1. Cryptography
Name: T Sampathkumar Name: Sudeep
Year: III/IV CSE , Year: III/IV CSE,
e-mail: sampaththatikonda@rocketmail.com e-mail : sudeep4u_lp@yahoo.com
ABSTRACT
This paper introduces Cryptography All these methods and means of communication
Techniques. Cryptography is “The science of have
protecting data” & Network Security “keeping
played an important role in our lives, but in the
information private and Secure from
unauthorized Users”. past
This paper gives the Fundamental few years, network communication, especially over
Requirements for the Data Transmission, the the Internet, has emerged as one of the most
security attacks like Interruption, Interception powerful
and Modification of the data Transmission. Methods of communication with an overwhelming
The Cryptographic Process Impact on our lives. Such rapid advances in
explaining through a generalized function is
Communications technology have also given rise
discussed through which encryption and
decryption is done by the various algorithms to
like RSA algorithm, Hash Functions and Security threats to individuals and organizations.
many cryptographic algorithms.
Fundamental Requirements
Introduction
Confidential: Is the process of keeping
The Cryptanalysis is the process of information
attempting to discover the plain text and/ or the private and Secret so that only the intended
key. recipient
Applications of Various Cryptographic is able to understand the information.
Technologies. Authentication: Is the process of providing proof
of
Why & How to Provide Network Security in the identity of the sender to the recipient, so that the
Certificates issuing, The Validity & Trust for recipient can be assured that the person sending
Certificate the
Services, Certificate Revocation in the Internet, information is who and what he or she claims to
Intranet and other Network Communications, the be.
Applications of Network Security to the various Integrity: Is the method to ensure that information
Data is
Transfer techniques and protocols. not tampered with during its transit or its storage
From the dawn of civilization, to the highly on
networked societies that we live in Today the network. Any unauthorized person should not
communication has always been an integral be
part of our existence. able to tamper with the information or change the
• Radio communication Information during transit
• Network communication Non-repudiation: Is the method to ensure that
• Mobile communication information cannot be disowned. Once the non-
repudiation
• Telephonic communication
process is in place, the sender cannot
2. deny being the originator of the data.
source destination What is Cryptography?
The term cryptology has its origin in Greek
Kryptós lógos , which means “hidden word.”
Cryptography is the science of protecting data,
which
provides means and methods of converting data
into
Unauthorized user
unreadable form, so that Valid User can access
Information at the Destination. Cryptography is the
science of using mathematics to encrypt and
Security Attacks decrypt
data. Cryptography enables you to store sensitive
Interruption: In an attack where one or more of information or transmit it across insecure networks
the (like the Internet) so that it cannot be read by
systems of the organization become unusable due anyone
to except the intended recipient. While cryptography
attacks by unauthorized users. This leads to is
systems the science of securing data, cryptanalysis is the
being unavailable for use. science of analyzing and breaking secure
communication. Cryptanalysts are also called
Interception: An unauthorized individual attackers. Cryptology embraces both cryptography
intercepts and cryptanalysis.
the message content and changes it or uses it for
malicious purposes. After this type of attack, the Cryptography Terminology
message does not remain confidential.
a) Plaintext: The original intelligible
Modification: The content of the message is message.
modified b) Cipher text: The transformed message.
by a third party. This attack affects the integrity of c) Cipher: An algorithm for transforming an
the message. So for maintaining the data secretly intelligible
while message to unintelligible by transposition.
communicating data between two persons or two d) Key: Some critical information used by the
organizations data is to be converted to other cipher,
format known only to the sender & receiver.
and the data is to be transmitted. So now we deal e) Encipher :( Encode) the process of converting
with plaintext to cipher text using a cipher and a key.
the Cryptography which is process of transmitting f) Decipher :( Decode) the process of converting
data securely without any interruption. Network cipher text back into plaintext using a cipher & key.
