Chapter 2

Cryptography

Authentication

What is authentication?

Verification of identity of someone who generated some data Relates to identity verification classifications of identity verification:

by something known e.g. password by something possessed e.g. smart card, passport by physical characteristics (biometrics) e.g. finger prints, palm prints, retina, voice by a result of involuntary action : signature

Authentication

Requirements must be able to verify that:

Message came from apparent source or author Contents have not been altered Sometimes, it was sent at a certain time or sequence

Protection against active attack (falsification of data and transactions)

Password

Protection of passwords

Dont inform your password to anybody Dont write or login your password at everywhere Etc.

Choosing a good password

Criteria: Hard to guess and easy to remember Characteristics of a good password Not shorter than six characters Not patterns from the keyboard Etc.
Password population, N =rs Probability of guessing a password = 1/N Probability of success, P=nt/N

Calculations on password

Techniques for guessing passwords

Try default passwords. Try all short words, 1 to 3 characters long. Try all the words in an electronic dictionary(60,000). Collect information about the users hobbies, family names, birthday, etc. Try users phone number, social security number, street address, etc. Try all license plate numbers (MUP103). Use a Trojan horse Tap the line between a remote user and the host system.

Password Selecting Strategies

User education Computer-generated passwords Reactive password checking Proactive password checking

Example 1

Based on the passwords given below, determine which passwords are good or bad, include one reason for each password :

iswara01 9kelisa01 pskjwM opps queen anita

Example 2

Assume you choose character from a-z and 0-9 and the number of characters required are 5. Determine how much time will be needed to get the right password if your capability of your computer is 400 MIPS. Give your opinion/conclusion from this problem.

Solution
r = 26 (a-z) + 10 (0-9) = 36 , P = 1 , s = 5 N = rs = 365 = 6.05 x 107 P = nt/N n = 400 x 107 /sec Therefore: t = PN/n = 1 x ( 6.05 x 107 ) / (400 x 106) /sec = o.0151 = 1.51 x 10-2
Conclusion: the password can be broke only least than one second, means this password is not secured and not a good password.

Cryptography

Classified along three independent dimensions: The type of operations used for transforming plaintext to ciphertext The number of keys used symmetric (single key, or private-key encryption) asymmetric (two-keys, or public-key encryption) The way in which the plaintext is processed

Cryptography Algorithms

Symmetric algorithms P=D(K,E(K,P))

Asymmetric algorithms P=D(Kd, E(Ke, P))

Symmetric Cryptography Principles

An encryption scheme has five ingredients: Plaintext Encryption algorithm Secret Key Ciphertext Decryption algorithm Security depends on the secrecy of the key, not the secrecy of the algorithm

Symmetric Cryptography Principles

Public-Key Cryptography Principles

The use of two keys has consequences in: key distribution, confidentiality and authentication. The scheme has six ingredients Plaintext Encryption algorithm Public key Private key Ciphertext Decryption algorithm

Encryption using Public-Key system

Decryption using Public-Key System

Applications for Public-Key Cryptosystems

Three categories: Encryption/decryption: The sender encrypts a message with the recipients public key. Digital signature: The sender signs a message with its private key. Key echange: Two sides cooperate two exhange a session key.

Methods use in Cryptography Algorithm

Substitution

monoalphabetic substitution

Formed by shifting the letters of the original alphabet Extension of monoalphabetic substitution system Using Vigenere Tableau

polyalphabetic substitution

Transposition

unkeyed transposition

Rearrange letters by using matrix Rearrange letters by using matrix where the size of matrix is determined by the length of the key used.

keyed transposition

Example: Monoalphabetic Substitution Cipher

Based on the keys below, change this plaintext failure is the only opportunity to begin again more intelligently to ciphertext. Use 5letter words.

Plaintext Alphabet a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext Key f g h i j k I m n o p q r s t u v w x y z a b c d e

Solution
Plaintext: Failure is the only opportunity to begin again more intelligently

Example: Polyalphabetic Substitution Cipher

Based on Figure 2.2 in the notes, get the ciphertext for the plaintext A minutes success pays the failure of years in 4-letter words and failure as the repeating key. Use x to pad out the blanks.

Figure 2.2

Solution
Plaintext: A minutes success pays the

failure of years

Example: Unkeyed Single

Transposition

Encrypt the plaintext : there is no

security on this earth there is only opportunity into a matrix of 5 (rows)

by 10 (columns). Get the ciphertext horizontally, using 5letter words.

Solution
Plaintext: There is no security on this earth

there is only opportunity

Ciphertext: THERE ISNOS ECURI TYONT HISEA RTHTH EREIS ONLYO PPORT UNITY

Example: Keyed Single

Transposition

With the key security, encrypt the plaintext ignorance is the mother of admiration using keyed single transposition into 4-letter words. Use x to pad out columns.

Solution
Plaintext: ignorance is the mother of admiration

Ciphertext: ietm ihig nser arto rhot ifea nmao ndoc

Classification of ciphers (transformation)

Stream ciphers

they convert one symbol of plaintext immediately into a symbol of ciphertext depends on symbol, key and control information of encipherment algorithm encrypt a group of plaintext symbols as one block examples are transposition ciphers

Block ciphers

e.g, in columnar transposition, the entire message is translated as one block, block size need not have any particular relationship to the size of the character

Puzzle of the Day

Some programs use passwords for access control, but do not protect the passwords in a very sophisticated manner or make determining the correct password very easy. The argument for using simple passwords and weak encipherment is that the data or programs being protected are of little value and the passwords give a small measure of privacy.
Given that what they are protecting is truly of little value, why is the use of such simple passwords and easily-broken encipherment bad?