SlideShare a Scribd company logo

Introduction to Cryptography

Seema Goel, profile picture
Seema Goel

The document provides a comprehensive overview of cryptography, covering key concepts such as encryption, decryption, and various types of cryptographic techniques including symmetric and asymmetric algorithms, as well as hashing and digital signatures. It details the general goals of cryptography such as confidentiality, integrity, authentication, and nonrepudiation, along with common types of attacks against cryptographic systems. Furthermore, the document discusses important protocols like Transport Layer Security (TLS) and Public Key Infrastructure (PKI), highlighting their roles in secure communication.

Technology
Related topics:
Data Security Information Security Cyber-Security
1 of 22
Downloaded 74 times
1
2
3
4
5
6
7
8
9
10
Most read
11
Most read
12
13
14
15
16
Most read
17
18
19
20
21
22
S E E M A G O E L g o e l s e e m a 1 1 @ g m a i l . c o m Introduction to Cryptography
Contents  Basic Terms  Cryptography  The General Goals of Cryptography  Common Types of Attacks  Substitution Ciphers  Transposition Cipher  Steganography- “Concealed Writing”  Symmetric Secret Key Encryption  Types of Symmetric Algorithms  Common Symmetric Algorithms  Asymmetric Secret Key Encryption  Common Asymmetric Algorithms  Public Key Cryptography  Hashing Techniques  Hashing Algorithms  Digital Signatures  Transport Layer Security  Public key infrastructure (PKI)
Basic Terms  Encryption  Scrambling a message or data using a specialized cryptographic algorithm.  Plaintext  The message or data before it gets encrypted.  Ciphertext  The encrypted version of the message.  Cipher  The algorithm that does the encryption.  Decryption  The process of converting ciphertext back to the original plaintext.
Cryptography  Cryptography is the study of " Secret (crypto-) writing (-graphy)  It can be described as the study of protecting information weather in transit or at rest, by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.  Cryptanalysis is the science of recovering the plaintext from the ciphertext without access to the key. Plaintext Ciphertext Plaintext Encryption Decryption
The General Goals of Cryptography  Confidentiality  Assuring that only authorized parties are able to understand the data.  Integrity  Ensuring that when a message is sent over a network, the message that arrives is the same as the message that was originally sent.  Authentication  Ensuring that whoever supplies or accesses sensitive data is an authorized party.  Nonrepudiation  Ensuring that the intended recipient actually received the message & ensuring that the sender actually sent the message.
Common Types of Attacks  Ciphertext-Only Attack  Known-Plaintext Attack  Chosen-Plaintext Attack  Chosen-Ciphertext Attack  Dictionary Attacks
Substitution Ciphers  Caesar’s Cipher A B C D E F G H I J K L . . . . . . . . X Y Z A B C D E F G H I J K L . . . . . . .  Atbash Cipher A B C D E F G H I J K L . . . . . . . . Z Y X W V U T S R Q P O. . . . . . .  Vigenere Cipher  Polyalphabetic cipher to overcome the shortcomings of simple substitution ciphers Plaintext Caesar’s alphabet Plaintext Atbash’s alphabet ATTACKATDAWN……… LEMONLEMONLE…….. LXFOPVEFRNHR………. Plaintext Key Ciphertext
Transposition Cipher  In a transposition cipher, permutation is used, meaning that letters are scrambled. The key determines the positions that the characters are moved to.  Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency analysis. example text examp letex 24153 31524 xmepa tlxee Message Broken into groups Key Ciphertext
Steganography- “Concealed Writing”  It is the art and science of writing hidden messages in an object(wave file, graphic, audio or video) in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message.  The least significant bit of each byte of the image can be replaced with bits of the secret message. Example of still imagery steganography. Left hand side image is the original cover image, where as right hand side does embedding a text file into the cover Image make the stego image.  The advantage of steganography, over cryptography alone, is that messages do not attract attention.
Symmetric Secret Key Encryption  With this approach the sender and the receiver use the same secret key to encrypt and decrypt messages.  The strength of symmetric key encryption is fast, bulk encryption.  Major Challenges  Key distribution- It requires a secure mechanism to deliver keys properly.  Scalability- Each pair of users needs a unique pair of keys, so the number of keys grow exponentially  Examples of symmetric algorithms are as follows:  DES (Data Encryption Standard)  3DES  AES (Advanced Encryption Standard)
Types of Symmetric Algorithms Block Cipher  Operate by encrypting a fixed amount, or “block,” (64 or 128 bit) of data  It is somewhat faster than stream cipher each time n characters executed.  Transmission errors in one cipher text block have no affect on other blocks.  Identical blocks of plaintext produce identical blocks of cipher text.  Block encryption may be more susceptible to cryptanalysis than either stream mode. Stream cipher  Treats the message as a stream of bits or bytes and performs mathematical functions on them individually  The same plaintext bit or byte will be transformed into a different ciphertext bit or byte each time it is encrypted  Stream cipher is less vulnerable to insertion or deletion.  Transmission error at the nth bit in the stream cipher may lead to incorrect ciphertext thereafter.
