage Securing E-commerce Securing bank accounts/electronic transfers Securing intellectual property Avoiding liability

Threats to Information Security Pervasiveness of /networks Online storage of sensitive information Insecure technologies (e.g. wireless) Trend towards paperless society Weak legal protection of privacy

Essential Terms Cryptography Encryption (code) Plain text  Cipher text Decryption (decode) Cipher text  Plain text Cryptanalysis Cryptology

Cryptographic Algorithms Symmetric Key or secret key: Involves use of one key. Asymmetric key or public key: Involves use of two keys viz. public and private. Message Digest. Hash Functions.

Symmetric Key Cryptography Same secret key is used by both sender and receiver, which is shared between them. Sender uses the key and an encryption algorithm for encryption. Receiver uses the same key and the corresponding decryption algorithm for decryption.

Traditional Ciphers Substitution Mono alphabetic e.g. Caesar cipher Poly alphabetic e.g. Vigenère cipher, Hill cipher Transposition Scytale Reverse Rail Fence Geometric Row/Column

Modern Ciphers Simple Modern Ciphers XOR Cipher Rotation Cipher S-box (Substitution) P-box (Permutation) Modern Round Ciphers DES (Data Encryption Standard) and derivatives: double DES and triple DES IDEA (International Data Encryption Algorithm) Blowfish CAST-128 RC5 (Rivest Cipher #5) AES (Advanced Encryption Standard)

Two types of symmetric ciphers Stream ciphers – Encrypt one bit at time Block ciphers – Break plaintext message in equal-size blocks – Encrypt each block as a unit

Stream Ciphers Combine each bit of keystream with bit of plaintext to get bit of ciphertext m(i) = i th bit of message k s (i) = i th bit of keystream c(i) = i th bit of ciphertext c(i) = k s (i) m(i) m(i) = k s (i) c(i)

RC5 Stream Cipher Feistel like network Variable block size (32,63 or 128 bits) Key size (0 to 2040 bits) Use of data dependent rotations Really simple 12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts

Block Ciphers Message to be encrypted is processed in blocks of k bits (e.g., 64-bit blocks). 1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext Example with k=3 input output input output

Data Encryption Standard (DES) US encryption standard designed by IBM [NIST 1993] 56-bit symmetric key, 64-bit plaintext input Block cipher with cipher block chaining 56-bit-key-encrypted phrase decrypted (brute force) in less than a day No known good analytic attack

Data Encryption Standard (DES) initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation DES operation

Advanced Encryption Standard (AES) New (Nov. 2001) symmetric-key NIST standard, replacing DES Based on Rijndael Algorithm Processes data in 128 bit blocks 128, 192, or 256 bit keys Brute force decryption taking 1 sec on DES, takes 149 trillion years for AES

Asymmetric Key Cryptography Here sender and receiver do not share keys. There are two different keys: a private key which is kept by the receiver and a public key that is known to all. Sender uses public key to encrypt and receiver uses the private key to decrypt the message.

RSA (Rivest, Shamir, Adelman) DH (Diffie-Hellman Key Agreement Algorithm) ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm) RPK (Raike Public Key) Public Key Crypto Algorithms

Choose two distinct prime numbers p and q. Compute n = pq Compute φ (n) = (p – 1)(q – 1) Choose an integer e such that 1 < e < φ (n) and e and φ (n) are coprime Determine d = e -1 mod φ (n) e is released as the public key exponent and d is kept as the private key exponent RSA Algorithm

RSA Algorithm (contd.)

A hybrid encryption technology Message is encrypted using a private key algorithm (IDEA) Key is then encrypted using a public key algorithm (RSA) For file encryption, only IDEA algorithm is used PGP is free for home use Pretty Good Privacy (PGP)

Digital Signatures Made by encrypting a message digest (cryptographic checksum) with the sender’s private key Receiver decrypts with the sender’s public key (roles of private and public keys are flipped) Prevents Impostor attacks Content tampering Timing modification

Currently Available Technologies MD4 and MD5 (Message Digest) SHA-1 (Secure Hash Algorithm version 1) DSA (The Digital Signature Algorithm) ECDSA (Elliptic Curve DSA) Kerberos OPS (Open Profiling Standard) VeriSign Digital IDs

Benefits of Cryptographic Technologies Data secrecy Data integrity Authentication of message originator Electronic certification and digital signature Non-repudiation

Potential Problems False sense of security if badly implemented Government regulation of cryptographic technologies/export restrictions Encryption prohibited in some countries All public key schemes are susceptible to brute force attacks…only the work factor varies With decreasing cost of computer power and mathematical discoveries, work factor is decreasing

Remarks Encryption does not guarantee security! Many ways to beat a crypto system NOT dependent on cryptanalysis, such as: Viruses, worms, hackers, etc. TEMPEST attacks Unauthorized physical access to secret keys Cryptography is only one element of comprehensive computer security

Thank You