Cryptography Seminar Paper

Ciyptogiaphy Page 10/10/2011
VRS & YRN COLLEGE

SEMINAR

ON

~CRYPTOGRAPHY

Submitted By,
Ms. ROOPA DEVI,
2nd
yr M.C.A, Compuper Science


Table of Contents
ABSTRACT: 4
. INTRODUCTION 3
11 lnformaLlon securlLy and crypLography 6
12 lnLroducLlon Lo securlLy 6
.3 Introduction to cryptography & Quantum cryptography 6
131 lnLroducLlon Lo crypLography 6
132 lnLroducLlon Lo CuanLum crypLography 6
2. WHAT IS CRYPTOGRAPHY 7
2. Advantages oI Classical Cryptography 7
2.2 Disadvantages oI Classical Cryptography 7
3. THE PURPOSE OF CRYPTOGRAPHY 7
4. TYPES OF CRYPTOGRAPHY 8
4. Secret Key Cryptography 8
4.2 Public Key Cryptography (a.k.a. asymmetric cryptography) 8
4.3 Using Keys 9
4.4 Combining Public Key and Secret Key Cryptography 9
5. TYPES OF CRYPTOGRAPHIC ALGORITHMS 9
5. Secret Key Cryptography 10
5.2 Public-Key Cryptography 12
5.3 Hash Functions 13
5.4 Why Three Encryption Techniques 14
5.5 The SigniIicance oI Key Length 16
6. TRUST MODELS 18
6. Kerberos 18
6.2 Public Key CertiIicates and CertiIicate Authorities 19
7. Understanding Digital CertiIicates and CertiIicate Authorities 22
71 CerLlflcaLe Chalns 23
8. DIGITAL SIGNATURES: Signing a Document 24
8. Digital Signature VeriIication 24
8.2 Secure Transmission oI Digitally Signed Documents 24
8.3 Transmitting over an insecure channel 24
9. THE LANGUAGE OF CRYPTOGRAPHY 26
9. Revised Scheme 26

. SECURITY ATTACKS 27
. Solution? 27
.2 Speed 27
.3 Hiding inIormation in pictures 28
.4 Retrieving inIormation Irom pictures 28
. CONCLUSION AND FUTURE SCOPE 29
2. REFERENCES AND FURTHER READING 30


ABSTRACT:

The increased use oI computer & communication systems by industry has increased the theIt oI
proprietary inIormation. Although these threats may require a variety oI counter measures, encryption
is a primary method protecting valuable electronic inIormation. Cryptography is probably the most
important aspect oI communication and network security.

Today's cryptography is more than encryption and decryption. Authentication is as Iundamentally a
part oI our lives as privacy. We use authentication throughout our everyday lives - when we sign our
name to some document Ior instance - and, as we move to a world where our decisions and
agreements are communicated electronically, we need to have electronic techniques Ior providing
authentication.
Cryptography provides mechanisms Ior such procedures. A digital signature binds a document to the
possessor oI a particular key, while a digital timestamp binds a document to its creation at a particular
time. These cryptographic mechanisms can be used to control access to a shared disk drive, a high
security installation, or a pay-per-view TV channel.

While modern cryptography is growing increasingly diverse, cryptography is Iundamentally based on
problems that are diIIicult to solve. A problem may be diIIicult because its solution requires some
secret knowledge, such as decrypting an encrypted message or signing some digital document. The
problem may also be hard because it is intrinsically diIIicult to complete, such as Iinding a message
that produces a given hash value. As we can see that designing the hash Iunctions such that the key
generation and key management becomes more eIIective, eIIicient and dynamic.
Day by day the problem oI having secured transactions on network is becoming critical. It`s a
challenging job to deIine more versatile hash Iunctions in Iront oI the designers. Our paper discusses
the status-co and improvements in hash Iunctions so as to make them more compatible in this world
oI threats and attacks.


INTRODUCTION

The objective oI this paper is to provide the reader with an insight into recent developments in the
Iield oI network security and cryptography, with particular regard to digital signatures .cryptography
was used as a tool to protect national secrets and strategies. The proliIeration oI computers and
communications systems in the 96s brought with it a demand Irom the private sector Ior means to
protect inIormation in digital Iorm and to provide security services. DES, the Data Encryption
Standard, is the most well-known cryptographic mechanism. It remains the standard means Ior
securing electronic commerce Ior many Iinancial institutions around the world. The most striking
development in the history oI cryptography came in 976 when DiIIie and Hellman published New
Directions in Cryptography.
A digital signature oI a message is a number dependent on some secret known only to the signer, and,
additionally, on the content oI the message being signed. Signatures must be veriIiable; iI a dispute
arises as to whether a party signed a document (caused by either a lying signer trying to repudiate a
signature it did create, or a Iraudulent claimant), an unbiased third party should be able to resolve the
matter equitably, without requiring access to the signer`s secret inIormation (private key).
The Iirst method discovered was the RSA signature scheme, Which remains today one oI the most
practical and versatile techniques available. Sub-sequent research has resulted in many alternative
digital signature techniques. The Feige-Fiat-Shamir signature scheme requires a one-way hash
Iunction.
Does increased security provide comIort to paranoid people? Or does security provide some very
basic protections that we are naive to believe that we don't need? During this time when the Internet
provides essential communication between tens oI millions oI people and is being increasingly used
as a tool Ior commerce, security becomes a tremendously important issue to deal with.
There are many aspects to security and many applications, ranging Irom secure commerce and
payments to private communications and protecting passwords. One essential aspect Ior secure
communications is that oI cryptography, which is the Iocus oI this chapter. But it is important to note
that while cryptography is necessary Ior secure communications, it is not by itselI sufficient. The
reader is advised, then, that the topics covered in this chapter only describe the Iirst oI many steps
necessary Ior better security in any number oI situations.
This paper has two major purposes. The Iirst is to deIine some oI the terms and concepts behind basic
cryptographic methods, and to oIIer a way to compare the myriad cryptographic schemes in use today.
The second is to provide some real examples oI cryptography in use today.
I would like to say at the outset that this paper is very Iocused on terms, concepts, and schemes in
current use and is not a treatise oI the whole Iield. No mention is made here about pre-computerized
crypto schemes, the diIIerence between a substitution and transposition cipher, cryptanalysis, or other
history. Interested readers should check out some oI the books in the bibliography below Ior this
detailed and interesting! background inIormation.


