Unit 2

Introduction to Cryptography

Dr. Haitham Alani

Cryptography

Cryptography Process
 Plaintext (readable format) is encrypted by means of encryption
algorithms such as RSA, DES, and AES, resulting in a ciphertext
(unreadable format) that, on reaching the destination, is
decrypted into readable plaintext.
Encryption
Confusion and Diffusion
 Confusion:

 The main idea behind confusion is to make the relationship between the
plaintext and the ciphertext as complex and unpredictable as possible.

 In other words, the goal is to ensure that the statistics of the plaintext do
not reflect in the statistics of the ciphertext.

 Diffusion
 Diffusion aims to spread out the influence of individual plaintext bits over
the entirety of the ciphertext.
 That is, a change in a single bit of the plaintext or the key should affect
many bits of the ciphertext.
Symmetric Encryption
Asymmetric Encryption
End-to-End Encryption
What is Cryptoanalysis
 Cryptanalysis is the study of analyzing cryptographic systems
and methods with the intention of understanding them and
finding their weaknesses.

 The ultimate goal of cryptanalysis is to break the encryption

or discover the secret key used in a cryptographic algorithm
without having prior knowledge of it.
 Cryptoanalysis Techniques
 Ciphertext-only Attack (COA): In this type of attack, the cryptanalyst only
has access to some ciphertext and tries to determine the corresponding
plaintext or the secret key.

 Known-plaintext Attack (KPA): Here, the cryptanalyst has access to both

the plaintext (original message) and its encrypted version (ciphertext).
Using these pairs, the attacker attempts to derive the secret key.

 Chosen-plaintext Attack (CPA/CCA): In this attack, the cryptanalyst can

choose arbitrary plaintexts to be encrypted and then access the
corresponding ciphertexts. The goal is to use this ability to figure out the
secret key.
 Cryptoanalysis Techniques
(Cont’d)
 Chosen-ciphertext Attack (CCA): Here, the attacker can choose different
ciphertexts to be decrypted and then obtain the corresponding plaintexts,
aiming to use this capability to find the secret key.

 Man-in-the-middle Attack (MitM): In this scenario, the attacker intercepts

and possibly alters the communication between two parties without them
knowing.

 Side-channel Attacks: Instead of directly attacking the algorithm, these

attacks target the physical implementation of the cryptographic system.
Types of Ciphers
Classical Ciphers
 Classical ciphers are the most basic type of ciphers, which operate on letters
of the alphabet (A–Z). These ciphers are generally implemented either by
hand or with simple mechanical devices. Because these ciphers are easily
deciphered, they are generally unreliable.

 Substitution cipher: The user replaces units of plaintext with ciphertext

according to a regular system.
 The units may be single letters, pairs of letters, or combinations of
them, and so on.
 The recipient performs inverse substitution to decipher the text.
 Examples include the Beale cipher, autokey cipher, Gronsfeld cipher,
and Hill cipher.
 For example, “HELLO WORLD” can be encrypted as “PSTER
HGFST” (i.e., H=P, E=S, etc.). o
Types of Ciphers (Cont’d)
 Transposition cipher:
 Here, letters in the plaintext are rearranged according to a regular
system to produce the ciphertext.

 For example, “CRYPTOGRAPHY” when encrypted becomes

“AOYCRGPTYRHP.”

 Examples include the rail fence cipher, route cipher, and Myszkowski
transposition.
 Modern ciphers are designed to withstand a wide range of attacks. They
provide message secrecy, integrity, and authentication of the sender.
 A user can calculate a modern cipher using a one-way mathematical
function that is capable of factoring large prime numbers.
Modern Ciphers
 Based on the type of key used
• Symmetric-key algorithms (Private-key cryptography): Use the same key for
encryption and decryption.
• Asymmetric-key algorithms (Public-key cryptography): Use two different keys for
encryption and decryption.

 Based on the type of input data •

• Block cipher: Deterministic algorithms operating on a block (a group of bits) of
fixed size with an unvarying transformation specified by a symmetric key.
Most modern ciphers are block ciphers
Examples include DES, AES, IDEA
Modern Ciphers (Cont’d)
When the block size is less than that used by the cipher, padding is employed to
achieve a fixed block size.

• Stream cipher: Symmetric-key ciphers are plaintext digits combined with a

key stream. Here, the user applies the key to each bit, one at a time.
Examples include RC4, SEAL, etc.
Modern Ciphers (Cont’d)
Modern Ciphers (Cont’d)
Modern Ciphers (Cont’d)
Hashing
Hashing Properties

Here are some key properties and aspects of hashing:

Deterministic
Fast Computation
Resistance
Avalanche Effect
Collision Resistance
Fixed Size
Hashing Applications

 Hashing is used in different applications:

 Data Integrity
 Password Storage:
 Cryptographic Applications (Blockchain)

There are different types of hashing algorithms like:

 Md4 (Not Collision Resistant)
 MD5 (Not Collision Resistant)  32 Digits
 SHA1  40 Digits
 SHA256  64 Digits
 SHA512  128 Digits
Salting (Why not just hashing?)

Suppose you use a hashing algorithm to store passwords.

If two users have the same password, they'll have the same hash
value.

This predictability can be exploited by attackers using techniques like

rainbow tables, which are precomputed tables for reversing
cryptographic hash functions.

Also, without any variations in the hashing process, attackers can

guess many possible plaintext passwords, hash them, and then compare
them to the stored hash to find.
Salting (Why Not Just Hashing?)

 A salt is a random value that's generated for each user's password.

