CYSE 610:

Networks and Cybersecurity

Cryptography

Dr. Mingkui Wei, Associate Professor

Cybersecurity Engineering
What is cryptography

• Cryptography comes from two Greek words, κρυπτο (hidden or

secret) and γραφη (writing).
• The art of mangling information into apparent unintelligibility.
• The basic service provided by cryptography is to send information between
participants in a way that prevents others from reading it.
• Other side-effects include integrity checking, and authentication, etc.
What is cryptography

• Most cryptography involves a public algorithm and a secret value,

i.e., the key. Why don’t we just invent a secret algorithm instead?
• It is difficult to keep devising new algorithms.
• It is difficult to prevent someone from learning the algorithm for a long time.
• Similar to physical locks and keys, locking mechanism remains the same while
the key shapes change.
Computational difficulty

• It is possible to break any cryptography algorithms, it just takes time

• Is the time taken practical (1 year vs 1 million years)
• Is the time taken longer than the lifetime of the secret (the secret to be kept 1
week while it takes 2 weeks to break it)
• Is the time taken worth the value of the secret (cost $2K to break a secret that
only worth $1K)
Simple cryptography algorithms

• Caesar cipher
Simple cryptography algorithms

• Caesar cipher
• Key space is 26, that is, there are 26 possible keys.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Plaintext: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD
Simple cryptography algorithms

• Monoalphabetic cipher
• Arbitrary mapping from one letter to another
• There are 26! possible pairing of letters.
• Can be broken by statistical analysis and knowledge about the specific
language.
Assumption of attackers

• Three assumptions of the resources can be obtained by an attacker.

• Ciphertext only: the attacker can only obtain the ciphertext.
• The attacker needs to be strong, and the algorithm can be somewhat weak.
• Known plaintext: attacker can obtain some <plaintext, ciphertext> pairs.
• Secret expires, and the plaintext is known.
• Guessable plaintext content, e.g., the header of an IP packet.
• Chosen plaintext: attacker can obtain ciphertext for any chosen plaintext.
• Many system responds to an inquiry with the encrypted version of the request.
• So what?
• Assume Trudy gets an encrypted message from Alice, which is either “Trudy will be fired” or “Trudy will be
promoted”. How can Trudy know her destiny?
• The algorithm must be strong.
• Question:
• Disregarding statistical analysis and brute force attack, which type of attack can the Caesar cipher resist?
• How about the monoalphabetically cipher?
Types of cryptographic algorithms

• Secret key algorithm

• Public key algorithm
• Hash algorithm
Secret key cryptography

• Encryption and decryption uses the same key

• Also known as the symmetric cryptography
Public key cryptography

• Two keys, one public, one private.

• Message encrypted by one must be decrypted by another.
• Also known as asymmetric cryptography.
Hash

• Also known as message digest, or one-way function.

• Takes message of arbitrary length and generate a fixed-length message.
• Properties:
• For a message m, it is easy to compute h(m).
• Given h(m), it is computationally impossible to find m.
• Even though there are infinite number of messages that will be calculated as the same
h(m), it is computationally infeasible to find two messages that hash to the same value.
Secret Key Cryptography
Generic block encryption

• fixed-size block, fixed-size key  block

• Break message into blocks

• How does block size matter, i.e., what may happen if block size is too
small?
• How would you attack an algorithm if the block size is only 4 bits?

• Block should be long enough to avoid known-plaintext attack.

• 256 bits or larger
Generic block encryption

• Output should look random

• Plaintext and ciphertext: no correlation
• Ideally, one bit flip in the plaintext should result in a random half bits
being flipped in the ciphertext.
• Why?
• Assume there is an algorithm, in which if you flip the 3rd bit of the plaintext,
all the bits in the ciphertext will flip. Can you find a way to take advantage of
this algorithm?
Generic block encryption

• Based on two simple transformations

• Substitution: replace one symbol with another symbol.

• Permutation: place a symbol into a different location in the same block.