security is the security of data transmission in the g) Cryptanalysis: The study of principles and
communication. methods of transforming an unintelligible message
3. back into an intelligible message without are being built as distributed applications, the
knowledge of the key. Also called code breaking physical
h) Cryptology: Both cryptography and security model has lost its significance. The advent
cryptanalysis of
i) Code: an algorithm for transforming an the internet and the web has raised the scale and
intelligible frequency of network Security threats.
message into an unintelligible one using codes.
j) Hash algorithm: Is an algorithm that converts Common Security Threats
text
string into a string of fixed length. Identity interception: It means that someone
k) Secret Key Cryptography (SKC): Uses a might
single steal your identity and use it as their own.
key for both encryption and decryption Masquerading. If you send your username and
l) Public Key Cryptography (PKC): Uses one key password in clear text form, someone might be
for able to
encryption and another for decryption grab it from the network and use it elsewhere with
m) Pretty Good Privacy (PGP): PGP is a hybrid the
cryptosystem. intention of perpetrating fraud.
n) Public Key Infrastructure (PKI): PKI feature is Replay attack: They might capture your request of
Certificate authority. withdrawing 1000 dollars from your Bank account
and
then replay that request over the network.
Data interception and manipulation: If someone
can read your credit card information while it is on
the
Network Security wire, they could cause a lot of trouble for you.
Repudiation: When someone performs a
For Distributed computing transaction
• Logical set of services distributed and then deny it later can be a big problem in
over the network ecommerce.
• Physical security model does not For example, if you are manufacturer of
work anymore something and you received a 1 million dollar
For Internet and Web purchase request from a customer, you will want to
make sure that person does not deny it after the
• Increase of security threat transaction has been completed. We all know what
• More stringent security for Ecommerce “denial of service” means.
and B2B
Network Security Needs
Why network security? Security Needs of an Enterprise
When networks were not that pervasive, that • Single sign-on Internet and intranet
is when computing devices were running in their
own • Controlled access to corporate
Islands, it was rather easy to deal with security. information
The • Secure business transaction over
only thing they needed to do was to lock the door. Internet
Now, as more and more computing devices are
getting connected and more and more applications • Centralized, easy to use security
admin
4. tools
Key Process Techniques
• Transparency of security features
• Interoperable security systems
Symmetric-Key Encryption: One
• Various PKI schemes, Kerbos Key
Symmetric-key encryption, also called shared-key
Common Network Security Needs encryption or secret-key cryptography, uses a
single key that both the sender and recipient
possess.
• Authentication (Identity verification)
This key, used for both encryption and decryption,
• Access control (Authorization) is
called a secret key (also referred to as a
• Data confidentiality (Privacy)
symmetric
• Data integrity (Tamper-proofing) key or session key). Symmetric-key encryption is
an
• Non-repudiation (Proof of transaction)
efficient method for encrypting large amounts of
• Auditing data.
But the drawback is to transfer the Key to Receiver
Cryptographic Process Basic Process as
it is prone to security risks.
M is the original message
K enc is encryption key Public-Key Encryption: Two Keys
M' is the scrambled message
K dec is decryption key Two keys—a public key and a private key, which
It is “difficult” to get M just by knowing M' are mathematically related—are used in public-key
E and D are related such that encryption. To contrast it with symmetric-key
E(K enc , M) = M' encryption, public-key encryption is also
D(K dec , M') = M sometimes
D(K dec , E(K enc , M)) = M called asymmetric-key encryption. In public-key
Plaintext—M Cipher text—M' Original encryption, the public key can be passed openly
Plaintext—M between the parties or published in a public
Decryption function—D Encryption repository, but the related private key remains
function—E private.
