Group 4:

CRYPTOGRA
PHY The arts of secret writing.
 CONTENTS OF CRYPTOGRAPHY
CRYPTOGRAPHY The art of secret writing that enables an individual to hide the contents of a
message or file.

ALGORIHTMS A cryptographic algorithm or cipher secures data by converting it into code,

readable only with a key.

HASHING Converts data into a fixed-size string, uniquely representing it.

SYMMETRIC ENCRYPTION Is a method of encrypting data using a single key for both encryption and
decryption.

ASYMMETRIC ENCRYPTION Uses a pair of keys: a public key for encryption and a private key for
decryption.

USES OF CRYPTOGRAPHY IN Provides the foundation for secure digital transactions, data protection, and
SECURITY privacy online.
Cryptography
- Is the practice of securing info by converting it into
a secret code, allowing only the intended recipient
to understand it.
- It’s main purpose is to protect data from
unauthorized access through encryption.
3 types of
Cryptography:
 Symmetric Cryptography
 Asymmetric Cryptography
 One-way or Hashing
Cryptography
Cryptogra
phy
Cryptanalysis
Is the process of trying to break or
decode an encrypted message to find
out what the original message was.

2 METHODS:
1. DIFFERENTIAL CRYPTANALYSIS
Done by comparing the input plaintext to the
output ciphertext to try determined the key.
2. LINEAR CRYPTANALYSIS
Used to crack encryption by finding simple
relationships between the input (plaintext), output
(ciphertext), and the secret key. It looks for patterns
that can help guess the key with less effort than trying
all possibilities.
 ALGORITHMS
The cryptographic algorithm or Cipher is made up of
mathematical steps for encrypting and decrypting
information.
Diagram of Encryption and
Decryption process
Ke Ke
y y

Plaint Ciphert Plaint

ext ext ext

Encrypt Decrypt
ion ion
ALGORITHM
S Caesar’s
Cipher
A way of hiding a message by shifting each
letter a certain number of steps in the
alphabet.
 Substitution
Cipher
A Substitution Cipher is a way to hide a message by
replacing each letter in the original text with a
different letter. Instead of shifting letters like in
Caesar’s Cipher, you create a random alphabet
where each letter stands for a different one.
 Vigenère Cipher
• The Vigenère Cipher is a way of hiding messages by
using a keyword to shift each letter in the text.
Instead of using the same shift for every letter like in
Caesar’s Cipher, Vigenère uses a repeating keyword
to determine different shifts for each letter.
Uses a table together with a keyword to encipher a
message.
 HASHING
• The mathematical process that produces the message
digest or “hash”.
• Common uses of hashing functions are storing computer
passwords and ensuring message integrity.
• A hash algorithm can be attacked with what is called a
collision attack, where an attacker finds two different
messages that hash to the same value.
How Hashes Work

Original
Hash Message
message- Padding
Function Digest
plaintext
 HASHING
• Secure Hash Algorithm
(SHA)
• Developed in 1993 by the National Institute of Standards
and Technology (NIST) and the National Security Agency
(NSA).
• Designed as the algorithm to be used for secure hashing
in the U.S. Digital Signature Standard (DSS).
• Creates message digests 160 bits long that then can be
used by the Digital Signature Algorithm (DSA), which can
then compute the signature of the message.
• Works by applying a compression function to the data
input.
• Works in block mode, separating the data into words first,
then grouping the words into blocks.
• One of the more secure hash functions.
 HASHING
• Message Digest (MD)
 Generic version of one of three algorithms, all designed to create a message
digest or hash from data input into the algorithm.

 MD2
• takes a data input of any length and produces a hash output of 128 bits
• optimized for 8-bit machines.

 MD4
• optimized for 32-bit computers, is a fast algorithm, but it is not secure.

 MD5
• structured after MD4 but with additional security to overcome the problems in
MD4.
• creates a 128-bit hash of a message of any length
SYMMETRIC ENCRYPTION
• Based upon the concept of a shared or key that is used for both
encryption and decryption.

