Computer Security

Lecture 3
Cryptography

Syed Naqvi
snaqvi@ieee.org

A Secrecy Scenario …
♦ Alice wants to send a message (plaintext p) to Bob.
♦ The communication channel is insecure and can be
eavesdropped by Trudy.
♦ If Alice and Bob have previously agreed on an encryption
scheme (cipher), the message can be sent encrypted
(ciphertext c)
Alice Bob
p encrypt c c decrypt p

Trudy

11 November, 2010 Lecture 3: Cryptography 2

1
 A Secrecy Scenario …
♦ Issues:
– What is a good cipher?
– What is the complexity of encrypting/decrypting?
– What is the size of the cipher-text, relative to the
plaintext?
– If Alice and Bob have never interacted before,
how can they agree on a cipher?

11 November, 2010 Lecture 3: Cryptography 3

Need of Encryption
Sender Receiver

Plaintext

Defence from:
Active Active Plaintext, P
Plaintext, P
Passive Intruder, Intruder,
Intruder, Can change Can insert
Encryption only listens message message Decryption
Key Key
Method Method
K K
Ek(P)
(P) Dk(C)
(C)

Ciphertext,
Ciphertext, C Ciphertext,
Ciphertext, C

Network

11 November, 2010 Lecture 3: Cryptography 4

2
Traditional Cryptography
♦ Ciphers were already studied in ancient times
♦ Caesar’s cipher:
replace a with d
replace b with e
...
replace z with c
♦ A more general monoalphabetic substitution
cipher maps each letter to some other letter.

11 November, 2010 Lecture 3: Cryptography 5

Secret-Key Ciphers
♦ A secret-key cipher uses a key to encrypt and decrypt
♦ Caesar’s generalized cipher uses modular addition of
each character (viewed as an integer) with the key:
ci = pi + k mod m
pi = ci - k mod m
♦ A more secure scheme is to use modular
exponentiation to encrypt blocks of characters
(viewed as integers):
c [i,j] = p [i,j]k mod m
where m is a large prime.

11 November, 2010 Lecture 3: Cryptography 6

3
Secret-Key Ciphers
♦ Unlike modular addition, modular exponentiation is
considered computationally infeasible (exponential) to
invert. Thus, even if Trudy guesses a pair:(c [i,j] ,p [i,j]), (for
example, she knows the plaintext starts with the words
“Dear Bob”) she still cannot compute the key k.

♦ Alice and Bob need to share only key k. Bob decrypts

using Euler’s Theorem from number theory:
p[i,j] = c [i,j] d mod m
where d can be easily computed from k and m using
Euclid’s gcd (greatest common divisor) algorithm.

11 November, 2010 Lecture 3: Cryptography 7

How to Establish a Shared Key ?

♦ What if Alice and Bob have never met and did not agree
on a key?

♦ The Diffie-
Diffie-Hellman key exchange protocol (1976) allows
strangers to establish a secret shared key while
communicating over an insecure channel

11 November, 2010 Lecture 3: Cryptography 8

4
Types of Encryption
Text is converted to ciphertext by use of an algorithm and key
• Algorithm is publicly known
• Key is held private

Three Main Categories

• Secret Key (symmetric cryptosystem)
– single key is used to encrypt and decrypt information

• Public/Private Key (asymmetric cryptosystem)

– two keys are used: one for encryption (public key) and one for
decryption (private key)

• One-way Function (hash functions)

– information is encrypted to produce a “digest” of the original
information that can be used later to prove its authenticity

11 November, 2010 Lecture 3: Cryptography 9

Symmetric Encryption
♦ Sender and receiver have same secret key that will encrypt
and decrypt plain text
– Strength of encryption technique depends on key length
– Known symmetrical algorithms
• Data Encryption Standard (DES) - 56 bit key
• Triple DES, DESX, GDES, RDES - 168 bit key
• RC2, RC4, RC5 - variable length up to 2048 bits
• IDEA - basis of PGP - 128 bit key
• Blowfish - variable length up to 448 bits

11 November, 2010 Lecture 3: Cryptography 10

5
Data Encryption Standard (DES)
♦ Widely-used
♦ Private (secret) key - judged so difficult to break it was
restricted for export by US Government.
♦ 72,000,000,000,000,000 (72 quadrillion) or more possible
encryption keys
♦ Key chosen at random – both sender and receiver must
know and use the same private key
♦ Can run in several modes and involves 16 rounds or
operations
♦ Many companies use "triple DES“ - applies three keys in
succession

11 November, 2010 Lecture 3: Cryptography 11

Asymmetric Encryption
♦ Better Known as Public/Private Key
– user X has a pair of keys one public and one private
– To encrypt a message to X use X’s public key
– X will decrypt encrypted message using X’s private key that
“matches” X’s public key
♦ Most common algorithm is the RSA (Rivest Shamir
Adelman) algorithm with key lengths from 512 to 1024
bits
♦ Uses modular arithmetic & elementary number theory
♦ based on the fact that it is extremely difficult to find the
prime factors of large numbers.

