Cryptography

Detailed Study
Engr. Asif Rafiq
 Cryptography
Definitions and Concepts
• When data is stored on a computer, it is
usually protected by logical and physical
access controls.
• When this same sensitive information is sent
over a network, it can no longer take these
controls for granted, and the information is in
a much more vulnerable state.
 Encryption
Definition and Concepts
• Encryption is a method of transforming readable
data, called plaintext, into a form that appears
to be random and unreadable/unintelligible
which is called cipher-text.

• This enables the transmission of confidential

information over insecure channels (Network)
without unauthorized disclosure.
 Receiver

Sender

Without the right key, the captured

message is useless to an attacker.
 Cryptosystems
Definitions and Concepts
• A system or product that provides encryption and
decryption is referred to as a cryptosystem and
can be created through hardware components or
program code in an application
• The cryptosystem uses an encryption algorithm
• Most algorithms are complex mathematical
formulas that are applied in a specific sequence
to the plaintext
Cryptosystems
A cryptosystem encompasses all of the necessary
components for encryption and decryption to take
place. Pretty Good Privacy (PGP) is just one
example of a cryptosystem.

A cryptosystem is made up of at least the following:

• Software
• Protocols
• Algorithms
• Keys
 Cryptography
Components
• Most encryption methods use a secret value called
a key (usually a long string of bits), which works
with the algorithm to encrypt and decrypt the text
• The algorithm, the set of rules also known as the
cipher, dictates how enciphering and deciphering
takes place
• Many of the mathematical algorithms used in
computer systems today are publicly known and
are not the secret part of the encryption process
 Cryptography
Components….Key Space
• In encryption, the key (crypto-variable) is a
value that comprises a large sequence of
random bits
• An algorithm contains a keyspace, which is a
range of values that can be used to construct a
key
The larger the keyspace, the more available values can be used to
represent different keys—and the more random the keys are, the
harder it is for intruders to figure them out
 Cryptography
Keys & Keyspace
• When the algorithm needs to generate a new
key, it uses random values from this keyspace

For example, if an algorithm allows a key length

of 2 bits, the keyspace for that algorithm would
be 4, which indicates the total number of
different keys that would be possible. That
would not be a very large keyspace, and
certainly it would not take an attacker very long
to find the correct key that was used.
 Keys & Keyspace….

• A large keyspace allows for more possible

keys.
• Today, we are commonly using key sizes of
128, 256, 512, or even 1,024 bits and larger. So
a key size of 512 bits would provide a 2512
possible combinations (the keyspace)
• The encryption algorithm should use the
entire keyspace and choose the values to
make up the keys as randomly as possible.
 Key Length and Exhaustive Search
Time
Key Length in Number of Possible Keys
Bits Each extra bit
doubles the number of
1 keys 2
2 4
4 16
8 256
16 65,536
40 1,099,511,627,776
56 72,057,594,037,927,900
112 5,192,296,858,534,830,000,000,000,000,000,000
112 Shaded keys are 5.1923E+33
168 Strong symmetric keys 3.74144E+50
256 1.15792E+77
(>=100 bits)
512 1.3408E+154
 Time Required For Decryption
Key Size Number of Time required at 1 Time required at
(bits) Alternative decryption/µs 106 decryptions/µs
Keys
32 232 = 4.3  109 231 µs= 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 5.4  1018 years
years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 5.9  1030 years
years

26 characters 26! = 4  1026 2  1026 µs= 6.4  6.4  106 years

(permutation) 1012 years
 Major Symmetric Key Encryption Ciphers
RC4 DES 3DES AES
Key Length 40 bits or 56 112 or 168 128, 192, or
(bits) more 256
Key Strength Very weak at Weak Strong Strong
40 bits
Processing Low Moderate High Low
Requirements
RAM Low Moderate Moderate Low
Requirements
Remarks Can use keys Created in Applies DES Today’s gold
of variable the 1970s three times standard for
length with two or symmetric
three key
different encryption
DES keys
Major Symmetric Key Encryption Ciphers…..

