1.

Introduction to Cryptography:
In the era of information technology, the possibility that the information stored in a persons computer or the information that are being transferred through network of computers or internet being read by other people is very high. This causes a major concern for privacy, identity theft, electronic payments, corporate security, military Communications and many others. We need an efficient and simple way of securing the electronic documents from being read or used by people other than who are authorized to do it. Cryptography is a standard way of securing the electronic documents.

1.1 Basic idea of Cryptography:

Basic idea of cryptography is to mumble-jumble the original message into something that is unreadable or to something that is readable but makes no sense of what the original message is. To retrieve the original message again, we have to transform the mumble-jumbled message back into the original message again.

1.2 Basic Terminologies used in Cryptography: Data that can be read and understood without any special measures is called plaintext or cleartext. This is the message or data that has to be secured. The method of disguising plain text in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption. Cryptography is the science of mathematics to encrypt and decrypt data. Cryptography enables us to store sensitive information or transmit it across insecure networks like Internet so that no one else other the intended recipient can read it. Cryptanalysis is the art of breaking Ciphers that is retrieving the original message without knowing the proper key. Cryptography deals with all aspects of secure messaging, authentication, digital signatures, electronic money, and other applications.

2 . DEVELOPMENT OF CRYPTOGRAPHY
The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine, provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper. The development of cryptography has been paralleled by the development of cryptanalysis the "breaking" of codes and ciphers. The discovery and application, early on, of frequency analysis to the reading of encrypted communications has on occasion altered the course of history. Thus the Zimmermann Telegram triggered the United States' entry into World War I; and Allied reading of Nazi Germany's ciphers shortened World War II, in some evaluations by as much as two years. Until the 1970s, secure cryptography was largely the preserve of governments. Two events have since brought it squarely into the public domain: the creation of a public encryption standard (DES), and the invention of public-key cryptography. 3. NEED OF CRYPTOGRAPHY The main use of cryptography is mentioned below: 1) Private or confidentiality 2) Data integrity 3) Authentication 4) Non-repudation

1.Confidentiality is a service used to keep the content of information from all but those authorized to posses it. Secrecy is a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. 2. Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution. 3. Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other.Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. For these reasons this aspect of cryptog-raphy is usually subdivided into two major classes: entityauthentication and dataorigin authentication. Data origin authentication implicitly provides data integrity (for if a message is modified, the source has changed). 4. Non-repudiation is a service which prevents an entity from denying previous commitments or actions. When disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary. For example, one entity may authorize the purchase of property by another entity and later deny such autho-rization was granted. A procedure involving a trusted third party is needed to resolve the dispute. A fundamental goal of cryptography is to adequately address these four areas in both theory and practice. Cryptography is about the prevention and detection of cheating and other malicious activities and to secure what you have as sensitive information

CRYPTOLOGY

CRYPTOGRAPHY

CRYPTANALYSIS

Private Key (Secret Key)

Public Key

Block Cipher

Stream Cipher

Integer Factorization

Discrete Logarithm

4. BASICS OF CRYPTOGRAPHY
ENCRYPTION:Procedure to convert plain text into cipher text.

DECRYPTION:Procedure to convert cipher text into plain text.

Decryption is exactly opposite of encryption. Encryption transforms a plain text message into cipher text, where decryption transforms a cipher text message back into plain text.

Ever encryption and decryption has two aspects:

The ALGORITHM and the KEY used for encryption and decryption.

Inputs to encryption and decryption processes

Algorithm

Key

Cryptographic Algorithms:
Cryptographic algorithms are mathematical functions that are used in the encryption and decryption process. A cryptographic algorithms works in combination with a key (a number, word or phrase), to encrypt the plain text. Same plain text encrypts to different cipher texts for different keys. Strength of a cryptosystems depends on the strength of the algorithm and the secrecy of the key.

5. TYPES OF CRYPTOGRAPHY There are two main types of cryptography:

Secret key cryptography Public key cryptography In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.

