Security in Computing &

Information Technology

Lecture 3
Lecture Schedule
1. Introduction
2. Security mechanisms, attack methods
Basic mechanisms
3. Elementary cryptography
4. Authentication
5. Access control
Major computing security areas
6. Operating systems
7. Databases
8. Networks
9. Web
10. Mobile computing
11. Social networks
12. Internet banking
Lecture Topics

 Secure digest functions
 Digital signatures

Lecture Topics
Encryption / Decryption
 Encryption (encoding, enciphering): processing a
message so that its meaning becomes obscured
 Decryption (decoding, deciphering): the reverse
of encryption
Cyphertext = Encrypt (Plaintext)
Plaintext: information is clearly understandable
Ciphertext: information is hidden
Memo: Xasdq …
Confidential Confidential
ghty …
The financial
The financial
… accounts …
accounts …

Plaintext Encryption Ciphertext Decryption Plaintext

 Historical terms
 Cryptosystem: code, cipher (encoding /
SecComp Lecture 3
decoding, enciphering / deciphering) 4
 Breakable encryption
 The encryption / decryption algorithm can be
determined without prior knowledge
 Theoretically breakable: there is a method to break
the encryption
 Practically breakable: it can be done within
reasonable time
(The art and science of) keeping messages secure
(The art and science of) breaking ciphertext
 Break a single message
 Devise a method to break all messages
 Find weaknesses in the algorithm or in its
Encryption Methods and Keys
Encryption Methods and Keys
 Encryption method
 The algorithm used to transform the plaintext (e.g.
substitute each letter with another letter in the
 Encryption key
 Parameter that enables to translate the same
plaintext with the same algorithm to different
 Ciphertext becomes the function of (Plaintext + Key)
 Good encryption methods rely on the key for
 No need to invent a new method for every application
 Most commonly used encryption algorithms are
 Breaking the encryption requires finding the key
SecComp Lecture 3 6
Secret and Public Key Encryption
 Encryption / decryption keys
The ciphertext depends on the original plaintext, the
algorithm, and a parameter called key
Cyphertext = Encrypt (Plaintext, Key)

E_Key D_Key

Plaintext Encryption Ciphertext Decryption Plaintext

 Secret (symmetric) key encryption: E_Key can be easily

calculated from D_Key
 Simple, fast
 Public key (asymmetric) encryption: The keys cannot be
calculated from each other in reasonable time

SecComp Lecture 3
More secure, very slow
Attacks against Encryption (1)
 Ciphertext-only attack
 The cryptanalyst has access to encrypted messages only, the aim
is to recover the plaintext, and possibly deduce the encryption /
decryption key
 Known-plaintext attack
 The cryptanalyst has access not only to the ciphertext, but also
to the plaintext of those messages; the aim is to recover the key
 Chosen-plaintext attack
 The cryptanalyst can even choose the plaintext of the messages
 Adaptive-chosen-plaintext attack
 The cryptanalyst chooses the plaintext by using the results of
previous encryptions (more efficient than simple chosen-plaintext
 Chosen-ciphertext attack
 The cryptanalyst can choose ciphered messages and has access to
the decrypted messages
 Chosen-key attack
 The key is given; used for evaluating an algorithm, not really an
Attacks against Encryption (1)
Attacks against Encryption (2)
 Brute force attack: tries all possible solutions
 (There may be a way easier than brute force to
break the encryption)
 P (polynomial):
 Problems for which the solution growth rate is a

polynomial function
 NP (nondeterministic polynomial):
 The correctness of a guessed solution can be

checked in polynomial time

 EXP (exponential)
 A deterministic solution exists in exponential time
SecComp Lecture 3 9
Practical Security of Cryptosystems
 Theoretically not breakable
 Unconditionally secure
Practically not breakable

 Computationally secure or strong
 Work factor
 Computing time and power needed to recover the key
 E.g. work factor = 2128 (2128 operations are needed)
Operations' complexity and computing time may change

 Complexity of the relationship between plaintext and
 Breaking a few messages should not allow the breaking of all
 How the statistical properties of the encrypted text
Practical Security of Cryptosystems
Stream & Block Ciphers
 Stream ciphers
 The transformation depends only on the actual symbol,
does not consider the previous or next symbol(s)
 Low error propagation
 Low diffusion (easy to break), susceptible to malicious
insertions, modifications
 Block ciphers
 Transforms a group of data (a block) at a time
 Higher diffusion, immune to insertions
 Slower encryption (Has to wait for whole blocks)
 Error propagation problems
One error affects a number of symbols
Stream & Block Ciphers
Secret-Key Encryption Principle
 AKA Symmetric encryption
Encryption/decryption keys can be the same or easily

calculated from each other
 Oldest method - used already by the Romans
 Computers use larger keys and more complex algorithms

