l5-cryptography and applications

7/27/2019 l5-Cryptography and Applications

1/93

Cryptography andApplicationsP HA M VA N HAU ([email protected] )

SCHOOL OF COMPUTER SCIENCE AND ENGINEERING-INTERNATIONAL UNI VERSITY
mailto:[email protected]:[email protected]


2/93

The History of ryptographyCryptography has roots thatbegin around 2000 B.C. in Egypt

used to decorate tombs to tellthe life story of the deceased

not so much about hiding themessages themselves; rather, thehieroglyphics were intended tomake the life story seem morenoble, ceremonial, and majestic


3/93

Some Basic Terminology plaintext - original message

ciphertext - coded message

cipher - algorithm for transforming plaintext to ciphertext

key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext

decipher (decrypt) - recovering ciphertext from plaintext

cryptography - study of encryption principles/methods

cryptanalysis (codebreaking) - study of principles/

methods of deciphering ciphertext withoutknowing key cryptology - field of both cryptography and cryptanalysis

3


4/93

Classical Substitution Ciphers where letters of plaintext are replaced by other letters or by

numbers or symbols

or if plaintext is viewed as a sequence of bits, then substitutioninvolves replacing plaintext bit patterns with ciphertext bit patterns

4


5/93

Caesar Cipher earliest known substitution cipher

by Julius Caesar

first attested use in military affairs

replaces each letter by 3rd letter ona b c d e f g h i j k l m n o p q r s t u v wx y z

D E F G H I J K L M N O P Q R S T U V W X Y Z AB C

example:

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

5


6/93

aesar ipher mathematically give each letter a numbera b c d e f g h i j k l m n o p q r s t u v w x y

z0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

25

then have Caesar cipher as:c = E(p) = (p + k) mod (26)

p = D(c) = (c k) mod (26)

6


7/93

ryptanalysis of aesar ipher only have 26 possible ciphers

A maps to A,B,..Z

could simply try each in turn

given ciphertext, just try all shifts of letters do need to recognize when have plaintext

eg. break ciphertext "GCUA VQ DTGCM"

7


8/93

More substitution ciphersMono-alphabetic CipherPlayfair Cipher

Polyalphabetic Cipher

Vigenre Cipher Autokey Cipher

One Time Pad


9/93

Monoalphabetic ipher rather than just shifting the alphabet

could shuffle (jumble) the letters arbitrarily

each plaintext letter maps to a different random

ciphertext letter hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

9


10/93

Monoalphabetic Cipher

Security now have a total of 26! = 4 x 1026 keys

with so many keys, might think is secure

but would be !!!WRONG!!!

problem is language characteristics

10


11/93

The Strength of theryptosystemThe strength (work factor): an estimate of the effort and resources itwould take an attacker to penetrate a cryptosystem

strength of an encryption method comes from

the algorithm,

the secrecy of the key,

the length of the key,

the initialization vectors,

how they all work together within the cryptosystem


12/93

ryptanalysis letters are not equally commonly used

in English E is by far the most common letter

followed by T,R,N,I,O,A,S

other letters like Z,J,K,Q,X are fairly rare

have tables of single, double & triple letter frequenciesfor various languages

12


13/93

English Letter Frequencies

13


14/93

Use in Cryptanalysis key concept - monoalphabetic substitution ciphers do not

change relative letter frequencies

discovered by Arabian scientists in 9th century

calculate letter frequencies for ciphertext compare counts/plots against known values

if caesar cipher look for common peaks/troughs

peaks at: A-E-I triple, NO pair, RST triple

troughs at: JK, X-Z

for monoalphabetic must identify each letter

tables of common double/triple letters help

14


15/93

Example Cryptanalysis given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

count relative letter frequencies (see text) guess P & Z are e and t

guess ZW is th and hence ZWP is the

proceeding with trial and error finally get:

it was disclosed yesterday that several informal butdirect contacts have been made with political

representatives of the viet cong in moscow

15


16/93

Playfair Cipher not even the large number of keys in a monoalphabetic cipher

provides security

one approach to improving security was to encrypt multiple letters

the Playfair Cipher is an example

invented by Charles Wheatstone in 1854, but named after hisfriend Baron Playfair

16


17/93

Playfair Key Matrix a 5X5 matrix of letters based

on a keyword

fill in letters of keyword (sansduplicates)

fill rest of matrix with otherletters

eg. using the keywordMONARCHY

17

ZXWVU

TSQPL

KI/JGFE

DBYHC

RANOM


18/93

Encrypting and Decrypting plaintext is encrypted two letters at a time

1. if a pair is a repeated letter, insert filler like 'X

2. if both letters fall in the same row, replace each with letter to right(wrapping back to start from end)

