Cryptography full report

9,258 views

Published on

Published in: Education, Technology
0 Comments
9 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
9,258
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
737
Comments
0
Likes
9
Embeds 0
No embeds

No notes for slide

Cryptography full report

  1. 1. CryptographyName: T Sampathkumar Name: SudeepYear: III/IV CSE , Year: III/IV CSE,e-mail: sampaththatikonda@rocketmail.com e-mail : sudeep4u_lp@yahoo.com ABSTRACT  This paper introduces Cryptography All these methods and means of communication Techniques. Cryptography is “The science of have protecting data” & Network Security “keeping played an important role in our lives, but in the information private and Secure from unauthorized Users”. past This paper gives the Fundamental few years, network communication, especially over Requirements for the Data Transmission, the the Internet, has emerged as one of the most security attacks like Interruption, Interception powerful and Modification of the data Transmission. Methods of communication with an overwhelming The Cryptographic Process Impact on our lives. Such rapid advances in explaining through a generalized function is Communications technology have also given rise discussed through which encryption and decryption is done by the various algorithms to like RSA algorithm, Hash Functions and Security threats to individuals and organizations. many cryptographic algorithms. Fundamental Requirements Introduction Confidential: Is the process of keeping The Cryptanalysis is the process of information attempting to discover the plain text and/ or the private and Secret so that only the intended key. recipient Applications of Various Cryptographic is able to understand the information. Technologies. Authentication: Is the process of providing proof of Why & How to Provide Network Security in the identity of the sender to the recipient, so that the Certificates issuing, The Validity & Trust for recipient can be assured that the person sending Certificate the Services, Certificate Revocation in the Internet, information is who and what he or she claims to Intranet and other Network Communications, the be. Applications of Network Security to the various Integrity: Is the method to ensure that information Data is Transfer techniques and protocols. not tampered with during its transit or its storage From the dawn of civilization, to the highly on networked societies that we live in Today the network. Any unauthorized person should not communication has always been an integral be part of our existence. able to tamper with the information or change the • Radio communication Information during transit • Network communication Non-repudiation: Is the method to ensure that • Mobile communication information cannot be disowned. Once the non- repudiation • Telephonic communication process is in place, the sender cannot
  2. 2. deny being the originator of the data. source destination What is Cryptography? The term cryptology has its origin in Greek Kryptós lógos , which means “hidden word.” Cryptography is the science of protecting data, which provides means and methods of converting data into Unauthorized user unreadable form, so that Valid User can access Information at the Destination. Cryptography is the science of using mathematics to encrypt andSecurity Attacks decrypt data. Cryptography enables you to store sensitiveInterruption: In an attack where one or more of information or transmit it across insecure networksthe (like the Internet) so that it cannot be read bysystems of the organization become unusable due anyoneto except the intended recipient. While cryptographyattacks by unauthorized users. This leads to issystems the science of securing data, cryptanalysis is thebeing unavailable for use. science of analyzing and breaking secure communication. Cryptanalysts are also calledInterception: An unauthorized individual attackers. Cryptology embraces both cryptographyintercepts and cryptanalysis.the message content and changes it or uses it formalicious purposes. After this type of attack, the Cryptography Terminologymessage does not remain confidential. a) Plaintext: The original intelligibleModification: The content of the message is message.modified b) Cipher text: The transformed message.by a third party. This attack affects the integrity of c) Cipher: An algorithm for transforming anthe message. So for maintaining the data secretly intelligiblewhile message to unintelligible by transposition.communicating data between two persons or two d) Key: Some critical information used by theorganizations data is to be converted to other cipher,format known only to the sender & receiver.and the data is to be transmitted. So now we deal e) Encipher :( Encode) the process of convertingwith plaintext to cipher text using a cipher and a key.the Cryptography which is process of transmitting f) Decipher :( Decode) the process of convertingdata securely without any interruption. Network cipher text back into plaintext using a cipher & key.security is the security of data transmission in the g) Cryptanalysis: The study of principles andcommunication. methods of transforming an unintelligible message
