Encryption

8-1
Encryption
Eng. Mahmoud Abdeen Mohammed

8-2
Why encryption
secure
sender s
secure
receiver
channel data, control
messages
data data
sender receiver
Intruder

8-3
There are bad guys out there who can!
 eavesdrop: intercept messages
 actively insert messages into connection
 impersonation: can fake (spoof) source address in
packet (or any field in packet)
 hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
 denial of service: prevent service from being used
by others (e.g., by overloading resources)

8-4
The language of cryptography
m plaintext message
KA(m) cipher text, encrypted with key KA
m = KB(KA(m))
plaintext plaintextciphertext
K
A
encryption
algorithm
decryption
algorithm
Sender
Receive
r
K
B

8-5
Symmetric key cryptography
symmetric key crypto: sender and receiver share same
(symmetric) key: K
 e.g., key is knowing substitution pattern in mono alphabetic
substitution cipher
plaintextciphertext
K S
encryption
algorithm
decryption
algorithm
S
K S
plaintext
message, m
K (m)
S
m = KS(KS(m))

8-6
Simple encryption scheme
substitution cipher: substituting one thing for another
 monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
e.g.:
Encryption key: mapping from set of 26 letters
to set of 26 letters

8-7
A more sophisticated encryption approach
 n substitution ciphers, M1,M2,…,Mn
 cycling pattern:
 e.g., n=4: M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ..
 for each new plaintext symbol, use subsequent
substitution pattern in cyclic pattern
 dog: d from M1, o from M3, g from M4
Encryption key: n substitution ciphers, and cyclic
pattern
 key need not be just n-bit pattern

8-8
Symmetric key crypto: DES
DES: Data Encryption Standard
 56-bit symmetric key, 64-bit plaintext input
 block cipher with cipher block chaining
 making DES more secure:
 3DES: encrypt 3 times with 3 different keys

8-9
Symmetric key
crypto: DES
initial permutation
16 identical “rounds” of
function application,
each using different 48
bits of key
final permutation
DES operation

8-10
AES: Advanced Encryption Standard
 processes data in 128 bit blocks
 128, 192, or 256 bit keys
 brute force decryption (try each key) taking 1 sec
on DES, takes 149 trillion years for AES

8-11
Public Key Cryptography
symmetric key crypto
 requires sender, receiver
know shared secret key
public key crypto
 radically different
approach [Diffie-
Hellman76, RSA78]
 sender, receiver do not
share secret key
 public encryption key
known to all
 private decryption key
known only to receiver

8-12
Public key cryptography
plaintext
message, m
ciphertextencryption
algorithm
decryption
algorithm
receiver’s public
key
plaintext
messageK (m)
B
+
K
B
+
receiver’s private
key
K
B
-
m = K (K (m))B
+
B
-

8-13
Public key encryption algorithms
need K ( ) and K ( ) such thatB B
. .
given public key K , it should be
impossible to compute private
key K
B
B
requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+ -
K (K (m)) = m
BB
- +
+
-

8-14
RSA modular arithmetic
(a mod n)d
mod n = ad
mod n
assume: a=14, n=10, d=2:
(a mod n)d
mod n = 42
mod 10 = 6
ad
= 142
= 196 ad
mod 10 = 6

8-15
RSA: Creating public/private key pair
1. choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. compute n = pq, z = (p-1)(q-1)
3. choose e (with e<n) that has no common factors
with z (e, z are “relatively prime”).
4. choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. public key is (n,e). private key is (n,d).
K B
+
K B
-

8-16
RSA: encryption, decryption
0. given (n,e) and (n,d) as computed above
1. to encrypt message m (<n), compute
c = m mod ne
2. to decrypt received bit pattern, c, compute
m = c mod nd
m = (m mod n)e mod n
dmagic
happens!
c

8-17
RSA example:
Let p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
bit pattern m m
e
c = m mod ne
0000l000 12 24832 17
encrypt:
encrypting 8-bit messages.
c m = c mod nd
17 481968572106750915091411825223071697 12
c
d
decrypt:

8-18
Why does RSA work?
 must show that cd
mod n = m
where c = me
mod n
 fact: for any x and y: xy
mod n = x(y mod z)
mod n
 where n= pq and z = (p-1)(q-1)
 thus,
cd
mod n = (me
mod n)d
mod n
= med
mod n
= m(ed mod z)
mod n
= m1
mod n
= m

8-19
RSA: another important property
The following property will be very useful later:
K (K (m)) = m
BB
- +
K (K (m))BB
+ -
=
use public key
first, followed by
private key
use private key
first, followed by
public key
result is the same!

8-20
Why is RSA secure?
 suppose you know Bob’s public key (n,e). How
hard is it to determine d?
 essentially need to find factors of n without
knowing the two factors p and q
 fact: factoring a big number is hard

8-21
RSA in practice: session keys
 exponentiation in RSA is computationally
intensive
 DES is at least 100 times faster than RSA
 use public key crypto to establish secure
connection, then establish second key –
symmetric session key – for encrypting data

8-22
large
message
m H(m)
Receiver’s
private
key KB
-
+
sender sends digitally signed
message:
Receiver verifies signature, integrity
of digitally signed message:
KB(H(m))
-
encrypted
msg digest
KB(H(m))
-
encrypted
msg digest
large
message
m
H(m) H(m)
recev’s
public
key KB
+
equal
?
Digital signature = signed message digest

8-23
Secure e-mail
 sender wants to provide secrecy, sender authentication,
message integrity.
Sender uses three keys: his private key, receiver’s public key,
newly created symmetric key
H( ). KA( ).-
+
KA(H(m))
-
m
KA
-
m
KS( ).
KB( ).+
+
KB(KS )
+
KS
KB
+
Internet
KS

Encryption

More Related Content

What's hot (20)

Similar to Encryption (20)

Recently uploaded (20)

Encryption