.ZXoimatioZ secuiity aZV ciyptogiaphy

Cryptography, an understanding oI issues related to inIormation security in general is necessary.
InIormation security maniIests itselI in many ways according to the situation and requirement. Over
the centuries, an elaborate set oI protocols and mechanisms has been created to deal with inIormation
security issues when the inIormation is conveyed by physical documents. OIten the objectives oI
inIormation security cannot solely be achieved through mathematical algorithms and protocols alone,
but require procedural techniques and abidance oI laws to achieve. The concept oI inIormation will be
taken to be an understood quantity. For example, privacy oI letters is provided by sealed envelopes
delivered by an accepted mail service.

Introduction to security

Why do we need a house at all? Because oI just to live with security and also to saIe guard Irom outer
atmosphere.
So also the organizations needs secrete code to hide inIormation while revealing some secret to
another person without being acknowledged by the third, we need a secrete language. For example iI
the word raja` is to be sent to other secretly just add ka`beIore word, but so that receiver can easily
decode it.
Why any organization gives more important on network security? Because oI in this age oI universal
electronic connectivity, oI viruses and hackers, oI electronic traud so we awareness oI the need to
protect data and protect system Irom network based attacks.
The generic name Ior the collection oI tools designed to protect the data and to thwart hacker is
computer security.
The Network security measures are needed to protect data during their transmission.

Introduction to cryptography & Quantum cryptography
Introduction to cryptograpby
Cryptography is one oI the host authentication technique used in making a network channel secure to
transmit conIidential data.
In cryptographic system, the original intelligible message is known as plaintext is converted in to
random nonsense known as ciphertext. This cipher is transmitted at the receiver end; the random
nonsense is converted back to the plaintext.
In cryptographic system, the algorithm that is used Ior Encryption the plaintext to ciphertext,
decrypting the cipher text to plaintext is kept open, The key that are used Ior encryption and
decryption must be maintained secretly.

Introduction to Quantum cryptograpby
In quantum cryptography by using the quantum mechanics using the quantum mechanics protects the
inIormation by the law oI physics.
The Hinesburg uncertainty principle and Quantum entanglement can be exploited in a system oI
secure communication aIter reIerred to as 'Quantum cryptography.

WHAT IS CRYPTOGRAPHY
W Cryptography -- Irom the Greek Ior 'secret writing -- is the mathematical 'scrambling oI
data so that only someone with the necessary key can 'unscramble it. Cryptography allows
secure transmission oI private inIormation over insecure channels (Ior example packet-
switched networks).
W Cryptography also allows secure storage oI sensitive data on any computer.
Advantages of Classical Cryptography
W There are some very Iast classical encryption (and decryption) algorithms
W Since the speed oI a method varies with the length oI the key, Iaster algorithms allow one to
use longer key values.
W Larger key values make it harder to guess the key value -- and break the code -- by brute
Iorce.
Disadvantages of Classical Cryptography
W #equires secure transmission of key value
W Requires a separate key Ior each group oI people that wishes to exchange encrypted messages
(readable by any group member)
For example, to have a separate key Ior each pair oI people, people would need
495 diIIerent keys.
THE PURPOSE OF CRYPTOGRAPHY
Cryptography is the science oI writing in secret code and is an ancient art; the Iirst documented use oI
cryptography in writing dates back to circa 9 B.C. when an Egyptian scribe used non-standard
hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously
sometime aIter writing was invented, with applications ranging Irom diplomatic missives to war-time
battle plans. It is no surprise, then, that new Iorms oI cryptography came soon aIter the widespread
development oI computer communications. In data and telecommunications, cryptography is
necessary when communicating over any untrusted medium, which includes just about any network,
particularly the Internet.
Within the context oI any application-to-application communication, there are some speciIic security
requirements, including:
O Authentication. The process oI proving one's identity. (The primary Iorms oI host-to-host
authentication on the Internet today are name-based or address-based, both oI which are
notoriously weak.)
O Privacy/confidentiality. Ensuring that no one can read the message except the intended
receiver.
O Integrity. Assuring the receiver that the received message has not been altered in any way
Irom the original.
O Non-repudiation. A mechanism to prove that the sender really sent this message.
Cryptography, then, not only protects data Irom theIt or alteration, but can also be used Ior user
authentication. There are, in general, three types oI cryptographic schemes typically used to
Ciyptogiaphy Page 8 10/10/2011

accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric)
cryptography, and hash Iunctions, each oI which is described below. In all cases, the initial
unencrypted data is reIerred to as plaintext. It is encrypted into ciphertext, which will in turn (usually)
be decrypted into usable plaintext.
In many oI the descriptions below, two communicating parties will be reIerred to as Alice and Bob;
this is the common nomenclature in the crypto Iield and literature to make it easier to identiIy the
communicating parties. II there is a third or Iourth party to the communication, they will be reIerred to
as Carol and Dave. Mallory is a malicious party, Eve is an eavesdropper, and Trent is a trusted third
party.
TYPES OF CRYPTOGRAPHY
W Crypto oIten uses keys:
Algorithm is known to everyone
Only 'keys are secret
W Public key cryptography
Involves the use oI two keys
W Symmetric key cryptography
Involves the use one key
W Hash Iunctions
Involves the use oI no keys
Nothing secret: How can this be useIul?

Secret Key Cryptography
W Single key used to encrypt and decrypt.
W Key must be known by both parties.
W Assuming we live in a hostile environment (otherwise - why the need Ior cryptography?), it
may be hard to share a secret key.

Public Key Cryptography (aa asymmetric cryptography)
W Relatively new Iield - 975 (as Iar as we know, the NSA is not talking).
W Each entity has 2 keys:
private key (a secret)
public key (well known).

