Cryptographic Algorithms د. خالد بن سليمان الغثبر Dr. Khaled S. Alghathbar استشاري و استاذ أمن المعلومات المساعد كلية علوم الحاسب الالي و المعلومات بجامعة الملك سعود. ghathbar@ccis.ksu.edu.sa هاتف العمل: 4678705

Copyrights حقوق المؤلف All the content of this material are copyrighted -unless otherwise indicated - to: Dr. Khaled S. Alghathbar Phone: +966-1-467-8705 Email: ghathbar@ccis.ksu.edu.sa The use or disclosure of the content of this material is not permitted to other than the trainees of this workshop which is held by the author. Any reproduction or copying of this materials is not permitted in any manner - in whole or in part – without the prior explicit written consent from the author. جميع الحقوق محفوظة لــ: د. خالد بن سليمان الغثبر هاتف: 8705-467-1-966+ بريد الكتروني: ghathbar@ccis.ksu.edu.sa لا يجوز استخدام أو نشر هذه المادة لغير المتدربين في هذه الدورة التي يلقيها المؤلف. كما لا يجوز نسخها أو إعادة إنتاجها بأي شكل كان، سواء كان جزءً أو كاملاً، إلا بموافقة خطية من المؤلف. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Objectives Define cryptography Hashing algorithms Symmetric encryption algorithms Asymmetric encryption algorithms جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cryptography Terminology Cryptography: science of transforming information so it is secure while being transmitted or stored Steganography: attempts to hide existence of data Encryption: changing the original text to a secret message using cryptography جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cryptography Terminology (continued) Decryption: reverse process of encryption Algorithm: process of encrypting and decrypting information based on a mathematical procedure Key: value used by an algorithm to encrypt or decrypt a message جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cryptography Terminology (continued) Weak key: mathematical key that creates a detectable pattern or structure Plaintext: original unencrypted information (also known as clear text) Cipher: encryption or decryption algorithm tool used to create encrypted or decrypted text Ciphertext: data that has been encrypted by an encryption algorithm Cryptanalysis: breaking the encryption algorithm جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cryptography Terminology (continued) جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cryptography ensures Confidentiality. Authentication. Integrity. Nonrepudiation. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cryptography The strength of the cryptosystem lies in the strength and effectiveness of its algorithm design and the size of the key space. Most attack focus on revealing the key rather than attacking the algorithm جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cipher Types Substitution ciphers Vigenere cipher Transposition Ciphers Hybrid Systems جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Substitution ABCD Algorithm: Substitute with 2 letter in front. CDEF Algorithm: Substitute with 3 letter from back. ZYX Key: table Where is the key? جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Exercise encrypt : Arriyadh جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Vigenere cipher Plain text : ARRIYADH Key : SUNSUNSU Cipher text: TMFBTOWC 10 20 جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Algorithm: transport with the second to the right. Transposition Or permutation ABCDE Algorithm: transport with the second to the right. CBADE CDABE CDEBA BDECA BAECD جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Algorithm: transport with the second to the right. Transposition Or permutation ABCD Algorithm: transport with the second to the right. CBAD CDAB ADCB جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Hybrid Systems Use mix of different cipher algorithms جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Cipher types Can be classified into two distinct categories based on amount of data processed at a time: Stream cipher Block cipher جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Stream cipher Encrypt one bit at a time. Faster than bock cipher when it is short but may consume much processing power when it is long. more prone to attacks because the engine that generate the stream does not vary. KEKJFJIIJJII3838O4JNMFNM8JFOIJDFJOIFJ23OI4JDENJKWENFSDLKCD LKSDFVOJER89734RJK23NDWEHN342FRN2DFKJLWENC9238HFNSLDK جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Block cipher More random and secure than stream cipher. KEKJFJIIJJII3838O4JNMFNM8JFOIJDFJOIFJ23OI4JDENJKWENFSDLKCD ASDASDASD 34GFGRETF DFG54QWGH HJKIO78UIKK SDFSDA12FG جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Code Breaking Frequency analysis Algorithm errors Brute force attacks Human error Social engineering Frequency analysis letter E T Frequency Analysis Frequency analysis involves looking at blocks of an encrypted message to determine if any common patterns exist. Initially, the analyst does not try to break the code, but looks at the patterns in the message. In the English language, the letters E and T are very common. Words like the, and, that, it, and is are very common. A determined cryptanalyst looks for these types of patterns and, over time, might be able to deduce the method used to encrypt the data. This process can sometimes be very simple, or it might take a lot of effort. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Objectives Define cryptography Hashing algorithms Symmetric encryption algorithms Asymmetric encryption algorithms Explain how to use cryptography جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Defining Hashing Hashing, also called a one-way encryption, creates a ciphertext from plaintext Hash algorithms verify the accuracy of a value without transmitting the value itself and subjecting it to attacks For authentication For integrity جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Defining Hashing (continued) Hashing is typically used in two ways: To determine whether a password a user enters is correct without transmitting the password itself To determine the integrity of a message or contents of a file جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Defining Hashing (continued) جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Defining Hashing (continued) Hash algorithms are considered very secure if the hash that is produced has the characteristics: No two messages can produce the same hash. Collision. Can not produce a message for a predefined hash. Can not reverse the hash function. The hash algorithm does not need to be kept secret. The product of the hash has to be in fixed size. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Hash Algorithm MD2 MD4 MD5 SHA جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Message Digest (MD) Message digest 2 (MD2) takes plaintext of any length and creates a hash 128 bits long MD2 divides the message into 128-bit sections If the message is less than 128 bits, data known as padding is added Too slow جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Message Digest (MD) Message digest 4 (MD4) was developed in 1990 for computers that processed 32 bits at a time Takes plaintext and creates a hash of 128 bits The plaintext message itself is padded to a length of 512 bits There is a flaw in the algorithm. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Message Digest (MD) (continued) Message digest 5 (MD5) is a revision of MD4 designed to address its weaknesses The length of a message is padded to 512 bits The hash algorithm then uses four variables of 32 bits each in a round-robin fashion to create a value that is compressed to generate the hash The algorithm is secure but the compression function could lead to collision. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Secure Hash Algorithm (SHA) Patterned after MD4 but creates a hash that is 160 bits in length instead of 128 bits The longer hash makes it more resistant to attacks SHA pads messages less than 512 bits with zeros and an integer that describes the original length of the message جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Secure Hash Algorithm (SHA) جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Objectives Define cryptography Hashing algorithms Symmetric encryption algorithms Asymmetric encryption algorithms Explain how to use cryptography جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Symmetric Encryption Most common type of cryptographic algorithm (also called private key cryptography) Use a single key to encrypt and decrypt a message Fast Key management! جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Symmetric Encryption (continued) جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Types of Symmetric Algorithm Data Encryption Standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES) Blowfish IDEA RC5 جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Data Encryption Standard (DES) One of the most popular symmetric cryptography algorithms DES is a block cipher and encrypts data in 64-bit blocks The effective key length is only 56 bits DES encrypts 64-bit plaintext by executing the algorithm 16 times جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Triple Data Encryption Standard (3DES) Uses three rounds of encryption instead of just one The ciphertext of one round becomes the entire input for the second iteration Employs a total of 48 iterations in its encryption (3 iterations times 16 rounds) The most secure versions of 3DES use different keys for each round Slower than DES by three times. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

