0%(1)0% нашли этот документ полезным (1 голос)

44 просмотров37 страницcryptographyyy

Apr 24, 2015

© © All Rights Reserved

DOC, PDF, TXT или читайте онлайн в Scribd

cryptographyyy

© All Rights Reserved

0%(1)0% нашли этот документ полезным (1 голос)

44 просмотров37 страницcryptographyyy

© All Rights Reserved

Вы находитесь на странице: 1из 37

SEMINAR

REPORT

ON

ABSTRACT

TheDirectData.com

Page 1

Cryptography

two major changes in the last several decades. Before the widespread use of data

processing equipment, the security of information felt to be valuable to an organization was

provided primarily by physical and administrative means. An example of the former is the

use of rugged filing cabinets with a combination lock for storing sensitive documents. An

example of the latter is personnel screening procedures used during the hiring process.

With the introduction of computer, the need for automated tools for protecting files and

other information stored on the computer became evident. This is especially the case for a

shared system, such as a time-sharing system, and the need is even more acute for system

that can be accessed over public telephone network, data network, or the Internet. The

generic name for the collection of the tools designed to protect data and to thwart hackers is

computer security.

The second major change that affected security is the introduction of distributed system and

the use of network and communication facilities for carrying data between terminal user

and computer and between computer and computer. Network security measure are needed

to protect data during their transmission. In fact, the term network security is somewhat

misleading, because virtually all business, government, and academic organization

interconnect their data processing equipment with a collection of interconnected networks.

Such a collection is often referred to as an internet, and the term internet security is used.

There are no clear boundaries between these two forms of security. For example, one of the

most publicized types of attack on information system is the computer virus. A virus may

be introduced into a system physically when it arrives on a diskette and is subsequently

loaded onto a computer. Viruses may also arrive over an internet. In either case, once the

virus is resident on a computer security tools are needed to detect and recover from the

virus

Cryptography is the study of mathematical techniques related to aspects of information

security, such as confidentially or privacy ,data integrity and entity authentication.

Cryptography is not only means of providing information security, but rather one set of

techniques. Confidentially means keeping information secret from all but those who

authorized to see it. Data integrity means ensuring information has not been altered by

unauthorized or unknown means. Entity authentication means corroboration of the identify

of an entity.

There are some characteristics of cryptographic algorithm. They are level security,

performance , and ease of implementation. Level security defined by an upper bound on the

among of work necessary to defeat the objective. Performance refers to the efficiency of an

TheDirectData.com

Page 2

Cryptography

algorithm in a particular mode of an operation. Ease of implementation refers to the

difficulty of realizing the algorithm in practical implementation.

There are several aspects of security. They are security service, security mechanism, and

security attack. Security service means a service that enhances the security of the data

processing system and information transfers of an organization.

Security mechanism

means that is designed to detect, prevent, or recover from a security attacks. Security attack

means any action that compromises the security of information owned by an organization.

Encryption means the process of converting from plaintext to ciphertext. A key is a piece

of information , usually a number that allows a receiver. Another key also allows a receiver

to decode messages sent to him or her. There are some types of encryption. They are

classical techniques, modern techniques, and public-key encryption. In Classical techniques

there are substitution techniques and transposition techniques. In substitution techniques

there are Caesar cipher, monoalphabetic cipher and polyalphabetic cipher. In Modern

techniques there are block cipher , stream cipher and DES algorithm. In Public-key

encryption the RSA algorithm is there.

Cryptography has provided us with Digital Signatures that resemble in functionality the

hand-written signature and Digital Certificates that related to an ID -card or some other

official documents. There are some application of cryptography. They are secure

communication, identification, secret sharing, electronic commerce, key recovery and

remote access.

Modern cryptography provides essential techniques for securing information and

protecting data.

INDEX

Sr.no

Subject

Introduction

TheDirectData.com

Page.no.

1

Page 3

Cryptography

2

3

4

5

6

7

8

9

10

11

Definition of cryptography

Categories of cryptographic algorithm

Related Terms of cryptography

Goals of cryptography

Characteristics of cryptography

Aspects of Security

The OSI security Architecture

Model For Network Security

Simplified Model Of Conventional Encryption

Classical Encryption Technique

11.1

11.1

12

Substitution Technique

Technique Transposition

Modern Technique

12.1

12.2

12.3

13

15

Diffusion & Confusion

DES Algorithm

Public-Key Encryption

13.1

13.2

13.3

13.4

13.5

13.6

14

1

1

2

2

3

4

5

9

11

13

19

Public-Key cryptosystem

Public-Key cryptosystem : Secrecy

Public-Key cryptosystem : Authentication

Public-Key cryptosystem : Secrecy & Authentication

RSA Algorithm

28

14.1

ClassicSys as a standard

14.2

Advantages & Benefits For END-USER

14.3

Advantages & Benefits For Authority

14.4

Technical Advantages & Benefits

15

Comparison between DES, RSA, & SED Algorithm 30

16

17

Application Of Cryptography

Conclusion

31

32

INTRODUCTION

Due to the rapid growth of digital communication and electronic data exchange information

security has become a crucial issue in industry, business and administration. Assume a

sender referred to here and in what follows as Alice (is commonly used) wants to send a

TheDirectData.com

Page 4

Cryptography

message m to a receiver referred to as Bob. She uses an insecure communication channel.

For example, the channel could be a computer network or a telephone line. There is a

problem if the message contains confidential information. The message could be

intercepted and read by eavesdropper. Or even worse, some might be able to modify the

message during transmission, so Bob does not detect the manipulation.

Cryptography has provided us with digital signature that resemble in functionality the

hand-written signature and digital certificates that related to an ID CARD or other official

documents. Modern cryptography provides essential techniques for securing information

and protecting data.

Definition of cryptography

Cryptography is the study of mathematical techniques related to aspects of information

security, such as confidentially or privacy, data integrity and entity authentication.

Cryptography is not the only means of providing information security, but rather one set of

techniques.

There are main two types of cryptographic algorithm.

1: - Symmetric key

2: - Asymmetric key

Symmetric key

A secret piece of information used to encrypt or decrypt the message.

If a key is secret, than nobody other than sender or receiver can read

the

message

private

can

If Alice and bank each has secret key, than they may send each other

message.

The task of privately choosing a key before communication, however

be problematic.

Asymmetric key

TheDirectData.com

Page 5

Cryptography

Solves the key exchange problem by defining an algorithm which uses

two keys, each of which can be use to encrypt the message.

decrypt it.

one

key (public key) and keeping another secret (private key).

