CRYPTOGRAPHY

COMMUNICATION SECURITY

Activity

1. Name 5 applications that can be used for communication.

a.

b.

c.

d.

e.

2. How do you think do these applications secure your private conversations?

________________________________________________________________

________________________________________________________________

________________________________________________________________

Introduction

Social media applications are a trend to a lot of people. We are able to reach and
communicate with people no matter where they are. However, we use these
applications without knowing if these applications are secure enough to call it a “private”
conversation.

Applications such as Telegram and Facebook Messenger employ an end-to-end

encryption (E2EE) which is the most secure type of cryptography. For each user, the
platform issues a pair of public and private encryption keys. It stores the public keys on
its servers, but private keys are stored on user devices only.
 Users can retrieve one another’s public keys from servers to encrypt their messages.
Each message encrypted with a public key can only be decrypted by with its
corresponding private key, which is in the exclusive ownership of the recipient. E2EE
ensures that not even the company that hosts the application can access message
content. Even if hackers break into their servers or three-letter agencies force them to
hand over user data, they won’t be able to decrypt the content of messages.

There are three notions of security which we need to understand before we go deeper
in this topic. These are:
a. Perfect security - the scheme is said to have perfect security or to have
information theoretic security, if an adversary with infinite computing power can
learn nothing about the plaintext given the ciphertext.
b. Semantic security - This is similar to perfect security but we only allow an
adversary with polynomially bounded computer power
c. Polynomial security - this is sometimes called indistinguishability of encryptions, it
is said to be so because if no adversary can win the following game with
probability greater than one half.

Communication security is the discipline of preventing unauthorized interceptors from

accessing telecommunications in an intelligible form, while still delivering content to the
intended recipients.

This field includes cryptographic security, transmission security, emissions security

and physical security of COMSEC (Communication Security) equipment and associated
keying material.

COMSEC is used to protect both classified and unclassified traffic on military

communications networks, including voice, video, and data. It is used for both analog
and digital applications, and both wired and wireless links.
Fields of Communication Security

 Cryptographic Security. The component of communications security that results

from the provision of technically sound cryptosystems and their proper use.
 Emission Security (EMSEC). This refers to the protection resulting from all
measures taken to deny unauthorized persons’ information of value that might be
derived from communications systems and cryptographic equipment intercepts
and the interception and analysis of compromising emanations from
cryptographic — equipment, information systems, and telecommunication
systems.
 Transmission Security (TRANSEC). The component of communication security
that results from the application of measures designed to protect transmissions
from interceptions and exploitation by means other than cryptanalysis.
 Physical Security. The component of communications security that results from
all physical measures necessary to safeguard classified equipment, material, and
documents from access thereto or observation thereof by unauthorized persons.

Double Encryption

To encipher a message the sending operator decided on a message key. The message
key would be a sequence of three letters, say D H I. The message key needs to be
transported to the recipient. Using the day key, the message would be enciphered
twice. The double enciphering is to act as a form of error control. Hence, D H I might be
enciphered as X H J K L M. Note, that D encrypts to X and then K, this is a property of
the Enigma Machine.
PRINCIPLES OF CRYPTOGRAPHY

Activity

Try to decipher the following message using the following clues.

LETTER EQUIVALENT LETTER EQUIVALENT

Z A M N
Y B L O
X C K P
W D J Q
V E I R
U F H S
T G G T
S H F U
R I E V
Q J D W
P K C X
O L B Y
N M A Z

“GSV LMOB DZB GL OVZIM NZGRVNZGSXH RH GL WL

NZGRVNZGSXH”

- KZFO SZONLH
Message:
Cryptography is the science of using mathematics to encrypt and decrypt data.

Cryptography enables you to store sensitive information or transmit it across

insecure networks so that it cannot be read or understood by anyone except the

intended recipient.

Cryptanalysis is the science of analyzing and breaking secure communication.

Classical cryptanalysis involves an interesting combination of analytical

reasoning, application of mathematical symbols, pattern finding, patience,

determination, and luck. Cryptanalysts are also called attackers.

