30-04-2011, 10:02 AM
PRESENTED BY,
Ayesha Farhin
[attachment=13079]
CRYPTOGRAPHY
Introduction
Cryptography considered as a branch of both mathematics and computer science.
Affiliated closely with information theory, computer security, and engineering.
Definitions:
Cryptography comes from the Greek words Kryptos, meaning hidden, and Graphen, meaning to write.
Thus Cryptography is the study of secret (crypto-) writing (-graphy)
Cryptography deals with all aspects of secure messaging, authentication, digital signatures, electronic money, and other applications.
The practitioner of Cryptography is called Cryptographer
Cryptography Through History
Cryptography has a history of at least 4000 years.
Ancient Egyptians enciphered some of their hieroglyphic writing on monuments.
Ancient Hebrews enciphered certain words in the scriptures.
2000 years ago Julius Caesar used a simple substitution cipher, now known as the Caesar cipher.
Roger Bacon in the middle ages described several methods in 1200s.
Cryptography Through History
Geoffrey Chaucer included several ciphers in his works (e.g. Canterbury Tales).
Leon Alberti devised a cipher wheel, and described the principles of frequency analysis in the 1460s.
Blaise de Vigenère published a book on cryptology in 1585, & described the polyalphabetic substitution cipher.
Increasing use, especially in diplomacy & war over centuries.
Areas of Study
Computer Security:
Cryptanalysis, Cryptology, Cryptography
Terminologies:
Encryption
Decryption
Plaintext
Cipher Text
Cryptanalaysis
The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key is called Cryptanalysis.
Also called “code breaking” sometimes.
Practitioners of cryptanalysis are cryptanalysts.
Cryptology
Cryptology is the branch of mathematics that studies the mathematical foundations of cryptographic methods.
Cryptology is actually the study of codes and ciphers.
Cryptology = both cryptography and cryptanalysis
Definitions:
In cryptographic terminology, the message is called plaintext or cleartext.
Encoding the contents of the message in such a way that hides its contents from outsiders is called encryption.
A method of encryption and decryption is called a cipher - The name cipher originates from the Hebrew word "Saphar," meaning "to number.”
The encrypted message is called the ciphertext.
The process of retrieving the plaintext from the ciphertext is called decryption.
Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key.
The Key
All modern algorithms use a key to control encryption and decryption; a message can be decrypted only if the key matches the encryption key.
The key used for decryption can be different from the encryption key, but for most algorithms they are the same.
Why do we need cryptography?
Computers are used by millions of people for many purposes
Banking
Shopping
Tax returns
Protesting
Military
Student records
Privacy is a crucial issue in many of these applications
Security is to make sure that nosy people cannot read or secretly modify messages intended for other recipients
Security issues: some practical situations
A sends a file to B: E intercepts it and reads it.
How to send a file that looks gibberish to all but the intended receiver?
A sends a file to B: E intercepts it, modifies it, and then forwards it to B.
How to make sure that the document has been received in exactly the form it has been sent?
E sends a file to B pretending it is from A.
How to make sure your communication partner is really who she claims to be?
Basic situation in cryptography
Types Of Attacks:
Passive Attack:
Carried out by a Passive Attacker who can only read the secret information being exchanged.
Active Attack:
Carried out by an Active Intruder who can read and modify the secret information
Passive Attacks
Active Attacks
Ciphertext-only Attack
This is the situation where the attacker does not know anything about the contents of the message, and must work from ciphertext only.
In practice it is quite often possible to make guesses about the plaintext, as many types of messages have fixed format headers.
Even ordinary letters and documents begin in a very predictable way.
It may also be possible to guess that some ciphertext block contains a common word.
Known-plaintext Attack
The attacker knows or can guess the plaintext for some parts of the ciphertext.
The task is to decrypt the rest of the ciphertext blocks using this information.
This may be done by determining the key used to encrypt the data, or via some shortcut.
Chosen-plaintext Attack
The attacker is able to have any text he likes encrypted with the unknown key.
The task is to determine the key used for encryption.
Some encryption methods, particularly RSA, are extremely vulnerable to chosen-plaintext attacks.
When such algorithms are used, extreme care must be taken to design the entire system so that an attacker can never have chosen plaintext encrypted.
Classical Cryptographic Techniques
Three Eras of Cryptography:
Classical
Traditional
Modern
We have two basic components of classical ciphers: substitution and transposition.
