Chapter I
Chapter I
Chapter I
CHAPTER-1
Cryptography is the art of secret writing i.e. the art of ensuring that messages are secure from those recipients to whom it is not addressed. The science of using mathematics to encrypt and decrypt DATA. The simplified model of conventional encryption is given below Plaintext Input Encryption Algorithm Decryption Algorithm Plaintext Input
Secret Key
Data that can be read and understood without any special measures is called plaintext or clear text. Cipher text & Encryption The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called cipher text. Decryption The process of reverting cipher text to its original plaintext is called decryption THE PURPOSE OF CRYPTOGRAPHY In data and telecommunications, cryptography is necessary when communicating over any un trusted medium, which includes just about any network, particularly the Internet. Within the context of any application-to-application communication, there are some specific security requirements, including:
Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) The verification of data integrity and data origin
CHAPTER-1
Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.
TYPE OF CRYPTOSYSTEM There are, in general, three types of cryptographic schemes typically used to accomplish these goals:
Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information
The initial unencrypted data is referred to as plaintext. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext.
FIGURE 1: Three types of cryptography: secret-key, public key, and hash function.
CHAPTER-1
Classic Ciphers Substitution ciphers: one letter is exchanged for another Transposition ciphers: order of letters is rearranged Substitution Cipher(Caesar Cipher) Each letter is replaced by another letter The key k is a number in the range 1 25 e.g. Caesar ciphercircularly shift by 3 letters a -> D, b -> E, z -> C more generally, shift by k letters, k is the key
CHAPTER-1
Caesar Cipher It is monoalphabetic cipher uses addition modulo 26 Each letter is identified with a number: So, the general Caesar Cipher is Ci = Ek(Mi) = E(k,Mi) = (Mi+k) mod 26 Mi = Dk(Ci) = D(k,Ci) = (Ci-k) mod 26 For example: Plaintext: treaty impossible Key 3 Ciphertext: wuhdwb lpsrvvleoh That is, Ci=E[3, Mi]=Mi+3 mod 26 Plain text : meet me after the party Cipher text : PHHW PH DIWHU WKH SDUWB
Substitution Cipher (Tap Code) Each letter is replaced by a number of beeps
CHAPTER-1
One-Time Pads
One-time pads: construct an unbreakable cipher Choose a random bit string as the key Convert the plaintext into a bit string Compute the XOR of these two strings, bit by bit The resulting ciphertext cannot be broken, because in a sufficiently large sample of ciphertext, each letter will occur equally often, as will every digram, every trigram, and so on
CHAPTER-1
There is simply no information in the message because all possible plaintexts of the given length are equally likely. Pseudorandom Key stream A key stream is a stream of random or pseudorandom characters that are combined with a plaintext message to produce an encrypted message (the cipher text). The "characters" in the key stream can be bits, bytes, numbers or actual characters like A-Z depending on the usage case. Usually each character in the key stream is either added, subtracted or XO Red with a character in the plaintext to produce the cipher text, using modular arithmetic. Example Consider the English alphabet of 26 characters from a-z. we can not encrypt numbers, commas, spaces and other symbols. The random numbers in the key stream then have to be at least between 0 and 25. To encrypt we add the key stream numbers to the plaintext. And to decrypt we subtract the same keystream numbers from the cipher text to get the plaintext. If a cipher text number becomes larger than 25 we wrap it to a value between 025. Thus 26 becomes 0 and 27 becomes 1 and so on. (Such wrapping is called modular arithmetic.) Here the plaintext message "attack at dawn" is combined by addition with the keystream "kjcngmlhylyu" and produces the cipher text "kcvniwlabluh". Plaintext Plaintext as numbers Keystream Keystream numbers as a t t a c k a t d a w N
0 19 19 0 2 10 0 19 3 0 22 13 k j c n g m l h y l y U
10 9 2 13 6 12 11 7 24 11 24 20
CHAPTER-1
V 21 76 97 19 t
E 4 48 52 0 a
R 17 16 33 7 h
N 13 82 95 17 r
A 0 44 44 18 s
M 12 3 15 15 p
C 2 58 60 8 i
I 8 11 19 19 t
P 15 60 75 23 x
H 7 5 12 12 m
E 4 47 51 25 z
R 17 88 105 1 b
t 76 -57 21 V
a 0 48 -48 4 E
