Cryptography

Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Concepts and Definitions

• Cryptology – the study of cryptography and cryptanalysis

• Cryptanalysis – practice of defeating the protective properties of
cryptography. Reading protected info, altering messages or
integrity values and violating authentication. The practice of testing
cryptographic algorithms to determine their strength or resistance
to compromise.
• Cryptography – from Greek words “kryptos” (hidden) and
“graphia” (writing). Mathematical manipulation of information to
prevent the information from being disclosed or altered.
 Basic Goals of Cryptography

• Confidentiality – prevent unauthorized people from being able to detect

or understand a message
• Integrity – detect if a message has been tampered with or corrupted
• Authenticity – ensure that message has been sent to correct person
and in correct order, including prevention of replay attacks
• Non-repudiation – sender cannot deny sending
• Access control – encrypted passwords, token-based access control
devices provide protection for systems and applications
• Make compromise difficult – make the attack either too expensive or
too time-consuming to be worth the effort
 Concepts & Definitions

• Cryptosystem – device or process used to perform encryption and

decryption operations
• Plaintext/Cleartext – human readable message
• Ciphertext/Cryptogram – enciphered, encrypted, or scrambled
message
• Cryptographic Algorithm – mathematical function that determines the
cryptographic operations
• Cryptovariable (key) – often secret value used to transform the
message in the encrypted message
• Key Space – total number of keys available to the user of a
cryptosystem
 Concepts & Definitions

• Encrypt/Encipher – scrambling a plaintext message by using an

algorithm, usually in conjunction with a key

• Encode – similar to enciphering or encrypting except that it does not

use a key

• Decipher/Decrypt/Decode – descrambling an encrypted message and

converting it to plaintext
 Basic Transformation Techniques

• Substitution – change value, not position.

• Transposition/Permutation – change the relative position of values
without replacing them (bit-shuffling)
• Compression – change position, not value. Decrease redundancy
before plaintext is encrypted. Used to save on bandwidth and storage.
• Entropy – maximum amount of compression that can be applied
• Expansion – typically used to increase the size of plaintext to match the
size of keys or subkeys
• Padding – adding additional material to plaintext before encrypting.
Addresses weaknesses in an algorithm and foils traffic analysis
 XOR – Exclusive Or

• Fast arithmetic function used in many computer operations

• Binary math

• Add two values

• If both input values are the same the output is a Zero (i.e., 1+1=0;
0+0=0)
• If the input values are different the output is a One (i.e., 1+0=1;
0+1=1)
 Keys and Cryptovariables

• Key management – refers to the principles and practices of protecting the keys throughout the lifecycle
• Key expiry/cryptoperiod – keys should be changed on a regular basis. Length of time should be based on
algorithm and level of protection required
• Key mixing/Key schedule – DES nominal length 56 bits (actual length 64 but 8 used for parity), does 16
rounds of substitution and transposition and uses 48 bits of the key. Generates new 48 bit key from original
56 bit. AES uses key schedulers to generate completely new keys from the original key for each round.
• Keystreams – pseudo-random sequence that is generated from the input key and mixed with the input
message.
• Synchronous – keystream is generated based on original key, bit-by-bit, in sync with plaintext
• Non or self-synchronous – keystream is generated based upon previously generated ciphertext and
cryptovariable
• Key storage – key must be protected in transit and storage
• Key clustering – term used to represent a weakness that exists in a cryptosystem if two different keys
generate the same ciphertext from the same plaintext
 Initialization Vector (IV)

• Encrypting similar messages will create patterns of ciphertext even

when using different keys. Predictability is an enemy of
cryptography.

• An IV is a random value added to the plaintext message before

encrypting so that each ciphertext will be substantially different.