5.1 SECRET KEY CRYPTOGRAPHY:Secret key cryptography is also known as symmetric key cryptography. With this type of cryptography, both the sender and the receiver know the same secret code, called the key. Messages are encrypted by the sender using the key and decrypted by the receiver using the same key. This method works well if you are communicating with only a limited number of people, but it becomes impractical to exchange secret keys with large numbers of people. In addition, there is also the problem of how you communicate the secret key securely. The figure given below shows secret key cryptography.

Plaintext

Encryption

Ciphertext

Decryption

Plaintext

5.1.1 TYPES OF SECRET KEY CRYPTOGRAPHY: STREAM CIPHERS: Stream ciphers operate on a single bit (byte or computer word) at a time, and implement some form of feedback mechanism so that the key is constantly changing. BLOCK CIPHERS : The scheme encrypts one block of data at a time using the same key on each block.

STREAM CIPHERS
Stream ciphers come in several flavors but two are worth mentioning here : Self-synchronizing stream ciphers calculate each bit in the key stream as a function of the previous n bits in the key stream. Synchronous stream ciphers generate the key stream in a fashion Independent of the message stream but by using the same key stream generation function at sender and receiver.

BLOCK CIPHERS
Block ciphers can operate in one of several modes; the following four are the most important: Electronic Codebook (ECB) mode : Cipher Block Chaining (CBC) mode : Cipher Feedback (CFB) mode : Output Feedback (OFB) mode Symmetric Key Cryptographic Algorithms: The symmetric key cryptographic algorithms are as follow:a) DES b) TRIPLE-DES c) BLOWFISH d) IDEA e) RC4 f) RC5 g) TwoFish

5.2 PUBLIC KEY CRYPTOGRAPHY:Public key cryptography, also called asymmetric encryption, uses a pair of keys for encryption and decryption. With public key cryptography, keys work in pairs of matched public and private keys. The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Because these keys work only as a pair, encryption initiated with the public key can be decrypted only with the corresponding private key. The following example illustrates how public key cryptography works: Ann wants to communicate secretly with Bill. Ann encrypts her message using Bills public key (which Bill made available to everyone) and Ann sends the scrambled message to Bill. When Bill receives the message, he uses his private key to unscramble the message so that he can read it. When Bill sends a reply to Ann, he scrambles the message using Anns public key. When Ann receives Bills reply, she uses her private key to unscramble his message.

The major advantage asymmetric encryption offers over symmetric key cryptography is that senders and receivers do not have to communicate keys up possible using the public keys.

The figure given below shows public-key cryptography.

Public-key

private-key

Plaintext

Encryption

Ciphertext

Decryption

Plaintext

5.2.1 PUBLIC KEY CRYPTOGRAPHIC ALGORITHMS:

The Assymmetric(public key) key cryptographic algorithms are as follow:a) RSA b) Diffie-Hellman c) Elliptic curve

6. HOW PGP (Pretty Good Network) WORKS :PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. The session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipients public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

Plaintext is encrypted with Session key Ciphertext

Ciphertext + encrypted session key

Decryption works in the reverse. The recipients copy of PGP uses his or herprivate key to recover the session key, which PGP then uses to decrypt the conventionally encrypted Cipher text.

10

7. KEYS: A key is a value that works with a cryptographic algorithm to produce a specific
ciphertext. Keys are basically really, really, really big numbers.Key size is measured in bits; the number representing a 2048-bit key is darn huge. In public-key cryptography, the bigger the key, the more secure the ciphertext. However, public key size and conventional cryptographys secret key size are totally unrelated. A conventional 80-bit key has the equivalent strength of a 1024-bit public key. A conventional 128- bit key is equivalent to a 3000-bit public key. Again, the bigger the key, the more secure, but the algorithms used for each type of cryptography are very different and thus comparison is like that of apples to oranges. While the public and private keys are mathematically related, its very difficult to derive the private key given only the public key; however, deriving the private key is always possible given enough time and computing power. This makes it very important to pick keys of the right size; large enough to be secure, but small enough to be applied fairly quickly. Additionally, you need to consider who might be trying to read your files, how determined they are,how much time they have, and what their resources might be. Larger keys will be cryptographically secure for a longer period of time. If what you want to encrypt needs to be hidden for many years, you might want to use a very large key. Of course, who knows how long it will take to determine your key using tomorrows faster, more efficient computers?There was a time when a 56-bit symmetric key was considered extremely safe.