Common Symmetric Algorithms DES  Designed by IBM in the 1970s and adopted by the National Institute for Standards and Technology (NIST)] in 1977 for commercial and unclassified government applications.  DES is a block-cipher employing a 56- bit key that operates on 64-bit blocks.  DES results in a permutation among the 264 possible arrangements of 64 bits, each of which may be either 0 or 1  Triple DES (3DES) is an enhanced version of DES which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. AES  AES was announced by National Institute of Standards and Technology on November 26, 2001.  AES is a block cipher with a block length of 128 bits.  It allows for three different key lengths: 128, 192, or 256 bits.  Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256- bit keys.
Asymmetric Secret Key Encryption  Asymmetric encryption uses a key pair (Public key and Private key) .  The two different asymmetric keys are mathematically related but cannot be derived from each other.  Each key type can be used to encrypt and decrypt. If data is encrypted with a private key, it must be decrypted with the corresponding public key and vice versa.  Better key distribution and scalability than symmetric systems.  Works much slower than symmetric systems.  Examples of asymmetric key algorithms:  RSA  Elliptic Curve Cryptosystem (ECC)
Common Asymmetric Algorithms  RSA (Ron Rivest, Adi Shamir and Leonard Adleman)  Developed in 1978 at MIT  RSA gets its security from the difficulty of factoring large numbers  Best known & widely used  Each user generates a public/private key pair by applying the RSA algorithm to two large primes at random say p and q  One advantage of using RSA is that it can be used for encryption and digital signatures  RSA is used in many Web browsers with the Secure Sockets Layer (SSL) protocol
Common Asymmetric Algorithms (contd.)  Elliptic Curve Cryptosystems (ECCs)  ECC was introduced by Victor Miller and Neal Koblitz in 1985  For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible  The size of the elliptic curve determines the difficulty of the problem.  ECC requires significantly smaller key size with same level of security as compared to the key size for RSA : faster computations, need less storage space  ECC ideal for constrained environments : Pagers , PDAs , Cellular Phones and Smart Cards
Public Key Cryptography  It is a hybrid use of two different algorithms: asymmetric and symmetric  Public key cryptography uses two keys (public and private) generated by an asymmetric algorithm for protecting encryption keys and key distribution, and a secret key is generated by a symmetric algorithm and used for bulk encryption. Bill sends a message
Hashing Techniques  Cryptographic hashing functions are used to ensure the integrity of data using an integrity checksum.  Hashing functions are one-way functions. This means that the ciphertext (i.e., the checksum) cannot be used to reconstruct the plaintext.  The checksum (the ciphertext) is much smaller than the plaintext.  Hashing functions provide a kind of digital fingerprint.  The security of the hashing function is related to the size of the resulting checksum (in bits)  Examples of Hashing Algorithms:  MD5 (Message-Digest algorithm 5)  SHA (Secure Hash Algorithm)
Hashing Algorithms MD5  128- bit hash value typically expressed as a 32-digit hexadecimal number.  MD5 processes a variable-length message into a fixed-length output of 128 bits.  It is easy to compute.  It is infeasible to modify a message without changing its hash.  No two messages have the same hash. SHA  SHA-1 produces a 160-bit hash value.  SHA-256 uses 32-bit words.  SHA-512 uses 64-bit words.  The collision ratio for SHA is far less than the collision ratio MD5.
Digital Signatures  Goals  Itshould be proof of authenticity and should be impossible to forge.  It should be impossible to alter the signed document without detection.  It should be impossible to transplant the signature to another document.  Technology  A hash function to help generate the digital signature, S.  Symmetric (secret key) cryptography to encrypt the message, M.  Public key cryptography to share the secret key used to encrypt and decrypt the message, M.  Public key cryptography to encrypt and decrypt the digital signature, S.
Transport Layer Security  It provides communication security over the Internet.  Encrypt the segments of network connections at the Application Layer using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.  Widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging etc.  The TLS protocol is made up of two layers.  The record protocol is designed to protect confidentiality  The handshake protocol allows authentication  TLS is application protocol-independent.  A vulnerability (CVE-2011-3389) was reported in The SSL protocol which allows attackers to obtain plaintext HTTP headers via a blockwise chosen- boundary attack on an HTTPS session.
Public key infrastructure (PKI)  It consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.  PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard protocols  PKI provides authentication, confidentiality, nonrepudiation, and integrity of the messages exchanged  PKI is a hybrid system of symmetric and asymmetric key algorithms  Each person who wants to participate in a PKI requires a digital certificate
Thank You!!

