Data & Network Security

Chapter 3 – Cryptography
Part 2
 Outline
3.1 Introduction
3.2 Terminology
3.2.1 Plain text, cipher text
3.2.2 Encryption, decryption
3.2.3 Key
3.2.3 Symmetric and Asymmetric Cryptosystem
3.2.4 Cryptanalysis & Brute Force Attack
3.4 Cipher Types
3.5 Classical Cryptography
3.5 Symmetric Encryption
3.6 Asymmetric Encryption
3.7 Public Key Cryptosystem (RSA, Key Exchange, Diffie-Hellman)
3.8 Others - Message Authentication, Hash Function, Digital Signature
© Rocheston 2023
© Rocheston 2023
 Asymmetric Encryption

● Also called as Public Key Cryptography, 2 different

keys (which form a key pair) are used.
● One key is used for encryption and only the other
corresponding key must be used for decryption.
● No other key can decrypt the message – not even the
original (the first) key used for encryption!
● The beauty of this scheme is that every
communicating party needs just a key pair.
 Asymmetric Encryption

● One of the 2 keys is called as public key and the other

is the private key.
● The private key remains with you as a secret.
● The private key must not be disclosed to anybody.
● However, the public key is for the public.
● It is disclosed to all parties that you want to
communicate with.
● In this scheme each party publishes its public key.
 Asymmetric Encryption

● Suppose A wants to send a message to B without

having to worry about its security.
● Then, A and B should each have a private key and a
public key.
√ A should keep her private key secret
√ B should keep her private key secret
√ A should inform B about her public key
√ B should inform A about her public key
● Thus, we have a matrix as shown next.
 Asymmetric Encryption
Key details A should know B should know

A’s private key Yes No

A’s public key Yes Yes

B’s private key No Yes

B’s public key Yes Yes

● Asymmetric key cryptography works as follows:

 when A wants to send a message to B, A encrypts the
message using B’s public key. This is possible
because A knows B’s public key.
 A sends this message (which was encrypted with B’s
public key) to B.
 B decrypts A’s message using B’s private key.
 Asymmetric Encryption

▪ Note that only B knows about her private key.

▪ Also note that the message can be decrypted only by
B’s private key and nothing else!
▪ Thus, no one else can make any sense out of the
message even if one can manage to intercept the
message.
▪ This is because the intruder (ideally) does not know
about B’s private key. It is only B’s private key that
can decrypt the message.
▪ Similarly, when B wants to send a message to A,
exactly reverse steps take place.
 Asymmetric Encryption

Sender (A) Receiver (B)

Encrypt Decrypt
with B’s with B’s
public key private key

Plain Plain Plain Plain

text text text text

A encrypts the message using B’s public key. Therefore, only B

can decrypt the message back to its original form, using her
private key.
 Public Key (Encrypt) + Private Key
(Decrypt) = Achieved Confidentiality
Computer A acquires
Computer B’s public key
Can I get your Public Key please? Bob’s Public
1 Key
Here is my Public Key.

Computer A transmits Bob’s Private

Bob’s Public 4
Key The encrypted message Key

to Computer B Encrypted Computer

Computer Text
B
A
Encryption Encryption
Algorithm
2 Algorithm

Encrypted 3 Computer B uses

Text its private key to
decrypt and reveal
Computer A uses Computer B’s
the message
public key to encrypt a message
using an agreed-upon algorithm
 Private Key (Encrypt) + Public Key
(Decrypt) = Achieved Authentication
Bob uses the public key to successfully
Alice encrypts a message decrypt the message and authenticate
with her private key that the message did, indeed, come from
Alice.
1 Alice’s Private Encrypted
Key
Text

Encryption
Alice’s Public
Algorithm Alice transmits the 4 Key
encrypted message Encrypted
2 to Bob Text

Encrypted
Computer Text
3 Computer
Encryption
Algorithm
A B
Alice’s Public Can I get your Public Key please?
Key Here is my Public Key

Bob needs to verify that the message

came from Alice. He requests
and acquires Alice’s public key
 Private Key (Encrypt) + Public Key
(Decrypt) = Achieved Non-Repudiation
Alice encrypts a message
Bob uses Alice’s public key to
with her private key
successfully decrypt the message.
1 Alice’s Private Encrypted
Key
Text

Encryption
Alice’s Public
Algorithm Alice transmits the 3 Key
encrypted message Encrypted
2 to Bob Text

Encrypted
Computer Text
4 Computer
Encryption
Algorithm
A B
Alice’s Public
Key
Bob can read the message using Alice’s public key
thus, it shows only Alice’s private key was used to
encrypt the message that only Alice knows. By this,
it means Alice cannot deny later that she is the one
who sent the message because no other people
hold Alice’s private key except herself.
Public Key Cryptosystem

