cryptography full report
computer science technology|
Active In SP
Joined: Jan 2010
23-01-2010, 01:47 AM
Cryptography full report.doc (Size: 297.5 KB / Downloads: 665)
This paper introduces Cryptography
Techniques. Cryptography is The science of
protecting data & Network Security keeping
information private and Secure from
This paper gives the Fundamental
Requirements for the Data Transmission, the
security attacks like Interruption, Interception
and Modification of the data Transmission.
The Cryptographic Process
explaining through a generalized function is
discussed through which encryption and
decryption is done by the various algorithms
like RSA algorithm, Hash Functions and
many cryptographic algorithms.
Name: T Sampathkumar Name: Sudeep
Year: III/IV CSE , Year: III/IV CSE,
e-mail: firstname.lastname@example.org e-mail : email@example.com
The Cryptanalysis is the process of
attempting to discover the plain text and/ or the key.
Applications of Various Cryptographic Technologies.
Why & How to Provide Network Security in the
Certificates issuing, The Validity & Trust for Certificate
Services, Certificate Revocation in the Internet,
Intranet and other Network Communications, the
Applications of Network Security to the various Data
Transfer techniques and protocols.
From the dawn of civilization, to the highly
networked societies that we live in Today
communication has always been an integral
part of our existence.
Â¢ Radio communication
Â¢ Network communication
Â¢ Mobile communication
Â¢ Telephonic communication
All these methods and means of communication have
played an important role in our lives, but in the past
few years, network communication, especially over
the Internet, has emerged as one of the most powerful
Methods of communication with an overwhelming
Impact on our lives. Such rapid advances in
Communications technology have also given rise to
Security threats to individuals and organizations.
Confidential: Is the process of keeping information
private and Secret so that only the intended recipient
is able to understand the information.
Authentication: Is the process of providing proof of
identity of the sender to the recipient, so that the
recipient can be assured that the person sending the
information is who and what he or she claims to be.
Integrity: Is the method to ensure that information is
not tampered with during its transit or its storage on
the network. Any unauthorized person should not be
able to tamper with the information or change the
Information during transit
Non-repudiation: Is the method to ensure that
information cannot be disowned. Once the non-repudiation
process is in place, the sender cannot
deny being the originator of the data.
Interruption: In an attack where one or more of the
systems of the organization become unusable due to
attacks by unauthorized users. This leads to systems
being unavailable for use.
Interception: An unauthorized individual intercepts
the message content and changes it or uses it for
malicious purposes. After this type of attack, the
message does not remain confidential.
Modification: The content of the message is modified
by a third party. This attack affects the integrity of the message. So for maintaining the data secretly while
communicating data between two persons or two
organizations data is to be converted to other format
and the data is to be transmitted. So now we deal with
the Cryptography which is process of transmitting
data securely without any interruption. Network
security is the security of data transmission in the
What is Cryptography
The term cryptology has its origin in Greek
KryptÃƒÂ³s lÃƒÂ³gos , which means hidden word.
Cryptography is the science of protecting data, which
provides means and methods of converting data into
unreadable form, so that Valid User can access
Information at the Destination. Cryptography is the
science of using mathematics to encrypt and decrypt
data. Cryptography enables you to store sensitive
information or transmit it across insecure networks
(like the Internet) so that it cannot be read by anyone
except the intended recipient. While cryptography is
the science of securing data, cryptanalysis is the
science of analyzing and breaking secure
communication. Cryptanalysts are also called
attackers. Cryptology embraces both cryptography
a) Plaintext: The original intelligible message.
b) Cipher text: The transformed message.
c) Cipher: An algorithm for transforming an intelligible
message to unintelligible by transposition.
d) Key: Some critical information used by the cipher,
known only to the sender & receiver.
e) Encipher Encode) the process of converting
plaintext to cipher text using a cipher and a key.
f) Decipher Decode) the process of converting
cipher text back into plaintext using a cipher & key.
g) Cryptanalysis: The study of principles and
methods of transforming an unintelligible message
back into an intelligible message without
knowledge of the key. Also called code breaking
h) Cryptology: Both cryptography and cryptanalysis
i) Code: an algorithm for transforming an intelligible
message into an unintelligible one using codes.
j) Hash algorithm: Is an algorithm that converts text
string into a string of fixed length.
k) Secret Key Cryptography (SKC): Uses a single
key for both encryption and decryption
l) Public Key Cryptography (PKC): Uses one key for
encryption and another for decryption
m) Pretty Good Privacy (PGP): PGP is a hybrid
n) Public Key Infrastructure (PKI): PKI feature is
For Distributed computing
Â¢ Logical set of services distributed
over the network
Â¢ Physical security model does not
For Internet and Web
Â¢ Increase of security threat
Â¢ More stringent security for Ecommerce
Why network security
When networks were not that pervasive, that
is when computing devices were running in their own
Islands, it was rather easy to deal with security. The
only thing they needed to do was to lock the door.
Now, as more and more computing devices are
getting connected and more and more applications
are being built as distributed applications, the physical
security model has lost its significance. The advent of
the internet and the web has raised the scale and
frequency of network Security threats.
Common Security Threats
Identity interception: It means that someone might
steal your identity and use it as their own.
Masquerading. If you send your username and
password in clear text form, someone might be able to
grab it from the network and use it elsewhere with the
intention of perpetrating fraud.
Replay attack: They might capture your request of
withdrawing 1000 dollars from your Bank account and
then replay that request over the network.
Data interception and manipulation: If someone
can read your credit card information while it is on the
wire, they could cause a lot of trouble for you.
Repudiation: When someone performs a transaction
and then deny it later can be a big problem in ecommerce.
For example, if you are manufacturer of
something and you received a 1 million dollar
purchase request from a customer, you will want to
make sure that person does not deny it after the
transaction has been completed. We all know what
denial of service means.