Sender A Receiver B
1. acquire K 1. acquire K
2. f (K,M) → {M}K {M}K 2. receive {M}K
3. send {M}K 3. f -1(K, {M}K ) → M

 Secret key K must be guarded well (e.g. sent through a secure

 f and f -1 need not be secret
SecComp Lecture 3 12
Classical Secret-Key Algorithms
Substitutions Ciphers
 Simple substitution cipher
 One character of plaintext replaced with a
corresponding character
 Homophonic cipher
 A single character can map to one of several
 Polyalphabetic substitution cipher
 Multiple simple substitution ciphers
 The actual one used changes with the position of
each character
 Polygram substitution cipher
 Blocks of characters are encrypted in groups
Simple Substitution
Simple Substitution
Caesar Cipher
 Translate a letter to the letter n places to the
right in the alphabet
ci = E(pi) = pi + n
E.g. n = 3
a b c d e f g …

d e f g h i j …

"treaty impossible"  "wuhdwb lpsrvvleoh "

SecComp Lecture 3 14
Homophonic Substitution
 (Used as early as 1401)
 A single character can map into one of several
characters in ciphertext e.g. ‘A’ → 3 or 5 or 7
 With a known-plaintext attack it is trivial to break
 A ciphertext attack is harder, still a few seconds
on a computer
 Provides confusion, main problem is diffusion
 Time: proportional to the length of message
 Space: constant (size of conversion/lookup table)

Homophonic Substitution
Polyalphabetic Substitution
 (invented in 1568, used e.g. in the American Civil
 First key encrypts the first letter, second key the
second letter etc. after using all keys, the keys
are recycled
 Period of cipher: Number of keys
 Easy to break even ciphers with very long periods
 E.g. running-key cipher (World War I)
 Problem: diffusion
Popular in computer security products (E.g.
WordPerfect; details of how to break it were
published in 1987, 1991)

Polyalphabetic Substitution
Transposition Ciphers
 (used in World War I)
 Characters of the plaintext remain the same, but their order is
 Arrange the text in columns (or in other patterns)
T I M A write direction
timahsegi sesas read direction
 Time: proportional to the length of message
 Space: length of the message (not good for long messages)
 Substitution is far more common

Transposition Ciphers
Rotor Machines
 Enigma (used in
World War II)
 Automate the
process of
 Each rotor
makes a
 After the
substitution the
last rotor
rotates one step
 Combination of
rotors makes it
difficult to break
(Period 26n)
Rotor Machines
One-Time Pads
Pad of a large, non-repeating set of truly random keys

 Each letter of the message is encrypted with a
corresponding key from the pad
 Used once, then destroyed (otherwise not secure)
 Perfect (theoretically not breakable) as long as keys are
randomly selected
 Safe only with really random numbers (not with pseudo-
random ones)
 Length of key sequence is equal to the length of message
(not feasible for a 1 Mbps channel)
 Ultrasecure low-bandwidth channels
 One-time passwords are similar constructs

One-Time Pads
Secret-Key Encryption Example (1)
 Data Encryption Standard (DES 1977)
 Was the most widely used algorithm until the late 1990s
 Maps a 64 bit plain text into a 64 bit ciphertext using a
56 bit key
 Has 16 key-dependent rounds, in which data is rotated
and transposed
 Split data in half, scramble right half, swap two halves
 Successful attacks against it are possible
 key is small enough for brute force attack
 has been around for quite long, has been well analysed
 Triple DES
 DES is not considered to be secure anymore
 Triple DES uses DES three times with three different keys
 Most often as encrypt-decrypt-encrypt (EDE)

SecComp Lecture 3 20
Secret-Key Encryption Example (2)
 Advanced Encryption Standard (AES)
 Adopted as a standard in 2001
 A version of the Rijndael block cipher
 block size: 128 bits (4x4 array of bytes)
 key sizes: 128, 192, 256 bits (10, 12, 14 rounds of
 Each round has four steps
 AddRoundKey each byte is combined (XOR-ed) with the
 SubBytes non-linear substitution of each byte by using a
lookup table
 ShiftRows cyclically shifts the bytes in each row by a
certain offset
 MixColumns combines the bytes in each column by using a
linear transformation (in the last round this is replaced by
another AddRoundKey)
 A brute-force attack (computationally prohibitively
expensive) was published in 2002
SecComp Lecture 3 21
Cipher Modes
 Electronic code book (ECB)
A plaintext always encrypts to the same ciphertext
A “code book” can be built for each key (and any plaintext-ciphertext
combination can be entered into this book)
Suitable e.g. for database encryption
 Improved method: Cipher block chaining (CBC)
 The plaintext is XOR-ed with the previous ciphertext block and
then encrypted
 At decryption time the block is
 (i) decrypted and
 (ii) saved as ciphertext for feedback until the next block is