Any one may encrypt a message using public key, but only the owner

of

the public key is able to read it.

In this way Alice may send private message to owner of a key-pair (the

bank) by encrypting it using their public-key. Only bank can decrypt it.

Related Terms

Plaintext: - An original intelligible message or data that is fed into the algorithm as

input.

Cipher text: - The coded message is known as Cipher text. That is depends on plaintext

and secret key.

Encryption: - The process of converting from plaintext to cipher text that is known as

Encryption.

Decryption: - Restoring the plaintext from cipher text that is known as Decryption.

Cryptography: - The many schemes used for enciphering constitute the area of study

known as Cryptography. Such as a scheme is known as Cryptographic system or Cipher.

enciphering details fall into the area of Cryptanalysis.

Cryptanalysis is what the layperson calls 'Breaking The Code '.

Cryptology:

Cryptology.

Goals of cryptography

The main goals of cryptography are

1: - Confidentially or privacy

2: - Data integrity

3: - Authentication

TheDirectData.com

Page 6

Cryptography

4: - Non-repudiation

1) Confidentially or Privacy: Keeping information secret from all, but those who are authorized to see it. Confidentially

is the protection of transmitted data from passive attacks. With respect to the content of

data transmission, several levels of protection can be identified. The broadest service

protects all user data transmitted between two users over a period of time.

The aspect of Confidentially is the protection of traffic flow from analysis. This requires

that an attacker not be able to observe to source and destination, frequency, length or any

other characteristics of the traffic on a communication facility.

2) Data Integrity: Ensuring the information has not been altered by unauthorized or unknown means. One

must have the ability to detect data manipulation by unauthorized parties. Data

manipulation includes such things as insertion, deletion, and substitution

identification. This function applies to both entities and information.

4) Non-repudiation: Non-repudiation prevents either sender or receiver from denying a message. Thus, when a

message is sent, the receiver can prove that the message was in fact send by the alleged

sender. Similarly, when a message is received, the sender can prove the alleged receiver in

fact received that message.

The main characteristics of cryptographic algorithm are

1: - Level of security

2: - Performance

3: - Ease of implementation

1)

Level Of Security: -

Typically the level of security is defined by an upper bound on the among of work

necessary to defeat the objective. This is sometimes called the 'Work Factor'.

TheDirectData.com

Page 7

Cryptography

Work Factor could be defined as the minimum amount of work required to compete the

private key when given the public key, or in the case of the symmetric key scheme to

determine the secret key.

A functionality algorithm will need to be combined to meet various information security

objectives. Which algorithm is most effective for the given objective, will be d

determined by the basic properties of the algorithm.

The methods of operations algorithm when applied in various ways and with various inputs

will typically exhibit different characteristics. Thus, one algorithm could provide very

different functionality depending on its mode of operation or usage.

2) Performance :Performance refers to the efficiency of an algorithm in a particular mode of operation . For

example, the number of bits/sec at which it can encrypt may rate an encryption algorithm.

3) Ease Of Implementation :This refers to the difficulty of realizing the algorithm in a practical instantiation, and might

include the complexity of implementing in an either software or a hardware environment.

The relative importance of various criteria depends to a large extent on the application and

resources available. For example, in an environment where computing power is limited ,

one may have to trade off very high level of security for better system performance.

Aspects Of Security

To assess the security needs, of an organization effectively and choose various security

products and policies, the manager responsible for security needs some systematic way of

defining the requirements for security and characterizing the approaches to satisfied those

requirements. One approach is to consider three aspects of information security.

1)

Security attack

2)

Security mechanism

3)

Security service

1)

Security Attack: -

2)

Security Mechanism: -

3)

Security Services: -

TheDirectData.com

Page 8

Cryptography

A service that enhances the security of the data processing system and the information

transfers of an organization. The services are intended to counter security attacks, and they

make use of one or more security mechanism to provide the service.

To assess the security needs, of an organization effectively and choose various security

products and policies, the manager responsible for security needs some systematic way of

defining the requirements for security and characterizing the approaches to satisfied those

requirements. This is difficult enough in a centralized data-processing environment; with

the use of local area and wide area network, the problems are compounded.

ITU-T (The International Telecommunication Union (ITU) Telecommunication

Standardization Sector (ITU-T) United Nation (UN) -sponsored agency that develops

standard, called Recommendations, relating to telecommunication and to Open System

Interconnection (OSI)) Recommendations X.800, security Architecture for OSI, defines

such a systematic approach. The OSI security architecture is useful to managers as way of

organization the task of providing security. Further more, because this architecture was

developed as international standards, computer and communications vendors have

developed security feature for their products and services that relate to this structured

definition of services and mechanisms.

Security Services: X.800 defines a security service as a service provided by a protocol layer of

communication open system, which ensures adequate security of the system or of data

transfers.

X.800 divides these services into five categories and fourteen specific services.

1)

2)

3)

4)

5)

Authentication

Access Control

Data confidentially or Privacy

Data integrity

Non- reputation

1)

Authentication: -

defined in the standard.

TheDirectData.com

Page 9

Cryptography

Used in association with a logical connection to provide confidence in the identity of the

entities connected.

In connection less transfer, provides assurance that the source of received data is as

claimed.

2)

Access Control: -

In the context of network security, access control is the ability to limit and control the

access to host system and application via communication links. To achieve this, each entity

trying to gain access must first be identified, or authenticated, so that access rights can be

tailored to the individual.

3)

confidentially are

Connection Confidentially: -

Connectionless Confidentially: -

The confidentially of selected fields within the user data on a connection or in a single data

book.

The protection of information that might be derived from observation of traffic flow.

4)

Data Integrity: -

The assurance that data received is exactly as sent by an authorized entity. That means no

modification insertion, deletion or replay. There are five types of specific services.

TheDirectData.com

Page 10

Cryptography

Provides for the integrity of all user data on a connection and detects any modification,

insertion, deletion or reply-of any data within an entries data sequence, with recovery

attempted.

Provides for the integrity of selected fields within the user data of a data block transferred

over a connection and takes the form of determination of whether the selected fields have

been modified, inserted, deleted or replayed.

Connectionless Integrity: -

Provides for the integrity of a single connectionless data block and may take the form of

detection of data modification. Additionally, a limited form of replay detection may be

provided.

Provides for the integrity of selected fields within a single connectionless data block; takes

the form of determination of a whether the selected field have been modified.

5)

Non-repudiation: -

having participated in all or part of the communication. There are two types of specific

services in Non-repudiation.

