basic of scom (1)

LecturerLecturer, , Department. of Department. of Electronics & Communication Electronics & Communication

EngineeringEngineeringNetaji Subhash Engineering College

Garia, Kol - 152

CryptographyCryptography

• Overview of Cryptography• Applications of Cryptography• Classical Cryptosystems• Public Key Cryptosystems

Outline

OverviewOverview of Cryptographyof Cryptography

Overview of CryptographyOverview of Cryptography

What? Why? How?

Overview of Cryptography cont’d…

What is Cryptography?

• It is by far the most important automated tool for network and communications security

• Depends heavily upon mathematics, computer science and cleverness


Why do we need Cryptography?

• Keeping information secret – from adversaries

• Protecting important data – as in military communications

• Increased dependence on electronic systems – credit card numbers over the Internet


How do we implement Cryptography?

Bob DecryptEncrypt

Eve

AliceP C

Encryption Key Decryption Key

Basic Communication Scenario for CryptographyBasic Communication Scenario for Cryptography

sender receiver

attacker


Some important terms

o Plaintext (P) – Original messageo Ciphertext (C) – Coded messageo Encryption – Process of converting from plaintext to ciphertexto Decryption - Process of converting from ciphertext to plaintexto Cryptography – Study of many schemes used for encryptiono Cryptanalysis – Breaking the codeo Cryptology – Areas of cryptography & cryptanalysis


Secure Communications

Eve can –

1. Read the message2. Find the key and read all encrypted

messages3. Corrupt Bob’s message - integrity

4. Masquerade as Bob - authentication


Possible Attacks

Four types of attacks Eve might use –

1. Ciphertext only 2. Known plaintext3. Chosen plaintext4. Chosen ciphertext


Types of Cryptography

1. Classical Cryptosystems – Symmetric Ciphers

1. Public Key Cryptosystems – Asymmetric Ciphers

Applications of Applications of CryptographyCryptography

Applications of Cryptography

Confidentiality Data integrity Authentication Non-repudiation

Digital signatures Identification Key establishment Secret sharing Security protocols Electronic cash Games

Cryptography is not about encrypting & decrypting messages but Cryptography is not about encrypting & decrypting messages but solves real-world problemssolves real-world problems

Applications of Cryptography cont’d…

ConfidentialityConfidentiality – Eve should not be able to read Bob’s message to Alice

Data integrityData integrity – Alice should be sure that Bob’s message has not been altered

AuthenticationAuthentication – Alice should be sure that the received message is from Bob and only Bob

Non-repudiationNon-repudiation – Bob cannot claim that he had not sent the message

Applications of Cryptography cont’d…

Digital signaturesDigital signatures – Signing of an electronic message by electronic means IdentificationIdentification – Password protection of machines Key establishmentKey establishment – Secret key sharing between machines Secret sharingSecret sharing – Ex. : Combination lock of a bank safe Security protocolsSecurity protocols – Carrying out secret transactions over open channels,

protect credit card information by SSL and SET Electronic cashElectronic cash – Credit cards (no anonymity) but electronic cash system (

provides anonymity as well as catches counterfeiters) Games Games - Play poker or flip coins with people not in the same room

Classical Classical CryptosystemsCryptosystems

Classical Cryptosystems

• Encryption & Decryption performed by a single secret key – conventional encryption

• Encryption algorithm is the reverse of decryption algorithm• Types of attack on encryption algorithm are:

cryptanalysis and brute force• Involves the use of substitution and transposition

techniques

Classical Cryptosystems cont’d…

Symmetric Cipher Model

………………………………

………………………………

Secret key, Secret key, KK

Encryption Encryption algorithm algorithm (DES, AES)(DES, AES)

Decryption Decryption algorithm algorithm (reverse of (reverse of encryption)encryption)