Network Security Needs
Security Needs of an Enterprise
Â¢ Single sign-on Internet and intranet
Â¢ Controlled access to corporate
Â¢ Secure business transaction over Internet
Â¢ Centralized, easy to use security admin
Â¢ Transparency of security features
Â¢ Interoperable security systems
Â¢ Various PKI schemes, Kerbos
Common Network Security Needs
Â¢ Authentication (Identity verification)
Â¢ Access control (Authorization)
Â¢ Data confidentiality (Privacy)
Â¢ Data integrity (Tamper-proofing)
Â¢ Non-repudiation (Proof of transaction)
Cryptographic Process Basic Process
M is the original message
K enc is encryption key
M' is the scrambled message
K dec is decryption key
It is difficult to get M just by knowing M'
E and D are related such that
E(K enc , M) = M'
D(K dec , M') = M
D(K dec , E(K enc , M)) = M
Plaintextâ€M Cipher textâ€M' Original
Decryption functionâ€D Encryption
So how does cryptographic process work
The idea is rather simple. Let's say you have plaintext
M. By providing the encryption key and the encryption
function you get cipher text, M'. The cipher text can be
decrypted using a decryption function and a
decryption key and the result is the original text. In
cryptographic process the mathematical property is
such that it is practically impossible to derive M from
M' unless the key is known.
Key Process Techniques
Symmetric-Key Encryption: One Key
Symmetric-key encryption, also called shared-key
encryption or secret-key cryptography, uses a
single key that both the sender and recipient possess.
This key, used for both encryption and decryption, is
called a secret key (also referred to as a symmetric
key or session key). Symmetric-key encryption is an
efficient method for encrypting large amounts of data.
But the drawback is to transfer the Key to Receiver as
it is prone to security risks.
Public-Key Encryption: Two Keys
Two keysâ€a public key and a private key, which
are mathematically relatedâ€are used in public-key
encryption. To contrast it with symmetric-key
encryption, public-key encryption is also sometimes
called asymmetric-key encryption. In public-key
encryption, the public key can be passed openly
between the parties or published in a public
repository, but the related private key remains private.
Data encrypted with the public key can be decrypted
only using the private key. Data encrypted with the
private key can be decrypted only using the public
key. In Figure 1, a sender has the receiver's public
key and uses it to encrypt a message, but only the
receiver has the related private key used to decrypt
Private Key Method
Public Key Method
Encryption is done with Public Key and
Decryption with another key called Private Key. This
is called Public Key Cryptography.
Public-key cryptography algorithms
RSA: The first, and still most common,
PKC implementation, named for the three MIT
mathematicians who developed it â€ Ronald Rivest,
Adi Shamir, and Leonard Adleman. RSA today is
used in hundreds of software products and can be
used for key exchange, digital signatures, or
encryption of small blocks of data. RSA uses a
variable size encryption block and a variable size key.
The key-pair is derived from a very large number, n,
that is the product of two prime numbers chosen
according to special rules; these primes may be 100
or more digits in length each, yielding an n with
roughly twice as many digits as the prime factors. The
public key information includes n and a derivative of
one of the
factors of n; an attacker cannot determine
the prime factors of n (and, therefore, the private key)
from this information alone and that is what makes the
RSA algorithm so secure. (Some descriptions of PKC
erroneously state that RSA's safety is due to the
difficulty in factoring large prime numbers. In fact,
large prime numbers, like small prime numbers, only
have two factors!) The ability for computers to factor
large numbers, and therefore attack schemes such as
RSA, is rapidly improving and systems today can find
the prime factors of numbers with more than 140
digits. The presumed protection of RSA, however, is
that users can easily increase the key size to always
stay ahead of the computer processing curve. As an
aside, the patent for RSA expired in September 2000
which does not appear to have affected RSA's
popularity one way or the other.
Diffie-Hellman: After the RSA algorithm
Diffie and Hellman came up with their own algorithm.
D-H is used for secret-key key exchange only, and not
for authentication or digital signatures.
Digital Signature Algorithm (DSA): The
algorithm specified in NIST's Digital Signature
Standard (DSS), provides digital signature capability
for the authentication of messages.
Elliptic Curve Cryptography (ECC): A
PKC algorithm based upon elliptic curves. ECC can
offer levels of security with small keys comparable to
RSA and other PKC methods. It was designed for
devices with limited compute power and/or memory,
such as smartcards and PDAs
An improvement on the Public Key scheme is
the addition of a one way hash function in the
process. A one-way hash function takes variable
length input. In this case, a message of any length,
even thousands or millions of bits and produces a
fixed-length output; say, 160-bits. The hash function
ensures that, if the information is changed in any way
even by just one bit an entirely different output value
Hash functions, also called message digests
and one-way encryption, are algorithms that, in some
sense, use no key Instead; a fixed-length hash value
is computed based upon the plaintext that makes it
impossible for either the contents or length of the
plaintext to be recovered. Hash algorithms are
typically used to provide a digital fingerprint of a file's
contents often used to ensure that the file has not
been altered by an intruder or virus. Hash functions
are also commonly employed by many operating
systems so encrypt passwords. Hash functions, then,
help preserve the integrity of a file.
As long as a secure hash function is used,
there is no way to take someone's signature from one
document and attach it to another, or to alter a signed
message in any way. The slightest change in a signed
document will cause the digital signature verification
process to fail.
Applications Of Cryptography
1. Defense Services
2. Secure Data Manipulation
3. E â€œCommerce
4. Business Transactions
5. Internet Payment Systems
6. Pass Phrasing
7. Secure Internet Comm.
8. User Identification Systems
9. Access Control
10. Computational Security
11.Secure access to Corp Data
Public-Key Encryption for Digital Signatures
A major benefit of public key cryptography is
that it provides a method for employing digital
signatures. Digital signatures enable the recipient of
information to verify the authenticity of the
information's origin, and also verify that the
information is intact. Thus, public key digital
signatures provide authentication and data integrity. A
digital signature also provides non-repudiation, which
means that it prevents the sender from claiming that
he or she did not actually send the information. These
features are every bit as fundamental to cryptography
as privacy, if not more.