• A block is broken into smaller chunks. Substitution is done in each chunk, and
permutation is done among all bits.
Generic block encryption

• Conduct multiple rounds

such that substitution and
permutation can spread,
instead of only affecting 8-
bits chunks.
Data Encryption Standard (DES)

• Published in 1977 by National Bureau of Standards (now NIST)

• Developed at IBM on their own Lucifer cipher and input from NSA.
• 56-bit key, with parity bits at the end of each 7-bit chunk
• 64-bit blocks
• Easy on hardware, slow in software
• Read the history of DES here:
https://en.wikipedia.org/wiki/Data_Encryption_Standard
DES overview

• Initial permutation
• 56-bit key generates 16 48-bit per-round
keys
• 16 rounds: 64-bit input + 48-bit key  64-bit
output
• Final permutation
• Decryption: run backwards  reverse key
order
Generating per-round keys

• Although DES has key length 64-bits, 8 bits among the 64 bits are
parity, i.e., only 56 bits are “free bits”.
• Bits 8, 16, …, 64 are parity bits, which are derived based on the other bits.
Security about DES

• The design seems simple, yet, it has been shown that, a trivial
change can decrease its security significantly.
• Reasons behind the design are unpublished.
• AES: similar but more complex.
Multiple encryption

• Increase key length, increase security

• Applicable to any encryption, important to DES
• Two keys, K1 and K2
• Decryption just reverse
Multiple encryption

• Why 3? Why not 2?

• Encrypting twice with two 56-bit keys
• What is the key space?
Meet-in-the-middle

• Assume an algorithm, whose key length is 3-bit

• To brute-force, we’d have to enumerate 8 different keys, that is, the key space
is 23
• Now assume an algorithm with key length of 3-bits, but we run the
algorithm over one message twice with 2 different keys, how many
variations we need to enumerate?
• Meet in the middle
Example

000 000

001 001

010 010

011 011

100 100

101 101

110 110

111 111
Multiple encryption

• C = Ek1{Ek2{m}}
• 2DES is only twice as secure as DES
• 2 * 256, not 22*56
• Suppose attacker knows (m1, c1), (m2, c2), …
• c1 = Ek1{Ek2{m}}  Dk1{c1} = Ek2{m1}, both K1 and K2 are 56-bit key.
• Prepare two tables,
• table 1 contains Dk{c1} with all key combinations
• table 2 contains Ek{m1} with all key combinations
• Find matching entries between the two table, the two keys used are potential candidates
• If find multiple matches, try them on (m2, c2)
Public key cryptography
Application of public key algorithm

• Two keys, one public, one private.

• Message encrypted with one key must be decrypted using the other.
Totient function

• Totient function : the number of numbers less than n and relatively

prime to n.
• Relatively prime: two numbers does not share common factor other than 1.
• E.g., 1, 3, 7, 9 are all relatively prime to 10.
• If n is prime?
• = n-1
• If n = pq, where p and q are distinct prime numbers, =(p-1)(q-1)
Modular exponentiation

• Property:
xy mod n = x(y mod (n)) mod n
• = 4, therefore, xy mod 10 = xy+4 mod 10 = xy+8 mod 10 = … .

• Special case: if y mod = 1, then

xy mod n = x mod n
RSA

• Most popular one.

• Variable key length (typically 1024 bits or longer)
• Block size is variable.
• Plaintext is always less than the key size. Input is padded.
• Based on math rather than substitution and permutation.
• It is much slower than secret key algorithms.
RSA

• Generate key pair:

• Pick two large prime number p and q.
• Calculate n = p * q.
• Calculate the totient function φ(n) = (p-1) * (q-1).
• Choose a number e, which is relatively prime to φ(n).
• <e, n> will be the public key.
• Find d such that e * d mod φ(n)= 1, or written as e*d = 1 mod φ(n).
• <d, n> will be the private key.
RSA

• Give public key <e, n> and private key <d, n>

• To encrypt and decrypt:

• Encrypt: c = me mod n
• Decrypt: m = cd mod n
• Or (usually know as digital signature):
• Encrypt: c = md mod n
• Decrypt: m = ce mod n
RSA

1. Choose p = 7 and q = 17.

2. Compute n = p * q = _______?
3. Compute φ(n) = (p-1) * (q-1) = _______?
4. Select e = 5, which is relatively prime to φ(n).
5. Compute d = __, such that e*d = 1 mod φ(n).
6. Public key: <___, ___>?
7. Private key: <___, ___>?
8. Encryption: 195 mod 119 = __.
9. Decryption: 6677 mod 119 = __.
RSA

• Exercise
• Choose p = 11 and q = 17. Generate your own private and public key pair, and
encrypt and decrypt the number 12345.
RSA

• Why does RSA work?