  3. 3. back into an intelligible message without are being built as distributed applications, theknowledge of the key. Also called code breaking physicalh) Cryptology: Both cryptography and security model has lost its significance. The adventcryptanalysis ofi) Code: an algorithm for transforming an the internet and the web has raised the scale andintelligible frequency of network Security threats.message into an unintelligible one using codes.j) Hash algorithm: Is an algorithm that converts Common Security Threatstextstring into a string of fixed length. Identity interception: It means that someonek) Secret Key Cryptography (SKC): Uses a mightsingle steal your identity and use it as their own.key for both encryption and decryption Masquerading. If you send your username andl) Public Key Cryptography (PKC): Uses one key password in clear text form, someone might befor able toencryption and another for decryption grab it from the network and use it elsewhere withm) Pretty Good Privacy (PGP): PGP is a hybrid thecryptosystem. intention of perpetrating fraud.n) Public Key Infrastructure (PKI): PKI feature is Replay attack: They might capture your request ofCertificate authority. withdrawing 1000 dollars from your Bank account and then replay that request over the network. Data interception and manipulation: If someone can read your credit card information while it is on theNetwork Security wire, they could cause a lot of trouble for you. Repudiation: When someone performs aFor Distributed computing transaction • Logical set of services distributed and then deny it later can be a big problem in over the network ecommerce. • Physical security model does not For example, if you are manufacturer of work anymore something and you received a 1 million dollarFor Internet and Web purchase request from a customer, you will want to make sure that person does not deny it after the •  Increase of security threat transaction has been completed. We all know what •  More stringent security for Ecommerce “denial of service” means. and B2B Network Security NeedsWhy network security? Security Needs of an EnterpriseWhen networks were not that pervasive, that • Single sign-on Internet and intranetis when computing devices were running in theirown •  Controlled access to corporateIslands, it was rather easy to deal with security. informationThe •  Secure business transaction overonly thing they needed to do was to lock the door. InternetNow, as more and more computing devices aregetting connected and more and more applications •  Centralized, easy to use security admin
  4. 4. tools Key Process Techniques •  Transparency of security features •  Interoperable security systems   Symmetric-Key Encryption: One •  Various PKI schemes, Kerbos Key Symmetric-key encryption, also called shared-keyCommon Network Security Needs encryption or secret-key cryptography, uses a single key that both the sender and recipient possess. •  Authentication (Identity verification) This key, used for both encryption and decryption, •  Access control (Authorization) is called a secret key (also referred to as a •  Data confidentiality (Privacy) symmetric •  Data integrity (Tamper-proofing) key or session key). Symmetric-key encryption is an •  Non-repudiation (Proof of transaction) efficient method for encrypting large amounts of •  Auditing data. But the drawback is to transfer the Key to ReceiverCryptographic Process Basic Process as it is prone to security risks.M is the original messageK enc is encryption key   Public-Key Encryption: Two KeysM is the scrambled messageK dec is decryption key Two keys—a public key and a private key, whichIt is “difficult” to get M just by knowing M are mathematically related—are used in public-keyE and D are related such that encryption. To contrast it with symmetric-keyE(K enc , M) = M encryption, public-key encryption is alsoD(K dec , M) = M sometimesD(K dec , E(K enc , M)) = M called asymmetric-key encryption. In public-keyPlaintext—M Cipher text—M Original encryption, the public key can be passed openlyPlaintext—M between the parties or published in a publicDecryption function—D Encryption repository, but the related private key remainsfunction—E private.So how does cryptographic process work? Data encrypted with the public key can beThe idea is rather simple. Lets say you have decryptedplaintext only using the private key. Data encrypted with theM. By providing the encryption key and the private key can be decrypted only using the publicencryption key. In Figure 1, a sender has the receivers publicfunction you get cipher text, M. The cipher text key and uses it to encrypt a message, but only thecan be receiver has the related private key used todecrypted using a decryption function and a decryptdecryption key and the result is the original text. In the message.cryptographic process the mathematical propertyis Private Key Methodsuch that it is practically impossible to derive M Public Key Methodfrom Encryption is done with Public Key andM unless the key is known. Decryption with another key called Private Key. This
  5. 5. is called Public Key Cryptography. aside, the patent for RSA expired in September 2000Public-key cryptography algorithms which does not appear to have affected RSAs popularity one way or the other.RSA: The first, and still most common,PKC implementation, named for the three MIT Diffie-Hellman: After the RSA algorithmmathematicians who developed it — Ronald Diffie and Hellman came up with their ownRivest, algorithm.Adi Shamir, and Leonard Adleman. RSA today is D-H is used for secret-key key exchange only, andused in hundreds of software products and can be notused for key exchange, digital signatures, or for authentication or digital signatures.encryption of small blocks of data. RSA uses avariable size encryption block and a variable size Digital Signature Algorithm (DSA): Thekey. algorithm specified in NISTs Digital SignatureThe key-pair is derived from a very large number, Standard (DSS), provides digital signaturen, capabilitythat is the product of two prime numbers chosen for the authentication of messages.according to special rules; these primes may be100 Elliptic Curve Cryptography (ECC): Aor more digits in length each, yielding an n with PKC algorithm based upon elliptic curves. ECCroughly twice as many digits as the prime factors. canThe offer levels of security with small keys comparablepublic key information includes n and a derivative toof RSA and other PKC methods. It was designed forone of the devices with limited compute power and/orfactors of n; an attacker cannot determine memory,the prime factors of n (and, therefore, the private such as smartcards and PDAskey)from this information alone and