• The recipient will also need the IV to decrypt the message

 Work Factor

• An estimate of the effort/time needed to overcome a protective

measure by an attacker with specified expertise and resources.
• Commonly used as a way to measure the amount of resources that
would be required to brute-force an algorithm or cryptosystem.
• System is said to be broken when there is a way to decrease the
work factor to a reasonable level.
• All cryptosystems will be crackable eventually. Objective is to use
a system that is computationally infeasible to crack.
• Work factor has nothing to do with normal encryption/decrytion
 Kerckhoff’s Principle

• States that the strength of a cryptosystem is based on the secrecy of the key
and not on the secrecy of the algorithm.
• Work factor for the cryptanalyst is the effort required to determine the correct
key.
• Key length is the primary method used to determine the strength of the
cryptosystems.
• Brittleness – measure of how badly a system fails. A resilient system is
dynamic and designed to fail only partially or degrade gracefully. In general,
automated systems which only do one thing are be definition brittle.
• “Security by Obscurity” – concept that system is secure as long as no one
outside the “group” is allowed to find out anything about its internal
mechanisms.
 Key Algorithms

• Symmetric key – same key used for both the encryption and
decryption operation

• Asymmetric key – pair of mathematically related keys (A and B)

used separately for encryption and decryption
 Certificates

• Certificate proves who owns a public key

• Digitally signed, special block of data that contains public key
and identifying information for the entity that owns the private
key
• Issued by a Certification Authority (CA) – trusted entity or 3rd
party that issues and signs public key certificates, attesting to the
validity of the public key.
• Registration Authority – is the primary organization that verifies a
Certificate Applicant’s information and identity. Works with CA to
verify applicant’s information before issuing a certificate
 Hash Functions

• Message integrity

• Computed value for a message, program, data, etc to be

transmitted or stored

• One way function

• Cannot decrypt/reverse a hash

 Digital Signatures

• Message Integrity and Proof of Origin

• Proves message has not been altered
• Proves who sent the message
• Created by encrypting a hash of the message with the private
asymmetric key of the sender. Creates a signed hash that can only
be unlocked using the public asymmetric key of the sender.
• Reason for signing the hash of the message instead of the
message is that asymmetric algorithms tend to be very slow and
computationally intensive to use. So signing the hash saves time
and money.
 Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Historical Development

• Cryptographic techniques
• Manual – cryptographic methods performed by hand using a variety of
tools (still used on some one-time pads)
• Mechanical – use of mechanical tools to perform encryption and
decryption (cipherdisk)
• Electro-mechanical –use of electro-mechanical devices (Enigma
machine)
• Electronic – computer based tech used to perform complex and secure
cryptographic operations (software and hardware based algorithms – AES,
RSA, etc.)
• Quantum cryptography – using single photon light emissions to provide
secure key negotiation
 Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Uses of Cryptography

• Protecting information

• Transit
• Email, VPNs, e-commerce, VOIP, etc.
• Storage
• Disk encryption
• System access
• Passwords, remote login
 Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Making Secure Algorithms

• Problems – simple systems are not very secure

• Discernible – if you know the language of the original message, “frequency
analysis” can be performed
• Redundancies – make the cryptoanalyst’s job easier
• Statistical patterns – can be revealed in ciphertext if algorithm doesn’t obscure
them
• Solutions
• Confusion – principle of hiding patterns in the plaintext by substitution
• Diffusion – act of transposing the input plaintext throughout the ciphertext so that
a character in the ciphertext would not line up directly in the same position in the
plaintext
• Avalanche – achieved with plaintext bits affect the entire ciphertext so that
changing one bit in the plaintext would change half of the entire cipher text
 Stream Ciphers

• Keystream
• Statistically unpredictable and unbiased
• Not linearly related to the key
• Operates on individual bits or bytes
 Uses of Stream Cipher and Stream-Mode
Block Ciphers

• Wireless

• Audio/video streaming
• SRTP (Secure Real-time Transport Protocol)
 Block Cipher

• Blocks of plaintext are encrypted into ciphertext blocks

• Multiple modes of operation
• Variable key size, block size, rounds
 Block Cipher Uses

• Data transport – SSL, TLS. Both protocols can use AES and Triple
DES. IPSec based VPNs also use block ciphers to encrypt
communication between endpoints

