# ICOM6045 Fundamentals of E-Commerce Security

## Topic 1 Cryptography

## Definition

- Process of transforming information to make it unreadable to anyone except those possessing the key

## Purpose

- Data confidentiality

## Transpositions/Permutations

- An encryption in which the letters of the message are rearranged
- Function
- Try to break established patterns

- Example
- Columnar transposition
- Rearrangement of the characters of the plaintext into columns
- Based on characteristic patterns of pairs of adjacent letters, called digrams
- Analysis
- Compute the letter frequencies
- Break the text into columns by compare a block of ciphertext characters against characters successively farther away in the ciphertext.
- Do common digrams appear.

- Do most of the digram look reasonable

- Compute the letter frequencies

- Columnar transposition
- Complexity
- No additional work
- Require storage for all characters of the message
- Not good for long message

- Alternative
- Permute the characters of the plaintext with a fixed period d

## Confusion

- Cipher that makes relationship between the plaintext/key pair and the ciphertext as complex as possible
- Good confusion
- poly-alphabetic substitution with a long key

- Bad confusion
- Caesar cipher

## Diffusion

- Cipher that spreads the information from the plaintext over the entire ciphertext
- Change in the plaintext should affect many parts of the ciphertext
- Good diffusion
- DES
- Transposition cipher

- Bad diffusion
- Substitutin cipher

## Cryptanalysis

- Index of coincidence (A tool to rate how wella particular distribution matches the distribution of letter in English)
- Procedure
- Measure of roughness(variance)
- If the distribution is perfectly flat

- Examine
- Is it encrypted
- How is it encrypted
- What is the key

## Types

### Symmetric Key Encryption

- Procedure (Single key)
- Original message
- Key -> Encryption algorithm
- Encrypted message
- Encrypted message sent over Internet
- Encrypted message arrives destination
- Key -> Decryption algorithm
- Original message

- Algorithms
- DES(Data Encryption Standard)
- Most commonly used block cipher
- Purpose
- Facilitate hardware implementation

- Form
- A block cipher with 56-bit key (64-bit including parity bits)
- “Feistel” network structure

- AES(Advanced Encryption Standard)
- RC4

- DES(Data Encryption Standard)
- Stream cipher
- Definition
- Convert one symbol of plaintext immediately into a symbol of ciphertext

- Advantage
- Speed of transformation
- Low error propagation

- Disadvantage
- Low diffusion
- Possible for malicious insertions and modifications

- Definition
- Block cipher
- Definition
- Encrypt a group of plaintext symbol as one block

- Advantage
- Diffusion
- Immunity to insertion

- Disadvantage
- Slowness of encryption
- Error propagation

- Definition
- Kasiski method
- Search for repeated sequence of characters
- Example
- 3 occurrences of the 11-character sequence
- Distance between first 2 sequence = 141- 90 = 51
- Distance between second 2 sequences = 213 - 141 = 72
- The common divisor between 51 and 72 is 3
- Estimated key length is 3

- “Perfect” substitution cipher
- Definition
- Many alphabets for an unrecognizable distribution
- No apparent pattern for the choice of an alphabet at a particular point

- Function
- Confuse the Kasiski method
- Index of coincidence would be close to 0.038

- Definition
- Application
- Caesar cipher
- Definition
- The message is enciphered with a 27-symbol alphabet (A->Z) and the blank, the blank is translated to itself

- Permutation
- Each letter is translated to a fixed number of letters after it in the alphabet

- The “real” Caessar cipher by Julius Caesar used a shift of 3

- Definition
- Mono-alphabetic substitutions
- Definition
- The alphabet is scrambled, and each plaintext letter maps to a unique ciphertext letter

- Permutation
- A permutation is a recording of the elements of a series
- A permutation can be a function
- Some permutations can’t be represented as simple equation

- Weakness
- Frequency distribution

- Definition
- Polyalphabetic substitutions
- Definition
- Combine distributions that are high with ones that are low

- Analysis
- Use Kasiski method to predict likely numbers of enciphering alphabets
- If no numbers emerge fairly regularly, may not a poly-alphabetic substitution
- Compute the index of coincidence to validate the predictions from step 1
- When step 1 and 3 indicate a promising value, separate the ciphertext into appropriate subsets and independently compute index of coincidence of each subset

- Example
- Rotor Machines

- Definition
- Vigenere cipher
- Definition
- Vigenere tableau
- A collection of 26 permutations
- Written in a 26*26 matrix

- Vigenere tableau
- Permutation
- Use a key (keyword) -> select particular permutaion

- Definition
- One-time pad
- Definition
- Based on a large nonrepeating set of keys (written on paper and glued together into a pad)

- Procedure
- Sender writes key one time above the letters of the plaintext
- Encipher the plaintext with a chart like Vigenere tableau
- Sender destroys the key
- Receiver takes the appropriate number of keys
- Decipher the message

- Example
- Vernam cipher
- Involves an arbitrarily long nonrepeating sequence of numbers that are combined with the plaintext
- Possible attack
- Random number generator

- Vernam cipher

- Definition

- Caesar cipher

### Public Key Encryption

- Procedure (Everyone has 2 keys)
- Original message
- Encryption key -> Encryption algorithm
- Plaintext <- Encryption
- The original form of a message

- Ciphertext <- Decryption
- The encrypted form a message

- Original plaintext

- Plaintext <- Encryption
- Encrypted message
- Encrypted message sent over Internet
- Encrypted message arrives destination
- Decryption key -> Decryption algorithm
- Original message

- Algorithms
- RSA