cryptography chapter1

7/23/2019 Cryptography Chapter1

1/33

CryptographyUnit 1


2/33

Introduction

The art of war teaches us to rely not on the likelihood of the enot coming, but on our own readiness to receive him; not onchance of his not attacking, but rather on the fact that we hour position unassailable.

The Art of War, Sun Tzu

National Institute of Engineering at Mysuru


3/33

Introduction

Hidden writing

Increasingly used to protect information

Can ensure confidentiality

Integrity and Authenticity too

3National Institute of Engineering at Mysuru


4/33

What is Cryptography?

Cryptography is the science of using mathematics to encrypdecrypt data.

cryptanalysis is the science of analyzing and breaking secure

communication.

Cryptology embraces both cryptography and cryptanalysis



5/33

How does it work?



6/33

Outline History

Terms & Definitions

Symmetric and Asymmetric Algorithms

Hashing

PKI Concepts

Attacks on Cryptosystems



7/33

History The Manual Era

Dates back to at least 2000 B.C.

Pen and Paper Cryptography

Examples

Scytale

Atbash

Caesar

Vigenre



8/33

Encryption Technology in Ancient

India Jaimini was one of the disciples of Veda Vyasa. He

put a compendium of Sutras and is called asJaimini Sutras.

He has put it cryptically the houses he was

referring to in his slokas



9/33

Ka Ta Pa Ya di Sutra


For eg. The sutra:

Dara Bhagya

Shoolasyaargala

Nidhyayathu

From the table

Da=8 ra=2, reverse an

divide by 12 gives thehouse in question

28 (mod 12) = 4

Similarly for Bhagya=4

14 mod 12 = 2

Shoola = 5 la = 3

35 mod 12 = 11


10/33

Encryption Technology in Ancient

India gopi bhagya madhuvrata

srngiso dadhi sandhiga

khala jivita khatava

gala hala rasandarago = 3, pi = 1, bha =4 , ya = 1 , ma = 5 , duv = 9

31415926535897932384626433832792



11/33

History The Mechanical Era

Invention of cipher machines

Examples

Confederate Armys Cipher Disk

Japanese Red and Purple Machines German Enigma



12/33

Speak Like a Crypto GeekPlaintext A message in its natural format readable by a

attacker

Ciphertext Message altered to be unreadable by anyonexcept the intended recipients

Key Sequence that controls the operation and behavio

the cryptographic algorithm

Keyspace Total number of possible values of keys in acrypto algorithm



13/33

Speak Like a Crypto Geek (2)Initialization Vector Random values used with ciphers

ensure no patterns are created during encryption

Cryptosystem The combination of algorithm, key, and k

management functions used to perform cryptographicoperations



14/33

Cryptosystem Services

Confidentiality

Integrity

Authenticity

Nonrepudiation

Access Control



15/33

Types of Cryptography Stream-based Ciphers

One at a time, please

Mixes plaintext with key stream

Good for real-time services

Block Ciphers

Amusement Park Ride

Substitution and transposition



16/33

Encryption Systems

Substitution Cipher Convert one letter to another

Cryptoquip

Transposition Cipher Change position of letter in text

Word Jumble

Monoalphabetic Cipher Caesar



17/33

Encryption Systems

Polyalphabetic Cipher Vigenre

Modular Mathematics

Running Key Cipher One-time Pads

Randomly generated keys



18/33

What Technique did Jason Use?

Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is work

important marketing campaign for his company's largest client. Before the project could be completed and implementeadvertising company comes out with the exact same marketing materials and advertising, thus rendering all the work dclient unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a c

Without any proof, Jason's company cannot do anything except move on. After working on another high profile client fothe marketing and sales material again ends up in the hands of another competitor and is released to the public before can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have given leave with pay until they can figure out what is going on.

Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that

marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the cannot find anything out of the ordinary with them. What technique has Jason most likely used?



19/33

Steganography

Hiding a message within another medium, such as animage

No key is required

Example Modify color map of JPEG image



20/33

Cryptosystem Services

Confidentiality

Integrity

Authenticity

Nonrepudiation

Access Control



21/33

Security Services

X.800 defines it as: a service provided by a protocol layer ofcommunicating open systems, which ensures adequate securitsystems or of data transfers

RFC 2828 defines it as: a processing or communication servicprovided by a system to give a specific kind of protection to resources

X.800 defines it in 5 major categories



22/33


23/33

Security Mechanisms (X.800)

specific security mechanisms: encipherment, digital signatures, access controls, data integrity, auth

exchange, traffic padding, routing control, notarization

pervasive security mechanisms: trusted functionality, security labels, event detection, security audit

security recovery


Continued


24/33

1.24

Figure 1.2 Taxonomy of attacks with relation to security goals

1.2.1 Attacks Threatening Confidentiality


25/33

1.25

Snoopingrefers to unauthorized access to or interceptio

data.

Traffic analysis refers to obtaining some other typ

information by monitoring online traffic.

1.2.2 Attacks Threatening Integrity


26/33

1.26

Modificationmeans that the attacker intercepts the mes

and changes it.

Masquerading or spoofing happens when the atta

impersonates somebody else.

Replaying means the attacker obtains a

of a message sent by a user and later tries to replay it.

Repudiationmeans that sender of the message might

deny that she has sent the message; the receiver of

message might later deny that he has received the messa

1.2.3 Attacks Threatening Availability


27/33

1.27

Denial of service(DoS) is a very common attack. It

slow down or totally interrupt the service of a system.

1.2.4 Passive Versus Active Attacks


28/33

1.28

Table 1.1 Categorization of passive and active attacks


29/33

1.29

Security services


30/33

Security mechanisms

SecurityM

echanisms

Encipherment

Data Integrity

Digital Signature

Authentication

exchange

Traffic Padding

Routing Control

Notarization

Access Control



31/33

Classify Security Attacks

passive attacks - eavesdropping on, or monitoring of, transm obtain message contents, or monitor traffic flows

active attacks modification of data stream to: masquerade of one entity as some other replay previous messages modify messages in transit

denial of service


l b


32/33

Relation between SecurityService and Mechanism

Security Service Security Mechanism

Data confidentiality Encipherment and routing control

Data Integrity Encipherment, digital signature, data

integrity

Authentication Encipherment, digital signature,

authentication exchangesNonrepudiation Digital signature, data integrity, and

notarization

Access Control Access control mechanism



33/33

Types of Attacks


cryptography chapter1

Documents