Introduction to Computer

Security Lecture Slides

© 2022 by Mihai Chiroiu
is licensed under Attribution-NonCommercial-ShareAlike 4.0
International
 Introduction to
Cryptographic Systems
Assoc. Prof. Mihai Chiroiu
Florin Stancu
This lecture
• Is not about:
• Steganography: the practice of concealing a file/message/image/video within
another file/message/image/video.
• Obfuscation: the practice of hiding the implementation of a program without
altering its execution (Indistinguishability Obfuscation [9])
• Cryptocoins!!!

• Is about:
• Cryptography – the science of writing a secret message.
• Cryptanalysis – the science of breaking cryptography.
• Cryptology – all of the above (actually, synonymous with cryptography).

© Mihai Chiroiu 3
Vocabulary
• A cyphertext is the result of encryption performed on plaintext using
an algorithm, called a cipher.
c = encrypt(m, k)

• Decryption is the reverse process.

m = decrypt(c, k)

© Mihai Chiroiu 4
Early encryption schemes [11]
• 1500 BCE - clay tablets in Mesopotamia
• Hides a recipe of pottery glaze
• It used substitution as an encryption algorithm
• The encryption was broken

https://commons.wikimedia.org/wiki/
File:Tablet_Rimush_Louvre_AO5476.jpg

© Mihai Chiroiu 5
Substitution

• Eg. Atbash system, used in the bible [12]

• Jeremiah 25:26: “And after all of them, the king of Sheshak will drink it too.”
In original Hebrew, the word Sheshak commutes into “Babylon”.

https://medium.com/@amangondaliya555
© Mihai Chiroiu /atbash-cipher-70e284ad921e 6
Transposition
• The characters change their position in the text, but keep their
original meaning
• Eg. Encircles wood, called scytales, with paper (similar to Rail Fence Cipher
[13])

https://toebes.com/Flynns/Flynns-19241213.htm

© Mihai Chiroiu 7
Fast forward on crypto history
• Caesar cipher (100 BCE – 44 BCE)
• Most of Caesar's enemies would
have been illiterate => secure
• The shift cipher
• Vigenère cipher (1553 CE)
improves on Caesar’s cipher (poly-
alphabetic substitution and
transposition cipher)
• 1st & 2nd WW led to cipher
machines, both for encryption
(Enigma), decryption and for
cracking (Bombe)

© Mihai Chiroiu 8
Modern cryptography

• What does an ideal cipher look like?

© Mihai Chiroiu 9
Shannon’s S-P network
• Claude Shannon - father of Information Theory (1949) [10]

• Substitution provides “confusion”

• By building a complex binding between input and output
• Permutation (transposition) provides “diffusion”
• By moving bits one single bit influences all output bits
• Encryption algorithms / functions MUST be invertible

© Mihai Chiroiu 10
The XOR operator
● Properties:
A⊕B=B⊕A
A⊕0=A
A⊕A=0
(A ⊕ B) ⊕ C = A ⊕ (B ⊕ C)
(B ⊕ A) ⊕ A = B ⊕ 0 = B
● Apply XOR between message & key, apply with key again to
decrypt!

11
One-time Pad (Vernam, 1916)
• One-time Pad protects against infinitely
powerful adversaries
• XOR between a message and a same-length
secret
• Bad news: If you want to encrypt N bits of
data, you need a N-bit secret key

© Mihai Chiroiu 12
From military to business

© Mihai Chiroiu 13
Encryption Ideologies
• Public Algorithms − All the details of the algorithm are in the public
domain, known to everyone.
• Kerckhoffs' principle (Dutch cryptographer): A cryptosystem should be secure
even if everything about the system, except the key, is public knowledge.
• Reformulated as Shannon's maxim (American mathematician ): "the enemy
knows the system", i.e., "one ought to design systems under the assumption
that the enemy will immediately gain full familiarity with them".
• Proprietary algorithms − The details of the algorithm are only known
by the system designers and users.
• security through obscurity.

