Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Cryptography

Published byTamsin Banks Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Cryptography"— Presentation transcript:

1 Introduction to Cryptography
Part One: Basic Cryptography and Hashing Module Type: Basic Method Module Number: 0x09 Last Updated: Author: Hermit

2 Topics What is Cryptography? Why Does Cryptography Matter?
Key Terms and Concepts Integrity vs Confidentiality Basic Cryptographic Techniques Hashing vs Encrypting Hashing Algorithms Asymmetric vs Symmetric Encryption Block Ciphers vs Stream Ciphers

3 What is Cryptography? (Merriam-Webster)
secret writing the enciphering and deciphering of messages in secret code or cipher; also :  the computerized encoding and decoding of information Source:

4 What is Cryptography? (Hermit)
Traditionally, it’s a method of protecting information from unauthorized access (confidentiality). In later iterations, it involves ensuring that the message is also unaltered (integrity). Beyond that, it moves into ensuring that each party is who they say they are, and that they actually were the senders (authentication and non-repudiation). So we can generally classify cryptography as the science of sending and receiving data between known entities, and ensuring the data isn’t modified by unintended participants.

5 Why Does Cryptography Matter?
Cryptography is about protecting information. A better question is why does information matter? Are any of the following sensitive to you? Financial details and transactions Medical records Private “adult” communications Gender identity Discussions with lawyers Regime change Freedom of expression

6 Key Terms and Concepts Alice Bob Eve Plaintext Ciphertext
In cryptography, Alice is the name often given to one of the two communicating parties. Bob The name of the other communicating party. Eve In cryptography, the eavesdropper/attacker of a communication. Plaintext Something that can be read or understood. Ciphertext Something that has been rendered so it cannot be read or understood, e.g.: U29tZXRoaW5nIHRoYXQgY2FuIGJlIHJlYWQgb3IgdW5kZXJzdG9vZC4K

7 Key Terms and Concepts (Continued)
Nonce Something that is designed to be used once. Normally used to prevent replay attacks. Signal to Noise Ratio (SNR) How apparent an item of interest (a signal) is relative to the rest of the environment (the noise). Non-Repudiation How we prove that it was really Bob who said Alice is mean, and not Eve just being all Eve. Avalanche Effect A desirable feature in cryptography, in which small changes cause large variations in output.

8 Key Terms and Concepts (Continued)
Key Space The number of potential inputs or outputs. Collision When two different inputs create the same output. Attack Cost How much it costs in either time, processing power, or money to defeat a system’s intended purpose. Entropy How random something appears to be. Higher entropy makes cryptanalysis and signal detection more difficult.

9 Key Terms and Concepts (Continued)
XOR An “eXclusive OR” operation, in which two binary inputs return a binary “1” output if and only if they are different. In other words: XOR(0,0) = 0 XOR(0,1) = 1 XOR(1,0) = 1 XOR(1,1) = 0 This varies from a traditional ”OR” operation, in which either input containing a “1” would give a “1” result, e.g.: OR(0,0) = 0 OR(0,1) = 1 OR(1,0) = 1 OR(1,1) = 1

10 Key Terms and Concepts (Continued)
Function A defined algorithm which specifies how data is calculated or transformed. Operation A single mathematical computation based upon an input and a function. Round A series of operations joined together which encompasses a complete set of data calculations or processing. Algorithms often use multiple rounds to increase entropy or the avalanche effect.

11 Key Terms and Concepts (Continued)
Block A unit of data with a fixed size. For example dividing a 1024 byte file into 128 bit blocks would yield 64 blocks (1024 bytes = 8192 bits / 128 bits = 64 blocks). Padding The process of adding data (random or otherwise) to a block to fill it to the required size. Used when the data doesn’t perfectly fit. For example, dividing a 1027 byte file into 128 bit blocks would yield 65 blocks, but only 24 of the final 128 bits would be populated; the remainder would need to be padded. Seed The process of pre-filling or selecting values for a cryptographic algorithm. For example, the initial state of a hash result is often seeded to a NUMS number.

12 Key Terms and Concepts (Continued)
Nothing Up My Sleeve (NUMS) Numbers My all-time favorite cryptographic term.  Numbers that are selected to set an initial state, seed a process, or pad something which are intuitively not trying to subvert the system, e.g.: (etc) Steganography Hiding data within otherwise usable/observable content, such that extracting the hidden data requires knowledge of the method and source of the data.

13 Key Terms and Concepts (Continued)
Salt A bit of random data that is appended to a plaintext to prevent rainbow table attacks. Salts are typically stored in cleartext along with the resultant hash. Pepper A bit of non-random data this is appended to a password before the salting, e.g.: AUTHENTICATOR = ${SALT}:${VERIFIER} VERIFIER = hash(${PEPPER} + ${PASSWORD}) This further complicates password recovery by making the credentials system/service-specific.

14 Integrity vs Confidentiality
Confidentiality is ensuring that only the intended recipients of a message can receive it. Integrity is ensuring that the message which is received by a party has not been modified in any way, and that any modification is apparent.

15 Basic Cryptography Rotational Ciphers Substitution Ciphers
Vernam Ciphers (One-Time Pads) Base64 Encoding

16 Basic Cryptography: Caeser/Rotational Ciphers
The concept is simple… define a number of alphabetical characters to rotate, then wrap from A-Z for any overlap. Reverse for decryption. The number (e.g. ROT-13) specifies the number of characters to rotate. For example, ROT-1 would turn this: I can hax stuff goodly. Into this: J dbo iby tuvgg hppemz.

