23-01-2010, 01:47 AM
[attachment=1379]
Cryptography
ABSTRACT
This paper introduces Cryptography
Techniques. Cryptography is The science of
protecting data & Network Security keeping
information private and Secure from
unauthorized Users.
This paper gives the Fundamental
Requirements for the Data Transmission, the
security attacks like Interruption, Interception
and Modification of the data Transmission.
The Cryptographic Process
explaining through a generalized function is
discussed through which encryption and
decryption is done by the various algorithms
like RSA algorithm, Hash Functions and
many cryptographic algorithms.
Presented by
Name: T Sampathkumar Name: Sudeep
Year: III/IV CSE , Year: III/IV CSE,
e-mail: sampaththatikonda[at]rocketmail.com e-mail : sudeep4u_lp[at]yahoo.com
Introduction
The Cryptanalysis is the process of
attempting to discover the plain text and/ or the key.
Applications of Various Cryptographic Technologies.
Why & How to Provide Network Security in the
Certificates issuing, The Validity & Trust for Certificate
Services, Certificate Revocation in the Internet,
Intranet and other Network Communications, the
Applications of Network Security to the various Data
Transfer techniques and protocols.
From the dawn of civilization, to the highly
networked societies that we live in Today
communication has always been an integral
part of our existence.
¢ Radio communication
¢ Network communication
¢ Mobile communication
¢ Telephonic communication
All these methods and means of communication have
played an important role in our lives, but in the past
few years, network communication, especially over
the Internet, has emerged as one of the most powerful
Methods of communication with an overwhelming
Impact on our lives. Such rapid advances in
Communications technology have also given rise to
Security threats to individuals and organizations.
Fundamental Requirements
Confidential: Is the process of keeping information
private and Secret so that only the intended recipient
is able to understand the information.
Authentication: Is the process of providing proof of
identity of the sender to the recipient, so that the
recipient can be assured that the person sending the
information is who and what he or she claims to be.
Integrity: Is the method to ensure that information is
not tampered with during its transit or its storage on
the network. Any unauthorized person should not be
able to tamper with the information or change the
Information during transit
Non-repudiation: Is the method to ensure that
information cannot be disowned. Once the non-repudiation
process is in place, the sender cannot
deny being the originator of the data.
Security Attacks
Interruption: In an attack where one or more of the
systems of the organization become unusable due to
attacks by unauthorized users. This leads to systems
being unavailable for use.
Interception: An unauthorized individual intercepts
the message content and changes it or uses it for
malicious purposes. After this type of attack, the
message does not remain confidential.
Modification: The content of the message is modified
by a third party. This attack affects the integrity of the message. So for maintaining the data secretly while
communicating data between two persons or two
organizations data is to be converted to other format
and the data is to be transmitted. So now we deal with
the Cryptography which is process of transmitting
data securely without any interruption. Network
security is the security of data transmission in the
communication.
What is Cryptography
The term cryptology has its origin in Greek
Kryptós lógos , which means hidden word.
Cryptography is the science of protecting data, which
provides means and methods of converting data into
unreadable form, so that Valid User can access
Information at the Destination. Cryptography is the
science of using mathematics to encrypt and decrypt
data. Cryptography enables you to store sensitive
information or transmit it across insecure networks
(like the Internet) so that it cannot be read by anyone
except the intended recipient. While cryptography is
the science of securing data, cryptanalysis is the
science of analyzing and breaking secure
communication. Cryptanalysts are also called
attackers. Cryptology embraces both cryptography
and cryptanalysis.