Non-repudiation, origin: -

Non-repudiation, Destination: -

Security mechanism: As can be seen the mechanism are divided into those that are implemented in a specific

protocol layer and those that are not specific to any particular protocol layer or security

service. X.800 distinguishes between reversible encipherment mechanism is simply an

TheDirectData.com

Page 11

Cryptography

encryption algorithm that allows the data to be encrypted and subsequently decrypted.

Irreversible encipherment mechanism includes hash algorithm and used in digital signature

and message authentication application.

Security Attacks: A useful means of classifying security attacks, used in x.800, is in term of passive attacks

and active attacks. A passive attack attempts to learn or make use of information from the

system but does not affect system resources. An active attack attempts to alter system

resources or affect their operation.

Passive Attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The

goal of the opponent is to obtain information that is being transmitted. Two types of passive

attacks are release of message contents and traffic analysis.

The release of message contents is easily understood. A telephone conversation, an

electronic mail message, and transferred file may contain sensitive or confidential

information. We would like to prevent the opponent from learning the contents of these

transmissions.

A second type of passive attacks, traffic analysis, is subtler. Suppose that we had a way of

masking the contents of messages or other information traffic so that opponents, even if

they captured the message, could not extract the information from the message. The

common technique of masking contents is encryption. If we had encryption protection in

place, an opponent might still be able to obverse the pattern of these messages. The

opponent could determine the location and identity of communicating hosts and could

observe the frequency and length of messages being exchanged. This information might be

useful in guessing the nature of the communication that was taking place.

Passive attacks are very difficult to detect because they do not involve any alteration of the

data. How ever, it is feasible to prevent the success of these attacks, usually by means of

encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather then

detection.

Active Attacks: Active attacks involve some modification of the data stream or the creation of a false

stream and can be subdivided into four categories: masquerade, replay modification of

messages, and denial of service.

A masquerade takes place when one entity pretends to be a different entity. A masquerade

attack usually includes one of the other forms of active attack.

TheDirectData.com

Page 12

Cryptography

Replay involves the passive capture of a data unit and it's subsequent retransmission to

produce an unauthorized effect.

Modification of messages simply means that some portion of a legitimate message is

altered, or that messages are delayed or reordered to produce an unauthorized effect. For

example, a message meaning "Allow John Smith to read confidential file accounts" is

modified to mean "Allow Fred Brown to read confidential file accounts".

The denial of service prevents or inhibits the normal use or management of

communication facilities. This attack may have a special target; for example an entity may

suppress all messages directed to particular destination. Another form service denial is the

disruption of an entire network, either by disabling the network or by overloading it with

messages so as to degrade performance.

Active attacks present the opposite characteristics of passive attack where as passive

attacks are difficult to detect, measures are available to prevent their success. On other hand

it is quit difficult to prevent active attacks absolutely, because to do so would require

physical protection of all communications facilities and paths at all times. Instead, the goal

is to detect than to recover from any disruption or delays caused by them. Because the

detection as a deterrent effect, it may also contribute to prevention.

A Model For Network Security: A model for much of what we will be discussing is captured, in very general terms, in

figure. A message is to be transferred from one party to another across some sort of

Internet. The two parties, who are the principals in this transaction, must cooperate for the

exchange to take place. A logical information channel is established by defining a route

through the Internet from source to destination and by the cooperative use of

communication protocol (e.g., TCP/IP) by the two principles.

Security aspects come in to play when it is necessary or desirable to protect the information

transmission from an opponent who may present a threat to confidentiality, authenticity,

and so on. All the techniques for providing security have to components:

include the encryption of the message, which scrambles the message so that it is unreadable

by the opponent, and the addition of a code based on the contents of the message, which

can be used to verify the identity of the sender.

TheDirectData.com

Page 13

Cryptography

unknown to the opponent. An example is an encryption key used in conjunction with the

transformation to scramble the message before transmission and unscramble it on

reception.

A trusted third party may be needed to achieve secure transmission. For example, a third

party may be responsible for distributing the secret information to the two principals while

keeping it from any opponent. Or a third party may be needed to arbitrate disputes between

the two principals concerning the authenticity of a message transmission.

This general model shows that there are four basic tasks in designing a particular security

service:

algorithm should be such that an opponent cannot defeat its purpose.

Develop methods for the distribution and sharing of the secret information.

Specify of protocol to be used by the two principals that makes use of the

security algorithm and secret information to achieve a particular security service.

However, there are other security related situations of interest that do not neatly fit this

model but that are considered here. A general model of this other situation illustrated by

figure, which reflects concern for protecting an information system from unwanted access.

Most readers are familiar with the concerns caused by the existence of hackers, who

attempt to penetrate systems that can be accessed over a network. The hacker can be some

one who, with no malign intent, simply get satisfaction from breaking and entering a

computer system. Or, the intruder can be a disgruntled employee who wishes to do damage,

or a criminal who seeks to exploit computer assets for financial gain (e.g., obtaining credit

card numbers or performing illegal money transfers)

Another type of unwanted access is the placement in a computer system of logic that

exploits vulnerabilities in the system and that can affect application program as well as

utility programs such as editor and compilers. Programs can present two kinds of threats:

TheDirectData.com

Page 14

Cryptography

should not have access to that data.

users

Viruses and worms are two examples of software attacks. Such attacks can be

introduced into a system by means of a disk that contain unwanted logic concealed in

otherwise useful software.

The security mechanism needed to coped with unwanted access fall into two broad

categories. The first categories might be termed a gatekeeper function. It includes

password-based login procedures that are designed to deny access to all but authorized user

and screening logic that is designed to detect and reject worms, viruses, and other similar

attacks. Once is gained, by either an unwanted users or unwanted software, the second line

of defense consists of a variety of internal controls that monitor activity and analyze stored

information in an attempt to detect the presence of unwanted intruders.

Simplified Model of Conventional Encryption: There are two requirements for secure use of conventional encryption:

algorithm to be such that an opponent who knows the algorithm and has access to one or

more cipher text would be unable to decipher the cipher text or figure out the key. This

requirement is usually stated in a stronger form : The opponent should be unable to decrypt

cipher text or discover the key even if he or she is in possession of a number of cipher texts

together with the plaintext that produced each cipher text.

Sender and receiver must have obtained copies of the secret key in a secure

fashion and must keep the key secure. If some one can discover the key and knows the

algorithm, all communication using this key is readable.

We assume that it is impractical to decrypt a message on the basis of the cipher text

plus knowledge of the encryption/decryption algorithm. In other words we do not

TheDirectData.com

Page 15

Cryptography

need to keep the algorithm secret; we need to keep only the key secret.

