1. Cryptographic Algorithms
د. خالد بن سليمان الغثبر
Dr. Khaled S. Alghathbar
استشاري و استاذ أمن المعلومات المساعد
كلية علوم الحاسب الالي و المعلومات بجامعة الملك سعود.
هاتف العمل:

2. Copyrights حقوق المؤلف
All the content of this material are copyrighted -unless otherwise indicated - to:
Dr. Khaled S. Alghathbar
Phone:
The use or disclosure of the content of this material is not permitted to other than the trainees of this workshop which is held by the author. Any reproduction or copying of this materials is not permitted in any manner - in whole or in part – without the prior explicit written consent from the author.
جميع الحقوق محفوظة لــ:
د. خالد بن سليمان الغثبر
هاتف:
بريد الكتروني:
لا يجوز استخدام أو نشر هذه المادة لغير المتدربين في هذه الدورة التي يلقيها المؤلف. كما لا يجوز نسخها أو إعادة إنتاجها بأي شكل كان، سواء كان جزءً أو كاملاً، إلا بموافقة خطية من المؤلف.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

3. Objectives Define cryptography Hashing algorithms
Symmetric encryption algorithms
Asymmetric encryption algorithms
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

4. Cryptography Terminology
Cryptography: science of transforming information so it is secure while being transmitted or stored
Steganography: attempts to hide existence of data
Encryption: changing the original text to a secret message using cryptography
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

5. Cryptography Terminology (continued)
Decryption: reverse process of encryption
Algorithm: process of encrypting and decrypting information based on a mathematical procedure
Key: value used by an algorithm to encrypt or decrypt a message
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

6. Cryptography Terminology (continued)
Weak key: mathematical key that creates a detectable pattern or structure
Plaintext: original unencrypted information (also known as clear text)
Cipher: encryption or decryption algorithm tool used to create encrypted or decrypted text
Ciphertext: data that has been encrypted by an encryption algorithm
Cryptanalysis: breaking the encryption algorithm
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

7. Cryptography Terminology (continued)
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

8. Cryptography ensures Confidentiality. Authentication. Integrity.
Nonrepudiation.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

9. Cryptography
The strength of the cryptosystem lies in the strength and effectiveness of its algorithm design and the size of the key space.
Most attack focus on revealing the key rather than attacking the algorithm
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

10. Cipher Types Substitution ciphers Vigenere cipher
Transposition Ciphers
Hybrid Systems
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

11. Substitution ABCD Algorithm: Substitute with 2 letter in front. CDEF
Algorithm: Substitute with 3 letter from back.
ZYX
Key: table
Where is the key?
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

12. Exercise encrypt : Arriyadh
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

13. Vigenere cipher Plain text : ARRIYADH Key : SUNSUNSU
Cipher text: TMFBTOWC 10 20
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

14. Algorithm: transport with the second to the right.
Transposition
Or permutation
ABCDE
Algorithm: transport with the second to the right.
CBADE
CDABE
CDEBA
BDECA
BAECD
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

15. Algorithm: transport with the second to the right.
Transposition
Or permutation
ABCD
Algorithm: transport with the second to the right.
CBAD
CDAB
ADCB
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

16. Hybrid Systems Use mix of different cipher algorithms
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

17. Cipher types
Can be classified into two distinct categories based on amount of data processed at a time:
Stream cipher
Block cipher
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

18. Stream cipher Encrypt one bit at a time.
Faster than bock cipher when it is short but may consume much processing power when it is long.
more prone to attacks because the engine that generate the stream does not vary.
KEKJFJIIJJII3838O4JNMFNM8JFOIJDFJOIFJ23OI4JDENJKWENFSDLKCD
LKSDFVOJER89734RJK23NDWEHN342FRN2DFKJLWENC9238HFNSLDK
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

19. Block cipher More random and secure than stream cipher.
KEKJFJIIJJII3838O4JNMFNM8JFOIJDFJOIFJ23OI4JDENJKWENFSDLKCD
ASDASDASD
34GFGRETF
DFG54QWGH
HJKIO78UIKK
SDFSDA12FG
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