3. if both letters fall in the same column, replace each with the letterbelow it (again wrapping to top from bottom)

4. otherwise each letter is replaced by the letter in the same row and inthe column of the other letter of the pair

18


19/93

Example Encryption of the Hello world message

Step 1: split into two letter tokken:Hello world= he ll ow or ld

Step 2: Encrypt each two letter tokken

19


20/93

Security of Playfair Cipher security much improved over monoalphabetic

since have 26 x 26 = 676 digrams

would need a 676 entry frequency table to analyse

(verses 26 for a monoalphabetic) and correspondingly more ciphertext

was widely used for many years

eg. by US & British military in WW1

it can be broken, given a few hundred letters since still has much of plaintext structure

20


21/93

Polyalphabetic Ciphers polyalphabetic substitution ciphers

improve security using multiple cipher alphabets

make cryptanalysis harder with more alphabets to guess

and flatter frequency distribution use a key to select which alphabet is used for each letter

of the message

use each alphabet in turn

repeat from start after end of key is reached

21


22/93

Vigenre Cipher simplest polyalphabetic substitution cipher

effectively multiple caesar ciphers

key is multiple letters long K = k1 k2 ... kd

ith

letter specifies ith

alphabet to use use each alphabet in turn

repeat from start after d letters in message

decryption simply works in reverse

22


23/93

Example of Vigenre Cipher write the plaintext out

write the keyword repeated above it

use each key letter as a caesar cipher key

encrypt the corresponding plaintext letter

eg using keyword deceptivekey: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

23


24/93

Security of Vigenre Ciphers have multiple ciphertext letters for each plaintext letter

hence letter frequencies are obscured

but not totally lost

start with letter frequencies see if look monoalphabetic or not

if not, then need to determine number of alphabets, since then canattach each

24


25/93

Kasiski Method method developed by Babbage / Kasiski

repetitions in ciphertext give clues to period

so find same plaintext an exact period apart

which results in the same ciphertext of course, could also be random fluke

eg repeated VTW in previous example

suggests size of 3 or 9

then attack each monoalphabetic cipher individuallyusing same techniques as before

25


26/93

Autokey Cipher ideally want a key as long as the message

Vigenre proposed the autokey cipher

with keyword is prefixed to message as key

knowing keyword can recover the first few letters

use these in turn on the rest of the message

but still have frequency characteristics to attack

eg. given key deceptivekey: deceptivewearediscoveredsav

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

26


27/93

One-Time Pad if a truly random key as long as the message is used, the

cipher will be secure

called a One-Time pad

is unbreakable since ciphertext bears no statisticalrelationship to the plaintext

since for any plaintext & any ciphertext there exists a keymapping one to other

can only use the key once though problems in generation & safe distribution of key

27


28/93

Transposition Ciphers now consider classical transposition or permutation ciphers

these hide the message by rearranging the letter order

without altering the actual letters used

can recognise these since have the same frequency distribution asthe original text

28


29/93

Rail Fence cipher write message letters out diagonally over a number of

rows

then read off cipher row by row

eg. write message out as:m e m a t r h t g p r ye t e f e t e o a a t

giving ciphertextMEMATRHTGPRYETEFETEOAAT

29


30/93

Row Transposition Ciphers a more complex transposition

write letters of message out in rows over a specified number ofcolumns

then reorder the columns according to some key before reading off

the rowsKey: 4 3 1 2 5 6 7Plaintext: a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