Cryptography Terminology
a) Plaintext: The original intelligible message.
b) Cipher text: The transformed message.
c) Cipher: An algorithm for transforming an intelligible
message to unintelligible by transposition.
d) Key: Some critical information used by the cipher,
known only to the sender & receiver.
e) Encipher
Encode) the process of convertingplaintext to cipher text using a cipher and a key.
f) Decipher
Decode) the process of convertingcipher text back into plaintext using a cipher & key.
g) Cryptanalysis: The study of principles and
methods of transforming an unintelligible message
back into an intelligible message without
knowledge of the key. Also called code breaking
h) Cryptology: Both cryptography and cryptanalysis
i) Code: an algorithm for transforming an intelligible
message into an unintelligible one using codes.
j) Hash algorithm: Is an algorithm that converts text
string into a string of fixed length.
k) Secret Key Cryptography (SKC): Uses a single
key for both encryption and decryption
l) Public Key Cryptography (PKC): Uses one key for
encryption and another for decryption
m) Pretty Good Privacy (PGP): PGP is a hybrid
cryptosystem.
n) Public Key Infrastructure (PKI): PKI feature is
Certificate authority.
Network Security
For Distributed computing
¢ Logical set of services distributed
over the network
¢ Physical security model does not
work anymore
For Internet and Web
¢ Increase of security threat
¢ More stringent security for Ecommerce
and B2B
Why network security
When networks were not that pervasive, that
is when computing devices were running in their own
Islands, it was rather easy to deal with security. The
only thing they needed to do was to lock the door.
Now, as more and more computing devices are
getting connected and more and more applications
are being built as distributed applications, the physical
security model has lost its significance. The advent of
the internet and the web has raised the scale and
frequency of network Security threats.
Common Security Threats
Identity interception: It means that someone might
steal your identity and use it as their own.
Masquerading. If you send your username and
password in clear text form, someone might be able to
grab it from the network and use it elsewhere with the
intention of perpetrating fraud.
Replay attack: They might capture your request of
withdrawing 1000 dollars from your Bank account and
then replay that request over the network.
Data interception and manipulation: If someone
can read your credit card information while it is on the
wire, they could cause a lot of trouble for you.
Repudiation: When someone performs a transaction
and then deny it later can be a big problem in ecommerce.
For example, if you are manufacturer of
something and you received a 1 million dollar
purchase request from a customer, you will want to
make sure that person does not deny it after the
transaction has been completed. We all know what
denial of service means.
Network Security Needs
Security Needs of an Enterprise
¢ Single sign-on Internet and intranet
¢ Controlled access to corporate
information
¢ Secure business transaction over Internet
¢ Centralized, easy to use security admin
tools
¢ Transparency of security features
¢ Interoperable security systems
¢ Various PKI schemes, Kerbos
Common Network Security Needs
¢ Authentication (Identity verification)
¢ Access control (Authorization)
¢ Data confidentiality (Privacy)
¢ Data integrity (Tamper-proofing)
¢ Non-repudiation (Proof of transaction)
¢ Auditing
Cryptographic Process Basic Process
M is the original message
K enc is encryption key
M' is the scrambled message
K dec is decryption key
It is difficult to get M just by knowing M'
E and D are related such that
E(K enc , M) = M'
D(K dec , M') = M
D(K dec , E(K enc , M)) = M
Plaintextâ€M Cipher textâ€M' Original
Plaintextâ€M
Decryption functionâ€D Encryption
functionâ€E
So how does cryptographic process work
The idea is rather simple. Let's say you have plaintext
M. By providing the encryption key and the encryption
function you get cipher text, M'. The cipher text can be
decrypted using a decryption function and a
decryption key and the result is the original text. In
cryptographic process the mathematical property is
such that it is practically impossible to derive M from
M' unless the key is known.
Key Process Techniques
Symmetric-Key Encryption: One Key
Symmetric-key encryption, also called shared-key
encryption or secret-key cryptography, uses a
single key that both the sender and recipient possess.
This key, used for both encryption and decryption, is
called a secret key (also referred to as a symmetric
key or session key). Symmetric-key encryption is an
efficient method for encrypting large amounts of data.
But the drawback is to transfer the Key to Receiver as
it is prone to security risks.
Public-Key Encryption: Two Keys
Two keysâ€a public key and a private key, which
are mathematically relatedâ€are used in public-key
encryption. To contrast it with symmetric-key
encryption, public-key encryption is also sometimes
called asymmetric-key encryption. In public-key
encryption, the public key can be passed openly
between the parties or published in a public
repository, but the related private key remains private.
