GROUP MEMBERS• Abdullah Rashid Baig 10-Arid-270• Adnan Haider 11-Arid-803• Muhammad Zakria 11-Arid-829• Muhammad Zeeshan Khan 11-Arid-843
It is derived from the Greek words „kruptos‟ means “secret” and „graphia‟ means “writing”. So cryptography means “secret writing”.Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. It is the science of analyzing and breaking secure communication.
Cryptography has long history. Actually dating back to the time of Julius Caesar. When Julius Caesar sent messages to his generals, he didnt trust his messengers.So he replaced every A in his messages with a D, every B with an E, and so on through the alphabet. Only someone who knew the “shift by 3” rule could decipher his messages.
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key, a word, number, or phrase to encrypt the plaintext. The same plaintext encrypts to different cipher text with different keys. The security of encrypted data is entirely dependent on two things: the strength of thecryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make itwork comprise a cryptosystem. Cryptosystem is a system comprisedof cryptographic algorithms, all possible plain text, cipher text, and keys. PGP is a cryptosystem.
PGP is an application and protocol for secure e-mail and file encryption developed by Phil R. Zimmermann. Originally published as Freeware, the source code has always been available for public scrutiny. PGP uses a variety ofalgorithms, like IDEA, RSA, DSA, MD5, SHA-1 for providing encryption, authentication, message integrity, and key management.
Data that can be read and understood without any special measuresis called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable text called cipher text.
The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key or password.It is the reverse process of encryption. The process of reverting cipher text to its original plaintext is called decryption.
Unscrambled information to be transmitted. It could be a simpletext document, a credit card number, a password, a bank account number or sensitive information such as payroll data, personnel information, or a secret formula being transmitted between organizations.
The result of strong cryptography is cipher text that is verydifficult to decipher without possession of the appropriate decoding tool. The result of manipulating characters or bits via substitution transposition, or both.
• Substitution Cipher A substitution cipher substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet.• Transposition Cipher It is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the cipher text constitutes a permutation of the plaintext. That is, the order of the units is changed. Mathematically a bijective function is used on the characters positions to encrypt and an inverse function to decrypt.
• block Cipher Block ciphers encrypt the information by breaking down into blocks. The blocks are of fixed size commonly of 64 bits.• Stream CipherStream ciphers encrypt the bits of information one at a time. These are faster and smaller to implement than Block Ciphers. Streamciphers operate on 1-bit of data at a time. If the same key stream is used, attacks may cause the information to be revealed.
• SteganographySteganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intendedrecipient, suspects the existence of the message, a form of securitythrough obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos meaning "covered or protected", and graphia meaning "writing".
A mathematical value, formula or process that determine how a plaintext message is encrypted or decrypted. The key is the only way to decipher the scrambled information.Two Types of Keys• Secret Key Cryptography (SKC).• Public Key Cryptography (PKC).
In secret key cryptography, a single key is used for both encryption and decryption.Secret key cryptography schemes are generally categorized asbeing either stream ciphers or block ciphers. Secret key is also called symmetric encryption.
Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met. The publicly available component of an integrated asymmetric key pair often referred to as the encryption key.
A hash function takes variable-length input in this case, a message of any length, even thousands or millions of bits and produces afixed-length output; say, 160-bits. The hash function ensures that, if the information is changed in any way—even by just one bit—anentirely different output value is produced. A function that produces a message digest that cannot be reversed to produced the original.
Advantages• The biggest advantage of public key cryptography is the secure nature of the private key. In fact it never needs to be transmitted or revealed to anyone. • Another type of benefit of public key cryptography is that is provides a method for employing digital signatures. • It enables the use of digital certificates and digital timestamps, which is a very secure technique of authorization .We will look at digital timestamps and digital signatures in a moment.
disAdvantages• Transmission time for documents encrypted public key cryptography are significantly larger than symmetric cryptography. In fact transmission of very large documents is prohibitive.• The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection.• Public key cryptography is susceptible to impersonation attacks.
• Confidentiality (secrecy)Only the sender and intended receiver should be able to understand the contents of the transmitted message.• Authentication Both the sender and receiver need to confirm the identity of other party involved in the communication• Data integrityThe content of their communication is not altered, either maliciously or by accident, in transmission.
Digital signatures enable the recipient of information to verify the authenticity of the information’s origin, and also verify that the information is intact. A digital signature also provides non- repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These featuresare every bit as fundamental to cryptography as privacy, if not more. A digital signature serves the same purpose as a handwrittensignature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it isnearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.
• Availability Timely accessibility of data to authorized entities.• Non-repudiationAn entity is prevented from denying its previous commitments or actions.• Access control An entity cannot access any entity that it is not authorized to• Anonymity The identity of an entity if protected from others.
What is a passphrase? A passphrase is a longer version of a password, and in theory, a more secure one. Typically composed of multiple words, a passphrase is more secure against standard dictionaryattacks, wherein the attacker tries all the words in the dictionary in an attempt to determine your password. The best passphrases are relatively long and complex and contain a combination of upper and lowercase letters, numeric and punctuation characters. Your private key is totally and absolutely useless without your passphrase.
Viruses and Trojan horsesAttack could involve a specially tailored hostile computer virus or worm that might infect PGP or your operating system. Thishypothetical virus could be designed to capture your passphrase or private key or deciphered messages and to covertly write the captured information to a file or send it through a network to the virus’s owner.
Even if the attacker cannot read the contents of your encryptedmessages, he may be able to infer at least some useful information by observing where the messages come from and where they aregoing, the size of the messages, and the time of day the messages are sent. This is analogous to the attacker looking at your long-distancephone bill to see who you called and when and for how long, eventhough the actual content of your calls is unknown to the attacker. This is called traffic analysis.
A kind of attack that has been used by well-equipped opponentsinvolves the remote detection of the electromagnetic signals from your computer. A calculated brute force attack to reveal a password by trying obvious and logical combinations of words.