30


31/93

ytale ipherAround 400 B.C., the Spartanswould write a message on a sheetof papyrus (a type of paper) thatwas wrapped around a staff (astick or wooden rod), which was

then delivered and wrappedaround a different staff by therecipient. The message was onlyreadable if it was wrapped aroundthe correct size staff, which madethe letters properly match up


32/93

Enigma ode Machinehttp://www.youtube.com/watch?v=Hb44bGY2KdU


33/93

Product Ciphers ciphers using substitutions or transpositions are not

secure because of language characteristics

hence consider using several ciphers in succession tomake harder, but:

two substitutions make a more complex substitution

two transpositions make more complex transposition

but a substitution followed by a transposition makes a newmuch harder cipher

this is bridge from classical to modern ciphers

33


34/93

Symmetric ryptography


35/93

Block and Stream iphersBLOCK CIPHERS WORK ONBLOCKS OF BITS

STREAM CIPHERS, WHICH WORKON ONE BIT AT A TIME


36/93

Initialization VectorsRandom values that are used with algorithms to ensure patterns are notcreated during the encryption process.

(If IVs are not used, then two identical plaintext values that areencrypted with the same key will create the same ciphertext. )

They are used with keys

Do not need to be encrypted when being sent to the destination.

Key Distribution


37/93

Key Distribution

given parties A and B have various key distributionalternatives:

1. A can select key and physically deliver to B

2. third party can select & deliver key to A & B

3. if A & B have communicated previously can use previous

key to encrypt a new key

4. if A & B have secure communications with a third party C,

C can relay key between A & B


38/93

Strengths and WeaknessesStrengths

Much faster (less computationally intensive) than asymmetricsystems.

Hard to break if using a large key size.

Weaknesses

Requires a secure mechanism to deliver keys properly.

Each pair of users needs a unique key, so as the number of individualsincreases, so does the number of keys, possibly making keymanagement overwhelming.

Provides confidentiality but not authenticity or nonrepudiation


39/93

Types of Symmetric SystemsData Encryption Standard (DES)

3DES (Triple DES)

Blowfish

Twofish

IDEA (International Data Encryption Algorithm)

RC4, RC5, RC6

AES (Advanced Encryption Standard)

SAFER (Secure and Fast Encryption Routine)

Serpent


40/93

Asymmetric ryptography

RSA


41/93

RSA

by Rivest, Shamir & Adleman of MIT in 1977

best known & widely used public-key scheme

based on exponentiation in a finite (Galois) field over

integers modulo a primenb. exponentiation takes O((log n)3) operations (easy)

uses large integers (eg. 1024 bits)

security due to cost of factoring large numbers

nb. factorization takes O(e log n log log n) operations (hard)


42/93

Ideas...Given a big number n, a message M (that is converted to

integer value), if we can choose e and d that satisfy the

following conditions:C=Me mod n for all M


43/93

How RSA Works

Given two primes p, q, and two integers m, n, such that n=p.qand 0


44/93

RSA Key Setup

each user generates a public/private key pair by:

selecting two large primes at random - p, q

computing their system modulus n=p.q

note (n)=(p-1)(q-1)

selecting at random the encryption key e where 1


45/93

RSA Use

to encrypt a message M the sender:obtains public key of recipient PU={e,n}

computes: C = Me mod n, where 0M


46/93

RSA Example - Key Setup

Select primes:p=17 & q=11 Compute n =pq=17 x 11=187

Compute (n)=(p1)(q-1)=16 x 10=160

Select e: gcd(e,160)=1; choose e=7

Determine d: de 1 mod 160 and d < 160 Value isd=23 since 23x7=161= 10x160+1

Publish public key PU={7,187}

Keep secret private key PR={23,187}

RSA Example - En/Decryption


47/93

RSA Example - En/Decryption

sample RSA encryption/decryption is: given message M = 88 (nb. 88


48/93

RSA Security

possible approaches to attacking RSA are:brute force key search (infeasible given big size of keys)

mathematical attacks (based on difficulty of computing

(n), by factoring modulus n)

timing attacks (on running of decryption)