A digital signature serves the same purpose
as a handwritten signature. However, a handwritten
signature is easy to counterfeit. A digital signature is
superior to a handwritten signature in that it is nearly
impossible to counterfeit, plus it attests to the contents
of the information as well as to the identity of the
Public-Key Encryption for Digital Certificates
Digital certificates, or cert., simplify the task
of establishing whether a public key truly belongs to
the purported owner. A certificate is a form of
credential. Examples might be your birth certificate.
Each of these has some information on it identifying
you and some authorization stating that someone else
has confirmed your identity. Some certificates, such
as your passport, are important enough confirmation
of your identity that you would not want to lose them,
lest someone use them to impersonate you.
A digital certificate is data that functions much
like a physical certificate. A digital certificate is
information included with a person's public key that
helps others verify that a key is genuine or valid.
Digital certificates are used to thwart attempts to
substitute one person's key for another.
A digital certificate consists of three things:
Â¢ A public key.
Â¢ Certificate information. ("Identity" information
about the user, such as name, user ID, and
Â¢ One or more digital signatures.
The purpose of the digital signature on a
certificate is to state that the certificate information
has been attested to by some other person or entity.
The digital signature does not attest to the authenticity
of the certificate as a whole; it vouches only that the
signed identity information goes along with, or is
bound to, the public key. Thus, a certificate is
basically a public key with one or two forms of ID
attached, plus a hearty stamp of approval from some
other trusted individual.
Based on Layers
Â¢ Link layer encryption
Â¢ Network layer encryption
Â¢ IPSEC, VPN, SKIP
Â¢ Transport layer
Â¢ SSL, PCT(Private Communication
Â¢ Application layer
Â¢ PEM (Privacy Enhanced Mail)
Â¢ PGP (Pretty Good Privacy)
Cryptographic process can be implemented at various
layers starting from the link Layer all the way up to the
application layer. The most popular encryption
scheme is SSL and it is implemented at the transport
layer. If the encryption is done at the transport layer,
any application that is running on the top of the
transport layer can be protected.
Based on Algorithms
Secret-key encryption algorithms (Symmetric
Â¢ DES (Data Encryption Standard) -- 56 bit key
Â¢ Triple DES --112 bit key
Â¢ IDEA (International Data Encryption
Algorithm) --128bit key
Public-key encryption algorithms (Asymmetric
Diffie-Hellman (DH): Exponentiation is easy
but computing discrete logarithms from the resulting
value is practically impossible
RSA: Multiplication of two large prime
numbers is easy but factoring the resulting product is
Public Key Infrastructure (PKI)
The term public key infrastructure (PKI) is
used to describe the policies, standards, and software
that regulate or manipulate certificates and public and
private keys. In practice, PKI refers to a system of
digital certificates, certification authorities (CA), and
other registration authorities that verify and
authenticate the validity of each party involved
in an electronic transaction. Standards for PKI
are still evolving, even as they are being widely
implemented as a necessary element of electronic
commerce. This section will help you understand what
a PKI is and what services are required to build a PKI.
PKI concepts on Certificates
Certificate: A public key certificate is a digitally
signed statement used for authentication and secure
exchange of information on the networks. The issuer
and signer of the certificate is known as a certification
authority (CA). Certificate has No, Validity, Uses of
the Key pair (Public & Secret)
Certification Authority: A certification authority (CA)
is an entity trusted to issue certificates to a requesting
entity. A CA verifies the requester's information
according to the policy of the CA, and then uses its
private key to apply its digital signature to the
CA Policy: A CA issues certificates to requesters
based on a set of established criteria. The set of
criteria that a CA uses when processing certificate
requests is referred to as CA policy. Typically, a CA
publishes its policy in a document known as a
Certification Practice Statement (CPS).
Types of Certification Authorities
Self-signed CA: The public key in the certificate and
the key used to verify the certificate are the same
Subordinate CA: The public key in certificate and the
key used to verify the certificates are different.
Rooted CA: This is trusted unconditionally by a client
and is at top of a certification hierarchy.
Registration: Registration is the process by which a
certificate is issued to the subject, provided that the
certificate is in compliance with the criteria established
by the CA policy.
Certificate enrollment: The procedure that an end
entity follows to request and receive a certificate from
a CA. The certificate request provides identity
information to the CA
Certificate Revocation: Certificates have a specified
lifetime, but CAs can reduce this lifetime by the
process known as certificate revocation. The CAs
publishes a certificate revocation list (CRL) that lists
serial numbers of certificates that it considers no
Certificate Chain Validation: In a network, when we
generate a request for a new certificate, the
information in that request is first passed from the
requesting program to Certificate Authority (CA) then
passes the appropriate data to a program known as a
cryptographic service provider (CSP) A CSP is an
independent software module that performs
cryptography operations, such as secret-key
exchange, digital signing of data, and public-key
authentication. Chain-building mechanism attempts to
build a certification path (a certificate chain) from the
end-entity certificate, such as a user certificate, up to
a CA root certificate.
Attacking Cryptography Cryptanalysis
Cryptanalysis is the process of attempting to
discover the plaintext and/ or the key. The types of
Cryptanalysis attacks are
Differential Cryptanalysis Attack:
The differential cryptanalysis attack looks specifically at
pairs of cipher texts whose plaintext has some
specific differences. It analyzes these differences as
the plaintext propagates through various rounds of
Data Encryption Standards (DES) when they are
encrypted with the same key.
