Information Security

Arfan Shahzad
{ [email protected] }
Course Outline
 Encryption

• Encryption is a fundamental technique used in information security

to protect the confidentiality and integrity of data.

• It involves the process of converting plain text or data into an

encoded form called ciphertext, which can only be accessed and
understood by authorized parties with the corresponding decryption
key.
 Encryption cont…
Key Terms
• Cryptography comes from the Greek words kryptos, meaning “hidden,”
and graphein, meaning “to write,” and involves making and using codes to
secure messages.

• Cryptanalysis involves cracking or breaking encrypted messages back into

their unencrypted origins.

• Cryptography uses mathematical algorithms that are usually known to all.

 Encryption cont…
Key Terms
• After all, cryptography is not the knowledge of the algorithm that

protects the encrypted message, it’s the knowledge of the key, a

series of characters or bits injected into the algorithm along with the

original message to create the encrypted message.

 Encryption cont…
Key Terms
• Cipher: When used as a verb, the transformation of the individual
components (characters, bytes, or bits) of an unencrypted message
into encrypted components or vice versa;

• Cipher: When used as a noun, the process of encryption or the

algorithm used in encryption, and a term synonymous with
cryptosystem.
 Encryption cont…
Key Terms
• Encryption (Encipher): The process of converting an original

message (plaintext) into a form that cannot be used by unauthorized

individuals (ciphertext). Also referred to as enciphering.

• Encryption renders the data contents to unreadable and inaccessible

form, unless one have the decryption key.

 Encryption cont…
Key Terms
• Decryption (Decipher): The process of converting an encoded or
enciphered message (ciphertext) back to its original readable form
(plaintext). Also referred to as deciphering.

• Decryption requires two elements: the correct password and the

corresponding decryption algorithm.
 Encryption cont…
Key Terms
• Plaintext or cleartext: is an unencrypted, readable, plain message
that anyone can read.

• Ciphertext: is the result of the encryption process.

• The encrypted plaintext appears as apparently random strings of

characters.
 Encryption cont…
Key Terms
• Algorithm: The mathematical formula or method used to convert an
unencrypted message into an encrypted message.

• This sometimes refers to the programs that enable the cryptographic

processes.

• Code: The process of converting components (words/ phrases) of an

unencrypted message into encrypted components.
 Encryption cont…
Key Terms
• Bit stream cipher: An encryption method that involves converting
plaintext to ciphertext one bit at a time.

• Block cipher: An encryption method that involves dividing the

plaintext into blocks or sets of bits and then converting the plaintext
to ciphertext one block at a time.
 Encryption cont…
Key Terms
• Key or cryptovariable: The information used in conjunction with the
algorithm to create the ciphertext from the plaintext; it can be a
series of bits used in a mathematical algorithm or the knowledge of
how to manipulate the plaintext.

• Key tells the algorithm how to transform the plaintext into ciphertext.
 Encryption cont…
Key Terms
• Kerckhoffs's principle states that “only secrecy of the key provides
security”.

• Another law states that: “encrypted data is only as secure as its

decryption key”.

• These statements influence the role of encryption, and keys.

 Encryption cont…
Key Terms
• Keeping the details of an entire encryption algorithm secret is
extremely difficult; keeping a much smaller key secret is easier.

• The key locks and unlocks the algorithm, allowing the encryption or
decryption process to function.

• Keyspace: The entire range of values that can be used to construct

an individual key.
 Encryption cont…
Key Terms
• Link encryption: A series of encryptions and decryptions between a
number of systems, wherein each system in a network decrypts the
message sent to it and then reencrypts the message using different
keys and sends it to the next neighbor.

• This process continues until the message reaches the final

destination.
 Encryption cont…
Key Terms
• Steganography: The process of hiding messages; for example, hiding
a message within the digital encoding of a picture or graphic so that
it is almost impossible to detect that the hidden message even exists.

• Work factor: The amount of effort (usually expressed in units of time)

required to perform cryptanalysis on an encoded message.
 Encryption cont…
Key Terms
• Hash: When a website encrypts your password, it uses an encryption
algorithm to convert your plaintext password to a hash.

• A hash is different from encryption in that once the data is hashed, it

cannot be unhashed. Or rather, it is extremely difficult.

• Hashing is really useful when you need to verify something's

authenticity, but not have it read back.
 Encryption cont…
Key Terms
• Symmetric and Asymmetric Algorithms: two primary encryption

algorithm types: symmetric and asymmetric.

• They both encrypt data, but function in a slightly different manner.

 Encryption cont…
Key Terms
• Symmetric algorithm: Also known as secret-key encryption, private

Key encryption or shared-key encryption.

• Uses the same key for both encryption and decryption.

• Both parties must agree on the algorithm key before commencing

communication.
 Encryption cont…
Key Terms
• Symmetric Encryption Algorithms types: 8. RC6

1. Advanced Encryption Standard (AES) 9. Serpent

2. Data Encryption Standard (DES) 10. Camellia

3. Triple Data Encryption Standard (3DES) 11. CAST-128

4. Blowfish 12. CAST-256

5. Twofish 13. IDEA

6. RC4 14. SEED

7. RC5 15. Skipjack

 Encryption cont…
Key Terms
• Advanced Encryption Standard (AES): A widely used symmetric

encryption algorithm known for its security and efficiency.

