Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Cryptography
1.
2. Cryptography
Definition
It is an ancient art and science of writing in secret message.
Cryptography comes from Greek word “crypto “ means hiding
and “Graphy” means writing
It is the art of achieving security by encoding messages to
make them non readable.
8/3/2016 jaya 2
3. Cryptography
Terminologies
Cryptanalysis
Cryptanalysis (from the Greek kryptós, "hidden", and analýein,
"to loosen“ ) is the study of analyzing information system in
order to study the hidden aspects of the systems.
breaking “secret codes”
Cryptology
Cryptology (from Greek kryptós, "hidden, secret“, and logia,
"study“) is the study of cryptography and cryptanalysis
The art and science of making and breaking “secret codes”
8/3/2016 jaya 3
4. Cryptography
Terminologies
Encryption
It is the process of transforming information so it is unintelligible to
anyone but the intended recipient.
Decryption
It is the process of transforming encrypted information so that it is
intelligible again.
Plaintext
the message to be transmitted or stored.
Cipher text
the disguised message or encrypted message
Algorithm
The mathematical formula used for encryption and decryption
Cipher
Algorithm used for encryption and decryption
Key
Value used by algorithm to encrypt and decrypt
8/3/2016 jaya 4
7. Cryptography
Application of Cryptography
Secure communication:
To prevent eavesdropping-war time communication and business
transactions.
Identification & Authentication:
Checking the integrity
Secret sharing / data hiding:
Hide something that has been written.
E-commerce / E-payment:
Certification:
Certification is a scheme by which trusted agents such as
certifying authorities guarantee for unknown agents , such as
users.
8/3/2016 jaya 7
8. Cryptography
Application of Cryptography
Key recovery:
It is a technology that allows a key to be revealed under certain
circumstances without the owner of the key revealing it.
Remote access:
Passwords gives a level of security for secure access.
Cell phone:
Prevent people from stealing cell phone nos. , access code or
eavesdropping.
Access control:
Regulate access to satellite and cable TV
8/3/2016 jaya 8
9. Cryptography
Characteristics of Cryptographic System:
The type of operations used for transforming plaintext
to cipher text.
The number of keys used
The way in which the plaintext is processed.
8/3/2016 jaya 9
10. Cryptography
Types of Cryptography
Secret –key Cryptography(Symmetric key cryptography)
Single key is used for both encryption and decryption.
Public key Cryptography(Asymmetric key cryptography)
Uses one key for encryption and anther for decryption.
Hash function
It uses a mathematical transformation to irreversibly “encrypt”
information.
8/3/2016 jaya 10
11. Cryptography
Classical encryption(symmetric key cryptography)
techniques
Substitution
Replacing an element of plain text by cipher text
Transposition
Rearranging the order of appearance of the elements of the
plaintext.
8/3/2016 jaya 11
12. Symmetric key Cryptography
Substitution ciphers technique:
Caesar’s cipher substitution technique.
Monoalphabetic cipher substitution technique
Polyalphabetic cipher substitution technique
One time pad
Playfair cipher
Hill cipher
8/3/2016 jaya 12
13. Symmetric key Cryptography
Caesar’s cipher substitution technique.
The method is named after Julius Caesar, who used it to
communicate with his generals.
It is also known as the shift cipher, Caesar’s code or
Caesar shift.
It is one of the simplest and most widely known
encryption techniques.
Letter in the plaintext is replaced by a letter some fixed
number of positions down the alphabet.
8/3/2016 jaya 13
14. Symmetric key Cryptography
Caesar’s cipher substitution technique.