Plaintext Plaintext inputinput

Plaintext Plaintext outputoutput

Secret key, Secret key, KK

CiphertextCiphertext


Conventional Cryptosystem Model

DestinationDestinationEncryption Encryption algorithmalgorithm

Decryption Decryption algorithm algorithm

Message Message sourcesource

Key Key SourceSource

CryptanalystCryptanalyst

ww

SS YY SS

ŜŜŵŵ


Explanation

SourcePlaintext: S = [S1, S2,…SM] ;26 letters of English alphabetKey: W = [W1, W2,…WJ] ; {0,1}Ciphertext: Y = [Y1, Y2,…YN] = E(W,S)

DestinationS = D(W,Y)

OpponentKnows E & D algorithms, can get estimate of S (ŜŜ) and W (ŵŵ)


Techniques

– Substitution : Letters or bit patterns of plaintext are replaced by other letters, numbers or symbols or bit patterns

– Transposition : Some sort of permutation is performed on plaintext letters


SubstitutionTechniques– Caesar Cipher

Encryption Algorithm - C = E(3,p) = (p+3) mod 26General case,

C = E(k,p) = (p+k) mod 26; k=1…25

Decryption Algorithm - p=D(k,C)=(C-k)mod 26Example: Let p = meet me after lunch & k=3

C = PHHW PH DIWHU OXQFK


Substitution Techniques– Monoalphabetic Cipher

• Use of single cipher element per letter• Cipher line can be any permutation of 26

alphabets – 26! keys• Cryptanalysts can study the frequency data of the

original message to break it• Countermeasure is to provide multiple subsitutes

(homophones) for a single letter

Frequencies of English Letters


Substitution Techniques– Playfair Cipher

• Mutiple letter encryption cipher

• Treats diagrams in the plaintext as single units and translates them into ciphertext diagrams

• Uses 5x5 matrix of letters constructed using a keyword

• Ex keyword: MONARCHY

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

• Substitution Techniques– Playfair Cipher

• balloon - ba lx lo on• ar – RM• mu – CM• hs – BP• ea – IM or JM

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

Classical Cryptosystems


Substitution Techniques– Hill Cipher

• Encryption algorithm takes m successive plaintext letters and substitutes for them m cipher letters

• m linear equations are used in which each character is assigned a numerical value (a=0, b=1, …z=25)

• For m=3 we have,c1= (k11p1+k12p2+k13p3) mod 26c2 = (k21p1+k22p2+k23p3) mod 26c3 = (k31p1+k32p2+k33p3) mod 26

or C = KP mod 26


Substitution Techniques– Hill CipherEx: Let p = pay more money and K =

First 3 letters: pay is

Then

K * = mod 26 = LNS


Substitution Techniques– Hill Cipher

• Decryption algorithm requires inverse of the matrix K i.e., K-1

• K-1 =

• K-1 C = P


Substitution Techniques– Polyalphabetic Cipher

• Use of different monoalphabetic substitution rules as we proceed through the plaintext

• Use of a key to determine which particular rule is chosen for a given transformation

• Ex. Let


Transposition Techniques– Mapping performed by some sort of permutation

on the plaintextRail fence TechniquePlaintext written down as a sequence of diagonals and read off as a sequence of rowsEx.:

plaintext: meet me after the meetingWritten as: m e m a t r h m e I g

e t e f e t e e t nCiphertext: MEMATRHMEIGETEFETEETN


Data Encryption Standard (DES)

One DES Round

Key Processing: Subkeys Generation

The 56-bit key is used to create 16 different 48-bit subkeys - one for each round.

In order to generate the 48-bit subkeys from the 56-bit key, the following process is used:

» First, the key is loaded according to the PC-1 and then halved.

– Then each half is rotated by 2 bits in every round except the first, second, 9th and last rounds.

– The reason for this is that it makes it secure against related-key cryptanalysis.

– Then 48 of the 56 bits are chosen according to a compression permutation PC-2 .

http://www.cs.wm.edu/~hallyn/des/compresstable.html

DES - Expansion Permutation

• First the right half goes through an expansion permutation which expands it from 32 to 48 bits

• The 32 bit RPT is divided into 8 blocks, with each block consisting of 4 bits.

