1. Cryptography : Introduction
By Sheetal
(For CSIT)

2. Cryptography: Introduction
Greek word: Hidden Secret
Study differs now and past
past : encryption and decryption
now: past + digital signature + authentication + key mgmt + cryptanalysis
The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form

4. Aspect Security
Security attack: Any action that compromises the security of information owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

5. More terms threat – a potential for violation of security
attack – an assault on system security, a deliberate attempt to evade security services

6. Attack : Classification
Passive: obtain information but not change contents
Active: obtain information but not change contents

7. Passive Attacks (1) Release of Message Contents
A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources.
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are:
+ release of message contents - as shown above in Stallings Figure 1.2a here
+ traffic analysis - monitor traffic flow to determine location and identity of communicating hosts and could observe the frequency and length of messages being exchanged
These attacks are difficult to detect because they do not involve any alteration of the data.

8. Passive Attacks (2) Traffic Analysis

9. Passive attack contd… Passive attacks do not affect system resources
Eavesdropping, monitoring
Two types of passive attacks
Release of message contents
Traffic analysis
Passive attacks are very difficult to detect
Message transmission apparently normal
No alteration of the data
Emphasis on prevention rather than detection
By means of encryption

10. Active Attacks (1) : Masquerade (a false show) )

11. Active Attacks (2) Replay
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service:
masquerade of one entity as some other
replay previous messages (as shown above in Stallings Figure 1.3b)
modify/alter (part of) messages in transit to produce an unauthorized effect
denial of service - prevents or inhibits the normal use or management of communications facilities
Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them.

12. Active Attacks (3) Modification of Messages

13. Active Attacks (4) Denial of Service

14. Active attacks try to alter system resources or affect their operation
Modification of data, or creation of false data
Four categories
Masquerade
Replay
Modification of messages
Denial of service: preventing normal use
A specific target or entire network
Difficult to prevent
The goal is to detect and recover

15. Attacking software
Viruses
Worms
Trojan Horses

16. Classical Cryptography
Symbol were used in ancient Egypt

17. Classical Cryptography
Greece around 500 BC

18. Classical Cryptography
Caesar cypher in ancient Rome
Substitution cypher
Alberti Cipher during 1400
Form of substitution cypher using mechanical disk

19. Classical Cryptography
Vigenere Cypher: 1500 AD
Use Table and Key
Plain: attackatdawn
Key: lemonlemonle
Cypher: LXFOPVEFRNHR

20. Classical Cryptography
Jefferson Wheel Cipher : Late 1700’s
Wheel with random alphabet
Arrangement of Wheels is key
Developed lately by US Army
Used from

21. Classical Cryptography
WWI & WWII  Boom of cryptography method
Zimmerman Telegram – German army in 1917
Choctaw Codetalkers – US army
Enigma by Nazi (10144 Combination)
– But cracked by Alan Turing (The imitation game’s guy)
Purple by Japanese