 A random initialisation vector (IV) is used for the first block
 Error propagation and extension
Cipher Modes
decrypted plaintext – needs integrity protection

Cipher Modes
Image source: Wikipedia
Problems of Symmetric Key Systems
 If key is revealed, security is broken
(Keys in real systems are changed fairly
 Distribution of keys should be secure
By hand (e.g. by a courier), in pieces on
separate channels, etc.
 Simple methods can be vulnerable to
 Number of keys increases with the square
of the number of participants
SecComp Lecture 3 24
Public-Key Encryption Principle
 AKA Asymmetric encryption
 Different keys for encryption & decryption
 It is very hard to derive one key from the other
 Public and private keys
 Public key: can be made known to everyone wanting to
 Private key: kept secret
 Private encryption key: message can not be falsified
 Private decryption key: message can not be decoded
Public Key Database
request Ke Ke Ke
Receiver B
Sender A 1. compute Ke, Kd
2. publish Ke
3. acquire Ke
4. E (Ke,M) → {M}Ke 6. receive {M}Ke
Public-Key Encryption Principle
Public-Key Systems
 Public and private keys
 Private encryption key: message can not be falsified
Used for verifying authenticity: digital signature
 Private decryption key: message can not be decoded
Used for confidentiality/secrecy
 Some common methods and their use
 RSA – encryption and digital signatures
 El Gamal & DSS – digital signatures
 Diffie-Hellman – establish a shared secret
 The principle first published in the mid 1970s

Public-Key Systems
RSA Algorithm
 Uses large prime numbers p and q
 Encryption key (e) and decryption key (d) are
determined so that
e * d = 1 (mod (p-1)*(q-1))
 Most popular, frequently used in e-commerce
 Slow (about 1000 times slower than DES)
 Available in hardware
 Many systems use RSA to exchange keys, then use
DES/TripleDES/AES to encrypt everything else
RSA Algorithm
Diffie-Hellman Key Agreement
 Protocol for establishing a shared secret via an
insecure communication channel
 Two parties jointly calculate a shared secret via
 Data exchanged during the negotiation is not
sufficient to break the key
 The established secret is never sent to the other
side in any form (encrypted or otherwise)
 The algorithm is very frequently used in secure
communication protocols

Diffie-Hellman Key Agreement
Secure Digest Functions
 Fixed-length pattern characterising an arbitrary-length message
h = H(M)
 Given M, it is easy to compute h H is a one-way function
 Given h, it is hard to compute M
 Given M, it is hard to find another message M’ such that H(M) =
H(M’) – collision-secure
 AKA One Way Hash, Message Digest, Digital Fingerprint
 Usage: Digital signatures, protecting messages from alteration
 Non-keyed: depends on the message alone
AKA message integrity code (MIC), modification detection code (MDC)
 Keyed: depends on the message and on a secret key
AKA message authentication code (MAC)

Secure Digest Functions
Image source:
Secure Digest Functions
Practical Aspects
 Exploiting collisions: Birthday attack
Alice prepares two versions M and M’, M is favourable
for Bob, M’ is not
2. Alice makes several versions of M and M’ that are visually
indistinguishable from each other (e.g. by adding spaces
at the end of lines) until she finds an M and an M’ so that
the calculated h is the same for the two
3. Alice sends the favourable document M to Bob to sign it
4. When Bob returns the signed document, Alice replaces M
with M’
 Widely used hash functions
 MD5: one of the most efficient methods, produces a 128-
bit digest, makes only one pass over the data, vulnerable
 SHA-0, SHA-1: produce a 160-bit digest – attacks have
been found
 SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512):
still considered to be secure
SecComp Lecture 3 30
Digital Signatures
 A recipient of a document can verify that the
claimed originator is the real originator, and the
message has not subsequently been altered.
 Calculated e.g. by encrypting a hash of the
document with the signer’s private key

 A digital signature is appended to document, i.e.

<M, S, { M } KS> is sent.
Message Digital
Digital Signatures
Image source:
Checking Digital Signatures

SecComp Lecture 3 32
Image source:
Forms of Digital Signatures
 Document signatures
 Enveloped signatures
The document contains the signature as well
(The calculation does not involve the signature itself!)
 Detached signatures
The signature is separate from the document it validates
 Digital Signature Standard (DSS) dates back to 1993
 XML syntax defined by World-wide Web Consortium

Forms of Digital Signatures
 Encryption is the mostly used way of hiding
information content of data
 The main difference between secret-key
and public-key encryption methods is in
applicability and speed
 Data authenticity can also be proven via
cryptographic methods

SecComp Lecture 3 34