This feature of symmetric encryption is what makes it feasible for widespread use. The fact

that the algorithm need not be kept secret means that manufacturers can end has developed

low-cost chip implementations of data encryption algorithms. These chips are widely

available and incorporated into a number of products. With the use of symmetric

encryption, the principal security problem is maintaining the secrecy of the key.

Secret key shared by

sender & receiver.

sender & receiver.

Transmitte

d

cipher

Plaintext

Input

Plaintext

Output

Encryption

Algorithm

Decryption

Algorithm

The type of operations used for transforming plain text to cipher text. All

encryption algorithms are based on two general principles: substitution, in which each

element in the plaintext (bit, letter, group of bits or letters) is mapped in to another element,

and transposition, in which elements in the plaintext are rearranged. The fundamental

requirement is that no information be lost. Most systems, referred to as product systems,

involve multiple stages of substitutions and transpositions.

The number of keys used. If both sender and receiver use the same key, the

system is referred to as symmetric, single-key, secret-key, or conventional encryption. If

the sender and receiver each use a different key, the system is referred to as asymmetric,

two-key, or public-key encryption.

TheDirectData.com

Page 16

Cryptography

The way in which the plaintext is processed. A block cipher processes the

input one block of elements at a time, producing an output block for each input block. A

stream cipher processed the input elements continuously, producing output one element at a

time, as it goes along.

Cryptanalysis: There are two general approaches to attacking a conventional encryption scheme:

Cryptanalysis: -

Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of

the general characteristics of the plaintext or even some sample plaintext-cipher text pairs.

This type of attack exploits the characteristics of the algorithm to attempt to deduce a

specific plaintext or to deduce the key being used. If the attack succeeds in deducing the

key, the effect is catastrophic: All future and past messages encrypted with that key are

compromised.

Brute-force attack: -

The attacker tries every possible key on a piece of cipher text until an intelligible

translation into plaintext is obtained. On average, half of all possible keys must be tried to

achieve success.

Classical Encryption Techniques: A study of these techniques unable us to illustrate the basic approaches to symmetric

encryption used today and the types of cryptanalytic that must be anticipated.

The two basic building blocks of all encryption techniques are substitution and

transposition. We examine these in the next two sections. Finally, we discuss a system that

combines both substitution and transposition.

Substitution Techniques: A substitution technique is one in which the letters of plaintext are replaced by other letters

or by numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution

involves replacing plaintext bit patterns with cipher text bit patterns.

Caesar Cipher: -

The earliest known use of a substitution cipher, and the simplest, was by Julius Caesar. The

Caesar cipher involves replacing each letter of the alphabet with the letter standing three

places further down the alphabet. For example

TheDirectData.com

Page 17

Cryptography

Plain: meet me after the toga party

Cipher: PHHW PH DIWHU WKH WRJD SDUWB

Note that the alphabet is wrapped around, so that the latter following Z is

A. We can define the transformation by listing all possibilities, as follow:

Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z

Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Let us assign a numeric equivalent to each letter:

Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the

cipher letter C:

C = E (p) = (P+3) mod (26)

A shift may be of any amount, so that the general Caesar algorithm is

C = E (p) = (p+k) mod (26)

Where k takes on a value in the range 1 to 25. The decryption algorithm is simply

P = D(C) = (C-k) mod (26)

Transposition Techniques: All the techniques examined so far involve the substitution of a cipher text symbol for a

plaintext symbol. A very different kind of mapping is achieved by performing some sort of

permutation on the plaintext letters. This technique is referred to as a transposition cipher.

The simplest such cipher is the rail fence technique, in which the plaintext is written down

as a sequence of diagonals and then read off as a sequence of rows. For, example, to

encipher the message " meet me after the toga party " with a rail fence of depth 2, we write

the following.

Mematrhtgpry

Etefeteoaat

The encrypted message is

MEMATRHTGPRYETEFETEOAAT

This sort of thing would be trivial to crypt analyze. A more complex scheme is to write the

messages in a rectangle, row by row, and read the message off, column by column, but

permute the order of the columns. The order of the columns then becomes, the key to the

algorithm. For example,

Key:

4312567

Plaintext:

at ta ckp

os t p on e

du n t I l t

woa m x y z

Cipher text:

TheDirectData.com

TTNAAPTMTSUOAODWCOIXKNLYPETZ

Page 18

Cryptography

A pure transposition cipher is easily recognized because it has the same letter frequencies

as the original plaintext. For the type of columnar transposition just shown, cryptanalysis is

fairly straightforward and involves laying out the cipher text in a matrix and playing around

with column positions. Digram and trigram frequency tables can be useful.

The transposition cipher can be made significantly more secure by performing more than

one stage of transposition. The result is a more complex permutation that is not easily

reconstructed. Thus, if the foregoing message is re-encrypted using the algorithm.

Key:

4 3 1 2 5 6 7

Input:

t t n a a p t

m t s u o a o

d w c o I x k

n l y p e t z

Output:

NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Modern Techniques: Virtually all-symmetric block encryption algorithm in current use is based on a structure

referred to as a Feistel block cipher. We begin with a comparison of stream ciphers and

block ciphers.

Stream ciphers: A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.

Example of classical stream ciphers is auto keyed Vigenere cipher and the Vernam cipher.

Block ciphers: A block cipher is one in which a block of plaintext is treated as a whole and used to

produced a cipher text block of equal length. Typically, a block size of 64 or 128 bits is

used. Using some of the modes of operation explained later in this chapter, a block cipher

can be used to achieve the same effect as a stream cipher. Far more effort has gone into

analyzing block ciphers. In general, they seem applicable to a broader range of applications

than stream ciphers. The vast majority of network-based symmetric cryptographic

applications make use of block ciphers.

Diffusion and Confusion: The terms diffusion and confusion were introduced by Claude Shannon to capture the two

basic building blocks for any cryptographic system. Shannon's concern was to thwart

cryptanalysis based on statistical analysis. The reasoning is as follows. Assume the attacker

has some knowledge of the statistical characteristics of the plaintext. For example, in a

TheDirectData.com

Page 19

Cryptography

human -readable message in some language, the frequency distribution of the various

letters may be known. Or there may be words or phrases likely to appear in the message. If

these statistics are in any way reflected in the cipher text, the cryptanalyst may be able to

deduce the encryption key, or part of the key, or at least a set of keys likely to contain the

exact key.

