Indian Institute of Technology Kharagpur

Basic Cryptographic Concepts

Part I

Prof. Indranil Sen Gupta

Dept. of Computer Science & Engg.
I.I.T. Kharagpur, INDIA

Lecture 32: Basic cryptographic concepts –

Part I
On completion, the student will be able to:
1. Define the basic cryptographic terms commonly
used.
2. Identify the different security threats in the
Internet scenario.
3. Distinguish between symmetric and public-key
cryptography techniques.
4. Explain a practical symmetric key encryption /
decryption scheme.

1
 Basic Concepts

Security Attacks

• Any action that compromises the

security of information.
• Four types of attack:
ƒ Interruption
ƒ Interception
ƒ Modification
ƒ Fabrication
• Basic model:
S D
Source Destination

2
• Interruption:
S D
¾Attack on availability

S D
• Interception:
¾Attack on
confidentiality I

S D
• Modification:
¾Attack on integrity
I

S D
• Fabrication:
¾Attack on
authenticity I

3
 Passive and Active Attacks

• Passive attacks
¾Obtain information that is being
transmitted (eavesdropping).
¾Two types:
ƒ Release of message contents.
ƒ Traffic analysis.
¾Very difficult to detect.

• Active attacks
¾Involve some modification of the data
stream or the creation of a false stream.
¾Four categories:
ƒ Masquerade:- One entity pretends to be
a different entity.
ƒ Replay:- Passive capture of a transaction
and subsequent replay.

4
 ƒ Modification:- Some portion of a
message is altered on its way.
ƒ Denial of service:- Prevents access to
resources.

Security Services

• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (parties cannot later deny)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
¾ Denial of Service Attacks
¾ Virus that deletes files

5
 Network Access Security Model

Internal
Network
G
Opponent: A Computers
Human T
ACCESS CHANNEL E Software
Virus
W resources
Worm
A Databases
Y
Security
Control

Cryptography Terminologies

6
 Introduction

• Most important concept behind

network security is encryption.
• Two forms of encryption:
1. Private (or Symmetric)
ƒ Single key shared by sender and
receiver.
2. Public-key (or Asymmetric)
ƒ Separate keys for sender and receiver.

Typical Flow

Trusted Third
Party
SENDER RECEIVER

Message E Channel D Message

A A
Key 1 Key 2

Intruder

7
 Symmetric Key Cryptography

• Basic ingredients of the scheme:

¾Plaintext (P)
ƒ Message to be encrypted
¾Secret Key (K)
ƒ Shared among the two parties
¾Ciphertext (C)
ƒ Message after encryption
¾Encryption algorithm (EA)
ƒ Uses P and K
¾Decryption algorithm (DA)
ƒ Uses C and K

• Security of the scheme

¾Depends on the secrecy of the key.
¾Does not depend on the secrecy of the
algorithm.
• Assumptions that we make:
¾Algorithms for encryption/decryption
are known to the public.
¾Keys used are kept secret.

8
 Illustration

Shared Key K Shared Key K

EA DA
Ciphertext
Plaintext Plaintext
C
P P

Some Points to Observe

• Key distribution problem of secret key

systems:
¾Establish key before communication.
¾Need n(n-1)/2 keys with n different parties.
A

B E

C D

9
 Classical Techniques

• Broadly falls under two categories:

1. Substitution ciphers
ƒ Each letter or group of letters of the
plaintext are replaced by some other
letter or group of letters, to obtain
the ciphertext.
2. Transposition ciphers
ƒ Letters of the plaintext are permuted
in some form.

A Simple Example

Caesar Cipher (a substitution cipher):

¾ Earliest known substitution cipher.
¾ Replace each letter of the alphabet
with the letter three places after that
alphabet.
¾ Alphabets are assumed to be wrapped
around ( Z is followed by A, etc.).

P: HAPPY NEW YEAR

C: KDSSB QHZ BHDU

10
 ¾We can generalize the idea by replacing
each letter by the kth following letter.
¾If we assign a number to each letter
(A=1, B=2, etc), then
C = E (P) = (P + k – 1) % 26 + 1
P = D (C) = (C – k + 25) % 26 + 1

¾ Drawback:
ƒ Brute force attack is easy
ƒ Try out all the 25 possible keys

Mono-alphabetic Cipher:
¾Allow any arbitrary substitution.
¾There can be 26! or 4x1026 possible keys.
¾A typical key may be:
(ZAQWSXCDERFVBGTYHNMJUIKLOP)
¾Drawbacks:
ƒ We can make guesses by observing the
relative frequency of letters, digrams, and
trigrams in the text.
ƒ Easy to break in general.

11
 Transposition Ciphers

• Many techniques were proposed

under this category.
• A simple scheme:
¾Write out the plaintext in a rectangle,
row by row, and read the message
column by column, by permuting the
order of the columns.
¾Order of the column becomes the key.