that is what makes Hash functionsthe An improvement on the Public Key scheme isRSA algorithm so secure. (Some descriptions of the addition of a one way hash function in thePKC process. A one-way hash function takes variableerroneously state that RSAs safety is due to the length input. In this case, a message of any length,difficulty in factoring large prime numbers. In fact, even thousands or millions of bits and produces alarge prime numbers, like small prime numbers, fixed-length output; say, 160-bits. The hashonly functionhave two factors!) The ability for computers to ensures that, if the information is changed in anyfactor waylarge numbers, and therefore attack schemes such even by just one bit an entirely different outputas valueRSA, is rapidly improving and systems today can is produced.find Hash functions, also called message digeststhe prime factors of numbers with more than 140 and one-way encryption, are algorithms that, indigits. The presumed protection of RSA, however, someis sense, use no key Instead; a fixed-length hashthat users can easily increase the key size to valuealways is computed based upon the plaintext that makes itstay ahead of the computer processing curve. As impossible for either the contents or length of thean plaintext to be recovered. Hash algorithms are
  6. 6. typically used to provide a digital fingerprint of a means that it prevents the sender from claimingfiles thatcontents often used to ensure that the file has not he or she did not actually send the information.been altered by an intruder or virus. Hash Thesefunctions features are every bit as fundamental toare also commonly employed by many operating cryptographysystems so encrypt passwords. Hash functions, as privacy, if not more.then, A digital signature serves the same purposehelp preserve the integrity of a file. as a handwritten signature. However, aAs long as a secure hash function is used, handwrittenthere is no way to take someones signature from signature is easy to counterfeit. A digital signatureone isdocument and attach it to another, or to alter a superior to a handwritten signature in that it issigned nearlymessage in any way. The slightest change in a impossible to counterfeit, plus it attests to thesigned contentsdocument will cause the digital signature of the information as well as to the identity of theverification signer.process to fail. Public-Key Encryption for Digital CertificatesApplications Of Cryptography Digital certificates, or cert., simplify the task of establishing whether a public key truly belongs1. Defense Services to2. Secure Data Manipulation the purported owner. A certificate is a form of3. E –Commerce credential. Examples might be your birth4. Business Transactions certificate.5. Internet Payment Systems Each of these has some information on it6. Pass Phrasing identifying7. Secure Internet Comm. you and some authorization stating that someone8. User Identification Systems else9. Access Control has confirmed your identity. Some certificates,10. Computational Security such11.Secure access to Corp Data as your passport, are important enough12.Data Security. confirmation of your identity that you would not want to losePublic-Key Encryption for Digital Signatures them, lest someone use them to impersonate you.A major benefit of public key cryptography isthat it provides a method for employing digital Digital Certificatesignatures. Digital signatures enable the recipientof A digital certificate is data that functions muchinformation to verify the authenticity of the like a physical certificate. A digital certificate isinformations origin, and also verify that the information included with a persons public key thatinformation is intact. Thus, public key digital helps others verify that a key is genuine or valid.signatures provide authentication and data Digital certificates are used to thwart attempts tointegrity. A substitute one persons key for another.digital signature also provides non-repudiation,which A digital certificate consists of three things:
  7. 7. • A public key. • Certificate information. ("Identity" Secret-key encryption algorithms (Symmetric information algorithms) about the user, such as name, user ID,and • DES (Data Encryption Standard) -- 56 bit so on.) key • One or more digital signatures. • Triple DES --112 bit keyThe purpose of the digital signature on a • IDEA (International Data Encryptioncertificate is to state that the certificate information Algorithm) --128bit keyhas been attested to by some other person orentity. Public-key encryption algorithms (AsymmetricThe digital signature does not attest to the algorithms)authenticityof the certificate as a whole; it vouches only that Diffie-Hellman (DH): Exponentiation is easythe but computing discrete logarithms from thesigned identity information goes along with, or is resultingbound to, the public key. Thus, a certificate is value is practically impossiblebasically a public key with one or two forms of IDattached, plus a hearty stamp of approval fromsomeother trusted individual.Cryptographic TechnologiesBased on Layers RSA: Multiplication of two large prime • Link layer encryption numbers is easy but factoring the resulting product • Network layer encryption is • IPSEC, VPN, SKIP practically impossible • Transport layer • SSL, PCT(Private Communication Technology) Public Key Infrastructure (PKI) • Application layer • PEM (Privacy Enhanced Mail) Introduction • PGP (Pretty Good Privacy) • SHTTP The term public key infrastructure (PKI) isCryptographic process can be implemented at used to describe the policies, standards, andvarious softwarelayers starting from the link Layer all the way up to that regulate or manipulate certificates and publicthe andapplication layer. The most popular encryption private keys. In practice, PKI refers to a system ofscheme is SSL and it is implemented at the digital certificates, certification authorities (CA),transport andlayer. If the encryption is done at the transport other registration authorities that verify andlayer, authenticate the validity of each partyany application that is running on the top of the involvedtransport layer can be protected. in an electronic transaction. Standards for PKI are still evolving, even as they are beingBased on Algorithms widely