© Rocheston 2023
© Rocheston 2023
Public Key Cryptosystem
 Public Key Cryptosystem
The essential steps are the following:
1. Each user generates a pair of keys to be used for the encryption and decryption
of messages.
2. Each user places one of the two keys in a public register or other accessible file.
This is the public key. The companion key is kept private. As suggested, each user
maintains a collection of public keys obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message
using Alice’s public key.
4. When Alice receives the message, she decrypts it using her private key. No
other recipient can decrypt the message because only Alice knows Alice’s
private key.
5. With this approach, all participants have access to public keys, and private
keys are generated locally by each participant and therefore need never be
distributed. As long as a user’s private key remains protected and secret, incoming
communication is secure. At any time, a system can change its private key and
publish the companion public key to replace its old public key.
RSA Algorithm

© Rocheston 2023
© Rocheston 2023
 RSA Algorithm

Private Key

Page 294 – 297 Cryptography

and Network Security Book
RSA Algorithm
RSA Algorithm - Example
RSA Algorithm - Example
 Euler's Totient function Φ (n) for an input n is the count of
numbers in {1, 2, 3, …, n-1} that are relatively prime to n,
i.e., the numbers whose GCD (Greatest Common Divisor)
with n is 1. A simple solution is to iterate through all
numbers from 1 to n-1 and count numbers with gcd with n
as 1.

Two integers are relatively prime or Coprime when there

are no common factors other than 1. This means that no
other integer could divide both numbers evenly. Two
integers (a & b) are called relatively prime to each other if
gcd(a,b)=1. For example, 7 and 20 are relatively prime.
© Rocheston 2023
© Rocheston 2023
© Rocheston 2023
© Rocheston 2023
 Real Life Implementation

● We can consider a practical situation that describes

asymmetric cryptography as used in real life.
● Suppose a bank accepts many requests for
transactions from its customers over an insecure
network.
● The bank can have a private key-public key pair. The
bank can publish its public key to all its customers.
● The customers can use this public key of the bank to
encrypt messages before they send them to the bank.
The bank can decrypt all these encrypted messages
with its private key, which remains with itself.
Applications of Public-Key Cryptosystems
Requirements for Public-Key
Cryptosystems

computationally easy to
create key pairs

computationally easy
useful if either key can for sender knowing
be used for each role public key to encrypt
messages

computationally
computationally easy
infeasible for
for receiver knowing
opponent to
private key to decrypt
otherwise recover
ciphertext
original message

computationally
infeasible for opponent
to determine private
key from public key
 Asymmetric Encryption Algorithms

most widely block cipher in which

RSA (Rivest, accepted and the plaintext and
Shamir, developed in 1977 implemented ciphertext are
approach to public- integers between 0
Adleman) key encryption and n-1 for some n.

enables two users to

Diffie-Hellman securely reach an agreement
about a shared secret that limited to the
key exchange can be used as a secret key exchange of the keys
algorithm for subsequent symmetric
encryption of messages

Digital provides only a cannot be used for

Signature digital signature encryption or key
function with SHA-1 exchange
Standard (DSS)

Elliptic curve security like RSA, but

cryptography with much smaller
keys
(ECC)
 Key Exchange/Distribution

● How nice to combine two cryptography mechanisms?

Problems before?
● Combination must meet the following objective:
√ Solution completely secure
√ Encryption & decryption -> not take a long time
√ Generated cipher text -> compact in size
√ Solution scale to many users
√ Key distribution problem must be solved
● In practice, symmetric & asymmetric are combined ->
very efficient security solution.
 Key Exchange/Distribution

● Suppose you need to send a protected message to

someone you do not know and who does not know
you.
● Eg. Online income tax return.
● You want the information to be protected.
● And you do not necessarily know the person who is
receiving the information.
● Situation: being able to exchange encryption key
nobody can intercept it.
 Diffie-Hellman Key Exchange

● Whitefield Diffie and Martin Hellman

○ devised an amazing solution to the problem
○ called Diffie-Hellman Key Exchange/Agreement
Algorithm (DHKE/AA)
● The beauty of this scheme – two parties who want to
communicate securely can agree on a symmetric key
using this technique.
● However, must be noted DHKE/AA can be used only
for key agreement but not for encryption or
decryption of messages.
 Example 1

●Alice and Bob want to agree upon a key to be used for

encrypting / decrypting messages that be exchanged
between them.
●1. Firstly, Alice and Bob agree on one prime number,
q and one root number, α. These 2 integers need not
be kept secret. Alice and Bob can use an insecure
channel to agree on them.

Let q = 11, α = 7.
 Diffie-Hellman Algorithm

Let q = 11, α =7

2. Alice chooses a private large random numberXA, and

calculates A: YA =α XAmod q
Let XA = 3. Then we have, YA =α XAmod q=73 mod
11 = 343 mod 11 = 2

3. Alice sends the number YA (public) to Bob

Alice sends 2 to Bob
4. Bob independently chooses another private large
random number XB and calculates B such that: YB =α XB
mod q Let X = 6. Then we have, Y =α XB mod q = 76 mod 11
B B
= 117649 mod 11 = 4
 Diffie-Hellman Algorithm

5. Bob sends the number YB (public) to Alice

Bob sends 4 to Alice
6. Alice now computes the secret key K1 as follows: K1 =
(YB) XA mod q
We have, K1 = 43 mod 11 = 64 mod 11 = 9
7. Bob now computes the secret key K2 as follows: K2 =
(YA) XB mod q
We have, K2 = 26 mod 11 = 64 mod 11 = 9

● Therefore, in this case, we have K1 = K2 = K.