So how does cryptographic process work? Data encrypted with the public key can be
The idea is rather simple. Let's say you have decrypted
plaintext only using the private key. Data encrypted with the
M. By providing the encryption key and the private key can be decrypted only using the public
encryption key. In Figure 1, a sender has the receiver's public
function you get cipher text, M'. The cipher text key and uses it to encrypt a message, but only the
can be receiver has the related private key used to
decrypted using a decryption function and a decrypt
decryption key and the result is the original text. In the message.
cryptographic process the mathematical property
is Private Key Method
such that it is practically impossible to derive M Public Key Method
from Encryption is done with Public Key and
M' unless the key is known. Decryption with another key called Private Key.
This
5. is called Public Key Cryptography. aside, the patent for RSA expired in September
2000
Public-key cryptography algorithms which does not appear to have affected RSA's
popularity one way or the other.
RSA: The first, and still most common,
PKC implementation, named for the three MIT Diffie-Hellman: After the RSA algorithm
mathematicians who developed it — Ronald Diffie and Hellman came up with their own
Rivest, algorithm.
Adi Shamir, and Leonard Adleman. RSA today is D-H is used for secret-key key exchange only, and
used in hundreds of software products and can be not
used for key exchange, digital signatures, or for authentication or digital signatures.
encryption of small blocks of data. RSA uses a
variable size encryption block and a variable size Digital Signature Algorithm (DSA): The
key. algorithm specified in NIST's Digital Signature
The key-pair is derived from a very large number, Standard (DSS), provides digital signature
n, capability
that is the product of two prime numbers chosen for the authentication of messages.
according to special rules; these primes may be
100 Elliptic Curve Cryptography (ECC): A
or more digits in length each, yielding an n with PKC algorithm based upon elliptic curves. ECC
roughly twice as many digits as the prime factors. can
The offer levels of security with small keys comparable
public key information includes n and a derivative to
of RSA and other PKC methods. It was designed for
one of the devices with limited compute power and/or
factors of n; an attacker cannot determine memory,
the prime factors of n (and, therefore, the private such as smartcards and PDAs
key)
from this information alone and that is what makes Hash functions
the An improvement on the Public Key scheme is
RSA algorithm so secure. (Some descriptions of the addition of a one way hash function in the
PKC process. A one-way hash function takes variable
erroneously state that RSA's safety is due to the length input. In this case, a message of any length,
difficulty in factoring large prime numbers. In fact, even thousands or millions of bits and produces a
large prime numbers, like small prime numbers, fixed-length output; say, 160-bits. The hash
only function
have two factors!) The ability for computers to ensures that, if the information is changed in any
factor way
large numbers, and therefore attack schemes such even by just one bit an entirely different output
as value
RSA, is rapidly improving and systems today can is produced.
find Hash functions, also called message digests
the prime factors of numbers with more than 140 and one-way encryption, are algorithms that, in
digits. The presumed protection of RSA, however, some
is sense, use no key Instead; a fixed-length hash
that users can easily increase the key size to value
always is computed based upon the plaintext that makes it
stay ahead of the computer processing curve. As impossible for either the contents or length of the
an plaintext to be recovered. Hash algorithms are
6. typically used to provide a digital fingerprint of a means that it prevents the sender from claiming
file's that
contents often used to ensure that the file has not he or she did not actually send the information.
been altered by an intruder or virus. Hash These
functions features are every bit as fundamental to
are also commonly employed by many operating cryptography
systems so encrypt passwords. Hash functions, as privacy, if not more.
then, A digital signature serves the same purpose
help preserve the integrity of a file. as a handwritten signature. However, a
As long as a secure hash function is used, handwritten
there is no way to take someone's signature from signature is easy to counterfeit. A digital signature
one is
document and attach it to another, or to alter a superior to a handwritten signature in that it is
signed nearly
message in any way. The slightest change in a impossible to counterfeit, plus it attests to the
signed contents
document will cause the digital signature of the information as well as to the identity of the
verification signer.
process to fail.