Linear Cryptanalysis Attack:
Linear Cryptanalys is attack was invented by Mitsuru Matsui in 1993. This method is based on the concept that if you XOR some of the plaintext bits together, XOR some cipher text bits together, and then XOR the results, you will get a single bit that is the XOR of some of the key bits. A large number of such plain/cipher texts pairs are used
to guess the values of the key bits
Brute Force Attack
The simplest attack to decipher a DES key is
the brute force attack. The brute force attack on the
DES algorithm is feasible because of the relatively
small key length (56 bit) and ever-increasing
computational power of the computers. It can break
through any cipher by trying all keys that possibly
exist. However, in brute force attacks, the time taken
to break a cipher is directly proportional to the length
of the key. In a brute force attack, keys are randomly
generated and applied to the cipher text until the
legitimate key is generated. The Average Time
Required for Exhaustive Key Search
Cryptography protects users by providing
functionality for the encryption of data and
authentication of other users. This technology lets the
receiver of an electronic message verify the sender,
ensures that a message can be read only by the
intended person, and assures the recipient that a
message has not be altered in transit. This paper
describes the cryptographic concepts of symmetric key
encryption, public-key encryption, types of
encryption algorithms, hash algorithms, digital
signatures, and key exchange. The Cryptography
Attacking techniques like Cryptanalysis and Brute
Force Attack. This Paper provides information of
Network Security Needs and Requirements.
Cryptography is a particularly interesting field
because of the amount of work that is, by necessity,
done in secret. The irony is that today, secrecy is not
the key to the goodness of a cryptographic algorithm.
Regardless of the mathematical theory behind an
algorithm, the best algorithms are those that are well known
and well-documented because they are also
well-tested and well-studied! In fact, time is the only
true test of good cryptography; any cryptographic
scheme that stays in use year after year is most likely
a good one. The strength of cryptography lies in the
choice (and management) of the keys; longer keys
will resist attack better than shorter keys.
Â¢ Cryptography and Network Security â€œBy
Â¢ Introduction to Cryptography â€œBy Aysel Ozgur
Active In SP
Joined: Mar 2010
02-04-2010, 03:51 PM
The present century has been one of many scientific discoveries and technological advancements. With the advent of technology came the issue of security. As computing systems became more complicated, there was an increasing need for security.
This paper deals with cryptography, which is one of the methods to provide security. It is needed to make sure that information is hidden from anyone for whom it is not intended. It involves the use of a cryptographic algorithm used in the encryption and decryption process. It works in combination with the key to encrypt the plain text. Public key cryptography provides a method to involve digital signatures, which provide authentication and data integrity. To simplify this process an improvement is the addition of hash functions.
The main focus of this paper is on quantum cryptography, which has the advantage that the exchange of information can be shown to be secure in a very strong sense, without making assumptions about the intractability of certain mathematical problems. It is an approach of securing communications based on certain phenomena of quantum physics. There are two bases to represent data by this method depending on bit values. There are ways of eavesdropping even on this protocol including the Man â€œin-the-Middle attack. The quantum computers could do some really phenomenal things for cryptography if the practical difficulties can be overcome.
computer science topics|
Active In SP
Joined: Jun 2010
08-06-2010, 01:15 PM
topicideashow-to-new-trends-in-cryptography-full-report to get more information of security and cryptography
i hope you enjoyed it
and come again for helping other students issues in this forum
Active In SP
Joined: Feb 2011
08-03-2011, 02:15 PM
1.DOC (Size: 131 KB / Downloads: 123)
The Explosive growth in computer systems and their interconnection via networks has increased the dependence of both organizations and individuals on the information stored and communicated. This in turn, has lead to a heightened awareness of the need to protect data and resources from disclosures, to guarantee the authenticity of data and messages and to protect the systems from network based attacks.
Secondly, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security.
In distributed systems or in networks, the communication can be possible by carrying data between terminal user and computer and between computer and computer. Network security measures are needed to protect data during their transmission and this can be achieved through cryptography.
AN OVERVIEW OF CRYPTOGRAPHY:
The word cryptography means “secret writing”. However, the term today refers to the science and of transforming messages to make them secure and immune to attacks.
The original message before being transformed is called plaintext. After the message is transformed, it is called cipher text. An encryption algorithm transforms the plaintext to cipher; a decryption algorithm transforms the cipher text back to plaintext. The sender uses an encryption algorithm, and the receiver uses a decryption algorithm
These encryption and decryption algorithms are called as ciphers (categories of algorithm). One cipher can serve millions of communicating pairs.
A Key is value that the cipher, as an algorithm, operates on. To encrypt a message we need an encryption algorithm, an encryption key, and the plain text. These create the cipher text. To decrypt a message, we need a decryption algorithm, a decryption algorithm and the cipher text. So these reveal the original plaintext.
In Cryptography, the encryption/decryption algorithms are public; anyone can access them. The keys are secret. So they need to be protected.
Cryptography algorithms can be divided into two groups.
• Symmetric-key cryptography (or secret key) algorithm
• Public-key cryptography (or asymmetric key) algorithm
The symmetric-key cryptography algorithms are so named because the same key can be used in both directions. Here, the same key is used by both sender/receiver. The sender uses this key and an encryption algorithm to encrypt data. The receiver uses the same key and a decryption algorithm to decrypt data.
In Symmetric-key cryptography, the algorithm used for decryption is the inverse of the algorithm used for encryption.
• Symmetric key algorithms are efficient.
• It takes less time to encrypt a message using symmetric key algorithm than to encrypt a message using a public key algorithm.
• The key is usually small.
• It is used to encrypt and decrypt long messages.
• Each pair of users must have a unique symmetric key.
For n people, n*(n-1)/2 symmetric keys are used.
Ex: For 1 million people to communicate, 500 billion symmetric keys are needed.
• The distribution of keys between two can be difficult.
Ciphers that involved either substitution or transposition are referred to as traditional ciphers.