Factoring Problem


49/93

Factoring Problem

mathematical approach takes 3 forms:factor n=p.q, hence compute (n) and then d

determine (n) directly and compute d

find d directly

currently believe all equivalent to factoringCryptanalysis have seen slow improvements over the years

currently assume 1024-2048 bit RSA is secure

ensure p, q of similar size and matching other constraints

Timing Attacks


50/93

Timing Attacks

developed by Paul Kocher in mid-1990s exploit timing variations in operations

eg. multiplying by small vs large number

or IF's varying which instructions executed

infer operand size based on time taken

RSA exploits time taken in exponentiation

countermeasures

use constant exponentiation time

add random delays

blind values used in calculations


51/93

Strengths and WeaknessesStrengths

Better key distribution than symmetric systems

Better scalability than symmetric systems

Can provide authentication and nonrepudiation

Weaknesses

Works much more slowly than symmetric systems

Mathematically intensive tasks

Key Management


52/93

Key Management

public-key encryption helps address key distributionproblems

have two aspects of this:

distribution of public keysuse of public-key encryption to distribute secret keys

Distribution of Public Keys


53/93

s bu o o ub eys

can be considered as using one of:public announcement

publicly available directory

public-key authoritypublic-key certificates

Public Announcement


54/93

users distribute public keys to recipients or broadcastto community at large

eg. append PGP keys to email messages or post to news

groups or email list

major weakness is forgeryanyone can create a key claiming to be someone else andbroadcast it

until forgery is discovered can masquerade as claimed

user

Publicly Available Directory


55/93

y y

can obtain greater security by registering keys with apublic directory

directory must be trusted with properties:

contains {name,public-key} entries

participants register securely with directory

participants can replace key at any time

directory is periodically published

directory can be accessed electronically

still vulnerable to tampering or forgery

Public-Key Authority


56/93

y y

improve security by tightening control overdistribution of keys from directory

has properties of directory

and requires users to know public key for the

directory

then users interact with directory to obtain any

desired public key securely

does require real-time access to directory when keys areneeded

Public-Key Authority


57/93

y y

Public-Key Certificates


58/93

certificates allow key exchange without real-timeaccess to public-key authority

a certificate binds identity to public key

usually with other info such as period of validity, rights of

use etc

with all contents signed by a trusted Public-Key or

Certificate Authority (CA)

can be verified by anyone who knows the public-keyauthorities public-key

Public-Key Certificates


59/93


60/93

Public-key infrastructure (PKI)A public-key infrastructure (PKI) is a set of hardware, software, people,policies, and procedures needed to create, manage, distribute, use,store, and revoke digital certificates

PKI is an arrangement that binds public keys with respective useridentities by means of a certificate authority (CA)

Differences Between Symmetric
http://en.wikipedia.org/wiki/Digital_certificateshttp://en.wikipedia.org/wiki/Public_keyhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Public_keyhttp://en.wikipedia.org/wiki/Digital_certificates


61/93

yand Asymmetric SystemsAttribute Symmetric Asymmetric

Keys One key is shared between

two or more entities

One entity has a public key,

and the other entity has the

corresponding private key.

Key exchange Out-of-band through secure

mechanisms.

A public key is made available

to everyone, and a private key

is kept secret by the owner.

Speed Algorithm is less complex

and faster.

The algorithm is more

complex and slower.

Use Bulk encryption, which

means encrypting files and

communication paths.

Key distribution and digital

signatures.

Security service

provided

Confidentiality. Authentication and

nonrepudiation


62/93

Types of Asymmetric SystemsThe Diffie-Hellman Algorithm

RSA

El Gamal

Elliptic Curve CryptosystemsLUC

Knapsack

Zero Knowledge Proof


63/93

Hybrid Encryption Methods

Public-Key Distribution of Secret Keys


64/93

use previous methods to obtain public-key can use for secrecy or authentication

but public-key algorithms are slow

so usually want to use private-key encryption toprotect message contents

hence need a session key

have several alternatives for negotiating a suitable

session

Simple Secret Key Distribution


65/93

proposed by Merkle in 1979A generates a new temporary public key pair

A sends B the public key and their identity

B generates a session key K sends it to A encrypted using

the supplied public key

A decrypts the session key and both use

problem is that an opponent can intercept and

impersonate both halves of protocol

Public-Key Distribution of Secret Keys


66/93

if have securely exchanged public-keys:

