Information Security in Education/Cryptography

Alfa and Saurus]

What is cryptography?
A cipher is a way of representing a message by changing it according to some set pattern or method. The method must preserve the meaning to decrypt it meaning to change it back into its original form. Encryption is to write something in a cipher so that only those authorized to do so can decode it and read it. The study of encryption is called cryptography (Lehtinen, 2006).

The basic idea behind cryptotography is as follows: The message, sent in plaintext, passes through a filter to encrypt it into ciphertext. The ciphertext then goes to the receiver who passes it through a related filter to decrypt it and obtain the plaintext (Schneier, 2004).

Encryption has been around for centuries. However, at first is was thought of as something that only pertained to government. For example, in times of war, messages were encrypted in case the soldier carrying the message was captured. In today's modern age of computer, encryption is something that affects every computer user. Instead of physical interception of messages, encryption is used on electronic networks to protect messages against virtual intruders (Lehtinen, 2006).

‎

Transposition Cipher
The transposition cipher does not change the letters in a message, but only puts them in a different order.

Example

 * The message below is encrypted using transposition. Try to decrypt it: (Answer below)
 * YAOPRGYHTCPR

Caesar Cipher (rot-3 cipher)
This cipher takes each letter of the plaintext and replaces it with a letter three letters later in the alphabet. In the case of letters near the end, the alphabet is looped around back on itself, so Z would be replaced by C. (Schneier, 1996).

Example

 * The message below was encrypted using the Caesar Cipher. Try to decrypt it: (Answer below)
 * BHOORZ

Substitution Cipher
Instead of a preset rule to always substitute each letter with another letter according to a rule such as the Caesar cipher, with a substitution cipher, each time a character is shown, a certain other character is written. All 26 letters of the alphabet are used and there is no overlap. An example may be to send A to T, B to K and so on. Because each letter has a unique mapping onto the ciphertext, in mathematical terms, this particular cipher is called one-to-one. One of the simplest and oldest substitution cipher is to simply write the alphabet forward and then backwards underneath (Gardner, 1972):
 * A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


 * Z Y X W V U T S R Q P O N M L K J I H G F E D C B A

Example

 * The message below was encrypted using the above substitution cipher. Try to decrypt it:  (Answer below)
 * HFNNVI EZXZGRLM



The Alberti Disk
The Alberti Disk is a simple wheel device which provides 26 different substitution cipher alphabets. From the picture to the right, note that the 26 inner letters are in alphabetical order, but that the letters on the outside of the circle are in random order. For two people to send messages encrypted with an Alberti disk, they must have identical wheels (Gardner, 1972).

Example
The message below was encrypted using the Alberti disks to the right. Try to decrypt it: (Answer below)
 * PJLBLSKER

‎

Cyclic Cipher
With the cyclic cipher, a filter is applied to a filter where the master filter is time dependent and the lower filter time independent. There is a regular rule to transcribe one letter to another, such as a rotation. But, rather than a constant rotation, the lower filter which actually encrypts the message is changed each time by the higher level filter. This concept introduces the concept of a key, which is commonly used today. That is, in addition to the knowledge of the method used to decrypt the message (cyclic cipher,Caesar cipher, etc.) one must also know the key in order to successfully decrypt the message. One of the most famous uses of this type of cryptography was the Egnima machine developed in Germany during World War I (Lehtinen, 2006).

Today's Encryption
Today we are dealing with computers and numbers rather that machines and letters, but today's encryption still proceeds by some of the age-old principals of substitution and transcription. Every encipherment, no matter how complex can be broken down into combinations of simple elements (Singh, 1999).

‎

Keys
In addition to the knowledge of the algorithm being used, in order to decrypt a message, one must have knowledge of the encryption key(s).

‎

Example (Clockwise Spiral Path)
To the right is an illustration of an algorithm called a clockwise spiral path (Gardner, 1972). To decrypt a message using this algorithm, put the groups of letters in the message in the columns of the 4 X 5 matrix. Then follow the arrows to read the message.


 * EITR MYAD METH TGHU ENXS

Did it work? It should not. That was because you also needed to know the key and know how to use it. The key is FRANK. It represents the order of the columns. Simply translate FRANK into numbers which represent the alphabetical order that the letters in the key appear. Then place the columns in that order in the matrix (table).

