Cryptography

Avalanche 06

Cryptography

Sheetal Shanbhag 6th Sem ISE USN: 2GI03IS043 sheetalshanbag@yahoo.co.in

Chaithanya. M. V 6th Sem ISE USN: 2GI01IS066 mvchamp@gmail.com

Cryptography

Avalanche 06

Abstract

Cryptography is the science of writing messages that no one except the intended receiver can read. Origin of cryptography is usually dated from about 2000 BC, with the Egyptian practice of hieroglyphics. The ability to securely store and transfer sensitive information has proved a critical factor in success in war and business. A cryptographic algorithm works in combination with a key a word, number, phrase to encrypt plaintext. Cryptography or cryptology is a field of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication. As noted cryptologist Ron Rivest summarized: cryptography is about communication in the presence of adversaries. Cryptography is an interdisciplinary subject, drawing from several fields. Cryptography is also considered a branch of engineering, but it is considered to be an unusual one as it deals with active, intelligent and malevolent opposition. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. Internet has allowed the spread of powerful programs, more importantly, the underlying techniques of cryptography, so that today many of the most advanced cryptosystems and ideas are now in public domain.

Cryptography

Avalanche 06

CONTENTS 1. Introduction 2. Origin of cryptography 3. What is cryptography 4. The purpose of cryptography 5. Encryption and decryption 6. Traditional cryptography 6.1 Substitution ciphers 6.2 Transposition ciphers 7. How does cryptography work 8. Types of cryptography algorithm 8.1 Secret key cryptography 8.2 Public key cryptography 8.3 Hash function 9. Objectives 10. Digital certificate 11. Application 12. Conclusion 13. References 11 12 14 16 17 6 6 1 2 3 4 4 5

Cryptography

Avalanche 06

1. Introduction: Cryptography is the science of writing messages that no one except the intended receiver can read. Cryptanalysis is the science of reading them anyway. "Crypto" comes from the Greek 'krypte' meaning hidden or vault and "Graphy" comes from the Greek 'grafik' meaning writing. The words, characters or letters of the original intelligible message constitute the Plain Text (PT). The words, characters or letters of the secret form of the message are called Cipher Text (CT) and together constitute a Cryptogram. Cryptograms are roughly divided into Ciphers and Codes. William F. Friedman defines a Cipher message as one produced by applying a method of cryptography to the individual letters of the plain text taken either singly or in groups of constant length. Practically every cipher message is the result of the joint application of a General System (or Algorithm) or method of treatment, which is invariable and a Specific Key, which is variable, at the will of the correspondents and controls the exact steps followed under the general system. It is assumed that the correspondents and the cryptanalyst know the general system. A Code message is a cryptogram which has been produced by using a code book consisting of arbitrary combinations of letters, entire words, figures

Cryptography

Avalanche 06

substituted for words, partial words, phrases, of PT. Whereas a cipher system acts upon individual letters or definite groups taken as units, a code deals with entire words or phrases or even sentences taken as units. We will look at both types of systems in this course.

2. Origin of cryptography The origin of cryptography is usually dated from about 2000 BC, with the Egyptian practice of hieroglyphics. These consisted of complex pictograms, the full meaning of which was only known to an elite few. The first known use of a modern cipher was by Julius Caesar (100 BC to 44 BC), who did not trust his messengers when communicating with his governors and officers. For this reason, he created a system in which each character in his messages was replaced by a character three positions ahead of it in the Roman alphabet. In recent times, cryptography has turned into a battleground of some of the world's best mathematicians and computer scientists. The ability to securely store and transfer sensitive information has proved a critical factor in success in war and business. Because governments do not wish certain entities in and out of their countries to have access to ways to receive and send hidden information that may be a threat to national interests, cryptography has been subject to various restrictions in many countries, ranging from limitations of the usage and export of software to the public dissemination of mathematical concepts that could be used

Cryptography

Avalanche 06

to develop cryptosystems. However, the Internet has allowed the spread of powerful programs and, more importantly, the underlying techniques of cryptography, so that today many of the most advanced cryptosystems and ideas are now in the public domain.

