Cryptography

Objectives of Information Security 1. Confidentiality (secrecy)

Only the sender and intended receiver should be able to understand the contents of the transmitted message.

2. Authentication Both the sender and receiver need to confirm the identity of other party

involved in the communication. 3. Data integrity

The content of their communication is not altered, either maliciously or by accident, in transmission.

4. Availability

Timely accessibility of data to authorized entities.5. Non-repudiation

An entity is prevented from denying its previous commitments or actions.

6. Access control

An entity cannot access any entity that it is not authorized to.

7.Anonymity

The identity of an entity if protected from others.

• Cryptography is the science of secret, or hidden writing.

• The algorithm used for encryption and decryption is called a cipher (or cypher).

• It has two main Components:1. Encryption

– Practice of hiding messages so that they can not be read by anyone other than the intended recipient

2. Authentication & Integrity– Ensuring that users of data/resources are the

persons they claim to be and that a message has not been surreptitiously altered

Cryptography

• Encryption:– is a process by which a message (called plaintext) is

transformed into another message (called ciphertext) using a mathematical function and a special encryption password (called a key).

• Decryption :– is the reverse process: transforming a ciphertext message

back into its original plaintext form using a mathematical function and a key.

The mathematical functions and keys used for encryption and decryption may be the same, or may be different.

• Cipher is a method for encrypting messages

• Encryption algorithms are standardized & published• The key which is an input to the algorithm is secret

– Key is a string of numbers or characters – If same key is used for encryption & decryption the

algorithm is called symmetric– If different keys are used for encryption & decryption the

algorithm is called asymmetric

Encryption Cipher

Plain Text Encryption

Algorithm

Key A Key B

Cipher Text Plain TextDecryption

Algorithm

Types :

• Symmetric Encryption (Private Key)• Asymmetric Encryption (Public Key)

• Private key: This key must be know only by its owner.• Public key: This key is known to everyone (it is public)• Relation between both keys: What one key encrypts,

the other one decrypts, and vice versa. That means that if you encrypt something with my public key ,I would need my private key to decrypt the message.

Encryption Symmetric Algorithms

• Algorithms in which the key for encryption and decryption are the same are Symmetric.

Example: Caesar Cipher• Caesar Cipher is a method in which each letter in the alphabet is

rotated by three letters as shown

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Example: Caesar Cipher

EncryptionPlain Text

Message:

Attack at Dawn

Cipher Text

Message:

Dwwdfn Dw Gdyq

Cipher:

Caesar Cipher

Algorithm

Key (3)Decrypti

on Plain Text

Message:

Attack at Dawn

Cipher Text

Message:

Dwwdfn Dw Gdyq

Cipher:

Caesar Cipher

Algorithm

Key (3)

• Secret Key Cryptography (symmetric)

Scrambled Message

Original Message

Sender

InternetScrambled Message

Keysender (= Keyreceiver)

Encryption

Original Message

Receiver

Keyreceiver

Decryption

Based on a single secret key also known as symmetric encryption or private key encryption. The same key is used by the sender ( for encryption) & receiver (for decryption)

Works on DFS (Data Encryption Standard) algorithm.

Disadvantage of Symmetric Cryptography:

• It presumes two parties have agreed on a key and been able to exchange that key in a secure manner prior to communication. This is a significant challenge.

• Symmetric algorithms are usually mixed with public key algorithms to obtain a blend of security and speed.

• Uses a pair of keys for encryption– Public key for encryption– Private key for decryption

• Messages encoded using public key can only be decoded by the private key– Secret transmission of key for decryption is not required– Every entity can generate a key pair and release its public key

Asymmetric Encryption Basics

Plain TextCipher

Public Key Private Key

Cipher Text Plain TextCipher

• Two most popular algorithms are RSA & El Gamal– RSA

• Developed by Ron Rivest, Adi Shamir, Len Adelman• Both public and private key are interchangable• Variable Key Size (512, 1024, or 2048 buts)• Most popular public key algorithm

– El Gamal• Developed by Taher ElGamal• Variable key size (512 or 1024 bits)• Less common than RSA, used in protocols like PGP

Asymmetric Encryption Types

Public Key Cryptography ( Public & Private Keys)

Sender

Original Message

Scrambled Message

Scrambled Message

Public Keyreceiver

Original Message

Receiver

Private Keyreceiver

InternetMessage

Sender

Original Message

Scrambled Message

Scrambled Message

Private Keysender

Original Message

Receiver

Public Keysender

InternetDigital

Signature

Public Key is known to all authorized users, but the private key is known to one person its owner. Uses RSA ( Rivest, Shamir & Adelman algorithm)

Public Key Encryption

• Advantages :

1. there is no need to agree on a common key

for both the sender and the receiver.

2. public-key systems can guarantee integrity

and authentication, not only privacy.

• Disadvantage:

1. not as fast as symmetric algorithms.