11

Current thinking is that 128-bit keys will be safe indefinitely, at least until someone invents a usable quantum computer. We also believe that 256-bit keys will be safe indefinitely, even if someone invents a quantum computer. This is why the AES includes options for 128 and 256bit keys. But history tells is that its quite possible someone will think this statement amusingly quaint in a few decades. Keys are stored in encrypted form. PGP stores the keys in two files on your hard disk; one for public keys and one for private keys. These files are called keyrings. As you use PGP, you will typically add the public keys of your recipients to your public key ring. Your private keys are stored on your private keyring. If you lose your private keyring you will be unable to decrypt any information encrypted to keys on that ring. Consequently, its a good idea to keep good backups. 7.1 DIGITAL SIGNATURES: A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures let the recipient of information verify the authenticity of the informations origin, and also verify that the information was not altered while in transit. Thus, public key digital signatures provide authentication and data integrity. These features are every bit as fundamental to cryptography as privacy, if not more. A digital signature serves the same purpose as a seal on a document, or a handwritten signature. However, because of the way it is created, it is superior to a seal or signature in an important way. A digital signature not only attests to the identity of the signer, but it also shows that the contents of the information signed has not been modified. A physical seal or handwritten signature cannot do that. However, like a physical seal that can be created by anyone with possession of the signet, a digital signature can be created by anyone with the private key of that signing keypair. Some people tend to use signatures more than they use encryption. For example, you may not care if anyone knows that you just deposited $1,000 in your account, but you do want to be darn sure it was the bank teller you were dealing with. The basic manner in which digital signatures are created is shown in the following figure. The signature algorithm uses your private key to create the signature and the public key to verify it. If the information can be decrypted with your public key, then it must have originated with you.

12

7.2 HASH FUNCTIONS

The system described above has some problems. It is slow, and it produces an enormous volume of dataat least double the size of the original information. An improvement on the above scheme is the addition of a one-way hash function in the process. A one-way hash function takes variable-length inputin this case, a message of any length, even thousands or millions of bits and produces a fixed-length output; say, 160 bits. The hash function ensures that, if the information is changed in any way even by just one bit an entirely different output value is produced. PGP uses a cryptographically strong hash function on the plaintext the user is signing. This generates a fixed-length data item known as a message digest. (Again, any change to the information results in a totally different digest.) Then PGP uses the digest and the private key to create the signature. PGP transmits the signature and the plaintext together. Upon receipt of the message, the recipient uses PGP to recompute the digest, thus verifying the signature. PGP can encrypt the plaintext or not; signing plaintext is useful if some of the recipients are not interested in or capable of verifying the signature.

13

As long as a secure hash function is used, there is no way to take someones signature from one document and attach it to another, or to alter a signed message in any way. The slightest change to a signed document will cause the digital signature verification process to fail.

Digital signatures play a major role in authenticating and validating the keys of other PGP users.

8. The Advantages of Public-Key Cryptography Compared with Secret-Key Cryptography is as follow: The primary advantage of public-key cryptography is increased security and convenience: private keys never need to transmitted or revealed to anyone. In a secret-key system, by contrast, the secret keys must be transmitted (either manually or through a communication channel), and there may be a chance that an enemy can discover the secret keys during their transmission. Another major advantage of public-key systems is that they can provide a method for digital signatures. Authentication via secret-key systems requires the sharing of some secret and sometimes requires trust of a third party as well. As a result, a sender can repudiate a previously authenticated message by claiming that the shared secret was somehow compromised by one of the parties sharing the secret. For example, the Kerberos secret-key authentication system involves a central database that keeps copies of the secret keys of all users; an attack on the database would allow widespread forgery. Public-key authentication, on the other hand, prevents this type of repudiation; each user has sole responsibility for protecting his or her private key. This property of publickey authentication is often called non-repudiation .

