Cryptography - Yimg

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 4 χρόνια και 7 μήνες)

67 εμφανίσεις


Cryptography ?? .

Encryption .

Symmetric Encryption .

Asymmetric Encryption.


Hashing .

Digital signature .

Authentication Protocols .


Cryptosystems .

Cryptanalysis .

Quantum Cryptography.

. Cryptography is a framework of methodologies used to ensure the CIA
triad for our information ; C for confidentiality , I for Integrity and A for

. The need for cryptographic techs was as old as the need to keep the
critical info secure , safe and authentic . the techs were invented in
different forms that can be compatible with their current age , while the
concept was the same .

. Cryptography was known anciently as Encryption which means : Hiding the
information from unauthorized entities . Various methods were used to
adopt this purpose , it could be implemented manually , mechanically or
even electronically .

Cryptography ??


, is an example for a really old tech that was used to cipher
(encrypt) information . The concept of operation is so simple . Get a long
strip of leather and wind it over a rode like the picture , write the clear
data on the leather over the rod and then unwind it .

and it totally depends on the diameter of the rode , which is the key to
decipher the message .

. Nowadays are a bit different , as we are not talking about only encryption
when dealing with cryptography , hashing shares the place with encryption
to form the whole framework (cryptographic framework) ; hashing role is
to ensure the integrity of the message . So , back to the CIA triad ,
encryption is used to insure the confidentiality, hashing is for ensuring the
integrity and a combination of encryption & hashing for ensuring the
authenticity of the message sender .

. Encryption and Hashing can be
considered now as systems that need an
input to deliver an output , this system is
controlled by a set of mathematical
equations which is known as an algorithm.


. As we stated before , Encryption is considered as a component of the
cryptographic framework . It’s role is to offer the confidentiality axis of
the CIA triad .

. Recalling the systematic view of
any cryptographic component ,
Encryption needs an input (Clear
message & key) to deliver the
cipher form (output) , this cipher
form to be decrypted (converted to
the clear form ) we shall need a key
and the same algorithm .

. Encryption can be implemented symmetrically or asymmetrically .

. If we are using symmetric encryption , then we will encrypt the clear
message with one key and decrypt it with the same key ; encryptor and
decryptor should have the same key .

. On the other hand , for Asymmetric encryption , the sender will use a key
to encrypt the message and the receiver will use a different key to
decrypt the message , in case we have a bidirectional communication , each
pair will use two keys one of them is public for others and a private key
for himself.

Symmetric Encryption

. To wrap the concept let us discuss a case for three entities that need to
communicate securely using symmetric encryption .

. From the figure , we can conclude
that we will use 9 different private
keys for achieving bidirectional
communication between xyz and
abc .

. We can conclude also that we
need to define a way by which we
can exchange these private keys in
a secure manner between distant
entities .

. We will recall these two
conclusions a bit later .

. DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the
well known symmetric encryption algorithms .

. We will go deeply for DES

and AES

in the Demos section .

Asymmetric Encryption

. Back to the same case that was assumed when using symmetric

. ABC and XYZ have their public
keys distributed over each other ,
anyone needs to talk to the other
will use the other’s public key to
encrypt the traffic and the other
will use his own private key to
decrypt the traffic , X will use A’s
public key to encrypt clear traffic
A will receive the cipher to decrypt
it using his own private key .

. Less number of keys and simple
key distribution .

. RSA is the famous asymmetric key encryption algorithm .

ivest ## left

hamir ## Middle

dleman ## Right

. RSA operation will be discussed
in the Demos section .

. Let us now compare them (symmetric and asymmetric) :


Symmetric key encryption suffers from scalability issues ; to achieve a
secure communication between N points , we will need to generate (N(N
different keys .


Symmetric key encryption requires “ out of band “ secure exchange of keys ,
because , both the communicating parties needs to know about the keys before
proceeding into the communication .


Asymmetric key encryption systems are incredibly complex , and that
complexity will surely impact the performance . Asymmetric key encryption is
up to 1000 times slower than symmetric key encryption .

