SlideShare a Scribd company logo

Network security notes

•
•
N
netlabacademy
Education
1 of 14
Download to read offline
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com INTRODUCTON TO CRYPTOGRAPHY Compiled by A.K.Asokan : : email:asokanak@hotmail.com Please read the paragraph below once and then continue… Sheela used the public key of Tom and encrypted a message and sent it to Tom. Tom has decrypted the message with his private key and he understood that sheela wanted to make sure his identity and asked him to send his digital signature. Tom then send a quick reply to sheela telling that the next day he will send the digital signature and he encrypted the message with sheelas public key. Sheela received the same and read it after decrypting it with her private key. The next day Tom has sent her another message. This message has a message digest with it as he used hash encryption to create the digest. Tom has encrypted the digest with his private key and he encrypted the original message with sheelas public key. On receiving the message, sheela decrypted the digest using Toms public key and she then decrypted the original message with her own private key, since it has been encrypted with her public key by Tom. In order to verify the digital signature, sheela did a hashing on the original plain text message sent by Tom and compared the resulted message digest with the message digest which Tom has sent to her which she decripted using the public key of Tom. There was no difference in the message digests and she confirmed the integrity of the data and also verified the digital signature. She also cross checked the digital signature and public key of Tom in the Directories provided by the CA. Thoroughly confused?…. You are in the right track.. read on….. Foreward This note has been compiled by me especially for the CISA aspirants to get a basic idea about Computer security concepts like Cryptography, Crypto systems, Public key infrastructure (PKI), Symmetric key or private key and assymmetric key or public key, message digest, encryption, decryption, digital signature, hashing algorithm, Certificate Authority etc., and the overall working of the ‘system’. This note is not a technical writing on the subject and it is intented to circulate among the CISA group members ONLY. Utmost care is taken to explain the concepts in the right perspective. Unlike my previous notes, this note will be a bit hard to understand because we deal with ‘security’ and none of the concepts are light weight. Have a nice time and good luck to all those who are going to take the forthcoming CISA exam. – A.K.Asokan. Network Security Eversince we explored new possibilities in communication over a networked environment, the threats, and security issues are also associated somehow. In order to overcome such threats and vulnerabilities, we have been struggling hard to find out new ways and methods. Cryptography is a method by which communication can be sent in a secured manner.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 2 What is cryptography Cryptography has a history dates back thousand years. It refers to "the art of writing in secret characters". The main purpose of cryptography is to enable secure communications between the two parties, the sender and the receiver. If someone intercepted the message while in transit, he will not be able to read or understand the original message because the data in between the sender and the receiver will be a ‘scrambled message’. The scrambled message is otherwise known as ‘encrypted message’ and it is achieved with a computer program and a key. Only the receiver who has the key to ‘unscramble’ or “decrypt it, can read and understand the message. If that is so, how do we ensure the following? How do we ensure the confidentiality of the data received? How do we ensure that no one has altered the data while it was transmitting from the sender to the receiver? How do we ensure that the message is originated only from the person who claims who he is? What is the guarantee that at a later date, the sender will not deny that he has not sent such a message at all? How do we prove it that only he sent the message? How to identify that the message we received is definetely altered in transit and it is not the message which was originally sent? All these can be very well answered with the help of cryptographic systems. In the cryptographic systems, the following two systems are important. 1. Secret key or Private key otherwise known as Symmetric key cryptography 2. Public Key Cryptography Symmetric Key or Private key otherwise Secret Key Cryptography Let us understand what is a key, at the outset. Just read the following message and imagine that you are a Bank Manager and you received this message from one of your clients. “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. This is the message you received from one of your clients.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 3 Now, if you did according to the instruction, what happen if your client later denied that he has not instructed so and he is going to sue you? What is your proof that he only has sent you the message? So some mechanism should be there to solve this problem. Before answering all such questions, let us understand what is meant by ‘scrambling” or “encrypting”. We achieve this by creating an algorithmic pattern or rules to convert messages to an unreadable form called “scrambled message” or “encrypted message”. For this let us create a key (a rule) now on our own. Let us assume that, when the above plain text message is encrypted, there is an equivalent letter in the encrypted message also which is forward shift all letters by 1 position in the alphabet. That is ‘a’ becomes b, ‘b’ becomes c, ‘c’ becomes d and ‘d’ becomes e etc … Lets now encrypt the message. The Key: Forward shift all letters by 1 position in the alphabet that is a becomes b, b becomes c, c becomes d and d becomes e etc (So we created an angorithmic parttern on our own now) Original message : “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. Now if we apply our ‘key’ to the original message, then we get an “encrypted message” as below. Encrypted message according to our above key : psefs uxp upot pg cmbdl nfubm gspn btplbo boe usbotgfs ufo mbli epmmbst up ijt bddpvou. (This encrypted message is known as cipher text (after encryption of the plain text). To decipher or unscramble or decrypt the above encrypted text, what key we have to use? Very simple! It is the opposite of the key we used to encrypt. That is backward shift all letters by 1 position in the alphabet that is d becomes c, c become b, b become a and so on. Now if you apply the backward shift all letters by 1 key to the above encrypted message, we get the original plain text message: “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. For instance, you as bank manager keeps the key to decrypt it, and your client has the key to ‘encrypt” it, then, no one can read and understand the message in transit. (Remember the ‘key’ what we discuss is only for example purpose. In reality, the algorithmic pattern will be much more complex that no one can unscramble it, if the message captured in transit) Therefore, “encryption” is the process of translating a 'normal message' called plain text to a message written with 'secret characters' known as cypher text. “Decryption” is the process of translating a message written with 'secret characters' (the cypher text) into a readable, normal message called plain text. For both the operations, we need a KEY.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 4 Think of this key as your main door key. Let us say it is the ‘secret’ key or “private” key for you. You use the key to lock the door and you use the same key to unlock it. If you have another duplicate key, you can give it to your wife and she can use the same key to lock and unlock the door. If you think the same in encryption and decryption, you use the same ‘secret’ key to ‘encrypt’ the message and the same key is used to ‘decrypt’ the message. If you lock the door, your wife can open the door provided both of you must have the same key. If you distributed the secret keys to 20 of your family members and you locked the door with your secret key, then any of the 20 members can open the door!. Like that if you ‘encrypt’ a message with your secret key and distribute your ‘key’ to another 20 people, all of them will be able to ‘decrypt’ the message. What happens if a culprit like me got the key somehow from any one of you? I can also open your door or I can also ‘decrypt’ your message and read the contents? So what we understand here is, the distribution of the secret key or ‘symmetric key’ is a problem. Symmetric means similar or equal. Since we use the ‘same’ key to encrypt and decrypt, the name ‘Symmetric’. You have to somehow trust a communication channel for the key distribution. More over, if someone compromised the key which is used to ‘encrypt’ a message, it is very very easy to generate the other key to ‘decrypt’ the message from that key itself. The is the major disadvantage of ‘secret’ key otherwise known as ‘symmetric key’. Refer table 1 below for an example.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 5 Table 1. Secret key or Private key otherwise known as Symmetric key cryptosystem. Plain text message. “Send ten Step 1 thousand dollars to Asokan” Step 2 Encrpt it with the secret key Step 3 (Encrypted message or Both these keys are one @## $#$# $%& *(* $%$ and the same in cipher text.) @#@# $%^ *(*)(&$ Symmetric cryptography as your main door key which you use for both locking and unlocking. Step 4 send it to the receiver Step 5 Receiver Decrypts it with secret key Derived the plain text Step 6 message “Send ten thousand dollars to Asokan”