• n = pq, φ(n) = (p-1)(q-1)
• de = 1 (mod φ(n)),
• Therefore, xde mod n = x mod n
• Encrpyton: xd mod n
• Decryption: (xd mod n)e mod n = xde mod n = x mod n = x (x must be smaller
than n)
RSA

• Why RSA is secure?

• It is infeasible to factor the large number n to find out q and p.
RSA

• How to do large number exponentiation?

• 12354 mod 678 = (123 * 123...) mod 678
• (a * b * c) mod m = (((a * b) mod m) * c) mod m
• 1232 = 123 * 123 = 15129 = 213 (mod 678)
• 1233 = 123 * 213 = 26199 = 435 (mod 678)
• 1234 = 123 * 435 = 53505 = 621 (mod 678)
• ...
• 1238 = 621 * 621 = 385641 = 537 (mod 678)
Have a small e

• RSA is no less secure if e is always chosen to be the same (and small

number).
• Makes public key operations faster while leaving private key operations
unchanged.
Application of public key algorithm

• Two main applications using public key cryptography

• Establish secure communication without pre-shared secret (key distribution)
• Q: with secret key algorithm, can Alice and Bob establish secure communication? How?
• How can public key algorithm help?
• Any issues?
• Digital signature
• What are the properties of a signature in the real world?
• Authentication and non-repudiation.
• How to use public key algorithm to achieve the same goal?
Diffie-Hellman

• Predates RSA and is the oldest public key system still in use.
• Alice and Bob start out with nothing, and can establish a shared secret after a
few message exchange.
• Does neither encryption nor signature.
Diffie-Hellman

• Alice and Bob agreed on a

random color, e.g., yellow,
which is exchanged publicly.
• Alice and Bob each choose
a private color.
• After some color exchange,
they can establish a secret
color without revealing it to
the public.
Diffie-Hellman

• Alice (or Bob) choose p, a large prime, and g, which is smaller than p.
• Both p and g can be publicly exchanged.
• Alice and Bob each choose a 512-bit number and keeps it secret, i.e., SA and SB.
• Alice computes TA = gSA mod p and sends to Bob
• Bob computes TB = gSB mod p and sends to Alice
• Each rise to the exponent and each get gSASB mod p, which is the secret.
• Anything can go wrong?
Man-in-the-middle attack

• Man in the middle

Man-in-the-middle attack

• Defense
• For each person to have a permanent public and secret number instead of
inventing one for each exchange. Such number must be published
somewhere.
• Can do some authentication if they have pre-shared secret.
Hash algorithm
Hashes

• Hash == message digest

• Arbitrary-length message  fixed size output
• One way function.
Hashes

• Three security properties:

• Preimage resistance: it should be computationally infeasible to find a
message that has a given specific hash.
• Collision resistance: it should be computationally infeasible to find two
messages that have the same hash.
• Second preimage resistance: it should be computationally infeasible to find a
second message that has the same hash as a given message.
Hashes

• Chop message into 256-bit blocks, XOR with each block and call the
result the Hash. Will it work?
• Which properties it violates?
Hashes

• On average, how many tries one must do to find a preimage of a

given n-bit hash?
• 2n messages, in the ideal case
• 2n/2 messages, in practice (due to the Birthday attack)
The Birthday problem

• There are n person in a room. What is the smallest value of n such

that the probability that two persons have the same birthday is
higher than 50%?
• 160
• 80
• 40
• 20
The Birthday problem

• There are n person in a room. What is the smallest value of n such

that the probability that two persons have the same birthday is
higher than 50%?
• The probability two persons do NOT have the same birthday: 365/365 *
364/365
• The prob three persons do NOT have the same birthday: 365/365 * 364/365 *
363/365
• …
• The prob k person do NOT have the same birthday:
The Birthday problem
n p(n)
1 0.0%
5 2.7%
10 11.7%
20 41.1%
23 50.7%
30 70.6%
40 89.1%
50 97.0%
60 99.4%
70 99.9%
75 99.97%
100 99.99997%
99.999999999999999
200
9999999999998%
300 (100 − 6×10−80)%
350 (100 − 3×10−129)%
365 (100 − 1.45×10−155)%
≥ 366 100%
The Birthday problem