17 Basic Cryptography: Substitution Ciphers
Also simple: each character has a different character mapping. It’s the basic concept of a magic decoder ring. For example, if we did a reverse mapping, e.g.: ABCDEFGHIJKLMNOPQRSTUVWXZY to ZYXWVUTSRQPONMLKJIHGFEDCBA Then the phrase I can hax stuff goodly turns to: S xzm rzc hgfuu tllwob

18 Basic Cryptography: Vernam/Vignere Ciphers
A rotational cipher where the amount of rotation changes with each character. In theory, the only 100% non-breakable form of encryption when the encrypting key material is lost. The key must be as long as or longer than then the plaintext! Assume that A=1, B=2, C=3, etc. Encrypting this: I can hax goodly with this: No you can’t you idiot Yields this: V qyb bcx thmrfg

19 Basic Cryptography: Base64
A method of transmitting binary data using only ASCII printable characters. Each set of three bytes (24 bits) is broken down to a set of four 6 bit values, then remapped to a printable ASCII set. Decryption goes the opposite way. Example: “ABC” in binary is Broken into 6 bits: Mapped to Base64: “QUJD” Three characters make the block, so it’s bit position dependent: base64encode(“ABCDEFGHI”) = QUJDREVGR0hJ base64encode(“ABCDEFABC”) = QUJDREVGQUJD

20 Hashing vs Encrypting Encrypting is taking information from one form and converting it into a second form, such that the process is reversible (e.g. it’s possible to take the second form and revert back to the first). Hashing is similar to fingerprinting, where the objective is to make any given input give a unique output, but in a consistent format. The challenge lies in having a small enough identifier to be useful while reducing the probability of collision. Salting is used with plain text to prevent rainbow table attacks.

21 Hashing Algorithms: CRC-16/CRC-32
A Cyclic Redundancy Check (CRC) is a process that repeatedly performs a binary operation of XOR to provide some degree of integrity checking, which is then added to the end of the original message. CRC-16 uses a 17 bit length (16 bits for calculation + 1 bit for checksum), and CRC-32 uses a 33 bit length … which isn’t at all confusing. Let’s talk about how it actually works… to the whiteboard!

22 Hashing Algorithms: MD4/MD5
First up… DON’T USE THESE. They’re cryptographically broken. MD4 came first, then MD5. They both are message digests (hence the “MD” bit) that create a 128-bit output, typically represented as 32 hexadecimal characters. MD4 uses three rounds of 16 operations, and MD5 uses four rounds of 16 operations. MD5 also added an extra bit shift in the second round to avoid the attacks published against MD4. To the whiteboard!

23 Hashing Algorithms: SHA-1
Again… DON’T USE THIS (generally*). Similar in design to MD4/MD5. Output is 40 hexadecimal bytes (160 bits). First collision using two different PDFs was published by Google just in February (exciting!) but it’s been considered cryptographically weak for three years now. Used most famously in X509 or PKCS12 certificates. It’s those things all the browsers now warn you about. 

24 Hashing Algorithms: SHA-2
Still considered cryptographically secure. Hooray! Has six different output lengths: SHA-224 = 224 bit output (or 60 hexadecimal characters) SHA-256 = 256 bit output (or 64 hexadecimal characters) SHA-384 = 384 bit output SHA-512 = 512 bit output SHA-512/224 = 512 bit output SHA-512/256 = 512 bit output The 224 and 384 variants are truncated versions of 256 and 512, respectively. The 512/224 and 512/256 are FIPS variants.

25 Hashing Algorithms: SHA-3
Released in 2015, competition to select it began in 2006. Still not seen much of anywhere, but offers a completely different architecture from SHA-1/SHA-2 (which were themselves derived from MD4/MD5). It’s a “sponge” algorithm, which operates on a matrix rather than block data. Highly tunable for performance and security. Same key sizes and outputs as SHA-2.

26 Asymmetric vs Symmetric Encryption
Symmetric encryption requires that all parties have the same magic decoder ring. Non-repudiation doesn’t exist, because everyone uses the same material to encrypt and decrypt. It’s simple to manage, however. Asymmetric encryption uses mathematically related keys, meaning that a different key is used to decrypt than was used to encrypt. This makes non-repudiation possible (we’ll discuss this in more detail next week). In short, you can give away a copy of one key to everyone in the world, but only you can decrypt the result. It’s more difficult to manage, however, because you have to encrypt to each recipient (and thus by extension have to have a key for each of them).

27 Block vs Steam Ciphers Block ciphers operate on fixed input sizes. Most famous: Advanced Encryption Standard (AES) Data Encryption Standard (DES)/Triple DES (3DES) Rivest Cipher 5 (RC5) International Data Encryption Algorithm (IDEA) Blowfish Stream ciphers operate on variable input sizes. Rivest Cipher 4 (RC4) A5/1 A5/2 HC-256

28 In Part Two… We’ll dive deeper into AES, DES, 3DES, RC4, RC5, and more… We’ll dive into Public Key Cryptography, and all of its intricate magic In other words, we’ll explain how all that HTTPS/SSL/TLS stuff on the Internet actually works We’ll also look at what trust relationships are, and how they’re broken We’ll explore basic cryptanalysis, or how we start to break cryptography But the fun’s not done, because then…

29 In Part Three… It’s off to a tour of how crypto systems have been broken, either through poor design, computing efficiencies, or espionage We’ll finish with a discussion of the “crypto wars” of the 1990s, and why we keep revisiting that topic every 10 years or so. Hope to see you back here!

30 Additional Resources Hash Type Reference Guide: Cryptoy (UK Crypto Learning App, Android) Schneier on Security Applied Cryptography (Amazon Link): Hermit

Download ppt "Introduction to Cryptography"

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Cryptography Week-6.

Cryptography Week-6.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Similar presentations

Ads by Google