Substitution: In substitution ciphers letters are replaced by other letters.
Transposition: In transposition ciphers the letters are arranged in a different order.
Caesar Cipher A Monoalphabetic Substitution Cipher
Replace each letter of message by a letter a fixed distance away e.g. use the 3rd letter on
Reputedly used by Julius Caesar. E.g:
L FDPH L VDZ L FRQTXHUHG
I CAME I SAW I CONQUERED
i.e. mapping is
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
| | | | | | | | | | | | | | | | | | | | | | | | | |
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Can describe this cipher as:
Encryption Ek : i i + k mod 26
Decryption Dk : i i - k mod 26
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution - several substitutions are used.
Used to hide the statistics of the plain-text.
Polyalphabetic Substitution Example
Polyalphabetic Substitution Example
Plaintext
- now is the time for every good man
Ciphertext
- JCQ CZ VXK VCER AQC PCRTX LBQZ QPK
Note:
The two o’s in good have been enciphered as different letters. Also the three letters “X” in the ciphertext represent different letters in the plaintext.
Algorithms Of Modern Crytography
Algorithms are basic building blocks on which Crypto Systems are built.
Classes of key-based algorithms:
Symmetric or Private-key Systems.
Asymmetric or Public-key Systems.
Symmetric Algorithms
Symmetric algorithms use the same key for encryption and decryption
Can be divided into two categories:
(1) stream ciphers and (2) block ciphers.
Stream ciphers can encrypt a single bit/byte of plaintext at a time.
Block ciphers take a number of bits (typically 64 bits in modern ciphers), and encrypt them as a single unit.
Example Symmetric Encryption Algorithm - DES
The most well known symmetric system is the Data Encryption Standard (DES).
Data Encrypt Standard (DES) is a private key system adopted by the U.S. government as a standard “very secure” method of encryption.
64-bit plain & cipher text block size
56-bit true key plus 8 parity bits
Single chip (hardware) implementation
- Most implementations now software
16 rounds of transpositions & substitutions
Standard for unclassified government data
Applications of DES
Double DES
Effective key length of 112 bits
Work factor about the same as single DES
Triple DES
Encrypt with first key
Decrypt with second key
Encrypt with first key
Very secure
used across a wide range of applications, from ATM encryption to e-mail privacy and secure remote access.
Private Key Problems
Keys must be exchanged before transmission with any recipient or potential recipient of your message.
So, to exchange keys you need a secure method of transmission, but essentially what you've done is create a need for another secure method of transmission.
Secondly the parties are not protected against each other, if one of the parties leaks the keys it could easily blame the other party for the compromise.
Asymmetric Algorithms
Use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.
Asymmetric ciphers also called public-key algorithms permit the encryption key to be public (it can even be published in a newspaper), allowing anyone to encrypt with the key, whereas only the proper recipient (who knows the decryption key) can decrypt the message.
The encryption key is also called the Public Key and the decryption key the Private Key or Secret Key.
Public Key Encryption
Public Key Encryption
RSA
The best known public key system is RSA, named after its authors, Rivest, Shamir and Adelman.
It has recently been brought to light that an RSA-like algorithm was discovered several years before the RSA guys by some official of the British Military Intelligence Cryptography Wing.
Comparison of Symmetric and Asymmetric Encryption
Other Types:
One Time Pad
Hash Function
Digital Signature
Certified Authority
ADVANTAGES AND DISADVANTAGES
Advantages:
1. The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone.
2. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization.
Disadvantages:
Transmission time for documents encrypted using public key cryptography are significantly slower then symmetric cryptography. In fact, transmission of very large documents is prohibitive.
The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection.
Public key cryptography is susceptible to impersonation attacks.
Future Developments: Quantum cryptography and DNA cryptography
DNA cryptography is a new born cryptographic field emerged with the research of DNA computing, in which DNA is used as information carrier and the modern biological technology is used as implementation tool.
The vast parallelism and extraordinary information density inherent in DNA molecules are explored for cryptographic purposes such as encryption, authentication, signature, and so on.
Quantum cryptography
Quantum cryptography attempts to achieve the
same security of information as other forms of cryptography but through the use of photons, or packets of light. The process, though still in experimental stages, makes use of the polarization nature of light and is proving to be a very promising defense against eavesdropping
Ayesha Farhin
[attachment=13079]
CRYPTOGRAPHY
Introduction
Cryptography considered as a branch of both mathematics and computer science.