h 7 16 -9 17 R
r 17 82 -65 13 N
s 18 44 -26 0 A
p 15 3 12 12 M
i 8 58 -50 2 C
t 19 11 8 8 I
x 23 60 -37 15 P
m 12 5 7 7 H
z 25 47 -22 4 E
b 1 88 -87 17 R
Numeric Equivalent 19
Disadvantages
CHAPTER-1
The key cannot be memorized, both sender and receiver must carry a written copy with them Total amount of data can be transmitted is limited by the amount of key available Sensitive to lost or inserted characters Absolute synchronisation is between sender and receiver, otherwise, it fails completely to protect message integrity. Secret Key or Symmetric Key Cryptography With secret key cryptography, a single key is used for both encryption and decryption. The sender uses the key (or some set of rules) to encrypt the plaintext and sends the cipher text to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. It is shown in the following fig. The biggest difficulty with this approach, of course, is the distribution of the key.
Secret key cryptography schemes are generally categorized as being Stream ciphers or Block ciphers. Public-Key Cryptography Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met. The Basics of Cryptography 8
CHAPTER-1
It is computationally infeasible to deduce the private key from the public key. Any one who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. It is shown in the following fig.
Exs of Symmetric Keys: Block Cipher A block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher might take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit block of cipher text. The exact transformation is controlled using a second input the secret key. Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of cipher text together with the secret key, and yields the original 128-bit block of plaintext. Mode of Operation Electronic codebook (ECB) Cipher-block chaining (CBC) Propagating cipher-block chaining (PCBC) Cipher feedback (CFB) Output feedback (OFB) Electronic codebook (ECB) The simplest of the encryption modes is the electronic codebook (ECB) mode. The message is divided into blocks and each block is encrypted separately.
CHAPTER-1
10
CHAPTER-1
Stream Cipher A stream cipher is a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream (key stream), typically by an exclusive-or (xor) operation. In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption. An alternative name is a state cipher, as the encryption of each digit is dependent on the current state. In practice, the digits are typically single bits or bytes. Digital signatures A major benefit of public key cryptography is that it provides a method for employing digital signatures.
11
CHAPTER-1
Digital signatures enable the recipient of information to verify the authenticity of the informations origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.
Digital certificates
Definition A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a persons public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one persons key for another. Component of digital certificate A digital certificate consists of three things: A public key. Certificate information. (Identity information about the user, such as name, user ID, and so on.) One or more digital signatures. The purpose of the digital signature on a certificate is to state that the certificate information has been attested to by some other person or entity. A certificate is a form of credential.
12
CHAPTER-1
Examples
Certificate distribution
Certificates are utilized when its necessary to exchange public keys with someone else. For small groups of people who wish to communicate securely, it is easy to manually exchange diskettes or emails containing each owners public key. This is manual public key distribution.
Certificate servers
A certificate server, also called a cert server or a key server, is a database that allows users to submit and retrieve digital certificates. A cert server usually provides some administrative features that enable a company to maintain its security policiesfor example, allowing only those keys that meet certain requirements to be stored.
13
CHAPTER-1
Reference Book: 1)
Handbook of Applied Cryptography by A. Menezes, P. van Orschot, and S. Vanstone, CRC Press 2) Fundamental of Computer Security by Josef Pieprzyk, Thomas Hardjono, Jennifer Seberry 3) Cryptography and Practices by Stinson
e-brary Book
4) Innovative Cryptography by Moldovayan, Nick, Publisher- Course Technology 5) Information Assurance and Computer Security by Thomas, J.P, Essaaidi M. IOS Press.
14