14

9. The disadvantages of Public-Key Cryptography Compared with Secret-Key Cryptography is as follow: A disadvantage of using public-key cryptography for encryption is speed: there are popular secret-key encryption methods that are significantly faster than any currently available publickey encryption method. Nevertheless, public-key cryptography can be used with secret-key cryptography to get the best of both worlds. For encryption, the best solution is to combine public- and secret-key systems in order to get both the security advantages of public-key systems and the speed advantages of secret-key systems. The public-key system can be used to encrypt a secret key which is used to encrypt the bulk of a file or message. Such a protocol is called a digital envelope. Public-key cryptography may be vulnerable to impersonation, however, even if users' private keys are not available. A successful attack on a certification authority will allow an adversary to impersonate whomever the adversary chooses to by using a public-key certificate from the compromised authority to bind a key of the adversary's choice to the name of another user. In some situations, public-key cryptography is not necessary and secretkey cryptography alone is sufficient. This includes environments where secure secret-key agreement can take place, for example by users meeting in private. It also includes environments where a single authority knows and manages all the keys, e.g., a closed banking system. Since the authority knows everyone's keys already, there is not much advantage for some to be "public" and others "private." Also, public-key cryptography is usually not necessary in a single-user environment. For example, if you want to keep your personal files encrypted, you can do so with any secretkey encryption algorithm using, say, your personal password as the secret key. In general, public-key cryptography is best suited for an open multiuser environment. Public-key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure. The first use of public key techniques was for secure key exchange in an otherwise secret-key system ; this is still one of its primary functions. Secret-key cryptography remains extremely important and is the subject of much ongoing study and research. Some secret-key cryptosystems are discussed in the sections on block ciphers and stream ciphers. Why Three Encryption Techniques? The three encryption techniques are used for following reasons: Hash functions : for data integrity Secret-key cryptography: ideally suited to encrypting message public-key cryptography : for Key exchange

15

10. THE SECURITY ARCHITECTURE :

10.1 Security services 1. Authentication 2. Data Confidentiality 3. Data Integrity 4. Non repudiation 5. Availability Services 10.2 Security mechanism 1. Specific security Mechanism 2. Pervasive Security Mechanism 10.3 Security attacks 1. Passive Attacks a. Release of message contents b. Traffic analysis

2.Active Attacks a. Masquerade b. Replay c. Modification of messages d. Denial of services

16

11. APPLICATIONS Computer password. ATM security. Military security Electronic commerce. Authentication of messages. Digital signatures. Interactive proofs Secure compututers Net banking 1 2. EXAMPLES:

The ABC company maintains payroll information for a variety of organizations. This payroll information is frequently transmitted over the Internet from participating companies. For security reasons, the ABC company conducts all of its Internet transactions using public key cryptography. The company owns both a public and a private encryption key. The public key is made available to all participating organizations and in fact is openly available to anyone who wants to download it from the ABC website. The private key is kept secure in a bank vault at ABC headquarters. When the XYZ company wants to transmit its payroll data to the ABC company, it first encrypts the data using the ABC companys public key. Once its encrypted, the scrambled payroll data is transmitted securely over the Internet to the ABC companys processing department. If the information is intercepted along the way, all the interceptors will see is scrambled information. Even if they have the public key, which is very possible, they will not be able to unscramble the information. Only the private key can do that. Once the information is received by ABC, the private key is used to unscramble the information, allowing the processing department to process the payroll.