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 6 Public Key Infrastructure Public key infrastructure is a broad concept where there are lot of components in that. PKI is “The framework and service that provides for the generation, production, distribution, control and accounting of public key certificates and provides the critically needed support to application and providing confidentiality and authentication of network transactions as well as data integrity and non-repudiation” It is basically “Asymmetric’ means there will be TWO keys for the communication process i.e. the Public key and the Private key. These keys are mathematically related. “Asymmetric” can be thought of ‘not similar’. Please do not be in a hurry to think that one is for encryption and another is for decryption. It should not be understood (misunderstood) in that way. Understanding how the ‘key pair works’ is a lovely concept you might ever enjoyed in Network security. Let us see what are the components of PKI. The Public Key Infrastructure or popularly known as PKI has the following components. • Root Certification Authority (Root CA) • Certification Authority (CA) • Registration Authority (RA) • Local Registration Authority (LRA) • Directories and • Users Let us first understand about the ‘key pairs’, The “Public key” and the “Private key”. (The private key should not be confused with the key utilized in private key cryptography or secret key cryptography explained above. The perspective meaning of the word ‘private’ here in Asymmetric or public key cryptography is that it is just private as we used to say “it is my private afffair don’t poke your nose into that”. It means not to discolse or share the key with another person, that’s all.) For anyone who has the apprehension “how these keys will look like” do not visualise these as physical keys. All are driven by software programmes. At the end of the day you click once for “encryption” and you click once for “decryption” that is what happens. So we have two keys in front of us. One is the “Public key” and the other is the “Private key”. Imagine what happens if you display your phone number in your website. Everyone in the world can see that and note it down. Like that the public key is the key which has to be distributed publically for anyone who can copy it into their own machine. Why they are copying the public key into their machine? Because they want to send you messages in an ‘encrypted form” otherwise to communicate with you securely. Fine. In that case, can I copy any public key and use the same for ‘encrypting messages” for communicating to all my friends? The answer is NO. It is not possible because the keys are ‘pairs’. The idea is that if you encrypt a message with a public key, only the corresponding private key can decrypt it. Not any other private key. The ‘private key’ is
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 7 to be kept confidentially with the owner. It is private or personal to him. It is his responsibility to keep it confidentially. Not to be shared with anyone as you keep your password. A very important concept here to understand is that both the keys can be used to encrypt a message and both the keys can be used to decrypt a message. But in what context, which key is the crux of the matter. That is the fact which make the ‘security’. Now let us look at the following example carefully and understand where and when we have to use and what keys! I want to send a ‘secure’ message to my friend Mr.Mukesh Pandya. To do this, first of all I must have his public key to encrypt the message. Yes. His public key. I will encrypt my message with Mr.Mukesh’s public key. Once I encrypted the message, it becomes in a ‘scrambled’ format known as cipher text. I, then send it to him and he will ‘decrypt’ it with his private key and read the message. Now (please read carefully) he wants to reply me for my message. What he has to do is, he has to encrypt the message with MY PUBLIC KEY and send it to me. Only then, I will be able to decrypt it and read the reply message. Suppose he has encrypted the reply message with his private key, instead of my public key, what is the implication? The message can be decrypted with his public key only. Fine. Who has his public key? The entire world has! That means anyone who has his public key can read the message! Is there any security? Instead of that, if he correctly encrypted the message with my public key, and inadvertantly if the message has gone to any other person, no one will be able to ‘decrypt’ it except me because the ONLY person who has the corresponding private key to decrypt the message is ME. Here the communication is secured. If someone is intercepted the message in between he will not be able to read the message and it is highly difficult to generate the opposite key from one key in PKI. But then what is the use of ‘encrypting a message” with Private key? There is definetely a context in which you ‘must’ use the private key for encryption which we will discuss in a minute. Another example, Mr.Tom wants to write to sheela, Tom uses the public key of sheela and encrypt his message with sheela’s public key and send it to her. Sheela decrypt Tom’s message with her private key and read the message. When she replies to Tom, she uses Tom’s public key to encrypt her message and send it to Tom. Tom, on receiving the message, uses his private key to decrypt it and read sheelas reply. Refer table 2. below for an example.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 8 Table 2. Public Key Infrastructure - Asymmetric cryptosystem Plain text message. “Send ten Step 1 thousand dollars to Asokan” Step 2 Encrpt it with the public key of the receiver Step 3 (Encrypted message or Both these keys are @## $#$# $%& *(* $%$ different in Asymmetric cipher text.) @#@# $%^ *(*)(&$ cryptography. Step 4 send it to the receiver Step 5 Receiver Decrypts it with his private key Derived the plain text Step 6 message “Send ten thousand dollars to Asokan”
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 9 From the above examples, it must be understood that any two parties can communicate securely provided both the parties (sender as well as receiver) must own their own key pairs. If you want to send secure messages to ten of your friends, you must have the public keys of all the ten friends in your computer. If all the ten friends have to reply you in a secured way, then they all must have your public key to encrypt the messages. Remember our previous message received by the Bank Manager? I shall write down the same for you below. “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. Upon receiving the messages from the client, the bank manager, who wanted to do things at a fast pace, ordered two tons of black metal from Asokan and he transferred 10 lakh dollars to Asokan’s account. Subsequently he got a telegram from the client stating that they have not given any instruction to the manager to debit their account and the action of the manager having debited 10 lakh dollars is wrong and he is gong to sue the bank. What to do in this situation. Both of them went to the court. In the court, the bank manager when asked to show the proof of having received the above message from the client, he brought his computer and the message and proved that the message has been really sent by the client only!. The client could not deny any more and he heard the music after that. Let us now discuss how the bank manager proved this. When the sender of a message cannot deny having sent the message is known as “nonrepudiation”. This is accomplished when the sender ‘signs’ a message with his ‘private key’. This is called digital signature. When a message comes to you which is digitally signed, we can make sure that it is coming from the same person who claims who he is. It is possible because only he has the private key. Since only the public key can decrypt the private key, the message must have come from the sender. Non- repudiation protects against the sender saying “I didn’t send the message”. In the above example also, the bank manager showed the digital signature to the judge and his verdict was “Yes. You only has sent the message because you signed it with your privte key”. A digital signature is used to verify the integrity of the message and encryption is used to protect the contents. (Both these concepts are hard to understand and only when you understand the subtle interlinking of these two together, you understand the concept of encryption with digital certificate well. Some new related concepts also will be introduced in between and hence readers are requested to read carefully and if need be please repeat the same so that you get the concept in the right perspective). So far we have understood what is encryption. Recall that I sent an encrypted message to Mr.Mukesh Pandya sometime before? The message was encrypted with his public key and it become a scrambled message and he unscrambled or decrypted it using his