• RC2/RC4 - "RC" stands for "Ron's Code" or

"Rivest Cipher“.
• DES – Data Encryption Standard
• 3DES – 3 times the original DES/triple DES
• AES – Advanced Encryption Standard
The Strength of the Cryptosystem
• The strength of an encryption method comes
from the algorithm, the secrecy of the key, the
length of the key, the initialization vectors,
and how they all work together within the
cryptosystem.
• When strength is discussed in encryption, it
refers to how hard it is to figure out the
algorithm or key, whichever is not made
public.
The Strength of the Cryptosystem
• The strength of an encryption method correlates to
the amount of necessary processing power, resources,
and time required to break the cryptosystem or to
figure out the value of the key.
• Breaking a cryptosystem can be accomplished by a
brute force attack, which means trying every possible
key value until the resulting plaintext is meaningful.
• Depending on the algorithm and length of the key, this
can be an easy task or one that is close to impossible.
The Strength of the Cryptosystem
• The goal when designing an encryption
method is to make compromising it too
expensive or too time-consuming to be de-
crypted.
• Another name for cryptography strength is
work factor, which is an estimate of the effort
and resources it would take an attacker to
penetrate a cryptosystem.
 The Strength of the Cryptosystem
• Important elements of encryption are:
- algorithm without flaws.
- large key size be used.
- all possible values within the keyspace be utilized.
- protect the actual key.
• If any one of the elements is weak, it could be the
link that dooms the whole process.
Even if a user employs an algorithm that has all the
requirements for strong encryption, including a large
keyspace and a large and random key value, if he shares his
key with others, the strength of the algorithm becomes
almost irrelevant.
 Services of Cryptosystems
• Confidentiality
Renders the information unintelligible except by authorized
entities
• Integrity
Data has not been altered in an unauthorized manner since it
was created, transmitted, or stored
• Authentication
Verifies the identity of the user or system that created
information
• Authorization
Upon proving identity, the individual is then provided with the
key or password that will allow access to some resource
• Non-repudiation
Ensures that the sender cannot deny sending the message.
 Non-repudiation

If David sends a message and then later

claims he did not send it, this is an act of
repudiation.
When a cryptography mechanism
provides non-repudiation, the sender
cannot later deny he sent the message.
(He can try to deny it, but the
cryptosystem proves otherwise)
Suppose your boss sends you a message telling
you that you will be receiving a raise that
doubles your salary.
•The message is encrypted, so you can be sure
it really came from your boss (authenticity)
•Someone did not alter it before it arrived at
your computer (integrity)
•No one else was able to read it as it traveled
over the network (confidentiality)
•Your boss cannot deny sending it later when
he comes to his senses (non-repudiation)
 Confidentiality With
Cryptographic Tools –
“Symmetric Encryption”
 Cryptographic Tools
• cryptographic algorithms are important
elements in security services
• review various types of elements
– Symmetric encryption
– Asymmetric (Public-Key) encryption
– Digital signatures and key management
– Secure hash functions
• example is use to encrypt stored data
Symmetric Encryption –
Simplified Model
 Symmetric Encryption –
Simple Example

Chipher Text
 Symmetric Encryption -
Attacks
• cryptanalysis
– rely on nature of the algorithm
– plus some knowledge of plaintext characteristics
– even some sample plaintext-ciphertext pairs
– exploits characteristics of algorithm to deduce
specific plaintext or key
• brute-force (hit n trial) attack
– try all possible keys on some ciphertext until get an
intelligible translation into plaintext
 Symmetric Encryption Algorithms
include:
1. Block Ciphers - processes the plaintext input in fixed-
size blocks and produces a block of ciphertext of equal size for
each plaintext block.
applies to a unit of data larger than a single 64-bit or 128-bit
block

2. Stream Ciphers – Processes the input elements

continously, to produce one element at a time as its ouput.
 Symmetric Block Encryption
Algorithms are:
1. DES – Data Encryption Standard
2. Triple DES – involves repeating the basic DES algo 3 tmes.
3. AES – Advanced Encryption Standar
 DES and Triple-DES
• Data Encryption Standard (DES) is the most
widely used encryption scheme
– uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block
– concerns about algorithm & use of 56-bit key
• Triple-DES
– repeats basic DES algorithm three times
– using either two or three unique keys
– much more secure but also much slower
Advanced Encryption Standard (AES)
• needed a better replacement for DES/3DES
• NIST called for proposals in 1997
• selected Rijndael in Nov 2001
• published as FIPS 197
• symmetric block cipher
• uses 128 bit data & 128/192/256 bit keys
• now widely available commercially