Cryptography: Latika Arora, IT/06/321
Cryptography: Latika Arora, IT/06/321
Cryptography: Latika Arora, IT/06/321
ABSTRACT The present century has been one of many scientific discoveries and technological advancements. With the advent of technology came the issue of security. As computing systems became more complicated, there was an increasing need for security. Network Security is becoming more and more crucial as the volume of data being exchanged on the Internet increases. Security is a broad topic and covers a multitude of sins. Malicious people trying to gain some benefit, get attention or to harm someone intentionally cause most security problems. Network security problems can be roughly divided into 4 closely intertwined areas. They are: A. Privacy: Privacy means that the sender and the receiver expect the confidentiality. The Transmitted message should make sense to only the intended receiver and to all others it is unintelligible. Authentication: Ensures that the sender and the receiver are who they are claiming to be B. .Data integrity: Ensure that data is not changed from source to destination. C..Non-repudiation: Ensures that the sender has strong evidence that the receiver has received the message, and the
receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message. This paper deals with cryptography, which is one of the methods to provide security. It is needed to make sure that information is hidden from anyone for whom it is not intended. It involves the use of a cryptographic algorithm used in the encryption and decryption process. It works in combination with the key to encrypt the plain text. Public key cryptography provides a method to involve digital signatures, which provide authentication and data integrity. I.INTRODUCTION The goal of cryptography is to make it possible that two people to exchange a message in such a way that other people cannot understand. There is no end that number of ways this can be done, but here we will be concerned with the methods of altering the text in such a way that the recipient can undo the alteration and discover the original text.
The basic functionality of cryptography is to hide information. Its operation typically includes two processes: Encryption as the process of transforming information so that it is unintelligible to an intruder, and Decryption as the process of
all of todays computing power and available timeeven a billion computers doing a billion checks a secondit is not possible to decipher the result of strong cryptography before the end of the universe. B.How does cryptography work? A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in Combination with a keya word, number, or phraseto encrypt the plaintext. The same plaintext encrypts to different cipher text with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work, comprise a cryptosystem. PGP is a cryptosystem. C.Keys use in cryptography A key is a value that works with a cryptographic algorithm to produce a specific cipher text. Keys are basically really, really, really big numbers. Key size is measured in bits; the number representing a 2048-bit key is huge. In publickey cryptography, the bigger the key, the more secure the cipher text. However, public key size and conventional cryptographys secret key size
transforming the encrypted information so that it is intelligible again. Data that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called cipher text. We use encryption to make sure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.
Strong cryptography Cryptography can be strong or weak, as explained above. Cryptographic strength is measured in the time and resources it would require to recover the plaintext. The result of strong cryptography is cipher text that is very difficult to decipher without possession of the appropriate decoding tool. How difficult? Given
are totally unrelated. A conventional 80-bit key has the equivalent strength of a 1024-bit public key. A conventional 128-bit key is equivalent to a 3000-bit public key. Again, the bigger the key, the more secure, but the algorithms used for each type of cryptography are very different. While
the public and private keys are mathematically related, its very difficult to derive the private key given only the public key; however, deriving the private key is always possible given enough time and computing power. This makes it very important to pick keys of the right size; large enough to be secure, but small enough to be applied fairly quickly. Larger keys will be cryptographically secure for a longer period of time. Keys are stored in encrypted form. PGP stores the keys in two files on your hard disk; one for public keys and one for private keys.These files are called key rin gs.If you lose your private key ring you will be unable to decrypt any information encrypted to keys on that ring. D.Types of Cryptography 1.)Public key Crptography Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private key (secret key) for decryption. It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. Public-key cryptography is a cryptographic approach which involves the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. The asymmetric key algorithms are used to create a mathematically related key pair: a secret private key and a published public key. Use of these keys allows protection of the authenticity of a message by creating a digital signature of a message using the private key, which can be verified using the public key. It also allows protection of the confidentiality and integrity of a message, by public key encryption, encrypting the message using the public key, which can only be decrypted using the private key. The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. Some examples of publickey cryptosystems are Elgamal, RSA, DiffieHellman and DSA, the Digital Signature Algorithm. 2.)Private key Cryptography Public key cryptography also known as symmetric key cryptography uses a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both
encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance. The Data Encryption Standard (DES) is an example of a conventional cryptosystem that is widely employed by the U.S. government.
it attests to the contents of the information as well as to the identity of the signer. Digital signatures is basically a message signed with a sender's private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender had access to the private key (and therefore is likely to be the person associated with the public key used), and the part of the message that has not been tampered with.
3.) Digital Signatures A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures let the recipient of information verify the authenticity of the informations origin, and also verify that the information was not altered while in transit. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These feature sare every bit as fundamental to cryptography as privacy, if not more. A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus 4.)Hash Function The system described above has some problems. It is slow, and it produces an enormous volume of dataat least double the size of the original information. An improvement on the above scheme is the addition of a one-way hash function in the process. A one-way hash function takes variable-length input in this case, a message of any length, even thousands or millions of bitsand produces a fixed-length output; say, 160 bits. The hash function ensures that, if the information is changed in any way
even by just one bitan entirely different output value is produced. PGP uses a cryptographically strong hash function on the plaintext the user
electronic information against threats from a variety of potential attackers. Public key cryptography, is the most important technology in modern cryptographic schemes to address issues like key management, authentication, non-repudiation and digital signature cryptosystems with smaller key lengths offer virtually no security. Symmetric-key systems offer an advantage over the public-key systems. Private keys in public-key systems are much larger. III.REFERENCES i. Cryptography and Network Security,
is signing.
This generates a fixed-length data item known as a message digest. Then PGP uses the digest and the private key to create the signature. PGP transmits the signature and the plaintext together. Upon receipt of the message, the recipient uses PGP to recompute the digest, thus verifying the signature. PGP can encrypt the plaintext or not; signing plaintext is useful if some of the recipients are not interested in or capable of verifying the signature. As long as a secure hash function is used, there is no way to take someones signature from one document and attach it to another, or to alter a signed message in any way. The slightest change to a signed document will cause the digital signature verification process to fail. Digital signatures play a major role in authenticating and validating the keys of other PGP users.
Principles and Practices --- (Third Edition)-William Stallings. ii. A Method for obtaining Digital Signatures
II.CONCLUSION As the proverb says that Even a crow can peck an elephant which is stuck in the mud. Even though we are providing high security by cryptography there are many pitfalls in it also. Nothing in the world is 100% secured. Cryptography is one of the way to provide network security but it is not only the path to achieve network security. There is no gain saying the fact that cryptography plays an essential role in protecting the privacy of
iii.