Data encrypted with the public key can be decrypted
only using the private key. Data encrypted with the
private key can be decrypted only using the public
key. In Figure 1, a sender has the receiver's public
key and uses it to encrypt a message, but only the
receiver has the related private key used to decrypt
the message.
Private Key Method
Public Key Method
Encryption is done with Public Key and
Decryption with another key called Private Key. This
is called Public Key Cryptography.
Public-key cryptography algorithms
RSA: The first, and still most common,
PKC implementation, named for the three MIT
mathematicians who developed it †Ronald Rivest,
Adi Shamir, and Leonard Adleman. RSA today is
used in hundreds of software products and can be
used for key exchange, digital signatures, or
encryption of small blocks of data. RSA uses a
variable size encryption block and a variable size key.
The key-pair is derived from a very large number, n,
that is the product of two prime numbers chosen
according to special rules; these primes may be 100
or more digits in length each, yielding an n with
roughly twice as many digits as the prime factors. The
public key information includes n and a derivative of
one of the
factors of n; an attacker cannot determine
the prime factors of n (and, therefore, the private key)
from this information alone and that is what makes the
RSA algorithm so secure. (Some descriptions of PKC
erroneously state that RSA's safety is due to the
difficulty in factoring large prime numbers. In fact,
large prime numbers, like small prime numbers, only
have two factors!) The ability for computers to factor
large numbers, and therefore attack schemes such as
RSA, is rapidly improving and systems today can find
the prime factors of numbers with more than 140
digits. The presumed protection of RSA, however, is
that users can easily increase the key size to always
stay ahead of the computer processing curve. As an
aside, the patent for RSA expired in September 2000
which does not appear to have affected RSA's
popularity one way or the other.
Diffie-Hellman: After the RSA algorithm
Diffie and Hellman came up with their own algorithm.
D-H is used for secret-key key exchange only, and not
for authentication or digital signatures.
Digital Signature Algorithm (DSA): The
algorithm specified in NIST's Digital Signature
Standard (DSS), provides digital signature capability
for the authentication of messages.
Elliptic Curve Cryptography (ECC): A
PKC algorithm based upon elliptic curves. ECC can
offer levels of security with small keys comparable to
RSA and other PKC methods. It was designed for
devices with limited compute power and/or memory,
such as smartcards and PDAs
Hash functions
An improvement on the Public Key scheme is
the addition of a one way hash function in the
process. A one-way hash function takes variable
length input. In this case, a message of any length,
even thousands or millions of bits and produces a
fixed-length output; say, 160-bits. The hash function
ensures that, if the information is changed in any way
even by just one bit an entirely different output value
is produced.
Hash functions, also called message digests
and one-way encryption, are algorithms that, in some
sense, use no key Instead; a fixed-length hash value
is computed based upon the plaintext that makes it
impossible for either the contents or length of the
plaintext to be recovered. Hash algorithms are
typically used to provide a digital fingerprint of a file's
contents often used to ensure that the file has not
been altered by an intruder or virus. Hash functions
are also commonly employed by many operating
systems so encrypt passwords. Hash functions, then,
help preserve the integrity of a file.
As long as a secure hash function is used,
there is no way to take someone's signature from one
document and attach it to another, or to alter a signed
message in any way. The slightest change in a signed
document will cause the digital signature verification
process to fail.
Applications Of Cryptography
1. Defense Services
2. Secure Data Manipulation
3. E “Commerce
4. Business Transactions
5. Internet Payment Systems
6. Pass Phrasing
7. Secure Internet Comm.
8. User Identification Systems
9. Access Control
10. Computational Security
11.Secure access to Corp Data
12.Data Security.