3. What is cryptography? The term "cryptography" ("secret writing," from the Greek krypts, "hidden," and grphein, "to write") is often used to refer to the field as a whole, as is "cryptology" ("the study of secret writing"). Cryptography or cryptology is a field of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication. As the noted cryptologist Ron Rivest summarized: cryptography is about communication in the presence of adversaries. Cryptography is an interdisciplinary subject, drawing from several fields. Older forms of cryptography were chiefly concerned with patterns in language. More recently, the emphasis has shifted, and cryptography makes extensive use of mathematics, particularly discrete mathematics, including topics from number theory, information theory, computational complexity, statistics and combinatorics. Cryptography is also considered a branch of engineering, but it is considered to be an unusual one as it deals with active, intelligent and malevolent

Cryptography

Avalanche 06

opposition.Cryptography is a tool used within computer and network security. Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck.

4. The purpose of cryptography Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet. Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication.

Cryptography

Avalanche 06

5. Encryption and decryption Data that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called cipher text. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.

Figure 1 illustrates this process. 6. Traditional cryptography Encryption methods have historically been divided into two categories, viz, substitution ciphers and transposition ciphers. Both the techniques are quite simple to implement even manually .The details of these two techniques are

Cryptography discussed below.

Avalanche 06

6.1 Substitution ciphers This is the easiest method of encryption wherein each letter or a group of letters is replaced by another letter or a group of letters. One of the methods of realizing encryption by substitution method is to replace the alphabet in the plain text by another alphabet shifted by k places where k is the key used for encryption. For example if k=3 then Sneha becomes uohkd. 6.2 Transposition ciphers Substitution ciphers preserve the order of the plain text symbol but disguise them. Transposition ciphers in contrast, re-order the letters but do not disguise them. The cipher is keyed by a word or a phrase not containing any repeated letters.

7. How does cryptography work? A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key a word, number, or phrase to encrypt the plaintext. The same plaintext encrypts to different cipher text with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.

Cryptography

Avalanche 06 A cryptographic algorithm, plus all possible keys and all the protocols that

make it work comprise a cryptosystem. PGP is a cryptosystem

8. Types of cryptographic algorithms The three types of algorithms that will be discussed are: Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information 8.1 Secret key cryptography In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption. The Data Encryption Standard (DES) is an example of a conventional cryptosystem that is widely employed by the Federal Government. Figure2 is an illustration of the conventional encryption process.

10

Cryptography

Avalanche 06

Figure 2. Conventional encryption 8.2 Public key cryptography The problems of key distribution are solved by public key cryptography, the concept of which was introduced by Whitfield Diffie and Martin Hellman in 1975. (There is now evidence that the British Secret Service invented it a few years before Diffie and Hellman, but kept it a military secret and did nothing with it. [J H Ellis: The Possibility of Secure Non-Secret Digital Encryption, CESG Report, and January 1970]) Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your

11

Cryptography

Avalanche 06

public key can then encrypt information that only you can read. Even people you have never met. It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.

Figure 3. Public key encryption The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is

12

Cryptography

Avalanche 06

eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. Some examples of public-key cryptosystems are Elgamal (named for its inventor, Taher Elgamal), RSA (named for its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman), Diffie-Hellman (named, you guessed it, for its inventors), and DSA, the Digital Signature Algorithm (invented by David Kravitz). Because conventional cryptography was once the only available means for relaying secret information, the expense of secure channels and key distribution relegated its use only to those who could afford it, such as governments and large banks (or small children with secret decoder rings). Public key encryption is the technological revolution that provides strong cryptography to the adult masses. Remember the courier with the locked briefcase handcuffed to his wrist? Public-key encryption puts him out of business (probably to his relief).

Digital signatures A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These features are every bit as

13

Cryptography fundamental to cryptography as privacy, if not more.

Avalanche 06

A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer. Some people tend to use signatures more than they use encryption. For example, you may not care if anyone knows that you just deposited $1000 in your account, but you do want to be darn sure it was the bank teller you were dealing with. The basic manner in which digital signatures are created is illustrated in Figure 4. Instead of encrypting information using someone else's public key, you encrypt it with your private key. If the information can be decrypted with your public key, then it must have originated with you.

14

Cryptography

Avalanche 06

Figure 5

8.3 Hash function The system described above has some problems. It is slow, and it produces an enormous volume of data at least double the size of the original information. An improvement on the above scheme is the addition of a one-way hash function in the process. A one-way hash function takes variable-length input in this case, a message of any length, even thousands or millions of bits and produces a fixed-length output; say, 160-bits. The hash function ensures that, if

15

Cryptography

Avalanche 06

the information is changed in any way even by just one bit an entirely different output value is produced. PGP uses a cryptographically strong hash function on the plaintext the user is signing. This generates a fixed-length data item known as a message digest. (Again, any change to the information results in a totally different digest.) Then PGP uses the digest and the private key to create the "signature." PGP transmits the signature and the plaintext together. Upon receipt of the message, the recipient uses PGP to recompute the digest, thus verifying the signature. PGP can encrypt the plaintext or not; signing plaintext is useful if some of the recipients are not interested in or capable of verifying the signature. As long as a secure hash function is used, there is no way to take someone's signature from one document and attach it to another, or to alter a signed message in any way. The slightest change in a signed document will cause the digital signature verification process to fail.

