Cryptography

Need for Security

• Some people who cause security problems and why.

Computer Networks 06/04/24

CIA MODEL

Computer Networks 06/04/24

Need for Security
• Network security problems can be divided roughly into four closely intertwined areas:
– secrecy,
– authentication,
– Non-repudiation, and
– integrity control.

• Secrecy: Confidentiality, keeping information out of hands of unauthorized users.

• Authentication: Determine whom you are talking to before revealing sensitive information.
• Non-repudiation: Deals with signatures. How would u prove that customer placed an order.
What if he deny later?
• Integrity Control: Finally, how can you be sure that a message you received was really the
one sent and not something that a malicious adversary modified at transit?
• Cryptography comes from the Greek words for ''secret writing’‘.

Computer Networks
Encryption + Decryption = Cryptography. 06/04/24
 Need for Security

•Types:
–Cipher : cipher is a character-for-character or bit-for-bit transformation,
without regard to the linguistic structure of the message.
–Code : a code replaces one word with another word or symbol.

•The messages to be encrypted, known as the plaintext, are transformed

by a function that is parameterized by a key.

•The output of the encryption process, known as the cipher-text, is then

transmitted, often by messenger or radio.

•We assume that the enemy, or intruder, hears and accurately copies down
the complete cipher-text.
•But, he does not know what the decryption key is and so cannot decrypt
the ciphertext easily.
•Intruder is needed to break this code.
•The art of breaking ciphers, called cryptanalysis, and the art devising them
Computer Networks 06/04/24
(cryptography) is collectively known as cryptology.
Need for Security

• What is the relation between plaintext, ciphertext, and keys? See

next fig.
• We will use C = EK(P) to mean that the encryption of the plaintext
P using key K gives the ciphertext C.
• Similarly, P = DK(C) represents the decryption of C to get the
plaintext again.
Dk(Ek(P)) = P

Computer Networks 06/04/24

Cryptography components

Sender
Receiver
Plaintext
Cipher text
Encryption
Decryption
Computer Networks 06/04/24
Categories of cryptography

Computer Networks 06/04/24

Symmetric-key Cryptography

In symmetric-key cryptography, the same key is used by the sender (for encryption)
and the receiver (for decryption). The key is shared.

Computer Networks 06/04/24

Asymmetric-key cryptography

Keys used in cryptography

Computer Networks 06/04/24

Comparison between two categories of cryptography

Computer Networks 06/04/24

 SYMMETRIC-KEY CRYPTOGRAPHY

Symmetric-key cryptography started thousands of years ago

when people needed to exchange secrets (for example, in a war).
We still mainly use symmetric-key cryptography in our network
security.

Computer Networks 06/04/24

 Encryption Model

• The encryption model (for a symmetric-key cipher).

Computer Networks 06/04/24

Data Encryption Standard (DES)
• The most widely used encryption scheme.
• NIST (National Institute of Standards & Technology), as FIPS PUB 46
(Federal Information Processing Standards).
• The algorithm is referred to the Data Encryption Algorithm (DEA).
• DES is a block cipher.
• Minor variation of Feistel.
• It has 16 rounds of processing.
• The plaintext is processed in 64-bit blocks.
• The key is 56 bits in length, which is divided into 16 subkeys, each one
is used for each round.
• Decryption:
• Use ciphertext as input to DES.
• Use subkeys Ki in reverse order till K is reached. i.e K 16 to K2, K1.

Computer Networks 06/04/24

One Round in DES Ciphers

Computer Networks 06/04/24

 ASYMMETRIC-KEY CRYPTOGRAPHY

An asymmetric-key (or public-key) cipher uses two keys: one private

and one public.

We discuss two algorithms: RSA and Diffie-Hellman (Symmetric

Encryption).
Topics discussed in this section:

RSA
Diffie-Hellman
Computer Networks 06/04/24
ASYMMETRIC-KEY CRYPTOGRAPHY
RSA
• RSA –Rivest–Shamir –Adelman
• Used for all, Encryption, Authentication and Digital Signing.
• Has long keys. i.e1024 bits which makes is secure.
• Key advantage: difficulty of factoring large integers.
• General Algorithm:
• Generate two large random prime numbers, pand q, equal in size such that n=pq
and φ= (p-1)(q-1).
• Compute n= pq and φ= (p-1)(q-1)
• Choose an integer ‘e’ such that 1 < e <φ gcd(e,φ) = 1.
• Compute secret exponent d, 1 < d < φsuch that ed=1(mod φ).
• The public key is (n,e) and private key (n,d). Keep secret p, q, φ.
• Note:
• ‘n’ is modulus
• ‘e’ and ‘d’ is private key for encryption and decryption respectively.
• ‘p’, ‘q’ and ‘φ’ is secret key.
06/04/24
Computer Networks
ASYMMETRIC-KEY CRYPTOGRAPHY

