Use of Cryptography in Data

Security over Computer

Networks

Presented by:

Monzur Morshed
Rezaur Rahman
TigerHATS
www.tigerhats.org
TigerHATS - Information is power

The International Research group dedicated to Theories, Simulation and

Modeling, New Approaches, Applications, Experiences, Development,
Evaluations, Education, Human, Cultural and Industrial Technology

Homepage: www.tigerhats.org
Twitter: www.twitter.com/tigerhats
Use of Cryptography in Data
Security over Computer
Networks

Presented
by
Monzur Morshed
Rezaur Rahman
(TigerHATS)
Definitions
Computer Security: measures to protect data within a
computer and during its processing.

Network Security: measures to protect data (information)

within the network and during their transmission.

Internet Security: measures to protect data their

transmission over a collection of interconnected networks.
Preliminaries [Cont..]
Vulnerability: It is a weakness that can be used to
cause loss or harm to an information system. Vulnerable
points of a system are used to attack the system to breach
its security.

Threat: It can be seen as potential violation of

security of a system. Of course violation of security will
be done to cause harm or loss. Threats exist because of
vulnerabilities in a system.
Types of Threats
• Interception
• Interruption
• Modification

• Fabrication
Preliminaries [Cont..]
Logical Control: It uses software and data to
monitor and control access to data (information) of a
system. As for example, password authentication
schemes, access control schemes, firewalls to
network, network intrusion detection systems, and
encryption methods are types of logical controls.

Physical Control: It monitors and controls the

surrounding place i.e. the environment of the
systems. For example: doors and locks, cameras,
barricades, fencing, security guards etc.
Security Mechanisms
• Encryption
• Authentication
• Authorization
• Auditing
 Focus of Control

 Three approaches for

protection against
security threats
a) Protection against invalid
operations
b) Protection against
unauthorized invocations
c) Protection against
unauthorized users
Basic Terminology of Cryptography
Plaintext: the original message or text that is used in an
encryption process is called plaintext.

Cipher text: the coded message or the encrypted form of the

message that is found after encryption process has
been completed.

Cipher: algorithm or process for transforming plaintext to

cipher text.

Key: data (number) used in cipher known only to sender/

receiver.
 Terminology [Cont..]
Encipher (encrypt): Converting plaintext to cipher text.

Decipher (decrypt): Recovering cipher text from

plaintext.

Cryptography: Study of encryption principles/methods.

Cryptanalysis (code breaking) : The study of

principles/methods of deciphering cipher text without
knowing key.

Cryptology : The field of both cryptography & cryptanalysis.

 Terminology [Cont..]
Cryptosystem: The system that contains both encryption
and decryption processes. It includes key generation
process, encryption and decryption algorithms.

Key Management: The process of generation, transmission

and storage of key or keys.

Key generation process: The process or algorithm that

generates the key for a cryptosystem is called key generation
process. It may include one or more algorithms.
 Cryptography

Notation Description

KA, B Secret key shared by A and B

K +A Public key of A

K −A Private key of A
Concept of Cryptography
There two categories of cryptography or cryptosystem.
One is symmetric cryptosystem and another is
Asymmetric cryptosystem. Cryptography and
cryptosystem are synonymous words. In future we shall
use word cryptosystem in case of cryptography.

 Symmetric cryptosystem: Same key is used both

in encryption and decryption.

 Asymmetric crypto system: One key is used for

encryption and another separate key is used for
decryption.
Basic Concepts of cryptography
Symmetric cryptosystem: Here only one key is
used in both encryption and decryption processes.

C = EA(K, P)
Where C-cipher text, EA- encryption algorithm,
K- key, P- plain text.
K
Encryption Cipher
Plaintext Algorithm text

Encryption Process
 Symmetric cryptosystem
P = DA(K, C)
Where DA- decryption algorithm.
K
Decryption Plaintext
Cipher text Algorithm

Decryption Process

In symmetric cryptosystem key must be kept secret.

 Asymmetric Cryptosystem
Here two keys are used. One is for encryption
and another different one is for decryption.
The key used for encryption is called public
key and published for general use. The key
used for decryption is called private or secret
key. The owner will possess this (private) key
and must be kept secret. In this system every
one who possesses public key can encrypt the
message, but only owner of the private key can
decrypt the cipher text.
Asymmetric cryptosystem

C = EA(Kpub, P)
Where Kpub is the public key.
Kpub Cipher
Encryption text
Plaintext Algorithm

Encryption Process
 Asymmetric cryptosystem
P = DA(Kp, C)
Where DA- decryption algorithm.
Kp
Decryption Plaintext
Cipher text Algorithm

Decryption Process

In asymmetric cryptosystem private key must be kept

secret.
 Cryptography

 Intruders and eavesdroppers in communication.

 Caesar Cipher
 Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

 Mathematically give each letter a number

a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25

 Then have Caesar cipher as:

C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)
 Transposition cipher
 Write message letters out diagonally over a
number of rows
 Then read off cipher row by row

 E.g.,”meet me after the party” write

message out as:
m e m a t r h p r y
e t e f e t e a t

 Giving ciphertext
MEMATRHPRYETEFETEAT
 RSA Cryptosystem
This cryptosystem is invented by Rivest, Shamir
and Adleman (RSA) in 1979.

It is a public key cryptosystem, which involves

exponentiation modulo a number, n that is a
product of two large prime numbers.

The 1024 bits key size is a typical key size for RSA
cryptosystem.
 RSA Key Generation Process
1. Select at random two large prime numbers p and q.
( The primes p and q might be, say, 100 decimal digits each. )

2. Compute n by the equation n = pq.

3. Select a small odd integer e that is relatively prime to ϕ (n), where

ϕ (n) = (p - 1) (q - 1).