Using Keys
W Private keys are used Ior decrypting.
W Public keys are used Ior encrypting.

Combining Public Key and Secret Key Cryptography
The main disadvantage oI public key cryptography is that the process oI encrypting a message, using
the very large keys common to PKI, can cause perIormance problems on all but the most powerIul
computer systems. For this reason, public key and secret key cryptography are oIten combined. The
Iollowing example illustrates how this works:
O Bill wants to communicate secretly with Ann, so he obtains Ann`s public key. He also
generates random numbers to use just Ior this session, known as a session key.
O Bill uses Ann`s public key to scramble the session key.
O Bill sends the scrambled message and the scrambled session key to Ann.
O Ann uses her private key to unscramble Bill`s message and extract the session key.
When Bill and Ann successIully exchange the session key, they no longer need public key
cryptographycommunication can take place using just the session key. For example, public key
encryption is used to send the secret key; when the secret key is exchanged, communication takes
place using secret key encryption.
This solution oIIers the advantages oI both methodsit provides the speed oI secret key encryption
and the security oI public key encryption.
TYPES OF CRYPTOGRAPHIC ALGORITHMS
There are several ways oI classiIying cryptographic algorithms. For purposes oI this paper, they will
be categorized based on the number oI keys that are employed Ior encryption and decryption, and
Iurther deIined by their application and use. The three types oI algorithms that will be discussed are
(Figure ):
O Secret Key Cryptography (SKC): Uses a single key Ior both encryption and decryption
O Public Key Cryptography (PKC): Uses one key Ior encryption and another Ior decryption
O Hash Functions: Uses a mathematical transIormation to irreversibly "encrypt" inIormation


&# 1: 1hree types of cryptography: secret-key, public key, and hash function.

Secret Key Cryptography
With secret key cryptography, a single key is used Ior both encryption and decryption. As shown in
Figure A, the sender uses the key (or some set oI rules) to encrypt the plaintext and sends the
ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and
recover the plaintext. Because a single key is used Ior both Iunctions, secret key cryptography is also
called symmetric encryption.
With this Iorm oI cryptography, it is obvious that the key must be known to both the sender and the
receiver; that, in Iact, is the secret. The biggest diIIiculty with this approach, oI course, is the
distribution oI the key.
Secret key cryptography schemes are generally categorized as being either stream ciphers or block
ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some
Iorm oI Ieedback mechanism so that the key is constantly changing. A block cipher is so-called
because the scheme encrypts one block oI data at a time using the same key on each block. In general,
the same plaintext block will always encrypt to the same ciphertext when using the same key in a
block cipher whereas the same plaintext will encrypt to diIIerent ciphertext in a stream cipher.

Stream ciphers come in several Ilavors but two are worth mentioning here. Self-synchroni:ing stream
ciphers calculate each bit in the keystream as a Iunction oI the previous n bits in the keystream. It is
termed "selI-synchronizing" because the decryption process can stay synchronized with the
encryption process merely by knowing how Iar into the n-bit keystream it is. One problem is error
propagation; a garbled bit in transmission will result in n garbled bits at the receiving side.
Synchronous stream ciphers generate the keystream in a Iashion independent oI the message stream
but by using the same keystream generation Iunction at sender and receiver. While stream ciphers do
not propagate transmission errors, they are, by their nature, periodic so that the keystream will
eventually repeat.
Block ciphers can operate in one oI several modes; the Iollowing Iour are the most important:
O Electronic Codebook (ECB) mode is the simplest, most obvious application: the secret key is
used to encrypt the plaintext block to Iorm a ciphertext block. Two identical plaintext blocks,
then, will always generate the same ciphertext block. Although this is the most common mode
oI block ciphers, it is susceptible to a variety oI brute-Iorce attacks.
O Cipher Block Chaining (CBC) mode adds a Ieedback mechanism to the encryption scheme. In
CBC, the plaintext is exclusively-ORed (XORed) with the previous ciphertext block prior to
encryption. In this mode, two identical blocks oI plaintext never encrypt to the same
ciphertext.
O Cipher Feedback (CFB) mode is a block cipher implementation as a selI-synchronizing
stream cipher. CFB mode allows data to be encrypted in units smaller than the block size,
which might be useIul in some applications such as encrypting interactive terminal input. II
we were using -byte CFB mode, Ior example, each incoming character is placed into a shiIt
register the same size as the block, encrypted, and the block transmitted. At the receiving side,
the ciphertext is decrypted and the extra bits in the block (i.e., everything above and beyond
the one byte) are discarded.
O Output Feedback (OFB) mode is a block cipher implementation conceptually similar to a
synchronous stream cipher. OFB prevents the same plaintext block Irom generating the same
ciphertext block by using an internal Ieedback mechanism that is independent oI both the
plaintext and ciphertext bitstreams.
A nice overview oI these diIIerent modes can be Iound at progressive-coding.com.
Secret key cryptography algorithms that are in use today include:
O Data Encryption Standard (DES). The most common SKC scheme used today, DES was
designed by IBM in the 97s and adopted by the National Bureau oI Standards (NBS) |now
the National Institute Ior Standards and Technology (NIST)| in 977 Ior commercial and
unclassiIied government applications. DES is a block-cipher employing a 56-bit key that
operates on 64-bit blocks. DES has a complex set oI rules and transIormations that were
designed speciIically to yield Iast hardware implementations and slow soItware
implementations, although this latter point is becoming less signiIicant today since the speed
oI computer processors is several orders oI magnitude Iaster today than twenty years ago.
IBM also proposed a 2-bit key Ior DES, which was rejected at the time by the government;
the use oI 2-bit keys was considered in the 99s, however, conversion was never seriously
considered.
DES is deIined in American National Standard X3.92 and three Federal InIormation
Processing Standards (FIPS):
4 FIPS 46-3: DES
4 FIPS 74: Guidelines Ior Implementing and Using the NBS Data Encryption Standard
4 FIPS 8: DES Modes oI Operation

