Information Systems Security Introduction to Cryptography
What is Cryptography It is an applied branch of mathematics It is used to provide Confidentiality Integrity Authentication Authorization Non-repudiation
Why Cryptography Encrypting data against disclosure, modification Signing data against modification, repudiation To provide security for eCommerce
Application area Storing data encrypted Transmitting data securely Even access would not lead to disclosure Transmitting data securely Prevent eavesdropping Identifying your partner Prevent man in the middle attack Proof of identity Avoiding impersonation
Terms used Encryption Decryption Plaintext Cipher text The process of encoding a message so that the meaning is not obvious Decryption The reverse process of encryption Plaintext The original form of the message Cipher text The disguised (encrypted) text
Terms used C = E(P) P = D(C) P = D(E(P)) P – plaintext C – cipher text E – encryption algorithm D – decryption algorithm C = E(P) P = D(C) P = D(E(P))
Terms used C = EK(P) P = DK(C) P = DK(EK(P)) The encryption process involves An algorithm – mostly public A key – must be private C = EK(P) P = DK(C) P = DK(EK(P))
Software components Hash functions: handling the whole document takes too long Encryption/decryption: same algorithm for symmetric but different for asymmetric and signature Signature: combine a document with a private key Key agreement: creating a shared secret Key generation: creating secure keys
Classification of Cryptographic Systems The way the plaintext is processed Block cipher Stream cipher Type of operations performed Substitution Transposition Number of keys used Symmetric Asymmetric
Block encryption Data divided into fixed size blocks and symmetric encryption worked on them one at a time (e.g. 64 bits in 64 bits out) Main method is substitution and permutation by using S-boxes Early block cipher: Playfair Present block cipher: DES, AES
Stream encryption Symmetric encryption done on the bit stream (1 bit in, 1 bit out) The usual method is to use symmetric encryption in chain mode (cipher block chaining) where the previous cipher block is XOR to next plaintext block Early stream cipher: Vigerene Present stream cipher: RC4
Classical techniques - Substitution Substitute a character, digit or symbol for each character in plaintext Examples Mono alphabetic cipher Caesar cipher Atbash cipher Poly alphabetic cipher Playfair cipher
The Caesar cipher - Cryptanalysis Try all 25 possible keys Use the nature of the plain text Single character occurrences Digrams Trigrams
The Caesar cipher – Cryptanalysis Frequency Table of single letters
The Caesar cipher – Cryptanalysis Digrams and Trigrams an, re, er, nt, th, on, in, am, is, to, be, he, we, no, of Trigrams ent, ion, and, the, are, you, she, not
Playfair cipher Use a 5 x 5 matrix Use a keyword Use 2 characters at a time
Playfair cipher - rules Repeating plaintext letters are separated with a filling letter e.g. X Plaintext letters on the same row is replaced by letters right to it Plaintext letters on the same column is replaced by letters beneath it Else, replace plaintext by the corner letters of the rectangle formed by the 2 letters
Playfair example Key: PLAYFAIR EXAMPLE P L A Y F 1 R E X M B C D G H J N O S T U V W Z
Playfair example Plain text Hide the gold in the tree stump Change into capital letters HI DE TH EG OL DI NT HE TR EE ST UM P Check for repeating letters HI DE TH EG OL DI NT HE TR EX ES TU MP Encrypt
Playfair example What is the cipher text? BM ND ZB XD KY BE JV DM UI XM MN UV IF
Transposition Change the location of a character Examples Rail fence cipher Columnar transposition Enigma machine
Rail fence cipher Rail fence cipher of 3 rails Cipher text Plain text we are discovered flee at once Rail fence cipher of 3 rails W..R..I..O..R..F..E..O..E .E..E..S..V..E..L..A..N.. ..A..D..C..E..D..E..T..C. Cipher text WRIORFEOEEESVELANADCEDETC
Symmetric encryption Based on a shared secret by the participants and an algorithm The secret is used for both encryption and decryption key To protect the confidentiality of the data Are usually efficient and fast Main weakness is the need for the shared secret
Symmetric encryption
Asymmetric encryption Designed to overcome issues relating to key distribution Also offers authenticity 2 keys Public key – known by everyone Private key – known only by owner Keys operate as inverse, one key can decrypt message encrypted by the other
Asymmetric encryption
Symmetric vs Asymmetric Number of keys 1 2 Protection Must be secret Public & Private Key distribution Out of band Used to exchange other keys Speed Fast 10,000 times slower Usage Security & integrity of data Key exchange, authentication
Hash A hash is a cryptographic one way function that produces a record smaller than the plaintext The plaintext cannot be recovered from the hash and for a good hash function it is impossible for 2 plaintexts to produce the same hash (collision)
Hash A hash encrypted by the document signer’s private key can be used as a signature for a document Used to produce Message Authentication Codes (MAC) to verify the integrity of a message
Digital signature
Algorithms Symmetric Asymmetric Hash Others DES, 3DES, AES RSA, DSA (only for signature) Hash Sha-1, MD5 Others Diffie-Hellman for key agreement
PGP (Pretty Good Privacy) Designed by Phil Zimmermann for providing cryptographic protection of e-mail and file storage Uses the strong cryptographic algorithm Offers Authentication using digital signatures Confidentiality with use of encryption Bytes conversion to ASCII for e-mail
PGP design philosophy Written for individual technically skilled end users Every user creates and manages their own keys Every user has a freedom to choose whom to trust No administrative organisation or government involved in operation
Sending a PGP message
Receiving a PGP message