K1 K1 DES DES DES K2 K1 K2 K3 DES DES DES جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Advanced Encryption Standard (AES) Approved by the NIST in late 2000 as a replacement for DES Requirements stated that the new algorithm had to be fast and function on older computers with 8-bit, 32-bit, and 64-bit processors. Support variable block and key length such as 128, 192, 256. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Rivest Cipher (RC) Family of cipher algorithms designed by Ron Rivest He developed six ciphers, ranging from RC1 to RC6, but did not release RC1 and RC3 RC2 is a block cipher that processes blocks of 64 bits RC4 is a stream cipher that accepts keys up to 128 bits in length RC5 block cipher, variable block size: 32, 64, 128 bit. Round from 0 to 255. key size from 0 – 2048 bit. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

International Data Encryption Algorithm (IDEA) IDEA algorithm dates back to the early 1990s and is used in European nations Block cipher that processes 64 bits with a 128-bit key with 8 rounds جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Blowfish Block cipher that operates on 64-bit blocks Can have a key length from 32 to 448 bits جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Key Length Cipher Type Algorithm 56 bits Block DES 168 bits Triple-DES (3DES) 128–256 bits AES (Rijndael) 1–448 bits Blowfish 128 bits IDEA 1–2048 bits RC2 Stream RC4 RC5 RC6 CAST MARS Serpent Twofish جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Objectives Define cryptography Hashing algorithms Symmetric encryption algorithms Asymmetric encryption algorithms Explain how to use cryptography جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Asymmetric Encryption Algorithms The primary weakness of symmetric encryption algorithm is keeping the single key secure This weakness, known as key management, poses a number of significant challenges Asymmetric encryption (or public key cryptography) uses two keys instead of one The private key The public key Provide over symmetric algorithm: authentication, digital signature and nonrepudiation جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Asymmetric Encryption (continued) Public Private جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Asymmetric Encryption Types RSA Elliptic Curve Cryptosystems (ECC) El Gamal DAS/ DSS Diffie-Hellman جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Rivest Shamir Adleman (RSA) Asymmetric algorithm published in 1977 and patented by MIT in 1983 Most common asymmetric encryption and authentication algorithm Included as part of the Web browsers from Microsoft and Netscape as well as other commercial products Multiplies two large prime numbers جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Elliptic Curve Cryptography First proposed in the mid-1980s Instead of using prime numbers, uses elliptic curves An elliptic curve is a function drawn on an X-Y axis as a gently curved line By adding the values of two points on the curve, you can arrive at a third point on the curve For small processing devices such as PDA and cell phones جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

El Gamal Based on complex logarithmic operations. For encryption, key generation and exchange, and digital signature. جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

DSA/ DSS Digital Signature Algorithm (DSA) for the digital signature Standard (DSS) Based on discrete logarithms for authentication only. Key size 1024 bit. Lack key exchange capability, slowness, public distrust in government involvement جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Diffie-Hellman Unlike RSA, the Diffie-Hellman algorithm does not encrypt and decrypt text Strength of Diffie-Hellman is that it allows two users to share a secret key securely over a public network Once the key has been shared, both parties can use it to encrypt and decrypt messages using symmetric cryptography جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Symmetric Cryptography Weaknesses Identical keys are used to both encrypt and decrypt the message Difficulties of managing the private key (Key Management) “If a secure means of exchanging private keys existed, then that same vehicle could be used for sending messages and encryption would not be necessary” Each pair of sender and receiver need a separate keys. But its fast! جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Asymmetric Cryptography Strengths and Vulnerabilities (continued) Can greatly improve cryptography security, convenience, and flexibility Public keys can be distributed freely Users cannot deny they have sent a message if they have previously encrypted the message with their private keys (Nonrepudiation) Prevent man-in-the-middle attack. Consume much power Primary disadvantage is that it is computing-intensive جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

Which algorithm to use? We need Fast Flexible key management Strong More functionality (digital Signature, authentication and non-repudiation ) جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

سؤال ؟ جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

جزاكم الله خيراً على حسن الاستماع د. خالد بن سليمان الغثبر ghathbar@ccis.ksu.edu.sa هاتف العمل: 4678705 جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005