Beruflich Dokumente
Kultur Dokumente
Introduction to Cryptography:
In the era of information technology, the possibility that the information stored in a persons computer or the information that are being transferred through network of computers or internet being read by other people is very high. This causes a major concern for privacy, identity theft, electronic payments, corporate security, military Communications and many others. We need an efficient and simple way of securing the electronic documents from being read or used by people other than who are authorized to do it. Cryptography is a standard way of securing the electronic documents.
1.2 Basic Terminologies used in Cryptography: Data that can be read and understood without any special measures is called plaintext or cleartext. This is the message or data that has to be secured. The method of disguising plain text in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption. Cryptography is the science of mathematics to encrypt and decrypt data. Cryptography enables us to store sensitive information or transmit it across insecure networks like Internet so that no one else other the intended recipient can read it. Cryptanalysis is the art of breaking Ciphers that is retrieving the original message without knowing the proper key. Cryptography deals with all aspects of secure messaging, authentication, digital signatures, electronic money, and other applications.
2 . DEVELOPMENT OF CRYPTOGRAPHY
The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine, provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper. The development of cryptography has been paralleled by the development of cryptanalysis the "breaking" of codes and ciphers. The discovery and application, early on, of frequency analysis to the reading of encrypted communications has on occasion altered the course of history. Thus the Zimmermann Telegram triggered the United States' entry into World War I; and Allied reading of Nazi Germany's ciphers shortened World War II, in some evaluations by as much as two years. Until the 1970s, secure cryptography was largely the preserve of governments. Two events have since brought it squarely into the public domain: the creation of a public encryption standard (DES), and the invention of public-key cryptography. 3. NEED OF CRYPTOGRAPHY The main use of cryptography is mentioned below: 1) Private or confidentiality 2) Data integrity 3) Authentication 4) Non-repudation
1.Confidentiality is a service used to keep the content of information from all but those authorized to posses it. Secrecy is a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. 2. Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution. 3. Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other.Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. For these reasons this aspect of cryptog-raphy is usually subdivided into two major classes: entityauthentication and dataorigin authentication. Data origin authentication implicitly provides data integrity (for if a message is modified, the source has changed). 4. Non-repudiation is a service which prevents an entity from denying previous commitments or actions. When disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary. For example, one entity may authorize the purchase of property by another entity and later deny such autho-rization was granted. A procedure involving a trusted third party is needed to resolve the dispute. A fundamental goal of cryptography is to adequately address these four areas in both theory and practice. Cryptography is about the prevention and detection of cheating and other malicious activities and to secure what you have as sensitive information
CRYPTOLOGY
CRYPTOGRAPHY
CRYPTANALYSIS
Public Key
Block Cipher
Stream Cipher
Integer Factorization
Discrete Logarithm
4. BASICS OF CRYPTOGRAPHY
ENCRYPTION:Procedure to convert plain text into cipher text.
Decryption is exactly opposite of encryption. Encryption transforms a plain text message into cipher text, where decryption transforms a cipher text message back into plain text.
Algorithm
Key
Cryptographic Algorithms:
Cryptographic algorithms are mathematical functions that are used in the encryption and decryption process. A cryptographic algorithms works in combination with a key (a number, word or phrase), to encrypt the plain text. Same plain text encrypts to different cipher texts for different keys. Strength of a cryptosystems depends on the strength of the algorithm and the secrecy of the key.
5.1 SECRET KEY CRYPTOGRAPHY:Secret key cryptography is also known as symmetric key cryptography. With this type of cryptography, both the sender and the receiver know the same secret code, called the key. Messages are encrypted by the sender using the key and decrypted by the receiver using the same key. This method works well if you are communicating with only a limited number of people, but it becomes impractical to exchange secret keys with large numbers of people. In addition, there is also the problem of how you communicate the secret key securely. The figure given below shows secret key cryptography.
Plaintext
Encryption
Ciphertext
Decryption
Plaintext
5.1.1 TYPES OF SECRET KEY CRYPTOGRAPHY: STREAM CIPHERS: Stream ciphers operate on a single bit (byte or computer word) at a time, and implement some form of feedback mechanism so that the key is constantly changing. BLOCK CIPHERS : The scheme encrypts one block of data at a time using the same key on each block.
