ITT320 INTRO TO

COMPUTER SECURITY

Chapter 5 : Encryption
Zulazeze Sahri, UiTM
 Objectives

• Explain the basics of encryption

• Discuss modern cryptography methods
• Select appropriate cryptography for your organization
• Understand the function and protocols of VPNs

2
 Introduction

• Encryption
▪ Scrambling information
▪ One critical part to the security puzzle
▪ Without it, all security measures are inadequate

• Cryptography
▪ An art form
▪ The information that is being hidden is called plaintext and the
information that has been encrypted is called ciphertext.
3
 An Overview of Cryptography

• Origin from the Greek word kruptos = hidden.

• Objective: to hide information so that only the
intended recipient can unhide it.
• Hiding information = encryption
• Unhidden information = decryption
• A cipher is used to accomplish encryption and
decryption.
• Merriam Webster’s Collegiate Dictionary:
– A cipher is a method of transforming a text in
order to conceal its meaning.
 Cryptography Basics

• Decryption
– Reversal of the scrambling protocol
• Encryption
– Algorithm scrambles plain
– Sender and receiver agree on
algorithm
– Message difficult to re-create
without protocol
5
 Cryptography Basics (cont.)

• Two basic types

• Single/symmetric key encryption
– Use a single key for both encryption and
decryption of ciphertext
– Single key = secret key because it must be kept
secret from anyone
– Stream
– Block : Substitution and transposition
• Public/asymmetric key encryption
– Two different keys are used: one for
encryption and one for decryption.
– Also called as public key and private key
– Public key encryption = Asymmetric
6
encryption
Cryptography Basics (cont.)

7
 History of Encryption

• Old as written communication and war

• Caesar Cipher : Julius Caesar has his own
cryptography called Caesar’s Cipher
– Rotated the letters of the alphabet to
the right by three
– Today’s standards, it is extremely
simplistic
– Substitution alphabet.
• Substitutes one letter in the
alphabet for another.
• Caesar is a mono-alphabetic cipher.
8
 History of Encryption (cont.)

• Multi-alphabetic
– Select multiple shifts
• Shift 1, 2, –1
• Rotate through the shifts
• A DOG becomes B FQI
– Old cipher considered weak today

9
 Binary Operations

• Binary Operations
– AND, OR, XOR

• Example of AND operation

1 1 0 1
1 0 0 1
1 0 0 1
10
 Binary Operations

• Example of OR operation

1 1 0 1
1 0 0 1
1 1 0 1

11
 Binary Operations

• Example of XOR operation

1 1 0 1
1 0 0 1
0 1 0 0

12
 Binary Operations

• XOR only reversible binary operation

– Convert plain text to ASCII

A DOG = 065 032 068 079 071

– Then, convert ASCII to binary

0100 0001, 0100 0100, 0100 1111, 0100 0111

13
 Binary Operations

• XOR the ASCII

0100 0001, 0100 0100, 0100 1111, 0100 0111

1111 0111, 1111 0111, 1111 0111, 1111 0111
1011 0110, 1011 0011, 1011 1000, 1011 0000

• Result is cipher text.

14
 Cryptography Terms

• Key: The bits that are combined with the plain text to encrypt
it. In some cases this is random numbers; in other cases it is the
result of some mathematical operation.
• Plain text: The unencrypted text.
• Cipher text: The encrypted text.
• Algorithm: A mathematical process for doing something.

15
 Modern Methods

• Single key (symmetric) encryption

– Same key to encrypt and decrypt
• Blowfish
– Symmetric block cipher
– Works on “blocks” of letters
– Uses variable length key (32 … 64 … 128 .. –448 bits)
– Freeware

16
 Modern Methods (cont.)

• Data Encryption Standard (DES)

1. Divided into 64-bit blocks; then transposed

2. Manipulated by 16 steps of encryption, using 56-
bit key
3. Scrambled by a swapping algorithm
4. Transposed one final time

17
 Modern Methods (cont.)

• Advanced Encryption Standard (AES)

⮚ Advanced Encryption Standard was the algorithm eventually chosen to

replace DES.
⮚ It is a block cipher that works on 128-bit blocks.
⮚ It can have one of three key sizes of 128, 192, or 256 bits.
⮚ This was selected by the United States government to be the
replacement for DES and is now the most widely used symmetric key
algorithm.
18
 Modern Methods (cont.)

• Public key (asymmetric) encryption

– Opposite of single key encryption.
– One key (public key) used to encrypt .
– One key (private key) used to decrypt.
– Only holder of a private key can decrypt messages.

19
 Modern Methods (cont.)

• Public key (asymmetric) encryption

– Depends on large prime numbers, factoring, and
number theory.
– Public key encryption is most widely used.
– Pretty Good Privacy (PGP):
• Freeware
• Quite secure

20
 Modern Methods (cont.)

• Public key (asymmetric) encryption

– Pretty Good Privacy (PGP)
• Often used for signing, encrypting and decrypting texts, e-mails, files,
directories and whole disk partitions to increase the security of e-mail
communications
• Public key encryption, Considered quite secure, free
• Similar product : OpenPGP
• Freeware
• Phil Zimmerman – 2004
• Quite secure
21
Modern Methods (cont.)

