1. 6G7V0033 Cryptography And Applications
Answer:
Introduction
There are many ways which can implemented to achieve the goal of encryption and
decryption to keep information confidential. It is also worth noting that the science of
cryptography has evolved especially in the last ten years. Evidence of cryptography can be
traced about four thousand years ago starting from the use of hieroglyph. This was a
technique used by Egyptians to communicate. Here the code was secret and was used only
by scribes who were sent by kings to transmit messages. Later it moved to what was known
mono-alphabetic solution. This involved the art of replacing alphabets of the message with
other alphabets. It then came the Caesar shift cipher. In the 15th century came what was
known as vigenere coding which offered moving of alphabets in a message. In 19th century
experienced the ad hoc approaches. In the 20th century was the invention of the
electromechanical machines like enigma rotor machine. In the current 21st century we have
experience the use of symmetric and asymmetric algorithms. One of the widely used in
cryptography is the RSA algorithm developed by adi Shamir and Ronald Rivest. The
algorithms use two different keys that is the private and public key i.e. also known as
public-key cryptography. This means that the algorithm uses both private and public lets.
Here public key is known to everyone, i.e. it is made public. The key is used to encrypt the
message. Nevertheless, the message cannot be decrypted without the private the key. As
compared to other types of algorithm RSA is more dependable and secure. Example of
companies which have implemented RSA type of algorithm are Asus, Lenovo, HP and Acer
(Zhou, 2020, p. 7). As highlighted in the previous section, symmetric type of cryptography
has been used in this case. This is a type of encryption where only one key known as secret
key which has been used for both decryption and encryption.
Cryptographic Application
Application Design
As highlighted in the previous section the application design has implemented symmetric
type of algorithms. One of the major feature of the application design is the use of one key
known as secret key to encrypt and decrypt the file or the folder (Mahajan, 2019, p. 24). The
systems or those entities communicating symmetrically must exchange the key so that they
2. can be used in the decryption process. By using symmetric algorithm, data needs to be
converted to a form in which it can’t be understood by anyone who doesn’t possess the
secret key. In this case the type of algorithm implemented is what is known as block
algorithm i.e. as data is processes the system holds the data in its memory as it waits for
complete block.
Application Implementation
The first process is to import the cryptography package as shown in the figure below. This is
one of the python libraries.
Figure 1: Importing the cryptography python library
The second step is to create a key. In the code show above this project implemented
symmetric equation that is
It is important to note that fernet is specifically authenticated cryptography that does not
allow neither read or write/modify the file of the folder without the key.
The third step is to create the key and the save it in the same folder in our data. This is as
shown by the figure shown below.
By running the code up to this part a key will be generated and stored as mykey.key file. As
shown by the figures shown below (the highlighted in blue is the key generated)
After generating key one can the proceed to encrypt the file. In this case, the project has
implemented a file known as grades excel file. The code for encryption is as shown below.
The last step performed is decrypting the file. In this case the process performed follows a
reverse process for encryption. This is as shown by the code shown below
Critical Security Analysis
Threat Model
As noted from the previous section, the application is designed to implement cryptography
library. One of the major classes which have been used in this library is the Fernet class. As
noted by other computer scientist fernet class have several failure nodes. First is integer
overflow specifically in the OpenSSL. Second as noted fernet implements symmetric type of
encryption. One might be of the view that of the use if this type of encryption is fast;
however, if one gets their hand on the key; it means that they can decrypt everything with
that key. Another issue is with what is known as key transportation. As noted from the code
the key is to generated or be transmitted first to the receiving system before the actual file
is transmitted or encrypted. This means the communication is somehow insecure as it
3. impossible to guarantee that no one will tap the communication or the key. Example here
one can inject a code to print the key as in our code; this means that they will have access to
the key before the file is transmitted or encrypted. Third issue with fernet is that it can’t
provide digital signatures which cannot be repudiated (Goshwe, 2019, p. 76) .
Potential Attacks
It is important to note that Fernet class implemented in this case makes use of various
general functions. In addition, anyone can intercept a certain object in a program that
utilizes general functions by just sending sequence of events to the program. This means
that the application developed here is prone to attacks such as injection attacks. It is also
important to note another major concern with symmetric cryptographic application is on
cloud computing. Over the cloud, the application is prone to cycling type and short message
attack. Here it is assumed that an attacker knows some blocks of the secret key and they
then proceed to decode the rest of the secret key (Burnett, 2021, p. 134)
Possible Improvements
As one can note from figure the program uses simple python Fernet class to generate keys.
Even though the program is able to produce secret keys, it is important to use the available
secure python libraries. Example is using one of the best python encryption libraries known
as pycryptodome. This is a self-contained python package with basic cryptographic
primitives. The package supports python 3.5 and python 2.7. By using the package, it will
bring with it several enhancements to the program. Example the library comes with
authenticated encryption modes like SIV, OCB, CCM, and GCM. Second the package
accelerates AES especially on Intel platforms. Third as compared to the use of functions the
library provides cleaner RSA key generation that is based on FIPS 186-4. Forth the package
comes with it SHA-3 and BLACKE2 algorithms which can be used together with RSA
algorithm. Other major features of the package are password-protected PKCS#8 key
containers, deterministic algorithms, and generation of random numbers which are sourced
directly from the Operating System that one is using. Also the package comes with it a
Shamir Secret Sharing scheme which better supports Windows operating system. In this
case, if the package was to be used to generate secret keys it would generate secret keys
with RSA feature which are in form of bits i.e. (1024-bit). It would then print the keys on the
console as hex decimals. The keys generated are more secure that the use of functions to
generate keys. Lastly, using any type of symmetric algorithm in cloud requires the use of a
unique authentication identity which first checked by a server to determine the validity of a
user. The server checks a user identify and the corresponding MAC address for a specific
device (Al Hasib, 2018, p. 176).
Conclusion
As indicated in this paper, symmetric algorithm was used to showcase cryptography. The
4. main application contained 29 lines of codes and seventy-one in the test output. As noted
from the implementation various Fernet class was used from cryptography python library
to perform both encryption and decryption. However, as indicated by the paper there are
various loopholes that exists in the application. One is lack of a secured form of encryption;
it is not secure to first generate a secret key before encrypting the file. This brought by the
fact that symmetric type of encryption is prone to key transportation issue. Second, the
application comes down functional type of programming which is coupled with various
terminologies issues like referential transparency. The paper recommends the use of
python built in libraries to implement RSA algorithm such as pycryptodome.
References
Al Hasib, A. &. H., 2018. A comparative study of the performance and security issues of AES
and RSA cryptography.. In 2018 Third International Conference on Convergence and Hybrid
Information Technology, V(3), pp. 124-198.
Burnett, S. a. S. P., 2021. RSA Security's official guide to cryptography. 1 ed. Sydeny : 3rd.
Goshwe, N., 2019. Data encryption and decryption using RSA algorithm in a network
environment. International Journal of Computer Science and Network Security, IV(4), pp.
23-97.
Mahajan, P. a. A. S., 2019. A study of encryption algorithms AES, DES and RSA for security.
Global Journal of Computer Science and Technology, IV(10), pp. 13-90.
Zhou, X. a. X. T., 2020. Research and implementation of RSA algorithm for encryption and
decryption. Proceedings of 2011 6th international forum on strategic technology, III(2), pp.
1-15.