• Data storage – even though block ciphers take more time, used
because of their greater ability to frustrate cryptanalysis. TrueCrypt
is an example of block cipher used to encrypt data
 Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Simple Substitution Ciphers
• Substitution of one value for another

• Caesar Cipher
• Shift alphabet (by 3)
• A B C D E F …. FACE
• D E F G H I …. IDFH
• Scramble alphabet
• A B C D E F …. FACE
• Q E Y R T M …. MQYT

• Vulnerable to frequency analysis

 Simple Transposition/Permutation

• Columnar – rearranging the T H I S I

message in a table
S A N E X
• Plaintext “This is an example of
transposition”
A M P L E
• Cipher “tsaoni hamfst inptpi selroo
ixeasn”
O F T R A
• Key: grid shape & reading
direction N S P O S

• Example: the Spartan Scytale I T I O N

 Polyalphabetic Ciphers

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
2 Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
3 X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
4 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
…

• Encrypt the plaintext FEEDBACK using a key of 3241

• Try encrypting your name
 Running Key Ciphers

• Done by using the numerical value of letters in the plaintext and is

coded and decoded by using a copy of the text in a book as the
key.
• Sender and recipient determine the key by agreeing on a point in
the book (i.e. page number) from which to start the encryption.
• Key would “run” as long as the plaintext, and the value of each
letter of the key would be “added” to the value of each letter of the
plaintext.
• If total of the two letters is greater than 25, then 26 would be
subtracted from the result. The combined value of the letters
would be the value of the ciphertext letter.
 One-Time Pads (OTP)

• Truly random key values

• Both sides have same pad of key values

• Keys are only used once

• Unbreakable algorithm
• Mathematically proven that it can never be broken
 Steganography

• The art of hiding information

• Plaintext hidden/disguised
• Prevents a third party from knowing that a secret
message exists
• Traditionally accomplished in a number of ways:
• Physical techniques
• Null ciphers
 Image-Based Steganography

Original image Stegged image

File size is identical (260 kb)

If hashed, values would be different
 Watermarking/Rights Management

• Digital watermarking – similar to physical watermarking.

Either visible or invisible markings embedded within a digital
file to indicate copyright or other handling instructions, or to
embed a fingerprint to detect unauthorized copying and
distribution of images.

• Digital Rights Management/Digital Restriction Management

(DRM) – extends digital watermarking in order to place strict
usage conditions on the display and reproduction of digital
media.
 Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Modes of Symmetric Block Ciphers

• Block Modes
• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)

• Stream Modes
• Cipher Feed Back (CFB)
• Output Feed Back (OFB)
• Counter (CTR)
• Counter with CBC-MAC (CCMP)
 Electronic Code Book (ECB)

• Each block of plaintext is encrypted independently using the same

key
 Cipher Block Chaining (CBC)

• The first plaintext block is XOR’d with an Initialization Vector (IV)

• Result is ciphertext is chained into the next plaintext block
 Cipher Feed Back (CFB)

• Similar to CBC
• IV is encrypted and then XOR’d with the first plaintext block
 Output Feed Back (OFB)

• Operates very much like CFB

• Only the RESULT of encrypting the IV is feed back to the next
operation
 Counter (CTR)

• Similar to OFB
• Counter value is used instead of an IV
 Counter With CBC-MAC (CCMP)

• Provides confidentiality and authenticity

• Works with 128 bit block size
• Mandatory in 802.11i
• Adds one more block for confidentiality
• Counter mode lacks integrity. CCMP solves that problem.
 DES – Data Encryption Standard
• DES
• 56 bit key
• 16 rounds of transposition and substitution
• Fixed 64 bit block size
• Double DES (DDES)
• Uses two 56 bit keys
• Message is encrypted by one key and re-encrypted by the second
• Was thought to provide 112 bit cipher but was successfully attacked by the
“meet-in-the-middle” analytic attack
• Triple DES (TDES)
• Input data is encrypted three times
• Strength depends on the mode of the operation picked and the number of
keys being used
• Effective key size is 168 bit
AES – Advanced Encryption Standard

