Cryptography: A Real World Perspective

Brig. P D Gupta

Dayalbagh Educational Institute

Cryptography and Security

About Me

Brig. Prem Dayal Gupta Military Communicator and Information Warrior Alumnus of Don Bosco, NDA, [Link]. from JNU, [Link]. Defense Studies from Madras University and [Link]. from IIT Delhi 36 years experience in communications Pioneer in running Indias first data network Commanding Officer of Signal Regiment during Kargil war.
Cryptography and Security
2

Dayalbagh Educational Institute

More About Me

Director of Cryptography and Cryptanalysis Director and DDG of Signal Intelligence Chief Signal Officer Rajhasthan and Gujarat Chief Signal Officer Delhi Just retired as Commander of NCC in Agra FIETE, MCSI and SSI Sharing experiences in cryptographic organizations, key management and cryptanalysis
Cryptography and Security
3

Dayalbagh Educational Institute

Introduction

Thanks You are all EXTREMELY lucky! Wisest Decision I am not a regular teacher Network Security and Cryptography is a good combination Potential for jobs in both private sector and defense. My offer to coach students interviews for joining defense. Example from the United States.
Cryptography and Security
4

Dayalbagh Educational Institute

Aim

To share with you all my experiences in the domain of cryptography organizations, key management and introduce you to cryptanalysis

Dayalbagh Educational Institute

Cryptography and Security

Lesson Objectives
Name some international standard organizations in cryptography? If you are working for an organization making or marketing cryptographic systems for the Government, where will you get it certified? Who is the controller of CAs for PKI systems in India? Name the Indian CAs who can be used for certification if you are managing a PKS in your organization? As SA also responsible for network security. Which are the organizations responsible to deal with network attacks? What is the need to learn cryptanalysis? Name types of cryptanalytic attacks? Back

Dayalbagh Educational Institute

Cryptography and Security

Layout
Assessment of knowledge Cryptographic scene in India Organizations

International National

Key Management Need for cryptanalysis and introduction

Dayalbagh Educational Institute

Cryptography and Security
7

Assessment of Knowledge

What is the difference between symmetric and asymmetric ciphers? What is the biggest problem with symmetric ciphers? What does PKI stand for and what are the important areas of its usage? What are the key sizes in DES, AES, Triple DES? Explain Authentication, Confidentiality, Integrity, Non-repudiation and digital signatures? Has anyone read the IT Act 2000? How do you see job potential in the domain of network security, cryptography and cryptanalysis?

Dayalbagh Educational Institute

Cryptography and Security

Cryptographic Scene in India

Mixture of traditional and modern Mixture of symmetric and PKS Wide use in eGovernance and eCommerce including eBanking Network security at all levels Job potential in various domains Systems used by terrorists and criminals Manufacturers BEL, ITI, CAIR PKS marketeed by big software organizations, eg. TCS

Dayalbagh Educational Institute
Cryptography and Security
9

International Standard Organizations

NIST National Institute of Standards and Technology IETF Internet Engineering Task Force ITU(T) International Telegraph Union (Telecommunications) ISO International Standards Organization Federation of National Organizations

Dayalbagh Educational Institute

Cryptography and Security
10

Organizations: International CAs

AICPA American Institute of Certified Public Accountants (certifies CAs) [Link] Entrust Verisign Geotrust GoDaddy Comodo Global sign

Dayalbagh Educational Institute

Cryptography and Security
11

Indian Organizations
SAG JCB CCA Department of Electronics and Information Technology, Ministry of Communications and Information Technology CAs

Safescrypt IDRBT NIC TCS MTNL GNFC e Mudhra

CERT
National Dept/Org/Coyys States

Dayalbagh Educational Institute

Cryptography and Security

12

Key Management
Person / Cadre / Verification Key generation Distribution of Keys Key management problems / limitations PKI CA/RA Token / SOPs

Dayalbagh Educational Institute

Cryptography and Security
13

Cryptanalysis

Difference between decryption and cryptanalysis Cryptanalysis is breaking secure codes Very hard job Cryptanalysis needs algorithms and keys Language How to get Algorithm How to get keys
Brute force Knowledge of text Mathematical/Statistical analysis of keys Timing

Need for cryptanalysis

Assess strengths / weakness of ciphers Resist an attacker Intelligence collection

Dayalbagh Educational Institute

Cryptography and Security

14

Cryptanalysis: Brute Force Timings

Key Size No of Keys 1 Decryption/Microsec 10 e 6 Decryptions/Microsec
2.5 ms 32 2 power 32 4.3*10power 9 2 power 56 7.2*10power 16 2 power 128 3.42*10 power 38 35.8 min

56 DES

1142 yrs

10.01h

128 AES

5.4* 10 p0wer 24 yrs

1.4* 10 p0wer 18 yrs

168 Triple DES

2 power 168 3.7*10 power 50

5.4 * 10 p0wer 36 yrs

5.4 * 10 p0wer 30 yrs

Dayalbagh Educational Institute

Cryptography and Security

15

Differential Cryptanalysis
For DES, 255 reduced to 247 Differential attack is a chosen plain text attack Involves comparing XOR of two inputs to XOR of corresponding outputs to give a differential Differential propagation ratio for each round gives a differential trail.

Dayalbagh Educational Institute

Cryptography and Security

16

Linear Cryptanalysis
For DES, 255 reduced to 243 A statistical known plaintext attack Estimated linear correlation between plaintext and ciphertext over a large number of samples Try all keys for few known bits Remaining bits by brute force with linear correlation

Dayalbagh Educational Institute

Cryptography and Security
17

Conclusion
I expect you to now answer all the questions we set ourselves to be able to answer at the beginning I reiterate my availability to guide all students interested in joining the defense services. Thank you very much. May GOD bless you all in all your good endeavors.

Dayalbagh Educational Institute

Cryptography and Security
18

Lesson Objectives: Answers

As a SA also responsible for NW security which are the org responsible to deal with NW attacks? What is the need to learn cryptanalysis?
Assess strength /weakness of ciphers Resist an attacker Intelligence collection
CERT

Name types of cryptanalytic attacks?

Brute force Knowledge of text Mathematical / statistical analysis of keys Timing
Cryptography and Security
19

Dayalbagh Educational Institute

Lesson Objectives: Answers

Name some international standards organizations in cryptography?

NIST, IETF, ITU(T) and ISO

If you are working for an organization making or marketing cryptographic systems for the Government, where will you get it certified ?
SAG for gradation and JCB for keys

Who is the controller of CAs for PKI systems in India?

CCA Department of Electronics & Information Technology, Ministry of Communications and Information Technology.

Name the Indian CAs who can be used for certification if you are managing a PKS in your organization?
Safescrypt, IDRBT, NIC, TCS, MTNL, GNFC, eMudhra

Dayalbagh Educational Institute

Cryptography and Security

20

Thank you!

Dayalbagh Educational Institute

Cryptography and Security

21