Public-Key Encryption for Digital Certificates
Applications Of Cryptography Digital certificates, or cert., simplify the task
of establishing whether a public key truly belongs
1. Defense Services to
2. Secure Data Manipulation the purported owner. A certificate is a form of
3. E –Commerce credential. Examples might be your birth
4. Business Transactions certificate.
5. Internet Payment Systems Each of these has some information on it
6. Pass Phrasing identifying
7. Secure Internet Comm. you and some authorization stating that someone
8. User Identification Systems else
9. Access Control has confirmed your identity. Some certificates,
10. Computational Security such
11.Secure access to Corp Data as your passport, are important enough
12.Data Security. confirmation
of your identity that you would not want to lose
Public-Key Encryption for Digital Signatures them,
lest someone use them to impersonate you.
A major benefit of public key cryptography is
that it provides a method for employing digital Digital Certificate
signatures. Digital signatures enable the recipient
of A digital certificate is data that functions much
information to verify the authenticity of the like a physical certificate. A digital certificate is
information's origin, and also verify that the information included with a person's public key that
information is intact. Thus, public key digital helps others verify that a key is genuine or valid.
signatures provide authentication and data Digital certificates are used to thwart attempts to
integrity. A substitute one person's key for another.
digital signature also provides non-repudiation,
which A digital certificate consists of three things:
7. • A public key.
• Certificate information. ("Identity" Secret-key encryption algorithms (Symmetric
information algorithms)
about the user, such as name, user ID,
and • DES (Data Encryption Standard) -- 56 bit
so on.) key
• One or more digital signatures. • Triple DES --112 bit key
The purpose of the digital signature on a • IDEA (International Data Encryption
certificate is to state that the certificate information Algorithm) --128bit key
has been attested to by some other person or
entity. Public-key encryption algorithms (Asymmetric
The digital signature does not attest to the algorithms)
authenticity
of the certificate as a whole; it vouches only that Diffie-Hellman (DH): Exponentiation is easy
the but computing discrete logarithms from the
signed identity information goes along with, or is resulting
bound to, the public key. Thus, a certificate is value is practically impossible
basically a public key with one or two forms of ID
attached, plus a hearty stamp of approval from
some
other trusted individual.
Cryptographic Technologies
Based on Layers RSA: Multiplication of two large prime
• Link layer encryption numbers is easy but factoring the resulting product
• Network layer encryption is
• IPSEC, VPN, SKIP practically impossible
• Transport layer
• SSL, PCT(Private Communication
Technology) Public Key Infrastructure (PKI)
• Application layer
• PEM (Privacy Enhanced Mail) Introduction
• PGP (Pretty Good Privacy)
• SHTTP The term public key infrastructure (PKI) is
Cryptographic process can be implemented at used to describe the policies, standards, and
various software
layers starting from the link Layer all the way up to that regulate or manipulate certificates and public
the and
application layer. The most popular encryption private keys. In practice, PKI refers to a system of
scheme is SSL and it is implemented at the digital certificates, certification authorities (CA),
transport and
layer. If the encryption is done at the transport other registration authorities that verify and
layer, authenticate the validity of each party
any application that is running on the top of the involved
transport layer can be protected. in an electronic transaction. Standards for PKI
are still evolving, even as they are being
Based on Algorithms widely
8. implemented as a necessary element of electronic certificate is in compliance with the criteria
commerce. This section will help you understand established
what by the CA policy.
a PKI is and what services are required to build a Certificate enrollment: The procedure that an
PKI. end
entity follows to request and receive a certificate
PKI concepts on Certificates from
a CA. The certificate request provides identity
Certificate: A public key certificate is a digitally information to the CA
signed statement used for authentication and Certificate Revocation: Certificates have a
secure specified
exchange of information on the networks. The lifetime, but CAs can reduce this lifetime by the
issuer process known as certificate revocation. The CAs
and signer of the certificate is known as a publishes a certificate revocation list (CRL) that
certification lists
authority (CA). Certificate has No, Validity, Uses of serial numbers of certificates that it considers no
the Key pair (Public & Secret) longer usable.
