Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Chapter I

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 14

ITIS 3102 (Cryptography & Security Risk Management) CRYPTOGRAPHY

CHAPTER-1

Cryptography is the art of secret writing i.e. the art of ensuring that messages are secure from those recipients to whom it is not addressed. The science of using mathematics to encrypt and decrypt DATA. The simplified model of conventional encryption is given below Plaintext Input Encryption Algorithm Decryption Algorithm Plaintext Input

Secret Key Plaintext

Secret Key

Data that can be read and understood without any special measures is called plaintext or clear text. Cipher text & Encryption The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called cipher text. Decryption The process of reverting cipher text to its original plaintext is called decryption THE PURPOSE OF CRYPTOGRAPHY In data and telecommunications, cryptography is necessary when communicating over any un trusted medium, which includes just about any network, particularly the Internet. Within the context of any application-to-application communication, there are some specific security requirements, including:

Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) The verification of data integrity and data origin

ITIS 3102 (Cryptography & Security Risk Management)


CHAPTER-1

Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.

TYPE OF CRYPTOSYSTEM There are, in general, three types of cryptographic schemes typically used to accomplish these goals:

Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information

The initial unencrypted data is referred to as plaintext. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext.

FIGURE 1: Three types of cryptography: secret-key, public key, and hash function.

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Classic Ciphers Substitution ciphers: one letter is exchanged for another Transposition ciphers: order of letters is rearranged Substitution Cipher(Caesar Cipher) Each letter is replaced by another letter The key k is a number in the range 1 25 e.g. Caesar ciphercircularly shift by 3 letters a -> D, b -> E, z -> C more generally, shift by k letters, k is the key

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Caesar Cipher It is monoalphabetic cipher uses addition modulo 26 Each letter is identified with a number: So, the general Caesar Cipher is Ci = Ek(Mi) = E(k,Mi) = (Mi+k) mod 26 Mi = Dk(Ci) = D(k,Ci) = (Ci-k) mod 26 For example: Plaintext: treaty impossible Key 3 Ciphertext: wuhdwb lpsrvvleoh That is, Ci=E[3, Mi]=Mi+3 mod 26 Plain text : meet me after the party Cipher text : PHHW PH DIWHU WKH SDUWB
Substitution Cipher (Tap Code) Each letter is replaced by a number of beeps

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Substitution Cipher( Pigpen Cipher)


Each letter is replaced by an art

Substitution Cipher ( Vigenre Cipher )


Polyalphabetic ciphers flatten the frequency distribution of the plaintext considerably. Vigenre Cipher is an example of polyalphabetic ciphers - use different monoalphabetic substitutions as one proceeds through the plaintext message For example: Plaintext(M): meet me at ten Key (K): badb ad ba dba Ciphertext(C): nehu mh bt wfn where C=M+K mod 26

One-Time Pads
One-time pads: construct an unbreakable cipher Choose a random bit string as the key Convert the plaintext into a bit string Compute the XOR of these two strings, bit by bit The resulting ciphertext cannot be broken, because in a sufficiently large sample of ciphertext, each letter will occur equally often, as will every digram, every trigram, and so on

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

There is simply no information in the message because all possible plaintexts of the given length are equally likely. Pseudorandom Key stream A key stream is a stream of random or pseudorandom characters that are combined with a plaintext message to produce an encrypted message (the cipher text). The "characters" in the key stream can be bits, bytes, numbers or actual characters like A-Z depending on the usage case. Usually each character in the key stream is either added, subtracted or XO Red with a character in the plaintext to produce the cipher text, using modular arithmetic. Example Consider the English alphabet of 26 characters from a-z. we can not encrypt numbers, commas, spaces and other symbols. The random numbers in the key stream then have to be at least between 0 and 25. To encrypt we add the key stream numbers to the plaintext. And to decrypt we subtract the same keystream numbers from the cipher text to get the plaintext. If a cipher text number becomes larger than 25 we wrap it to a value between 025. Thus 26 becomes 0 and 27 becomes 1 and so on. (Such wrapping is called modular arithmetic.) Here the plaintext message "attack at dawn" is combined by addition with the keystream "kjcngmlhylyu" and produces the cipher text "kcvniwlabluh". Plaintext Plaintext as numbers Keystream Keystream numbers as a t t a c k a t d a w N

0 19 19 0 2 10 0 19 3 0 22 13 k j c n g m l h y l y U

10 9 2 13 6 12 11 7 24 11 24 20

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Ciphertext as numbers 10 28 21 13 8 22 11 26 27 11 46 33 Ciphertext as numbers 10 2 21 13 8 22 11 0 1 11 20 7 wrapped to 0-25 Ciphertext as text k c v n i w l a b l u H