Hybrid Key Distribution


67/93

retain use of private-key KDC shares secret master key with each user

distributes session key using master key

public-key used to distribute master keysespecially useful with widely distributed users

rationale

performance

backward compatibility

Diffie-Hellman Key Exchange


68/93

first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition

of public key concepts

note: now know that Williamson (UK CESG) secretly

proposed the concept in 1970

is a practical method for public exchange of a secret

key

used in a number of commercial products



69/93

a public-key distribution scheme

cannot be used to exchange an arbitrary message

rather it can establish a common key

known only to the two participants

value of key depends on the participants (and their privateand public key information)

based on exponentiation in a finite (Galois) field (modulo a

prime or a polynomial) - easy

security relies on the difficulty of computing discretelogarithms (similar to factoring) hard

Diffie-Hellman Setup


70/93

all users agree on global parameters:large prime integer or polynomial q

a being a primitive root mod q

each user (eg. A) generates their key

chooses a secret key (number): xA < q

compute their public key: yA = axA mod q

each user makes public that key yA



71/93

shared session key for users A & B is KAB:

KAB = axA.xB mod q

= yAxB mod q (which B can compute)

= yBxA mod q (which A can compute)

KAB

is used as session key in private-key encryption scheme

between Alice and Bob

if Alice and Bob subsequently communicate, they will have the

same key as before, unless they choose new public-keys

attacker needs an x, must solve discrete log

Diffie-Hellman Example


72/93

users Alice & Bob who wish to swap keys:

agree on prime q=353 and a=3

select random secret keys:

A chooses xA=97, B chooses xB=233

compute respective public keys:

yA=397

mod 353 = 40 (Alice)

yB=3233

mod 353 = 248 (Bob)

compute shared session key as:

KAB= yB

xA

mod 353 = 248

97

= 160 (Alice)KAB= yA

xB mod 353 = 40233

= 160 (Bob)

Key Exchange Protocols


73/93

users could create random private/public D-H keyseach time they communicate

users could create a known private/public D-H key

and publish in a directory, then consulted and used

to securely communicate with them

both of these are vulnerable to a meet-in-the-

Middle Attack

authentication of the keys is needed


74/93

Kerckhoffs PrincipleAuguste Kerckhoffs published a paper in 1883 stating that

the only secrecy involved with a cryptography system should be the key.

algorithm should be publicly known.

if security were based on too many secrets, there would be morevulnerabilities to possibly exploit.


75/93

Hash Functionscondenses arbitrary message to fixed size

h = H(M)

usually assume that the hash function is public and not keyed

hash used to detect changes to message

can use in various ways with message

most often to create a digital signature

Requirements for Hash


76/93

Functionscan be applied to any sized message M

produces fixed-length output h

is easy to compute h=H(M) for any message M

given h is infeasible to find x s.t. H(x)=h

one-way property

given x is infeasible to find y s.t. H(y)=H(x)

weak collision resistance

is infeasible to find any x,y s.t. H(y)=H(x)

strong collision resistance


77/93

Various Hashing AlgorithmsMD2

MD4

MD5

SHA

SHA-1

SHA-2 family: SHA-256, SHA-384, and SHA-512

HAVAL

Tiger

Attacks Against One-Way Hash


78/93

FunctionsIf the algorithm does produce the same value for two distinctly differentmessages, this is called a collision

An attacker can attempt to force a collision, which is referred to as abirthday attack

How many people must be in the same room for the chance to begreater than even that another person has the same birthday as you?

Answer: 253

How many people must be in the same room for the chance to begreater than even that at least two people share the same birthday?

Answer: 23

Message Authentication ode


79/93

(MA )generated by an algorithm that creates a small fixed-sized block

depending on both message and some key

like encryption though need not be reversible

appended to message as a signature

receiver performs same computation on message and checks itmatches the MAC

provides assurance that message is unaltered and comes from sender

HMAC


80/93

HMAC


81/93

B -MA


82/93

ryptosystemsA cryptosystem is made up of at least the following:

Software

Protocols

Algorithms

Keys


83/93

Services of ryptosystemsConfidentiality Renders the information unintelligible except byauthorized

entities.