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 10 private key. All that is fine. Here we protected the contents. But can you tell me for sure that what Mr.Mukesh received is the message sent by me? And it is not tampered in transit? I mean whether he can be sure of the integrity of the message? And later if I say that I have not sent that message to him; what happens? How he will prove that I only sent the same? Here is where we learn the concept of digital signature. If I would have digitally signed the message, then Mr.Mukesh could have make sure and proved that it is from me only and it is not tampered in transit. Let us understand how it works. Before we proceed further, I would like to introduce another concept called ‘hash encryption”. There are many types of encryptions. What we discussed so far is symmetric key or secret key encryption, and public key encryption. We will discuss one more encryption method called “hash encryption”. Hash encryption is a special type of encryption that it is a “one way encryption”. One way means, once you encrypted a message, that message become scrambled message and it cannot be unscrambled or decrypted. Obviously what happens if we use hash encryption on the contents of our messages? The message will never be able to decrypt by anyone and hence hash encryption cannot be used for “protecting” the contents of the message. Then what is the use of hash encryption? The use of the hash encryption is for the purpose of digital signature. In order to understand the digital signature, I am going to send the same message to Mr.Mukesh once again, but this time with my digital signature. Fine. What should I do first. I create the message. It is a plain text message now. I apply hash encryption on the message. When I apply hash algorithm on my plain text message, a ‘message digest’ is generated. What is a message digest? It is a ‘scrambled copy’ of my original message. A fingerprint of the original message. Nothing happens to my original message but a message digest is generated. The message digest is comparatively very small when you compare with the original message and it is compressed down to a small size. It is an ‘encrypted summary’ of the original message. Once it is generated, there is no way to reverse the process. It cannot be converted back into plain text, from the hash. So I hashed my plain text message and generated a ‘message digest’. Now I have the original message with me as well as the message digest also with me. I should now send it to Mr.Mukesh. How this will ensure the data integrity? It is very interesting. The following steps are to be done. 1) I encrypt the hashed message digest with my ‘private key’ once again. This encrypted message digest is known as “Digital signature” 2) I encrypt my original message with the ‘public key’ of Mukesh. 3) I send both, the encrypted message and the digital signature to Mr.Mukesh 4) Mukesh receives the same. 5) He detach the digital signature and decrypt it using my public key. 6) He decrypt the original message with his private key. 7) He sees my plain text message and the hashed message digest.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 11 8) He separately ‘re-hash’ my original plain text message once and the hash function generates a message digest. 9) He then compares both the message digests (one which I sent and the other one which he himself generated using hash function on my plain text message). 10) Here he takes a decision of integrity. If the message is not tampered in transit, then both the message digests will be equal. If both the message digests are not matched, then it is sure that the message is tampered in transit. Table 3. Digital Signature Plain text message Step 1 run a hash algorithm. Step 2 Step 3 !@#$ (You get the digest and you also have Plain Text %^&* your plain text message with you) Encrypt the Encrypt the plain text message digest message with with sender’s own This encrypted Step 4 version of message receiver’s private key so digest is called public key so that the receiver ’digital signature’ that he can can identify the decrypt it with sender his private key Send both (the encrypted You can even send a plain text with the digital signature. Step 5 message and the digital signature) to the receiver Step 6 (receiver end) &^%$*# [Encrypted message and the %$^%&^&# @$ Digital signature (encrypted $%$%@# message digest)]
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 12 Decrypt the Since message digest was digital signature encrypted with the sender’s private key, if it is decrypted Step 7 with sender’s with his own public key, then it Decrypt the public key to get is sure that he only has sent ‘encrypted’ the message the message as no one will message with have his private key. digest receiver’s private key Step 8 !@#$ If both the (Plain text and message digest) Plain Text %^&* message digests are equal, then Both are the digital compared signature is verified. The receiver Step 9 !@#$ New Message digest generated re-hashes the %^&* by the receiver plain text to generate a new message digest The Digital signature and the Publick key of anyone can be accessed or cross checked and downloaded from the Certificate Authority’s website and directories.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 13 The speciality of the hash function is that, even if you change a ‘single bit’ of data in the original message, the hash function would produce a completely different message digest. Everything is fine. But where we will cross check whether the digital signature is really belong to the person who claims it to be. This is achieved with the help of “Digital Certificates”. A digital certificate is a digital document that certifies that a certain public key is owned by a particular user. The following are its main content. • Version • Serial number • Certificate issuer • Certificate holder • Validity period (the certificate is not valid before or after this period) • Attributes, known as certificate extensions, that contain additional information such as allowable uses for this certificate • Digital signature from the certification authority to ensure that the certificate has not been altered and to indicate the identity of the issuer • Public key of the owner of the certificate • Message digest algorithm used to create the signature This document is signed and authorised by a third party called the certificate authority (or CA). CA and digital certificate are two elements of the PKI. Digital certificate proves to everyone that your public key is really yours. If you digitally sign your message with your private key, and send the receiver a copy of your certificate, he can know for sure that the message was sent by you because only your public key can decrypt the digital signature and the certificate assures that the public key the receiver uses is yours. You can even publish your digital signature on the website. Sender authentication can be achieved with the use of digital signature and digital certificate. A public key infrastructure consists of: • A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key. • A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to anyone who apply for it. • One or more directories where the certificates (with their public keys) are displayed. The private key is given to the person who apply for it and the public key is made publicly available in a directory that everyone can access. This is part of the digital certificate. • A certificate management system.
Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 14 Now go back and read the first paragraph, you should be able to understand the sequences well. The above notes are provided to get only a preliminary understanding of the cryptosystems.. Cryptography is a deep subject and since it is a security system and every moment, there are hackers who work to break the system, if one has to study in depth in this area, it is desirous that he/she do some research with the available tools and understand the related concepts of ethical hacking and firewall, NAT, IDS, and various standards etc. – Hope this note achieved the purpose –I wish you all Success. A.K.Asokan. Your feedback to asokanak@hotmail.com will be highly appreciated. ___________________________________