InIormation about vulnerabilities oI DES can be obtained Irom the Electronic Frontier
Foundation.
Two important variants that strengthen DES are:
4 Triple-DES (3DES). A variant oI DES that employs up to three 56-bit keys and
makes three encryption/decryption passes over the block; 3DES is also described in
FIPS 46-3 and is the recommended replacement to DES.
4 DESX. A variant devised by Ron Rivest. By combining 64 additional key bits to the
plaintext prior to encryption, eIIectively increases the keylength to 2 bits.
Public-Key Cryptography
Public-key cryptography has been said to be the most signiIicant new development in cryptography in
the last 3-4 years. Modern PKC was Iirst described publicly by StanIord University proIessor
Martin Hellman and graduate student WhitIield DiIIie in 976. Their paper described a two-key
crypto system in which two parties could engage in a secure communication over a non-secure
communications channel without having to share a secret key.
PKC depends upon the existence oI so-called one-way functions, or mathematical Iunctions that are
easy to computer whereas their inverse Iunction is relatively diIIicult to compute. Let me give you
two simple examples:
. ultiplication vs. factori:ation. Suppose I tell you that I have two numbers, 9 and 6, and
that I want to calculate the product; it should take almost no time to calculate the product,
44. Suppose instead that I tell you that I have a number, 44, and I need you tell me which
pair oI integers I multiplied together to obtain that number. You will eventually come up with
the solution but whereas calculating the product took milliseconds, Iactoring will take longer
because you Iirst need to Iind the 8 pair oI integer Iactors and then determine which one is the
correct pair.
2. Exponentiation vs. logarithms. Suppose I tell you that I want to take the number 3 to the 6th
power; again, it is easy to calculate 3
6
729. But iI I tell you that I have the number 729 and
want you to tell me the two integers that I used, x and y so that log
x
729 y, it will take you
longer to Iind all possible solutions and select the pair that I used.
While the examples above are trivial, they do represent two oI the Iunctional pairs that are used with
PKC; namely, the ease oI multiplication and exponentiation versus the relative diIIiculty oI Iactoring
and calculating logarithms, respectively. The mathematical "trick" in PKC is to Iind a trap door in the
one-way Iunction so that the inverse calculation becomes easy given knowledge oI some item oI
inIormation.
Generic PKC employs two keys that are mathematically related although knowledge oI one key does
not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the
other key is used to decrypt the ciphertext. The important point here is that it does not matter which
ey is applied first, but that both keys are required Ior the process to work (Figure B). Because a
pair oI keys are required, this approach is also called asymmetric cryptography.
In PKC, one oI the keys is designated the public key and may be advertised as widely as the owner
wants. The other key is designated the private key and is never revealed to another party. It is straight
Iorward to send messages under this scheme. Suppose Alice wants to send Bob a message. Alice
encrypts some inIormation using Bob's public key; Bob decrypts the ciphertext using his private key.
This method could be also used to prove who sent a message; Alice, Ior example, could encrypt some

plaintext with her private key; when Bob decrypts using Alice's public key, he knows that Alice sent
the message and Alice cannot deny having sent the message (non-repudiation).
Public-key cryptography algorithms that are in use today Ior key exchange or digital signatures
include:
O #SA. The Iirst, and still most common, PKC implementation, named Ior the three MIT
mathematicians who developed it Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA
today is used in hundreds oI soItware products and can be used Ior key exchange, digital
signatures, or encryption oI small blocks oI data. RSA uses a variable size encryption block
and a variable size key. The key-pair is derived Irom a very large number, n, that is the
product oI two prime numbers chosen according to special rules; these primes may be or
more digits in length each, yielding an n with roughly twice as many digits as the prime
Iactors. The public key inIormation includes n and a derivative oI one oI the Iactors oI n; an
attacker cannot determine the prime Iactors oI n (and, thereIore, the private key) Irom this
inIormation alone and that is what makes the RSA algorithm so secure. (Some descriptions oI
PKC erroneously state that RSA's saIety is due to the diIIiculty in factoring large prime
numbers. In Iact, large prime numbers, like small prime numbers, only have two Iactors!) The
ability Ior computers to Iactor large numbers, and thereIore attack schemes such as RSA, is
rapidly improving and systems today can Iind the prime Iactors oI numbers with more than
2 digits. Nevertheless, iI a large number is created Irom two prime Iactors that are roughly
the same size, there is no known Iactorization algorithm that will solve the problem in a
reasonable amount oI time; a 25 test to Iactor a 2-digit number took .5 years and over
5 years oI compute time (see the Wikipedia article on integer Iactorization.) Regardless, one
presumed protection oI RSA is that users can easily increase the key size to always stay ahead
oI the computer processing curve. As an aside, the patent Ior RSA expired in September 2
which does not appear to have aIIected RSA's popularity one way or the other.
O Digital Signature Algorithm (DSA). The algorithm speciIied in NIST's Digital Signature
Standard (DSS), provides digital signature capability Ior the authentication oI messages.
O ey Exchange Algorithm (EA). A variation on DiIIie-Hellman; proposed as the key
exchange method Ior Capstone.
O &C. A public-key cryptosystem designed by P.J. Smith and based on Lucas sequences. Can
be used Ior encryption and signatures, using integer Iactoring.
For additional inIormation on PKC algorithms, see "Public-Key Encryption", Chapter 8 in Handbook
of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone (CRC Press, 996).
Hash Functions
Hash functions, also called message digests and one-way encryption, are algorithms that, in some
sense, use no key (Figure C). Instead, a Iixed-length hash value is computed based upon the plaintext
that makes it impossible Ior either the contents or length oI the plaintext to be recovered. Hash
algorithms are typically used to provide a digital fingerprint oI a Iile's contents, oIten used to ensure
that the Iile has not been altered by an intruder or virus. Hash Iunctions are also commonly employed
by many operating systems to encrypt passwords. Hash Iunctions, then, provide a measure oI the
integrity oI a Iile.
Hash algorithms that are in common use today include:
O essage Digest (D) algorithms. A series oI byte-oriented algorithms that produce a 28-bit
hash value Irom an arbitrary-length message.
4 D2 (#FC 1319). Designed Ior systems with limited memory, such as smart cards.
(MD2 has been relegated to historical status, per RFC 649.)

