Cryptography

Unit 1

Introduction
The art of war teaches us to rely not on the likelihood of the enemy's
not coming, but on our own readiness to receive him; not on the
chance of his not attacking, but rather on the fact that we have made
our position unassailable.
The Art of War, Sun Tzu

National Institute of Engineering at Mysuru

Introduction
Hidden writing
Increasingly used to protect information
Can ensure confidentiality
Integrity and Authenticity too

National Institute of Engineering at Mysuru

What is Cryptography?
Cryptography is the science of using mathematics to encrypt and
decrypt data.
cryptanalysis is the science of analyzing and breaking secure
communication.
Cryptology embraces both cryptography and cryptanalysis

National Institute of Engineering at Mysuru

How does it work?

National Institute of Engineering at Mysuru

Outline
History
Terms & Definitions
Symmetric and Asymmetric Algorithms
Hashing
PKI Concepts
Attacks on Cryptosystems

National Institute of Engineering at Mysuru

History The Manual Era

Dates back to at least 2000 B.C.
Pen and Paper Cryptography
Examples

Scytale
Atbash
Caesar
Vigenre

National Institute of Engineering at Mysuru

Encryption Technology in Ancient

India
Jaimini was one of the disciples of Veda Vyasa. He
put a compendium of Sutras and is called as
Jaimini Sutras.
He has put it cryptically the houses he was
referring to in his slokas

National Institute of Engineering at Mysuru

Ka Ta Pa Ya di Sutra
For eg. The sutra:
Dara Bhagya
Shoolasyaargala
Nidhyayathu
From the table
Da=8 ra=2, reverse and
divide by 12 gives the
house in question
28 (mod 12) = 4
Similarly for Bhagya=41 ,
14 mod 12 = 2
Shoola = 5 la = 3
35 mod 12 = 11
National Institute of Engineering at Mysuru

Encryption Technology in Ancient

India
gopi bhagya madhuvrata
srngiso dadhi sandhiga
khala jivita khatava
gala hala rasandara
go = 3, pi = 1, bha =4 , ya = 1 , ma = 5 , duv = 9
31415926535897932384626433832792

National Institute of Engineering at Mysuru

10

History The Mechanical Era

Invention of cipher machines
Examples
Confederate Armys Cipher Disk
Japanese Red and Purple Machines
German Enigma

11

National Institute of Engineering at Mysuru

Speak Like a Crypto Geek

Plaintext A message in its natural format readable by an
attacker
Ciphertext Message altered to be unreadable by anyone
except the intended recipients
Key Sequence that controls the operation and behavior of
the cryptographic algorithm
Keyspace Total number of possible values of keys in a
crypto algorithm
12

National Institute of Engineering at Mysuru

Speak Like a Crypto Geek (2)

Initialization Vector Random values used with ciphers to
ensure no patterns are created during encryption
Cryptosystem The combination of algorithm, key, and key
management functions used to perform cryptographic
operations

13

National Institute of Engineering at Mysuru

Cryptosystem Services
Confidentiality
Integrity
Authenticity
Nonrepudiation
Access Control

14

National Institute of Engineering at Mysuru

Types of Cryptography
Stream-based Ciphers
One at a time, please
Mixes plaintext with key stream
Good for real-time services

Block Ciphers
Amusement Park Ride
Substitution and transposition

15

National Institute of Engineering at Mysuru

Encryption Systems
Substitution Cipher
Convert one letter to another
Cryptoquip

Transposition Cipher
Change position of letter in text
Word Jumble

Monoalphabetic Cipher
Caesar

16

National Institute of Engineering at Mysuru

Encryption Systems
Polyalphabetic Cipher
Vigenre

Modular Mathematics
Running Key Cipher

One-time Pads
Randomly generated keys

National Institute of Engineering at Mysuru

17

17

What Technique did Jason Use?

Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very
important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing
advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's
client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor.
Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all
the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company
can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is
given leave with pay until they can figure out what is going on.

Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the
marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but
cannot find anything out of the ordinary with them. What technique has Jason most likely used?

National Institute of Engineering at Mysuru

18

Steganography
Hiding a message within another medium, such as an
image
No key is required
Example
Modify color map of JPEG image

19

National Institute of Engineering at Mysuru

Cryptosystem Services
Confidentiality
Integrity
Authenticity
Nonrepudiation
Access Control

20

National Institute of Engineering at Mysuru

Security Services
X.800 defines it as: a service provided by a protocol layer of
communicating open systems, which ensures adequate security of the
systems or of data transfers
RFC 2828 defines it as: a processing or communication service
provided by a system to give a specific kind of protection to system
resources
X.800 defines it in 5 major categories

National Institute of Engineering at Mysuru

21

Security Services (X.800)

Authentication - assurance that the communicating entity is the one claimed

Access Control - prevention of the unauthorized use of a resource
Data Confidentiality protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in a communication

National Institute of Engineering at Mysuru

22

Security Mechanisms (X.800)

specific security mechanisms:

encipherment, digital signatures, access controls, data integrity, authentication

exchange, traffic padding, routing control, notarization

pervasive security mechanisms:

trusted functionality, security labels, event detection, security audit trails,

security recovery

National Institute of Engineering at Mysuru

23

Continued

Figure 1.2 Taxonomy of attacks with relation to security goals

1.24

1.2.1 Attacks Threatening Confidentiality

Snooping refers to unauthorized access to or interception of

data.
Traffic analysis refers to obtaining some other type of
information by monitoring online traffic.

1.25

1.2.2 Attacks Threatening Integrity

Modification means that the attacker intercepts the message

and changes it.
Masquerading or spoofing happens when the attacker
impersonates somebody else.
Replaying means the attacker obtains a copy
of a message sent by a user and later tries to replay it.
Repudiation means that sender of the message might later
deny that she has sent the message; the receiver of the
message might later deny that he has received the message.
1.26

1.2.3 Attacks Threatening Availability

Denial of service (DoS) is a very common attack. It may

slow down or totally interrupt the service of a system.

1.27

1.2.4 Passive Versus Active Attacks

Table 1.1 Categorization of passive and active attacks

1.28

Security services

1.29

Security mechanisms
Encipherment

Security Mechanisms

Data Integrity
Digital Signature
Authentication
exchange
Traffic Padding

Routing Control
Notarization
Access Control

National Institute of Engineering at Mysuru

30

Classify Security Attacks

passive attacks - eavesdropping on, or monitoring of, transmissions to:
obtain message contents, or
monitor traffic flows

active attacks modification of data stream to:

masquerade of one entity as some other

replay previous messages
modify messages in transit
denial of service

National Institute of Engineering at Mysuru

31

Relation between Security

Service and Mechanism
Security Service

Security Mechanism

Data confidentiality

Encipherment and routing control

Data Integrity

Encipherment, digital signature, data

integrity

Authentication

Encipherment, digital signature,

authentication exchanges

Nonrepudiation

Digital signature, data integrity, and

notarization

Access Control

Access control mechanism

National Institute of Engineering at Mysuru

32

Types of Attacks

National Institute of Engineering at Mysuru

33