A cipher using the substitution method substitutes one symbol with another. If the symbols in the plain text are alphanumeric characters, we replace one character with another.
Ex: we replace characters A with D, B with E and so on. If symbols are digits (0 to 9), we can replace 1 with 5, 2 with 6 and so on.
Concentrating on the alphabetic characters, substitution can be categorized as either
1) Mono alphabetic or
2) Poly alphabetic substitution.
MONO ALPHABETIC SUBSTITUTION:
In this substitution, a character in the plain text is always changed to same character in the cipher text.
The first recorded cipher text is Caesar cipher. The cipher shifts each character down by three.
In the above figure, the encryption algorithm is “shift key characters down” and the decryption algorithm is “shift key characters up”. The key here is 3. The encryption and decryption algorithms are the inverses of each other and the key is same for both the algorithms.
Here, we replaced character Y with B. This can be possible not by simply adding the key to the character. Since Y=24, which means that 24+3 is 1, not 27 i.e., modulo of 26. Therefore character with value 1, B is given to Y.
In mono alphabetic substitution, a character in the plain text and a character in the cipher text is always one- one.
• It is very simple.
• The code can be attacked easily. The reason is that method cannot hide the natural frequencies of characters in the language being used. So the attacker can easily break the code.
POLY ALPHABETIC SUBSTITUTION:
In poly alphabetic substitution, each occurrence of a character can have a different substitute. The relationship between a character in the plaintext to a character in the cipher text is one-to-many character A can be changed to D in the beginning of the text, but it could be changed to N at the middle. Let us define our key as “ take the position of the character in the text, divide the by 10, and let the remainder be the shift value.” With this scenario, the character at position 1 will be shifted one character, the character at position 2 will be shifted two characters, and the character in position 14 will be shifted four characters [14 mod 10 is 4]. An example of poly alphabetic substitution is the vigenere cipher. In one version of the cipher, the character in the cipher text is chosen from a two-dimensional table (26*26), in which each row is a permutation of 26 characters (A to Z). To change a character, the algorithm finds the character to be encrypted in the first row. It finds the position of the character in the text (mod 26) and uses it as the row number. The algorithm then replaces the character with the character found in the table.
A cipher text created by poly alphabetic substitution is harder to attack successfully than a cipher text created by mono alphabetic substitution. A good poly alphabetic substitution may smooth out the frequencies; each character in the cipher text may occur almost the same number of times. However, attacking the code is not difficult; although the encryption changes the frequencies of the characters, the character relationships are still preserved. A good trail-and-error attack can break the code.
In a transpositional cipher, the characters retain their plaintext from but change their positions to create the cipher text. The text is organized into a two-dimensional table, and the columns are interchanged according to a key. For example, we can organize the plaintext into an 8-column table and then reorganize the columns according to a key that indicates the interchange rule. The key defines which columns should be swapped. Transpositional cryptography is not very secure either. The character frequencies are preserved, and the attacker can find the plaintext through trail and error.
Active In SP
Joined: Feb 2011
02-04-2011, 04:25 PM
Cryptography.ppt (Size: 796 KB / Downloads: 195)
ITNS and CERIAS CISSP Luncheon Series: Cryptography
Increasingly used to protect information
Can ensure confidentiality
• Integrity and Authenticity too
History – The Manual Era
Dates back to at least 2000 B.C.
Pen and Paper Cryptography
History – The Mechanical Era
Invention of cipher machines
• Confederate Army’s Cipher Disk
• Japanese Red and Purple Machines
• German Enigma
History – The Modern Era
• Speak Like a Crypto Geek
Plaintext – A message in its natural format readable by an attacker
Ciphertext – Message altered to be unreadable by anyone except the intended recipients
Key – Sequence that controls the operation and behavior of the cryptographic algorithm
Keyspace – Total number of possible values of keys in a crypto algorithm
Speak Like a Crypto Geek (2)
Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption
Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations
Types of Cryptography
One at a time, please
Mixes plaintext with key stream
Good for real-time services
Amusement Park Ride
Substitution and transposition
Convert one letter to another
Change position of letter in text
Running Key Cipher
Randomly generated keys
Hiding a message within another medium, such as an image
No key is required
Modify color map of JPEG image
Same key for encryption and decryption
Key distribution problem
Mathematically related key pairs for encryption and decryption
Public and private keys
Combines strengths of both methods
Asymmetric distributes symmetric key
» Also known as a session key
Symmetric provides bulk encryption
» SSL negotiates a hybrid method
Attributes of Strong Encryption
Change key values each round
Performed through substitution
Complicates plaintext/key relationship
Change location of plaintext in ciphertext
Done through transposition
Modes: ECB, CBC, CFB, OFB, CM
Elliptic Curve Cryptography (ECC)
Computes 128-bit hash value
Widely used for file integrity checking
Computes 160-bit hash value
NIST approved message digest algorithm
Computes between 128 and 256 bit hash
Between 3 and 5 rounds
Developed in Europe published in 1996
Active In SP
Joined: Feb 2011
05-04-2011, 09:37 AM
KEY CRYPTO GRAPHY
Phase 1: Agreeing on the security policy
• supported authentication methods (802.1X, Pre-Shared Key (PSK)),
• Security protocols for unicast traffic (CCMP, TKIP etc.) – the pair wise cipher suite,
• Security protocols for multicast traffic (CCMP, TKIP etc.) – the group cipher suite,
• Support for pre-authentication, al- lowing users to pre-authenticate
Before switching to a new access point of the same network for a seamless handover.
Phase 2: 802.1X authentication
The second phase is 802.1X authentication based on EAP and the specific authentication method agreed earlier: EAP/TLS with client and server certificates (requiring a public key infrastructure), EAP/TTLS or PEAP for hybrid authentication (with certificates only required for servers) etc. 802.1X authentication are initiated when the access point requests client identity data, with the client’s response containing the preferred authentication method. Suitable messages are then exchanged between the client and the authentication server to generate a common master key (MK). At the end of the procedure, a Radius Accept message is send from the authentication server to the access point, containing the MK and a final EAP Success message for the client.