4 D4 (#FC 1320). Developed by Rivest, similar to MD2 but designed speciIically Ior
Iast processing in soItware. (MD4 has been relegated to historical status, per RFC
65.)
4 D5 (#FC 1321). Also developed by Rivest aIter potential weaknesses were
reported in MD4; this scheme is similar to MD4 but is slower because more
manipulation is made to the original data. MD5 has been implemented in a large
number oI products although several weaknesses in the algorithm were demonstrated
by German cryptographer Hans Dobbertin in 996 ("Cryptanalysis oI MD5
Compress").
O Secure Hash Algorithm (SHA). Algorithm Ior NIST's Secure Hash Standard (SHS). SHA-
produces a 6-bit hash value and was originally published as FIPS 8- and RFC 374.
FIPS 8-2 (aka SHA-2) describes Iive algorithms in the SHS: SHA- plus SHA-224, SHA-
256, SHA-384, and SHA-52 which can produce hash values that are 224, 256, 384, or 52
bits in length, respectively. SHA-224, -256, -384, and -52 are also described in RFC 4634.
Why Three Encryption Techniques
So, why are there so many diIIerent types oI cryptographic schemes? Why can't we do everything we
need with just one?
The answer is that each scheme is optimized Ior some speciIic application(s). Hash Iunctions, Ior
example, are well-suited Ior ensuring data integrity because any change made to the contents oI a
message will result in the receiver calculating a diIIerent hash value than the one placed in the
transmission by the sender. Since it is highly unlikely that two diIIerent messages will yield the same
hash value, data integrity is ensured to a high degree oI conIidence.
Secret key cryptography, on the other hand, is ideally suited to encrypting messages, thus providing
privacy and conIidentiality. The sender can generate a session key on a per-message basis to encrypt
the message; the receiver, oI course, needs the same session key to decrypt the message.
Key exchange, oI course, is a key application oI public-key cryptography (no pun intended).
Asymmetric schemes can also be used Ior non-repudiation and user authentication; iI the receiver can
obtain the session key encrypted with the sender's private key, then only this sender could have sent
the message. Public-key cryptography could, theoretically, also be used to encrypt messages although
this is rarely done because secret-key cryptography operates about times Iaster than public-key
cryptography.

&# 2: Sample application of the three cryptographic techniques for secure communication.
Figure 2 puts all oI this together and shows how a hybrid cryptographic scheme combines all oI these
Iunctions to Iorm a secure transmission comprising digital signature and digital envelope. In this
example, the sender oI the message is Alice and the receiver is Bob.
A digital envelope comprises an encrypted message and an encrypted session key. Alice uses secret
key cryptography to encrypt her message using the session key, which she generates at random with
each session. Alice then encrypts the session key using Bob's public key. The encrypted message and
encrypted session key together Iorm the digital envelope. Upon receipt, Bob recovers the session
secret key using his private key and then decrypts the encrypted message.
The digital signature is Iormed in two steps. First, Alice computes the hash value oI her message;
next, she encrypts the hash value with her private key. Upon receipt oI the digital signature, Bob
recovers the hash value calculated by Alice by decrypting the digital signature with Alice's public key.
Bob can then apply the hash Iunction to Alice's original message, which he has already decrypted (see
previous paragraph). II the resultant hash value is not the same as the value supplied by Alice, then
Bob knows that the message has been altered; iI the hash values are the same, Bob should believe that
the message he received is identical to the one that Alice sent.
This scheme also provides nonrepudiation since it proves that Alice sent the message; iI the hash
value recovered by Bob using Alice's public key proves that the message has not been altered, then
only Alice could have created the digital signature. Bob also has prooI that he is the intended receiver;
iI he can correctly decrypt the message, then he must have correctly decrypted the session key
meaning that his is the correct private key.

The Significance of Key Length
In a recent article in the industry literature (circa 9/98), a writer made the claim that 56-bit keys do not
provide as suIIicient protection Ior DES today as they did in 975 because computers are times
Iaster today than in 975. ThereIore, the writer went on, we should be using 56,-bit keys today
instead oI 56-bit keys to provide adequate protection. The conclusion was then drawn that because
56,-bit keys are inIeasible (true), we should accept the Iact that we have to live with weak
cryptography (false'). The major error here is that the writer did not take into account that the number
oI possible key values double whenever a single bit is added to the key length; thus, a 57-bit key has
twice as many values as a 56-bit key (because 2
57
is two times 2
56
). In Iact, a 66-bit key would have
24 times the possible values as a 56-bit key.
But this does bring up the issue, what is the precise signiIicance oI key length as it aIIects the level oI
protection?
In cryptography, size does matter. The larger the key, the harder it is to crack a block oI encrypted
data. The reason that large keys oIIer more protection is almost obvious; computers have made it
easier to attack ciphertext by using brute Iorce methods rather than by attacking the mathematics
(which are generally well-known anyway). With a brute Iorce attack, the attacker merely generates
every possible key and applies it to the ciphertext. Any resulting plaintext that makes sense oIIers a
candidate Ior a legitimate key. This was the basis, oI course, oI the EFF's attack on DES.
Until the mid-99s or so, brute Iorce attacks were beyond the capabilities oI computers that were
within the budget oI the attacker community. Today, however, signiIicant compute power is
commonly available and accessible. General purpose computers such as PCs are already being used
Ior brute Iorce attacks. For serious attackers with money to spend, such as some large companies or
governments, Field Programmable Gate Array (FPGA) or Application-SpeciIic Integrated Circuits
(ASIC) technology oIIers the ability to build specialized chips that can provide even Iaster and
cheaper solutions than a PC. Consider that an AT&T ORCA chip (FPGA) costs $2 and can test 3
million DES keys per second, while a $ ASIC chip can test 2 million DES keys per second
(compared to a PC which might be able to test 4, keys per second).
The table below shows what DES key sizes are needed to protect data Irom attackers with diIIerent
time and Iinancial resources. This inIormation is not merely academic; one oI the basic tenets oI any
security system is to have an idea oI what you are protecting and from who are you protecting it! The
table clearly shows that a 4-bit key is essentially worthless today against even the most
unsophisticated attacker. On the other hand, 56-bit keys are Iairly strong unless you might be subject
to some pretty serious corporate or government espionage. But note that even 56-bit keys are
declining in their value and that the times in the table (995 data) are worst cases.


