Encryption

and
Cryptography
Introduction to Encryption and Cryptography

History

• In the early 20th century, the invention of complex mechanical and

electromechanical machines, such as the Enigma rotor machine, provided
more sophisticated and efficient means of encryption.
• The development of cryptography has been paralleled by the development
of cryptanalysis — the "breaking" of codes and ciphers.
• Until the 1970s, secure cryptography was largely the preserve of
governments.
• Two events have since brought it squarely into the public domain: the
creation of a public encryption standard (DES), and the invention of public-
key cryptography.

Encryption and Cryptography 2

 What is Cryptography?

• Cryptography (Cryptology): creating written or generated codes that allow

information to be kept secret.
• It involves:-
oconverting data into unreadable format for an unauthorized user.
oallowing the data to be transmitted without unauthorized entities decoding
it back into a readable format.
ono repudiation - sender and the delivery of a message can be verified.

Encryption and Cryptography 3

• Mainly two types of Cryptography
1. Secret Key Cryptography: one key is used for both encryption and
decryption.
oAlso known as Symmetric Cryptography.

2. Public Key Cryptography: two keys are used.

opublic key- that anyone can access.
oprivate key- only the owner can access it.
oSender encrypts the information using the receiver’s public key.
oReceiver decrypts the message using his/her private key.
oAlso known as Asymmetric Cryptography.
Encryption and Cryptography 4
 Encryption VS Cryptography

• Encryption is based on cryptography.

• Cryptography is the art of hiding information to make it unreadable without
special knowledge or a key.
• Encryption allows a person to hide the meaning of information or messages in
such a way that only those who know the secret method may read them.
• Earliest historic examples
ohiding military secrets
ohiding trade secrets and
oMMS, secret correspondences between spies and lovers

Encryption and Cryptography 5

 Symmetric and Asymmetric Encryption

• The Encryption technique is employed in two ways, namely Symmetric

Encryption and Asymmetric Encryption.
1. Symmetric Encryption:
oexecuted by means of only one secret key known as ‘Symmetric Key’
that is possessed by both parties.
oThe sender uses this key before sending the message and the
receiver uses it to decipher the encoded message.
oIt doesn’t take much time.
oModern approaches include algorithms like RC4, AES, DES, 3DES,
QUAD, Blowfish etc.

Encryption and Cryptography 6

2. Asymmetric Encryption:

o relatively new and complex mode of Encryption.

o Complex because it incorporates two cryptographic keys to implement
data security .
o These keys are called a Public Key and a Private Key.
o The public key encrypts the information to be sent. It uses a specific
algorithm in doing so. Whereas, the private key, which is in possession
of the receiver, decrypts it. The Same algorithm is behind both these
processes.
o Modern approaches include algorithms like Diffie-Hellman and RSA
algorithm.

Encryption and Cryptography 7

Symmetric Encryption Asymmetric Encryption Affecting Factors

Symmetric encryption incorporates Asymmetric Encryption consists of two Number of Cryptographic Keys
only one key for encryption as well as cryptographic keys. These keys are
decryption. regarded as Public Key and Private Key.

Symmetric encryption is a simple Contribution from separate keys for Complexity

technique compared to asymmetric encryption and decryption makes it a
encryption as only one key is employed rather complex process.
to carry out both operations.

Due to its simplistic nature, both the Because of encryption and decryption Swiftness of Execution
operations can be carried out pretty by two separate keys and the process of
quickly. comparing them make it a tad slow
procedure

 RC4,  ECC, Algorithms Employed

 DES,  RSA,
 AES,  DSA,
 QUAD,  El Gamal,
 3DES  Diffie-Hellman

8
Encryption and Cryptography
 Cryptography and Encryption Protocols
• Protocol: describes how the algorithms should be.
• A sufficiently detailed protocol includes details about data structures and
representations, at which point it can be used to implement multiple,
interoperable versions of a program.
• A cryptographic protocol usually incorporates at least some of these aspects.
o Key agreement or establishment
o Entity authentication
o Symmetric encryption and message authentication material
construction
o Secured application-level data transport
Encryption and Cryptography 9
 Cont…

• Cryptographic application protocols often use one or more underlying key

agreement methods, which are also sometimes themselves referred to as
"cryptographic protocols".
• For instance, TLS employs what is known as the Diffie–Hellman key
exchange.
• When you need a security protocol, try to use standard-conforming
protocols such as IPSec, SSL (soon to be TLS), SSH, S/MIME, Open
PGP/GnuPG/PGP, and Kerberos.
• Many of them overlap somewhat in functionality, but each tends to be used
in different areas.