• Based on Rijndael algorithm

• Developed by Daemen and Rijmen in 1998

• Block sizes: 128, 192, and 256

• Variable number of rounds

• Variable key size

 Other Block Ciphers
• RC5 and RC6

• Blowfish

• Twofish

• CAST

• SAFER

• Serpent
 RC-4

• Symmetric stream cipher

• Arbitrary key size

• Many applications
 Strengths & Weaknesses – Symmetric
Ciphers

Strengths Weaknesses
• Fast • A different form of key
• Difficult to crack negotiation/ exchange/
distribution must be used
• Algorithms and tools freely
available • Poor scalability
• Stream ciphers ensure highly • Limited security
efficient serial communications • On noisy channels, error
• Block ciphers offer multiple correcting is a must
modes
 Asymmetric Key Cryptography

• Diffie-Hellman, 1976

• Public key cryptography

• Uses a pair of mathematically related keys

• Private key
• Public key
 Public Key Algorithms

• Ensures confidentiality
• Encrypting message with the receiver’s public key provides confidential transmission
of the message because the only key that can open the message is the
corresponding private key of the recipient

• Ensure proof of origin

• When a message is encrypted (signed) with the sender’s private key, the recipient
can verify the source of the message because the message can only be opened with
the sender’s public key

• Confidentiality and proof of origin

• Double encrypting a message with the private key of the sender and then with the
public key of the receiver will provide both confidentiality and proof of origin
 RSA Algorithm
• Rivest-Shamir-Adleman, 1977
• Encryption
• Digital signatures
• Key distribution
• Adjustable key size
• PKCS#1 is the implementation of the algorithm. Currently in V2.1
• How does it work?
• Find 2 prime numbers and call them p and q
• Multiply them and call the result n
• Choose a public value less than n relatively prime with (p-1) and (q-1) and call it e
• Find d such that e*d=1 mod (p-1)*(q-1)
• Make n and e PUBLIC, and keep d, p and q SECRET
• To encrypt message m, ciphertext c = me mod n
• To decrypt, m = cd mod n
 Other Algorithms

• Diffie-Hellman Key Exchange Protocol

• Perfect Forward Secrecy (PFS) – principle used in D-H that even if 2
private keys are used in negotiating a secret value (shared secret), and
one of those private keys is later compromised, it will not be possible to
determine either the secret key or the other private key from the
compromised private key
• Diffie-Hellman Groups – determine the length of the base prime numbers
that will be used in calculating the key pairs.
• STS/Unified Diffie-Hellman – one weakness of D-H was the man-in-the-
middle attack. This led to development of the Station to Station (STS)
key agreement protocol by Diffie, Van Oorscht and Weiner in 1992.
• Menzies/Qu/Vanstone
• Elgamal – retired
• Elliptic Curve Cryptography (ECC) – fewer bits. Extremely slow
 Knapsack Algorithms

• Merkle-Hellman knapsack
• Developed in 1978

• Chor-Rivest knapsack
• Developed in 1984 and revised in 1988

• Both schemes have been broken

Asymmetric Key Cryptography

Strengths Weaknesses
• Confidentiality/privacy • Computationally
• Access control intensive
• Authentication • Very slow
• Integrity
• Non-repudiation
Common Hash Functions

• Message Digest
• MD2, MD4, MD5
• Secure Hash Algorithm (SHA)
• SHA-1 (160 bit), SHA-256, SHA-384
• SHA-512 (best practice)
• SHA-3
• HAVAL
• RIPEMD
• Tiger
• WHIRLPOOL
 Hash Function Characteristics

• Condensed representation of the message

• One-way function

• Non-linear relationship

• Hash calculated from whole, original message

 Keyed Hashes (SALT)

• Basic hash can be intercepted and changed

• To solve that problem, mix a HASH algorithm with a pre-shared

key

• Adversary would need to know the key to create a collision

• Implemented in IPSec for integrity checking of both ESP

(Encapsulating Security Payload) & AH (Authentication Header)
 Digital Signatures