Recommended

enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Ch2 how blockchain works
Ch2 how blockchain worksCh2 how blockchain works
Ch2 how blockchain worksRanjanaShevkar
 
Basic encryption
Basic encryptionBasic encryption
Basic encryption503416
 
Symmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographySymmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographyMONIRUL ISLAM
 
How encryption works
How encryption worksHow encryption works
How encryption worksRaxTonProduction
 
A New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher AlgorithmA New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher AlgorithmIJERD Editor
 
Data Communications (under graduate course) Lecture 2 of 5
Data Communications (under graduate course) Lecture 2 of 5Data Communications (under graduate course) Lecture 2 of 5
Data Communications (under graduate course) Lecture 2 of 5Randa Elanwar
 
8th ec & te dec 2014
8th ec & te dec 20148th ec & te dec 2014
8th ec & te dec 2014Coorg Institute of Technology, Department Of Library & Information Center , Ponnampet
 

Recommended

enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Ch2 how blockchain works
Ch2 how blockchain worksCh2 how blockchain works
Ch2 how blockchain worksRanjanaShevkar
 
Basic encryption
Basic encryptionBasic encryption
Basic encryption503416
 
Symmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographySymmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographyMONIRUL ISLAM
 
How encryption works
How encryption worksHow encryption works
How encryption worksRaxTonProduction
 
A New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher AlgorithmA New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher AlgorithmIJERD Editor
 
Data Communications (under graduate course) Lecture 2 of 5
Data Communications (under graduate course) Lecture 2 of 5Data Communications (under graduate course) Lecture 2 of 5
Data Communications (under graduate course) Lecture 2 of 5Randa Elanwar
 
8th ec & te dec 2014
8th ec & te dec 20148th ec & te dec 2014
8th ec & te dec 2014Coorg Institute of Technology, Department Of Library & Information Center , Ponnampet
 
Week12
Week12Week12
Week12s1180004
 
E-mail and Encryption
E-mail and EncryptionE-mail and Encryption
E-mail and Encryptionhey4ndr3w
 
Homework1
Homework1Homework1
Homework1trd10000
 
Crypto
CryptoCrypto
Cryptouniversity of Gujrat, pakistan
 
Cryptography
CryptographyCryptography
CryptographyLearn 2 Be
 
Cryptography
CryptographyCryptography
CryptographyMilap Oza
 
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docx
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docxCryptographic Tunneling and the OSI ModelWrite a paper consisting .docx
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docxmydrynan
 
Workshop on Cryptography - Frequency Analysis (basic)
Workshop on Cryptography - Frequency Analysis (basic)Workshop on Cryptography - Frequency Analysis (basic)
Workshop on Cryptography - Frequency Analysis (basic)Andrea Tino
 
Digital Signature
Digital SignatureDigital Signature
Digital Signatureguestf9788dc7
 
Cryptography Intro - NCL
Cryptography Intro - NCLCryptography Intro - NCL
Cryptography Intro - NCLjrice8
 
Crypt
CryptCrypt
CryptMir Majid
 
Ss
SsSs
Ssyuyatamaru
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptxMelkamtseganewTigabi1
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSCAdv Prashant Mali
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and securityresearch30
 
