IT430 Assignment No.

2 IDEA Solution (Dated:03-01-2011)

by Fuad Hasan

Assignment IDEA Solution by Fuad Hasan

Mrfuad2007@gmail.com
www.vuzs.net
http://groups.google.com/group/vuzs

Question:-
What are the steps involved in symmetric cryptography? Also
explain key management in conventional cryptography using some
example.

Answer
What is cryptography? (for understanding)
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography
enables you to store sensitive information or transmit it across insecure networks (like the
Internet) so that it cannot be read by anyone except the intended recipient.
While cryptography is the science of securing data, cryptanalysis is the science of analyzing and
breaking secure communication. Classical cryptanalysis involves an interesting combination of
analytical reasoning, application of mathematical tools, pattern finding, patience, determination,
and luck. Cryptanalysts are also called attackers.

Steps involved in symmetric cryptography:

following steps are involved in symmetric cryptography
1- sender creates a ciphertext message by encrypting the plain text message with a symmetric
encryption algorithm and a shared key.
2- the sender sends the ciphertext message to the recipient.
3- the recipient decrypts the ciphertext message into plain text with a shared key.

This Answer is from student on wikianswers..

http://wiki.answers.com/Q/What_are_the_steps_involved_in_symmetric_cryptography_Also_ex
plain_key_management_in_conventional_cryptography_using_some_example#ixzz1A0BRxYFx
Have understanding through the following picture..

Key management and conventional encryption (for understanding)_

Conventional encryption has benefits. It is very fast. It is especially useful for
encrypting data that is not going anywhere. However, conventional encryption alone as
a means for transmitting secure data can be quite expensive simply due to the
difficulty of secure key distribution.
For a sender and recipient to communicate securely using conventional encryption, they must
agree upon a key and keep it secret between themselves. If they are in different physical
locations, they must trust a courier, the Bat Phone, or some other secure communication medium
to prevent the disclosure of the secret key during transmission. Anyone who overhears or
intercepts the key in transit can later read, modify, and forge all information encrypted or
authenticated with that key. From DES to Captain Midnight's Secret Decoder Ring, the persistent
problem with conventional encryption iskey distribution: how do you get the key to the recipient
withoutsomeone intercepting it?

Examples for key management of conventional cryptography:

Caesar's Cipher
An extremely simple example of conventional cryptography is a substitution cipher. A substitution cipher
substitutes one piece of information for another. This is most frequently done by offsetting letters of the
alphabet. Two examples are Captain Midnight's Secret Decoder Ring, which you may have owned when you
were a kid, and Julius Caesar's cipher. In both cases, the algorithm is to offset the alphabet and the key is the
number of characters to offset it.

For example, if we encode the word "SECRET" using Caesar's key value of 3, we offset the
alphabet so that the 3rd letter down (D) begins the alphabet.
So starting with

ABCDEFGHIJKLMNOPQRSTUVWXYZ

and sliding everything up by 3, you get

DEFGHIJKLMNOPQRSTUVWXYZABC

where D=A, E=B, F=C, and so on.

Using this scheme, the plaintext, "SECRET" encrypts as "VHFUHW." To allow someone else to
read the ciphertext, you tell them that the key is 3.

.The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are
block cipher designs which have been designated cryptography standards by the US government
(though DES's designation was finally withdrawn after the AES was adopted).Despite its
deprecation as an official standard, DES (especially its still-approved and much more
secure triple-DES variant) remains quite popular; it is used across a wide range of applications,
from ATM encryptio to e-mail privacy and secure remote access. Many other block ciphers have
been designed and released, with considerable variation in quality. Many have been thoroughly
broken; see Category:Block ciphers.

Stream ciphers, in contrast to the 'block' type, create an arbitrarily long stream of key material,
which is combined with the plaintext bit-by-bit or character-by-character, somewhat like the one-
time pad. In a stream cipher, the output stream is created based on a hidden internal state which
changes as the cipher operates. That internal state is initially set up using the secret key
material. RC4 is a widely used stream cipher; see Category:Stream ciphers.[13] Block ciphers
can be used as stream ciphers; see Block cipher modes of operation.

‐ Triple DES is a variant of DES, Triple DES, provides significantly enhanced security by
executing the core DES algorithm three times in a row. The effect of making the DES encryption
much more difficult to brute force. Triple‐DES is estimated to be 2 to the 56th times more
difficult to break than DES. Triple DES can still be considered a secure encryption algorithm.
Triple DES is also written as 3‐DES or 3DES.

‐ AES (Advanced Encryption Standard) is a symmetric cipher defined in Federal Information

Processing (FIPS) Standard Number 197 in 2001 as the federal government approved encryption
algorithm. The NSA has approved 128‐bit AES for use up to SECRET level and 192‐bit AES for
use up to TOP SECRET level. AES is based upon the Rijndael algorithm, which was invented by
Joan Daemen and Vincent Rijmen. AES specifies three approved key lengths: 128‐bits, 192‐bits
and 256‐bits.