CRYPTOGRAPHY

CRYPTOGRAPHY. CS2 (CYBERSECURITY 2).

Objectives. ATEOTL, ECSBAT: Explain how encryption techniques protect confidentiality. Encrypt and decrypt messages..

Basic Concepts in Cryptography.

Data confidentiality ensures privacy so that only the intended receiver can read the message.

Definition of Terms. Cryptology. The science of making and breaking codes.

Definition of Terms. Encryption - the process of scrambling data so that an unauthorized party cannot easily read it - converts the plaintext readable message to ciphertext Ciphertext - the unreadable, disguised message.

Definition of Terms. Decryption - reverses the process of encryption) Key – required by encryption, which plays a critical role in encrypting and decrypting a message. The person possessing the key can decrypt the ciphertext to plaintext.

Brief History of Cryptography. The history of cryptography started in diplomatic circles thousands of years ago. Messengers from a king’s court took encrypted messages to other courts. Occasionally, other courts not involved in the communication attempted to steal messages sent to a kingdom they considered an adversary. Not long after, military commanders started using encryption to secure messages..

Cipher Methods, Physical Devices, and Aids. Scytale Caesar Cipher Vigenere Cipher Enigma Machine.

Scytale. A device consisted of a tapered baton around which was spirally wrapped a piece of parchment inscribed with the message. When unwrapped the parchment bore an incomprehensible set of letters, but when wrapped around another baton of identical proportions, the original text reappeared..

Caesar Cipher. created by Julius Caesar messages are secured by putting two sets of the alphabet, side-by-side, and then shifting one of them by a specific number of places. The number of places in the shift serves as the key. Plaintext is converted into ciphertext using this key, and only those who had the key knew how to decipher the messages..

Vinegere Cipher. Using the table on the right side, determine the cipher text of the following plaintext and key: Plaintext: THISISATEST Key: SECRET.

Enigma Code.

Creating Ciphertext.

Cipher – specific algorithm each encryption methods use to encrypt and decrypt messages - A series of well-defined steps used to encrypt and decrypt messages.

Methods of Creating Ciphertext. Transposition – letters are rearranged.

Methods of Creating Ciphertext. Substitution – letters are replaced.

Methods of Creating Ciphertext. One-time pad – plaintext combined with a secret key creates a new character, which then combines with the plaintext to produce ciphertext.

Types of Cryptography. A) Block Ciphers – transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits. Block size – amount of data encrypted at any one time Usually result in output data that is larger than the input data, because the ciphertext must be a multiple of the block size. Example:.

Types of Cryptography. B) Stream Cipher – encrypt plaintext one byte or one bit at a time Example: A5 is a stream cipher that provides voice privacy and encrypts cell phone communication Complex cryptographic systems can combine block stream in the same process.

Two Approaches to Ensuring the Security of Data When Using Encryption.

Two Types of Encryption Symmetric Encryption Asymmetric Encryption.

Symmetrical Encryption.

Symmetric Algorithms. Also known as private-key encryption use the same pre-shared key, sometimes called a secret key pair, to encrypt and decrypt data. Both the sender and receiver know the pre-shared key before any encrypted communication begins. - are simpler and need less computational power.

Encryption Standards that Use Symmetric Encryption.

3DES (Triple DES). Digital Encryption Standard (DES) is a symmetric block cipher with 64-bit block size that uses a 56-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block of ciphertext. It always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm. A permutation is a way of arranging all elements of a set. encrypts data three times and uses a different key for at least one of the three passes, giving it a cumulative key size of 112-168 bits. 3DES is resistant to attack, but it is much slower than DES..

3DES Encryption Cycle. Data encrypted by first DES Data decrypted by second DES Data re-encrypted by third DES The reverse process decrypts the ciphertext.

IDEA (International Data Encryption Algorithm). uses 64-bit blocks and 128-bit keys. Performs eight rounds of transformations on each of the 16 blocks that results from dividing each 64-bit block The replacement for DES, and now PGP (Pretty Good Privacy) uses it PGP – a program that provides privacy and authentication for data communication. GNU Privacy Guard (GPG) – licensed, free version of PGP.

AES (Advanced Encryption Standard). has a fixed block size of 128-bit with a key size of 128, 192, or 128 bits. NIST (National Institute of Standards and Technology ) approved the AES algorithm in December 2001. The US government uses AES to protect classified information A strong algorithm that uses longer key lengths Faster than DES and 3DES, so it provides both a solution for software applications as well as hardware use in firewalls and routers.

Other Block Ciphers. Skipjack (Developed by NSA) Blowfish Twofish.

Use the website: http://des.online-domain-tools.com/ to encrypt the following plaintext works. The plaintext and the key are case-sensitive. Enter the correct ciphertext, separating each pair of hexadecimal digits with a hyphen, as shown in the first row. Ciphertext must be lowercase..