Layout of a symmetric algorithm

Shared Shared
secret: Key secret: Key

Plaint Ciphert Plaint

ext ext ext

Encrypt Decrypt
ion ion
 SYMMETRIC ENCRYPTION ALGORITHMS

• Designed
 Data by IBM in the 1970’s
Encryption and adopted
Standard by the National Bureau
(DES)
of Standards (NBS) for commercial and unclassified government
applications.
• Known as block-cipher employing a 56-bit key that operates on 64-
bit blocks.
• Has a complex set of rules and transformations that were designed
specifically to yield fast hardware implementations and slow
software implementations.
• Performs a substitution and then a permutation on the input , based
Thethe
upon
1. algorithm
key. accepts plaintext, P, and performs an initial
• permutation,
Works IP, on P producing P0 .
in 3 stages:
2. With L0 and R0 , 16 rounds are performed until L16 and R16 are
generated.
3. The inverse permutation, IP-1, is applied to L16R16 to produce
ciphertext C.
 SYMMETRIC ENCRYPTION
ALGORITHMS
 3DES
• A variant of DES, uses either two or three keys instead of the
single key that DES uses depending on the specific variant.
• Spins through the DES algorithm three times via what is called
multiple encryption.
Diagram of Plainte
Plainte
xt 3DES xt
Key Key
A Encrypt Decrypt A
ion ion
Key
B Key
Decrypt Encrypt B
ion ion
Key Key
C Encrypt Decrypt
C
ion ion
Ciphert
ext
SYMMETRIC ENCRYPTION
ALGORITHMS
Advanced Encryption Standard (AES)
• Uses a symmetric key cryptography scheme called Rijndael,
block cipher designed by Belgian cryptographers John
Daemen and Vincent Rijmen.
• Can use a variable block length and key length of 128,192,
or 256 bits.
• Works in three steps
1. It scrambles on every
the data usingblock
a key.of input data:
2. It changes parts of the data to make it more
confusing.
3. It checks and resets parts of the data to make it
more secure.
 SYMMETRIC ENCRYPTIOM
Cas ALGORITHMS
t Design by Carlisle Adams and Stafford Tavares.
 Uses a 64-bit block size for 64- and 128-bit key versions, and a
128-bit block size for the 256-bit key version.
 Divides the plaintext block into a left half and a right half.
Rivest Cipher
(RC)
 General term for several ciphers all designed by Ron Rivest.
 Series include RC1, RC2, RC3, RC4, RC5, and RC6.
 RC2 • Designed to be a DES replacement;
it is a variable-key-size-block-mode
cipher.
• Key size can be from 8 bits to 1024
bits with the block size being fixed at
64 bits.
 SYMMETRIC ENCRYPTIOM
ALGORITHMS
 RC5

• A block with multiple variable elements, numbers of rounds, key sizes, and block sizes.

 RC6

• Based on the design of RC5, It uses a 128-bit block size, separated into four words of
32 bits each.
• Uses a round count of 20 to provide security, and it has three possible key sizes: 128,
192, and 256 bits.

 RC4

• Considered as a stream cipher, which works by enciphering the plaintext in a stream,

usually bit by bit.
 SYMMETRIC ENCRYPTIOM
ALGORITHMS
Blowfish
 A symmetric 64-bit block cipher invented by Bruce Schneler, optimized for 32-bit
processors with large data caches, it is significantly faster than DES on a
Pentium/PowerPC-class machine.
 Key lengths can vary from 32 to 448 bits in length.
International Data Encryption
Algorithm (IDEA)
 A block-mode cipher using a 64-bit block size and a 128-bit key.
 Was modified to improve resistance to differential cryptanalysis.