Integrity Data has not been altered in an unauthorized manner since it

was created, transmitted, or stored.Authentication Verifies the identity of the user or system that createdinformation.

Nonrepudiation Ensures that the sender cannot deny sending themessage.

Digital signature for a message


84/93

Digital signature for a message

Link Encryption vs. End-to-End


85/93

EncryptionLink encryption encrypts all the data (except data link control messaginginformation) along a specific communication path, as in a satellite link,T3 line, or telephone circuit

end-to-end encryption happens within the applications

SSL encryption takes place at the transport layer.


86/93

HTTP SecureHTTP Secure (HTTPS) is HTTP running over SSL (developed by Netscape)

SSL :

it is not an open-community protocol

works at the transport layer

uses public key encryption

provides data encryption, server authentication, message integrity, andoptional client authentication

The open-community version of SSL is Transport Layer Security (TLS)


87/93

Pretty Good PrivacyFreeware e-mail security program and was released in 1991

PGP is a complete cryptosystem that uses cryptographic protection toprotect e-mail and files.

It can use RSA public key encryption for key management and use

IDEA symmetric cipher for bulk encryption of data

PGP uses web of trust in its key management approach


88/93

Secure ShellSSH is a program and a set of protocols that work together to provide asecure tunnel between two computers.

The two computers go through a handshaking process and exchange(via Diffie-Hellman) a session key that will be used during the session toencrypt and protect the data sent

SSH should be used instead of Telnet, FTP, rlogin, rexec, or rsh

Internet Protocol Security(IPSec)


89/93

(IPSec)IPSec uses two basic security protocols:Authentication Header (AH)and Encapsulating Security Payload (ESP).

AH is the authenticating protocol

ESP is an authenticating and encrypting protocol that uses

cryptographic mechanisms to provide source authentication,confidentiality, and message integrity

IPSec can work in one of two modes:

transport mode, in which the payload of the message is protected

tunnel mode, in which the payload and the routing and header information

are protected


90/93

AttacksCipher-Only Attacks

Known-Plaintext Attacks

Chosen-Plaintext Attacks

Chosen-Ciphertext Attacks

Differential Cryptanalysis

Side-Channel Attacks

Replay Attacks

Steganography


91/93

g g p y an alternative to encryption

hides existence of message

using only a subset of letters/words in a longer message marked insome way

using invisible ink

hiding in graphic image or sound file

has drawbacks

high overhead to hide relatively few info bits

91

Example


92/93

92

Removing all but the last 2 bits of each color component produces an almost

completely black image. Making that image 85 times brighter produces the image

on the right hand-side

.

Example 2: Letter of Recommendation(copied from http://gadgetopia.com/post/2278)


93/93

93

Jane S., a chief sub editor and editor, can always be foundhard at work in her cubicle. Jane works independently, without

wasting company time talking to colleagues. She never

thinks twice about assisting fellow employees, and she always

finishes given assignments on time. Often Jane takes extended

measures to complete her work, sometimes skipping

coffee breaks. She is a dedicated individual who has absolutely novanity in spite of her high accomplishments and profound

knowledge in her field. I firmly believe that Jane can be

classed as a high-caliber employee, the type which cannot be

dispensed with. Consequently, I duly recommend that Jane be

promoted to executive management, and a proposal will be

sent away as soon as possible.

Project Leader

Jane S., a chief sub editor and editor, can always be foundhard at work in her cubicle. Jane works independently, without

wasting company time talking to colleagues. She never

thinks twice about assisting fellow employees, and she always

finishes given assignments on time. Often Jane takes extended

measures to complete her work, sometimes skipping

coffee breaks. She is a dedicated individual who has absolutely novanity in spite of her high accomplishments and profound

knowledge in her field. I firmly believe that Jane can be

classed as a high-caliber employee, the type which cannot be

dispensed with. Consequently, I duly recommend that Jane be

promoted to executive management, and a proposal will be

sent away as soon as possible.

Project Leader

l5-cryptography and applications

Documents