Asymmetrical Encryption.

Asymmetric Algorithms. Also called public-key encryption Use one key to encrypt data and a different key to decrypt data. One key is public and the other is private. more complex resource intensive and slower to execute..

Types of Asymmetric Algorithm. RSA ( Rivest -Shamir- Adleman ) - uses the product of two very large prime numbers with an equal length of between 100 and 200 digits. Browsers use RSA to establish a secure connection. Diffie-Hellman - provides an electronic exchange method to share the secret key. Secure protocols, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), Secure Shell (SSH), and Internet Protocol Security (IPsec), use Diffie-Hellman..

Types of Asymmetric Algorithm. ElGamal - uses the U.S. government standard for digital signatures. This algorithm is free for use because no one holds the patent. Elliptic Curve Cryptography (ECC) - uses elliptic curves as part of the algorithm. In the U.S., the National Security Agency uses ECC for digital signature generation and key exchange..

Activity. Select the correct key to decrypt the message:.

Select the correct key to decrypt the message:. Jane's Public Key Bob's Public Key Jane's Private Key Bob's Private Key.

Select the correct key to decrypt the message:. Jane's Public Key Bob's Public Key Jane's Private Key Bob's Private Key.

Select the correct key to decrypt the message:. Jane's Public Key Bob's Public Key Jane's Private Key Bob's Private Key.

Key Management.

Key Management. includes the generation, exchange, storage, use, and replacement of keys used in an encryption algorithm the most difficult part of designing a cryptosystem. Many cryptosystems have failed because of mistakes in their key management procedures. In practice, most attacks on cryptographic systems target the key management level, rather than the cryptographic algorithm itself..

Essential Characteristics of Key Management. Key Generation: It was up to Caesar to choose the key of his cipher. The Vigenere cipher key is also chosen by the sender and receiver. In a modern cryptographic system, key generation is usually automated and not left to the end user. The use of good random number generators is needed to ensure that all keys are equally generated so that the attacker cannot predict which keys are more likely to be used..

Key Verification: Some keys are better than others. Almost all cryptographic algorithms have some weak keys that should not be used. With the help of key verification procedures, weak keys can be identified and regeneration to provide a more secure encryption. With the Caesar cipher, using a key of 0 or 25 does not encrypt the message, so it should not be used..

Key Exchange: Key management procedures should provide a secure key exchange mechanism that allows secure agreement on the keying material with the other party, probably over an untrusted medium. Key Storage: On a modern multi-user operating system that uses cryptography, a key can be stored in memory. This presents a possible problem when that memory is swapped to the disk, because a Trojan horse program installed on the PC of a user could then have access to the private keys of that user..

Key Lifetime: Using short key lifetimes improves the security of legacy ciphers that are used on high-speed connections. In IPSec a 24-hour lifetime is typical. However, changing the lifetime to 30 minutes improves the security of the algorithms. Key Revocation and Destruction: Revocation notifies all interested parties that a certain key has been compromised and should no longer be used. Destruction erases old keys to prevent malicious attackers from recovering them..

Two Terms Used to Describe Keys. Key Length: Also called key size, this is the measure in bits. Keyspace : This is the number of possibilities that a specific key length can generate. As key length increase, the keyspace increases exponentially..

Comparing Encryption Types.

SjrnrretE Eruypdon AWttm Best known as shared-secret key algorithms. The usual key length is 80 to 256 bits. A sender and receiver must share a secret key, Algorithms are usually quite fast (wire speed) because they are based on simple mathematical operations, Examples include DES, DES, AES, IDEA, RC2/4/5/6, and Blowfish, Asyrm•etric AWttrn Best known as public key algorithms. The usual key length is 512 to 4,096 bits. A sender and receiver do not share a secret key. Algorithms are relatively slow because they are based on diffcult computational algorithms, Examples include RSA, EIGamal, elliptic curves, and.

Applications. A one-time password-generating token is a hardware device that uses cryptography to generate a one-time password. A one-time password is an automatically generated numeric or alphanumeric string of characters that authenticates a user for one transaction of one session only. The number changes every 30 seconds or so. The session password appears on a display and the user enters the password. The electronic payment industry uses 3DES. Operating systems use DES to protect user files and system data with passwords. Most encrypting file systems, such as NTFS, use AES..

Applications. Four protocols use asymmetric key algorithms: Internet Key Exchange (IKE), which is a fundamental component of IPsec Virtual Private Networks (VPNs). Secure Socket Layer (SSL), which is a means of implementing cryptography into a web browser. Secure Shell (SSH), which is a protocol that provides a secure remote access connection to network devices. Pretty Good Privacy (PGP), which is a computer program that provides cryptographic privacy and authentication to increase the security of email communications..