Degree in ICT

By

Ezer Osei Yeboah-Boateng, Ph.D.

 Outline
 Overview of Cryptography
 Encryption – Symmetric & Asymmetric
 Digital Signatures
 Non-Repudiation
 Basic Methods of Encryption
 Cryptographic Hashing
 Transport Encryption
 Steganography
 Useful Tips
2
 Books & Resources
 Principles of Information Security, 4th Edition, 2011, by
Michael Whitman & Herbert Mattord, Cengage
Learning.
 A Practical Guide to Security Engineering &
Information Assurance, by Debra S. Hermann, CRC
Press, 2002.
 A Guide to Computer Security, by Joseph M. Kizza,
Springer, 2009.
 TrainSignal CompTIA Security – Lisa Szpunor, n.d.
 Homomorphic Encryption & Applications, by Xun Yi,
Rusell Paulet & Elisa Bertino, Springer International,
2014.

3
 Learning Outcomes
 To underscore the need for encryption and its
place in information security;
 To appreciate what’s cryptography and its
application to real world issues;
 To understand the various concepts of
cryptography and its relevance in ensuring
information security.

4
 Overview
 What is Cryptography?
 Cryptography – the science and study of hiding
information;
 Hiding information by converting plaintext into
cyphertext or ciphertext (i.e.Encryption);
 Then, back from ciphertext to plaintext (i.e.
Decryption);
 NB: the encryption/decryption algorithms are usually
known to the public (everyone) except the key (c.f. key
as Password);

5
 Overview
 Why Cryptography?
 Some benefits are:
 Confidentiality
 To protect data in transit;
 To protect data at rest or in storage;
 Non-Repudiation:
 A message encrypted with a private key or signed by digital
signature must necessarily & authentication);
 Authorization (access Control):
 With symmetric encryption only the secret key holder can decrypt
the ciphertext;
 With asymmetric encryption, a digital signature can be used for
authentication and thus access control;
 Integrity:
 Message digests (MDs) can be used to know if a message was
tampered with or not, during transit (e.g. hashing, checksum);

6
 Overview
 How does Cryptography work?
 A cipher and a key(s):
 An algorithm encrypted data by applying a key to
plaintext;
 Another algorithm decrypts data by applying a key to
ciphertext;
 Different ciphers/algorithms are stronger than others;
 Longer keys make stronger encryption;

7
 Overview
 To understand ciphers, let’s consider the Classic
Ciphers:
 Substitution ciphers;
 Transposition ciphers;
 NB: Not suitable for real-world applications, today.

8
 Concept 1: Encryption
 Symmetric Encryption: (secret key encryption)
 The same secret key is used for encryption and decryption
(i.e. shared key);
 Key management or key distribution is the biggest
challenge or concern;
 Especially if there are multiple keys to be managed for more
entities involved;
 Getting the secret key securely to both parties;
 Keeping the key a secret;
 Generally, symmetric encryption is faster than asymmetric
encryption alone; (in practice, they are used together);
 Strength is affected by – length of the key; and number of
iterations through the algorithm;
 Vulnerable (susceptible) to brute force attacks;

9
 Concept 1: Encryption
 Asymmetric Encryption: (public key encryption)
 A key pair is used: one key is used for encryption and
the other for decryption;
 Public key is publicly available;
 Private key must be kept secret;
 Either key can encrypt and either key can decrypt:
 Encrypt with public; decrypt with private;
 Encrypt with private; decrypt with public;
 Messages encrypted with private can’t be decrypted with
private;
 Messages encrypted with public can’t be decrypted with
public;
10
 Concept 1: Encryption
 Example of encryption: public key

A 1 PAD1: 8 24 25 13 17 7 11 12 18 23 29 8 20 6 16 15

B 2

C 3 I - A M - - P R E G N A N T . -

D 4

E 5 + 30 26 17 3 19 29 22 8 18 11 26 27 5 26 6 9

=38

Y 25

Z 26

- 27

, 28

. 29

? 30

11
 Concept 2: Digital Signatures
Digital Signatures (symmetric or asymmetric?)
 Digitally sign data and messages;
 It provides authentication, non-repudiation and
integrity;
 It confirms that the data or message you have received is
from the trusted source;
 It confirms that the message was not altered during
transit or transmission;

12
 Concept 3: Non-Repudiation
Non-Repudiation
 It uses asymmetric encryption – both public and
private keys;
 to assure that the author of a message cannot later refute
the fact that they sent the message;
 Extra non-repudiation services can be built into
encryption and digital signatures:
 Proof of origin;
 Proof that the data has been received and received correctly
(c.f. Integrity);
 But, it doesn’t account for unauthorized physical access;
 Sending a message from someone’s computer (so it works if
both public and private keys are kept secret);
13
 Concept 4: Methods
Methods of Encryption & Decryption
 Basic methods and workings are necessary:
 Block Cipher:
 Fixed length chunks of bits (blocks) are encrypted (e.g.
64bits or 128bits);
 Blocks can be padded if the data is too short;
 Result is the same sized blocks of ciphertext;
 Use initialization vectors to avoid reusing symmetric
keys;
 A good block cipher does not allow someone to deduce
the key from looking at the ciphertext;
 NB: block ciphers are slower than stream ciphers;
14
 Concept 4: Methods
Methods of Encryption & Decryption
 Stream Cipher:
 Symmetric key;
 A continuous stream of bits/bytes are encrypted one at a
time;
 Faster and uses less processing power than block cipher;
 (even with initialization vectors), and pseudo-random
keyspace generators will repeat eventually;
 The longer the period of time before repeat the better;