11 November, 2010 Lecture 3: Cryptography 12

6
Digital Signature
♦ Alice can provide a digital signature for the message:
s = xd mod e
♦ If Bob receives both x and s, he computes:
– y = s3 mod e = xd3 mod e = x
♦ Thus, if y = x, Bob knows that Alice indeed sent x, since
she is the only person who can compute s from x.
♦ Also, Alice cannot cheat and deny to have sent message x
(nonrepudiation).
♦ Using digital signatures, Alice and Bob can authenticate
each other and prevent Trudy’s woman-in-the-middle
attacks
♦ Validating a signed message requires knowledge of the
other party’s public key.

11 November, 2010 Lecture 3: Cryptography 13

Public Key Infrastructure (PKI)

♦ A Public Key Infrastructure consists of one or more
Certification Authorities, plus relevant policy framework
♦ Certification Authorities issue public key certificates to
users
♦ Users employ keys contained in public key certificates to
sign, verify signatures, decrypt or encrypt messages,
transactions or documents

11 November, 2010 Lecture 3: Cryptography 14

7
PKI Services
♦ Confidentiality (Encryption)
– Ensures that data is viewed ONLY by authorized participants
– How? = Encryption scrambles data which only the intended
recipient may unscramble
♦ Integrity
– Ensures data is not altered without authorization
– How? = Digital Signature includes one-way hash (fingerprint) of
content
♦ Identification and Authentication
– Ensures that an entity is whom he/she/it claims to be
– How? = Digital Certificate binds the identity with a unique key
♦ Non-Repudiation
– Ensures that an individual can not deny participating in a transaction
– How? = Digital Signature identifies sender of information
11 November, 2010 Lecture 3: Cryptography 15

Hash Function
♦ A hash function takes data of arbitrary size and returns a
value in a fixed range.

♦ If you compute the hash of the same data at different times,

you should get the same answer – if not then the data has
been modified.

11 November, 2010 Lecture 3: Cryptography 16

8
Hash Function
♦ A hash function h acts on data x and returns a value h(x).
♦ The hash function should have these 4 essential
properties:
– Given x it should be easy to compute h(x).
– The input x can be of arbitrary length.
– Given a value y, it should be hard to find an x such that h(x) = y.
– It is hard to find two different inputs x1 and x2 such that h(x1) =
h(x2).

11 November, 2010 Lecture 3: Cryptography 17

Hash Function

11 November, 2010 Lecture 3: Cryptography 18

9
Timestamps
♦ Inclusion of date/time-stamp in message allows recipient to
check it for freshness (as long as time-stamp protected by
cryptographic means).
♦ Requires securely synchronised clocks to prevent replay
– non-trivial!
♦ Typical clock drift is 1s per day on work station.
♦ So need a window of acceptance for Alice’s messages
either side of Bob’s current clock time (drift + variable
propagation time).
♦ Also need a log of recently received messages to prevent
replay attack.

11 November, 2010 Lecture 3: Cryptography 19

‘Logical’ Timestamps
♦ Alternative to clocks: Alice and Bob could use pair of
sequence numbers NAB and NBA in their communications.
♦ Every time A sends B a message she includes value NAB,
and increments it. Likewise for B.
♦ Needs pair of (secret) sequence numbers for every pair of
communicating parties.

11 November, 2010 Lecture 3: Cryptography 20

10
Key Establishment Protocols
♦ The Diffie-Hellman protocol allows 2 people to use
random values and yet each generate the same symmetric
key without transmitting the value of the key.
♦ The security of the protocol lies in the discrete log
problem (DLP):
given y, g and p find x such that
y = gx mod p

11 November, 2010 Lecture 3: Cryptography 21

Diffie-Hellman Key Exchange

Alice and Bob need to agree on a key to use in a symmetric
key cryptosystem. They choose a large prime number p and
generator g.

Alice Bob
1. Generates random 1. Generates random
number a, number b,
2. Computes x=ga mod p 2. Computes y=gb mod p
3. Sends x to Bob 3. Sends y to Alice
4. Receives y from Bob 4. Receives x from Alice
5. Computes k=ya mod p 5. Computes k=xb mod p

11 November, 2010 Lecture 3: Cryptography 22

11
Diffie-Hellman Key Exchange
Alice has computed Bob has computed

k = ya mod p k = xb mod p
= (gb)a mod p = (ga)b mod p
= gba mod p = gab mod p
= gab mod p

So Alice and Bob both have the same value of k.