  8. 8. implemented as a necessary element of electronic certificate is in compliance with the criteriacommerce. This section will help you understand establishedwhat by the CA policy.a PKI is and what services are required to build a Certificate enrollment: The procedure that anPKI. end entity follows to request and receive a certificatePKI concepts on Certificates from a CA. The certificate request provides identityCertificate: A public key certificate is a digitally information to the CAsigned statement used for authentication and Certificate Revocation: Certificates have asecure specifiedexchange of information on the networks. The lifetime, but CAs can reduce this lifetime by theissuer process known as certificate revocation. The CAsand signer of the certificate is known as a publishes a certificate revocation list (CRL) thatcertification listsauthority (CA). Certificate has No, Validity, Uses of serial numbers of certificates that it considers nothe Key pair (Public & Secret) longer usable.Certification Authority: A certification authority Certificate Chain Validation: In a network, when(CA) weis an entity trusted to issue certificates to a generate a request for a new certificate, therequesting information in that request is first passed from theentity. A CA verifies the requesters information requesting program to Certificate Authority (CA)according to the policy of the CA, and then uses its thenprivate key to apply its digital signature to the passes the appropriate data to a program knowncertificate. as a cryptographic service provider (CSP) A CSP is anCA Policy: A CA issues certificates to requesters independent software module that performsbased on a set of established criteria. The set of cryptography operations, such as secret-keycriteria that a CA uses when processing certificate exchange, digital signing of data, and public-keyrequests is referred to as CA policy. Typically, a authentication. Chain-building mechanismCA attempts topublishes its policy in a document known as a build a certification path (a certificate chain) fromCertification Practice Statement (CPS). the end-entity certificate, such as a user certificate, upTypes of Certification Authorities to a CA root certificate.Self-signed CA: The public key in the certificateand Attacking Cryptography Cryptanalysisthe key used to verify the certificate are the sameSubordinate CA: The public key in certificate and Cryptanalysis is the process of attempting tothe discover the plaintext and/ or the key. The types ofkey used to verify the certificates are different. Cryptanalysis attacks areRooted CA: This is trusted unconditionally by aclient Differential Cryptanalysis Attack:and is at top of a certification hierarchy.Registration: Registration is the process by which The differential cryptanalysis attack looksa specifically atcertificate is issued to the subject, provided that pairs of cipher texts whose plaintext has somethe
  9. 9. specific differences. It analyzes these differences describes the cryptographic concepts of symmetricas keythe plaintext propagates through various rounds of encryption, public-key encryption, types ofData Encryption Standards (DES) when they are encryption algorithms, hash algorithms, digitalencrypted with the same key. signatures, and key exchange. The Cryptography Attacking techniques like Cryptanalysis and BruteLinear Cryptanalysis Attack: Force Attack. This Paper provides information of Network Security Needs and Requirements. Linear Cryptanalys is attack was invented by Cryptography is a particularly interesting fieldMitsuru Matsui in 1993. This method is based on because of the amount of work that is, bythe concept that if you XOR some of the plaintext necessity,bits together, XOR some cipher text bits together, done in secret. The irony is that today, secrecy isand then XOR the results, you will get a single bit notthat is the XOR of some of the key bits. A large the key to the goodness of a cryptographicnumber of such plain/cipher texts pairs are used algorithm.to guess the values of the key bits Regardless of the mathematical theory behind an algorithm, the best algorithms are those that areBrute Force Attack well known and well-documented because they are alsoThe simplest attack to decipher a DES key is well-tested and well-studied! In fact, time is thethe brute force attack. The brute force attack on onlythe true test of good cryptography; any cryptographicDES algorithm is feasible because of the relatively scheme that stays in use year after year is mostsmall key length (56 bit) and ever-increasing likelycomputational power of the computers. It can a good one. The strength of cryptography lies inbreak thethrough any cipher by trying all keys that possibly choice (and management) of the keys; longer keysexist. However, in brute force attacks, the time will resist attack better than shorter keys.takento break a cipher is directly proportional to the References:length • Cryptography and Network Security –Byof the key. In a brute force attack, keys are William Stallings.randomly • Introduction to Cryptography –By Ayselgenerated and applied to the cipher text until the Ozgurlegitimate key is generated. The Average Time • www.en.wikipedia.org.Required for Exhaustive Key Search • http://www-users.cs.umn.edu/ http:/ConclusionCryptography protects users by providingfunctionality for the encryption of data andauthentication of other users. This technology letsthereceiver of an electronic message verify thesender,ensures that a message can be read only by theintended person, and assures the recipient that amessage has not be altered in transit. This paper

×