Public-Key Encryption for Digital Signatures
A major benefit of public key cryptography is
that it provides a method for employing digital
signatures. Digital signatures enable the recipient of
information to verify the authenticity of the
information's origin, and also verify that the
information is intact. Thus, public key digital
signatures provide authentication and data integrity. A
digital signature also provides non-repudiation, which
means that it prevents the sender from claiming that
he or she did not actually send the information. These
features are every bit as fundamental to cryptography
as privacy, if not more.
A digital signature serves the same purpose
as a handwritten signature. However, a handwritten
signature is easy to counterfeit. A digital signature is
superior to a handwritten signature in that it is nearly
impossible to counterfeit, plus it attests to the contents
of the information as well as to the identity of the
signer.
Public-Key Encryption for Digital Certificates
Digital certificates, or cert., simplify the task
of establishing whether a public key truly belongs to
the purported owner. A certificate is a form of
credential. Examples might be your birth certificate.
Each of these has some information on it identifying
you and some authorization stating that someone else
has confirmed your identity. Some certificates, such
as your passport, are important enough confirmation
of your identity that you would not want to lose them,
lest someone use them to impersonate you.
Digital Certificate
A digital certificate is data that functions much
like a physical certificate. A digital certificate is
information included with a person's public key that
helps others verify that a key is genuine or valid.
Digital certificates are used to thwart attempts to
substitute one person's key for another.
A digital certificate consists of three things:
¢ A public key.
¢ Certificate information. ("Identity" information
about the user, such as name, user ID, and
so on.)
¢ One or more digital signatures.
The purpose of the digital signature on a
certificate is to state that the certificate information
has been attested to by some other person or entity.
The digital signature does not attest to the authenticity
of the certificate as a whole; it vouches only that the
signed identity information goes along with, or is
bound to, the public key. Thus, a certificate is
basically a public key with one or two forms of ID
attached, plus a hearty stamp of approval from some
other trusted individual.
Cryptographic Technologies
Based on Layers
¢ Link layer encryption
¢ Network layer encryption
¢ IPSEC, VPN, SKIP
¢ Transport layer
¢ SSL, PCT(Private Communication
Technology)
¢ Application layer
¢ PEM (Privacy Enhanced Mail)
¢ PGP (Pretty Good Privacy)
¢ SHTTP
Cryptographic process can be implemented at various
layers starting from the page link Layer all the way up to the
application layer. The most popular encryption
scheme is SSL and it is implemented at the transport
layer. If the encryption is done at the transport layer,
any application that is running on the top of the
transport layer can be protected.
Based on Algorithms
Secret-key encryption algorithms (Symmetric
algorithms)
¢ DES (Data Encryption Standard) -- 56 bit key
¢ Triple DES --112 bit key
¢ IDEA (International Data Encryption
Algorithm) --128bit key
Public-key encryption algorithms (Asymmetric
algorithms)
Diffie-Hellman (DH): Exponentiation is easy
but computing discrete logarithms from the resulting
value is practically impossible
RSA: Multiplication of two large prime
numbers is easy but factoring the resulting product is
practically impossible
Public Key Infrastructure (PKI)
Introduction
The term public key infrastructure (PKI) is
used to describe the policies, standards, and software
that regulate or manipulate certificates and public and
private keys. In practice, PKI refers to a system of
digital certificates, certification authorities (CA), and
other registration authorities that verify and
authenticate the validity of each party involved
in an electronic transaction. Standards for PKI
are still evolving, even as they are being widely
implemented as a necessary element of electronic
commerce. This section will help you understand what
a PKI is and what services are required to build a PKI.
PKI concepts on Certificates
Certificate: A public key certificate is a digitally
signed statement used for authentication and secure
exchange of information on the networks. The issuer
and signer of the certificate is known as a certification
authority (CA). Certificate has No, Validity, Uses of
the Key pair (Public & Secret)
Certification Authority: A certification authority (CA)
is an entity trusted to issue certificates to a requesting
entity. A CA verifies the requester's information
according to the policy of the CA, and then uses its
private key to apply its digital signature to the
certificate.
CA Policy: A CA issues certificates to requesters
based on a set of established criteria. The set of
criteria that a CA uses when processing certificate
requests is referred to as CA policy. Typically, a CA
publishes its policy in a document known as a
Certification Practice Statement (CPS).