15
 Concept 4: Methods
Methods of Encryption & Decryption
 Elliptic Curve Cryptography (ECC)
 An Asymmetric - created to speed up encryption;
 It uses asymmetric keys;
 It has a compact mathematical design that allows
stronger encryption with shorter keys;
 It uses elliptical curves instead of integers as keys;
 It’s used in many varied implementations or applications,
including mobile devices (that have limited processing
power and space);

16
 Concept 4: Methods
Methods of Encryption & Decryption
 Quantum Cryptography (based on quantum physics,
instead of maths)
 An emerging and expensive concept that is still being
researched;
 When we measure data we disturb the data;
 When you inspect polarized photons, you can change their
polarization (i.e. measuring the temperature of water with a
thermometer – changes the temperature slightly);
 Quantum cryptography allows us to tell of data was
eavesdropped on during transit;
 Polarize the photons in one direction for 0 and another direction for 1;
 One application (implementation) is quantum key distribution;

17
 Concept 5: Hashing
Cryptographic Hashing
 Hashing algorithms create a unique numeric hash value that’s a
summary or digest of a message;
 It’s one way only;
 You can’t get plaintext from a hash;
 It’s used for Integrity; if data is modified then a different hash
value will result;
 Message digest (another name for the hash value);
 Digital signatures;
 Message authentication codes (MAC)
 It’s used for password storage;
 Allows passwords to be stored securely (in a database e.g.);
 Check the hash of the entered password against the stored hash;
 (NB: that’s how come most passwords are not retrieved but re-set);

18
 Concept 5: Methods
Cryptographic Hashing
 A mathematical function that takes any sized blocks of
data and returns fixed sized bit streams;
Any
Hash
input block of function digest output
function
data

19
Concept 5: Methods
Using Digital Signatures & Hashing

message Hash Function #

Encrypt with Digital

# Signature
sender's private
key

Message attached Sent to

with Signature receipient

Upon receipt: 2 actions take place

(I) message (separated) #

Hash Function
Compare
(Ii) digital signature # hashes
decrypt with
sender's public key

20
 Concept 6: Transport Encryption
Transport Encryption:
 Encryption is used to protect transmissions that pass
over the public Internet;
 VPN
 IPSec
 Web browser/ web server communications
 TLS/SSL
 HTTPS
 Data transfer & remote management
 SSH

21
 Concept 7: Steganography
Steganography
 Hiding or embedding one message within another;
 The main purpose is to not draw attention;
 Text can be hidden in image, audio or video files;
 One method for image steganography involves using the
last bit in the color code of each pixel to hide the
message;
 Can encrypt data before and/or after the message is
hidden;
 Sometimes called electronic watermarking when
referring to labeling an image for anti-piracy purposes;
 Steganography tools are readily available;
 Often used for illicit activities like data theft;

22
 Tips
Use of proven technologies
 Only use algorithms that, as of today, are considered
strong;
 Think about the tradeoff between security, speed, and
ease of implementation;
 Stay informed on cryptography news;
 In the past widely used algorithms were “broken” (e.g.
WEP);
 New methods are being developed all the time;
 Leverage strong encryption with good key
management;

23
 Applications Areas
The important uses of cryptography:
 In electronic voting & counting;
 Encrypting the votes and digital ballot boxes;
 Ensuring that software are unmodified;
 Verifying the identity of voters before casting a ballot;
 Assisting in auditing and tallying the results of an
election;
 To obscure the contents of a voter’s ballot selection and
contents of digital ballot box;

24
 Application Areas
Homomorphic Cryptography
 Another solution used to protect the secrecy of stored
votes is Homomorphic cryptography:
 Which allows the votes in the electronic ballot box to be
tabulated while still encrypted;
 Individual votes patterns may not be realized, as the
votes are not decrypted;
 Votes may even be posted to a public bulletin board for
independent tabulating by anyone to verify the outcome
of the election;

25
 Exercise
Worked on the PAD1 example:
Using a random key generator, we created a
symmetric key algorithm based on mod30.

26
 Summary
 We have underscored the need for encryption and its place
in information security;
 We have appreciated what’s cryptography and its
application to real world issues;
 We have understood the various concepts of cryptography
and its relevance in ensuring information security.

27
 Thank You All!!!

 Any comments & contributions????

28