• (Asymmetric cryptography) + (Hash of message)

• Only authenticity and non-repudiation (not confidentiality)
• Legality – if the encryption is intact and the private key is held by
the rightful owner, it must be accepted by all parties in the
transaction.
• American Bar Association has developed guidelines for accepting digital
signatures that have been adopted in some US states and other countries
• Not accepted globally for transactions and specifically not for
high-dollar/high-risk situations
• Examples
• DSA, RSA, Elgmal, Schnorr, ECC
 Digital Signatures Uses

• E-commerce
• Non-repudiation of origin (with private key)

• Integrity of message (with private key encrypted hash)

• Software distribution (integrity and non-repudiation)

• Email and secure document distribution

 Key Management Challenges

• Greatest challenge with secure cryptographic implementation is

the management of the keys. Keys must be kept secret. Yet,
they must be available when needed. Even OLD keys have to
be kept to decrypt old backup files or data.

• Key distribution

• Key storage

• Key change
• Expire – how long to use a key
 Functions of Key Management

• Operations
• Dual control – require the active participation of 2 or more. No one
person can misuse.
• Threshold schemes – require more than one person to
successfully complete the task

• Key recovery
• Split knowledge – 2 or more people have info about the key. Must
be combined to work.
• Multi-party key recovery – break the key into 3 or more parts and
each part go to a different person.
• Escrow – Key held
 Functions of Key Management

• Creation
• Automated key generation – prevents user bias and provides quick
key production
• Truly random – only true random generators are things like radioactive
decay, noisy diodes, etc. Computers produce pseudo-random.
• Suitable length – generators must generate enough bits for a complete
key. Generating 64 bits and concatenating them does not make them
128.
• Key encrypting keys (KEK) – keys used to encrypt other keys. Care
must be taken to ensure that the data used to generate the KEK is
NOT related to the keys being produced.
 Functions of Key Management

• Distribution
• Out of band – does not guarantee security delivery, but it increases its
likelihood
• Public key encryption – most common solution
• Secret key construction – using D-H (or similar), exchange values online that generate a
new secret key
• Secret key delivery – using RSA (or similar), party encrypts secret key with receiving
party’s public key.
• Key distribution center – think Kerberos
• Certificates – used to distribute public keys

• Storage
• Trusted hardware – hardware evaluated (typically) by FIPS 140-2 or Common
Criteria
• Smartcard – non-volatile storage
 Public Key Infrastructure (PKI)

• Binds people/entities to their public keys

• Prevent Man-in-the-Middle attack

• Public keys are published and are certified by digital signatures

 Strong Cryptographic PKI Solutions

• Use evaluated solutions

• High work factor
• Publicly-evaluated cryptographic algorithms
• Training
• Import and export of cryptography
• Wassenaar Agreement – is an agreement between several countries
that governs the movement of cryptographic algorithms between those
countries. The restrictions are usually based on key length and
whether the product is commercially available
• Law enforcement issues
 Certificates and CAs

• Certificates link a public key to its owner

• Classes of certificates
• Certification Authorities (CAs)
• Registration Authority (RA)
• Cross-certification
• Certificate Revocation Lists (CRLs)
• Online Certificate Status Protocol (OCSP)
• X.509
 Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Cryptanalysis

• Art and science of breaking codes

• Attack vectors
• Key
• Algorithm
• Implementation
• Data (ciphertext or plaintext)
• People – social engineering
• Assumptions
 Brute Force Attack

• Trying all possible key combinations

• Two factors: cost and time
• Moore’s Law
• Processing speed doubles every 18 months for the same
price
• Advances in technology and computing performance will
always make brute force an increasingly practical attack on
keys of a fixed length
• Measured in MIPS per year – 1 computer running 1,000,000
calculations per second for a year
 Brute Force Attack