© Mihai Chiroiu 14
Encryption Schemes
● Symmetric:
● same key used for both encryption and decryption
● Two variants: Block and Stream

● Asymmetric:
● Different keys: public <> private
● New feature: digital signatures!

© Mihai Chiroiu 15
Symmetric Ciphers
• A symmetric cipher is built of:
• A “secret key” (data exchanged “in secret” by the two parties authorized to
encrypt/decrypt)
• An encryption algorithm
• A decryption algorithm
• The strength of a cipher is given by:
• Key size (small keys can be exhaustively search in a decent amount of time)
• Algorithm strength (for example against statistical cryptanalysis)

© Mihai Chiroiu 16
Stream Ciphers
● Keystream: an “infinite” stream of bits generated from a key
● Operations (same as One Time Pad):
○ keystream ⊕ message => ciphertext
○ ciphertext ⊕ keystream => original message
● The keystream must be deterministic, yet difficult to predict
(without the original key)
● Popular algorithms: RC4 (deprecated / broken), Salsa20 / ChaCha
(used by WireGuard)

© Mihai Chiroiu 17
Block ciphers: DES (and 3DES)
• Developed by International Business
Machines (IBM) as LUCIFER and
modified by the National Security
Agency (NSA).
• LUCIFER used a key size of 128 bits
however this was reduced to 56 bits for
DES. ☺
• Adopted in 1977 as the Data
Encryption Standard - DES
• Key length too small (56 bit) => brute
force-able

© Mihai Chiroiu 18
Block ciphers: AES
• In January 1997, NIST announced a
competition for the successor to DES.
• NIST selected the winner, the Rijndael
(pronounced "Rhine doll") algorithm of
Belgian cryptographers Joan Daemen and
Vincent Rijmen in October 2000.
• AES was approved for use with Secret and Top
Secret classified information of the U.S.
government in 2003.

© Mihai Chiroiu 19
Block ciphers mode of operation (1)
• Total Data Length >> Block Size! (e.g., 1MByte vs 128 bit)
• Electronic Codebook (ECB)
• Each block encrypted independently
• Identical plaintexts encrypted similarly
• No chaining, no error propagation
• Does not hide data patterns, unsuitable for long messages

© Mihai Chiroiu 20
Block ciphers mode of operation (2)
• Cipher-Block Chaining (CBC)
• Chaining: Ciphertext block cj depends on xj and all preceding plaintext blocks (dependency
contained in cj-1)
• Identical messages result in different ciphertext, allows random access to ciphertext (decryption is
still paralellizable)
• Error propagation: Single bit error on cj may flip the corresponding bit on xj+1, but changes xj
significantly.

© Mihai Chiroiu 21
Block ciphers mode of operation (3)
• Cipher Feedback (CFB)
• Random access to ciphertext
• Decryption is parallelizable
• Identical messages: as in CBC
• Chaining: Similar to CBC
• Error propagation: single bit error on cj
may flip the corresponding bit on xj, but
changes xj+1 significantly.

© Mihai Chiroiu 22
Block ciphers mode of operation (4)
• Output Feedback (OFB)
• Preprocessing possible (keep
enc/decrypting previous output block)
• No random access, not parallelizable
• Identical messages: same as CBC
• No chaining dependencies
• Error propagation: Single bit error on
cj may only affect the corresponding
bit of xj
• IVs should not be reused!

© Mihai Chiroiu 23
Block ciphers mode of operation (5)
• Counter (CTR)
• Preprocessing possible
(inc/decrement and enc/decrypt
counter)
• Allows random access
• Both encryption & decryption are
parallelizable
• Identical messages: changing nonce
results in different ciphertext
• No chaining dependencies
• No error propagation
• Nonce should be random, and should
be changed if a previously used key is
to be used again

© Mihai Chiroiu 24
Which Mode for What Task?