Amazon
AmazonAmazon
Amazonyuyatamaru
 
Amazon
AmazonAmazon
Amazonyuyatamaru
 
encryption
encryptionencryption
encryptions1170037
 
Amazon
AmazonAmazon
Amazonyuyatamaru
 
Amazon
AmazonAmazon
Amazonyuyatamaru
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

More Related Content

Similar to Network security notes

Week12
Week12Week12
Week12s1180004
 
E-mail and Encryption
E-mail and EncryptionE-mail and Encryption
E-mail and Encryptionhey4ndr3w
 
Homework1
Homework1Homework1
Homework1trd10000
 
Cryptography
CryptographyCryptography
CryptographyLearn 2 Be
 
Cryptography
CryptographyCryptography
CryptographyMilap Oza
 
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docx
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docxCryptographic Tunneling and the OSI ModelWrite a paper consisting .docx
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docxmydrynan
 
Workshop on Cryptography - Frequency Analysis (basic)
Workshop on Cryptography - Frequency Analysis (basic)Workshop on Cryptography - Frequency Analysis (basic)
Workshop on Cryptography - Frequency Analysis (basic)Andrea Tino
 
Digital Signature
Digital SignatureDigital Signature
Digital Signatureguestf9788dc7
 
Cryptography Intro - NCL
Cryptography Intro - NCLCryptography Intro - NCL
Cryptography Intro - NCLjrice8
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSCAdv Prashant Mali
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and securityresearch30
 
encryption
encryptionencryption
encryptions1170037
 

Similar to Network security notes (20)

Week12
Week12Week12
Week12
 
E-mail and Encryption
E-mail and EncryptionE-mail and Encryption
E-mail and Encryption
 
Homework1
Homework1Homework1
Homework1
 
Crypto
CryptoCrypto
Crypto
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docx
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docxCryptographic Tunneling and the OSI ModelWrite a paper consisting .docx
Cryptographic Tunneling and the OSI ModelWrite a paper consisting .docx
 
Workshop on Cryptography - Frequency Analysis (basic)
Workshop on Cryptography - Frequency Analysis (basic)Workshop on Cryptography - Frequency Analysis (basic)
Workshop on Cryptography - Frequency Analysis (basic)
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Cryptography Intro - NCL
Cryptography Intro - NCLCryptography Intro - NCL
Cryptography Intro - NCL
 
Crypt
CryptCrypt
Crypt
 
Ss
SsSs
Ss
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptx
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSC
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and security
 
Amazon
AmazonAmazon
Amazon
 
Amazon
AmazonAmazon
Amazon
 
encryption
encryptionencryption
encryption
 
Amazon
AmazonAmazon
Amazon
 
Amazon
AmazonAmazon
Amazon
 

Recently uploaded

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Dr. Mazin Mohamed alkathiri
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Recently uploaded (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 