20. Code Breaking Frequency analysis Algorithm errors Brute force attacks
Human error
Social engineering
Frequency analysis letter E T
Frequency Analysis Frequency analysis involves looking at blocks of an encrypted message to determine if any common patterns exist. Initially, the analyst does not try to break the code, but looks at the patterns in the message. In the English language, the letters E and T are very common. Words like the, and, that, it, and is are very common. A determined cryptanalyst looks for these types of patterns and, over time, might be able to deduce the method used to encrypt the data. This process can sometimes be very simple, or it might take a lot of effort.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

21. Objectives Define cryptography Hashing algorithms
Symmetric encryption algorithms
Asymmetric encryption algorithms
Explain how to use cryptography
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

22. Defining Hashing
Hashing, also called a one-way encryption, creates a ciphertext from plaintext
Hash algorithms verify the accuracy of a value without transmitting the value itself and subjecting it to attacks
For authentication
For integrity
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

23. Defining Hashing (continued)
Hashing is typically used in two ways:
To determine whether a password a user enters is correct without transmitting the password itself
To determine the integrity of a message or contents of a file
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

24. Defining Hashing (continued)
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

25. Defining Hashing (continued)
Hash algorithms are considered very secure if the hash that is produced has the characteristics:
No two messages can produce the same hash. Collision.
Can not produce a message for a predefined hash.
Can not reverse the hash function.
The hash algorithm does not need to be kept secret.
The product of the hash has to be in fixed size.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

26. Hash Algorithm MD2 MD4 MD5 SHA
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

27. Message Digest (MD)
Message digest 2 (MD2) takes plaintext of any length and creates a hash 128 bits long
MD2 divides the message into 128-bit sections
If the message is less than 128 bits, data known as padding is added
Too slow
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

28. Message Digest (MD)
Message digest 4 (MD4) was developed in 1990 for computers that processed 32 bits at a time
Takes plaintext and creates a hash of 128 bits
The plaintext message itself is padded to a length of 512 bits
There is a flaw in the algorithm.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

29. Message Digest (MD) (continued)
Message digest 5 (MD5) is a revision of MD4 designed to address its weaknesses
The length of a message is padded to 512 bits
The hash algorithm then uses four variables of 32 bits each in a round-robin fashion to create a value that is compressed to generate the hash
The algorithm is secure but the compression function could lead to collision.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

30. Secure Hash Algorithm (SHA)
Patterned after MD4 but creates a hash that is 160 bits in length instead of 128 bits
The longer hash makes it more resistant to attacks
SHA pads messages less than 512 bits with zeros and an integer that describes the original length of the message
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

31. Secure Hash Algorithm (SHA)
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

32. Objectives Define cryptography Hashing algorithms
Symmetric encryption algorithms
Asymmetric encryption algorithms
Explain how to use cryptography
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

33. Symmetric Encryption
Most common type of cryptographic algorithm (also called private key cryptography)
Use a single key to encrypt and decrypt a message
Fast
Key management!
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

34. Symmetric Encryption (continued)
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

35. Types of Symmetric Algorithm
Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES)
Blowfish
IDEA
RC5
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

36. Data Encryption Standard (DES)
One of the most popular symmetric cryptography algorithms
DES is a block cipher and encrypts data in 64-bit blocks
The effective key length is only 56 bits
DES encrypts 64-bit plaintext by executing the algorithm 16 times
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

37. Triple Data Encryption Standard (3DES)
Uses three rounds of encryption instead of just one
The ciphertext of one round becomes the entire input for the second iteration
Employs a total of 48 iterations in its encryption (3 iterations times 16 rounds)
The most secure versions of 3DES use different keys for each round
Slower than DES by three times.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

38. K1 K1 DES DES DES K2 K1 K2 K3 DES DES DES
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

39. Advanced Encryption Standard (AES)
Approved by the NIST in late 2000 as a replacement for DES
Requirements stated that the new algorithm had to be fast and function on older computers with 8-bit, 32-bit, and 64-bit processors.
Support variable block and key length such as 128, 192, 256.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