4. Compute d as the multiplicative inverse of e, modulo ϕ (n), i.e.,

e*d mod ϕ (n) = 1 d = minv (e, ϕ (n))

5. Publish the pair p = (e, n) as RSA public key.

6. Keep secret the pair s = (d, n) as RSA secret key.

Modern Symmetric Ciphers (DES)

The Data Encryption Standard (DES) was published

in 1977. It is the primary standard and defines the
Data Encryption Algorithm (DEA).

Original message is divided into block of 64 bits.

Each 64 bits block is encrypted using private or

secret key.
DES (Data Encryption Standard)
 Published in 1977, standardized in 1979.
 Key: Take 64 bit and drop the bits from
the positions 8, 16, 24, 32, 40, 48, 56, 64.
So key= 64 – 8 = 56-bit.
 64 bit input, 64 bit output.

64 bit M 64 bit C
DES
Encryption

56 bits
DES Top View
56-bit Key
64-bit
48-bitInput
K1
Generate keys
Permutation Initial Permutation
48-bit K1
Round 1
48-bit K2
Round 2
…... 48-bit K16
Round 16

Swap Swap 32-bit halves

Permutation Final Permutation

64-bit Output
27
 Symmetric Cryptosystems: DES (2)

 Details of per-round key generation in DES.

 Steps of DES
1. Each block of message will be 64 bits. Do initial
permutation on 64 bits data and divide it in to two
halves.
2. Left half 32 bits and Right half 32 bits.
3. Expand right half up to 48 bits by expansion.
4. Take 64 bits key (reduced to 56 bits by dropping bits at
positions 8, 16, 24, …, 64) and select 48 bits by permuted
choice.
5. Do XOR of 48 bits right half and 48 bits key.
6. Select 32 bits from step 5 by S-box substitution choice.
 Steps of DES [cont..]
7. Do P-box permutation (on 32-bits of step 6).
8. Do XOR of 32 bits left half and 32 bits right half (from
step-7)
9. Result from step 8 will be new right half.
10. Old right half from step 2 will be the new left half.
The above 10 steps make a cycle of DES.
Step 1 to 10 is for one cycle. There will be 16 such cycles. After
completion of 16 cycles, we have to do final permutation on
data bits to get decrypted data.
 MD5: Message Digest Version 5
input Message

Output 128 bits Digest

• Until recently the most widely used hash algorithm
 Hash Functions : MD5
 The structure of MD5
 Digital signature
# Like a handwritten signature.
# Cryptographic technique.
# Public key cryptosystem is used in digital
signature method.
# unforgivable: means only the originator
should be able to produce/ compute the
signature value.
# Verifiable: means others should be able to
check that the signature has come from the
originator.
 Simple digital signature
Kp

Digital
Message Encryption
signature
m algorithm
S

Signature creation process

Message is encrypted using private key (Kp)

of the creator or originator.
 Signature verification
Kpub

Signature Decryption Message

S algorithm m

Verification process

Signature is decrypted using public key

(Kpub) of the originator.
 Digital signature at a glance

For A: For B:

m Kp, A Kpub, A

Encryptio S Decryptio m
S
n n
Algorithm algorithm

Sending end: Receiving end:

Signature creation Signature verification
 Encrypted signature

Suppose that A sends message and B receives it.

1) A produces signature S:
S = E(Kp, A, m).

2) Now A enciphers (encrypts) S using B’s public key:

C = E(Kpub, B, S).

3) B receives C and deciphers it:

S = D(Kp, B, C).

4) B verifies that A signed m:

m = D(Kpub, A, S).
Encrypted signature at a glance
For A: For B:

m Kp, A Kp, B

Encryption C Decryption
algorithm algorithm

Kpub,B Kpub,A S
S
Decryption
Encryption algorithm
algorithm
m
C
Receiving end
Sending end
 Kerberos
 In a secure networking system when a
user on a client wants to get service from a
server he or she must be authenticated.
 A network with Kerberos authentication
service grants access to the server if the
user is authenticated by Kerberos.
 That is, before getting service from a
service server, the user must go through
Kerberos.

39
 Kerberos Requirements
 It’s first report identified requirements as:
• secure
• reliable
• transparent
• Scalable
 Implemented using an authentication
protocol based on Needham-Schroeder
 Kerberos v4 Overview
 A basic third-party authentication scheme
 It has an Authentication Server (AS)
• users initially negotiate with AS to identify self
• AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
 It has a Ticket Granting server (TGS)
• users subsequently request access to other
services from TGS on basis of users TGT
 Kerberos

AS –
Kerberos
Authenticatio
n Server
AS
TGS – Ticket
Granting
Server

TGS

42
 Dialogue of Client and AS


Request (m1)
Client
(CL)

E-TGT
AS

E-TGT: encrypted ticket granting ticket

43
 Dialogue of Client and TGS


Request (m2)
Client
(CL)

E-SGT
TGS

E-SGT: encrypted service granting ticket

44
 Dialogue of Client and SS

Client Request (m3)

(CL)
Accept
or reject
SS
m3 = idcl + SGTss
SGTss = E (Kss, [adcl + idcl + TS2 + LT2])

45
Kerberos 4 Overview
 Firewalls

 A common implementation of a firewall.

What does a firewall do?
 Firewall is a program or hardware device that protects the resources of a private
network from users of other networks.

 Firewall blocks open ports through which an intruder can gain access to your
system and the valuable data you have stored in it.

 Firewalls limit access between networks to prevent intrusion and do not signal an
attack from inside the network.

 As all information passes through firewall, user can know what is happening
in the network.

 Firewall allows to create rules or set privileges for the type of traffic that can pass
through the firewall in both directions.

 Firewall blocks malicious viruses from entering your system.

 Thank you

TigerHATS
www.tigerhats.org