Specialised area of mathematics concerned with protecting information.
Anything that can be represented as 0s and 1s can be encrypted.
Applications for cryptography include:
 Secure banking and payment systems
 Protecting conversations over mobile telephones
 Safeguarding wireless networks
 Securing files on hard disks and memory keys
 Authenticating electronic documents
 Electronic voting
 Securing media files – Digital Rights Management (DRM)
Terminology

Plaintext
 Information directly readable by human and computer

Ciphertext
 Encrypted data

A cipher
 Algorithm used to convert plaintext to ciphertext and back

Encryption
 Process of converting plaintext to ciphertext

Decryption
 Process of converting ciphertext to plaintext
Encryption keys
Key
 Determines output from encryption/decryption process.
 String of bits
 Each additional bit doubles number of possible values, e.g. 2^{key length }
Ciphers widely available in press and documentation – allows for checking of security and for weaknesses.
Short keys are vulnerable to brute force attacks just as passwords are.
The key distribution problem
Symmetric encryption requires either sender or recipient to create key and send to other party. Key could be intercept and copied during transit.
For each pair of parties wanting to communicate with each other a pair of keys would be required. n(n1)/2 where n is number of parties.
So, for 10 parties to communicate 45 key pairs would be required.
10(101)/2 = (10*9)/2 = 45
Method developed in 1970 of distributing keys without actually sending them.
Asymmetric, or, public key cryptography
Key pair – one public key shared with anyone, one private key kept safe & never distributed.
Cannot determine value of one key from the other.
Private key required to decrypt ciphertext encrypted with public key.
Public key required to decrypt ciphertext encrypted with private key.
Public key can be distributed via email of key chain server.
No initial exchange of secret keys required.
Slower than symmetric encryption.
Why isn’t the internet encrypted?
Encryption and decryption requires certain amount of processing power which comes at a cost.
Some websites do not need encryption such as news sites.
Putting cryptography to use
Collection of cryptographic tools commonly known as Pretty Good Privacy (PGP).
PGP includes algorithms for symmetric and asymmetric cryptography.
OpenPGP – standard to be used by vendors.
Email encryption tools include:
 GPG4Win – standalone tools for encryption and digital signing of documents, emails etc.
 GPGMail – integrates with Apple Mail, encryption and digital signature.
 Enigmail for Thunerbird – requires manual installation of GNUPG software.
 Mailvelope – Google Chrome plugin, implements OpenPGP, works with web mail.
Comparing different cryptographic techniques
DES (Data Encryption Standard)
 56bit symmetric cypher.
 Vulnerable to brute force attacks due to short key length
 Triple DES uses three rounds of DES encryption and three separate 56bit DES keys.
AES (Advanced Encryption Standard)
 Uses combination of symmetric ciphers,
 Uses either 128, 192 or 256bit key.
Blowfish
 Supports key lengths from 1 to 448 bit.
 No known breaches of correctly implemented encryption.
Using cryptography to prove identity
Hashing
 Mathematical process of converting data of any size into fixed length piece of data known as hash.
 Used to verify that a file is as supplied by comparing hashes.

Algorithms include:
 MD5
 SHA1
 SHA2
 MD5 and SHA1 can generate “broken” hashes and neither should be used.
Digital signatures and certificates
Digital signature uses public key to encrypt the hash.
As the encrypted hash decrypted by public key would only be verifiable if it were encrypted using private key this provides authentication.
Malicious individual could pretend to be sender and make their own key pair and digitally sign document.
Digital certificate – binds public keys to their owners.
Issued by Certificate Authorities (CAs) who validate owners of keys.
Once validate, CAs bind the public key to a digital certificate and digitally sign it with their private key.
Encrypted network connections
Secure Socket Layer (SSL) protocol.
SSL now replaced by Transport Layer Security (TLS) – allows web browsers to securely exchange data.
TLS/SSL
 Uses combination of symmetric and asymmetric encryption
 Browser connects to server and requests secure communication – handshake – and agrees type of cryptography to use
 Server sends public key and digital certificate to user’s computer
 Digital certificate then checked to ensure it is genuine and has not expired
 User’s computer generates master password, encrypts with server’s public key and sends back
 Server decrypt encrypted master secret with its private key
 Both computers generate identical copy of symmetric encryption key
 At end of session both computers delete symmetric session key
Use of TLS/SSL means user can benefit from confidentiality and integrity.
Leave a Reply