 Example 2: Diffie-Hellman
Alice Bob
Shared Secret Calc Shared Secret Calc

1 23, 5 1 23, 5
3
2 6 56mod 23 = 8 8

1. Alice and Bob agree to use the same two numbers. For example, the base number g=5 and
prime number p=23
2. Alice now chooses a secret number x=6.
3. Alice performs the DH algorithm: gx modulo p = (56 modulo 23) = 8 (Y) and sends the
new number 8 (Y) to Bob.
 Example 2: Diffie-Hellman
Alice Bob
Shared Secret Calc Shared Secret Calc

5, 23 5, 23
6 56mod 23 = 8 8 15 4

19 515mod 23 = 19

5 196mod 23 = 2 6 815mod 23 = 2

4. Meanwhile Bob has also chosen a secret number x=15, performed the DH algorithm: gx
modulo p = (515 modulo 23) = 19 (Y) and sent the new number 19 (Y) to Alice.

5. Alice now computes Yx modulo p = (196 modulo 23) = 2.

The result (2) is the same for
6. Bob now computes Yx modulo p = (8 6 modulo 23) = 2. both Alice and Bob.
This number can now be used
as a shared secret key by the
encryption algorithm.
 Diffie-Hellman Secure Part

● An obvious question now is, if Alice and Bob can both

calculate K independently, so can an attacker! What
prevents this?
● The fact is, that Alice and Bob exchange q, α, YA and YB
(public). Based on these values, XA (Alice’s private key)
and XB (Bob’s private key) cannot be calculated easily.
● Rouge XYZ knows: q, α, YA and YB
● Try calculate = YA(pubA)XB(privB) mod n = 2 XB mod 11
= YB(pubB)XA(privA) mod n = 4 XA mod 11
● XB (Bob private key) = 6 , XA (Alice private key) = 3
 Diffie-Hellman Algorithm

● Mathematically, the calculations do find out XA and XB

are extremely complicated, if they are sufficiently
large numbers.
● Consequently, an attacker cannot calculate XA and XB,
and therefore cannot derive key, K.
Message Authentication

protects against
active attacks
• contents have not been
verifies received altered
message is • from an authentic source
• timely and in a correct
authentic sequence
can use
• only the sender & receiver
conventional share a key
encryption
Achieved integrity Message Authentication Codes
Secure Hash
Function
© Rocheston 2023
 Security of Hash Function

√ There are two approaches to attack a secure hash function:

○ Cryptanalysis – exploit logical weaknesses in the algorithm
○ Brute-force attack – the strength of the hash function
depends solely on the length of the hash code produced by
the algorithm
√ SHA, MD5 and MD4 most widely used hash algorithm.
√ Additional secure hash function applications:
● Passwords – the hash of a password is stored by an operating
system.
● Intrusion detection – store H (F) for each file on a system and
secure the hash values.
 Message
Authentication Using
a
One-Way
Hash Function
Achieved integrity
 Digital Signature

● Used for authenticating both source and data

integrity.
● Created by encrypting hash code with private key.
● Does not provide confidentiality
 even in the case of complete encryption
 message is safe from alteration but not
eavesdropping
© Rocheston 2023
 Digital Signature Process
The sending device creates
a hash of the document
The receiving device Validity of the digital
accepts the document signature is verified
Data
Confirm with digital signature
and obtains the public key Signature Verified
Order
0a77b3440…
1
hash Signed Data 6

Signature Confirm
Order 4
Key
____________
Encrypted 0a77b3440…
hash Signature Signature is
2
Algorithm verified with the
The sending device 3 verification
encrypts only the hash key
0a77b3440…
with the private key
of the signer 5
The signature algorithm Verification
generates a digital signature Key
and obtains the public key
 Achieved integrity and
authenticated sender at
the same time
 Summary
● Symmetric encryption
○ conventional or single-key only
type used prior to public-key
❖ Terminology – plaintext, cipher text,
○ five parts: plaintext, encryption
encryption, decryption, key,
algorithm, secret key, ciphertext,
cryptography, cryptanalysis,
and decryption algorithm
cryptology.
○ two attacks: cryptanalysis and
brute force ❖ Classical cryptography – substitution
and transposition cipher.
○ most used algorithms are block
ciphers (DES, triple DES, AES) ❖ RSA

● Public-key encryption (Asymmetric) ❖ DHKE/AA

○ based on mathematical functions ❖ Message authentication
○ Asymmetric six ingredients: ❖ Hash function
plaintext, encryption algorithm, ❖ Digital signature
public and private key, ciphertext,
and decryption algorithm