More Related Content

PPTX
Cryptography
prasham95
 
PPTX
Cryptography and Network Security
Pa Van Tanku
 
PPT
Cryptography
Suhepi Saputri
 
PPTX
Cryptography
Sagar Janagonda
 
PPTX
Cryptography
subodh pawar
 
PPT
Information Security & Cryptography
Arun ACE
 
PPTX
Intro to modern cryptography
zahid-mian
 
PPT
Cryptography
IGZ Software house
 
Cryptography
prasham95
 
Cryptography and Network Security
Pa Van Tanku
 
Cryptography
Suhepi Saputri
 
Cryptography
Sagar Janagonda
 
Cryptography
subodh pawar
 
Information Security & Cryptography
Arun ACE
 
Intro to modern cryptography
zahid-mian
 
Cryptography
IGZ Software house
 

What's hot (20)

PPTX
Cryptography
Darshini Parikh
 
PPTX
Cryptography.ppt
Uday Meena
 
PPTX
Cryptography
Jens Patel
 
PPTX
Cryptography
Sidharth Mohapatra
 
PPTX
cryptography
Abhijeet Singh
 
PPT
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
PPTX
Cryptography
Rutuja Solkar
 
PPTX
Transposition Cipher
daniyalqureshi712
 
PDF
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
PDF
Transposition cipher
Antony Alex
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
Public Key Cryptography
Gopal Sakarkar
 
PPTX
Cryptography
EmaSushan
 
PPTX
Hash Function
Siddharth Srivastava
 
PDF
Cryptography
Kalyani Government Engineering College
 
PPTX
Cryptography
jayashri kolekar
 
PPT
6. cryptography
7wounders
 
PPTX
Advanced encryption standard (aes)
farazvirk554
 
PPT
Fundamentals of cryptography
Hossain Md Shakhawat
 
PPT
Network security cryptographic hash function
Mijanur Rahman Milon
 
Cryptography
Darshini Parikh
 
Cryptography.ppt
Uday Meena
 
Cryptography
Jens Patel
 
Cryptography
Sidharth Mohapatra
 
cryptography
Abhijeet Singh
 
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Cryptography
Rutuja Solkar
 
Transposition Cipher
daniyalqureshi712
 
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
Transposition cipher
Antony Alex
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Public Key Cryptography
Gopal Sakarkar
 
Cryptography
EmaSushan
 
Hash Function
Siddharth Srivastava
 
Cryptography
Kalyani Government Engineering College
 
Cryptography
jayashri kolekar
 
6. cryptography
7wounders
 
Advanced encryption standard (aes)
farazvirk554
 
Fundamentals of cryptography
Hossain Md Shakhawat
 
Network security cryptographic hash function
Mijanur Rahman Milon
 
Ad

Viewers also liked (20)

PDF
Introduction to Cryptography
Popescu Petre
 
PPTX
PPT steganography
parvez Sharaf
 
PPTX
Introduction to Cryptography
Bharat Kumar Katur
 
PPTX
Steganography
Bahaa Aladdin
 
PPTX
Social networks security risks
osuhaibany
 
PDF
Introduction to cryptography
Amir Neziri
 
PDF
Social Networks and Security: What Your Teenager Likely Won't Tell You
Denim Group
 
PDF
Building Social Networks
nyccamp
 
PPTX
Data Visualization and Social Network Analysis for Recruiting.
Matt Charney
 
PPTX
EVALUACIÓN
Neidy frias
 
PDF
Introduction to Cryptography Part I
Maksim Djackov
 
PDF
FITC - Bootstrap Unleashed
Rami Sayar
 
PDF
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
arborwebsolutions
 
PPTX
Cookies and Session
KoraStats
 
PPTX
Hackers
Mahmoud Saeed
 
PDF
Social journalism: Community building through social networks
JD Lasica
 
PPT
Hacking
Harendra Singh
 
PDF
Responsive Web Design - Introduction & Workflow Overview
Aidan Foster
 
PDF
Introduction to Cryptography Parts II and III
Maksim Djackov
 
PPT
Presentacion diapositiva 40
FUCS - Fundación Universitaria de Ciencias de la Salud
 
