Information SecurityIBK3IBV01 College 4

Paul J. Cornelisse

Cryptology

Through the centuries, the need for information protection persistsCombat has evolved from hand-to-hand to modern warfare, or cyber warfareProtecting sensitive data is critical to preserving trade secrets, government communications, or military strategies

Cryptology

Protection is achieved in part through the use of cryptology—more specifically, encryptionvital for everyday use in today’s cyber society;

online shopping and bankingATM usagedigital media

require encryption protection to avoid abuse

Cryptology

Unfortunately, many of today’s systems lack appropriate protectionPasswords and authentication requirements are not protected themselvesEither through encryption or encrypted databasesThis leaves sensitive information vulnerable to unauthorized, prying eyes

Cryptology

Cryptology is not a new conceptIt is “the science of keeping secrets secret” (Delfs and Knebl 2007)It is the study of encrypting algorithms and the art of creating and solving such algorithms, and is composed of bothCryptographyCryptanalysis

Cryptology

Cryptography is the art or science of cipher systems used for protection informationThe term originates from the GreekKryptos, meaning “hidden” Graphia, meaning “writing”

Cryptology

CryptographyProtect sensitive informationPrevent corruptionKeep secret from unauthorized access/useTries to compromise between expense and time consumption

Cryptology

Cryptography has four basic purposes:ConfidentialityAuthenticationIntegrityNonrepudiation

Cryptology

Confidentiality:keeps information secret from unauthorized use

Cryptology

Authentication:Corroboration of an entity’s identity, achieved through initial identification between communicators.

“prove that you are who you claim to be”

Cryptology

Integrity:assures that the message was not illegitimately altered during transmission or during storage and retrieval

Cryptology

Nonrepudiation:guarantees that the sender will not deny previous commitments or actions unless they admit the cryptographic signing key has been compromised

Cryptology

Cryptanalysis:the practice of breaking ciphers,or decrypting messages without the key,to discover the original message

Cryptology

Someone wishes to send a message, which begins as plaintextPlaintext is the original, humanly readable form of a message, which is then encryptedThis could be text, numerical data, a program, or any other message form (Delfs and Knebl 2007)

Cryptology

When plaintext is encrypted, or enciphered, the original message is obscured using an algorithm or pattern only known to the sender and authorized recipient(s).

Cryptology

Encryption must be reversibleThe algorithm is known as the cipher

Cryptology

Once encrypted, the message is referred to as ciphertext, and is only readable when the cipherkey is used in conjunction with the decrypting algorithm

Cryptology

Protecting the key, and to whom it is known, is crucial for ensuring the

AuthenticityIntegrityConfidentiality

of the transmitted message

Cryptology

The work factor, often forgotten, does not describe whether the algorithm can be broken, but how long it takes until it is broken

Cryptology

Two ancient ciphers are the Spartan scytale and the Caesar cipherIn the Spartan scytale, a segment of parchment is wrapped around a cylinder of certain radius and the message is written lengthwise. The recipient must have a cylinder of equal radius to decryptThe Caesar cipher is a “classical” cipher, using a simple shift of the plaintext alphabet.

Cryptology

Cryptology

In the early twentieth century, cryptography broadened its horizons

Cryptology

One of the first among the more complicated cryptosystems used an electronic machine The Enigma rotor machineEnigma, used by the Germans in World War II, applied a substitution cipher multiple times per message.

Cryptology

Cryptology

As more users access the Internet, the need for digital information security increasesThis has led to the “standardization” of cryptography in a scientific senseCurrently, many systems are secure, but rely on plausible assumptions that may one day be “discovered”

Cryptology

So basically the standardization and mathematical focus of modern cryptosystems share the same issue suffered by earlier ciphers

Cryptology

When explaining applied cryptography, universally, plaintext is written in lowercaseCiphertext is written in all capitalsKeys or keywords are also always written in capitals

Cryptology

When referring to those who use cryptosystems, certain names typically are used as the placeholdersRather than referring to the sender as “Party A” and the recipient as “Party B,” Party A would be Alice and Party B would be Bob.

Cryptology

Alice and Bob are always trying to communicate. Each associate communicating continues alphabetically, for example, Charlie and David want to speak with Alice and Bob. Eve is an eavesdropper, who does not have authorized access to the message. Eve is a passive listener; she does not modify the messageMallory is a malicious attacker and modifies, sends her own, or repeats previous messages Victor is a verifying agent who demonstrates that the intended transaction was successfully executed.

Cryptology

Introhttp://www.youtube.com/watch?v=Kf9KjCKmDcU

Cryptology

Kerckhoff’s Six Principles1. The system must be practically or mathematically

undecipherable2. The system is not required to be secret and should be able

to fall in enemy hands3. The key must be communicable and retained without

effort, and changeable at the will of the correspondents4. The system must be compatible with the communication

channel5. The system must be portable and not require functioning

by multiple people6. The system must be easy, requiring minimal knowledge of

the system rules

Cryptology

There are two generations of encrypting methods: ClassicalModern

Cryptology

Classical ciphers are those that were historically used, like the scytale and Caesar’s, but became impractical either resulting from popular use or advances in technologyModern ciphers consist of substitution or transposition ciphers

Cryptology

Classical ciphers use an alphabet of letters, implemented using simple mathClassical ciphers can be broken using brute force attacks or frequency analysisBrute force is a standard attack, running all possible keys with a decrypting algorithm until the plaintext is exposed

Cryptology

Modern ciphers are typically divided into two criteria:the key type used the data input type

When referring to key types, modern ciphers branch intosymmetric (private key cryptography) asymmetric (public key cryptography)

Substitution CiphersMonoalphabetic substitutions include the Caesar, Atbash, and Keyword ciphers

Example of a substitution cipher is the Caesar shift cipher, which is typically a three-character shift

This shift would change the plaintext “purple” into the ciphertext “MROMIB.”

Cryptology

If the shift was a three-character subtraction, the plaintext message “purple” would then become ciphertext “SXUSOH.”

Cryptology

The Atbash cipher flips the entire alphabet back on itself; the plaintext alphabet is “A–Z” and the ciphertext alphabet is “Z–A,” shown in the next slide. The Atbash cipher would obscure the plaintext “purple” as “KFIKOV.”

Another cipher, the Keyword cipher establishes a keyword such as “HEADY.” This begins the ciphertext alphabet, and the rest is completed using the remaining letters in alphabetic orderUsing “HEADY” as the keyword, the Keyword cipher changes the plaintext “purple” to “OTQOKY.”

Polyalphabetic substitutions are ciphers using multiple substitution alphabets. The Vigenère cipher is the most famous of this genre, introduced in the sixteenth century by Blaise de Vigenère.

It encrypts plaintext by using a series of Caesar ciphers, based on the keywordThe keyword is written as many times as necessary above the plaintext message

Using the Vigenère square, one will use a letter from the plaintext and its associated keyword letterPlaintext letters are listed on the top, creating columns, which intersect with the keyword alphabet along the left side of the square, creating rows

The letter found at the intersection of these two letters is the cipher letter used to encrypt the messageThe beginning of the plaintext “O” and keyword letter “K” intersect at ciphertext letter “Y.” Therefore, “once upon a time” would become “YVPKM ZWAGL SUR.”

The 25 variations of the Caesar cipher (shifts 0–25) are contained in the square. Each row is a single shift to the right from the row or letter preceding. Therefore, the first row, labeled “A,” is a shift of one. Row “X” is a shift of 23