Other than recourse to ideal systems, Shannon suggests two methods for frustrating

statistical cryptanalysis: diffusion and confusion. In diffusion, the statistical structure of the

plaintext is dissipated into long-range statistics of the cipher text. This is achieved by

having each plaintext digit affect the value of many cipher text digits, which is equivalent

to saying that ciphertext digit is affected by many plaintext digits. An example of diffusion

is to encrypt a message M = m1, m2, m3, of characters with an averaging operation :

k

Yn = mn + i (mod 26)

i=1

Adding k successive letters to get a ciphertext letter Yn. One can show that the statistical

structure of the plaintext has been dissipated. Thus the letter frequencies in the ciphertext

will be more nearly equal than in the plaintext; the Digram frequencies will also be more

nearly equal, and so on. In a binary block cipher, diffusion can be achieved by repeatedly

performing some permutation of the sata followed by applying a function to that

permutation; the effect is that bits from different positions in the original plaintext

contribute to a single bit of ciphertext.

Every block cipher involves a transformation of a block of plaintext into a block of

ciphertext, where the transformation depends on the key. The mechanism of diffusion seeks

to make the statistical relationship between the plaintext and ciphertext as complex as

possible in order to thwart attempts to deduce that key. On the other hand, confusion seeks

to make the relationship between the statistics of the ciphertext and the value of the

encryption key as complex as possible, again to thwart attempts to discover the key. Thus,

even if the attacker can get some handle on the statistics of the ciphertext, where the

transformation depends on the key. The mechanism of diffusion seeks to make the

statistical relationship between the plaintext and ciphertext as complex as possible in order

to thwart attempts to deduce that key. On the other hand, confusion seeks to make the

relationship between the statistics of the ciphertext and the value of the encryption key as

complex as possible, again to thwart attempts to discover the key. Thus, even if the attacker

can get some handle on the statistics of this, as Federal Information Processing Standards

46 (FIPS pub 46). The algorithm itself is referred to as the Data Encryption Algorithm

(DEA). For EDS, data are encrypted in 640bit blocks using a 56-bit key. The algorithm

transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with the

same key, are used to reverse the encryption.

The DES enjoys widespread use. It has also been the subject of much controversy

concerning how secure the DES is,. To appreciate the nature of the controversy, let us

quickly review the history of the DES.

TheDirectData.com

Page 20

Cryptography

In the late 1960s, IBM set up a research project in computer cryptography led by Horst

Feistel. The project concluded in 1971 with the development of an algorithm with the

designation LUCIFER (FEIS73), which was sold to Lloyd's of London for use in a cashdispensing system, also developed by IBM LUCIFER is a Feistel block cipher that operates

on blocks of 64 bits, using a key also of 128 bits. Because of the promising results

produced by the LUCIFER project, IBM embarked on an effort to develop a marketable

commercial encryption product that ideally could be implemented on a single chip. The

effort was headed by Walter Tuchman and Cart Meyer, and if involved not only IBM

researchers but also out-side consultants and technical advice from NSA. The outcome of

this effort was a refined version of LUCIFER that was more resistant to cryptanalysis but

that had a reduced key size of 56 bits, to fit on a single chip.

In 1973, the National Bureau of Standards (NBS) issued a request for proposals for a

national cipher standard. IBM submitted the results of its Tuchman-Meyer project. This

was by far the best algorithm proposed and was adopted in 1977 as the Data Encryption

Standard.

Before its adoption as a standard, the proposed DES was subjected to intense criticism,

which has not subsided to this day. Two areas drew the critics fire. First, the key length in

IBM's original LUCIFER algorithm was 128 bits, but that of the proposed system was only

56 bits, an enormous reduction in key size of 72 bits. Critics feared that this key length

was too short to withstand brute-force attacks. The second area of concern was that the

design criteria for the internal structure of DES, the S-boxes, were classified. Thus, users

could not be sure that the internal structure of DES was free of any hidden weak points that

would enable NSA to decipher messages without benefit of the key. Subsequent events,

particularly the recent work on differential cryptanalysis, seem to indicate that DES has a

very strong internal structure. Furthermore, according to IBM participants, the only

changes that were made to the proposal were changed to the S-boxes, suggested by NSA,

that removed vulnerabilities identified in the course of the evaluation process.

Whatever the merits of the case, DES has flourished and is widely used, especially in

financial applications. In 1994, NIST reaffirmed DES for federal use for another five years;

NIST recommended the use of DES for applications other than the protection of classified

information. In 1999, NIST issued a new version of its standard that indicated that DES

should only be used for legacy systems and that triple DES (which in essence involves

repeating the DES algorithm three times on the on plaintext using two or three different

keys to produce the ciphertext) be used.

DES Encryption: The overall scheme for DES encryption is illustrated in figure. As with any encryption

scheme, there are two inputs to the encryption function: the plaintext to be encrypted and

the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in length.

TheDirectData.com

Page 21

Cryptography

Looking at the left-hand side of the figure, we can see that the processing of the plaintext

proceeds in three phases. First, the 64-bit plaintext passes through an initial permutation

(IP) that rearranges the bits to produce the permuted input. This is followed by a phase

consisting of 16 rounds of the same function, which involves both permutation and

substitution functions. The output of the last (16) round consists of 64 bits that are a

function of the input plaintext and the key. The left and right halves of the output are

swapped to produce the preoutput. Finally, the preoutput is passed through a permutation

that is the inverse of the initial permutation function, to produce the 64-bit ciphertext. With

the exception of the initial and final permutation, DES has the exact structure of a Feistel

cipher.

TheDirectData.com

Page 22

Cryptography

The right-hand portion of figure shown the way in which the 56-bit key is used. Initially,

the key is passed through a permutation function. Then, for each of the 16 rounds, a subkey

(Ki) is produced by the combination of a left circular shift and a permutation. The

permutation function is the same for each round, but a different subkey is produced because

of the repeated iteration of the key bits.

Public-key cryptography: The development of public-key cryptography is the greatest and perhaps the only true

revolution in the entire history of cryptography. From its earliest beginning to modern

times, virtually all cryptographic system have been based on the elementary tools of

substitution and permutation.

Principle of Public-key cryptosystem: The concept of public-key cryptography evolved from an attempt to attack two of the most

difficult problems associated with symmetric encryption. The first problem is that of key

distribution.