P: we are attending one conference at IIT Kharagpur

Key: 4 3 1 2 5 6 7
w e a r e a t
t e n d i n g
o n e c o n f
e r e n c e a
t I I T K h a
r a g p u r -
C: aneeIg rdcnTp eenrIa wtoetr eiocKu annehr tgfaa-

12
 ¾Drawbacks:
ƒ The ciphertext has the same letter
frequency as the original plaintext.
ƒ Guessing the number of columns
and some probable words in the
plaintext holds the key.

Stream Ciphers vs. Block Ciphers

• A stream cipher encrypts the plaintext bit

by bit (in streams).
• A block cipher encrypts n-bit blocks at a
time.
¾For example, a 256-bit cipher encrypts
256-bit blocks at a time.
¾Short blocks have to be padded.

13
 Practical Algorithms

• Data Encryption Standard (DES)

¾Block size is 64 bits.
¾Key is 56 bits.
• IDEA
¾Block size is 64 bits.
¾Key size is 128 bits.
• Advanced Encryption Standard (AES)
¾Also known as Rijndael cryptosystem.
¾Block size can be 128, 192, or 256 bits.
¾Key size can be 128, 192, or 256 bits.

Data Encryption Standard (DES)

• The most widely used encryption

scheme.
¾Also known as the Data Encryption
Algorithm (DEA).
¾It is a block cipher.
ƒ The plaintext is 64-bits in length.
ƒ The key is 56-bits in length.
ƒ Longer plaintexts are processed in 64-
bit blocks.

14
 General Schematic of DES
P (64-bit) K (56-bit)
IP PC 1
K1
Round 1 PC 2 LCS

K2
Round 2 PC 2 LCS

K16
Round 16 PC 2 LCS

32-bit Swap PC: permuted choice

LCS: left circular shift
RIP IP: initial permutation
C (64-bit) RIP: reverse initial permutation

DES

• The overall processing at each iteration:

¾Li = Ri-1
Fiestel Structure
¾Ri = Li-1 ⊕ F(Ri-1, Ki )
• Concerns about:
¾The algorithm and the key length (56-
bits)
¾Longer key lengths essential for critical
applications

15
 Triple DES

• Use three keys and three executions

of the DES algorithm (encrypt-
decrypt -encrypt).
C = EK3 [DK2 [EK1 [P]]]
C = ciphertext
P = Plaintext
EK[X] = encryption of X using key K
DK[Y] = decryption of Y using key K

• Effective key length of 168 bits.

Triple DES: Illustration

K1 K2 K3

P E D E C
X Y

K3 K2 K1

C D E D P
Y X

16
 Need for a new standard

• DES had been in use for a long time.

• A replacement for DES was needed.
¾ Theoretical attacks that can break it.
¾ Demonstration of exhaustive key search attacks.
• Can use Triple-DES – but slow with small
blocks.
• US NIST issued call for ciphers in 1997.
¾ 15 candidates accepted in June 1998.
¾ 5 were short-listed in August 1999.
• Rijndael was selected as the Advanced
Encryption Standard in October 2000.

The AES Cryptosystem

• In the Rijndael proposal, the block

length and the key length can be
independently specified to be 128, 192,
or 256 bits.
• The AES standard limits the block
length to 128 bits.
¾Key length can be 128, 192, or 256 bits.
• Easy to implement, both in hardware
and software.
• Resistant against all known attacks.

17
SOLUTIONS TO QUIZ
QUESTIONS ON
LECTURE 31

18
 Quiz Solutions on Lecture 31

1. What is the main difference between an

Intranet and an Extranet?

An Intranet uses Internet technology for

information sharing inside an organization.
Extranet extends the capability of Intranet
to include external entities like clients, etc.

2. How does a packet filtering router typically

filters packets?

Based on the source and destination IP

addresses and port numbers.

Quiz Solutions on Lecture 31

3. How does an application level gateway

carry out the filtering process?

They receive each packet and applies a set

of rules which are protocol dependent. For
example, in SMTP traffic, it can check the
packet body for objectionable contents.

4. Which would be more suitable for email

filtering: packet-level filter or application-
level gateway?

Application-level gateway (proxy server).

19
 Quiz Solutions on Lecture 31

5. What is a bastion host?

It is a secure and tamper-proof system that

serves as the central point in the network’s
security.

6. In the dual-homed host firewall, how many

security points must be broken by an
intruder before he can get into the internal
network?

Two: router and bastion host.

Quiz Solutions on Lecture 31

7. Repeat the above for screened subnet

firewall.

Three: outside router, inside router, and

the bastion host

20
 QUIZ QUESTIONS ON
LECTURE 32

Quiz Questions on Lecture 32

1. What is the main difference between passive

and active attacks?
2. 10 parties exchange messages securely
using DES. How many distinct key values are
required?
3. What is the main difference between
substitution cipher and transposition
cipher?
4. For breaking transposition ciphers, what are
the initial guesses that needs to be made?

21
 Quiz Questions on Lecture 32

5. How many rounds are there in DES?

6. What is the key length of DES? How
does triple DES helps to increase the
effective key length?

22