17

 Using symmetric cryptography the ABC company would have to deliver, through some secure means (such as a courier), a copy of its one and only private key. Since the same key is used to both encrypt and decrypt the information, both sender and receiver must have a copy. So if XYZ is a new client for ABC, ABC must send XYZ a copy of the secret key so that XYZ can then encrypt its payroll information and transmit it to ABC. ABC, using the same key, decrypts XYZs information and processes the payroll data. Since a system is only as strong as its weakest link, key security during transmission becomes as important for XYZ as encrypting the data. As mentioned earlier, public key cryptography lends itself to a new technology called digital signatures. Digital signatures involve a reversing of the normal public/private encryption/decryption process. Here is an example that demonstrates its use. Suppose Mary wants to send the ABC company a request for a special document. Before the ABC company can send that document, they must be assured that the requestor is actually Mary. A digital signature can verify Marys validity to ABC in the following way. Mary first encrypts her name using her private key. She then encrypts the request along with the encrypted name using the ABC companys well-known public key. When the ABC company receives the message, it decrypts the request using its private key and then decrypts the signature using Marys well-publicized public key. If the name decrypts successfully, then it must be Marys signature since she is the only one who could have encrypted it with her secret private key. The request can be safely processed. Digital signatures are gaining popularity in many Internet transactions involving signature verification such as contracts and other legal negotiations as well as court documents. Recent enhancements to digital signatures include digital time stamps. Digital timestamps apply a when criteria to a digital signature by attaching a widely publicized summary number to the signature. That summary number is only produced at some given point in time, essentially linking that signature to a certain date/time. Its an especially effective technology since it doesnt rely on the security of keys. As mentioned earlier that for large documents, use of public key cryptography is prohibitive because transmission speeds are so slow. By using something called a digital envelope, the best of both symmetric (transmission speed) and public key (security) cryptography can be used. Here is an example of how a digital envelope works. Mary wants to send a very large document to her main office overseas. Because of its sensitivity, Mary believes it should be sent using public key cryptography but knows she cant because its too large. She decides to use a digital envelope.

18

 Mary first creates a special session key and uses this key to symmetrically encrypt her document. That is, she uses a symmetric cryptographic algorithm. She then encrypts the session key with her organizations public key. So now the document is encrypted using symmetric cryptography and the key that encrypted it is encrypted using public key cryptography. The encrypted key is called the digital envelope. She then transmits both the key and the document to the main office. At the main office, the companys private key is used to decrypt the session key. Then the session key is used to decrypt the document. Transmission was fast and just as secure as using public key cryptography exclusively [1:24]. Digital envelops offer the benefits of both approaches without sacrificing security..

13. FUTURE ASPECTS :

Crypto Smart Cards Crypto Ring Processors Java Rings Distributed crypto crackers S/MIME Cracking Screen Savers "Chinese Television" crypto crackers 1 4. FUTURE DEVELOPMENTS: QUANTUM CRYPTOGRAPHY AND DNA CRYPTOGRAPHY: DNA Cryptography: DNA cryptography is a new born cryptographic field emerged with the research of DNA computing, in which DNA is used as information carrier and the modern biological technology is used as implementation tool. The vast parallelism and extraordinary information density inherent in DNA molecules are explored for cryptographic purposes such as encryption, authentication, signature, and so on. QUANTUM Cryptography: Quantum cryptography attempts to achieve the same security of information as other forms of cryptography but through the use of photons, or packets of light. The process, though still in experimental stages, makes use of the polarization nature of light and is proving to be a very promising defense against eavesdropping.

19

15. Brief Introduction Of RC4

RC4 is a stream cipher designed by Rivest for RSA Data Security (now RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have scrutinized the algorithm and it is considered secure.

15.1 The use of RC4

RC4 is used for file encryption in products such as RSA SecurPC which is a software utility that encrypts disks and files on both desktop and laptop personal computers. It is also used for secure communications, as in the encryption of traffic to and from secure web sites using the SSL (Secure Sockets Layer) Handshake Protocol which was developed by Netscape Communications Corporation to provide security and privacy over the Internet.

16. CONCLUSION:
With the introduction of computer, the need for automated tools for protecting files & other information stored on the computer, to protect these type of files & our network we use cryptography.

17. REFRENCES
www.cryptography.com www.wikipedia.com www.io.com/~hcexres/power_tools/hyperweb/website1.PDF www.abo.fi/~ipetre/crypto www.google.com www.howstuffworks.com

20