• Each 4 bit block of is then expanded to a 6 bit block.

http://www.cs.wm.edu/~hallyn/des/expand.html

Expansion Permutation Table

32 1 2 3 4 5

4 5 6 7 8 9

8 9 10 11 12 13

12 13 14 15 16 17

16 17 18 19 20 21

20 21 22 23 24 25

24 25 26 27 28 29

28 29 30 31 32 1

S-Box Substitution

DES S-Box Table (S1)

14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8

4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

Input : 011001 Output: 1001Input : 011001 Output: 1001


Advanced Encryption Standard (AES)

ADD ROUND KEY

STATE KEY = OUTPUT

=

SUBSTITUTE BYTES

S 0,0 S 0,1 S 0,2 S 0,3

S 1,0 S 1,1 S 1,2 S 1,3

S 2,0 S 2,1 S 2,2 S 2,3

S 3,0 S 3,1 S 3,2 S 3,3

S 0,0 S 0,1 S 0,2 S 0,3

S 1,1 S 1,2 S 1,3 S 1,0

S 2,2 S 2,3 S 2,0 S 2,1

S 3,3 S 3,0 S 3,1 S 3,2

No shift

Shift Rows

MIX COLUMNS


Advanced Encryption Standard (AES)

Public Key Public Key CryptosystemsCryptosystems

Public Key Cryptosystems

• Asymmetric encryption – encryption & decryption keys are different – one a public key and the other a private key

• May be used for confidentiality, authentication or both.

• Widely used algorithm – RSA• Difficulty of attacking RSA is based on the

difficulty of finding the prime factors of a composite number

Public Key Cryptosystems cont’d…

Principle• Plaintext – Readable message• Encryption Algorithm – transformation of P to C• Public & private keys – one used for encryption

and the other for decryption• Ciphertext – Scrambled message• Decryption Algorithm – Transformation of C to P


Encryption

AliceAlice

………………………………

………………………………

Alice’s public Alice’s public keykey

Encryption Encryption algorithm algorithm (RSA)(RSA)




Alice’s Alice’s private keyprivate key


Bob’s public key ringBob’s public key ringJoeJoe

MikeMikeTedTed


Authentication

………………………………

………………………………

Bob’s private Bob’s private keykey

Encryption Encryption algorithm algorithm (RSA)(RSA)




Bob’s public Bob’s public keykey


Alice’s public key ringAlice’s public key ring

JoeJoe

MikeMike TedTedBobBob


Steps•Each user generates a pair of keys for Encryption & Each user generates a pair of keys for Encryption & DecryptionDecryption

•Each user places on key in public register. Other Each user places on key in public register. Other key is kept privatekey is kept private

•If Bob wishes to send a message to Alice’s, he uses If Bob wishes to send a message to Alice’s, he uses Alice’s public key to encrypt the messageAlice’s public key to encrypt the message

•Alice decrypts the message using her private keyAlice decrypts the message using her private key





Key Pair Key Pair SourceSource


SS YY SS

ŜŜP^RP^Rbb

PUPUbb PRPRbb

SecrecySecrecy

Y=E(PUY=E(PUbb, S), S)

S=D(PRS=D(PRbb, Y), Y)







SS YY SS

P^RP^Raa

PRPRaa PUPUaa

AuthenticationAuthentication

Y=E(PRY=E(PRaa, S), S)

S=D(PUS=D(PUaa, Y), Y)


Authentication and SecrecyZ=E(PUZ=E(PUbb, E(PR, E(PRa a , S)), S))

S=D(PUS=D(PUaa, D(PR, D(PRbb, Z)), Z))





SS YYSS

PRPRaa

PUPUaa

Encryption Encryption algorithmalgorithm


ZZ YY

PUPUbbPRPRbb



RSA AlgorithmKey GenerationKey Generation

Select Select p, qp, q (primes) (primes)

Calculate n = pxqCalculate n = pxq

Calculate Calculate (n) = (p-1) x (q-1)(n) = (p-1) x (q-1)

Select integer e such that gcd (Select integer e such that gcd ((n), e ) =1; 1<e< (n), e ) =1; 1<e< (n) (n)