16

Cryptography

Avalanche 06

Figure 6

9. Objectives Modern cryptography concerns itself with the following four objectives: 1) Confidentiality (the information cannot be understood by anyone for whom it was unintended)

17

Cryptography

Avalanche 06

2) Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) 3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) 4) Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information).

10. Digital certificate Digital certificates, or certs, simplify the task of establishing whether a public key truly belongs to the purported owner. A certificate is a form of credential. Examples might be your driver's license, your social security card, or your birth certificate. Each of these has some information on it identifying you and some authorization stating that someone else has confirmed your identity. Some certificates, such as your passport, are important enough confirmation of your identity that you would not want to lose them, lest someone use them to impersonate you. A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a person's public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one person's key for another. A digital certificate consists of three things: A public key.

18

Cryptography

Avalanche 06

Certificate information. ("Identity" information about the user, such as name, user ID, and so on.) One or more digital signatures. The purpose of the digital signature on a certificate is to state that some other person or entity has attested to the certificate information. The digital signature does not attest to the authenticity of the certificate as a whole; it vouches only that the signed identity information goes along with, or is bound to, the public key. Thus, a certificate is basically a public key with one or two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.

19

Cryptography

Avalanche 06

Figure 6

11. Applications of cryptography

20

Cryptography 1. Secure communication

Avalanche 06

Secure communication is the most straightforward use of cryptography. Two people may communicate securely by encrypting the messages sent between them. This can be done in such a way that a third party eavesdropping may never be able to decipher the messages. 2. Identification and Authentication Identification and authentication are two widely used applications of cryptography. Identification is the process of verifying someone's or something's identity. Authentication merely determines whether that person or entity is authorized for whatever is in question. 3. Secret sharing Another application of cryptography, called secret sharing, allows the trust of a secret to be distributed among a group of people. For example, in a (k, n)-threshold scheme, information about a secret is distributed in such a way that any k out of the n people (k n) have enough information to determine the secret, but any set of k-1 people do not. 4. Electronic commerce E-commerce is comprised of online banking, online brokerage accounts, and Internet shopping, to name a few of the many applications. Simply entering a credit card number on the Internet leaves one open to fraud. One cryptographic solution to this problem is to encrypt the credit card number (or other private information) when it is entered online; another is to secure the entire session.

21

Cryptography

Avalanche 06

When a computer encrypts this information and sends it out on the Internet, it is incomprehensible to a third party viewer. The web server ("Internet shopping center") receives the encrypted information, decrypts it, and proceeds with the sale without fear that the credit card number (or other personal information) slipped into the wrong hands. 5.Certificate Another application of cryptography is certification; certification is a scheme by which trusted agents such as certifying authorities vouch for unknown agents, such as users. The trusted agents issue vouchers called certificates which each have some inherent meaning. 6. Remote access Secure remote access is another important application of cryptography. The basic system of passwords certainly gives a level of security for secure access, but it may not be enough in some cases. For instance, passwords can be eavesdropped, forgotten, stolen, or guessed. Many products supply cryptographic methods for remote access with a higher degree of security.

22

Cryptography 12. Conclusion

Avalanche 06

In recent times technology has advanced in leaps and bounds, so has the field of Cryptography. Cryptography is one of the fastest growing technologies for security purposes. As the field of cryptography has advanced, the dividing lines for what is and what is not cryptography have become blurred. Cryptography today might be summed up as the study of techniques and applications that depend on the existence of difficult problems. In recent years there is bound to be an increase in computational speeds. With the increase in computational speed, the threat posed to cryptography would increase. As a result of which cryptanalysis would be much more easier.

23

Cryptography

Avalanche 06

13. References http://en.wikipedia.org/wiki/cryptography http://www.rsasecurity.com/rslabs http://garykessler.net/library.crypt.html http://www.fortunecity.com http://pqpi.org/doc/pqpiintro http://searchsecurity.techtarget.com

24