As we have seen, key distribution under symmetric encryption requires either

That to communicants already share a key, which some how has been

distributed to them; or

The use of a key distribution center Whitfield Diffie. One of the discoverers

of public-key encryption (along with Martin Hellman, both at Stanford University at the

time), reasoned that this second requirement negated the very essence of cryptography, the

ability to maintain total secrecy over your own communication. As Diffie put to (DIFF88),

" what good would it do after all to develop impenetrable cryptosystems, if their users were

forced to share their keys with a KDC that could be compromised by either burglary or

subpoena? "

The second problem that Diffie pondered, and one that was apparently unrelated to the first

was that of " digital signatures ". If the use of cryptography was to become widespread, not

just in military situations but for commercial and private purposes, then electronic message

and documents would need the equivalent of signatures used in paper documents. That is,

could a method be devised that would stipulate, to the satisfaction of all parties that a

digital message had been sent by a particular person? This is a somewhat broader

requirement than that of authentication, and its characteristics and ramifications are

explored.

In the next subsection, we look at the overall framework for public-key cryptography. Then

we examine the requirements for the encryption/decryption algorithm that is at the heart of

the scheme.

TheDirectData.com

Page 23

Cryptography

Public-key cryptosystems: The public-key algorithms rely on one key for encryption and a different but related key for

decryption. These algorithms have the following important characteristics:

knowledge of the cryptographic algorithm and the encryption key.

In addition, some algorithms, such as RSA, also exhibit the following characteristics:

Either of the two related keys can be used for encryption , with other used

for decryption.

A public-key encryption scheme has six ingredients.

Plaintext: - This is the readable message or data that is fed into the

algorithm as input.

transformations on the plaintext.

Public and private key: - This is a pair of keys that have been selected so

that if one is used for encryption, the other is used for decryption. The exact

transformations performed by the encryption algorithm depend on the public or private key

that is provided as input.

on the plaintext and the key. For a given message, two different keys will produce two

different ciphertexts.

matching key and produces the original plaintext.

The essential steps are the following:

Each user generates a pair of keys to be used for the encryption and

decryption of messages.

Each user places one of the two keys in a public register or other accessible

file. This is the public key. The companion key is kept private. As figure suggests, each

user maintains a collection of public keys obtained from others.

message using Alice's public key.

When Alice receives the message, she decrypts it using her private key. No

other recipient can decrypt the message because only Alice knows Alice's private key.

With this approach, all participants have access to public keys, and private keys, are

generated locally by each participant and therefore need never be distributed. As long as a

system controls its private key, its incoming communication is secure. At any time, a

system can change its private key and publish the companion public key to replace its old

public key.

TheDirectData.com

Page 24

Cryptography

Table shows some of the important aspects of symmetric and public-key encryption. To

discriminate between the two, we will generally refer to the key used in symmetric

encryption as a secret key. The two keys used for public-key encryption are referred to the

TheDirectData.com

Page 25

Cryptography

public key and private key. Invariably, the private key is kept secret, but it is referred to as

a private key than a secret key to avoid confusion with symmetric encryption.

Conventional Encryption

Public-key Encryption

Needed to work :-

Needed to Work :-

is used for encryption and decryption.

and decryption with a pair of keys,

one for encryption and one for

decryption.

the algorithm and the key.

Have one of the matched pair of

keys(not the same one ).

secret.

impractical to decipher a message if

no other information is available.

impractical to decipher a message

If no other information is available.

samples of ciphertext must be

insufficient to determine the key.

the keys plus samples of ciphertext

must be insufficient to determine the

other key.

Let us take a closer look at the essential elements of a public-key encryption scheme, using

figure. There is some source A that produces a message in plaintext, X = X[X1,X2,

..Xm]. The M elements of X are letters in some finite alphabet.

The message is intended for destination B. B generates a related pair of keys: a public key,

Kub, and a private key, KRb. KRb is known only to B, whereas Kub is publicly available and

therefore accessible by A.

With the message X and the encryption key KU b as input, A forms the ciphertext Y = Y

[Y1, Y2YN]:

Y = EKUb (X)

TheDirectData.com

Page 26

Cryptography

The intended receiver, in possessing of the matching private key, is able to invert the

transformation:

X = DKRb(Y)

Cryptanaly

st

Source A

Source A

Source

Bs public

key

Destination B

Destinatio

nB

Encrypti

on

Decrypti

on

Algor

ithm

Algor

ithm

Destinatio

n

Bs private

key

Key pair

source

An opponent, observing Y and having access to KU b, but not having access to KR b or X,

must attempt to recover X and/or KRb. It is assumed that the opponent does have

knowledge of the encryption (E) and decryption (D) algorithms. If the opponent is

interested only in this particular message, then the focus of effort is to recover X, by

generating a plaintext estimate X^. Often, however, the opponent is interested in being able

to read future messages as well, in which case an attempt is made to recover KR b by

generating an estimate K^Rb.

We mentioned earlier that either of the two related keys can be used for encryption, with

the other being used for decryption. This enables a rather different cryptographic scheme to

be implemented. Whereas the scheme illustrated in Figure provides confidentiality, Figure

shows the use of public-key encryption to provide authentication:

Y = EKRa (X)

X = DKUa (Y)

In this case, A prepares a message to B and encrypts it using A's private key before

transmitting it. B can decrypt the message using A's public key. Because the message was

encrypted using A's private key, only A could have prepared the message. Therefore, the

entire encrypted message serves as a digital signature. In addition, it is impossible to alter

TheDirectData.com

Page 27

Cryptography

the message without access to A's private key, so the message is authenticated both in terms

of source and in terms of data integrity.

Cryptanalys

t

Source A

Destination B

Source A

Source

As private

key

Destination B

Encryptio

n

Decryptio

n

Algorithm

Algorithm

Destinatio

n

As public

key

Key pair

source

Public -key Cryptosystem: Authentication

In the preceding scheme, the entire message is encrypted, which, although validating both

author and contents, requires a great deal of storage. Each document must be kept in

plaintext to be used for practical purposes. A copy also must be stored in ciphertext so that

the origin and contents can be verified in case of a dispute. A more efficient way of

achieving the same results is to encrypt a small block of bits that is function of the

document. Such a block, called an authenticator, must have the property that it is infeasible

to change the document without changing

the authenticator. If the authenticator is

encrypted with the sender's private key, it serves as a signature that verifies origin, content,

and sequencing.

It is important to emphasize that the encryption process just described does not provide

confidentiality. That is, the message being sent is safe from alteration but not from

eavesdropping. This is obvious in the case of a signature based on a portion of the message,

because the rest of the message is transmitted in the clear. Even in the case of complete

encryption, as shown in figure, there is no protection of confidentiality because any

observer can decrypt the message by using the sender's public key.