40. Rivest Cipher (RC) Family of cipher algorithms designed by Ron Rivest
He developed six ciphers, ranging from RC1 to RC6, but did not release RC1 and RC3
RC2 is a block cipher that processes blocks of 64 bits
RC4 is a stream cipher that accepts keys up to 128 bits in length
RC5 block cipher, variable block size: 32, 64, 128 bit. Round from 0 to 255. key size from 0 – 2048 bit.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

41. International Data Encryption Algorithm (IDEA)
IDEA algorithm dates back to the early 1990s and is used in European nations
Block cipher that processes 64 bits with a 128-bit key with 8 rounds
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

42. Blowfish Block cipher that operates on 64-bit blocks
Can have a key length from 32 to 448 bits
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

43. Key Length Cipher Type Algorithm 56 bits Block DES 168 bits
Triple-DES (3DES)
128–256 bits
AES (Rijndael)
1–448 bits
Blowfish
128 bits
IDEA
1–2048 bits
RC2
Stream
RC4
RC5
RC6
CAST
MARS
Serpent
Twofish
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

44. Objectives Define cryptography Hashing algorithms
Symmetric encryption algorithms
Asymmetric encryption algorithms
Explain how to use cryptography
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

45. Asymmetric Encryption Algorithms
The primary weakness of symmetric encryption algorithm is keeping the single key secure
This weakness, known as key management, poses a number of significant challenges
Asymmetric encryption (or public key cryptography) uses two keys instead of one
The private key
The public key
Provide over symmetric algorithm: authentication, digital signature and nonrepudiation
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

46. Asymmetric Encryption (continued)
Public
Private
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

47. Asymmetric Encryption Types
RSA
Elliptic Curve Cryptosystems (ECC)
El Gamal
DAS/ DSS
Diffie-Hellman
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

48. Rivest Shamir Adleman (RSA)
Asymmetric algorithm published in 1977 and patented by MIT in 1983
Most common asymmetric encryption and authentication algorithm
Included as part of the Web browsers from Microsoft and Netscape as well as other commercial products
Multiplies two large prime numbers
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

49. Elliptic Curve Cryptography
First proposed in the mid-1980s
Instead of using prime numbers, uses elliptic curves
An elliptic curve is a function drawn on an X-Y axis as a gently curved line
By adding the values of two points on the curve, you can arrive at a third point on the curve
For small processing devices such as PDA and cell phones
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

50. El Gamal Based on complex logarithmic operations.
For encryption, key generation and exchange, and digital signature.
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

51. DSA/ DSS
Digital Signature Algorithm (DSA) for the digital signature Standard (DSS)
Based on discrete logarithms for authentication only.
Key size 1024 bit.
Lack key exchange capability, slowness, public distrust in government involvement
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

52. Diffie-Hellman
Unlike RSA, the Diffie-Hellman algorithm does not encrypt and decrypt text
Strength of Diffie-Hellman is that it allows two users to share a secret key securely over a public network
Once the key has been shared, both parties can use it to encrypt and decrypt messages using symmetric cryptography
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

53. Symmetric Cryptography Weaknesses
Identical keys are used to both encrypt and decrypt the message
Difficulties of managing the private key (Key Management)
“If a secure means of exchanging private keys existed, then that same vehicle could be used for sending messages and encryption would not be necessary”
Each pair of sender and receiver need a separate keys.
But its fast!
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

54. Asymmetric Cryptography Strengths and Vulnerabilities (continued)
Can greatly improve cryptography security, convenience, and flexibility
Public keys can be distributed freely
Users cannot deny they have sent a message if they have previously encrypted the message with their private keys (Nonrepudiation)
Prevent man-in-the-middle attack.
Consume much power
Primary disadvantage is that it is computing-intensive
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

55. Which algorithm to use? We need Fast Flexible key management Strong
More functionality (digital Signature, authentication and non-repudiation )
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

56. سؤال ؟
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005

57. جزاكم الله خيراً على حسن الاستماع
د. خالد بن سليمان الغثبر
هاتف العمل:
جميع الحقوق محفوظة: خالد الغثبر، 1426هـ، 2005م Copyright: Dr. Kahled Alghathbar,2005