• It supports key sizes of 128, 192, or 256 bits.

 Encryption cont…
Key Terms
• Data Encryption Standard (DES): An older symmetric encryption

algorithm that uses a 56-bit key.

• While DES is considered less secure by today's standards, it still finds

some limited use.

 Encryption cont…
Key Terms
• Triple Data Encryption Standard (3DES): It applies the DES algorithm

three times to each data block, providing a higher level of security

than DES.

• 3DES supports key sizes of 112 or 168 bits.

Encryption cont…
Key Terms
 Encryption cont…
Key Terms

Average Time Required for Exhaustive Key Search

 Encryption cont…
Key Terms
• Asymmetric algorithm: Also known as public-key encryption.

• Uses two different keys: a public key and a private key.

• This enables secure encryption while communicating without

previously establishing a mutual algorithm.

• This is also known as public key cryptology.

 Encryption cont…
Key Terms
• Asymmetric Encryption Algorithms: 10. Merkle-Damgård-based Signature Scheme
(MSS)
1. Rivest-Shamir-Adleman (RSA)
11. RSA-KEM
2. Elliptic Curve Cryptography (ECC)
12. Identity-Based Encryption (IBE)
3. Diffie-Hellman (DH) 13. Attribute-Based Encryption (ABE)
4. Digital Signature Algorithm (DSA) 14. Homomorphic Encryption
5. ElGamal a. Partially Homomorphic Encryption
b. Fully Homomorphic Encryption
6. Paillier
15. Post-Quantum Cryptography (PQC) algorithms
7. McEliece (designed to resist attacks by quantum
computers)
8. NTRU a. Code-based Cryptography
9. Lattice-based encryption algorithms b. Lattice-based Cryptography
a. Learning With Errors (LWE) c. Multivariate Cryptography
b. Ring Learning With Errors (RLWE) d. Supersingular Isogeny Diffie-Hellman (SIDH)
c. NTRU Prime e. Hash-based Cryptography
f. Quantum Key Distribution (QKD)
d. NewHope
 Encryption cont…
Key Terms
• Rivest-Shamir-Adleman (RSA): One of the most widely used

asymmetric encryption algorithms.

• It uses the concept of public and private key pairs, with encryption

performed using the public key and decryption using the

corresponding private key.

 Encryption cont…
Key Terms
• Elliptic Curve Cryptography (ECC): An asymmetric encryption

algorithm that is gaining popularity due to its strong security with

shorter key lengths compared to RSA.

• ECC uses the mathematical properties of elliptic curves for encryption

and decryption.
 Encryption cont…
Key Terms
• Diffie-Hellman (DH): Although not strictly an encryption algorithm,

Diffie-Hellman is a key exchange protocol used in asymmetric

encryption systems.

• It allows two parties to securely establish a shared secret key over an

insecure channel.
 Encryption cont…
Key Terms
• Public and Private Keys: Now we understand more about the function of

keys in the encryption process, we can look at public and private keys.

• An asymmetric algorithm uses two keys: a public key and a private key.

• The public key can be sent to other people, while the private key is only

known by the owner. What's the purpose of this?

 Encryption cont…
Key Terms
• Well, anyone with the intended recipient's public key can encrypt a

private message for them, while the recipient can only read the

contents of that message provided they have access to the paired

private key.
Encryption cont…
Key Terms
 Encryption cont…
Key Terms
• Public and private keys also play an essential role in digital
signatures, whereby a sender can sign their message with their
private encryption key.

• Those with the public key can then verify the message, safe in the
knowledge that the original message came from the sender's private
key.
 Encryption cont…
Key Terms
• Public and private keys also play an essential role in digital signatures, whereby a
sender can sign their message with their private encryption key.

• Those with the public key can then verify the message, safe in the knowledge that
the original message came from the sender's private key.

• A key pair is the mathematically linked public and private key generated by an
encryption algorithm.
 Encryption cont…
Key Terms
• HTTPS: Hyper Text Transfer Protocol Secure (HTTPS) is a now widely

implemented security upgrade for the HTTP application protocol that

is a foundation of the internet as we know it.

• When using a HTTPS connection, your data is encrypted using

Transport Layer Security (TLS), protecting your data while in transit.

 Encryption cont…
Key Terms
• HTTPS generates long-term private and public keys that in turn are

used to create a short-term session key.

• The session key is a single-use symmetric key that the connection

destroys once you leave the HTTPS site (closing the connection and

ending its encryption).

 Encryption cont…
Key Terms
• However, when you revisit the site, you will receive another single-use

session key to secure your communication.

• A site must completely follow to HTTPS to offer users complete security.

• Since 2018 the majority of sites online began offering HTTPS connections

over standard HTTP.

 Encryption cont…
Key Terms
• End-to-End Encryption: One of the biggest encryption buzzwords is

that of end-to-end encryption.

• Social messaging platform service WhatsApp began offering its users

end-to-end encryption (E2EE) in 2016, making sure their messages

are private at all times.

 Encryption cont…
Key Terms
• In the context of a messaging service, EE2E means that once you hit
the send button, the encryption remains in place until the recipient
receives the messages.

• Well, this means that the private key used for encoding and decoding
your messages never leaves your device, in turn ensuring that no one
but you can send messages using your name (digital signature).