Network security notes

  • 1. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com INTRODUCTON TO CRYPTOGRAPHY Compiled by A.K.Asokan : : email:asokanak@hotmail.com Please read the paragraph below once and then continue… Sheela used the public key of Tom and encrypted a message and sent it to Tom. Tom has decrypted the message with his private key and he understood that sheela wanted to make sure his identity and asked him to send his digital signature. Tom then send a quick reply to sheela telling that the next day he will send the digital signature and he encrypted the message with sheelas public key. Sheela received the same and read it after decrypting it with her private key. The next day Tom has sent her another message. This message has a message digest with it as he used hash encryption to create the digest. Tom has encrypted the digest with his private key and he encrypted the original message with sheelas public key. On receiving the message, sheela decrypted the digest using Toms public key and she then decrypted the original message with her own private key, since it has been encrypted with her public key by Tom. In order to verify the digital signature, sheela did a hashing on the original plain text message sent by Tom and compared the resulted message digest with the message digest which Tom has sent to her which she decripted using the public key of Tom. There was no difference in the message digests and she confirmed the integrity of the data and also verified the digital signature. She also cross checked the digital signature and public key of Tom in the Directories provided by the CA. Thoroughly confused?…. You are in the right track.. read on….. Foreward This note has been compiled by me especially for the CISA aspirants to get a basic idea about Computer security concepts like Cryptography, Crypto systems, Public key infrastructure (PKI), Symmetric key or private key and assymmetric key or public key, message digest, encryption, decryption, digital signature, hashing algorithm, Certificate Authority etc., and the overall working of the ‘system’. This note is not a technical writing on the subject and it is intented to circulate among the CISA group members ONLY. Utmost care is taken to explain the concepts in the right perspective. Unlike my previous notes, this note will be a bit hard to understand because we deal with ‘security’ and none of the concepts are light weight. Have a nice time and good luck to all those who are going to take the forthcoming CISA exam. – A.K.Asokan. Network Security Eversince we explored new possibilities in communication over a networked environment, the threats, and security issues are also associated somehow. In order to overcome such threats and vulnerabilities, we have been struggling hard to find out new ways and methods. Cryptography is a method by which communication can be sent in a secured manner.
  • 2. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 2 What is cryptography Cryptography has a history dates back thousand years. It refers to "the art of writing in secret characters". The main purpose of cryptography is to enable secure communications between the two parties, the sender and the receiver. If someone intercepted the message while in transit, he will not be able to read or understand the original message because the data in between the sender and the receiver will be a ‘scrambled message’. The scrambled message is otherwise known as ‘encrypted message’ and it is achieved with a computer program and a key. Only the receiver who has the key to ‘unscramble’ or “decrypt it, can read and understand the message. If that is so, how do we ensure the following? How do we ensure the confidentiality of the data received? How do we ensure that no one has altered the data while it was transmitting from the sender to the receiver? How do we ensure that the message is originated only from the person who claims who he is? What is the guarantee that at a later date, the sender will not deny that he has not sent such a message at all? How do we prove it that only he sent the message? How to identify that the message we received is definetely altered in transit and it is not the message which was originally sent? All these can be very well answered with the help of cryptographic systems. In the cryptographic systems, the following two systems are important. 1. Secret key or Private key otherwise known as Symmetric key cryptography 2. Public Key Cryptography Symmetric Key or Private key otherwise Secret Key Cryptography Let us understand what is a key, at the outset. Just read the following message and imagine that you are a Bank Manager and you received this message from one of your clients. “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. This is the message you received from one of your clients.
  • 3. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 3 Now, if you did according to the instruction, what happen if your client later denied that he has not instructed so and he is going to sue you? What is your proof that he only has sent you the message? So some mechanism should be there to solve this problem. Before answering all such questions, let us understand what is meant by ‘scrambling” or “encrypting”. We achieve this by creating an algorithmic pattern or rules to convert messages to an unreadable form called “scrambled message” or “encrypted message”. For this let us create a key (a rule) now on our own. Let us assume that, when the above plain text message is encrypted, there is an equivalent letter in the encrypted message also which is forward shift all letters by 1 position in the alphabet. That is ‘a’ becomes b, ‘b’ becomes c, ‘c’ becomes d and ‘d’ becomes e etc … Lets now encrypt the message. The Key: Forward shift all letters by 1 position in the alphabet that is a becomes b, b becomes c, c becomes d and d becomes e etc (So we created an angorithmic parttern on our own now) Original message : “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. Now if we apply our ‘key’ to the original message, then we get an “encrypted message” as below. Encrypted message according to our above key : psefs uxp upot pg cmbdl nfubm gspn btplbo boe usbotgfs ufo mbli epmmbst up ijt bddpvou. (This encrypted message is known as cipher text (after encryption of the plain text). To decipher or unscramble or decrypt the above encrypted text, what key we have to use? Very simple! It is the opposite of the key we used to encrypt. That is backward shift all letters by 1 position in the alphabet that is d becomes c, c become b, b become a and so on. Now if you apply the backward shift all letters by 1 key to the above encrypted message, we get the original plain text message: “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. For instance, you as bank manager keeps the key to decrypt it, and your client has the key to ‘encrypt” it, then, no one can read and understand the message in transit. (Remember the ‘key’ what we discuss is only for example purpose. In reality, the algorithmic pattern will be much more complex that no one can unscramble it, if the message captured in transit) Therefore, “encryption” is the process of translating a 'normal message' called plain text to a message written with 'secret characters' known as cypher text. “Decryption” is the process of translating a message written with 'secret characters' (the cypher text) into a readable, normal message called plain text. For both the operations, we need a KEY.
  • 4. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 4 Think of this key as your main door key. Let us say it is the ‘secret’ key or “private” key for you. You use the key to lock the door and you use the same key to unlock it. If you have another duplicate key, you can give it to your wife and she can use the same key to lock and unlock the door. If you think the same in encryption and decryption, you use the same ‘secret’ key to ‘encrypt’ the message and the same key is used to ‘decrypt’ the message. If you lock the door, your wife can open the door provided both of you must have the same key. If you distributed the secret keys to 20 of your family members and you locked the door with your secret key, then any of the 20 members can open the door!. Like that if you ‘encrypt’ a message with your secret key and distribute your ‘key’ to another 20 people, all of them will be able to ‘decrypt’ the message. What happens if a culprit like me got the key somehow from any one of you? I can also open your door or I can also ‘decrypt’ your message and read the contents? So what we understand here is, the distribution of the secret key or ‘symmetric key’ is a problem. Symmetric means similar or equal. Since we use the ‘same’ key to encrypt and decrypt, the name ‘Symmetric’. You have to somehow trust a communication channel for the key distribution. More over, if someone compromised the key which is used to ‘encrypt’ a message, it is very very easy to generate the other key to ‘decrypt’ the message from that key itself. The is the major disadvantage of ‘secret’ key otherwise known as ‘symmetric key’. Refer table 1 below for an example.