Cryptology embraces both cryptography and cryptanalysis.

Cryptography can be strong or weak. Its strength is measured in the time and

resources it would require to recover the plaintext. The result of strong cryptography is

ciphertext that is very difficult to decipher without possession of the appropriate

decoding tool.

Cryptographic algorithm, or cipher, is a mathematical function used in the encryption

and decryption process. It works in combination with a key – a word, number, or phrase

– to encrypt the plaintext. The security of encrypted data is entirely dependent on two

things: strength of the cryptographic algorithm and the secrecy of the key.

A cryptographic algorithm, and all possible keys and all the protocols that make it work

comprise a cryptosystem.

Conventional cryptography, also called secret-key or symmetric-key encryption,

involves only one key that is used for encryption and decryption.
Conventional cryptography

Plaintext Encryption Ciphertext Decryption Plaintext

Public key cryptography solves the problem of key distribution. This is an asymmetric

scheme that uses a pair of keys for encryption: a public key which encrypts data and a

secret key for decryption.

The concept was introduced by Whitfield Diffie and Martin Hellman in 1975.

Public Key Encryption

Plaintext

Encryption (Using Public Key)

Ciphertext

Decryption (Using Private Key)

Plaintext
Pretty Good Privacy (PGP) combines some of the best features of both conventional

and public key cryptography. It is a hybrid cryptosystem.

When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data

compression saves modem transmission time and disk space and, more importantly,

strengthens cryptographic security.

Compression reduces these patterns in the plaintext, thereby greatly enhancing

resistance to cryptanalysis.

PGP then creates a session key, which is a one-time-only secret key. This key is

a random number generated from the random movements of your mouse and the

keystrokes you type. This session key works with a very secure, fast conventional

encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is

encrypted, the session key is then encrypted to the recipient’s public key. This public

key-encrypted session key is transmitted along with the ciphertext to the recipient.

PGP Encryption

Ciphertext +
encrypted session
Session key is key
encrypted with
Plaintext is public key
encrypted with
session key
Decryption works in reverse. The recipients’ copy of PGP uses his or her private key to

recover the temporary session key, which PGP then uses to decrypt the conventionally-

encrypted ciphertext.

PGP Decryption

Encrypted session
key

recipients private
key session key used to original
Encrypted Message
used to decrypt cipher text plaintext
decrypt session key

Ciphertext

The combination of the two encryption methods combines the convenience of

public key encryption with the speed of conventional encryption. Conventional

encryption is about 1,000 times faster than public key encryption. Public key encryption

in turn provides a solution to key distribution and data transmission issues. Used

together, performance and key distribution are improved without any sacrifice in

security.

A key is a value that works with a cryptographic algorithm to produce a specific

ciphertext. Keys are basically really, really, really big numbers. Key size is measured in

bits. In public key cryptography, the bigger the key, the more secure the ciphertext.
 However, public key size and conventional cryptography’s secret key size are

totally unrelated. A conventional 80-bit key has the equivalent strength of a 1024-bit

public key. A conventional 128-bit key is equivalent to a 3000-bit public key. Again, the

bigger the key, the more secure, but the algorithms used for each type of cryptography

are very different.

CIPHER METHOD

Caesar’s Cipher

A substitution cipher substitutes one piece of information for another. This is

most frequently done by offsetting letters of the alphabet. This kind of cipher is the
cipher used in the activity earlier.

Example: If the word “SECRET” will be encoded using Caesar’s key value of 3, the
alphabet will be offset so that the 3rd letter down (D) begins the alphabet.

So, starting with:

ABCDEFGHIJKLMNOPQRSTUVWXYZ

and sliding everything up by 3, you get

DEFGHIJKLMNOPQRSTUVWXYZABC

where D=A, E=B, F=C, and so on.

Therefore, the plaintext SECRET encrypts as “VHFUHW” using this scheme.

To allow someone else to read the ciphertext, tell them that the key is 3.

Affine Ciphers

Affine cipher uses a encrypting function with additions and multiplication which
convert a letter of value x in a 26 letters alphabet into another letter with value of (ax+b)
modulo 26.