Phase 3: Key hierarchy and distribution
Connection security relies heavily on secret keys. In RSN, each key has a limited lifetime and overall security is ensured using a collection of various keys, organized into a hierarchy. When a security context is stab- lashed after successful authentic- tin, temporary (session) keys are created and regularly updated until the security context is closed. Key generation and exchange is the goal of the third phase.
• confirm the client’s knowledge of the PMK,
• derive a fresh PTK,
• install encryption and integrity keys,
• encrypt transport of the GTK,
• confirm cipher suite selection.
Phase 4: RSNA data confidentiality and integrity
All the keys generated previously are used in protocols supporting RSNA data confidentiality and integrity:
• Temporal Key Hash
• Counter-Mode / Cipher Block Chaining Message Authentication Code Protocol
• Wireless Robust Authenticated Protocol
An important concept must be understood before detailing these protocols: the difference between an MSDU (MAC Service Data Unit) and an MPDU (MAC Protocol Data Unit). Both refer to a single packet of data, but MSDU represents data before fragmentation, while MPDUs are the multiple data units after fragmentation. The difference is important in TKIP and CCMP encryption, since in TKIP the MIC is calculated from the MSDU, while in CCMP it is calculated from the MPDU.
The TKIP Key-Mixing Scheme is divided into two phases. Phase 1 involves static data – the secret session key TEK, the transmitter MAC address TA (included to pre- vent IV collisions) and the higher 32 bits of the IV. Phase 2 includes the output of Phase 1 and the lower 16 bits of the IV, changing all the bits of the Per Packet Key field for each new IV. The IV value always starts with 0 and is incremented by 1 for each packet sent, with any messages whose TSC is not greater than the last message being discarded. The output of Phase 2 and part of the extended IV (plus a dummy byte) are the input for RC4, generating a key stream that is XOR-end with the plaintext MPDU, the MIC calculated from the MPDU and the old ICV from WEP. MIC computation uses the Michael algorithm by Niels Ferguson. It was created for TKIP and has a target security level of 20 bits (the algorithm doesn’t use multiplication for performance reasons, as it must be supported on old wire- less hardware later to be upgraded to WPA). Due to this limitation, countermeasures are needed to avoid MIC forgery. MIC failures must be kept below two per minute, otherwise a 60 second blackout is enforced and new keys (GTK and PTK) must be established afterwards. Michael computes an 8-octet check value called the MIC and appends it to the MSDU prior to transmission. The MIC is calculated from the source address (SA), destination address (DA), plaintext MSDU and the appropriate TMK (depending on the communication side, a different key is used for transmission and reception).
CCMP is based on the AES (Advanced Encryption Standard) block cipher suite in its CCM mode of operation, with the key and blocks being 128 bits long. AES is to CCMP what RC4 is to TKIP, but unlike TKIP, which was intended to accommodate existing WEP hard- ware, CCMP isn't a compromise, but a new protocol design. CCMP uses counter mode in conjunction with a message authentication method called Cipher Block Chaining (CBC-MAC) to produce an MIC.
Some interesting features were also added, such as the use of a single key for encryption and authentication (with different initialization vectors) or covering non-encrypted data by the authentication. The CCMP protocol adds
16 bytes to the MPDU: 8 bytes for the CCMP header and 8 bytes for the MIC. The CCMP header is an unencrypted field included between the MAC header and encrypted data, including the 48-bit PN (Packet Number = Extended IV) and Group Key Key ID. The PN is incremented by one for each sub- sequent MPDU.
MIC computation uses the CBC-MAC algorithm that encrypts a starting nonce block (computed from the Priority fields, MPDU source address and incremented PN) and XORs subsequent blocks to obtain a final MIC of 64 bits (the final MIC is a 128-bit block, since the lower 64 bits are discarded). The MIC is then appended to the plaintext data for AES encryption in counter mode. The counter is constructed from a nonce similar to the MIC one, but with an extra counter field initialized to 1 and incremented for each block.
The last protocol is WRAP, also based on AES, but using the OCB (Offset Codebook Mode) authenticated encryption scheme (encryption and authentication in a single computation). OCB was the first mode selected by the IEEE 802.11i working group, but was eventually abandoned due to intellectual property issues and possible licensing fees. CCMP was then adopted as mandatory
Active In SP
Joined: Feb 2011
30-04-2011, 10:02 AM
18816402-Cryptography.ppt (Size: 491 KB / Downloads: 89)
Cryptography considered as a branch of both mathematics and computer science.
Affiliated closely with information theory, computer security, and engineering.
Cryptography comes from the Greek words Kryptos, meaning hidden, and Graphen, meaning to write.
Thus Cryptography is the study of secret (crypto-) writing (-graphy)
Cryptography deals with all aspects of secure messaging, authentication, digital signatures, electronic money, and other applications.
The practitioner of Cryptography is called Cryptographer
Cryptography Through History
Cryptography has a history of at least 4000 years.
Ancient Egyptians enciphered some of their hieroglyphic writing on monuments.
Ancient Hebrews enciphered certain words in the scriptures.
2000 years ago Julius Caesar used a simple substitution cipher, now known as the Caesar cipher.
Roger Bacon in the middle ages described several methods in 1200s.
Cryptography Through History
Geoffrey Chaucer included several ciphers in his works (e.g. Canterbury Tales).
Leon Alberti devised a cipher wheel, and described the principles of frequency analysis in the 1460s.
Blaise de Vigenère published a book on cryptology in 1585, & described the polyalphabetic substitution cipher.
Increasing use, especially in diplomacy & war over centuries.
