1. Computer Security & Network
Dr. Saif Kassim Alfraije Page 1
Introduction
Organizations with a need for intense information security, such as
government agencies, law enforcement, financial institutions, businesses, and
health care facilities, can leverage strong, modern cryptosystems to help ensure
that their data is not accessible to outsiders. All cryptosystems use either
asymmetric or symmetric encryption. Symmetric key systems typically operate
more quickly than asymmetric systems, but they require a highly secure means of
exchanging keys between users.
Suppose that someone wants to send a message to a receiver, and wants to
be sure that no-one else can read the message. However, there is the possibility that
someone else opens the letter or hears the electronic communication. the message
is called plaintext . Encoding the contents of the message in such a way that hides
its contents from outsiders is called encryption. The encrypted message is called
the ciphertext The word cipher has its origin in an Arabic word sifr , meaning
empty or zero.. The process of retrieving the plaintext from the ciphertext is called
decryption.
Cryptographic
Cryptographic terminology is the science/practice of “writing in secret”
(“crypto” == “secret,” “graphy” == “writing”). Cryptographic functions are
generally defined as algorithms or protocols, rules that govern how data is
processed to turn plaintext (unencrypted data) into ciphertext(encrypteddata).
2. Computer Security & Network
Dr. Saif Kassim Alfraije Page 2
A cryptographic system consists of essential components:
• Plaintext – the original message to be sent
• Cryptographic system (cryptosystem) or a cipher – consisting of
mathematical encryption and decryption algorithms for transforming
plaintext to ciphertext.
• Ciphertext – the result of applying an encryption algorithm to the original
message before it is sent to the recipient
• Key – a string of bits(sequence of symbols or a numerical) used by the two
mathematical algorithms in encrypting and decrypting processes
• Encipher (encrypt) : converting plaintext to ciphertext.
• Decipher (decrypt) : recovering ciphertext from plaintext.
• Cryptanalysis (code breaking) : the study of principles/ methods of
deciphering ciphertext without knowing key.
• Cryptology : the field of both cryptography and cryptanalysis
In this paper we shall focus on cipher structure as shown in figure 1.
Figure 1: Schematic representation of cryptographic cipher
3. Computer Security & Network
Dr. Saif Kassim Alfraije Page 3
Techniques of Cryptography
• Substitution Technique
o Caesar Cipher
o Monoalphabetic Cipher
o Homophonic Cipher
o Polygram substitution cipher
o Polyalphabetic Cipher
o Vigenère
• Transposition Technique
o Rail Fence Technique.
o Vernam Cipher(One -time Pads)
o Running Key Cipher.
o Playfair Cipher.
o Hill Cipher.
Encryption
Data, often referred to as plaintext, is encrypted using an encryption algorithm
and an encryption key. This process generates ciphertext that can only be viewed
in its original form if decrypted with the correct key. The primary purpose of
encryption is to protect the confidentiality (privacy) of digital data stored on
computer systems or transmitted via the Internet or other computer networks.
4. Computer Security & Network
Dr. Saif Kassim Alfraije Page 4
Why use encryption?
Decryption
Is simply the inverse of encryption, following the same steps but reversing the
order in which the keys are applied.
Model of Conventional Cryptosystems
An Entity A want to send some data to another one B. Before sending the data,
he will transform that data using a key in something apparently with no sense
(Encryption). Then the B entity will recover the initial data using also a key
(Decryption).
NOTE:
Cryptography does not hide the existence of messages.
Steganography hides even the existence of a message.
5. Computer Security & Network
Dr. Saif Kassim Alfraije Page 5
Referring to Fig above, with the message P and the encryption key K as input, the
encryption algorithm forms the ciphertext.
C = enck(P) ;
The intended receiver, in possession of the key is able to invert the transformation
P = deck(C);
C = Cipher Text (Encrypted text)
P = Plain text (Initial Text)
The security of conventional encryption depends on several factors:
• The Encryption Algorithm- It must be powerful enough that it is impractical
to decrypt a message on the basis of the ciphertext alone.
• Secrecy of the key- It was shown that the security of conventional
encryption depends on the secrecy of the key, not the secrecy of the
algorithm.
Figure 2: The figure representation of model conventional cryptosystem
6. Computer Security & Network
Dr. Saif Kassim Alfraije Page 6
Cryptographic Algorithms
Cryptographic algorithms are sequences of processes, or rules, used to
encipher and decipher messages in a cryptographic system. In simple terms,
they're processes that protect data by making sure that unwanted people can't
access it. All modern algorithms use a key to control encryption and
decryption; a message can be decrypted only if the key matches the encryption
key. The key used for decryption can be different from the encryption key, but
for most algorithms they are the same.
We have two main class of cryptographic algorithm: block and stream
Block algorithms
Block algorithm are methods which partition the text into relatively large
(e.g. 128 bits) blocks and encode each block separately. The encoding of
each block generally depends on at most one of the previous blocks. the
same “key” is used at each block.
Stream algorithms
Stream algorithm are algorithm which partition the text into small (e.g. 1 bit)
blocks and let the encoding of each block depend on many previous blocks.