11 November, 2010 Lecture 3: Cryptography 23

Diffie-Hellman Key Exchange

♦ assume that cryptanalyst Charles knows the values of p
and g and that he eavesdrops on the exchange between
Alice and Bob so that he also knows x and y.
However, unless Charles can solve a DLP, he is unable to
find a or b.
It is believed that it is just as hard to find k from x and y
without finding a or b.

11 November, 2010 Lecture 3: Cryptography 24

12
Needham-Schroeder Protocol
♦ This is another protocol for exchanging keys between
Alice and Bob.
♦ This time they use only symmetric key cryptography but
they need a trusted third party (TTP) or Server (S).
♦ Alice and the server have a key KAS
♦ Bob and the server have a key KBS
♦ Alice and Bob want to establish a shared key KAB so that
Alice can send Bob a message.
♦ They communicate with each other and the server as
follows:

11 November, 2010 Lecture 3: Cryptography 25

Needham-Schroeder Protocol
1. Alice sends the server S the names of Alice and Bob to
request that a session key be generated.

2. The server sends to Alice:

a) The name of Bob
b) A session key for Alice and Bob to share
c) The name of Alice and the session key both
encrypted using KBS

All 3 items above are encrypted using key KAS

11 November, 2010 Lecture 3: Cryptography 26

13
Needham-Schroeder Protocol
3. Alice uses key KAS to decrypt the items sent to her
in step 2. Alice now knows the session key KAB.

4. Alice sends Bob the value of 2c) which is the

name of Alice and the session key KAB encrypted
with KBS

5. Bob decrypts the name of Alice and the session

key using his key KBS. Now Bob knows the
session key KAB which he uses to communicate
with Alice.

11 November, 2010 Lecture 3: Cryptography 27

Certificates
A certificate consists of a public key together with an
identification of the key user. The certificate is issued
by a Trusted Third Party(TTP) called a
Certification Authority (CA)
The certification agency might be a government agency
or financial institution.

11 November, 2010 Lecture 3: Cryptography 28

14
Certification Authority (CA)
The CA guarantees the link between the user and the
public key by digitally signing a document which contains
the user name, the public key, the name of the CA, the
expiry date of the certificate and perhaps other information
such as access rights.

11 November, 2010 Lecture 3: Cryptography 29

X.509 Standard
♦ Bob generates a document containing his relevant
information and presents himself with this document to the
CA.
♦ The CA confirm Bob’s identity.

♦ The CA hash the document and encrypt it using their own

private key.
♦ This is the certificate.

11 November, 2010 Lecture 3: Cryptography 30

15
X.509 Standard
♦ If Alice wants to communicate with Bob she looks up his
public key document and certificate.
♦ She will use the public key of the CA to decrypt the
certificate.
♦ She will hash the document

♦ If these two items are the same then she knows that she can
safely communicate with Bob using the public key since
the CA has verified his identity.

11 November, 2010 Lecture 3: Cryptography 31

X.509 Standard
Version

Serial Number

Signature Algorithm

Issuer Name
x509 v3 Bodypart
Validity
X.509
version 3
Certificate Subject Name
Signature Algorithm
Subject Public Key

Signature of CA Issuer Unique ID (v2)

Digital
Signature Subject unique ID (v2)

Extensions (v3)

11 November, 2010 Lecture 3: Cryptography 32

16
 X.509 Standard

11 November, 2010 Lecture 3: Cryptography 33

X.509 Standard
Certification Registration
2. Init Request Authority
Authority
(CA) (RA)
3. Init Response

1. R
equ
est
ID
6. C 4. K
erti ey I
fica nfo
te R
equ
est
7. Generate X.509 8. C
Certificate ertif
icat
e
X.509
Smart
Card
X.5
00
Generate
RSA-
RSA-Keys

11 November, 2010 Lecture 3: Cryptography 34

17
Exercise …
♦ Vigenere Cipher
– First try manually
• Ciphering
• Deciphering

11 November, 2010 Lecture 3: Cryptography 35

Plain text HELLO WORLD Key C O D E

CODEC O DECO
Cipher text J S O P Q K R V N R

11 November, 2010 Lecture 3: Cryptography 36

18
 Plain text Forename Surname Key C L U J

Cipher text ?

11 November, 2010 Lecture 3: Cryptography 37

Cipher text J S O P Q K R V N R Key C O D E

CODECODECO
Plain text HELLOWORLD

11 November, 2010 Lecture 3: Cryptography 38

19
 Now decipher your name Key C L U J

11 November, 2010 Lecture 3: Cryptography 39

Exercise …
♦ Vigenere Cipher
– First try manually
• Ciphering
• Deciphering
– Now program it
• For ciphering
– Input: Plain text & Key
– Output: Cipher text
• For deciphering
– Input: Cipher text & Key
– Output: Plain text
11 November, 2010 Lecture 3: Cryptography 40

20