Affiliated closely with information theory, computer security, and engineering.
Definitions:
Cryptography comes from the Greek words Kryptos, meaning hidden, and Graphen, meaning to write.
Thus Cryptography is the study of secret (crypto-) writing (-graphy)
Cryptography deals with all aspects of secure messaging, authentication, digital signatures, electronic money, and other applications.
The practitioner of Cryptography is called Cryptographer
Cryptography Through History
Cryptography has a history of at least 4000 years.
Ancient Egyptians enciphered some of their hieroglyphic writing on monuments.
Ancient Hebrews enciphered certain words in the scriptures.
2000 years ago Julius Caesar used a simple substitution cipher, now known as the Caesar cipher.
Roger Bacon in the middle ages described several methods in 1200s.
Cryptography Through History
Geoffrey Chaucer included several ciphers in his works (e.g. Canterbury Tales).
Leon Alberti devised a cipher wheel, and described the principles of frequency analysis in the 1460s.
Blaise de Vigenère published a book on cryptology in 1585, & described the polyalphabetic substitution cipher.
Increasing use, especially in diplomacy & war over centuries.
Areas of Study
Computer Security:
Cryptanalysis, Cryptology, Cryptography
Terminologies:
Encryption
Decryption
Plaintext
Cipher Text
Cryptanalaysis
The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key is called Cryptanalysis.
Also called “code breaking” sometimes.
Practitioners of cryptanalysis are cryptanalysts.
Cryptology
Cryptology is the branch of mathematics that studies the mathematical foundations of cryptographic methods.
Cryptology is actually the study of codes and ciphers.
Cryptology = both cryptography and cryptanalysis
Definitions:
In cryptographic terminology, the message is called plaintext or cleartext.
Encoding the contents of the message in such a way that hides its contents from outsiders is called encryption.
A method of encryption and decryption is called a cipher - The name cipher originates from the Hebrew word "Saphar," meaning "to number.”
The encrypted message is called the ciphertext.
The process of retrieving the plaintext from the ciphertext is called decryption.
Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key.
The Key
All modern algorithms use a key to control encryption and decryption; a message can be decrypted only if the key matches the encryption key.
The key used for decryption can be different from the encryption key, but for most algorithms they are the same.
Why do we need cryptography?
Computers are used by millions of people for many purposes
Banking
Shopping
Tax returns
Protesting
Military
Student records
Privacy is a crucial issue in many of these applications
Security is to make sure that nosy people cannot read or secretly modify messages intended for other recipients
Security issues: some practical situations
A sends a file to B: E intercepts it and reads it.
How to send a file that looks gibberish to all but the intended receiver?
A sends a file to B: E intercepts it, modifies it, and then forwards it to B.
How to make sure that the document has been received in exactly the form it has been sent?
E sends a file to B pretending it is from A.
How to make sure your communication partner is really who she claims to be?
Basic situation in cryptography
Types Of Attacks:
Passive Attack:
Carried out by a Passive Attacker who can only read the secret information being exchanged.
Active Attack:
Carried out by an Active Intruder who can read and modify the secret information
Passive Attacks
Active Attacks
Ciphertext-only Attack
This is the situation where the attacker does not know anything about the contents of the message, and must work from ciphertext only.
In practice it is quite often possible to make guesses about the plaintext, as many types of messages have fixed format headers.
Even ordinary letters and documents begin in a very predictable way.
It may also be possible to guess that some ciphertext block contains a common word.
Known-plaintext Attack
The attacker knows or can guess the plaintext for some parts of the ciphertext.
The task is to decrypt the rest of the ciphertext blocks using this information.
This may be done by determining the key used to encrypt the data, or via some shortcut.
Chosen-plaintext Attack
The attacker is able to have any text he likes encrypted with the unknown key.
The task is to determine the key used for encryption.
Some encryption methods, particularly RSA, are extremely vulnerable to chosen-plaintext attacks.
When such algorithms are used, extreme care must be taken to design the entire system so that an attacker can never have chosen plaintext encrypted.
Classical Cryptographic Techniques
Three Eras of Cryptography:
Classical
Traditional
Modern
We have two basic components of classical ciphers: substitution and transposition.
