Network security --- cryptography

M.Ruksana Begum .M.Pravallika

II-C.S.E II-C.S.E
Bapatla Engineering College Bapatla Engineering College
. BAPATLA BAPATLA
rukku_dgreat@yahoo.co.in . pravallikadevanand@yahoo.com .

ABSTRACT:
Network Security is becoming more and more crucial as the volume of data
being exchanged on the Internet increases. Security is a broad topic and covers a multitude of
sins. Malicious people trying to gain some benefit, get attention or to harm someone intentionally
cause most security problems. Network security problems can be roughly divided into 4 closely
intertwined areas. They are,

Privacy:
. Privacy means that the sender and the receiver expect the confidentiality. The
Transmitted message should make sense to only the intended receiver. To all others the
message should be unintelligible.
Authentication:
Ensures that the sender and the receiver are who they are claiming to be
Data integrity:
Ensure that data is not changed from source to destination
Non-repudiation:
Ensures that the sender has strong evidence that the receiver has received the
message, and the receiver has strong evidence of the sender identity, strong enough such
that the sender cannot deny that it has sent the message and the receiver cannot deny that it
has received the message.
 Cryptography comes from Greek words for “Secret Writing”. It has a long and
colorful history going back thousands of years. It is one of the State-of-the-art in network
security. In network security it comes under Privacy .The concept of how to achieve
privacy has not changed for thousands of years, the message must be encrypted. That is, the
message must be rendered unintelligible to unauthorized parties. A good
Encryption/Decryption technique guarantees to some extent that a potential intruder (caves
dropper) cannot understand the contents of the message. There are two categories of
Encryption/Decryption methods

1.Secret Key Method

2. Public Key Method

Introduction:

As far as cryptography is concerned historically it was developed by four

groups of people had contributed to the growth of cryptography they are 1.The Military 2.
The diplomatic corps 3. Diarist’s 4.Lovers.Of these military had worked more on
cryptography In order to send secret message safely.
^
X
C r y p ta n a ly st
^
K R b

S ou rce A D e stin a tio n B

M essa g e
X E n c r y p tio n Y D ec r y p tio n
X
D estin a tio n
S ou rce A lg o r ith m A lg o r ith m

K U b K R b

K ey P a ir
S ou rce

F ig u r e 9 .2 P u b lic -K ey C r y p to sy stem : S ec r ec y
 The above fig shows the basic encryption/decryption model for public key. The message to
encrypt is known as plain text, are transformed by a function that is parameterized by a key.
The out put of encryption process, know as cipher text, is then transmitted, often by
messenger or radio. We assume that the enemy or intruder hears and accurately copies down
the complete cipher text. However, unlike the intended recipient, he does not know what the
decryption key is and so cannot decrypt cipher text easily. Sometimes the intruder cannot
only listen to the communication channel (Passive intruder) but can also record messages and
play them back later, inject his own messages or modify legitimate messages before they get
to the receiver (Active intruder). The art of breaking ciphers, called Cryptanalysis, and art of
devising them is collectively known as Cryptography.

Cryptographic Algorithms:
Cryptographic algorithms can implemented either hardware (for
speed), or in software (for flexibility). There are 3 classes of algorithms they are,
1. Symmetric (secret key) algorithms
2. Asymmetric (public key) algorithms
3. Hash function algorithm.
Symmetric (secret key) algorithm:
Examples are DES, 3DES algorithms.
DES ALGORITHM:
• Operates clear text in blocks of data
• 64 bits key length
• 16 sub keys derived from sub key for 16 rounds running
• Usually each block XORed with the previous block in chain mode.
• Cipher text has the same length as the clear text.

3DES ALGORITHM:
• 192bits key length
• 3-DES sized keys are derived from secret keys.
• Total 48 round running.
Advantages:
Ease for hardware implementations.
Disadvantages:
Vulnerable to powerful computing
Asymmetric (public key) Algorithms:
 • Examples of Asymmetric algorithms are RSA algorithm.

Features of RSA algorithm:

• Increase key length can increase security.
• Difficult to try the key for intruder.
• Provides the authentication and non-repudiation.
• Widely used in key exchange and digital signature.
Drawbacks:
• Difficult to implement in hardware.

Hash function:

Features:
• Variable length input, fixed length output
• Provides integrity check.

Requirements:
 • Can’t deduce input from output
• Can’t generate a given output
• Can’t find two inputs, which find same output.