 Commonly known as public key cryptography, uses two keys, one for
encryption and the other for decryption.
 Depends upon the existence of so-called one-way functions, or
mathematical functions that are easy to computer whereas their inverse
function is relatively difficult to compute.
 Asymmetric Encryption
Algorithms
RSA
 Used in hundreds of software products and can be used for key
exchange, digital signatures, or encryption of small blocks of data.
 Uses the product of two very large prime numbers and works on
the principle of difficulty in factoring such large numbers.
Diffie-
Hellman
 Plays a role in the electronic key exchange method of the
Secure Sockets Layer (SSL) protocol.
 Enables the sharing of a secret key between two people
who have not contacted each other before.
 Assymetric Encryption
Algorithms
ELGamal
 Can be used for both encryption and digital signatures.
 Based upon the difficulty of calculating discrete logarithms in a
finite field.
Elliptic Curve Cryptography
(ECC)
 A public key cryptography algorithm based upon elliptic
curves.
 Designed for devices with limited computer power and/or
memory, such as smartcards and PDA’s.
 Uses of Cryptography in Security
1.
Confidentiality
 Is gained because encryption is very good at scrambling information to make it
look like random noise, when in fact a key can decipher the message and return
it to its original state.

2. Integrity
 Is gained because hashing algorithms are specifically designed to check integrity.
They can reduce a message to a mathematical value that can be independently
calculated, guarantee ing that any message alteration would change the
mathematical value.
3.
Nonrepudiation
 Is the property of not being able to claim that you did not send the data. This
property is gained because of the properties of private keys.
 Uses of Cryptography in Security
4.
Authentication
 Or being able to prove you are you, is achieved through the
private keys involved in digital signatures.
5. Digital
Signatures
 Combining multiple types of encryption, provide an
authentication method verified by a third party, allowing
you to use them as if you were actually signing the
document with your regular signature.
6. Key Escrow
 Is a system by which your private key is kept
both by you and by the government.
 ATTACKING
COMPUTER
SYSTEMS AND
NETWORKS
 ATTACKING COMPUTER SYSTEMS
AND NETWORKS
 Two broad categories of attacks on computer
systems and network:
 Attacks on specific software.
 Attacks on a specific protocol or service.

 Two types of target of an attacker:

 Target of opportunity.
 Defined targets.
ATTACKING COMPUTER SYSTEMS AND
NETWORKS
 Denial-of-Service Attacks
 The attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
 Prevent access to the target systems, or the attack can be used in conjunction
with other actions in order to gain unauthorized access to a computer or
network.
 Forms of DOS attack:
• SYN flooding

• Ping-of-death (POD)
 Can be conducted using a multiple attacking system known as distributed DOS.
 To stop or mitigate DOS or DDOS:
• Ensure to apply latest patches and upgrade to systems and
applications.
Attacking Computer Systems and
Networks
SYN flooding DOS
attack
SYN
(with faked IP
address) Reserve
connection

SYN/
ACK
Wait for
ACK

ATTACKER TARGET
Response to faked
address
 Attacking Computer Systems and

Networks
Backdoors and
Trapdoors
 Sometimes referred to as a trapdoor.
 Commonly used to refer to programs that attackers install after gaining
unauthorized access to a system to ensure that they can continue having
unrestricted access to the system.
 Can also be installed by authorized individuals accidentally, if they run
software that contains a Trojan horse.
 Common backdoors include:
• NetBus
• Back Office
 A variation on the backdoor is the rootkit, and they are established not to
gain root access but rather to ensure continued root access.
Attacking Computer Systems and
Networks
 Sniffing

 Term used to describe the use of a sniffer program to monitor data

traffic to a network or server, in order to gain access information.
 Network sniffer is a software or hardware device that is used to
observe traffic as it passes through a networked on shared broadcast
media.
 Network sniffers can be used by network administrators for monitoring
network performance.
 Network sniffers can be used by attackers to gather information that
can used in penetration attempts.
 Attacking Computer Systems and
 Networks
Network sniffers listen to all network
traffic
Internet

Internal
Network
Router

Attacker
listening
to all
traffic
Attacking Computer Systems and
Networks
 Spoofing

 Type of attack in which data is made to look like it has come from a
different source.
 Two forms of Spoofing:

• E-mail Spoofing – The forgery of an e-mail header so that

the message appears to have originated from someone or
somewhere other than the actual source.
• IP Spoofing – Technique used to gain unauthorized access to
computers, whereby the intruder sends messages to a
computer with an IP address indicating that the message is
coming from a trusted host.
Attacking Computer Systems and
Networks
 Man-in-the-Middle
Attacks
 Type of attack that generally occurs when attackers are able to place
themselves in the middle of two other hosts that are communicating, thus
allowing the attacker to view and/or modify the traffic.
 Various defenses against man-in-the-middle attacks use authentication
techniques that are based on:

• Public Keys
• Stronger manual authentication
• Secret keys (high information entropy secrets)
• Passwords (low information entropy secrets)
Communication appears to be
direct

Host 2 Host 1

Attacke
r
 Attacking Computer Systems and
Networks
 Replay Attacks
 Attacks in which the attacker captures a portion of network traffic between
two parties and retransmits it at a later time.
 Can be avoided with encryption, cryptographic authentication, and time
stamps.
 TCP/IP Hijacking
 Also called session hijacking.
 Refers to attacks designed to take control of an already existing session
between a client and a server.
 Used against web and telnet sessions.
 To prevent this type of attacks is to re-authenticate the user before
performing important actions and to create unique session cookies (for
web servers).
Attacking Computer Systems and
Networks
 Weak Keys

 Key which when used with a specific cipher, makes the cipher behave in
some undesirable way.
 Usually represent a very small faction of the overall key space, which
usually means that if one generates a random key to encrypt a message
weak keys are very unlikely to give rise to a security problem.
Attacking Computer Systems and
Networks
 Password Guessing

 A dictionary attack is a method used to break password-based security

systems, in which the attacker systematically test all possible passwords
beginning which words that have a higher possibility of being used, such
as names and places.
 A brute-force attack is a type of password attack that does not attempt
to decrypt any information but simply continue to try different passwords.
 A birthday attack is a very special type of brute-force attack that exploits
the mathematics behind the birthday paradox, making use of a space-
time tradeoff.
Attacking Computer Systems and
Networks
 Software Exploitation
 Attack that takes advantages of bugs or weaknesses (poor design, poor
testing, or poor coding practices) in software.
 Particular type of software exploitation is buffer overflow.
 War dialing and War
Driving
 Wardialing is the term used to describe an attacker’s attempt to discover
unprotected modem connections to computer systems and networks.
 WarDriving refers to the activity where the attackers wander throughout
an area (often in a car) toting a computer with wireless capability as they
search for wireless networks they can access.
Attacking Computer Systems and
Networks
 Social Engineering
 Attack based on deceiving users or administrators at the target site.
 Typically carried out by telephoning users or operators and pretending to
be an authorized user, and attempt to gain illicit access to the systems.
 Malware
 Also known as Malicious code.
 Refers to software that has been designed for some nefarious purepos.
 Designed to cause damage to a system (such as by deleting all files) or to
create a backdoor in the system in order to grant access to unauthorized
individuals.
 Includes viruses, worms, Trojans horses, Logic bombs, and hostile mobile
code.
 Attacking Computer Systems and
Networks
 A Virus is a piece of malicious code that replicates by attaching itself to
another piece of executable code.

• Boot sector virus – Infects the boot sector portion of either a floppy
disk or a hard drive.
• Program Virus – attaches itself to executable files (file ending in .exe
or .com on Windows-based.

 A Trojan horse is a piece of software that appears to do one thing ( and

may, in fact, actually do that thing) but which hides some other
functionality.
• It is attached to a particular executable file, and typically isn’t capable
of replicating and attaching itself to other files on system.
 Attacking Computer Systems and
Networks
 A Logic Bombs are a type of malicious software that is deliberately
installed, generally by an authorized user.
• It is a piece of code that sits dormant for a period of time until some
event invokes its payload.

 Worms - are pieces of code that attempt to propagate through

penetration of networks and computer systems.
• Include the Morris worm, Code-Red, and Slammer.

 Mobile code – is segments of code sent from another host that is

executed on a system.
THANK YOU FOR
LISTENING!