Information Security IBK3IBV01 College 4 Paul J. Cornelisse

Cryptology Through the centuries, the need for information protection persists Combat has evolved from hand-to-hand to modern warfare, or cyber warfare Protecting sensitive data is critical to preserving trade secrets, government communications, or military strategies

Cryptology Protection is achieved in part through the use of cryptology—more specifically, encryption vital for everyday use in today’s cyber society; online shopping and banking ATM usage digital media require encryption protection to avoid abuse

Cryptology Unfortunately, many of today’s systems lack appropriate protection Passwords and authentication requirements are not protected themselves Either through encryption or encrypted databases This leaves sensitive information vulnerable to unauthorized, prying eyes

Cryptology Cryptology is not a new concept It is “the science of keeping secrets secret” (Delfs and Knebl 2007) It is the study of encrypting algorithms and the art of creating and solving such algorithms, and is composed of both Cryptography Cryptanalysis

Cryptology Cryptography is the art or science of cipher systems used for protection information The term originates from the Greek Kryptos, meaning “hidden” Graphia, meaning “writing”

Cryptology Cryptography Protect sensitive information Prevent corruption Keep secret from unauthorized access/use Tries to compromise between expense and time consumption

Cryptology Cryptography has four basic purposes: Confidentiality Authentication Integrity Nonrepudiation

Cryptology Confidentiality: keeps information secret from unauthorized use

Cryptology Authentication: Corroboration of an entity’s identity, achieved through initial identification between communicators. “prove that you are who you claim to be”

Cryptology Integrity: assures that the message was not illegitimately altered during transmission or during storage and retrieval

Cryptology Nonrepudiation: guarantees that the sender will not deny previous commitments or actions unless they admit the cryptographic signing key has been compromised

Cryptology Cryptanalysis: the practice of breaking ciphers, or decrypting messages without the key, to discover the original message

Cryptology Someone wishes to send a message, which begins as plaintext Plaintext is the original, humanly readable form of a message, which is then encrypted This could be text, numerical data, a program, or any other message form (Delfs and Knebl 2007)

Cryptology When plaintext is encrypted, or enciphered, the original message is obscured using an algorithm or pattern only known to the sender and authorized recipient(s).

Cryptology Encryption must be reversible The algorithm is known as the cipher

Cryptology Once encrypted, the message is referred to as ciphertext, and is only readable when the cipherkey is used in conjunction with the decrypting algorithm

Cryptology Protecting the key, and to whom it is known, is crucial for ensuring the Authenticity Integrity Confidentiality of the transmitted message

Cryptology The work factor, often forgotten, does not describe whether the algorithm can be broken, but how long it takes until it is broken

Cryptology Two ancient ciphers are the Spartan scytale and the Caesar cipher In the Spartan scytale, a segment of parchment is wrapped around a cylinder of certain radius and the message is written lengthwise. The recipient must have a cylinder of equal radius to decrypt The Caesar cipher is a “classical” cipher, using a simple shift of the plaintext alphabet.

Cryptology

In the early twentieth century, cryptography broadened its horizons

Cryptology One of the first among the more complicated cryptosystems used an electronic machine The Enigma rotor machine Enigma, used by the Germans in World War II, applied a substitution cipher multiple times per message.

Cryptology

As more users access the Internet, the need for digital information security increases This has led to the “standardization” of cryptography in a scientific sense Currently, many systems are secure, but rely on plausible assumptions that may one day be “discovered”

Cryptology So basically the standardization and mathematical focus of modern cryptosystems share the same issue suffered by earlier ciphers

Cryptology When explaining applied cryptography, universally, plaintext is written in lowercase Ciphertext is written in all capitals Keys or keywords are also always written in capitals

Cryptology When referring to those who use cryptosystems, certain names typically are used as the placeholders Rather than referring to the sender as “Party A” and the recipient as “Party B,” Party A would be Alice and Party B would be Bob.

Cryptology Alice and Bob are always trying to communicate. Each associate communicating continues alphabetically, for example, Charlie and David want to speak with Alice and Bob. Eve is an eavesdropper, who does not have authorized access to the message. Eve is a passive listener; she does not modify the message Mallory is a malicious attacker and modifies, sends her own, or repeats previous messages Victor is a verifying agent who demonstrates that the intended transaction was successfully executed.

Cryptology Intro

Cryptology Kerckhoff’s Six Principles 1. The system must be practically or mathematically undecipherable 2. The system is not required to be secret and should be able to fall in enemy hands 3. The key must be communicable and retained without effort, and changeable at the will of the correspondents 4. The system must be compatible with the communication channel 5. The system must be portable and not require functioning by multiple people 6. The system must be easy, requiring minimal knowledge of the system rules

Cryptology There are two generations of encrypting methods: Classical Modern

Cryptology Classical ciphers are those that were historically used, like the scytale and Caesar’s, but became impractical either resulting from popular use or advances in technology Modern ciphers consist of substitution or transposition ciphers

Cryptology Classical ciphers use an alphabet of letters, implemented using simple math Classical ciphers can be broken using brute force attacks or frequency analysis Brute force is a standard attack, running all possible keys with a decrypting algorithm until the plaintext is exposed

Cryptology Modern ciphers are typically divided into two criteria: the key type used the data input type

When referring to key types, modern ciphers branch into symmetric (private key cryptography) asymmetric (public key cryptography)

Substitution Ciphers Monoalphabetic substitutions include the Caesar, Atbash, and Keyword ciphers

Example of a substitution cipher is the Caesar shift cipher, which is typically a three-character shift

This shift would change the plaintext “purple” into the ciphertext “MROMIB.”

Cryptology

If the shift was a three-character subtraction, the plaintext message “purple” would then become ciphertext “SXUSOH.”

Cryptology

The Atbash cipher flips the entire alphabet back on itself; the plaintext alphabet is “A–Z” and the ciphertext alphabet is “Z–A,” shown in the next slide. The Atbash cipher would obscure the plaintext “purple” as “KFIKOV.”

Another cipher, the Keyword cipher establishes a keyword such as “HEADY.” This begins the ciphertext alphabet, and the rest is completed using the remaining letters in alphabetic order Using “HEADY” as the keyword, the Keyword cipher changes the plaintext “purple” to “OTQOKY.”

Polyalphabetic substitutions are ciphers using multiple substitution alphabets. The Vigenère cipher is the most famous of this genre, introduced in the sixteenth century by Blaise de Vigenère.

It encrypts plaintext by using a series of Caesar ciphers, based on the keyword The keyword is written as many times as necessary above the plaintext message

Using the Vigenère square, one will use a letter from the plaintext and its associated keyword letter Plaintext letters are listed on the top, creating columns, which intersect with the keyword alphabet along the left side of the square, creating rows

The letter found at the intersection of these two letters is the cipher letter used to encrypt the message The beginning of the plaintext “O” and keyword letter “K” intersect at ciphertext letter “Y.” Therefore, “once upon a time” would become “YVPKM ZWAGL SUR.”

The 25 variations of the Caesar cipher (shifts 0–25) are contained in the square. Each row is a single shift to the right from the row or letter preceding. Therefore, the first row, labeled “A,” is a shift of one. Row “X” is a shift of 23