 The password and the salt are combined, and then this combined value
is hashed.

 By adding this randomness via the salt, even if two users have the same
password, their hashes will differ because their salts are different.

 The salt, even though it's stored in plaintext alongside the hash, ensures
that precomputed tables (like rainbow tables) become ineffective because
an attacker would need a different table for each possible salt.
Salting (Why Not Just Hashing?)
Cont’d
 When a user creates an account or changes their password:

 A new, random salt is generated.

 The salt is combined with the user's password.
 This combined value is then hashed.
 The system stores both the salt (in plaintext) and the resulting hash.

 When a user logs in:

 The system retrieves the stored salt for that user.
 It combines the salt with the entered password.
 This combined value is then hashed.
 The computed hash is compared with the stored hash. If they match, the
password is correct.
Secure Hashing Algorithm
What Sort of Hashing Does
Linux Use?
 Traditionally, Unix-like systems, including Linux, used the crypt function
with the DES algorithm.
 Over time, DES became obsolete due to its vulnerabilities.

 Modern Linux systems have transitioned to more secure algorithms for

password hashing:
 MD5: Used in older systems; prefixed with $1$ in the /etc/shadow file.
 SHA-256: More secure than MD5; prefixed with $5$.
 SHA-512: Even more secure and widely used; prefixed with $6$.

 You can determine which one is being used by looking at the /etc/shadow
file or by examining the configuration in /etc/pam.d.
What About Windows
 Windows uses different mechanisms and algorithms depending on the
purpose and the version of the operating system. Here are some key areas
where hashing is employed:

 LM Hash (LAN Manager hash): Used in older versions of Windows

(Windows NT and earlier).

 NTLM Hash (NT LAN Manager hash): Used from Windows NT onwards
and is more secure than LM, but still has known vulnerabilities.

 NTLMv2: An improved version of NTLM used in more recent versions of

Windows.
What About Windows (Cont’d)
 Windows stored the hashed passwords in a local database called Security
Account Manager “SAM”

 The SAM file can be found at C:\Windows\System32\config\SAM on a

standard Windows installation, but it cannot be accessed while the operating
system is running due to file locks.

 If an attacker has physical access to a machine, they can boot the system
using an external operating system (e.g., a Linux live CD) to access the
SAM file directly and extract its contents.

 Mimikatz is a famous tool known for its ability to extract the hashed
passwords from SAM database
Hash Message Authentication
Code (HMAC)
The hash-based message authentication code (HMAC) is a type of
message authentication code (MAC) that uses a cryptographic key along
with a cryptographic hash function.

It is widely used for verifying the integrity of data and authentication of a
message.

This algorithm includes an embedded hash function such as SHA-1 or

MD5.

The strength of the HMAC depends on the embedded hash function, key
size, and the size of the hash output.
Hash Message Authentication
Code (HMAC)
Hash Message Authentication
Code (HMAC) Application
Digital Signature
Digital Signature (Cont’d)
PGP (Pretty Good Privacy)
Let’s Play with Hashing

 Hashing Concepts

 https://tools.superdatascience.com/blockchain/hash/

 Keys and Digital Signature

 https://tools.superdatascience.com/blockchain/public-private-k
eys/signatures
Digital Certificates (HTTPS)
Digital Certificates (Cont’d)
How does it work?
How Does Certificate Authority
work?
Self Signed Certificate
 A self-signed certificate is a security certificate that is not signed by a
certificate authority (CA).

 These certificates are easy to make and do not cost money

 For instance, when a website owner uses a self-signed certificate to

provide HTTPS services, people who visit that website will see a
warning in their browser.

 Website visitors who bypass such warnings are exposed to a risk that a
third party could intercept traffic to the website using the third-party's
own self-signed certificate.
Self Signed Certificate (Cont’d)

SSL/TLS
 SSL stands for Secure Sockets Layer and, in short, it's the standard
technology for keeping an internet connection secure and safeguarding
any sensitive data that is being sent between two systems.

 The protocol prevents criminals from reading and modifying any

information transferred, including potential personal details.

 TLS (Transport Layer Security) is just an updated, more secure, version

of SSL.
Cryptography Attacks
Techniques

 Brute Force Attack

 Dictionary Attack
 Rainbow Table
 Pass the Hash
 Replay Attacks
Cryptography Attacks
Techniques (Cont’d)

Cryptography Attacks
Techniques (Cont’d)
 Replay Attack is a type of attack where an adversary intercepts and
records a valid data transmission and later fraudulently retransmits that
data.

 The attacker "replays" the captured data to either impersonate one of the
parties or to repeat a specific transaction.

 For instance, if an attacker captures a packet that signifies a user

logging into a network, the attacker could replay that packet at a later
time to gain unauthorized access as if they were the legitimate user.
Attacks Mitigation Techniques

 To mitigate Brute Force and dictionary attacks, you may do the

following:
 Choose Captcha
 Account Lockout
 Use a long Key (more than 32 bits)

What about Rainbow tables?

Attacks Mitigation Techniques
(Cont’d)

 To mitigate against replay attacks, the following mitigation techniques

would help:

 Timestamps: Include a timestamp in the message. If the message is

replayed after some time delay, the receiver can recognize and discard it.

 Sequence Numbers: Every message can have a unique sequence number. If

a message is captured and replayed, its sequence number would be out of
order, and the recipient would discard it.
Cracking Tools

 The following are some tools used for the cracking process:

Hashcat
Hydra
John the ripper
Aircrack-ng (Used for wifi password cracking)
What about Encoding like
Base64?
Questions? 