Areas of Study
Cryptanalysis, Cryptology, Cryptography
The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key is called Cryptanalysis.
Also called “code breaking” sometimes.
Practitioners of cryptanalysis are cryptanalysts.
Cryptology is the branch of mathematics that studies the mathematical foundations of cryptographic methods.
Cryptology is actually the study of codes and ciphers.
Cryptology = both cryptography and cryptanalysis
In cryptographic terminology, the message is called plaintext or cleartext.
Encoding the contents of the message in such a way that hides its contents from outsiders is called encryption.
A method of encryption and decryption is called a cipher - The name cipher originates from the Hebrew word "Saphar," meaning "to number.”
The encrypted message is called the ciphertext.
The process of retrieving the plaintext from the ciphertext is called decryption.
Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key.
All modern algorithms use a key to control encryption and decryption; a message can be decrypted only if the key matches the encryption key.
The key used for decryption can be different from the encryption key, but for most algorithms they are the same.
Why do we need cryptography?
Computers are used by millions of people for many purposes
Privacy is a crucial issue in many of these applications
Security is to make sure that nosy people cannot read or secretly modify messages intended for other recipients
Security issues: some practical situations
A sends a file to B: E intercepts it and reads it.
How to send a file that looks gibberish to all but the intended receiver?
A sends a file to B: E intercepts it, modifies it, and then forwards it to B.
How to make sure that the document has been received in exactly the form it has been sent?
E sends a file to B pretending it is from A.
How to make sure your communication partner is really who she claims to be?
Basic situation in cryptography
Types Of Attacks:
Carried out by a Passive Attacker who can only read the secret information being exchanged.
Carried out by an Active Intruder who can read and modify the secret information
This is the situation where the attacker does not know anything about the contents of the message, and must work from ciphertext only.
In practice it is quite often possible to make guesses about the plaintext, as many types of messages have fixed format headers.
Even ordinary letters and documents begin in a very predictable way.
It may also be possible to guess that some ciphertext block contains a common word.
The attacker knows or can guess the plaintext for some parts of the ciphertext.
The task is to decrypt the rest of the ciphertext blocks using this information.
This may be done by determining the key used to encrypt the data, or via some shortcut.
The attacker is able to have any text he likes encrypted with the unknown key.
The task is to determine the key used for encryption.
Some encryption methods, particularly RSA, are extremely vulnerable to chosen-plaintext attacks.
When such algorithms are used, extreme care must be taken to design the entire system so that an attacker can never have chosen plaintext encrypted.
Classical Cryptographic Techniques
Three Eras of Cryptography:
We have two basic components of classical ciphers: substitution and transposition.
Substitution: In substitution ciphers letters are replaced by other letters.
Transposition: In transposition ciphers the letters are arranged in a different order.
Caesar CipherA Monoalphabetic Substitution Cipher
Replace each letter of message by a letter a fixed distance away e.g. use the 3rd letter on
Reputedly used by Julius Caesar. E.g:
L FDPH L VDZ L FRQTXHUHG
I CAME I SAW I CONQUERED
i.e. mapping is
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
| | | | | | | | | | | | | | | | | | | | | | | | | |
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Can describe this cipher as:
Encryption Ek : i i + k mod 26
Decryption Dk : i i - k mod 26
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution - several substitutions are used.
Used to hide the statistics of the plain-text.
- now is the time for every good man
- JCQ CZ VXK VCER AQC PCRTX LBQZ QPK
The two o’s in good have been enciphered as different letters. Also the three letters “X” in the ciphertext represent different letters in the plaintext.
Algorithms Of Modern Crytography
Algorithms are basic building blocks on which Crypto Systems are built.
Classes of key-based algorithms:
Symmetric or Private-key Systems.
Asymmetric or Public-key Systems.
Symmetric algorithms use the same key for encryption and decryption
Can be divided into two categories:
(1) stream ciphers and (2) block ciphers.
Stream ciphers can encrypt a single bit/byte of plaintext at a time.
Block ciphers take a number of bits (typically 64 bits in modern ciphers), and encrypt them as a single unit.
Example Symmetric Encryption Algorithm - DES
The most well known symmetric system is the Data Encryption Standard (DES).
Data Encrypt Standard (DES) is a private key system adopted by the U.S. government as a standard “very secure” method of encryption.
64-bit plain & cipher text block size
56-bit true key plus 8 parity bits
Single chip (hardware) implementation
- Most implementations now software
16 rounds of transpositions & substitutions
Standard for unclassified government data
Applications of DES
Effective key length of 112 bits
Work factor about the same as single DES
Encrypt with first key
Decrypt with second key
Encrypt with first key
used across a wide range of applications, from ATM encryption to e-mail privacy and secure remote access.
Private Key Problems
Keys must be exchanged before transmission with any recipient or potential recipient of your message.
So, to exchange keys you need a secure method of transmission, but essentially what you've done is create a need for another secure method of transmission.
Secondly the parties are not protected against each other, if one of the parties leaks the keys it could easily blame the other party for the compromise.
Use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.
Asymmetric ciphers also called public-key algorithms permit the encryption key to be public (it can even be published in a newspaper), allowing anyone to encrypt with the key, whereas only the proper recipient (who knows the decryption key) can decrypt the message.
The encryption key is also called the Public Key and the decryption key the Private Key or Secret Key.
Public Key Encryption
Public Key Encryption
The best known public key system is RSA, named after its authors, Rivest, Shamir and Adelman.
It has recently been brought to light that an RSA-like algorithm was discovered several years before the RSA guys by some official of the British Military Intelligence Cryptography Wing.
Comparison of Symmetric and Asymmetric Encryption
One Time Pad
ADVANTAGES AND DISADVANTAGES
1. The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone.
2. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization.
Transmission time for documents encrypted using public key cryptography are significantly slower then symmetric cryptography. In fact, transmission of very large documents is prohibitive.