Introduction to Cryptography
Popescu Petre
 
PPT steganography
parvez Sharaf
 
Introduction to Cryptography
Bharat Kumar Katur
 
Steganography
Bahaa Aladdin
 
Social networks security risks
osuhaibany
 
Introduction to cryptography
Amir Neziri
 
Social Networks and Security: What Your Teenager Likely Won't Tell You
Denim Group
 
Building Social Networks
nyccamp
 
Data Visualization and Social Network Analysis for Recruiting.
Matt Charney
 
EVALUACIÓN
Neidy frias
 
Introduction to Cryptography Part I
Maksim Djackov
 
FITC - Bootstrap Unleashed
Rami Sayar
 
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
arborwebsolutions
 
Cookies and Session
KoraStats
 
Hackers
Mahmoud Saeed
 
Social journalism: Community building through social networks
JD Lasica
 
Hacking
Harendra Singh
 
Responsive Web Design - Introduction & Workflow Overview
Aidan Foster
 
Introduction to Cryptography Parts II and III
Maksim Djackov
 
Presentacion diapositiva 40
FUCS - Fundación Universitaria de Ciencias de la Salud
 
Ad

Similar to Introduction to Cryptography (20)

PPTX
Cryptography
Pratiksha Patil
 
PDF
Fundamentals of Cryptography: Securing Data in the Digital Age
avengersimran16
 
PPT
Ch11 Basic Cryptography
Information Technology
 
PDF
CNIT 123 12: Cryptography
Sam Bowne
 
PPTX
Cryptography and network security
patisa
 
PPTX
Security - ch3.pptx
GebrehanaAlemaw
 
PDF
CISSP Prep: Ch 4. Security Engineering (Part 2)
Sam Bowne
 
PDF
CNIT 125 Ch 4. Security Engineering (Part 2)
Sam Bowne
 
PDF
Basic Cryptography.pdf
Setiya Nugroho
 
PPT
CISSP EXAM PREPARATION FOR A PASSED SCORE
rinelaam
 
PPTX
Security - ch3.pptx
HabtamuHaileMichael2
 
PPT
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
PPTX
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan
 
PPT
Lecture 7 - CRYPTOGRAPHYpptof my presentation.ppt
FarooqKhurshid1
 
PPTX
Encryption techniques
MohitManna
 
PPT
Crypt
Mir Majid
 
PPT
Cryptography cse,ru
Hossain Md Shakhawat
 
PPTX
A study of cryptography for satellite applications
Rajesh Ishida
 
PPTX
NS UNIT 1 Advanced Encryption Standard& RSA
AntonySuresh13
 
PPT
Cryptography - An Overview
ppd1961
 
Cryptography
Pratiksha Patil
 
Fundamentals of Cryptography: Securing Data in the Digital Age
avengersimran16
 
Ch11 Basic Cryptography
Information Technology
 
CNIT 123 12: Cryptography
Sam Bowne
 
Cryptography and network security
patisa
 
Security - ch3.pptx
GebrehanaAlemaw
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
Sam Bowne
 
CNIT 125 Ch 4. Security Engineering (Part 2)
Sam Bowne
 
Basic Cryptography.pdf
Setiya Nugroho
 
CISSP EXAM PREPARATION FOR A PASSED SCORE
rinelaam
 
Security - ch3.pptx
HabtamuHaileMichael2
 
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan
 
Lecture 7 - CRYPTOGRAPHYpptof my presentation.ppt
FarooqKhurshid1
 
Encryption techniques
MohitManna
 
Crypt
Mir Majid
 
Cryptography cse,ru
Hossain Md Shakhawat
 
A study of cryptography for satellite applications
Rajesh Ishida
 
NS UNIT 1 Advanced Encryption Standard& RSA
AntonySuresh13
 
Cryptography - An Overview
ppd1961
 

Recently uploaded (20)

PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Encapsulation theory and applications.pdf
gurumoop
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
KodekX | Application Modernization Development
KodekX
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 