  • 5. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 5 Table 1. Secret key or Private key otherwise known as Symmetric key cryptosystem. Plain text message. “Send ten Step 1 thousand dollars to Asokan” Step 2 Encrpt it with the secret key Step 3 (Encrypted message or Both these keys are one @## $#$# $%& *(* $%$ and the same in cipher text.) @#@# $%^ *(*)(&$ Symmetric cryptography as your main door key which you use for both locking and unlocking. Step 4 send it to the receiver Step 5 Receiver Decrypts it with secret key Derived the plain text Step 6 message “Send ten thousand dollars to Asokan”
  • 6. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 6 Public Key Infrastructure Public key infrastructure is a broad concept where there are lot of components in that. PKI is “The framework and service that provides for the generation, production, distribution, control and accounting of public key certificates and provides the critically needed support to application and providing confidentiality and authentication of network transactions as well as data integrity and non-repudiation” It is basically “Asymmetric’ means there will be TWO keys for the communication process i.e. the Public key and the Private key. These keys are mathematically related. “Asymmetric” can be thought of ‘not similar’. Please do not be in a hurry to think that one is for encryption and another is for decryption. It should not be understood (misunderstood) in that way. Understanding how the ‘key pair works’ is a lovely concept you might ever enjoyed in Network security. Let us see what are the components of PKI. The Public Key Infrastructure or popularly known as PKI has the following components. • Root Certification Authority (Root CA) • Certification Authority (CA) • Registration Authority (RA) • Local Registration Authority (LRA) • Directories and • Users Let us first understand about the ‘key pairs’, The “Public key” and the “Private key”. (The private key should not be confused with the key utilized in private key cryptography or secret key cryptography explained above. The perspective meaning of the word ‘private’ here in Asymmetric or public key cryptography is that it is just private as we used to say “it is my private afffair don’t poke your nose into that”. It means not to discolse or share the key with another person, that’s all.) For anyone who has the apprehension “how these keys will look like” do not visualise these as physical keys. All are driven by software programmes. At the end of the day you click once for “encryption” and you click once for “decryption” that is what happens. So we have two keys in front of us. One is the “Public key” and the other is the “Private key”. Imagine what happens if you display your phone number in your website. Everyone in the world can see that and note it down. Like that the public key is the key which has to be distributed publically for anyone who can copy it into their own machine. Why they are copying the public key into their machine? Because they want to send you messages in an ‘encrypted form” otherwise to communicate with you securely. Fine. In that case, can I copy any public key and use the same for ‘encrypting messages” for communicating to all my friends? The answer is NO. It is not possible because the keys are ‘pairs’. The idea is that if you encrypt a message with a public key, only the corresponding private key can decrypt it. Not any other private key. The ‘private key’ is
  • 7. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 7 to be kept confidentially with the owner. It is private or personal to him. It is his responsibility to keep it confidentially. Not to be shared with anyone as you keep your password. A very important concept here to understand is that both the keys can be used to encrypt a message and both the keys can be used to decrypt a message. But in what context, which key is the crux of the matter. That is the fact which make the ‘security’. Now let us look at the following example carefully and understand where and when we have to use and what keys! I want to send a ‘secure’ message to my friend Mr.Mukesh Pandya. To do this, first of all I must have his public key to encrypt the message. Yes. His public key. I will encrypt my message with Mr.Mukesh’s public key. Once I encrypted the message, it becomes in a ‘scrambled’ format known as cipher text. I, then send it to him and he will ‘decrypt’ it with his private key and read the message. Now (please read carefully) he wants to reply me for my message. What he has to do is, he has to encrypt the message with MY PUBLIC KEY and send it to me. Only then, I will be able to decrypt it and read the reply message. Suppose he has encrypted the reply message with his private key, instead of my public key, what is the implication? The message can be decrypted with his public key only. Fine. Who has his public key? The entire world has! That means anyone who has his public key can read the message! Is there any security? Instead of that, if he correctly encrypted the message with my public key, and inadvertantly if the message has gone to any other person, no one will be able to ‘decrypt’ it except me because the ONLY person who has the corresponding private key to decrypt the message is ME. Here the communication is secured. If someone is intercepted the message in between he will not be able to read the message and it is highly difficult to generate the opposite key from one key in PKI. But then what is the use of ‘encrypting a message” with Private key? There is definetely a context in which you ‘must’ use the private key for encryption which we will discuss in a minute. Another example, Mr.Tom wants to write to sheela, Tom uses the public key of sheela and encrypt his message with sheela’s public key and send it to her. Sheela decrypt Tom’s message with her private key and read the message. When she replies to Tom, she uses Tom’s public key to encrypt her message and send it to Tom. Tom, on receiving the message, uses his private key to decrypt it and read sheelas reply. Refer table 2. below for an example.
  • 8. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 8 Table 2. Public Key Infrastructure - Asymmetric cryptosystem Plain text message. “Send ten Step 1 thousand dollars to Asokan” Step 2 Encrpt it with the public key of the receiver Step 3 (Encrypted message or Both these keys are @## $#$# $%& *(* $%$ different in Asymmetric cipher text.) @#@# $%^ *(*)(&$ cryptography. Step 4 send it to the receiver Step 5 Receiver Decrypts it with his private key Derived the plain text Step 6 message “Send ten thousand dollars to Asokan”
  • 9. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 9 From the above examples, it must be understood that any two parties can communicate securely provided both the parties (sender as well as receiver) must own their own key pairs. If you want to send secure messages to ten of your friends, you must have the public keys of all the ten friends in your computer. If all the ten friends have to reply you in a secured way, then they all must have your public key to encrypt the messages. Remember our previous message received by the Bank Manager? I shall write down the same for you below. “Order two tons of black metal from Asokan and transfer ten lakh dollars to his account”. Upon receiving the messages from the client, the bank manager, who wanted to do things at a fast pace, ordered two tons of black metal from Asokan and he transferred 10 lakh dollars to Asokan’s account. Subsequently he got a telegram from the client stating that they have not given any instruction to the manager to debit their account and the action of the manager having debited 10 lakh dollars is wrong and he is gong to sue the bank. What to do in this situation. Both of them went to the court. In the court, the bank manager when asked to show the proof of having received the above message from the client, he brought his computer and the message and proved that the message has been really sent by the client only!. The client could not deny any more and he heard the music after that. Let us now discuss how the bank manager proved this. When the sender of a message cannot deny having sent the message is known as “nonrepudiation”. This is accomplished when the sender ‘signs’ a message with his ‘private key’. This is called digital signature. When a message comes to you which is digitally signed, we can make sure that it is coming from the same person who claims who he is. It is possible because only he has the private key. Since only the public key can decrypt the private key, the message must have come from the sender. Non- repudiation protects against the sender saying “I didn’t send the message”. In the above example also, the bank manager showed the digital signature to the judge and his verdict was “Yes. You only has sent the message because you signed it with your privte key”. A digital signature is used to verify the integrity of the message and encryption is used to protect the contents. (Both these concepts are hard to understand and only when you understand the subtle interlinking of these two together, you understand the concept of encryption with digital certificate well. Some new related concepts also will be introduced in between and hence readers are requested to read carefully and if need be please repeat the same so that you get the concept in the right perspective). So far we have understood what is encryption. Recall that I sent an encrypted message to Mr.Mukesh Pandya sometime before? The message was encrypted with his public key and it become a scrambled message and he unscrambled or decrypted it using his