Encryption and Cryptography 10

1. Internet Protocol Security (IPSec): provides encryption and/or
authentication at the IP packet level.
o Often used in a way that only guarantees authenticity of two
communicating hosts, not of the users.
o requires low-level support from the operating system.
o it is especially useful for building a Virtual Private Network (VPN) and
connecting a remote machine.
o it is much less often used to secure communication from individual
clients to servers.
o if you use IPSec, don’t use the encryption mode without the
authentication, because the authentication also acts as integrity
protection.
Encryption and Cryptography 11
2. Secure Socket Layer (SSL) / TLS: works over TCP and tunnels other
protocols using TCP, adding encryption, authentication of the server, and
optional authentication of the client.
o TLS is a later adjustment to SSL that strengthens its security and
improves its flexibility.
o SSL version 3 is widely used.
o SSL/TLS is the primary method for protecting http (web) transactions.
o A few bad SSLv3 implementations cause problems with the back-off.
o Using SSLv2 is not recommendable because it has some serious security
weaknesses.

Encryption and Cryptography 12

3. OpenPGP and S/MIME: are the two competing, essentially incompatible
standards for securing email.
o OpenPHP is based on the PGP application.
oCurrently, their certificates are often not interchangeable; work is
ongoing to repair this.

Encryption and Cryptography 13

4. SSH: is the primary method of securing “remote terminals” over an
internet.
o It includes methods for tunneling X Windows sessions.
o Typical uses of SSH allows the client to authenticate that the server is
truly the server, and then the user enters a password to authenticate the
user SSL/TLS is the primary method for protecting http (web)
transactions.
oThe typical use of SSH is vulnerable to a man-in-the-middle attack during
the very first connection, but it can detect problems afterwards.
oIn contrast, SSL generally uses a certificate authority, which eliminates
the first connection problem but requires special setup (and payment) to
the certificate authority.

Encryption and Cryptography 14

5. Kerberos: is a widely used protocol for single sign-on and authenticating
users against a central authentication and key distribution server.
o It works by giving authenticated users "tickets", granting them access to
various services on the network.
o When clients then contact servers, the servers can verify the tickets.
oIt is a primary method for securing and supporting authentication on a
LAN, and for establishing shared secrets.
oUsing this protocol requires both the client and server have to include
code to use it, and since not everyone has a Kerberos setup, this has to be
optional - complicating the use of Kerberos in some programs.

Encryption and Cryptography 15

 Encryption Algorithms

• Are commonly used in computer communications, including FTP transfers

and also used to provide secure transfers.
• Transfer - translation into a seemingly meaningless cipher text and then
transferred in this configuration.
• The receiving computer uses a key to translate the cipher into its original
form.
• So if the message or file is intercepted before it reaches the receiving
computer it is in an unusable (or encrypted) form.

Encryption and Cryptography 16

 Types of Encryption Algorithms
1. Data Encryption Standard (DES): is a symmetric-key algorithm for the
encryption of electronic data.
o It was first used by the U.S. Government in the late 70's.
oIt is commonly used in ATM machines (to encrypt PINs) and is utilized in
UNIX password encryption.
o It was highly influential in the advancement of modern cryptography.
o It takes an enormous amount of time and money to change encryption
algorithms that are widely adopted and embedded in large security
architectures.

Encryption and Cryptography 17

2. Triple DES: changing the manner in which DES is used led to the modified
schemes of Triple DES (sometimes known as 3DES).
o is a symmetric-key block cipher, which applies the DES cipher algorithm
three times to each data block.
ouses a different key for at least one of the versions.
o It uses the same algorithm with DES to produce a more secure
encryption.
oThere are two variants of Triple DES known as 3-key Triple DES (3TDES)
and 2-key Triple DES (2TDES).

Encryption and Cryptography 18

 3DES Keying Options

Keying option 1:
o All three keys are independent. Sometimes known as 3TDEA or triple-
length keys.
oThis is the strongest, with 3 × 56 = 168 independent key bits. It is still
vulnerable to meet-in-the-middle attack, but the attack requires 22 × 56
steps.

Encryption and Cryptography 19

Keying option 2:
o K1 and K2 are independent, and K3 = K1. Sometimes known as 2TDEA or
double-length keys.
oThis provides a shorter key length of 112 bits and a reasonable
compromise between DES and Keying option 1.
oThis is an improvement over "double DES" which only requires 256 steps
to attack. NIST has deprecated this option.

Encryption and Cryptography 20

Keying option 3:
o All three keys are identical, i.e. K1 = K2 = K3.
oThis is backward compatible with DES, since two operations cancel out.
ISO/IEC 18033-3 never allowed this option, and NIST no longer allows K1 =
K2 or K2 = K3.
Each DES key is 8 odd-parity bytes, with 56 bits of key and 8 bits of
error-detection. A key bundle requires 24 bytes for option 1, 16 for
option 2, or 8 for option 3.

Encryption and Cryptography 21

3. 3-KEY Triple DES: which consists of three different DES keys K1, K2 and
K3.
o This means that the actual 3TDES key has length 3×56 = 168 bits.

Encryption and Cryptography 22

 Cont.

• The encryption-decryption process is as follows:

o Encrypt the plaintext blocks using single DES with key K1.
o Now decrypt the output of step 1 using single DES with key K2.
o Finally, encrypt the output of step 2 using single DES with key K3.
o The output of step 3 is the cipher text.
o Decryption of a cipher text is a reverse process. User first decrypt
using K3, then encrypt with K2, and finally decrypt with K1.