Introduction to Cryptography

  • 1. S E E M A G O E L g o e l s e e m a 1 1 @ g m a i l . c o m Introduction to Cryptography
  • 2. Contents  Basic Terms  Cryptography  The General Goals of Cryptography  Common Types of Attacks  Substitution Ciphers  Transposition Cipher  Steganography- “Concealed Writing”  Symmetric Secret Key Encryption  Types of Symmetric Algorithms  Common Symmetric Algorithms  Asymmetric Secret Key Encryption  Common Asymmetric Algorithms  Public Key Cryptography  Hashing Techniques  Hashing Algorithms  Digital Signatures  Transport Layer Security  Public key infrastructure (PKI)
  • 3. Basic Terms  Encryption  Scrambling a message or data using a specialized cryptographic algorithm.  Plaintext  The message or data before it gets encrypted.  Ciphertext  The encrypted version of the message.  Cipher  The algorithm that does the encryption.  Decryption  The process of converting ciphertext back to the original plaintext.
  • 4. Cryptography  Cryptography is the study of " Secret (crypto-) writing (-graphy)  It can be described as the study of protecting information weather in transit or at rest, by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.  Cryptanalysis is the science of recovering the plaintext from the ciphertext without access to the key. Plaintext Ciphertext Plaintext Encryption Decryption
  • 5. The General Goals of Cryptography  Confidentiality  Assuring that only authorized parties are able to understand the data.  Integrity  Ensuring that when a message is sent over a network, the message that arrives is the same as the message that was originally sent.  Authentication  Ensuring that whoever supplies or accesses sensitive data is an authorized party.  Nonrepudiation  Ensuring that the intended recipient actually received the message & ensuring that the sender actually sent the message.
  • 6. Common Types of Attacks  Ciphertext-Only Attack  Known-Plaintext Attack  Chosen-Plaintext Attack  Chosen-Ciphertext Attack  Dictionary Attacks
  • 7. Substitution Ciphers  Caesar’s Cipher A B C D E F G H I J K L . . . . . . . . X Y Z A B C D E F G H I J K L . . . . . . .  Atbash Cipher A B C D E F G H I J K L . . . . . . . . Z Y X W V U T S R Q P O. . . . . . .  Vigenere Cipher  Polyalphabetic cipher to overcome the shortcomings of simple substitution ciphers Plaintext Caesar’s alphabet Plaintext Atbash’s alphabet ATTACKATDAWN……… LEMONLEMONLE…….. LXFOPVEFRNHR………. Plaintext Key Ciphertext
  • 8. Transposition Cipher  In a transposition cipher, permutation is used, meaning that letters are scrambled. The key determines the positions that the characters are moved to.  Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency analysis. example text examp letex 24153 31524 xmepa tlxee Message Broken into groups Key Ciphertext
  • 9. Steganography- “Concealed Writing”  It is the art and science of writing hidden messages in an object(wave file, graphic, audio or video) in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message.  The least significant bit of each byte of the image can be replaced with bits of the secret message. Example of still imagery steganography. Left hand side image is the original cover image, where as right hand side does embedding a text file into the cover Image make the stego image.  The advantage of steganography, over cryptography alone, is that messages do not attract attention.
  • 10. Symmetric Secret Key Encryption  With this approach the sender and the receiver use the same secret key to encrypt and decrypt messages.  The strength of symmetric key encryption is fast, bulk encryption.  Major Challenges  Key distribution- It requires a secure mechanism to deliver keys properly.  Scalability- Each pair of users needs a unique pair of keys, so the number of keys grow exponentially  Examples of symmetric algorithms are as follows:  DES (Data Encryption Standard)  3DES  AES (Advanced Encryption Standard)
  • 11. Types of Symmetric Algorithms Block Cipher  Operate by encrypting a fixed amount, or “block,” (64 or 128 bit) of data  It is somewhat faster than stream cipher each time n characters executed.  Transmission errors in one cipher text block have no affect on other blocks.  Identical blocks of plaintext produce identical blocks of cipher text.  Block encryption may be more susceptible to cryptanalysis than either stream mode. Stream cipher  Treats the message as a stream of bits or bytes and performs mathematical functions on them individually  The same plaintext bit or byte will be transformed into a different ciphertext bit or byte each time it is encrypted  Stream cipher is less vulnerable to insertion or deletion.  Transmission error at the nth bit in the stream cipher may lead to incorrect ciphertext thereafter.