Key Generation Steps:

1. Select two prime numbers, p = 17 and q=11.
2. Calculate n = pq = 17 × 11 = 187.
3. Calculate f(n) = (p-1)(q-1) =16 × 10 =160.
4. Select e such that e is relatively prime to f(n) =160 and less than f(n); we choose e=7.
5. Determine d such that de mod 160 =1 and d < 160.The correct value is d = 23,
because 23 × 7= 161.

The resulting keys are public keys and private key are {7, 187} and {23,187}.

Computer Networks 06/04/24

ASYMMETRIC-KEY CRYPTOGRAPHY

Example:
• Keys for a plaintext input of M = 88.
• Encryption:
• To calculate C = 887 mod 187:
• 887 mod 187 = [(884 mod 187) × (882 mod 187) × (881 mod 187)] mod 187
• 881 mod 187 = 88
• 882 mod 187 = 7744 mod 187 = 77
• 884 mod 187= 59,969,536 mod 187 = 132
• 887 mod 187 = (88 × 77 × 132) mod 187
=894,432 mod 187 = 11

Computer Networks 06/04/24

ASYMMETRIC-KEY CRYPTOGRAPHY

• Decryption:
M =1123 mod 187:
• 11 mod 187 = [(111 mod 187) × (112 mod 187) × (114 mod 187) ×
23

(118 mod 187) × (118 mod 187)] mod 187

• 11 1
mod 187 = 11
• 11 2
mod 187 = 121
• 11 4
mod 187 = 14,641 mod 187 = 55
• 11 8
mod 187 = 214,358,881 mod 187 = 33
• 11 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod
23

187 = 88

Computer Networks 06/04/24

ASYMMETRIC-KEY CRYPTOGRAPHY

• Limitations of RSA:
• To defeat the RSA algorithm: Use brute-force approach, i.e try
all possible private keys.
• The larger the number of bits in e and d, the more secure the
algorithm.
• Because the calculations involved (both in key generation and in
encryption/decryption) are complex, the larger the size of the
key, the slower the system will run.

Computer Networks 06/04/24

ASYMMETRIC-KEY CRYPTOGRAPHY

Diffie-Hellman

• The first published public-key algorithm.

• Purpose: Exchange a secret key securely. (Also limitation).
• Algorithm depends for its effectiveness on the difficulty of computing
discrete logarithms.

Computer Networks 06/04/24

 ASYMMETRIC-KEY CRYPTOGRAPHY
Example:
• The prime number q = 353 and a primitive root of q = 353, in this case α = 3.
• A and B select secret keys XA =97 and XB =233, respectively. Each computes its public key:
A computes YA = 397 mod 353 = 40.
B computes YB =3233 mod 353 = 248.
• After they exchange public keys, each can compute the common secret key:
• A computes K =(YB) mod 353= 24897 mod 353= 160.
• B computes K =(YA) mod 353= 40233 mod 353= 160.
• We assume an attacker would have available the following information: q = 353; α = 3;
YA = 40; YB = 248.
• In this simple example, it would be possible to determine the secret key 160 by brute
force.
• The brute-force approach is to calculate powers of 3 modulo 353, stopping when the
result equals either 40 or 248. The desired answer is reached with the exponent value
of 97, which provides 397 mod 353= 40.
• With larger numbers,
Computer Networks the problem becomes impractical.
06/04/24
ASYMMETRIC-KEY CRYPTOGRAPHY
Limitations of Diffie-Hellman
• The technique does not protect against replay attacks.
• Man-In-The-Middle-Attack:
• 1. Darth generating two private keys XD1 and XD2, and then computing the
corresponding public keys YD1 and YD2.
• 2. Alice transmites YA to Bob.
• 3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 =
(YA)XD2 mod q.
• 4. Bob receives YD1 and calculates K1 = (YD1)XB mod q.
• 5. Bob transmits YB to Alice.
• 6. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1
mod q.
• 7. Alice receives YD2 and calculates K2 = (YD2)XA mod q.
• At this point, Bob and Alice think that they share a secret key. But actually
situation is different.
Computer Networks
•
06/04/24
Darth simply wants to eavesdrop. Or modify the message going to Bob.
ASYMMETRIC-KEY CRYPTOGRAPHY

Let us give a trivial example to make the procedure clear. Our example uses small
numbers, but note that in a real situation, the numbers are very large. Assume g = 7 and
p = 23. The steps are as follows:

1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21.

2. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4.
3. Alice sends the number 21 to Bob.
4. Bob sends the number 4 to Alice.
5. Alice calculates the symmetric key K = 43 mod 23 = 18.
6. Bob calculates the symmetric key K = 216 mod 23 = 18.
The value of K is the same for both Alice and Bob;
gxy mod p = 718 mod 23 = 18.

Computer Networks 06/04/24

 Data Compression

Computer Networks 06/04/24

 Data Compression

Data compression is a reduction in the number of bits needed to represent data. Compressing
data can save storage capacity, Speed file transfer and decreases costs for storage hardware
and network bandwidth.

Even with very fast transmission speed of data we need to send data in short time. We need
to Compress data for this purpose.

Virtually all form od data contain redundancy i.e. it is the amount of wasted “space” used to
transmit certain data.

Computer Networks 06/04/24

 Data Compression

Data compression is the function of presentation layer in OSI reference model. Compression
is often used to maximize the use of bandwidth across a network or to optimize disk space
when saving data.
There are two general types of compression algorithms:
1. Lossless compression
2. Lossy compression

Lossless Compression

Lossless compression compresses the data in such a way that when data is decompressed it is
exactly the same as it was before compression i.e. there is no loss of data.
A lossless compression is used to compress file data such as executable code, text files, and
numeric data, because programs that process such file data cannot tolerate mistakes in the data.
Lossless compression will typically not compress file as much as lossy compression techniques
and may take more processing power to accomplish the compression.

06/04/24
Computer Networks
Data Compression
Lossless Compression Algorithms
The various algorithms used to implement lossless data compression are :

1. Run length encoding

2. Differential pulse code modulation
3. Dictionary based encoding

1. Run length encoding

•This method replaces the consecutive occurrences of a given symbol with only one copy of
the symbol along with a count of how many times that symbol occurs. Hence the names
‘run length’.
•For example, the string AAABBCDDDD would be encoded as 3A2BIC4D.
•A real life example where run-length encoding is quite effective is the fax machine. Most
faxes are white sheets with the occasional black text. So, a run-length encoding scheme
can take each line and transmit a code for while then the number of pixels, then the code
for black and the number of pixels and so on.
•This method of compression must be used carefully. If there is not a lot of repetition in the
data then it is possible the run length encoding scheme would actually increase the size of
a file.
Computer Networks 06/04/24
Data Compression

2. Differential pulse code modulation

• In this method first a reference symbol is placed. Then for each symbol in the data, we
place the difference between that symbol and the reference symbol used.
•For example, using symbol A as reference symbol, the string AAABBC DDDD would be
encoded as AOOOl123333, since A is the same as reference symbol, B has a difference of
1 from the reference symbol and so on.

3. Dictionary based encoding

LZW, LZRW1, LZ77 etc

Computer Networks 06/04/24

Data Compression

Lossy Compression

Lossy compression is the one that does not promise that the data received is exactly the
same as data send i.e. the data may be lost.

This is because a lossy algorithm removes information that it cannot later restore.

Lossy algorithms are used to compress still images, video and audio.

Lossy algorithms typically achieve much better compression ratios than the lossless
algorithms.

Computer Networks 06/04/24

S.NO Lossy Compression Lossless Compression

Lossy compression is the method which eliminate the While Lossless Compression does not eliminate the data which is
1.
data which is not noticeable. not noticeable.
In Lossy compression, A file does not restore or rebuilt in While in Lossless Compression, A file can be restored in its original
2.
its original form. form.

3. In Lossy compression, Data’s quality is compromised. But Lossless Compression does not compromise the data’s quality.

4. Lossy compression reduces the size of data. But Lossless Compression does not reduce the size of data.

Algorithms used in Lossy compression are: Transform Algorithms used in Lossless compression are: Run Length
5. coding, Discrete Cosine Transform, Discrete Wavelet Encoding, Lempel-Ziv-Welch, Huffman Coding, Arithmetic
Transform, fractal compression etc. encoding etc.
6. Lossy compression is used in Images, audio, video. Lossless Compression is used in Text, images, sound.
Lossless Compression has less data-holding capacity than Lossy
7. Lossy compression has more data-holding capacity.
compression technique.

Lossy compression is also termed as irreversible

8. Lossless Compression is also termed as reversible compression.
compression.

Computer Networks 06/04/24

Computer Networks 06/04/24