The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection.
Public key cryptography is susceptible to impersonation attacks.
Future Developments: Quantum cryptography and DNA cryptography
DNA cryptography is a new born cryptographic field emerged with the research of DNA computing, in which DNA is used as information carrier and the modern biological technology is used as implementation tool.
The vast parallelism and extraordinary information density inherent in DNA molecules are explored for cryptographic purposes such as encryption, authentication, signature, and so on.
Quantum cryptography attempts to achieve the
same security of information as other forms of cryptography but through the use of photons, or packets of light. The process, though still in experimental stages, makes use of the polarization nature of light and is proving to be a very promising defense against eavesdropping
Active In SP
Joined: Feb 2011
30-04-2011, 03:54 PM
Minhaajuddin Ahmad Khan
Cryptography.pptx (Size: 1.36 MB / Downloads: 62)
Information Security requirements have changed in recent times
Traditionally provided by physical and administrative mechanisms
Computer use requires automated tools to protect files and other stored information
Use of networks and communications links requires measures to protect data during transmission
Need for Information Security
Defending against external/internal hackers
Defending against industrial espionage
Securing bank accounts/electronic transfers
Securing intellectual property
Threats to Information Security
Pervasiveness of email/networks
Online storage of sensitive information
Insecure technologies (e.g. wireless)
Trend towards paperless society
Weak legal protection of email privacy
Plain text Cipher text
Cipher text Plain text
Symmetric Key or secret key: Involves use of one key.
Asymmetric key or public key: Involves use of two keys viz. public and private.
Symmetric Key Cryptography
Mono alphabetic e.g. Caesar cipher
Poly alphabetic e.g. Vigenère cipher, Hill cipher
Simple Modern Ciphers
Two types of symmetric ciphers
Encrypt one bit at time
Break plaintext message in equal-size blocks
Encrypt each block as a unit
Combine each bit of keystream with bit of plaintext to get bit of ciphertext
m(i) = ith bit of message
ks(i) = ith bit of keystream
c(i) = ith bit of ciphertext
c(i) = ks (i) m(i)
m(i) = ks (i) c(i)
RC5 Stream Cipher
Feistel like network
Variable block size (32,63 or 128 bits)
Key size (0 to 2040 bits)
Use of data dependent rotations
12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts
Message to be encrypted is processed in blocks of k bits (e.g., 64-bit blocks).
1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext
Example with k=3
Data Encryption Standard (DES)
US encryption standard designed by IBM [NIST 1993]
56-bit symmetric key, 64-bit plaintext input
Block cipher with cipher block chaining
56-bit-key-encrypted phrase decrypted (brute force) in less than a day
No known good analytic attack
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
New (Nov. 2001) symmetric-key NIST standard, replacing DES
Based on Rijndael Algorithm
Processes data in 128 bit blocks
128, 192, or 256 bit keys
Brute force decryption taking 1 sec on DES, takes 149 trillion years for AES
Asymmetric Key Cryptography
RSA (Rivest, Shamir, Adelman)
DH (Diffie-Hellman Key Agreement Algorithm)
ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm)
RPK (Raike Public Key)
Choose two distinct prime numbers p and q.
Compute n = pq
Compute φ(n) = (p – 1)(q – 1)
Choose an integer e such that 1 < e < φ(n) and e and φ(n) are coprime
Determine d = e-1 mod φ(n)
e is released as the public key exponent and d is kept as the private key exponent
A hybrid encryption technology
Message is encrypted using a private key algorithm (IDEA)
Key is then encrypted using a public key algorithm (RSA)
For file encryption, only IDEA algorithm is used
PGP is free for home use
Made by encrypting a message digest (cryptographic checksum) with the sender’s private key
Receiver decrypts with the sender’s public key (roles of private and public keys are flipped)
Currently Available Technologies
MD4 and MD5 (Message Digest)
SHA-1 (Secure Hash Algorithm version 1)
DSA (The Digital Signature Algorithm)
ECDSA (Elliptic Curve DSA)
OPS (Open Profiling Standard)
VeriSign Digital IDs
Benefits of Cryptographic Technologies
Authentication of message originator
Electronic certification and digital signature
False sense of security if badly implemented
Government regulation of cryptographic technologies/export restrictions
Encryption prohibited in some countries
All public key schemes are susceptible to brute force attacks…only the work factor varies
With decreasing cost of computer power and mathematical discoveries, work factor is decreasing
Encryption does not guarantee security!
Many ways to beat a crypto system NOT dependent on cryptanalysis, such as:
Viruses, worms, hackers, etc.
Unauthorized physical access to secret keys
Cryptography is only one element of comprehensive computer security
Active In SP
Joined: Nov 2011
06-12-2011, 11:04 AM
Active In SP
Joined: Nov 2011
06-12-2011, 11:44 AM
Joined: Jul 2011
07-12-2011, 09:49 AM
to get information about the topic" cryptography full report"refer the link bellow
Active In SP
Joined: Dec 2011
07-12-2011, 01:10 PM
hello i am a members of Ethiopian federal police I want to start doing a project and implimentation HIGH TECH CAR WITH REMOTE CAMERA FOR THE POLICE BOMB SQUAD so if some body that want to help we can communicate by firstname.lastname@example.org
Joined: Jul 2011
08-12-2011, 09:49 AM
to get information about the topic" cryptography full report"refer the link bellow
Active In SP
Joined: Jan 2012
18-01-2012, 09:30 PM
Joined: Jul 2011
19-01-2012, 11:04 AM
to get information about the topic cryptography full report fullreport,ppt and related topic refer the link bellow
topicideashow-to-palladium-cryptography-download-seminar and presentation-report
topicideashow-to-seminar and presentation-report-on-quantum-cryptography
topicideashow-to-palladium-cryptography-download-seminar and presentation-report?page=2