Modern Cryptography and Data Security Fundamentals

Posted by Anonymous and classified in Computers

Written on in English with a size of 11.63 KB

Lecture 1: Introduction and Security Concepts

The CIA Triad

  • Confidentiality: Limits access to authorized users. A breach results in unauthorized disclosure.
  • Integrity: Prevents unauthorized modification. A breach results in an altered document.
  • Availability: Ensures timely access. A breach results in a Denial of Service (DoS) attack.

Additional Security Objectives

  • Authenticity: Verifies that the data or sender is real and trustworthy.
  • Accountability: Ensures actions are traceable to specific entities.
  • Non-repudiation: Ensures a party cannot deny their actions, often achieved via digital signatures.

Kerckhoffs's Principle

Security should rely only on the secrecy of the key, not the secrecy of the algorithm. The system remains secure even if the attacker knows everything about the system except the key.

Attack Types

  • Passive Attacks: Aim to gain information (eavesdropping, traffic analysis). These are difficult to detect.
  • Active Attacks: Aim to alter or disrupt the system (masquerade, replay, DoS). These are detectable.

Cryptography Types

  • Symmetric: Uses a single shared key; fast and suitable for bulk encryption.
  • Asymmetric: Uses a public/private key pair; slower and used for key exchange and digital signatures.

Lecture 2: Modular Arithmetic and Historical Ciphers

Modular Arithmetic Basics

a ≡ b (mod n) means n divides (a - b).
Example: 17 ≡ 2 (mod 5) because 17 - 2 = 15, which is divisible by 5.

Modular Operations

  • Addition: (a + b) mod n
  • Subtraction: (a - b) mod n
  • Multiplication: (a × b) mod n
  • Exponentiation: a^b mod n (Note: This is non-commutative!)

Modular Inverse

a × a⁻¹ ≡ 1 (mod n). This exists only if gcd(a, n) = 1. It can be found using the Extended Euclidean Algorithm.
Example: 3⁻¹ mod 11 = 4 because 3 × 4 = 12 ≡ 1 (mod 11).

Historical Ciphers

  • Caesar Cipher: C = (P + k) mod 26. Weakness: Only 25 possible keys.
  • Affine Cipher: C = (aP + b) mod 26. Requires gcd(a, 26) = 1.
  • Vigenère Cipher: C = (P + K) mod 26. Weakness: Vulnerable to Kasiski examination.
  • Atbash Cipher: A↔Z, B↔Y. Weakness: Simple monoalphabetic substitution.

Affine Cipher Example

Encrypt "HELLO" with a = 5, b = 8:

  • H(7) → (5 × 7 + 8) = 43 ≡ 17 → R
  • E(4) → (5 × 4 + 8) = 28 ≡ 2 → C
  • L(11) → (5 × 11 + 8) = 63 ≡ 11 → L
  • L(11) → (5 × 11 + 8) = 63 ≡ 11 → L
  • O(14) → (5 × 14 + 8) = 78 ≡ 0 → A

Result: "RCLLA"

Decryption requires a⁻¹ mod 26: 5⁻¹ mod 26 = 21 (since 5 × 21 = 105 ≡ 1).

Extended Euclidean Algorithm

Find d = e⁻¹ mod φ(n).
Example: 13⁻¹ mod 2668

  1. 2668 ÷ 13 = 205 remainder 3
  2. 13 ÷ 3 = 4 remainder 1
  3. 3 ÷ 1 = 3 remainder 0

Working backwards:
1 = 13 - (3 × 4)
3 = 2668 - (13 × 205)
1 = 13 - [2668 - (13 × 205)] × 4
1 = 13 × 821 - 2668 × 4
Therefore, 13⁻¹ ≡ 821 (mod 2668).

Lecture 3: Stream Ciphers

Stream Cipher vs. Block Cipher

  • Stream Cipher: Encrypts one bit or byte at a time. Faster and ideal for real-time applications like voice or video.
  • Block Cipher: Encrypts fixed blocks (e.g., 64 or 128 bits). Slower and used for bulk data or files.

Stream Cipher Operation

The keystream is a pseudo-random sequence generated from a secret key.

  • Encryption: Ciphertext = Plaintext ⊕ Keystream
  • Decryption: Plaintext = Ciphertext ⊕ Keystream (Uses the same XOR operation!)

Example: 'A' (01000001) ⊕ Keystream (0101100) = Ciphertext (1101101)

Random Number Generators

  • TRNG (True Random Number Generator): Based on physical processes (noise); used for high-security needs.
  • PRNG (Pseudo-Random Number Generator): Based on an algorithm and a seed; used for general purposes.
  • CSPRNG (Cryptographically Secure PRNG): A PRNG suitable for key generation.

LFSR (Linear Feedback Shift Register)

Generates pseudo-random bits using a shift register and XOR feedback. Simple LFSRs are vulnerable; multiple registers must be combined for security.

Lecture 4: Data Encryption Standard (DES)

DES Specifications

  • Block size: 64 bits
  • Key size: 56 bits (plus 8 parity bits = 64 total)
  • Rounds: 16
  • Structure: Feistel Network

DES Encryption Flow

Plaintext (64 bits) → Initial Permutation (IP) → 16 Rounds (each with a unique round key) → Final Permutation (FP, the inverse of IP) → Ciphertext (64 bits).

One Round of DES (Feistel)

Split 64 bits into L (32 bits) and R (32 bits). For each round:

  • L_new = R_old
  • R_new = L_old ⊕ f(R_old, K_round)

The F-function: The Heart of DES

R (32 bits) → Expansion (E-box) → 48 bits → XOR with round key (48 bits) → S-box substitution (48 to 32 bits) [Confusion] → P-box permutation (32 bits) [Diffusion] → Output (32 bits).

