Is 302 information security and trust week 2 encryption basics
1 / 51

IS 302: Information Security and Trust Week 2: Encryption Basics - PowerPoint PPT Presentation

  • Uploaded on

IS 302: Information Security and Trust Week 2: Encryption Basics. 2012. Treasure Hunter’s Parchment.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' IS 302: Information Security and Trust Week 2: Encryption Basics' - dexter-rios

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Is 302 information security and trust week 2 encryption basics

IS 302: Information Security and TrustWeek 2: Encryption Basics


Treasure hunter s parchment
Treasure Hunter’s Parchment

  •       “53‡‡†305))6*;4826)4‡);806*;48†8      ¶60))85;I‡(;:‡*8†83(88)5*†;46(;88*96      *?;8)*‡(;485);5*†2:*‡(;4956*2(5*-4)8      ¶8*;4069285);)6†8)4‡‡;I(‡9;48081;8:8‡      I;48†85;4)485†528806*81(‡9;48;(88;4      (‡?34;48)4‡;161;:188;‡?;”


  • How to protect message from adversary?


The secret is…





  • Use a language that only Alice and Bob can understand


Nz dsfejr dbse ovncds jt…





  • Cryptography – hidden writing

  • Encryption – encode or encipher

  • Decryption – decode or decipher

  • Cryptosystem – a system for encryption and decryption

  • Cryptographer – anyone who invents encryption algorithms

  • Cryptanalyst – anyone who attempts to break encryption algorithms

  • Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis


  • Algorithms with a parameter – key K




Encryption Algorithm E

Decryption Algorithm D




Jeff Moser:



Input: plaintext and key

Output: ciphertext







Input: ciphertext and a key

Output: original plaintext





Symmetric cryptosystem
Symmetric Cryptosystem

  • C=E(P,K)

  • P=D(C,K)




Encryption Algorithm E

Decryption Algorithm D




Secret channel



Cryptanalysis (Attacks)

  • Cryptanalyst (Mallory)

    • E and D are public

    • Given ciphertext, find plaintext

    • What else Mallory knows?

Classical ciphers
Classical Ciphers

  • Caesar cipher

  • Vigenére cipher

  • Zimmerman cipher

  • Vernam cipher

Caesar cipher
Caesar Cipher

  • Shifting alphabet

  • How many possible keys?


  • Follow me with CrypTool

  • Observation:

    • The break between two words is preserved

    • Repeated letters are mapped to repeated letters

  • Decrypt the following Caesar cipher

    • Wklv phvvdjh lv qrw wrr kdug wr euhdn

    • Hints: Observe the following patterns

      • Wrr, wr

      • Wklv, lv

Unbreakable cipher vigen re tableau
“Unbreakable” cipher: Vigenére Tableau

  • Same letters are not mapped to the same letters

  • Encrypt

    • Keyword: hothot (repeat: row)

    • Plaintext: attack (column)

    • ciphertext: hhmhqd

  • Decrypt

    • Keyword: hothot (repeat: column)

    • Ciphertext: hhmhqd (from that column find c letter)

    • Plaintext: attack (the index of row)


  • Follow me with CrypTool

  • How “unbreakable” is Vigenére cipher?

Codebook zimmermann cipher
Codebook/Zimmermann Cipher

  • A codebook is literally a dictionary-like book containing words and their corresponding codewords.

  • Zimmerman Telegram

    Februar 13605

    fest 13732

    finanzielle 13850

    folgender 13918

    Frieden 17142

    Friedenschluss 17149

  • What is the key?

  • Compare it with Vigenére cipher w.r.t key size

  • How secure is Zimmermann cipher?

Zimmerman telegram decrypted
Zimmerman Telegram Decrypted

Perfect cipher
Perfect Cipher

Vernam cipher




Exclusive OR

Exclusive OR




Secret channel



1 0 =1; 0 1=1

0 0 =0; 1 1=0

Vernam Cipher

  • The only unbreakable stream cipher

    • K: a long, non-repeating sequence of random numbers

Vernam cipher1
Vernam Cipher

  • An example of Vernam Cipher

    • Alice:

    • Bob:

1 0 =1; 0 1=1

0 0 =0; 1 1=0

P: 100 010 111 011 110 001…

K: 010 011 101 101 010 111…

C: 110 001 010 110 100 110…

C: 110 001 010 110 100 110…

K: 010 011 101 101 010 111…

P: 100 010 111 011 110 001…


  • Follow me with CrypTool

  • Why is Vernam cipher perfectly secure?

