2 Essential Terms Secret writing Cryptography Encryption Decryption Plain text Cipher textDecryptionCipher text Plain textCryptanalysisCryptologySecret writingSource:
3 Basic TerminologiesCryptography deals with creating documents that can be shared secretly over public communication channelsCryptographic documents are decrypted with the key associated with encryption, with the knowledge of the encryptorThe word cryptography comes from the Greek words: Krypto (secret) and graphein (write)Cryptanalysis deals with finding the encryption key without the knowledge of the encryptorCryptology deals with cryptography and cryptanalysisCryptosystems are computer systems used to encrypt data for secure transmission and storage
4 Basic TerminologiesKeys are rules used in algorithms to convert a document into a secret documentKeys are of two types:SymmetricAsymmetricA key is symmetric if the same key is used both for encryption and decryptionA key is asymmetric if different keys are used for encryption and decryption
5 Basic Terminologies Examples: Symmetric key methods DES 56-bitTriple DES bitAES bit and higherBlowfish bit and higherAsymmetric key methodsRSAPGP
6 Basic Terminologies Plaintext is text that is in readable form Ciphertext results from plaintext by applying the encryption keyNotations:M message, C ciphertext, E encryption, D decryption, k keyE(M) = CE(M, k) = CFact: D(C) = M, D(C, k) = M
7 Cryptographic Methods SymmetricSame key for encryption and decryptionKey distribution problemAsymmetricMathematically related key pairs for encryption and decryptionPublic and private keysCryptographic Algorithms generally fall into one of two different categories, or are a combination of both.SymmetricFastOnly provide confidentialityNeed secure channel for key distributionKey management headaches from large number of key pairs to maintain N(N-1)/2That’s over 6.3 million key pairs to let all 3556 Purdue A/P staff members exchange encrypted messagesTo do the same for all students would require over half a billion key pairs!Examples: DES, AES, Blowfish, RC4, RC5AsymmetricLarge mathematical operations make it slower than symmetric algorithmsNo need for out of band key distribution (public keys are public!)Scales better since only a single key pair needed per individualCan provide authentication and nonrepudiationExamples: RSA, El Gamal, ECC, Diffie-Hellman
8 Cryptographic Methods HybridCombines strengths of both methodsAsymmetric distributes symmetric keyAlso known as a session keySymmetric provides bulk encryptionExample:SSL negotiates a hybrid methodA hybrid cryptosystem is the best of both worlds. In this case, an asymmetric encryption scheme is used to transmit a generated symmetric key to the other party, then that key is used for all further communications.This combines the scalability and key management features of the asymmetric algorithms with the speed of symmetric ones. The Secure Sockets Layer (SSL) protocol negotiates which asymmetric and symmetric algorithms to use in a hybrid system to protect TCP connections, such as an HTTP connection between a web browser and web server.
9 Types of Secret Writing SteganographyCryptography
10 Basic TerminologiesSteganography is the method of hiding secret messages in an ordinary documentSteganography does not use encryptionSteganography does not increase file size for hidden messagesExample: select the bit patterns in pixel colors to hide the message
11 Steganography Hiding a message within another medium, such as an image No key is requiredExampleModify color map of JPEG imageInvisible ink, hidden tattoos, and microdots are all examples of steganography.By taking a color digital image and slightly altering the color of each pixel, you can hide a message in the image without noticeably altering the appearance. The receiver can then extract the message if they have the original, unaltered image.
12 SteganographySteganography – covered writing – is an art of hiding informationPopular contemporary steganographic technologies hide information in imagesNew York Times, August 3rd, 2001
13 Hiding information in pictures Image in which to hide another imageImage to hide within the other image
14 Types of Cryptography Stream-based Ciphers Block Ciphers One at a time, pleaseMixes plaintext with key streamGood for real-time servicesBlock CiphersAmusement Park RideSubstitution and transpositionStream Ciphers are fast and easy to implement in hardware.Block ciphers are stronger, but slower and often implemented in hardware.
15 Types of Secret Writing SteganographyCryptographySubstitutionTranspositionMon alphabeticPolyalphabetic
16 Encryption Systems Substitution Cipher Transposition Cipher Convert one letter to anotherCryptoquipTransposition CipherChange position of letter in textWord JumbleMonoalphabetic CipherCaesarPolyalphabetic CipherVigenèreSubstitution Cipher: Replacing one letter with anotherTransposition Cipher: World Jumble. Rearranging or reordering the letters within a messageMonoalphabetic Cipher: Algorithm that substitutes one letter in the ciphertext alphabet for one in the plaintext alphabet
17 Public Key Cryptography Private (symmetric, secret) key – the same key used for encryption/decryptionProblem of key distributionPublic (asymmetric) key cryptography – a public key used for encryption and private key for decryptionKey distribution problem solved
18 Currently Available Crypto Algorithms (private key) DES (Data Encryption Standard) and derivatives: double DES and triple DESIDEA (International Data Encryption Standard)BlowfishRC5 (Rivest Cipher #5)AES (Advance Encryption Standard)
19 Currently Available Crypto Algorithms (public key) RSA (Rivest, Shamir, Adleman)DH (Diffie-Hellman Key Agreement Algorithm)
20 Hashing Algorithms MD5 SHA-1 Computes 128-bit hash value Widely used for file integrity checkingSHA-1Computes 160-bit hash valueMD-5 is based on MD-4 and was created to address vulnerabilities found in MD-4. MD5 generates 128-bit hash values over 512-bit blocks in 4 rounds of 16 steps each.SHA-1 also operates on 512-bit blocks, but produces a 160-bit hash value in 4 rounds of 20 steps each.