The MIT Distribution Center for PGP

home page (
http://web.mit.edu/network/pgp.html)

22
 Modern Methods (cont.)

• Public key (asymmetric) encryption

– RSA
• You start by generating two large random primes, p and q, of approximately
equal size. Now you need to pick two numbers so that when multiplied
together the product will be the size you want (that is, 128 bits, 256 bits, and
so on).
• Now multiply p and q to get n.
• Let n = pq
• Let m = (p - 1)(q – 1)

23
 Modern Methods (cont.)

• Public key (asymmetric) encryption

– RSA
• Now select another number; call this number e. Pick e so that it is
co-prime to m.
• Choose a small number e, co-prime to m.
• Youare almost done generating a key. Now you just find a number
d that when multiplied by e and modulo m would yield a 1. (Note:
Modulo means to divide two numbers and return the remainder.
For example 8 modulo 3 would be 2.).
• Find d, such that de % m = 1.
• Now publish e and n as the public key. Keep d and n as the secret
key. To encrypt, simply take your message raised to the e power
and modulo n. 24
Modern Methods (cont.)

The RSA Security home page

(http://www.rsasecurity.com)

25
Cryptography Basics (cont.)

26
 Modern Methods (cont.)

• Legitimate versus fraudulent encryption

Warning signs of frauds

• Unbreakable
• Certified
• Inexperienced people

27
 Digital Signatures

• A digital signature is not used to ensure the

confidentiality of a message, but rather to guarantee
who sent the message. This is referred to as
nonrepudiation. Essentially, it proves who the sender is.
• Digital signatures are actually rather simple, but clever.
They simply reverse the asymmetric encryption process.
• Recall that in asymmetric encryption the public key
(which anyone can have access to) is used to encrypt a
message to the recipient, and the private key (which is
kept secure and private) can decrypt it.
• With a digital signature, the sender encrypts something
with his private key. If the recipient can decrypt that
with the sender's public key, then it must have been
sent by the person purported to have sent the message. 28
 Hash

• Hashing is a type of cryptographic algorithm that has some specific

characteristics. First and foremost it is one way. That means you cannot
"unhash" something. The second characteristic is that you get a fixed-
length output no matter what input is given. Finally, it should have few
or no collisions. A collision is when two different inputs provide the
same output.

29
 Hash – cont.

• MD5 - The MD5 message-digest algorithm is a widely

used hash function producing a 128-bit hash value. Suffer
from Vulnerabilities.
• SHA1 - SHA-1 (Secure Hash Algorithm 1) is a
cryptographic hash function which takes an input and
produces a 160-bit (20-byte) hash value
• SHA2 - Often called the SHA-2 family of hashes because it
contains many different-size hashes, including 224-, 256-,
384-, and 512-bit digests.
• SHA3 – (Secure Hash Algorithm 3) is the latest member
of the Secure Hash Algorithm family of standards,
released by NIST on August 5, 2015.
30
3
1
VERY Simple Illustration of
Rainbow Tables
Password MD5 Hash (in Hex) Password MD5 Hash (in Hex)

aaaa 74b87337454200d4d33f80c4 aaaaa 594f803b380a41396ed63dca

663dc5e5 39503542

aaab 4c189b020ceb022e0ecc4248 aaabb 120858a7016efcfab66967b8

2802e2b8 34e9153c

aaac 3963a2ba65ac8eb1c6e21404 aaacc ee43671d755ac457cfe6e32d

60031925 1894788e

aaa1 39dc4f1ee693e5adabddd872 aaa1a 5bbac29650eb36b4de16885

247e451f c190a9fa3

aaa2 0ad346c93c16e85e2cb117ff1 aaa2a 597f0ce6d11567cc691b3f5df

fcfada3 35594cb

aaa4 ee93fca7c150d9c548aff721c aaa4a 4305dc076b3ba2bf8d55524c

87d0986 ddf5a72d
 3
2

Hash - Salt

Random bits added to further secure encryption or hashing. Most often encountered with
hashing, to prevent Rainbow Table attacks.

Essentially the salt is intermixed with the message that is to be hashed. Consider this example.
You have a password that is pass001

⮚ In binary that is 01110000 01100001 01110011 01110011 00110000 00110000 00110001

⮚ A salt algorithm would insert bits periodically, lets assume for our example that we insert
bits every 4th bit giving us 0111100001 0110100011 0111100111 0111100111 0011100001
0011100001 0011100011
⮚ If you convert that to text you would get xZ7��#
 Historical Steganography

• The ancient Chinese wrapped notes in wax and swallowed them for
transport.
• In ancient Greece a messenger’s head might be shaved, a message
written on his head, then his hair was allowed to grow back.
• In 1518 Johannes Trithmeus wrote a book on cryptography and
described a technique where a message was hidden by having each
letter taken as a word from a specific column.
 Historical Steganography –
Continued

• During WW II the French Resistance sent messages written on the backs

of couriers using invisible ink
• Microdots are images/undeveloped film the size of a typewriter period,
embedded on an innocuous documents. These were said to be used by
spy's during the Cold War.
 Steganography Terms

• Payload is the data to be covertly

communicated.
• The carrier is the signal, stream, or
data file into which the payload is
hidden. This is also sometimes called
the cover object.
• The channel is the type of medium
used.
 3
6

Cryptanalysis

Cryptanalysis is the study of ciphertext, ciphers

and cryptosystems with the aim of understanding
how they work and finding and improving
techniques for defeating or weakening them.

•Ciphertext Only Attack

•Known plain text
•Chosen plain text
•Related Key
 Summary

• Encryption is a basic element of security.

• Encrypting data when transmitting is an integral part of any security
plan.

37