Encryption of a letter x by a shift n can be described
mathematically as,
En(x) = (x+n) mod 26
Example:
Encryption of a letter A by a shift 3 can be described
mathematically as,
En(x) = (A+3) mod 26 = (0+3) mod 26 = 3 mod 26 =3
Encrypted letter for A is D
8/3/2016 jaya 14
15. Symmetric key Cryptography
Decryption of a letter x by a shift n can be described
mathematically as,
Decryption is performed similarly,
Dn(x) =(x-n) mod 26
Example:
Decryption of a letter D by a shift 3 can be described
mathematically as,
Dn(x) = (D-3) mod 26 = (3 -3) mod 26 = 0 mod 26 =0
Decrypted letter for D is A
8/3/2016 jaya 15
16. Symmetric key Cryptography
Example for Caesar cipher
Key=3
Plain text is =“WELCOME”
Cipher text is =“ZHOFRPH”
Plain text
A B C D E F G H I J K L M
Cipher text
D E F G H I J K L M N O P
Plain text
N O P Q R S T U V W X Y Z
Cipher text
Q R S T U V W X Y Z A B C
8/3/2016 jaya 16
17. Symmetric key Cryptography
Mono-Alphabetic cipher substitution technique
It uses fixed substitution over the entire message
Uses random substitution
Requires permutation or combination of 26 alphabets.
Hard to crack
Example
Plain text is =“WELCOME”
Cipher text is =“GXDLRPX”
Plain
text A B C D E F G H I J K L M
Cipher
text Y N L K X B S H M I W D P
Plain
text N O P Q R S T U V W X Y Z
Cipher
text J R O Q V F E A U G T Z C
8/3/2016 jaya 17
18. Symmetric key Cryptography
Homophonic substitution technique
A plain text alphabet can map to more than one cipher
text alphabet.
Example
A can be replaced by [D,H,P,R] and B can be replaced by
[E,I,Q,S]
8/3/2016 jaya 18
19. Symmetric key Cryptography
Polygram substitution technique
A block of plain text alphabet is replaced by block of
cipher text alphabet.
Example
Hello can be replaced by YUQQW
8/3/2016 jaya 19
20. Symmetric key Cryptography
Poly-Alphabetic cipher substitution technique:
Leon Battista invented this technique in 1568
It is made up of multiple simple substitution cipher.
This method uses multiple one character keys.
Each key encrypts one plain text character.
Examples:
Vigenere Cipher
Beaufort Cipher
8/3/2016 jaya 20
21. STEGANOGRAPHY
Steganography is the science of hiding information by
embedding the hidden(secret) message within a cover
media.
It works by replacing bits of useless or unused data in
regular computer files with bits of different, invisible
information.
It used sometime when encryption is not permitted.
Steganographic process
Stego medium = cover media + hidden data + stego key
8/3/2016 jaya 21
22. STEGANOGRAPHY
Different techniques of Steganography:
Character marking
Invisible ink
Pin punctures
Typewriter correction ribbon
8/3/2016 jaya 22
23. STEGANOGRAPHY
Advantages of Steganography:
used to transfer sensitive data
We can hide secrete message with graphic images.
Provides high security
8/3/2016 jaya 23
24. STEGANOGRAPHY
Disadvantages of Steganography:
It requires lot of overhead to hide a relatively few bits of
information
Once the system is discovered, it becomes virtually
worthless.
8/3/2016 jaya 24
25. STEGANOGRAPHY
Applications of Steganography:
Digital watermarking
Used in conjunction with encryption for extra security.
8/3/2016 jaya 25
26. CRYPTOGRAPHY
Symmetric cipher /secrete key cryptography
Sender and recipient share a same key for encryption
and decryption
The encryption algorithm is divided into two types
Block Cipher
Stream Cipher
8/3/2016 jaya 26
27. CRYPTOGRAPHY
Advantages of Symmetric cipher /secrete key
cryptography
It is faster
While transmission the chances of data being decrypted
is null
Uses password authentication to prove the receivers
identity
8/3/2016 jaya 27
28. CRYPTOGRAPHY
Disadvantages of Symmetric cipher /secrete key
cryptography
Issue of key transportation
It cannot provide digital signature that cannot be
repudiated.
8/3/2016 jaya 28
29. CRYPTOGRAPHY
Asymmetric cipher /secrete key cryptography
A pair of key is used to encrypt and decrypt.
With asymmetric cryptography, the sender encrypts data
with one key, and the recipient uses a different key to
decrypt cipher text.
Encrypt data using public key and decrypt data using
private key.
8/3/2016 jaya 29
30. CRYPTOGRAPHY
Advantages Asymmetric cipher /secrete key
cryptography
Eliminating the key distribution problem
Increased security
It can provide digital signatures that can be repudiated.