. Now how can we deal with that problem ?!!! , Diffie and Hellman will
answer this question for us .


Hellman algorithm will use
public key encryption to only
distribute symmetric keys for
communicating parties , symmetric
key encryption will be used to deal
with clear data to create the cipher ,
so we will have no odds :: high
performance using symmetric key
encryption and simple key distribution
process using Diffie
algorithm , as we will sure see here
and the demos section .

Khaled will generate two (public and private ) keys using his own Diffie
Hellman algorithm , Ali will do the same thing ; both of them will exchange
his own public key , khaled will have his own private key and Ali’s public key
, he will use his Diffie
Hellman algorithm to generate a new private key ;
Ali will have the same private key if he executed the same operation.


Hashing is the second component of the cryptographic framework , its
role is to ensure the integrity of a message . The most important aspect
of integrity violation is that the target of the attack is not aware about
the violation occurrence , simply , if he knew he will request for a
retransmission .

The problem is that I am
communicating with my co
workers basing on a false
information .

Hashing is an irreversible
process with no keys , the clear
message is the only input for
the hashing process .

The message will be delivered as an input to the hashing system , hashing
system will create message digest (hash) from the clear message , it will
then append the digest to the message and then send them over the
media ; The recipient will have the message to create a new digest and
then compare the two digests .

A simple newbie can execute an MITM attack , he will be able to receive
the message with the digest from the sender so as to create a new fake
message with a new generated hash from the fake message (using the
same hashing algorithm) to be sent to the poor receiver .

HMAC , the solution for this problem .

MD5 and SHA are the most used hashing algorithms , SHA is more secure
than MD5 .

We will have a demo for HMAC in the demos section .

Digital signature

This is our last step for completing the CIA triad , how can we ensure
authenticity using cryptography !!!

Digital signature is a mechanism by which we can authenticate the
message sender on a message basis , each message needs to be
authenticated , this needs to be clarified , digital signature is not a
connection based authentication mechanism like pap , chap , kerborse ,
TACACS ...............

Digital signature uses a combination of
encryption and hashing .

The message will be hashed , the digest will be encrypted by the
sender private key and then sent with message to the recipient .

We have a demo for Digital signature .

Authentication Protocols

As we are taking about connection based authentication mechanism ,
we will deal with protocols rather than algorithms . This is to briefly
list famous authentication protocols :






















Public Key Infrastructure is a

Connectivity media , I need to
trust the sender before beginning a new session with him , how can I
know that this public key is the one owned by the real sender; I need
someone between us , someone that I can trust and that can trust this
remote sender .

How can I trust you?

Answer: The CA trusts me.

How can I know the CA trusts you?

Answer: You can see my certificate
issued by the CA.

.So , PKI is not for authentication,
but it can be considered as a pre
authentication phase .

.We will have a full PKI course .


Cryptosystem is an implemented form of the cryptographic framework ,
it consists of three components :


algorithms : cryptographic engines for doing encryption and hashing .


protocols : for establishing connections and negotiating parameters
between the communicating parties .


keys : for encryption algorithms .

IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are cryptosystems
, some of them provide the full CIA tirade . The only factor that
differentiate between these cryptosystems is the protocol used to
establish the connection and negotiate the parameters .

These cryptosystems will be discussed deeply in the VPN course .


“ Breaking a cipher doesn't
necessarily mean finding a practical
way for an eavesdropper to recover
the plaintext from just the
ciphertext. In academic
cryptography, the rules are relaxed
considerably. Breaking a cipher
simply means finding a weakness in
the cipher that can be exploited
with a complexity less than brute
force ”
Bruce Schneier

Quantum Cryptography

“While I like the science of
quantum cryptography

undergraduate degree was in

I don't see any
commercial value in it. I don't
believe it solves any security
problem that needs solving. I don't
believe that it's worth paying for,
and I can't imagine anyone but a
few technophiles buying and
deploying it. Systems that use it
don't magically become
unbreakable, because the quantum
part doesn't address the weak
points of the system.

Bruce Schneier