S-boxes (Substitution Boxes)

Map 6-bit inputs to 4-bit outputs. There are 8 S-boxes in total. They provide a non-linear transformation (confusion) and are designed to resist differential cryptanalysis.

Key Schedule

64-bit key → remove parity → 56 bits → Split into C₀ (28) and D₀ (28). For rounds 1-16:

  • Rotate C and D left (1 or 2 bits based on the round).
  • PC-2 permutation → 48-bit round key.

Rotation schedule: Rounds 1, 2, 9, and 16 use 1 bit; others use 2 bits.

Avalanche Effect

Changing 1 bit in the plaintext or key changes approximately 50% of the ciphertext bits. This is achieved through 16 rounds of substitution and permutation.

DES Security Weakness

The 56-bit key is too small, making brute-force attacks feasible. The EFF "Deep Crack" (1998) broke DES in less than 3 days. It was officially replaced by AES in 2001.

Lecture 5: Modes of Operation and DES Decryption

DES Decryption

Decryption is the same as encryption but uses round keys in reverse order (starting with K₁₆ and ending with K₁). The Feistel structure makes this symmetry possible.

Why Modes of Operation are Needed

Block ciphers only encrypt fixed-size blocks, while real data is variable in length. Modes prevent pattern leakage in the ciphertext.

ECB Mode (Electronic Codebook)

C_i = E_k(P_i) (Blocks are independent).

  • Pros: Simple, parallelizable, and errors do not propagate.
  • Cons: Identical plaintext blocks produce identical ciphertext blocks; leaks patterns and is vulnerable to replay attacks.

CBC Mode (Cipher Block Chaining)

C₁ = E_k(P₁ ⊕ IV); C_i = E_k(P_i ⊕ Cᵢ₋₁) for i > 1.

  • Pros: Hides patterns, the Initialization Vector (IV) adds randomness, and error propagation helps detect tampering.
  • Cons: Sequential processing (cannot be parallelized) and requires a secure IV.

Error Propagation Comparison

  • ECB: A corrupted ciphertext block affects only that specific plaintext block.
  • CBC: A corrupted ciphertext block affects that block and the subsequent block.

Techniques to Strengthen Block Ciphers

  • Triple DES (3DES): Encrypts three times using two or three different keys.
  • Key Whitening: XORs extra keys before and after the encryption process.
  • Meet-in-the-Middle Attack: Reduces the effective security of double encryption to approximately 2^(k+1).

Lecture 6: AES and Asymmetric Cryptography (RSA)

AES Specifications

AES replaced DES in 2001 and supports various key lengths:

  • 128-bit key: 10 rounds, 128-bit block size.
  • 192-bit key: 12 rounds, 128-bit block size.
  • 256-bit key: 14 rounds, 128-bit block size.

AES vs. DES Comparison

  • DES: Feistel Network, 64-bit block, 56-bit key, weak security.
  • AES: Substitution-Permutation Network (SPN), 128-bit block, 128/192/256-bit key, strong security.

AES Operations per Round

  1. SubBytes: S-box substitution (confusion).
  2. ShiftRows: Row rotation (diffusion).
  3. MixColumns: Galois field multiplication (diffusion).
  4. AddRoundKey: XOR with the round key.

RSA Algorithm (Rivest-Shamir-Adleman)

Key Generation Steps

  1. Choose two large primes, p and q.
  2. Compute n = p × q.
  3. Compute φ(n) = (p - 1)(q - 1).
  4. Choose e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1.
  5. Compute d = e⁻¹ mod φ(n) using the Extended Euclidean Algorithm.

Public key: (n, e)
Private key: (n, d)

RSA Encryption and Decryption

  • Encryption: C = M^e mod n
  • Decryption: M = C^d mod n

RSA Example

Let p = 3, q = 11:

  • n = 33
  • φ(n) = 2 × 10 = 20
  • e = 3 (since gcd(3, 20) = 1)
  • d = 7 (since 3 × 7 = 21 ≡ 1 mod 20)

Encrypt M = 4: C = 4³ mod 33 = 64 mod 33 = 31.
Decrypt C = 31: M = 31⁷ mod 33 = 4.

Security Basis of RSA

RSA is based on a one-way trapdoor function: it is easy to compute but hard to reverse without the private key. Security relies on the difficulty of factoring n = p × q. Modern security standards recommend 2048-bit keys.

Public Key Infrastructure (PKI)

PKI is a framework for managing digital certificates and keys. A Certificate Authority (CA) acts as a trusted issuer, binding public keys to specific identities.

Quick Reference Formulas

Modular Arithmetic

  • (a + b) mod n
  • (a - b) mod n
  • (a × b) mod n
  • a^b mod n
  • a⁻¹ exists if and only if gcd(a, n) = 1

RSA Formulas

  • n = p × q
  • φ(n) = (p - 1)(q - 1)
  • e × d ≡ 1 mod φ(n)
  • C = M^e mod n
  • M = C^d mod n

Diffie-Hellman Key Exchange

  • A = g^a mod p
  • B = g^b mod p
  • K = B^a mod p = A^b mod p

Block Cipher Modes

  • ECB: C_i = E_k(P_i)
  • CBC: C₁ = E_k(P₁ ⊕ IV), C_i = E_k(P_i ⊕ Cᵢ₋₁)
Karma: 14%
Visits: 0

Related entries:

Tags:
CIA Triad Block Ciphers AES Standard Digital Signatures Stream Ciphers Network Security Modular Arithmetic Cryptography DES Encryption RSA Algorithm Public Key Infrastructure