TABLE Minimum Key Lengths for Symmetric Ciphers
Type of Attacer Budget Tool
Time and Cost
Per Key Recovered
Key Length Needed
For Protection
In Late-
bits bits
Pedestrian Hacker
Tiny
Scavanged
computer
time
week InIeasible 45
$4 FPGA
5 hours
($.8)
38 years
($5,)
5
Small Business $, FPGA
2 minutes
($.8)
8 months
($5,)
55
Corporate Department $3K
FPGA
24 seconds
($.8)
9 days
($5,)
6
ASIC
.8 seconds
($.)
3 hours
($38)
Big Company $M
FPGA
7 seconds
($.8)
3 hours
($5,)
7
ASIC
.5 seconds
($.)
6 minutes
($38)
Intelligence Agency $3M ASIC
.2 seconds
($.)
2 seconds
($38)
75


TRUST MODELS
Kerberos
Kerberos is a commonly used authentication scheme on the Internet. Developed by MIT's Project
Athena, Kerberos is named Ior the three-headed dog who, according to Greek mythology, guards the
entrance oI Hades (rather than the exit, Ior some reason!).
Kerberos employs a client/server architecture and provides user-to-server authentication rather than
host-to-host authentication. In this model, security and authentication will be based on secret key
technology where every host on the network has its own secret key. It would clearly be unmanageable
iI every host had to know the keys oI all other hosts so a secure, trusted host somewhere on the
network, known as a Key Distribution Center (KDC), knows the keys Ior all oI the hosts (or at least
some oI the hosts within a portion oI the network, called a realm). In this way, when a new node is
brought online, only the KDC and the new node need to be conIigured with the node's key; keys can
be distributed physically or by some other secure means.
&# 3: Kerberos architecture.

The Kerberos Server/KDC has two main Iunctions (Figure 3), known as the Authentication Server
(AS) and Ticket-Granting Server (TGS). The steps in establishing an authenticated session between
an application client and the application server are:
. The Kerberos client soItware establishes a connection with the Kerberos server's AS Iunction.
The AS Iirst authenticates that the client is who it purports to be. The AS then provides the
client with a secret key Ior this login session (the TGS session key) and a ticket-granting ticket
(TGT), which gives the client permission to talk to the TGS. The ticket has a Iinite liIetime so
that the authentication process is repeated periodically.

2. The client now communicates with the TGS to obtain the Application Server's key so that it
(the client) can establish a connection to the service it wants. The client supplies the TGS with
the TGS session key and TGT; the TGS responds with an application session key (ASK) and
an encrypted Iorm oI the Application Server's secret key; this secret key is never sent on the
network in any other Iorm.
3. The client has now authenticated itselI and can prove its identity to the Application Server by
supplying the Kerberos ticket, application session key, and encrypted Application Server
secret key. The Application Server responds with similarly encrypted inIormation to
authenticate itselI to the client. At this point, the client can initiate the intended service
requests (e.g., Telnet, FTP, HTTP, or e-commerce transaction session establishment).
The current shipping version oI this protocol is Kerberos V5 (described in RFC 5), although
Kerberos V4 still exists and is seeing some use. While the details oI their operation, Iunctional
capabilities, and message Iormats are diIIerent, the conceptual overview above pretty much holds Ior
both. One primary diIIerence is that Kerberos V4 uses only DES to generate keys and encrypt
messages, while V5 allows other schemes to be employed (although DES is still the most widely
algorithm used).
Public Key Certificates and Certificate Authorities
Certificates and Certificate Authorities (CA) are necessary Ior widespread use oI cryptography Ior e-
commerce applications. While a combination oI secret and public key cryptography can solve the
business issues discussed above, crypto cannot alone address the trust issues that must exist between a
customer and vendor in the very Iluid, very dynamic e-commerce relationship. How, Ior example,
does one site obtain another party's public key? How does a recipient determine iI a public key really
belongs to the sender? How does the recipient know that the sender is using their public key Ior a
legitimate purpose Ior which they are authorized? When does a public key expire? How can a key be
revoked in case oI compromise or loss?
The basic concept oI a certiIicate is one that is Iamiliar to all oI us. A driver's license, credit card, or
SCUBA certiIication, Ior example, identiIy us to others, indicate something that we are authorized to
do, have an expiration date, and identiIy the authority that granted the certiIicate.
As complicated as this may sound, it really isn't! Consider driver's licenses. I have one issued by the
State oI Vermont. The license establishes my identity, indicates the type oI vehicles that I can operate
and the Iact that I must wear corrective lenses while doing so, identiIies the issuing authority, and
notes that I am an organ donor. When I drive outside oI Vermont, the other jurisdictions throughout
the U.S. recognize the authority oI Vermont to issue this "certiIicate" and they trust the inIormation it
contains. Now, when I leave the U.S., everything changes. When I am in Canada and many other
countries, they will accept not the Vermont license, per se, but any license issued in the U.S.; some
other countries may not recognize the Vermont driver's license as suIIicient bona Iides that I can
drive. This analogy represents the certiIicate chain, where even certiIicates carry certiIicates.
For purposes oI electronic transactions, certiIicates are digital documents. The speciIic Iunctions oI
the certiIicate include:
O Establish identity. Associate, or bind, a public key to an individual, organization, corporate
position, or other entity.
O Assign authority. Establish what actions the holder may or may not take based upon this
certiIicate.
O Secure confidential information (e.g., encrypting the session's symmetric key Ior data
conIidentiality).

Typically, a certiIicate contains a public key, a name, an expiration date, the name oI the authority
that issued the certiIicate (and, thereIore, is vouching Ior the identity oI the user), a serial number, any
pertinent policies describing how the certiIicate was issued and/or how the certiIicate may be used,
the digital signature oI the certiIicate issuer, and perhaps other inIormation.