STREAM CIPHERS
Stream ciphers come in several flavors but two are worth mentioning here : Self-synchronizing stream ciphers calculate each bit in the key stream as a function of the previous n bits in the key stream. Synchronous stream ciphers generate the key stream in a fashion Independent of the message stream but by using the same key stream generation function at sender and receiver.
BLOCK CIPHERS
Block ciphers can operate in one of several modes; the following four are the most important: Electronic Codebook (ECB) mode : Cipher Block Chaining (CBC) mode : Cipher Feedback (CFB) mode : Output Feedback (OFB) mode Symmetric Key Cryptographic Algorithms: The symmetric key cryptographic algorithms are as follow:a) DES b) TRIPLE-DES c) BLOWFISH d) IDEA e) RC4 f) RC5 g) TwoFish
5.2 PUBLIC KEY CRYPTOGRAPHY:Public key cryptography, also called asymmetric encryption, uses a pair of keys for encryption and decryption. With public key cryptography, keys work in pairs of matched public and private keys. The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Because these keys work only as a pair, encryption initiated with the public key can be decrypted only with the corresponding private key. The following example illustrates how public key cryptography works: Ann wants to communicate secretly with Bill. Ann encrypts her message using Bills public key (which Bill made available to everyone) and Ann sends the scrambled message to Bill. When Bill receives the message, he uses his private key to unscramble the message so that he can read it. When Bill sends a reply to Ann, he scrambles the message using Anns public key. When Ann receives Bills reply, she uses her private key to unscramble his message.
The major advantage asymmetric encryption offers over symmetric key cryptography is that senders and receivers do not have to communicate keys up possible using the public keys.
Public-key
private-key
Plaintext
Encryption
Ciphertext
Decryption
Plaintext
6. HOW PGP (Pretty Good Network) WORKS :PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. The session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipients public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.
Decryption works in the reverse. The recipients copy of PGP uses his or herprivate key to recover the session key, which PGP then uses to decrypt the conventionally encrypted Cipher text.
10
7. KEYS: A key is a value that works with a cryptographic algorithm to produce a specific
ciphertext. Keys are basically really, really, really big numbers.Key size is measured in bits; the number representing a 2048-bit key is darn huge. In public-key cryptography, the bigger the key, the more secure the ciphertext. However, public key size and conventional cryptographys secret key size are totally unrelated. A conventional 80-bit key has the equivalent strength of a 1024-bit public key. A conventional 128- bit key is equivalent to a 3000-bit public key. Again, the bigger the key, the more secure, but the algorithms used for each type of cryptography are very different and thus comparison is like that of apples to oranges. While the public and private keys are mathematically related, its very difficult to derive the private key given only the public key; however, deriving the private key is always possible given enough time and computing power. This makes it very important to pick keys of the right size; large enough to be secure, but small enough to be applied fairly quickly. Additionally, you need to consider who might be trying to read your files, how determined they are,how much time they have, and what their resources might be. Larger keys will be cryptographically secure for a longer period of time. If what you want to encrypt needs to be hidden for many years, you might want to use a very large key. Of course, who knows how long it will take to determine your key using tomorrows faster, more efficient computers?There was a time when a 56-bit symmetric key was considered extremely safe.