• In general, if there are n possibilities, it only takes trials to find a

collision.
Birthday attack

Ref: Cryptography and Network Security by William Stallings

The Birthday problem

• If the output of a Hash algorithm is n bits, it takes 2n/2 (it’s not 2n/2)
trials to find two messages that can generate the same Hash.
• If n = 64, then only 232 messages need to be tested.
Usage: Digital signature

• Instead of signing the message, sign the hash of the message instead.
• Indication: the hash of a message represents the message with high fidelity.
• E.g., authenticate a person with his/her single fingerprint.
Usage: Password hashing

• Password hashing
• Storing password vs. storing the hash of password vs. storing the salted
password of hash
Password hashing

• Password hashing
• /etc/shadow
• mw:
$6$SElYjFu6$JmIgChlPlOg110Rwu2NeGy3eVJO9YECOrBKw8qWFlHhNobjPmXL
0AuYGsQ6.In.WQvbrZ63SnRwWu747VzxJT1:18370:0:99999:7:::
Password hashing

mark:$6$.n.:17736:0:99999:7:::
[--] [----] [---] - [---] ----
| | | | | |||+-----------> 9. Unused
| | | | | ||+------------> 8. Expiration date
| | | | | |+-------------> 7. Inactivity period
| | | | | +--------------> 6. Warning period
| | | | +------------------> 5. Maximum password age
| | | +----------------------> 4. Minimum password age
| | +--------------------------> 3. Last password change
| +---------------------------------> 2. Encrypted Password
+----------------------------------------> 1. Username
Password hashing

1. Username. The string you type when you log into the system. The
user account that exist on the system.
2. Encrypted Password. The password is using the
$type$salt$hashed format. $type is the method cryptographic
hash algorithm and can have the following values:
$1$ – MD5
$2a$ – Blowfish
$2y$ – Eksblowfish
$5$ – SHA-256
$6$ – SHA-512
Password hashing

3. Last password change. This is the date when the password was last changed. The number of
days is counted since January 1, 1970 (epoch date).
4. Minimum password age. The number of days that must pass before the user password can be
changed. Typically it is set to zero, which means that there is no minimum password age.
5. Maximum password age. The number of days after the user password must be changed. By
default, this number is set to 99999.
6. Warning period. The number of days before the password expires during which the user is
warned that the password must be changed.
7. Inactivity period. The number of days after the user password expires before the user account
is disabled. Typically this field is empty.
8. Expiration date. The date when the account was disabled. It is represented as an epoch date.
9. Unused. This field is ignored. It is reserved for future use.
Modes of operation
Encrypting a large message

• How to encrypt a message that is larger than 64 bits using a secret

key algorithm with block size being 64 bits?
• Let’s look at a few approaches and see if they are secure enough
Electronic code book (ECB)

• Encrypt plaintext block by block, concatenate

each cipher block.
• Advantage: simple
• Weaknesses?

I O U $ 1 2 3 2 1

Receiver
Sender
Electronic code book (ECB)

• Weaknesses
• If a message contains two identical 64-bit blocks, the corresponding
ciphertext will also be identical, which may allow the attacker to infer some
information based on partially known plaintext.
• Switching the order of two blocks will not be detected by the receiver, unless
further integrity measure is used.
• Duplicating or deleting a block will not be detected by the receiver, unless
further integrity measure is used.
 Cipher Block Chaining (CBC)

• Use the previous ciphertext block as the random input for the next
block.
• Initial vector (IV): a random initial value that differs each time. Why do we need
it?
• Can the attacker still make changes to the plaintext?

I O U $ 1 2
 Cipher Block Chaining (CBC)

• Assume c4 = 0101
• Can attacker change m5, how?
• What is the consequence?

I O U $ 1 2
Generating MAC

• Message authentication code (MAC), also known as the message

integrity code (MIC)
• Sending message along with the last block of CBC, AKA CBC residue
• An example using secret key cryptography to provide integrity
Summary

• Secret key
• One key for both encryption/decryption.
• Public key
• Two keys.
• Digital signature.
• Hash
• One way function.
• Message “fingerprint”.