  • 10. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 10 private key. All that is fine. Here we protected the contents. But can you tell me for sure that what Mr.Mukesh received is the message sent by me? And it is not tampered in transit? I mean whether he can be sure of the integrity of the message? And later if I say that I have not sent that message to him; what happens? How he will prove that I only sent the same? Here is where we learn the concept of digital signature. If I would have digitally signed the message, then Mr.Mukesh could have make sure and proved that it is from me only and it is not tampered in transit. Let us understand how it works. Before we proceed further, I would like to introduce another concept called ‘hash encryption”. There are many types of encryptions. What we discussed so far is symmetric key or secret key encryption, and public key encryption. We will discuss one more encryption method called “hash encryption”. Hash encryption is a special type of encryption that it is a “one way encryption”. One way means, once you encrypted a message, that message become scrambled message and it cannot be unscrambled or decrypted. Obviously what happens if we use hash encryption on the contents of our messages? The message will never be able to decrypt by anyone and hence hash encryption cannot be used for “protecting” the contents of the message. Then what is the use of hash encryption? The use of the hash encryption is for the purpose of digital signature. In order to understand the digital signature, I am going to send the same message to Mr.Mukesh once again, but this time with my digital signature. Fine. What should I do first. I create the message. It is a plain text message now. I apply hash encryption on the message. When I apply hash algorithm on my plain text message, a ‘message digest’ is generated. What is a message digest? It is a ‘scrambled copy’ of my original message. A fingerprint of the original message. Nothing happens to my original message but a message digest is generated. The message digest is comparatively very small when you compare with the original message and it is compressed down to a small size. It is an ‘encrypted summary’ of the original message. Once it is generated, there is no way to reverse the process. It cannot be converted back into plain text, from the hash. So I hashed my plain text message and generated a ‘message digest’. Now I have the original message with me as well as the message digest also with me. I should now send it to Mr.Mukesh. How this will ensure the data integrity? It is very interesting. The following steps are to be done. 1) I encrypt the hashed message digest with my ‘private key’ once again. This encrypted message digest is known as “Digital signature” 2) I encrypt my original message with the ‘public key’ of Mukesh. 3) I send both, the encrypted message and the digital signature to Mr.Mukesh 4) Mukesh receives the same. 5) He detach the digital signature and decrypt it using my public key. 6) He decrypt the original message with his private key. 7) He sees my plain text message and the hashed message digest.
  • 11. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 11 8) He separately ‘re-hash’ my original plain text message once and the hash function generates a message digest. 9) He then compares both the message digests (one which I sent and the other one which he himself generated using hash function on my plain text message). 10) Here he takes a decision of integrity. If the message is not tampered in transit, then both the message digests will be equal. If both the message digests are not matched, then it is sure that the message is tampered in transit. Table 3. Digital Signature Plain text message Step 1 run a hash algorithm. Step 2 Step 3 !@#$ (You get the digest and you also have Plain Text %^&* your plain text message with you) Encrypt the Encrypt the plain text message digest message with with sender’s own This encrypted Step 4 version of message receiver’s private key so digest is called public key so that the receiver ’digital signature’ that he can can identify the decrypt it with sender his private key Send both (the encrypted You can even send a plain text with the digital signature. Step 5 message and the digital signature) to the receiver Step 6 (receiver end) &^%$*# [Encrypted message and the %$^%&^&# @$ Digital signature (encrypted $%$%@# message digest)]
  • 12. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 12 Decrypt the Since message digest was digital signature encrypted with the sender’s private key, if it is decrypted Step 7 with sender’s with his own public key, then it Decrypt the public key to get is sure that he only has sent ‘encrypted’ the message the message as no one will message with have his private key. digest receiver’s private key Step 8 !@#$ If both the (Plain text and message digest) Plain Text %^&* message digests are equal, then Both are the digital compared signature is verified. The receiver Step 9 !@#$ New Message digest generated re-hashes the %^&* by the receiver plain text to generate a new message digest The Digital signature and the Publick key of anyone can be accessed or cross checked and downloaded from the Certificate Authority’s website and directories.
  • 13. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 13 The speciality of the hash function is that, even if you change a ‘single bit’ of data in the original message, the hash function would produce a completely different message digest. Everything is fine. But where we will cross check whether the digital signature is really belong to the person who claims it to be. This is achieved with the help of “Digital Certificates”. A digital certificate is a digital document that certifies that a certain public key is owned by a particular user. The following are its main content. • Version • Serial number • Certificate issuer • Certificate holder • Validity period (the certificate is not valid before or after this period) • Attributes, known as certificate extensions, that contain additional information such as allowable uses for this certificate • Digital signature from the certification authority to ensure that the certificate has not been altered and to indicate the identity of the issuer • Public key of the owner of the certificate • Message digest algorithm used to create the signature This document is signed and authorised by a third party called the certificate authority (or CA). CA and digital certificate are two elements of the PKI. Digital certificate proves to everyone that your public key is really yours. If you digitally sign your message with your private key, and send the receiver a copy of your certificate, he can know for sure that the message was sent by you because only your public key can decrypt the digital signature and the certificate assures that the public key the receiver uses is yours. You can even publish your digital signature on the website. Sender authentication can be achieved with the use of digital signature and digital certificate. A public key infrastructure consists of: • A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key. • A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to anyone who apply for it. • One or more directories where the certificates (with their public keys) are displayed. The private key is given to the person who apply for it and the public key is made publicly available in a directory that everyone can access. This is part of the digital certificate. • A certificate management system.
  • 14. Cryptography – A compilation by A.K.Asokan : : email:asokanak@hotmail.com 14 Now go back and read the first paragraph, you should be able to understand the sequences well. The above notes are provided to get only a preliminary understanding of the cryptosystems.. Cryptography is a deep subject and since it is a security system and every moment, there are hackers who work to break the system, if one has to study in depth in this area, it is desirous that he/she do some research with the available tools and understand the related concepts of ethical hacking and firewall, NAT, IDS, and various standards etc. – Hope this note achieved the purpose –I wish you all Success. A.K.Asokan. Your feedback to asokanak@hotmail.com will be highly appreciated. ___________________________________