Hint: FRANK translates to 25143. (That is A gets a 1, F gets a 2, K gets a 3, N gets a 4 and R gets a 5.) (Solution Below)

Secret Key
As is seen in the above example, in order to decrypt a message, one must have knowledge of the algorithm used as well as the key. In today's information age, messages are transmitted via networks. Therefore, it is important to keep the key secret from intruders. It should also be noted that all information stored on computers is stored as a series of 0s and 1s or binary. That means that even words are converted and stored as binary. Therefore, today's algorithms are mathematical. To make it harder for intruders to decrypt messages, the algorithms used should be one-way mathematical functions rather than two-way mathematical functions. This is because one-way functions are much harder to reverse (Singh, 1999).

Examples
‎ Two-Way Function (multiplication)
 * y = ab  (a times b)
 * If y is 6 and a is 2, the function is easy to reverse to calculate that b is 3. (reversed using division)

One-Way Function (modular arithmetic)
 * y = a mod b


 * What is a if y = 4 and b = 3?


 * To answer this question, one must have a knowledge of modular arithmetic which is sometimes referred to as clock arithmetic (Gardner, 1972). y represents the remainder of the division operation.
 * Example:
 * 7 mod 4 = 3      because    7 divided by 4 = 1 with a remainder of 3
 * 15 mod 2 = 1     because   15 divided by 2 = 7 with a remainder of 1
 * 12 mod 5 = 2     because    12 divided by 5 = 2 with a remainder of 2


 * Therefore you can see that there can be several answers to the above question:


 * 4 mod 3 = 1
 * 10 mod 3 = 1
 * 16 mod 3 = 1
 * 31 mod 3 = 1

Using the concept of a a secret key, Bob and Alice exchange information. The information is not the key, but used in a one-way function to establish a key. Therefore, even if Eve intercepts the information, she still does not have access to their secret key.

‎

Public Keys
The encryption methods mentioned so far have been symmetric. That means that the unscrambling process is the opposite of the scrambling process. With symmetric encryption, the same key is used both to encrypt and decrypt a message. With asymmetric encryption, the encryption key and the decryption key are different. The decryption key, known as the private key, is used to decrypt a message. The encryption key, known as the public key, is used to encrypt a message. In addition, it is published so that it is available for everyone to see (Singh, 1999).

Encryption Strength
The technique or rule selected for encryption is known as the encryption algorithm. Most encryption techniques use rather simple mathematical formulas using functions such as modular arithmetic, but applied to very large numbers and in conjunction with other functions. The type of encryption algorithm, the secrecy of the keys and a number of other characteristics together form what is referred to as the strength of the encrypted message (Lehtinen, 2006).

‎

Cryptography in Education
Currently, most schools use computers to store academic files as well as personal information about students and employees. Encryption can be an effective way to protect this information. Schools, in fact, are bound by several laws and regulations regarding the security of student information. Cryptography is core to this security (Schneier, 2004).

FERPA
FERPAstands for the Family Educational Rights and Privacy Act of 1974. This federal law governs the privacy and handling of educational records. Under this law, non-directory information which includes such information as ethnicity, grade point average and test scores is considered private information. This information is not to be released to anyone without written consent from the student (FERPA, 1974).

PPRA
PPRA stands for Protection of Pupil Rights Amendment. This amendment "seeks to ensure that schools and contractors obtain written parental consent before minor students are required to participate in any ED-funded survey, analysis, or evaluation that reveals information concerning:


 * Political affiliations;
 * Mental and psychological problems potentially embarrassing to the student and his/her family;
 * Sex behavior and attitudes;
 * Illegal, anti-social, self-incriminating and demeaning behavior;
 * Critical appraisals of other individuals with whom respondents have close family relationships;
 * Legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers; or
 * Income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program)."

Therefore the confidentiality of student information is imperative.



Transposition Cipher
CRYPTOGRAPHY

Caesar Cipher
YELLOW

Substitution Cipher
SUMMER VACATION

Alberti Disk
THIS IS FUN

‎

Clockwise Spiral Path
MEET ME THURSDAY NIGHT