Calculate d such that d=eCalculate d such that d=e-1-1 (mod (mod (n) )(n) )

Public key: PU = {e, n}Public key: PU = {e, n}

Private key: PR = {d, n}Private key: PR = {d, n}


Encryption

Plaintext: M<nPlaintext: M<n

Ciphertext: C = MCiphertext: C = Mee mod n mod n

Decryption

Ciphertext: C Ciphertext: C

Plaintext: M = CPlaintext: M = Cd d mod nmod n

RSA Algorithm


Brute force : : Involves trying all possible private keysInvolves trying all possible private keys

Mathematical attacks: : Factoring the product of two Factoring the product of two primesprimes

Timing attacks: Depend on the running time of : Depend on the running time of decryption algorithmdecryption algorithm

Chosen ciphertext attacks: exploits properties of : exploits properties of RSA algorithmRSA algorithm

Security of RSA Algorithm


Key Management : DIFFIE-HELLMAN KEY EXCHANGE ALGORITHM

Global Public Elements

q q Prime numberPrime number

< q and < q and is a primitive root of q is a primitive root of q

User A Key Generation

Select private XSelect private XAA ; X ; XAA < q < q

Calculate public YCalculate public YAA ; Y ; YAA = = XXA A mod qmod q

User B Key Generation

Select private XSelect private XBB ; X ; XBB < q < q

Calculate public YCalculate public YBB ; Y ; YBB = = XXB B mod qmod q


Calculation of Secret Key by User A

K = (YK = (YBB))XXA mod qA mod q

Calculation of Secret Key by User B

K = (YK = (YAA))XXB mod qB mod q

• The result is that the two sides have exchanged a secret value

• Intruder has q, , YA, YB

• He has to calculate XB = dlog , q (YB) –> discrete logarithm



Calculation of Secret Key by User A

K = (YK = (YBB))XXA mod qA mod qCalculation of Secret Key by User B

K = (YK = (YAA))XXB mod qB mod q

Ex: Let q = 353, = 3, XA= 97, XB= 233

A computes YA = 397 mod 353 = 40

B computes YB = 3233 mod 353 = 248

After exchanging public keys: A computes K = 24897mod 353 = 160

B computes K = 40233 mod 353 = 160




• Based on the difficulty of computing discrete Based on the difficulty of computing discrete

logarithmslogarithms

• Works also in extension Galois fields : GF(pWorks also in extension Galois fields : GF(pqq))

Primitive Roots

• Primitive root of a primePrimitive root of a prime p is one whose powersis one whose powers modulo p

generate all integers fromgenerate all integers from 1 toto p-1..

• i.e., if i.e., if a is a primitive root of p then is a primitive root of p then

• a mod p, a 2 mod p,…….ap-1 mod p are distinct and consist of all are distinct and consist of all

integers from integers from 1 through through p-1 in some permutation in some permutation

• For any integer b and primitive root a of prime no. For any integer b and primitive root a of prime no. p we can find we can find

a unique element I such thata unique element I such that

• b = ai mod p where 0<=i<=(p-1)

• The exponent i is called “discrete logarithm” of b for the The exponent i is called “discrete logarithm” of b for the

base base a mod p

• We express this as We express this as dloga,p(b)

Others

• Elliptic Curve CryptographyElliptic Curve Cryptography

• Message Authentication and Hash FunctionsMessage Authentication and Hash Functions

• Digital Signatures and Authentication ProtocolsDigital Signatures and Authentication Protocols

• Quantum CryptographyQuantum Cryptography

AND SO ON …AND SO ON …

References

• Network Security Essentials – Applications and Standards by William Stallings.

• Cryptography and Network Security by Atul Kahate.

• Introduction to Cryptography with Coding Theory by Wade Trappe and Lawrence C. Washington.

Thank You

Questions ? ? ?

basic of scom (1)

Documents

plaintext cryptography

monarchy contd

decryption algorithm

encryption cryptanalysis

electronic message

patterns of plaintext

overview of cryptographywhat

readbobs message