Certification Authority: A certification authority Certificate Chain Validation: In a network, when
(CA) we
is an entity trusted to issue certificates to a generate a request for a new certificate, the
requesting information in that request is first passed from the
entity. A CA verifies the requester's information requesting program to Certificate Authority (CA)
according to the policy of the CA, and then uses its then
private key to apply its digital signature to the passes the appropriate data to a program known
certificate. as a
cryptographic service provider (CSP) A CSP is an
CA Policy: A CA issues certificates to requesters independent software module that performs
based on a set of established criteria. The set of cryptography operations, such as secret-key
criteria that a CA uses when processing certificate exchange, digital signing of data, and public-key
requests is referred to as CA policy. Typically, a authentication. Chain-building mechanism
CA attempts to
publishes its policy in a document known as a build a certification path (a certificate chain) from
Certification Practice Statement (CPS). the
end-entity certificate, such as a user certificate, up
Types of Certification Authorities to
a CA root certificate.
Self-signed CA: The public key in the certificate
and Attacking Cryptography Cryptanalysis
the key used to verify the certificate are the same
Subordinate CA: The public key in certificate and Cryptanalysis is the process of attempting to
the discover the plaintext and/ or the key. The types of
key used to verify the certificates are different. Cryptanalysis attacks are
Rooted CA: This is trusted unconditionally by a
client Differential Cryptanalysis Attack:
and is at top of a certification hierarchy.
Registration: Registration is the process by which The differential cryptanalysis attack looks
a specifically at
certificate is issued to the subject, provided that pairs of cipher texts whose plaintext has some
the
9. specific differences. It analyzes these differences describes the cryptographic concepts of symmetric
as key
the plaintext propagates through various rounds of encryption, public-key encryption, types of
Data Encryption Standards (DES) when they are encryption algorithms, hash algorithms, digital
encrypted with the same key. signatures, and key exchange. The Cryptography
Attacking techniques like Cryptanalysis and Brute
Linear Cryptanalysis Attack: Force Attack. This Paper provides information of
Network Security Needs and Requirements.
Linear Cryptanalys is attack was invented by Cryptography is a particularly interesting field
Mitsuru Matsui in 1993. This method is based on because of the amount of work that is, by
the concept that if you XOR some of the plaintext necessity,
bits together, XOR some cipher text bits together, done in secret. The irony is that today, secrecy is
and then XOR the results, you will get a single bit not
that is the XOR of some of the key bits. A large the key to the goodness of a cryptographic
number of such plain/cipher texts pairs are used algorithm.
to guess the values of the key bits Regardless of the mathematical theory behind an
algorithm, the best algorithms are those that are
Brute Force Attack well known
and well-documented because they are also
The simplest attack to decipher a DES key is well-tested and well-studied! In fact, time is the
the brute force attack. The brute force attack on only
the true test of good cryptography; any cryptographic
DES algorithm is feasible because of the relatively scheme that stays in use year after year is most
small key length (56 bit) and ever-increasing likely
computational power of the computers. It can a good one. The strength of cryptography lies in
break the
through any cipher by trying all keys that possibly choice (and management) of the keys; longer keys
exist. However, in brute force attacks, the time will resist attack better than shorter keys.
taken
to break a cipher is directly proportional to the References:
length • Cryptography and Network Security –By
of the key. In a brute force attack, keys are William Stallings.
randomly • Introduction to Cryptography –By Aysel
generated and applied to the cipher text until the Ozgur
legitimate key is generated. The Average Time • www.en.wikipedia.org.
Required for Exhaustive Key Search • http://www-users.cs.umn.edu/
http:/
Conclusion
Cryptography protects users by providing
functionality for the encryption of data and
authentication of other users. This technology lets
the
receiver of an electronic message verify the
sender,
ensures that a message can be read only by the
intended person, and assures the recipient that a
message has not be altered in transit. This paper