Advantages Asymmetric cipher /secrete key
cryptography
Faster methods are available.
8/3/2016 jaya 30
31. DIGITAL SIGNATURE
A digital signature is an electronic signature that can be
used to authenticate the identity of the sender of a
message.
It is a mathematical scheme for demonstrating the
authenticity of a digital message or document.
Each signatory has their own paired public and private key
8/3/2016 jaya 31
32. DIGITAL SIGNATURE
It consists three algorithms:
A digital signature generation algorithm:
It consists of a (mathematical) digital signature generation
algorithm
Randomly produces a key pair( public and private)
A signing algorithm:
Produces a signature
A digital signature verification algorithm
It consists of a verification algorithm, along with a method for
recovering data from the message.
8/3/2016 jaya 32
33. DIGITAL SIGNATURE
Message Message digest
Hash function
Digital Signature
Senders private key
Concept of digital signature
8/3/2016 jaya 33
35. DIGITAL SIGNATURE
Advantages of Digital Signature
Imposter prevention
Message integrity
Legal requirement
Disadvantages of Digital Signature:
Digital signature involves the primary avenue for any
business is money
8/3/2016 jaya 35
36. Authentication Protocols
Kerberos:
Developed by MIT( massachusetts Institute of Technology)
It is a computer network authentication protocol works on
tickets.
Designed for c-s network
Mutual authentication
Builds on symmetric key cryptography
Requires a trusted third party
Protected against eavesdropping and replay attacks
Provides secure authentication for unix
8/3/2016 jaya 36
37. Authentication Protocols
SSL(secure sockets layers)
Establishes an encrypted link between a server and a client .
Uses combination of symmetric and asymmetric encryption
Supported by web servers and web browsers
Operates at lower layer
Based on digital certification
Allows sensitive information to be transmitted securely
8/3/2016 jaya 37
38. Authentication Protocols
Microsoft NTLM( NT Lan Manager)
Used by windows NT server to authenticate clients to an NT
domain
It is a challenge-Response authentication protocol uses three
messages to authenticate a client
Users credentials do not get transferred across the nw when
resources are accessed, which increases security .
client
server
NEGOTIATE_MESSAGE CHALLENGE_MESSAGE
AUTHENTICATE_MESSAGE
8/3/2016 jaya 38
39. Authentication Protocols
PAP(Password Authentication Protocol)
Two way handshake protocol designed for PPP
Authenticate a user over a remote access control
It sends user passwords across the nw to the authenticating
server in plain text.
Poses a significant security risk.
Advantage is it is compatible with many server types running in
different OS.
8/3/2016 jaya 39
40. Authentication Protocols
SPAP(Shiva Password Authentication Protocol)
Used by shiva remote access server
It is an improvement over PAP in terms of the security level
Client sends encrypted password to remote server and server
decrypts the password
Based on login info server sends ACK or NACK.
Advantage is it is compatible with many server types running in
different OS.
8/3/2016 jaya 40
41. Authentication Protocols
CHAP(Challenge Handshake Authentication Protocol)
Used for remote access security
It is an internet standard uses MD5
Password does not go across the nw and can’t be captured
No reverse engineering.
Vulnerable to remote server impersonation.
8/3/2016 jaya 41
42. Authentication Protocols
MCHAP(Microsoft version of CHAP)
Uses 2-way authentication to verify identity of client and server
Protects against impersonation
Uses separate cryptographic keys for transmitted and received data
8/3/2016 jaya 42
43. Authentication Protocols
EAP(Extensible authentication protocol )
used to determine what authentication protocol will be used
Used in wireless nw and PPP
Used in devices such as smart card readers and finger print readers.
S/KEY
One time password system developed for UNIX
OTP allows to logon only once
List of password is given and maintained by hardware device.
8/3/2016 jaya 43
44. Authentication Protocols
RADIUS( Remote Authentication Dial-In User service
Protocol)
Client server protocol
Provides centralized authentication, authorization and accounting
management for network users
TACACS( Terminal Access Controller Access Control System)
Older authentication protocol used in UNIX
Client pass login information to server to gain access
Encryption protocol so less expensive
8/3/2016 jaya 44