Modern ciphers
Modern Ciphers

  • Basic ideas: confusion and diffusion

  • Combinations

  • Evaluation


  • Permutation operations

    • First remove spaces

      • A legitimate receiver can breakmostmessagesintowordsfairlyeasily

    • Then break messages arbitrarily into blocks of a uniform size (e.g., every five letters)

    • Map each plaintext letter to a unique ciphertext letter (usually in the same alphabet)

      • How many keys for permuting 26 English letters?


  • All permutation ciphers are subject to

    • ciphertext only attack

    • not to mention known plaintext attack,chosen plaintext and chosen ciphertext attacks

Frequency attack
Frequency Attack



  • Spread out the message by re-arranging letters

Product cipher
Product Cipher

Combinations of confusion and diffusion operations in many rounds

  • DES (56 bits) 16 rounds

  • AES (128, 192, 256) 9, 11, 13 rounds

  • Deterministic vs non-deterministic

  • Evaluation

    • Shannon’s characteristics of good ciphers

      • Amount of secrecy (key size) determines amount of labor

      • Set of keys and enciphering algorithm are simple

      • Implementation is simple

      • Errors do not propagate

      • Size of ciphertext is no larger than original message

    How secure is secure
    How Secure is Secure

    It takes your computer at least 1000 years to break my cipher!!

    Computational security

    No matter how powerful your computer is, you don’t have enough information to defeat the system !!

    Unconditional security


    Hands on exercise
    Hands-On Exercise

    • Installation:

      • Download LabPrep.doc and follow its instructions to install

        • OpenSSL (Win32openSSL-0_9_8d.exe)

        • HHD HexEditor (

        • JCE (jdk-1_5_0_08-windows-i586-p.exe)

      • Mac computers have already these tools pre-installed

    Hands on exercise1
    Hands-On Exercise

    • Testing:

      • Download LabTest.doc

      • Follow its instructions in section 2.1 to test openSSL

      • Follow its instructions in section 2.2 to test JCE

    Introduction to openssl
    Introduction to OpenSSL

    • OpenSSL is an open source toolkit to ensure secure communication.

      • Symmetric key (secret key) encryption

      • Asymmetric key (public key) encryption

      • Message Digests and digital signatures

      • Certificates

    Example 1 keys generation
    Example 1: Keys Generation

    openssl genrsa -des3 -out privkey.pem 2048

    • genrsa – Generates RSA Key

    • des3 – Password protects the key using triple DES encryption

    • out <filename>– Save the key in a file. In this example, its privkey.pem

    • <key size> -Size of the key generated. In this example, its 2048 bits

    Example 2 certificate request
    Example 2: Certificate Request

    openssl req -new -key privkey.pem -out cert.csr

    • req - Generate certificate request.

    • new –New certificate request.

    • key <file name> - Specify the file to read the private key from. In this example, its privkey.pem

    • out <file name> - Save the request in a file. In this example, its cert.csr

    Example 3 encryption
    Example 3: Encryption

    openssl des3 -salt -in file.txt -out file.des3

    • des3 – Encrypt using the TripleDES algorithm

    • salt - Use a salt in the key derivation routines

    • in <file name> - Input file with the clear message

    • out <file name> - Output file with the encrypted message

  • Users will be prompted to enter a password to complete the encryption

  • Example 4 decryption
    Example 4: Decryption

    openssl des3 -d -salt -in file.des3 -out file.txt

    • des3 – Use the TripleDES algorithm

    • d – decrypt the file

    • salt - Use a salt in the key derivation routines

    • in <file name> - Input file with the encrypted message

    • out <file name> - Output file with the decrypted message

  • Users will be prompted to enter a password to complete the decryption

  • Introduction to jca and jce
    Introduction to JCA and JCE

    • Java Cryptography Architecture (JCA) is part of Java 2 run-time environment.