Encryption and Cryptography 23

 Cont…

• It is possible to use a 3TDES (hardware) implementation for single DES by

setting K1, K2, and K3 to be the same value.
• Second variant of Triple DES (2TDES) is identical to 3TDES except that K3is
replaced by K1.
i.e. User encrypt plaintext blocks with key K1, then decrypt with key K2, and
finally encrypt with K1 again.
• Therefore, 2TDES has a key length of 112 bits.
• Triple DES systems are significantly more secure than single DES, but these
are clearly a much slower process than encryption using single DES.

Encryption and Cryptography 24

 The uses of 3DES

• It can be adopted in a wide range of applications.

• It was one of the more commonly used encryption schemes before the rise
of AES.
• Some examples of its implementations included:
o Microsoft Office
o Firefox
o EMV payment systems
• Many of these platforms no longer use 3DES because there are better
alternatives.

Encryption and Cryptography 25

4. RSA: is a public-key encryption algorithm and the standard for encrypting
data sent over the internet.
o Unlike Triple DES, RSA is considered an asymmetric algorithm due to its
use of a pair of keys.
oPublic key - to encrypt our message,
oPrivate key - to decrypt it.
o Result of this encryption type is a huge and complex type of encryption
that takes attackers quite a bit of time and processing power to break.

Encryption and Cryptography 26

5. RC4 RC5 RC6 algorithms: is an encryption algorithm developed by Ronald
Rivest, one of the developers of RSA.
oThe first commercial application of public key cryptography.
oImprovements have been made over time to make it stronger and fix
minor issues.
o The current version, RC6, allows up to a 2,040-bit key size and variable
block size up to 128 bits.

Encryption and Cryptography 27

6. Advanced Encryption Standard (AES): is more popular and widely
adopted symmetric encryption algorithm likely to be encountered
nowadays.
o It is found at least six time faster than triple DES.
o With increasing computing power, it was considered vulnerable against
exhaustive key search attack.
o Triple DES was designed to overcome this drawback but it was found
slow.

Encryption and Cryptography 28

The features of AES are as follows:
o Symmetric key symmetric block cipher.
o 128-bit data, 128/192/256-bit keys.
o Stronger and faster than Triple-DES.
o Provide full specification and design details.
o Software implementable in C and Java.

Encryption and Cryptography 29

Operation of AES
o AES is an iterative cipher.
o It is based on ‘substitution–permutation network’.
o It comprises of a series of linked operations, some of which involve
replacing inputs by specific outputs (substitutions) and others involve
shuffling bits around (permutations).
o AES performs all its computations on bytes rather than bits(i.e. 128 bits
of a plaintext block as 16 bytes).
o Unlike DES, the number of rounds in AES is variable and depends on the
length of the key.

Encryption and Cryptography 30

o AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14
rounds for 256-bit keys. Each of these rounds uses a different 128-bit
round key, which is calculated from the original AES key.

Encryption and Cryptography 31

 Encryption Process

• Each round comprise of four sub-processes.

o Byte Substitution (Sub Bytes): A non-linear substitution step where each

byte is replaced with another according to a lookup table.
o Shift rows: Each of the four rows of the matrix is shifted to the left. Any
entries that ‘fall off’ are re-inserted on the right side of row.
o Mix Columns: A linear mixing operation which operates on the columns of
the state, combining the four bytes in each column.
o Add round key: If this is the last round then the output is the ciphertext.
Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin
another similar round.
Encryption and Cryptography 32
 Cont…

Encryption and Cryptography 33

 Decryption Process

• The process of decryption of an AES ciphertext is similar to the encryption

process in the reverse order.
• Each round consists of the four processes conducted in the reverse order.

o Add round key

o Mix columns
o Shift rows
o Byte substitution

Encryption and Cryptography 34

 AES Analysis

• In the present, AES is widely adopted and supported in both hardware and
software.
• Till date, no practical cryptanalytic attacks against AES has been discovered.
• Has built-in flexibility of key length, which allows a degree of ‘future-
proofing’.
• Just as for DES, the AES security is assured only if it is correctly implemented
and good key management is employed.

Encryption and Cryptography 35

 Application and Uses of Encryption
• Encryption protects information stored on smartphones, laptops, and other
devices.
• Individuals, organizations, and governments rely on encryption to counter
threats from a wide range of actors such as
oforeign intelligence agencies
orepressive governments
• Encryption can be used to protect data "at rest", such as information stored
on a storage device.
• Encryption is also used to protect data in transit, for example data being
transferred via networks.

Encryption and Cryptography 36

 Data Erasure

• Conventional methods for permanently deleting data from a storage device.

• Involves overwriting the device's whole content with zeros, ones or other
patterns which takes a significant amount of time.
• Cryptography offers a way of making the erasure almost instantaneous.
• This method is called crypto-shredding.

Encryption and Cryptography 37

 Disadvantages of Encryption

• Encryption is sometimes relied on by criminals to avoid investigation and

prosecution because

o When communications are encrypted "end-to-end," intercepted

messages cannot be understood.
o When a smartphone is locked and encrypted, the contents cannot be
read if the phone is seized by investigators.

Encryption and Cryptography 38

Thank You