• General file or packet encryption: CBC.

• Input must be padded to multiple of cipher block size
• Risk of byte or bit deletion: CFB
• Bit stream; noisy line and error propagation is undesirable: OFB
• Very high-speed data: CTR / GCM
• Integrity check is required

© Mihai Chiroiu 25
Problem description
• Symmetric key distribution problem…

• Can two parties agree on a shared secret without private

communication? [Ralph Merkle]
• (April 1975). "Secure Communications Over Insecure Channel”

© Mihai Chiroiu 26
Diffie - Hellman
● One of the earliest public-key protocol (1976)
● Took Merkle’s idea and improves it such that the attacker requires
exponential computations
● Establish a secret between 2 (possibly unacquianted) parties!

© Mihai Chiroiu 27
Diffie - Hellman
Common paint:
g = public (primitive root) base, g = 2
p = public (prime) modulus, p = 5
a = Alice's private key, a = 4
b = Bob's private key, b = 6

Public exchange:
A = Alice's public key, A = ga mod p = 24 mod 5 = 1
Alice -> Bob: A
B = Bob's public key, B = gb mod p = 26 mod 5 = 4
Bob -> Alice: B

Alice computes secret/key:

s = Ba mod p = 44 mod 5 = 1
Bob computes secret:
s = Ab mod p = 16 mod 5 = 1

© Mihai Chiroiu 28
RSA (1977)
● Noticing the inability of the Diffie-Hellman Key Exchange to transmit
a secret message, Ron Rivest, Adi Shamir, and Leonard Adleman
developed a system similar to the Diffie-Hellman protocol except
that a message could be embedded and transmitted.
● Private key: two prime numbers, p & q
● Public key: p * q, e
● Reverse: factorization problem (NP-complete!)
● c = encrypt(m, PubKey); m = decrypt(m, PrivKey);
● s = sign(m, PrivKey); if (verify(s, PubKey)) …

© Mihai Chiroiu 29
Elliptic Curve Cryptography
● ECC is an approach to encryption that utilizes the complex nature of
elliptic curves in finite fields. ECC typically uses the same types of
algorithms as that of Diffie-Hellman Key Exchange and RSA
Encryption. The difference is that the numbers used are chosen
from a finite field defined within an elliptic curve expression.
● Different algorithms for encryption / signature: ECIES, ECDSA etc.

© Mihai Chiroiu 30
The UK version
• James H. Ellis came up with the idea of non-secret encryption in 1970
(5 years before Merkle)
• Clifford Cocks invented equivalent of RSA in 1973 (3-years before
RSA)
• Malcolm J. Williamson invented the equivalent of DH in 1974 (2-years
before DH)
… yep, no profit:
• Government Communications Headquarters (GCHQ) decided to keep
the discoveries secret till 1998.

© Mihai Chiroiu 31
Message digest functions (hashing)
• One-way functions that provide data compression
• Collisions exist but should be hard to find

• MD5 (broken): 1991, 128 bits

• SHA1 family: 1995, 160 bits
• SHA2 family: 2001, 256-512 bits
• SHA 3 family: 2010, 256-512 bits

© Mihai Chiroiu 32
Example - Cryptography

© Mihai Chiroiu 33
Message digest functions (hashing)
• Provides integrity
• Trusted timestamp
• Key derivation

© Mihai Chiroiu 34
Practical Integrity
• Hashing is not enough because an attacker can simply change the
message and the Hash value

• MAC (message authentication code) uses a secret key together with

the function
• HMAC – function is hashing
• CBC-MAC (function is CBC encryption mode)

© Mihai Chiroiu 35
Attacks On Cryptosystems

Passive Attacks Active Attacks

• No communication with victim • Involves changing data with
victim
• Stealing of private data without
the know of the victim • Unauthorized data access in
order to modify/delete/alter it