11
Current thinking is that 128-bit keys will be safe indefinitely, at least until someone invents a usable quantum computer. We also believe that 256-bit keys will be safe indefinitely, even if someone invents a quantum computer. This is why the AES includes options for 128 and 256bit keys. But history tells is that its quite possible someone will think this statement amusingly quaint in a few decades. Keys are stored in encrypted form. PGP stores the keys in two files on your hard disk; one for public keys and one for private keys. These files are called keyrings. As you use PGP, you will typically add the public keys of your recipients to your public key ring. Your private keys are stored on your private keyring. If you lose your private keyring you will be unable to decrypt any information encrypted to keys on that ring. Consequently, its a good idea to keep good backups. 7.1 DIGITAL SIGNATURES: A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures let the recipient of information verify the authenticity of the informations origin, and also verify that the information was not altered while in transit. Thus, public key digital signatures provide authentication and data integrity. These features are every bit as fundamental to cryptography as privacy, if not more. A digital signature serves the same purpose as a seal on a document, or a handwritten signature. However, because of the way it is created, it is superior to a seal or signature in an important way. A digital signature not only attests to the identity of the signer, but it also shows that the contents of the information signed has not been modified. A physical seal or handwritten signature cannot do that. However, like a physical seal that can be created by anyone with possession of the signet, a digital signature can be created by anyone with the private key of that signing keypair. Some people tend to use signatures more than they use encryption. For example, you may not care if anyone knows that you just deposited $1,000 in your account, but you do want to be darn sure it was the bank teller you were dealing with. The basic manner in which digital signatures are created is shown in the following figure. The signature algorithm uses your private key to create the signature and the public key to verify it. If the information can be decrypted with your public key, then it must have originated with you.
12
13
As long as a secure hash function is used, there is no way to take someones signature from one document and attach it to another, or to alter a signed message in any way. The slightest change to a signed document will cause the digital signature verification process to fail.
Digital signatures play a major role in authenticating and validating the keys of other PGP users.
8. The Advantages of Public-Key Cryptography Compared with Secret-Key Cryptography is as follow: The primary advantage of public-key cryptography is increased security and convenience: private keys never need to transmitted or revealed to anyone. In a secret-key system, by contrast, the secret keys must be transmitted (either manually or through a communication channel), and there may be a chance that an enemy can discover the secret keys during their transmission. Another major advantage of public-key systems is that they can provide a method for digital signatures. Authentication via secret-key systems requires the sharing of some secret and sometimes requires trust of a third party as well. As a result, a sender can repudiate a previously authenticated message by claiming that the shared secret was somehow compromised by one of the parties sharing the secret. For example, the Kerberos secret-key authentication system involves a central database that keeps copies of the secret keys of all users; an attack on the database would allow widespread forgery. Public-key authentication, on the other hand, prevents this type of repudiation; each user has sole responsibility for protecting his or her private key. This property of publickey authentication is often called non-repudiation .
14
9. The disadvantages of Public-Key Cryptography Compared with Secret-Key Cryptography is as follow: A disadvantage of using public-key cryptography for encryption is speed: there are popular secret-key encryption methods that are significantly faster than any currently available publickey encryption method. Nevertheless, public-key cryptography can be used with secret-key cryptography to get the best of both worlds. For encryption, the best solution is to combine public- and secret-key systems in order to get both the security advantages of public-key systems and the speed advantages of secret-key systems. The public-key system can be used to encrypt a secret key which is used to encrypt the bulk of a file or message. Such a protocol is called a digital envelope. Public-key cryptography may be vulnerable to impersonation, however, even if users' private keys are not available. A successful attack on a certification authority will allow an adversary to impersonate whomever the adversary chooses to by using a public-key certificate from the compromised authority to bind a key of the adversary's choice to the name of another user. In some situations, public-key cryptography is not necessary and secretkey cryptography alone is sufficient. This includes environments where secure secret-key agreement can take place, for example by users meeting in private. It also includes environments where a single authority knows and manages all the keys, e.g., a closed banking system. Since the authority knows everyone's keys already, there is not much advantage for some to be "public" and others "private." Also, public-key cryptography is usually not necessary in a single-user environment. For example, if you want to keep your personal files encrypted, you can do so with any secretkey encryption algorithm using, say, your personal password as the secret key. In general, public-key cryptography is best suited for an open multiuser environment. Public-key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure. The first use of public key techniques was for secure key exchange in an otherwise secret-key system ; this is still one of its primary functions. Secret-key cryptography remains extremely important and is the subject of much ongoing study and research. Some secret-key cryptosystems are discussed in the sections on block ciphers and stream ciphers. Why Three Encryption Techniques? The three encryption techniques are used for following reasons: Hash functions : for data integrity Secret-key cryptography: ideally suited to encrypting message public-key cryptography : for Key exchange
15
16
11. APPLICATIONS Computer password. ATM security. Military security Electronic commerce. Authentication of messages. Digital signatures. Interactive proofs Secure compututers Net banking 1 2. EXAMPLES:
The ABC company maintains payroll information for a variety of organizations. This payroll information is frequently transmitted over the Internet from participating companies. For security reasons, the ABC company conducts all of its Internet transactions using public key cryptography. The company owns both a public and a private encryption key. The public key is made available to all participating organizations and in fact is openly available to anyone who wants to download it from the ABC website. The private key is kept secure in a bank vault at ABC headquarters. When the XYZ company wants to transmit its payroll data to the ABC company, it first encrypts the data using the ABC companys public key. Once its encrypted, the scrambled payroll data is transmitted securely over the Internet to the ABC companys processing department. If the information is intercepted along the way, all the interceptors will see is scrambled information. Even if they have the public key, which is very possible, they will not be able to unscramble the information. Only the private key can do that. Once the information is received by ABC, the private key is used to unscramble the information, allowing the processing department to process the payroll.