&# 4: 1 Cybertrust lobal #oot-issued certificate as viewed
by Aetscape Aavigator J4.

A sample abbreviated certiIicate is shown in Figure 4. This is a typical certiIicate Iound in a browser;
while this one is issued by GTE Cybertrust, many so-called root-level certiIicates can be Iound
shipped with browsers. When the browser makes a connection to a secure Web site, the Web server
sends its public key certiIicate to the browser. The browser then checks the certiIicate's signature
against the public key that it has stored; iI there is a match, the certiIicate is taken as valid and the
Web site veriIied by this certiIicate is considered to be "trusted."


TABLE Contents of an X V Certificate
version number
certiIicate serial number
signature algorithm identiIier
issuer's name and unique identiIier
validity (or operational) period
subject's name and unique identiIier
subject public key inIormation
standard extensions
certiIicate appropriate use deIinition
key usage limitation deIinition
certiIicate policy inIormation
other extensions
Application-speciIic
CA-speciIic

The most widely accepted certiIicate Iormat is the one deIined in International Telecommunication
Union Telecommunication Standardization Sector (ITU-T) Recommendation X.59. Rec. X.59 is a
speciIication used around the world and any applications complying with X.59 can share certiIicates.
Most certiIicates today comply with X.59 Version 3 and contain the inIormation listed in Table 2.
CertiIicate authorities are the repositories Ior public-keys and can be any agency that issues
certiIicates. A company, Ior example, may issue certiIicates to its employees, a college/university to
its students, a store to its customers, an Internet service provider to its users, or a government to its
constituents.
When a sender needs an intended receiver's public key, the sender must get that key Irom the
receiver's CA. That scheme is straight-Iorward iI the sender and receiver have certiIicates issued by
the same CA. II not, how does the sender know to trust the Ioreign CA? One industry wag has noted,
about trust: "You are either born with it or have it granted upon you." Thus, some CAs will be trusted
because they are known to be reputable, such as the CAs operated by AT&T, BBN, Canada Post
Corp., CommerceNet, GTE Cybertrust, MCI, Nortel EnTrust, Thawte, the U.S. Postal Service, and
VeriSign. CAs, in turn, Iorm trust relationships with other CAs. Thus, iI a user queries a Ioreign CA
Ior inIormation, the user may ask to see a list oI CAs that establish a "chain oI trust" back to the user.
One major Ieature to look Ior in a CA is their identiIication policies and procedures. When a user
generates a key pair and Iorwards the public key to a CA, the CA has to check the sender's
identiIication and takes any steps necessary to assure itselI that the request is really coming Irom the
advertised sender. DiIIerent CAs have diIIerent identiIication policies and will, thereIore, be trusted
diIIerently by other CAs. VeriIication oI identity is just oI many issues that are part oI a CA's
CertiIication Practice Statement (CPS) and policies; other issues include how the CA protects the
public keys in its care, how lost or compromised keys are revoked, and how the CA protects its own
private keys.


Understanding Digital Certificates and Certificate Authorities
The ISO X.59 protocol deIines a mechanism called a certiIicate that contains a user`s public key that
is signed by a trusted entity called a certiIicate authority (CA).
CertiIicates contain inIormation used to establish identities over a network in a process called
authentication. Like a driver`s licence, a passport, or other Iorms oI personal identiIication,
certiIicates enable servers and clients to authenticate each other beIore establishing a secure
connection.
CertiIicates are valid only Ior a speciIied time period; when a certiIicate expires, a new one must be
issued. The issuing authority can also revoke certiIicates.
To establish an SSL/TLS connection, you require a server certiIicate at one end oI the connection and
a root certiIicate oI the CA that issued the server certiIicate at the other end.
Server certificate
A server certiIicate certiIies the identity oI a server. The type oI digital certiIicate that is
required by the Secure Gateway is called a server certiIicate
Root certificate
A root certiIicate identiIies the CA that signed the server certiIicate. The root certiIicate
belongs to the CA. This type oI digital certiIicate is required by a client device to veriIy the
server certiIicate.
When establishing an SSL connection with a Web browser on a client device, the server sends its
certiIicate to the client.
When receiving a server certiIicate, the Web browser (Ior example, Internet Explorer) on the client
device checks to see which CA issued the certiIicate and iI the CA is trusted by the client. II the CA is
not trusted, the Web browser prompts the user to accept or decline the certiIicate (eIIectively
accepting or declining the ability to access this site).
When User A receives a message Irom User B, the locally stored inIormation about the CA that
issued the certiIicate is used to veriIy that it did indeed issue the certiIicate. This inIormation is a copy
oI the CA`s own certiIicate and is reIerred to as a root certiIicate.
CertiIicates generally have a common Iormat, usually based on International Telecommunication
Union (ITU) standards. The certiIicate contains inIormation that includes the:
Issuer
The organization that issues the certiIicates.
Subject
The party that is identiIied by the certiIicate.
Period of validity
The certiIicate`s start date and expiration date
Public ey
The subject`s public key used to encrypt data.
Issuer`s signature
The CA`s digital signature on the certiIicate used to guarantee its authenticity.
A number oI companies and organizations currently act as CAs, including VeriSign, Baltimore,
Entrust, and their respective aIIiliates.


Certificate Cbains
Some organizations delegate the responsibility Ior issuing certiIicates to resolve the issue oI
geographical separation between organization units, or that oI applying diIIerent issuing policies to
diIIerent sections oI the organization.
Responsibility Ior issuing certiIicates can be delegated by setting up subordinate CAs. The X.59
standard includes a model Ior setting up a hierarchy oI CAs. In this model, the root CA is at the top oI
the hierarchy and has a selI-signed certiIicate. The CAs that are directly subordinate to the root CA
have CA certiIicates signed by the root CA. CAs under the subordinate CAs in the hierarchy have
their CA certiIicates signed by the subordinate CAs.