Bits Number of keys Brute Force Attack Time Bits Number of keys Brute Force Attack Time
56 7.2 x 10^16 56 7.2 x 10^16 20 hours
80 1.2 x 10^24 80 1.2 x 10^24 54,800 years
128 3.4 x 10^38 128 3.4 x 10^38 1.5 x 10^19 years
256 1.15 x 10^77 256 1.15 x 10^77 5.2 x 10^57 years

• Data shown is as of 1998 when “Deep Crack” was used in RSA DES
challenge.
• Cost $250,000 to build. Today the same thing can be done for under
$10,000.
• With today’s tech, can break DES in 8.7 days or less for under $10,000.
 Plaintext Attacks

• Known plaintext attack – attacker has both the plaintext and

ciphertext. Uses analysis to try to determine key.

• Chosen plaintext attack – attacker has access to the crypto

machine. Runs plaintext through machine to get encrypted
data. Uses statistical information to try to determine key.

• Adaptive chosen plaintext attack – attacker has encryption

device for more than one message. Patterns may emerge if
the attacker puts similar texts into the device
 Ciphertext Attacks

• Ciphertext only – assume attacker has samples of encrypted text but not
the algorithm, key or system. Most difficult attack because the attacker
has the least to work with.

• Chosen ciphertext attack – attacker has access to ciphertext and system

used to generate. Attacker can run pieces of ciphertext through to obtain
the plaintext. Leads to Known Plaintext Attack or Differential or Linear
Cryptanalysis attack.

• Adaptive chosen ciphertext attack – attacker has access to the

cryptosystem and can now modify and run ciphertext through the system
to see what the effect of the modification is on the plaintext.
 Attack Against Ciphers

• Stream
• Frequency analysis – knows characteristics of plaintext language
• IV or keystream analysis – examines large numbers of generated IVs for
weaknesses, statistical biases, etc.

• Block
• Linear cryptanalysis – large amounts of plaintext and associated ciphertext to
find info about the key
• Differential cryptanalysis – 2 or more similar plaintexts are encrypted using
same key and compared
• Linear-differential cryptanalysis – combo of linear and differential
• Algebraic attacks – examines the algorithm
• Frequency analysis – uses the statistics of the language to break a ciphertext
 Attacks Against Hash Functions

• Dictionary Attacks
• Based on known lists of common words

• Birthday attacks – group of 23 people, 50% chance 2 will have same birthday. 60
people, 99% chance. Relevant because it describes the amount of effort that must be
made to determine when 2 randomly-chosen values will be the same (collisions). Weak
hash causes many collisions

• Attack the hash value

• Attack the initialization vector

• Rainbow table attacks

• Hash reductions
• Salts
 Social Engineering

• Persuasion

• Coercion (rubber-hose cryptanalysis)

• Bribery (purchase-key attack)

 Other Common Attacks

• Meet-in-the-Middle
• Mathematical analysis that attacks a problem from both ends and
attempts to find the solution by working toward the center of the
operation from both sides.

• Man-in-the-Middle
• Attacker intercepts and modifies the data before transmitting to
intended person.

• Poor Random Number Generation

 Domain Objectives

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations
 Common Secure Email Protocols

• Privacy Enhanced Mail (PEM)

• Uses DES in Cipher-Block-Chaining (CBC) mode for confidentiality
• Can also use Electronic Code Book (ECB) or 3DES for key
management
• For message integrity it uses either MD2 or MD5 hash
• Not compatible with Multipurpose Internet Mail Extensions (MIME) so
not often used
• Pretty Good Privacy (PGP)
• Uses symmetric and asymmetric key cryptography
• Can use RSA, D-H, and Elgamal for asymmetric key
• Secure Multipurpose Internet Mail Extensions (S/MIME)
• De facto standard for email privacy
 Internet Security

• Uses
• Remote Access
• VPNs
• E-commerce

• Tools
• IPSec
• SSL/TLS
• Secure HTTP
• TLS
 Cryptography Domain Summary

• Definitions
• History
• Uses
• Cryptographic Methods
• Encryption Systems
• Algorithms
• Cryptanalysis and Attacks
• Implementations