It is, however, possible to provide both the authentication function and confidentiality by a

double use of the public-key scheme.

Z = EKUb [ EKRa(X) ]

X = DKUa [ DKRb(z) ]

TheDirectData.com

Page 28

Cryptography

Source A

Encry.

Algorithem

Source

Destination B

Encry.

Algorithem

Decry.

Algorithem

Decry.

Algorithem

Bs private key

Bs public key

Key Pair

Source

As private key

Key Pair

As public key

Source

Public _ key cryptosystem: Secrecy and Authentication

In this case, we being as before by encrypting a message, using the sender's private

key. This provides the digital signature. Next, we encrypt again, using the receiver's public

key. Only the intended receiver, who alone has the matching private key, can decrypt the

final ciphertext. Thus, confidentiality is provided. The disadvantage of this approach is that

the public-key algorithm, which is complex, must be exercised four times rather than two

in each communication.

Application for Public-Key Cryptosystems: Before proceeding, we need to clarify one aspect of public-key cryptosystems that is

otherwise likely to lead to confusion, Public-key systems are characterized by the use of a

cryptographic type of algorithm with two keys, one held private and one available publicly.

Depending on the application, the sender uses either the sender's private key or the

receiver's public key, or both, to perform some type of cryptosystems into three categories.

TheDirectData.com

Page 29

Dest.

Cryptography

Encryption/decryption:

Digital signature:

The sender " signs " a message with its private key. Signature is achieved by a

cryptographic algorithm applied to the message of to a small block of data that is a function

of the message.

Key exchange:

Two sides cooperate to exchange a session key. Several different approaches are possible,

involving the private key(s)of one both parties.

Some algorithms are suitable for all three applications, whereas others can be used only for

one or two of these applications.

The RSA Algorithm: The pioneering paper by Diffie and Hellman [DIFF 76 b] introduce a new

Approach to cryptography and, in effect challenged cryptologists to come up with a

cryptographic algorithm that met the requirements for public - key systems. One of the first

of the responses to the challenge was developed in 1977 by Ron Rivest, Adi Shamir, and

Len Adleman at MIT and first published in 1978 [RIVE 78] the Rivest - Shamir- Adleman

(RSA) scheme has since that time reigned supreme as the most widely accepted and

implemented general - purpose approach to public - key encryption.

The RSA scheme is a block cipher in which the plaintext and ciphertext are

integers between 0 and n -1 for some n. A typical size for n is 1024 bits, or 309 decimal

digits. We examine RSA in this section in some detail, beginning with an explanation of the

algorithm. Then we examine some of the computational and cryptanalytical implications of

RSA.

Description of the Algorithm: The scheme developed by Rivest, Shamir, and Adleman makes use of an expression

with exponential. Plaintext is encrypted in blocks, with each block having a binary value

less than some number n. That is the block size must be less than or equal to log2(n); in

practice, the block size is k bits, where 2k < n < 2k+1. Encryption and decryption are of

the following forms, for some plaintext block M and ciphertext block C.

C = Me mod n

M = Cd mod n = (Me) d mod n = Med mod n

TheDirectData.com

Page 30

Cryptography

Both sender and receiver must know the value of n. The sender knows the value of e, and

only the receiver knows the value of d. Thus, this is a public-key encryption algorithm with

a public key of KU = {e,n} and a private key of KR ={d,n}. For the algorithm to be

satisfactory for public-key encryption, the following requirements must be meet:

1 -> it is possible to find value of e, d, n such that Med = M mod n for all M < n.

2 -> it relatively easy to calculate Me and Cd for all values of M < n.

3 -> it is infeasible to determine d given e and n.

For now, we focus on the first requirement and consider the other questions later. We need

to find a relationship of the form

Med = M mod n

A corollary to Euler's theorem, fits the bill: Given two prime numbers, p and q and two

integers n and m, such that n = pq and 0 < m< n, and arbitrary integer k, the following

relationship holds:

Mk(n) + 1 = mk (p-1)(q-1)+1 = m mod n

Where (n) is the Euler totient function which is the number of positive integers less then n

and relatively prime to n. for p, q prime, (pq) = (p-1)(q-1). Thus we can achieve the

desired relationship if

Ed = k(n) + 1

This is equivalent to saying:

Ed = 1 mod (n)

D = e-1 mod (n)

That is e and d are multiplicative inverses mod (n). Note that according to the rules of

modular arithmetic, this is true only if d (and therefore e) is relatively prime to (n),

Equivalently, gcd ((n), d) = 1

We are now ready to state the RSA scheme. The ingredients are the following:

P, q, two prime numbers

(private, chosen)

n = pq

(public, calculated)

e, with gcd((n),e) = 1; 1<e<(n)

(public, chosen)

d = e-1 mod (n)

(private, calculated)

The private key consists of {d, n} and the public key consists of {e, n}. Suppose that user A

has published its public key and that user B wishes to send the message M to A. then B

calculates C = Me (mod m) and transmits C. on receipt of this ciphertext, user A decrypts

by calculating M = Cd (mod m).

It is worthwhile to summarize the justification for this algorithm. We have chosen e and d

such that

d = e-1 mod ()

Therefore,

ed = 1 mod (n)

Therefore, ed is of the form k(n)+1. But by the corollary to Eulers theorem, provided

here, given two prime numbers p and q, and integers n = pq and M with

0 < M < m:

TheDirectData.com

Page 31

Cryptography

Mk(n) + 1 = Mk (p-1)(q-1)+1 = M mod n

So, Med = M mod n.

Now

C = Me mod n

M = Cd mod n = (Me) d mod n = Med mod n = m mod n

Besides ClassicSys ciphering at high speed, two more advantages make

Classic prime candidate for THE standard application in cryptography :

1.

ClassicSys uses only 1 secret key to meet ALL the cryptographic needs of an

end

user such as :

To authenticate himself

To generate all the Session Keys he needs for Email (as one possible

application)

commerce, electronic voting, casino games at home, ...

2. ClassicSys is designed in such a way that there is no valid reason to forbid it's

use in any country in the world. ClassicSys gives all the required guarantees to its

users and their government : secret keys must not be divulged and Security Services

can always decipher suspect messages.

ClassicSys offers more than the known advantages of encryption solutions:

The chip contains the SED algorithm and all the other features of

ClassicSys. One system covers all cryptographic needs, for all applications.

without human intervention.

Authority's manager! All keys are written into chips and are not accessible to humans or

other machines. This guarantees the privacy of all the end-users.

Keys, he does not need the intervention of the TA anymore. Email for example, users do

not need the TA to exchange messages between themselves.