  • 12. Common Symmetric Algorithms DES  Designed by IBM in the 1970s and adopted by the National Institute for Standards and Technology (NIST)] in 1977 for commercial and unclassified government applications.  DES is a block-cipher employing a 56- bit key that operates on 64-bit blocks.  DES results in a permutation among the 264 possible arrangements of 64 bits, each of which may be either 0 or 1  Triple DES (3DES) is an enhanced version of DES which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. AES  AES was announced by National Institute of Standards and Technology on November 26, 2001.  AES is a block cipher with a block length of 128 bits.  It allows for three different key lengths: 128, 192, or 256 bits.  Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256- bit keys.
  • 13. Asymmetric Secret Key Encryption  Asymmetric encryption uses a key pair (Public key and Private key) .  The two different asymmetric keys are mathematically related but cannot be derived from each other.  Each key type can be used to encrypt and decrypt. If data is encrypted with a private key, it must be decrypted with the corresponding public key and vice versa.  Better key distribution and scalability than symmetric systems.  Works much slower than symmetric systems.  Examples of asymmetric key algorithms:  RSA  Elliptic Curve Cryptosystem (ECC)
  • 14. Common Asymmetric Algorithms  RSA (Ron Rivest, Adi Shamir and Leonard Adleman)  Developed in 1978 at MIT  RSA gets its security from the difficulty of factoring large numbers  Best known & widely used  Each user generates a public/private key pair by applying the RSA algorithm to two large primes at random say p and q  One advantage of using RSA is that it can be used for encryption and digital signatures  RSA is used in many Web browsers with the Secure Sockets Layer (SSL) protocol
  • 15. Common Asymmetric Algorithms (contd.)  Elliptic Curve Cryptosystems (ECCs)  ECC was introduced by Victor Miller and Neal Koblitz in 1985  For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible  The size of the elliptic curve determines the difficulty of the problem.  ECC requires significantly smaller key size with same level of security as compared to the key size for RSA : faster computations, need less storage space  ECC ideal for constrained environments : Pagers , PDAs , Cellular Phones and Smart Cards
  • 16. Public Key Cryptography  It is a hybrid use of two different algorithms: asymmetric and symmetric  Public key cryptography uses two keys (public and private) generated by an asymmetric algorithm for protecting encryption keys and key distribution, and a secret key is generated by a symmetric algorithm and used for bulk encryption. Bill sends a message
  • 17. Hashing Techniques  Cryptographic hashing functions are used to ensure the integrity of data using an integrity checksum.  Hashing functions are one-way functions. This means that the ciphertext (i.e., the checksum) cannot be used to reconstruct the plaintext.  The checksum (the ciphertext) is much smaller than the plaintext.  Hashing functions provide a kind of digital fingerprint.  The security of the hashing function is related to the size of the resulting checksum (in bits)  Examples of Hashing Algorithms:  MD5 (Message-Digest algorithm 5)  SHA (Secure Hash Algorithm)
  • 18. Hashing Algorithms MD5  128- bit hash value typically expressed as a 32-digit hexadecimal number.  MD5 processes a variable-length message into a fixed-length output of 128 bits.  It is easy to compute.  It is infeasible to modify a message without changing its hash.  No two messages have the same hash. SHA  SHA-1 produces a 160-bit hash value.  SHA-256 uses 32-bit words.  SHA-512 uses 64-bit words.  The collision ratio for SHA is far less than the collision ratio MD5.
  • 19. Digital Signatures  Goals  Itshould be proof of authenticity and should be impossible to forge.  It should be impossible to alter the signed document without detection.  It should be impossible to transplant the signature to another document.  Technology  A hash function to help generate the digital signature, S.  Symmetric (secret key) cryptography to encrypt the message, M.  Public key cryptography to share the secret key used to encrypt and decrypt the message, M.  Public key cryptography to encrypt and decrypt the digital signature, S.
  • 20. Transport Layer Security  It provides communication security over the Internet.  Encrypt the segments of network connections at the Application Layer using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.  Widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging etc.  The TLS protocol is made up of two layers.  The record protocol is designed to protect confidentiality  The handshake protocol allows authentication  TLS is application protocol-independent.  A vulnerability (CVE-2011-3389) was reported in The SSL protocol which allows attackers to obtain plaintext HTTP headers via a blockwise chosen- boundary attack on an HTTPS session.
  • 21. Public key infrastructure (PKI)  It consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.  PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard protocols  PKI provides authentication, confidentiality, nonrepudiation, and integrity of the messages exchanged  PKI is a hybrid system of symmetric and asymmetric key algorithms  Each person who wants to participate in a PKI requires a digital certificate