2. History andTerms
WhyWe Need Encryption
How is Encryption Used In Systems
Difference in Ciphers
Various Implementations
HashValues
Digital Signatures
Why Attacks Are Successful
3. Hieroglyphs
4000 years ago
Use pictures to represent words/messages
Caesar ShiftCipher
Replace characters by an offset (or shifting)
Offset = 2, then “hello” -> “jgnnq”
Improvements over time
Steganography,Vigenere Coding
4. Modern really means digital
Much more mathematically oriented
Operating on bit values
Use of public key and secret key
Even though algorithm are public, it’s nearly
impossible to obtain original information
5. Plaintext –The original information
Cipher – A secret way of writing (an algorithm)
Encryption Key – A value that is used to encrypt plaintext
(aka, public key)
Decryption Key – A value that is used to decrypt
Ciphertext (aka, private key)
Ciphertext -The encrypted information
Algorithm – (Often) Public algorithm that uses keys to
encrypt or decrypt information
Interceptor/Attacker – unauthorized entity that tries to
determine the cipher text (aka, hacker)
Symmetric – single key used for encryption and
decryption
Asymmetric – uses public key and private key
7. Passive – Simply gaining unauthorized access to
information.
Most common password is 123456
Active – A hacker attempts to make changes to
data on the target or data en route
Masquerading: hacker pretends to be someone
Denial of Service (DoS): deny access to legitimate
users by overwhelming the system (common)
Using technical information to steal user id (e.g.,
using session id)
8. Known Plaintext Attack (KPA)
Attacker knows plaintext of some part of the ciphertext; attempts to
decrypt the rest
Chosen Plaintext Attack (CPA)
Attacker has ciphertext and plaintext; attempts to determine key
Brute Force Attack (BFA)
Attacker tries to determine key by attempting all possible values
Man in the Middle (MIM)
Simple, but technically challenging method of duping both the sender
and the receiver into thinking keys came from correct source
Side Channel Attacks (SCA)
Data Remanence (reading data that should have been deleted)
Row Hammer (low-level memory hack)
Fault Analysis (forcing errors and reading outputs for clues)
9. Traditionally Ciphers were single character
Caesar Cipher: shift a single character
Two-character Cipher (Playfair)
Use two characters as key
String Cipher (Vigenere)
Use a string (word) as key
One-Time Pad
Key length equals length of plaintext
Block/Stream (DES,AES)
Plaintext is processed in blocks/streams of bits at a
time
11. Underlying model for many block ciphers
Same algorithm for encryption/decryption
Steps
Input is split into two halves
RHS input is transformed by function f which receives
a subkey
LHS combined with transformed input from RHS
using XOR operation
RHS and LHS are switched to obtain the input for next
round
Repeat
12. 32 bit 32 bit
f
32 bit 32 bit
32 bit 32 bit
Ki
LHSi-1 RHSi-1
LHSi-1 = RHSi-1 RHSi-1 = LHSi-1
13. Block size is 64 bits
Key length is 64 bits (though only 56 are used)
Round-key generator creates 48-bit Key
• Very Strong Cipher
• Fallen out of favor
because small key value
• Can be hacked with
exhaustive search
14. Don’t abandon original DES; change usage
Effectively use 3 Keys (3X56 = 168)
Problem of short key solved
Kind of slow
Process
Encrypt plaintext using K1
Decrypt output of Step1 using K2
Encrypt output of Step2 using K3
Output of Step3 is ciphertext
Decrypt in reverse order
15. The more popular algorithm today
Much faster thanTriple DES
128-bit data; 128/192/256-bit keys
Key size depends on the number of rounds
A “bit” more complex algorithm (pun
intended)
For details see online resources
To-Date no attacks againstAES have been
successful
16. Asymmetric Cipher (diff keys)
Necessary due to growth of
Internet
Used for smaller pieces of data
ThreeTypes
RSA (widely used)
ElGamal
Elliptic Curve Cryptography (ECC)
18. Function that converts arbitrarily long numeric
input into a fixed numeric output called a hash
Very Efficient
Hard to reverse value
Hard to produce same hash for diff inputs
Some well known Hash Functions
Message Digest (MD), Secure Hash Function (SHA),
RIPEMD
Most Common Use: Password Storage
Secure Apps will not save your password in plaintext
19. How can we be sure a message is authentic?
In the old days, a signature on a letter proved
authenticity
Digital Signatures do the same thing-they
ensure that the message is from the original
sender with the original message
Adds trust when exchanging data
Using Encryption with Digital Signatures is
important
Certifying Authority (CA) responsible for
management of certificates
Generating, issuing, publishing, verifying, revoking
Which of these are likely to happen? Some are more theoretical than practical.
In feedback cipher, the encrypted text of the previous step is used to encrypt the next block
Right side image shows the all 16 rounds of encryption. Number of rounds is configurable
Left side shows a single round of encryption.
LHS = Left Hand Side
RHS = Right Hand Side
Each person adopting this scheme has a public-private key pair.
the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key.
Signer feeds data to the hash function and generates hash of data.
Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier.
Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output.
Verifier also runs same hash function on received data to generate hash value.
For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid.
Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.