Used to:
• Produce fixed length fingerprint of arbitrary length data.
• Produce data checksums to enable detection of modifications.
• Distill passwords down to fixed length encryption keys.
• Also called message digests or fingerprints.
So those are different algorithms used in cryptography and now we are
dealing with R.S.A algorithm, which comes under the asymmetric encryption/decryption.
The basic structure of the asymmetric algorithm is as follows,

Public Key Algorithm:

D (E (P)) =P.
It is exceedingly difficult to deduce D from E.
E cannot be broken by a chosen plaintext attack.
The first requirement says that if we apply D to an encrypted message E (P) we get the
original plaintext message P back. Without this property the legitimate receiver could not
decrypt the cipher text.
The second requirement speaks for itself. That is it is very difficult to deduce even the
intruder know the encryption key, to deduce the decryption key.
The third requirement is needed because, as we shall see in a moment, intruders may
experiment with the algorithm to their heart ‘s content. Under these conditions, there is no
reason that the encryption key made public. The encryption algorithm and the key are made
public, hence the name “ Public Key Cryptography “.

R.S.A Algorithm:
The R.S.A is known by the initials of the three discovers Rivest, Shamir
and Adleman (R.S.A). It has survived all attempts to break if for more than a quarter of a
century and it is consider very strong. The R.S.A method is based on some principles from
number theory. We will now summarize how to use the method,
 Use a random process to select two large prime numbers P and Q.
Compute M = P*Q. This number is called the modulus, and is made publicly available.
(RSA currently recommends a modulus that’s at least 768 bits long).
3. Compute T = (P-1)*(Q-1). Keep this number secret.
4. Randomly choose a public key E that has no factors in common with
T = (P-1)*(Q-1).
5. Compute a private key D so that E*D leaves a remainder of 1 when divided by T.
(We say E*D is congruent to 1 modulo T).
Note that D is easy to compute only if one knows the value of T. This is essentially the same
as knowing the values of P and Q.
If N is any number that is not divisible by M, then dividing NE*D by M and taking the
remainder yields the original value N.
This is a relatively deep mathematical theorem, which we can write as NE*D mod M = N. If
N is a numeric encoding of a block of plaintext, the cipher text is C = NE mod M.Then CD
mod M = (NE)D mod M =
NE*D mod M = N. Thus, we can recover the plaintext N with the private key D.
Multiplying P by Q is easy: the number of operations depends on the number of bits (number
of digits) in P and Q.

Example:
Multiplying two 384-bit numbers takes approximately
3842 = 147,456 bit operations
If one knows only M, finding P and Q is hard: in essence, the number of operations
depends on the value of M.
The simplest method for factoring a 768-bit number takes about 2384 ≈ 3.94 ✕10115 trial
divisions.
A more sophisticated methods takes about 285 ≈ 3.87 ✕ 1025 trial divisions.
A still more sophisticated method takes about 241 ≈ 219,000,000,000 trial divisions.
No one has found an really quick algorithm for factoring a large number M.

Digital signature:
 The idea is similar to the signing of a document. When we send a document
electronically we can also sign it. There we can sign whole document or a digest of a document.
Digital signature does not provide privacy. If there is a need for privacy another layer of
encryption or decryption must be applied. Digital signature cannot be achieved using secret key
encryption. Digital Signature provides Integrity, Authentication and Non-repudiation.

Signing the whole document:

Public key encryption can be used to sign a document. But, here the roles of
public and private keys are different. The sender uses the private key to encrypt (sign) the
message just as a person uses his signature to sign a paper document. The receiver on the other
hand uses the public key of the sender to decrypt the message.

Signing the digest:

 If we are sending a large message public key is inefficient to sign the entire
message. The solution is to let the sender sign a digest of the document instead of a whole
document. The sender creates a miniature version of the document and signs it. To create a digest
of a message, we use a hash function. The hash function creates a fixed size digest from a
variable length message. After digest has been created it is encrypted using the sender’s private
key. The encrypted digest is attached to original message and sent to receiver. The receiver
receives the original message and the encrypted digest and separates the two. The receiver
applies the same hash function to the message to create a second digest. The receiver also
decrypts the received digest using the public key of the sender. If the two digests are the same,
all three aspects of security are preserved.

Conclusion:
As the proverb says that “ Even a crow can peck an elephant which is stuck in the
mud”. Even though we are providing high security by cryptography there are many pitfalls in it
also. Nothing in the world is 100% secured. Cryptography is one of the way to provide network
security but it is not only the path to achieve network security.