A stream cipher is synchronous if its key sequence does not depend on the
plain- and ciphertexts but only on the previous elements of the key sequence
and the initial key.
for each block, a different “key” is generated.
Note
Today's encryption algorithms are divided into two categories: symmetric
and asymmetric.
7. Computer Security & Network
Dr. Saif Kassim Alfraije Page 7
Cryptography type
An encryption system in which the sender and receiver of a message share a
single, common key that is used to encrypt and decrypt the message.
In other terms, Data is encrypted and decrypted using the same key.
Symmetric-key cryptography is sometimes called secret-key cryptography.
Now we explain all main steps to Encryption plain text by using Symmetric-
key cryptography
Figure 3: Schematic representation Symmetric Encryption
8. Computer Security & Network
Dr. Saif Kassim Alfraije Page 8
Merits:
SIMPLER
FASTER
De-Merits:
Two parties must somehow exchange the key in a secure way.
Public key is distributed in a non-secure way b/n Client/Server.
Easy for hackers to get the key as it is shared in unsecure way
Figure 4: Schematic representation main steps to work Symmetric
9. Computer Security & Network
Dr. Saif Kassim Alfraije Page 9
Asymmetric encryption use two keys:
Public Key - to encrypt the data
Private Key - to decrypt the data
These keys are generated together.
The Public key(s) is distributed freely between the sender and receiver.
The other is named as Private Key and it is kept hidden.
The Private Key is only used for Decryption and will not be shared between
the sender and receiver.
Figure 5: Schematic representation main steps to work Asymmetric
10. Computer Security & Network
Dr. Saif Kassim Alfraije Page 10
Merits:
Two parties don't need to have their private keys already shared in order to
communicate using encryption.
Authentication and Non-Repudiation are possible. (Authentication means
that you can encrypt the message with my public key and only I can decrypt
it with my private key. Non-repudiation means that you can "sign" the
message with your private key and I can verify that it came from you with
your public key.)
De-Merits:
Asymmetric Encryption algorithms are comparatively complex.
Time consuming process for Encryption and Decryption.
Which one is better?
Although, symmetric encryption is fast, it is not as safe as asymmetric
encryption because someone could “steal” the key and decode the messages.
But because of its speed, it's commonly used for e-commerce transactions.
Asymmetric encryption is more complex--and more secure. Asymmetric
encryption's added safety comes at a price: More computation is required, so
the process takes longer.
11. Computer Security & Network
Dr. Saif Kassim Alfraije Page 11
Cryptanalysis
Cryptanalysis is the art of deciphering encrypted communications without
knowing the proper keys. Cryptanalysis is finding a weakness in the cipher that can
be exploited with a complexity less than brute force.. Some of the more important
ones for a system implementer are described below.
• Ciphertext-only attack ( Only know algorithm / ciphertext, statistical, can
identify plaintext): This is the situation where the attacker does not know
anything about the contents of the message, and must work from ciphertext
only. In practice it is quite often possible to make guesses about the
plaintext, as many types of messages have fixed format headers. Even
ordinary letters and documents begin in a very predictable way. It may also
be possible to guess that some ciphertext block contains a common word.
Known-plaintext attack (know/suspect plaintext & ciphertext to attack
cipher): The attacker knows or can guess the plaintext for some parts of the
ciphertext. The task is to decrypt the rest of the ciphertext blocks using this
information. This may be done by determining the key used to encrypt the
data, or via some shortcut.
Figure 6: Representation of Ciphertext-only attack
12. Computer Security & Network
Dr. Saif Kassim Alfraije Page 12
Chosen-plaintext attack (selects plaintext and obtain ciphertext to attack
cipher): The attacker is able to have any text he likes encrypted with the
unknown key. The task is to determine the key used for encryption. Some
encryption methods, particularly RSA, are extremely vulnerable to chosen-
plaintext attacks. When such algorithms are used, extreme care must be
taken to design the entire system so that an attacker can never have chosen
plaintext encrypted.
Figure 7: Representation of Known-plaintext attack
Figure 8: Representation of Chosen-plaintext attack
13. Computer Security & Network
Dr. Saif Kassim Alfraije Page 13
Chosen Ciphertext Attacks (select ciphertext and obtain plaintext to
attack cipher): Attacker obtains the decryption of any ciphertext of its
choice (under the key being attacked)
Summary
For individuals and organizations that require privacy and secrecy, a
strong cryptosystem is an essential component of the overall security
framework. Government, law enforcement, financial, and health care
organizations possess data that must remain secure to avoid damaging
consequences. Cryptosystems provide the power to secure communications
and safeguard data. Symmetric systems typically provide the best
performance, but they require a secure method of exchanging keys between
users. Asymmetric systems do not need users to exchange keys, but their
performance may be many times less than secret key systems. Modern
cryptography is heavily based on mathematical theory and computer
science practice; cryptographic algorithms are designed
around computational hardness assumptions.
Figure 9: Representation of Chosen Ciphertext -plaintext