Encryption uses a classic alphabet and two integers called coefficients or keys A
and B.

Using the 26 characters alphabet (m=26), A should be chosen relatively prime to

m.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 10 1 12 13 14 1 16 17 1 19 20 21 2 23 24 25 26
1 5 8 2
Francis Bacon Cipher

Francis Bacon created one of the more interesting substitution ciphers. He used
two different type faces slightly differing in weight (boldness). He broke up his ciphertext
into 5 - character groups, each of which would represent one character in his plaintext.
Depending on which characters of the group were bold, one could determine the
plaintext character using the following table (* stands for a plain character and B for a
bold character)

A=***** H=**BBB O=*BBB* V=B*B*B

B=****B I=*B*** P=*BBBB W=B*BB*

C=***B* J=*B**B Q=B**** X=B*BBB

D=***BB K=*B*B* R=B***B Y=BB***

E=**B** L=*B*BB S=B**B* Z=BB**B

F=**B*B M=*BB** T=B**BB

G=**BB* N=*BB*B U=B*B**

The same secret message as above would appear as (Bacon's bold and plain
characters were less obvious than those below):

To be or not to be that is the question.

Whether 'tis nobler in the mind to

suffer the slings and arrows of

outrageous fortune or to take arms

against a sea of troubles and by

opposing end them?

To decipher, we just break the characters into groups of 5 and use the key above to find
the plaintext message.

M E E T M E B E

Tobeo rnott obeth atist heque stion Wheth ertis

H I N D T H E G

noble rinth emind tosuf ferth eslin gsand arrow

Y M A F T E R S

sofou trage ousfo rtune ortot akear msaga insta

C H O O L

seaof troub lesan dbyop posin gendt hem?

Message: MEET ME BEHIND THE GYM AFTER SCHOOL

Columnar Transposition

It works like this:

First, think of a secret key word. Ours will be the word SECRET. Next, write it above the
columns of letters in the square, and number the letters of the key word as they would
fall if we placed them in alphabetical order. (If there are duplicate letters, like the "E",
they are numbered from left to right.)

5 2 1 4 3 6

S E C R E T

M E E T M E

A F T E R S

C H O O L B

E H I N D T

H E G Y M O
Now write the columns down in the order indicated by the numbers. The resulting
ciphertext looking like this:

ETOIG EFHHE MRLDM TEONY MACEH ESBTO

Polybius Square

This is called the Polybius Square, since it was

first described by Polybius in his “Histories” in around
150BC. It has been used by many cultures throughout
history in different sizes depending on the length of
the alphabet (for example the Japanese used a 7 × 7
grid). Although useful as a form of enciphering, it is
not particularly strong.

Example:

32 15 44 23 34 14 24 33 44 23 15 32 11
14 33 15 43 43

Decryption:

32 15 44 23 34 14 24 33 44 23 15 32 11

M E T H O D I/J N T H E M A

14 33 15 43 43

D N E S S

Message: METHOD IN THE MADNESS

QWERTY Code

Plaintext letter ABCDEFGHIJKLMNOPQRSTUVWXYZ

Ciphertext letter QWERTYUIOPASDFGHJKLZXCVBNM

You can construct a secret message from the above table. Every time you see an "I"
you would substitute the "O" beneath and so on for the other characters. The message
"Meet me after school behind the gym," would read

"DTTZ DT QYZTK LEIGGS WTIOFR ZIT UND."

Word lengths - especially the short words - give great clues as to the nature of the code
(see frequency charts). To help conceal your message, ignore the spaces and break the
message up into equal-sized chunks. Five letters are customary in the spy biz, so your
message comes out like this (Note that an extra "dummy" character "M" is added at the
end to make it come out with a 5-letter group. Your recipient should have no trouble with
the extra character.

DTTZD TQYZT KLEIG GSWTI OFRZI TUNDM

Try this!

Using Caesar’s Cipher key 5, write the quotation:

“Mathematics is the language with which God wrote the universe”

- Galileo Galilei