One-Time Pads - The Vernam Cipher


The Vernam Cipher is a type of one-time pad devised by Gilbert Vernam for AT&T

Plaintext Numeric Equivalent + Random Number = Sum = mod 26 Ciphertext

V 21 76 97 19 t

E 4 48 52 0 a

R 17 16 33 7 h

N 13 82 95 17 r

A 0 44 44 18 s

M 12 3 15 15 p

C 2 58 60 8 i

I 8 11 19 19 t

P 15 60 75 23 x

H 7 5 12 12 m

E 4 47 51 25 z

R 17 88 105 1 b

Ciphertext - One-time pad = Difference = mod 26 Plaintext

t 76 -57 21 V

a 0 48 -48 4 E

h 7 16 -9 17 R

r 17 82 -65 13 N

s 18 44 -26 0 A

p 15 3 12 12 M

i 8 58 -50 2 C

t 19 11 8 8 I

x 23 60 -37 15 P

m 12 5 7 7 H

z 25 47 -22 4 E

b 1 88 -87 17 R

Numeric Equivalent 19

Disadvantages

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

The key cannot be memorized, both sender and receiver must carry a written copy with them Total amount of data can be transmitted is limited by the amount of key available Sensitive to lost or inserted characters Absolute synchronisation is between sender and receiver, otherwise, it fails completely to protect message integrity. Secret Key or Symmetric Key Cryptography With secret key cryptography, a single key is used for both encryption and decryption. The sender uses the key (or some set of rules) to encrypt the plaintext and sends the cipher text to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. It is shown in the following fig. The biggest difficulty with this approach, of course, is the distribution of the key.

Secret key cryptography schemes are generally categorized as being Stream ciphers or Block ciphers. Public-Key Cryptography Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met. The Basics of Cryptography 8

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

It is computationally infeasible to deduce the private key from the public key. Any one who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. It is shown in the following fig.

Exs of Symmetric Keys: Block Cipher A block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher might take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit block of cipher text. The exact transformation is controlled using a second input the secret key. Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of cipher text together with the secret key, and yields the original 128-bit block of plaintext. Mode of Operation Electronic codebook (ECB) Cipher-block chaining (CBC) Propagating cipher-block chaining (PCBC) Cipher feedback (CFB) Output feedback (OFB) Electronic codebook (ECB) The simplest of the encryption modes is the electronic codebook (ECB) mode. The message is divided into blocks and each block is encrypted separately.

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

10

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Stream Cipher A stream cipher is a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream (key stream), typically by an exclusive-or (xor) operation. In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption. An alternative name is a state cipher, as the encryption of each digit is dependent on the current state. In practice, the digits are typically single bits or bytes. Digital signatures A major benefit of public key cryptography is that it provides a method for employing digital signatures.

11

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Digital signatures enable the recipient of information to verify the authenticity of the informations origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.

Digital certificates
Definition A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a persons public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one persons key for another. Component of digital certificate A digital certificate consists of three things: A public key. Certificate information. (Identity information about the user, such as name, user ID, and so on.) One or more digital signatures. The purpose of the digital signature on a certificate is to state that the certificate information has been attested to by some other person or entity. A certificate is a form of credential.

12

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Examples

Certificate distribution
Certificates are utilized when its necessary to exchange public keys with someone else. For small groups of people who wish to communicate securely, it is easy to manually exchange diskettes or emails containing each owners public key. This is manual public key distribution.

Certificate servers
A certificate server, also called a cert server or a key server, is a database that allows users to submit and retrieve digital certificates. A cert server usually provides some administrative features that enable a company to maintain its security policiesfor example, allowing only those keys that meet certain requirements to be stored.

13

ITIS 3102 (Cryptography & Security Risk Management)

CHAPTER-1

Public Key Infrastructures


A PKI contains the certificate storage facilities of a certificate server, but also provides certificate management facilities (the ability to issue, revokes, store, retrieve, and trust certificates). A public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). For each user, the user identity, the public key, their binding, validity conditions and other attributes are made un forgeable in public key certificates issued by the CA. The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA. Text Book:
1) Brown 2) publisher) 3) Cryptography and Network Security : - William Starlling and Lawrie Introduction to cryptography : - Johannes A.Buchman (Springer Security+ Certification : Microsoft Press

Reference Book: 1)
Handbook of Applied Cryptography by A. Menezes, P. van Orschot, and S. Vanstone, CRC Press 2) Fundamental of Computer Security by Josef Pieprzyk, Thomas Hardjono, Jennifer Seberry 3) Cryptography and Practices by Stinson

e-brary Book
4) Innovative Cryptography by Moldovayan, Nick, Publisher- Course Technology 5) Information Assurance and Computer Security by Thomas, J.P, Essaaidi M. IOS Press.

14

You might also like