TheDirectData.com

Page 32

Cryptography

ClassicSys acts like a public key cryptosystem : every end-user has one

public ID number, which is used in a similar way to public keys. Email for example, when

somebody wants to communicate with another end-user, he sends to the TA his ID number

and the one from his correspondent. In return he receives information from the TA to

generate their Session Key.

completely separately, under different authorities, as required by our Democracies.

Requests from the NSS to the TA are recorded encrypted by the TA (TA doesn't know the

ID of Alice or Bob in a suspect message). This guarantees the confidentiality of the NSS's

investigation, however, the recorded provides an audit trail for any Competent

Investigating Authority. Optimum ClassicSys operation should have the TA and NSS

under different authorities, but every country can implement it as seen fit.

ClassicSys enables the NSS to decrypt the content of suspect incoming and

outgoing international messages, without the necessity for users to deposit their private

secret keys in the corresponding countries (as with the RSA).

investigate suspect messages.

incoming and outgoing messages: each message contains the necessary information to be

deciphered by the 2 National Security Services.

Each Trust Authority has its own Private Key. Consequently they can only

compute Private Keys for domestic users.

ClassicSys is easy to implement in integrated circuits because:

The length of the blocks of key and data are identical and equal to 128 bits

(16 bytes).

Security of ClassicSys is enhanced compared to other systems because:

therefore not accessible.

There is no known way to reconstruct, by cryptanalysis, the secret key, knowing a

clear and it's corresponding encrypted message.

Differential cryptanalysis is not suitable to the SED algorithm. On average, there is

TheDirectData.com

Page 33

Cryptography

only one key corresponding to a clear and its associated encrypted text and therefore, each

bit of the key has equal weight in the algorithm.

Only 1 secret key of 128 bits is enough to meet all the cryptographic needs of an

end-user such as :

To authenticate himself

commerce, electronic voting, casino games at home,...)

Unlike the RSA algorithm, where every key requires a determined space, the SED

algorithm can use every block contained in the space 2128.

The SED algorithm is very fast for the following reasons:

The length of the blocks (key and data) is small (128 bits against more than

512 bits) but long enough to disable every exhaustive cryptanalysis.

Mbytes/sec).

The SED algorithm is completely transparent. Due to the theory of Multiplicative

Groups we can confirm that there is no Trojan Horse in the SED algorithm.

The SED algorithm permits chained mode ciphering, allowing reduction of the

authentication information to one block of 128 bits, whatever the length of the data

to authenticate.

The table below compares the important features of the DES, the RSA and the SED

algorithms, used within global cryptographic systems.

Feature

Speed

Deposit of keys

Country independence

Trojan Horse

Data block length

Key length

Use of data space

DES

RSA

high

low

needed

needed

no

no

not proved

no

64 bits minimum

512 bits

56 bits minimum

512 bits

full, 64 bits (2^64), variable, limited,

8 bytes

not defined

key

same

TheDirectData.com

different

SED

high

not needed

yes

no

128 bits

128 bits

full 128 bits

(2^128), 16

bytes

different

Page 34

Cryptography

Ciphering & deciphering

algorithm

different

Algorithm contains only

XOR and branching

no

Average number of key

For one pair E&C=1

probably not

cryptanalysis method

differential method

Global system including

algorithm

not suitable

same

no

probably yes

product

factorization

not suitable

different

yes

yes

no known

method

ClassicSys

Application: Cryptography is extremely useful; there is a multitude of applications, many of which are

currently in use. A typical application of cryptography is a system built out of the basic

techniques. Such systems can be of various levels of complexity. Some of the more simple

applications are secure communication, identification, authentication, and secret sharing.

More complicated applications include systems for electronic commerce, certification,

secure electronic mail, key recovery, and secure computer access.

In general, the less complex the application, the more quickly it becomes a reality.

Identification and authentication schemes exist widely, while electronic commerce systems

are just beginning to be established. However, there are exceptions to this rule; namely, the

adoption rate may depend on the level of demand. For example, SSL-encapsulated HTTP

(see Question 5.1.2) gained a lot more usage much more quickly than simpler link-layer

encryption has ever achieved. The adoption rate may depend on the level of demand.

Secure Communication

Secure communication is the most straightforward use of cryptography. Two people may

communicate securely by encrypting the messages sent between them. This can be done in

such a way that a third party eavesdropping may never be able to decipher the messages.

While secure communication has existed for centuries, the key management problem has

prevented it from becoming commonplace. Thanks to the development of public-key

cryptography, the tools exist to create a large-scale network of people who can

communicate securely with one another even if they had never communicated before.

Identification and authentication are two widely used applications of cryptography.

Identification is the process of verifying someone's or something's identity. For example,

when withdrawing money from a bank, a teller asks to see identification (for example, a

driver's license) to verify the identity of the owner of the account. This same process can be

done electronically using cryptography. Every automatic teller machine (ATM) card is

TheDirectData.com

Page 35

Cryptography

associated with a ``secret'' personal identification number (PIN), which binds the owner to

the card and thus to the account. When the card is inserted into the ATM, the machine

prompts the cardholder for the PIN. If the correct PIN is entered, the machine identifies that

person as the rightful owner and grants access. Another important application of

cryptography is authentication. Authentication is similar to identification, in that both allow

an entity access to resources (such as an Internet account), but authentication is broader

because it does not necessarily involve identifying a person or entity. Authentication merely

determines whether that person or entity is authorized for whatever is in question. For more

information on authentication and identification, see Question 2.2.5.

Secret Sharing

Another application of cryptography, called secret sharing, allows the trust of a secret to be

distributed among a group of people. For example, in a (k, n)-threshold scheme,

information about a secret is distributed in such a way that any k out of the n people (k n)

have enough information to determine the secret, but any set of k-1 people do not. In any

secret sharing scheme, there are designated sets of people whose cumulative information

suffices to determine the secret. In some implementations of secret sharing schemes, each

participant receives the secret after it has been generate.

Bibliography:This document's some topics are just picked up by some of reference book and some

excellent web sight which give me good explore such references are following.

www.google.co.in.

Conclusion :By analysis of this report and their subtopics which are mentioned above, which are

inherently guides us about various cryptographic techniques used in data security. By using

of encryption techniques a fair unit of confidentiality, authentication, integrity, access

control and availability of data is maintained. Using cryptography Electronic Mail Security,

Mail Security, IP Security, Web security can be achieved.

TheDirectData.com

Page 36

Cryptography

TheDirectData.com

Page 37