1. Department of Computer Science Chapter 5 Introduction to Cryptography 2016 - Semester 1

2. Lecture Outline  Introduction  Methods of cryptography o Symmetric o Asymmetric  Types of ciphers  Cryptographic algorithms  Common types of attacks  Attacks on cryptography.

3. Introduction  Cryptology –Science of keeping things secret or hiding something. –Includes all areas of cryptography and cryptanalysis.  Cryptography –Is the area of knowledge that deals with creating methods to assure that messages are secretly sent and received.  Cryptanalysis –Encompasses the methodologies to obtain information from encoded messages

4. Introduction (cont.)  Cryptosystem –Manmade or computer-based systems used to encrypt or transform data for secure transmission or storage. –Designed to provide confidential transmission of data, authentication of sender identity, transmission identity and non-repudiation services between the sender and the receiver. –Upon receipt of an encrypted message, cryptosystems are used to perform decryption or decoding operations to reveal the secret message.  Find out what stenography is and how it works. You can also check out some examples.

5. Introduction (cont.)

7. Methods of cryptography  Two main methods or categories of cryptography: 1. Symmetric / Private key 2. Asymmetric / Public key  Symmetric –Uses a single key when encrypting and decrypting data.  Asymmetric –Uses a pair of keys to encrypt and decrypt messages exchanged between the sender and the receiver. –Bothe keys are independent in terms of that one cannot be feasibly computed from the other. –One key has to be public to encrypt while the other is private to decrypt.

8. Methods of cryptography (cont.)  Hybrid of Symmetric and Asymmetric –A symmetric encryption can be used to encrypt the main body, and the private key is encrypted using a stronger but slower asymmetric process. –This encrypted public can then be securely included within the body of the cipher text.

9. Kerckhoff’s [1883] Principle  A cryptosystem should be secure even if the attacker knows all the details about the system with the exception of the secret key.

10. Types of ciphers Block cipher and stream ciphers  Block ciphers –Breaks up the plaintext messages to be transmitted into strings called blocks. –Two main types of block ciphers: –Substitution and transportation –Substitution: Replaces numbers, letters or symbols with other number, letters or symbols –Transportation: Permutes the number, letter or symbols in a block. –Both two types of block ciphers can be combined to form a stronger encryption.

11. Types of ciphers (cont.)  Stream ciphers –Encrypt individual characters –Makes use of key stream. –Key stream is generated at random or using an algorithm. –The size of the key space is the number of encryption / decryption key pairs possible in a cipher system.

12. Other cryptographic solutions  Digital signature –Authenticates the sender –Uses public key cryptography –The receiver has to know the sender’s public key and the copy of the digital signature software. –Most popular software examples for e-mail security is Pretty Good Privacy (PGP), S/MIME and Rivest Shamir Adleman (RSA)  Virtual Private Network (VPN) –Allows business partners to exchange secure communication between their intranets over the internet. –No one outside VPN can read the data. –VPN allows remote users to access their network using the internet without any fear of security.

13. Cryptographic algorithms  There is no need to keep encryption algorithms a secret  Algorithms should be published to allow for research to uncover weaknesses  Effective security is maintained through the size (bit length) of the keys as well as by maintaining proper procedures and policies on key distribution.

14. Common types of Attacks  Known cipher text –the attacker has the cipher text and she tries to decrypt the message by generating all possible keys.  Known plaintext –the attacker has both the cipher text and the plaintext. –We are assuming that the attacker knows the algorithm that was used for the encryption.  Chosen plaintext –The cryptanalyst introduces the plaintext into the system and then watches for how that plaintext will be encrypted.  Chosen cipher text –The attacker decrypt known cipher text to discover key

15. Attacks on Cryptosystems  Brute force attack  Man-in-the-Middle attack  Correlation attack  Dictionary attack  Timing attack

16. Attacks on Cryptosystems (cont.)  Brute force attack –Guessing, trying all key possibilities. –Cipher text is repeatedly searched for clues that can lead to the algorithm’s structure.  Man-in-the-Middle attack –Intercepting the transmission of a public key –Attackers attempts to place themselves between the sender and the receiver, intercepting the request of key exchanges. –The attacker sends each participant a valid public key –Digital signatures can prevent this type of attack. The attacker cannot duplicate the signature.

17. Attacks on Cryptosystems (cont.)  Correlation attack –Attempt to deduce statistical relationships concerning the structure of the key and the output of the cryptosystem. –If factoring of the public key is achieved in reasonable time, allows all messages written with the key to be decrypted.  Dictionary attack –Find plaintext based on common words –Can be successful when the cipher text consists of relatively few characters, e.g. usernames and passwords.  Timing attack –Eavesdropping –Statistical analysis of the users’ typing patterns and keystrokes timings can be used.

18. Homework Find out how the Vigenere cipher works. Find out how the Caesar cipher works. End