    • Java Cryptography Extension (JCE) is an extension to JCA and is integrated into Java 2 SDK since the 1.4 release.

       javax.crypto.*

    Jce core classes
    JCE Core Classes

    • Cipher Class

      • Provide the functionality of encryption and decryption

    • KeyGenerator Class

      • Generate secret keys for encryption and decryption

    • The SealedObject Class

      • Create an object and protect its confidentiality

    • The Mac Class

      • Provide integrity protection with Message Authentication Code (MAC).


    Class java crypto keygenerator
    Class: java.crypto.KeyGenerator


    • getInstance(String algorithm)

      • Creates an instance of KeyGenerator for a specific algorithm such as

      • “AES”,“DES”,”HMACSHA1”

    • generateKey()

      • Generate a key for the algorithm specified in the KeyGenerator instance

    Example key generation
    Example: Key Generation

    • The following example generate a SecretKey object using AES.

      //Create an instance of KeyGenerator with algorithm AES

      KeyGenerator kg = KeyGenerator.getInstance(“AES");

      //Generate the secret key

      SecretKey mykey = kg.generateKey();

    Secure key storage
    Secure Key Storage

    • JCA provides an extensible architecture to manage keys through KeyStore.

    • A KeyStore object maintains an in-memory table of key and certificate entries, indexed by aliasstrings, allowing retrieval, insertion and deletion of entries.

    • Keystorefiles are usually password protected.

    Class java security keystore


    • getInstance (String type)

      • Create an instance of KeyStore of the specified type.

    • load(InputStream stream, char[] password))

      • Open keystore with password and load keys from keystore file to memory

    • getKey(String alias, char[] password)

      • Access the keystore with password and get the key based on a given key alias

    • setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam)

      • Set a new key entry in the keystore

    • store(OutputStream stream, char[] password)

      • Store this keystore to the given output stream, and protect its integrity with the given password.

    Example create a null keystore object
    Example:Create a null KeyStore object

    • The following sample creates null KeyStore object with password protection.

      //Create an instance of KeyStore of type “JCEKS”.

      //JCEKS refers the KeyStore implementation from SunJCE provider

      ks = KeyStore.getInstance("JCEKS");

      //Load the null Keystore and set the password to “changeme”

      ks.load(null, "changeme".toCharArray());

    Example set key entry
    Example:Set Key Entry

    • The following sample sets the generated key “mykey” in the KeyStore.

      //Create an instance of KeyStore.SecretKeyEntry using “mykey”

      KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mykey);

      //Get key alias name from user input.

      String alias=args[0];

      //Create KeyStore Password

      KeyStore.PasswordProtection password;

      password = new KeyStore.PasswordProtection("changeme".toCharArray());

      //Set the key entry in the key store with an alias.

      ks.setEntry(alias, skEntry, password);

    Example store keystore object in file
    Example:Store KeyStore object in file

    • The following sample writes the KeyStore object into a file for storage.

      //Create a new file to store the KeyStore object fos = new"keystorefile.jce");

      //Write the KeyStore into the file, "changeme".toCharArray());

      //Close the file stream


    Example retrieving keys from keystore
    Example:Retrieving Keys from KeyStore

    • The following sample retrieves keys from a KeyStore file.

      //Open the KeyStore file

      FileInputStream fis = new FileInputStream("keystorefile.jce");

      //Create an instance of KeyStore of type “JCEKS”

      ks = KeyStore.getInstance("JCEKS");

      //Load the key entries from the file into the KeyStore object.

      ks.load(fis, "changeme".toCharArray());


      //Get the key with the given alias.

      String alias=args[0];

      Key k = ks.getKey(alias, "changeme".toCharArray());

    A quick review
    A Quick Review

    • Which of the following is subject to frequency attack?

      • Caesar cipher 2. Vigenére 3. Vernam

    • A perfect cipher is?

      • Combination of confusion and diffusion

      • Combination of substitution and transposition

      • Unconditionally secure