Substitution: In substitution ciphers letters are replaced by other letters.
Transposition: In transposition ciphers the letters are arranged in a different order.
Caesar Cipher A Monoalphabetic Substitution Cipher
Replace each letter of message by a letter a fixed distance away e.g. use the 3rd letter on
Reputedly used by Julius Caesar. E.g:
L FDPH L VDZ L FRQTXHUHG
I CAME I SAW I CONQUERED
i.e. mapping is
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
| | | | | | | | | | | | | | | | | | | | | | | | | |
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Can describe this cipher as:
Encryption Ek : i i + k mod 26
Decryption Dk : i i - k mod 26
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution - several substitutions are used.
Used to hide the statistics of the plain-text.
Polyalphabetic Substitution Example
Polyalphabetic Substitution Example
Plaintext
- now is the time for every good man
Ciphertext
- JCQ CZ VXK VCER AQC PCRTX LBQZ QPK
Note:
The two o’s in good have been enciphered as different letters. Also the three letters “X” in the ciphertext represent different letters in the plaintext.
Algorithms Of Modern Crytography
Algorithms are basic building blocks on which Crypto Systems are built.
Classes of key-based algorithms:
Symmetric or Private-key Systems.
Asymmetric or Public-key Systems.
Symmetric Algorithms
Symmetric algorithms use the same key for encryption and decryption
Can be divided into two categories:
(1) stream ciphers and (2) block ciphers.
Stream ciphers can encrypt a single bit/byte of plaintext at a time.
Block ciphers take a number of bits (typically 64 bits in modern ciphers), and encrypt them as a single unit.
Example Symmetric Encryption Algorithm - DES
The most well known symmetric system is the Data Encryption Standard (DES).
Data Encrypt Standard (DES) is a private key system adopted by the U.S. government as a standard “very secure” method of encryption.
64-bit plain & cipher text block size
56-bit true key plus 8 parity bits
Single chip (hardware) implementation
- Most implementations now software
16 rounds of transpositions & substitutions
Standard for unclassified government data
Applications of DES
Double DES
Effective key length of 112 bits
Work factor about the same as single DES
Triple DES
Encrypt with first key
Decrypt with second key
Encrypt with first key
Very secure
used across a wide range of applications, from ATM encryption to e-mail privacy and secure remote access.
Private Key Problems
Keys must be exchanged before transmission with any recipient or potential recipient of your message.
So, to exchange keys you need a secure method of transmission, but essentially what you've done is create a need for another secure method of transmission.
Secondly the parties are not protected against each other, if one of the parties leaks the keys it could easily blame the other party for the compromise.
Asymmetric Algorithms
Use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.
Asymmetric ciphers also called public-key algorithms permit the encryption key to be public (it can even be published in a newspaper), allowing anyone to encrypt with the key, whereas only the proper recipient (who knows the decryption key) can decrypt the message.
The encryption key is also called the Public Key and the decryption key the Private Key or Secret Key.
Public Key Encryption
Public Key Encryption
RSA
The best known public key system is RSA, named after its authors, Rivest, Shamir and Adelman.
It has recently been brought to light that an RSA-like algorithm was discovered several years before the RSA guys by some official of the British Military Intelligence Cryptography Wing.
Comparison of Symmetric and Asymmetric Encryption
Other Types:
One Time Pad
Hash Function
Digital Signature
Certified Authority
ADVANTAGES AND DISADVANTAGES
Advantages:
1. The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone.
2. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization.
Disadvantages:
Transmission time for documents encrypted using public key cryptography are significantly slower then symmetric cryptography. In fact, transmission of very large documents is prohibitive.
The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection.
Public key cryptography is susceptible to impersonation attacks.
Future Developments: Quantum cryptography and DNA cryptography
DNA cryptography is a new born cryptographic field emerged with the research of DNA computing, in which DNA is used as information carrier and the modern biological technology is used as implementation tool.
The vast parallelism and extraordinary information density inherent in DNA molecules are explored for cryptographic purposes such as encryption, authentication, signature, and so on.
Quantum cryptography
Quantum cryptography attempts to achieve the
same security of information as other forms of cryptography but through the use of photons, or packets of light. The process, though still in experimental stages, makes use of the polarization nature of light and is proving to be a very promising defense against eavesdropping