Types of Certification Authorities
Self-signed CA: The public key in the certificate and
the key used to verify the certificate are the same
Subordinate CA: The public key in certificate and the
key used to verify the certificates are different.
Rooted CA: This is trusted unconditionally by a client
and is at top of a certification hierarchy.
Registration: Registration is the process by which a
certificate is issued to the subject, provided that the
certificate is in compliance with the criteria established
by the CA policy.
Certificate enrollment: The procedure that an end
entity follows to request and receive a certificate from
a CA. The certificate request provides identity
information to the CA
Certificate Revocation: Certificates have a specified
lifetime, but CAs can reduce this lifetime by the
process known as certificate revocation. The CAs
publishes a certificate revocation list (CRL) that lists
serial numbers of certificates that it considers no
longer usable.
Certificate Chain Validation: In a network, when we
generate a request for a new certificate, the
information in that request is first passed from the
requesting program to Certificate Authority (CA) then
passes the appropriate data to a program known as a
cryptographic service provider (CSP) A CSP is an
independent software module that performs
cryptography operations, such as secret-key
exchange, digital signing of data, and public-key
authentication. Chain-building mechanism attempts to
build a certification path (a certificate chain) from the
end-entity certificate, such as a user certificate, up to
a CA root certificate.
Attacking Cryptography Cryptanalysis
Cryptanalysis is the process of attempting to
discover the plaintext and/ or the key. The types of
Cryptanalysis attacks are
Differential Cryptanalysis Attack:
The differential cryptanalysis attack looks specifically at
pairs of cipher texts whose plaintext has some
specific differences. It analyzes these differences as
the plaintext propagates through various rounds of
Data Encryption Standards (DES) when they are
encrypted with the same key.
Linear Cryptanalysis Attack:
Linear Cryptanalys is attack was invented by Mitsuru Matsui in 1993. This method is based on the concept that if you XOR some of the plaintext bits together, XOR some cipher text bits together, and then XOR the results, you will get a single bit that is the XOR of some of the key bits. A large number of such plain/cipher texts pairs are used
to guess the values of the key bits
Brute Force Attack
The simplest attack to decipher a DES key is
the brute force attack. The brute force attack on the
DES algorithm is feasible because of the relatively
small key length (56 bit) and ever-increasing
computational power of the computers. It can break
through any cipher by trying all keys that possibly
exist. However, in brute force attacks, the time taken
to break a cipher is directly proportional to the length
of the key. In a brute force attack, keys are randomly
generated and applied to the cipher text until the
legitimate key is generated. The Average Time
Required for Exhaustive Key Search
Conclusion
Cryptography protects users by providing
functionality for the encryption of data and
authentication of other users. This technology lets the
receiver of an electronic message verify the sender,
ensures that a message can be read only by the
intended person, and assures the recipient that a
message has not be altered in transit. This paper
describes the cryptographic concepts of symmetric key
encryption, public-key encryption, types of
encryption algorithms, hash algorithms, digital
signatures, and key exchange. The Cryptography
Attacking techniques like Cryptanalysis and Brute
Force Attack. This Paper provides information of
Network Security Needs and Requirements.
Cryptography is a particularly interesting field
because of the amount of work that is, by necessity,
done in secret. The irony is that today, secrecy is not
the key to the goodness of a cryptographic algorithm.
Regardless of the mathematical theory behind an
algorithm, the best algorithms are those that are well known
and well-documented because they are also
well-tested and well-studied! In fact, time is the only
true test of good cryptography; any cryptographic
scheme that stays in use year after year is most likely
a good one. The strength of cryptography lies in the
choice (and management) of the keys; longer keys
will resist attack better than shorter keys.
References:
¢ Cryptography and Network Security “By
William Stallings.
¢ Introduction to Cryptography “By Aysel Ozgur
¢ en.wikipedia.org.
¢ http://www-users.cs.umn.edu/
http:/