This illustration shows the hierarchical structure oI a typical digital certiIicate chain.
CAs can sign their own certiIicates (that is, they are selI-signed) or they can be signed by another CA.
II the certiIicate is selI-signed, they are called root CAs. II they are not selI-signed, they are called
subordinate or intermediate CAs.
II a server certiIicate is signed by a CA with a selI-signed certiIicate, the certiIicate chain is composed
oI exactly two certiIicates: the end entity certiIicate and the root CA. II a user or server certiIicate is
signed by an intermediate CA, the certiIicate chain is longer.
The Iollowing Iigure shows the Iirst two elements are the end entity certiIicate (in this case,
gwy.company.com) and the certiIicate oI the intermediate CA, in that order. The intermediate CA`s
certiIicate is Iollowed by the certiIicate oI its CA. This listing continues until the last certiIicate in the
list is Ior a root CA. Each certiIicate in the chain attests to the identity oI the previous certiIicate.

This illustration shows a typical digital certiIicate chain.

DIGITAL SIGNATURES: Signing a Document
W Alice applies a (publicly known) hash function to a document that she wishes to 'sign. This
Iunction produces a digest oI the document (usually a number).
W Alice then uses her private key to 'encrypt the digest.
W She can then send, or even broadcast, the document with the encrypted digest.
W Public key cryptography is also used to provide digital signatures.

Digital Signature Verification
W Bob uses Alice`s public key to 'decrypt the digest that Alice 'encrypted with her private
key.
W Bob applies the hash Iunction to the document to obtain the digest directly.
W Bob compares these two values Ior the digest. II they match, it proves that Alice signed the
document and that no one else has altered it.
Secure Transmission of Digitally Signed Documents
W Alice uses her private key to digitally sign a document. She then uses Bob`s public key to
encrypt this digitally signed document.
W Bob uses his private key to decrypt the document. The result is Alice`s digitally signed
document.
W Bob uses Alice`s public key to veriIy Alice`s digital signature.
Transmitting over an insecure channel
W Alice wants to send Bob a private message.
W Apublic is Alice`s public key.
W Aprivate is Alice`s private key.
W Bpublic is Bob`s public key.
W Bprivate is Bob`s private key.


THE LANGUAGE OF CRYPTOGRAPHY

Bob`s Dilemma
W Nobody can read the message Irom Alice, but anyone could produce it.
W How does Bob know that the message was really sent Irom Alice?
W Bob may be comIorted to know that only Alice can read his reply.
Alice can sign her message!
W Alice can create a digital signature and prove she sent the message (or someone with
knowledge oI her private key).
W The signature can be a message digest encrypted with A
private
.

Revised Scheme


SECURITY ATTACKS
W Types oI security attacks
Denial of service attacks
W Use a network oI computers to overload
servers and cause them to crash or become unavailable to legitimate users
W Distributed denial oI service attack comes Irom multiple computers
'iruses
W Computer programs that corrupt or delete Iiles
W Sent as attachments or embedded in other Iiles
eb defacing
W Hackers illegally change the content oI a Web site

Solution?
W Always start your messages with:
Dear Name,
W Create a digest Irom the encrypted message and sign that digest.
W There are many other schemes as well.
Speed
W Secret key encryption/decryption algorithms are much Iaster than public key algorithms.
W Many times a combination is used:
use public key cryptography to share a secret key.
use the secret key to encrypt the bulk oI the communication.

Hiding information in pictures

Retrieving information from pictures


CONCLUSION AND FUTURE SCOPE

Quantum cryptography promises to revolutionize secure communication by
providing security based on the Iundamental laws oI physics, instead oI the current state
oI mathematical algorithms or computing technology. The devices Ior implementing such
methods exist and the perIormance oI demonstration systems is being continuously
improved. Within the next Iew years, iI not months, such systems could start encrypting
some oI the most valuable secrets oI government and industry.
Future developments will Iocus on Iaster photon detectors, a major Iactor limiting
the development oI practical systems Ior widespread commercial use. Chip Elliott, BBN's
principal engineer, says the company is working with the University oI Rochester and
NIST's Boulder Laboratories in Colorado to develop practical superconducting photon
detectors based on niobium nitride, which would operate at 4 K and GHz.
The ultimate goal is to make QKD more reliable, integrate it with today's
telecommunications inIrastructure, and increase the transmission distance and rate oI key
generation. Thus the Long-term goals oI quantum key distribution are the realistic
implementation via Iibers, Ior example, Ior diIIerent buildings oI a bank or company ,
and Iree space key exchange via satellites. Quantum cryptography already provides the
most advanced technology oI quantum inIormation science, and is on the way to achieve
the (quantum) jump Irom university laboratories to the real world.


REFERENCES AND FURTHER READING
4 BamIord, J. (983). The Pu::le Palace. Inside the National Security Agency,
Americas most secret intelligence organi:ation. New York: Penguin Books.
4 Denning, D.E. (982). Cryptography and Data Security. Reading, MA: Addison-
Wesley.
4 Kessler, G.C. (999, October). Basics oI Cryptography and Applications Ior
Windows NT. indows NT aga:ine.
4 Electronic Frontier Foundation. (998). Cracking DES. Secrets of Encryption
#esearch, iretap Politics & Chip Design. Sebastopol, CA: O'Reilly & Associates.
4 Ferguson, N., Schneier, B., & Kohno, T. (2). Cryptography Engineering. Design
Principles and Practical Applications. New York: John Wiley & Sons.
4 Grant, G.L. (997). &nderstanding Digital Signatures. Establishing Trust over the
Internet and Other Networks. New York: Computing McGraw-Hill.
4 On the Web:
Cryptography Research Inc.'s cryptography.com Site
CryptoLog: The Internet Guide to Cryptography
International Computer Security Association WWW Site
Ron Rivest's "Cryptography and Security" Page

Cryptography Seminar Paper

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cryptography Seminar Paper

Hochgeladen von

Copyright:

Verfügbare Formate

Ciyptogiaphy Page 10/10/2011

VRS & YRN COLLEGE

Das könnte Ihnen auch gefallen