17
Using symmetric cryptography the ABC company would have to deliver, through some secure means (such as a courier), a copy of its one and only private key. Since the same key is used to both encrypt and decrypt the information, both sender and receiver must have a copy. So if XYZ is a new client for ABC, ABC must send XYZ a copy of the secret key so that XYZ can then encrypt its payroll information and transmit it to ABC. ABC, using the same key, decrypts XYZs information and processes the payroll data. Since a system is only as strong as its weakest link, key security during transmission becomes as important for XYZ as encrypting the data. As mentioned earlier, public key cryptography lends itself to a new technology called digital signatures. Digital signatures involve a reversing of the normal public/private encryption/decryption process. Here is an example that demonstrates its use. Suppose Mary wants to send the ABC company a request for a special document. Before the ABC company can send that document, they must be assured that the requestor is actually Mary. A digital signature can verify Marys validity to ABC in the following way. Mary first encrypts her name using her private key. She then encrypts the request along with the encrypted name using the ABC companys well-known public key. When the ABC company receives the message, it decrypts the request using its private key and then decrypts the signature using Marys well-publicized public key. If the name decrypts successfully, then it must be Marys signature since she is the only one who could have encrypted it with her secret private key. The request can be safely processed. Digital signatures are gaining popularity in many Internet transactions involving signature verification such as contracts and other legal negotiations as well as court documents. Recent enhancements to digital signatures include digital time stamps. Digital timestamps apply a when criteria to a digital signature by attaching a widely publicized summary number to the signature. That summary number is only produced at some given point in time, essentially linking that signature to a certain date/time. Its an especially effective technology since it doesnt rely on the security of keys. As mentioned earlier that for large documents, use of public key cryptography is prohibitive because transmission speeds are so slow. By using something called a digital envelope, the best of both symmetric (transmission speed) and public key (security) cryptography can be used. Here is an example of how a digital envelope works. Mary wants to send a very large document to her main office overseas. Because of its sensitivity, Mary believes it should be sent using public key cryptography but knows she cant because its too large. She decides to use a digital envelope.
18
Mary first creates a special session key and uses this key to symmetrically encrypt her document. That is, she uses a symmetric cryptographic algorithm. She then encrypts the session key with her organizations public key. So now the document is encrypted using symmetric cryptography and the key that encrypted it is encrypted using public key cryptography. The encrypted key is called the digital envelope. She then transmits both the key and the document to the main office. At the main office, the companys private key is used to decrypt the session key. Then the session key is used to decrypt the document. Transmission was fast and just as secure as using public key cryptography exclusively [1:24]. Digital envelops offer the benefits of both approaches without sacrificing security..
19
16. CONCLUSION:
With the introduction of computer, the need for automated tools for protecting files & other information stored on the computer, to protect these type of files & our network we use cryptography.
17. REFRENCES
www.cryptography.com www.wikipedia.com www.io.com/~hcexres/power_tools/hyperweb/website1.PDF www.abo.fi/~ipetre/crypto www.google.com www.howstuffworks.com
20