© Mihai Chiroiu 36
Types of attacks
• Ciphertext Only Attacks (COA) − The attacker has access to a set of
ciphertext(s), and not to the corresponding plaintext. Successful when the
corresponding plaintext can be determined from a given set of ciphertext.
• Known Plaintext Attack (KPA) − The attacker knows the plaintext for some
parts of the ciphertext. The task is to decrypt the rest of the ciphertext
using this information. Typically, this may be done by determining the key.
• Chosen Plaintext Attack (CPA) − The attacker has the text of his choice
encrypted. This simplifies his task of determining the encryption key.
• A chosen-ciphertext attack (CCA) – The attacker can gather information by
obtaining the decryptions of chosen ciphertexts. The adversary can
attempt to recover the key used for decryption.

© Mihai Chiroiu 37
Types of attacks
• Dictionary Attack − The attacker builds a dictionary of ciphertexts and
corresponding plaintexts that he has learnt over a period of time. In future,
when an attacker gets the ciphertext, he refers the dictionary to find the
corresponding plaintext.
• Brute Force Attack (BFA) − In this method, the attacker tries to determine
the key by attempting all possible keys.
• Man in Middle Attack (MIM) − The targets of this attack are mostly public
key cryptosystems where key exchange is involved before communication
takes place.
• Side Channel Attack (SCA) − This type of attack is launched to exploit the
weakness in physical implementation of the cryptosystem.
• Timing/Power Analysis Attacks − They exploit the fact that different
computations take different times to compute on processor.

© Mihai Chiroiu 38
Practicality of Attacks
• Highly academic

• Unrealistic assumptions
• In chosen-ciphertext attack, the attacker requires an impractical number of
deliberately chosen plaintext-ciphertext pairs.

© Mihai Chiroiu 39
Post-quantum cryptography
• Equation 1 shows the time it takes to run the fastest known algorithm
(GNFS) to compute a prime factorization on a binary formatted
processor. Equation 2 shows the algorithm discovered by Peter Shor
that computes a prime factorization on a quantum computer. In both
cases, "b" is the number of bits in the number.

© Mihai Chiroiu 40
Homomorphic encryption
• Allows computations on encrypted data
• Not many operations are supported
• Mostly addition and multiplication
• In 2020 there was a solution for encrypted machine learning

© Mihai Chiroiu 41
Resources
[1] https://en.wikipedia.org/wiki/History_of_cryptography
[2]
https://www.tutorialspoint.com/cryptography/attacks_on_cryptosyste
ms.htm
[3] https://en.wikipedia.org/wiki/Caesar_cipher
[4]
http://www.umsl.edu/~siegelj/information_theory/projects/des.netau
.net/des%20history.html
[5]
http://www.utdallas.edu/~muratk/courses/crypto07_files/modes.pdf

© Mihai Chiroiu 42
Resources
[6] http://www.crypto-it.net/eng/theory/modes-of-block-ciphers.html
[7] https://www.sans.org/reading-room/whitepapers/vpns/history-
encryption-730
[8]
http://www.eng.utah.edu/~nmcdonal/Tutorials/EncryptionResearchRe
view.pdf
[9] “Indistinguishability Obfuscation from Well-Founded Assumptions”,
Aayush Jain and Huijia Lin and Amit Sahai

© Mihai Chiroiu 43
Resources
[10] (“Communication Theory of Secrecy Systems”, By C. E. SHANNON)
https://www.cs.virginia.edu/~evans/greatworks/shannon1949.pdf
[11] https://www.theatlantic.com/technology/archive/2016/01/the-
long-and-winding-history-of-encryption/423726/ (on 03.11.2022)
[12] https://www.gotquestions.org/Atbash-code.html (on 03.11.2022)
[13]
http://cochranmath.pbworks.com/w/page/118045167/Transposition%
20Ciphers#:~:text=will%20be%20discussed).-
,History,Civil%20War%20used%20route%20ciphers (on 03.11.2022)

© Mihai Chiroiu 44