The Seminar Report On Cryptography

Presented By: pradhyumansinh Roll No: Class: Year: 09. B.E.VIII (Electronics & Communication Engineering) 2009-2010

[1]

ABSTRACT Cryptography
The requirement of information security within an organization has under gone two major changes in the last several decades. Before the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provided primarily by physical and administrative means. With the introduction of computer, the need for automated tools for protecting files and other information stored on the computer became evident. This is especially the case for a shared system, such as a time-sharing system, and the need is even more acute for system that can be accessed over public telephone network, data network, or the Internet. Cryptography is the study of mathematical techniques related to aspects of information security, such as confidentially or privacy, data integrity and entity authentication. Cryptography is not only means of providing information security, but rather one set of techniques. Confidentially means keeping information secret from all but those who authorized to see it. Data integrity means ensuring information has not been altered by unauthorized or unknown means. There are several aspects of security. They are security service, security mechanism, and security attack. Security service means a service that enhances the security of the data processing system and information transfers of an organization. A security mechanism mean that is designed to detect, prevent, or recover from a security attacks. Security attack means any action that compromises the security of information owned by an organization. Encryption means the process of converting from plaintext to cipher text. A key is a piece of information, usually a number that allows a receiver. Another key also allows a receiver to decode messages sent to him or her. Cryptography has provided us with Digital Signatures that resemble in functionality the hand-written signature and Digital Certificates that related to an ID -card or some other official documents. There are some applications of cryptography. They are secure communication, identification, secret sharing, electronic commerce, key recovery and remote access. Modern cryptography provides essential techniques for securing information and protecting data.

[2]

INDEX

Sr. No.
1 1.1 2 2.1 2.2 3 3.1 3.2 4 5 5.1 5.2 5.3 6 7 8 8.1 8.2 8.3

Topic
Introduction Definition of Cryptography Cryptography Cryptanalysis Related Terms Categories of Cryptographic System Symmetric key cryptography Asymmetric key cryptography Simplified Model of Conventional Encryption Public-key cryptography Principle of Public-key cryptosystem Principle of Public-key cryptosystem Public-key cryptosystems Comparison between Conventional Encryption & Publickey Encryption Advantages and Disadvantages Application Secure Communication Identification and Authentication Secret Sharing

Page No.
6 7 7 7 8 8 9 9 10 12 12 12 13 14 15 15 15 16 16

[3]

List of Figures

Sr. No.
2.1 3.1 3.2 4.1 5.1 5.2

Figure
Related Terms Symmetric key Asymmetric key Simplified Model of Conventional Encryption Principle of Public-key cryptosystem Public-key cryptography

Page No.

[4]

1.

Introduction

Due to the rapid growth of digital communication and electronic data exchange information security has become a crucial issue in industry, business and administration Cryptography is a physical process that scrambles information by rearrangement and substitution of content, making it unreadable to anyone except the person capable of unscrambling it. With the shear volume of sensitive Internet transactions that occur daily, the benefit of securing information using cryptographic processes becomes a major goal for many organizations. Since no cryptographic system is foolproof, the idea is to make the cost of acquiring the altered data greater than the potential value gained [3:27]. Essentially, it becomes an issue of deterrence. Assume a sender referred to here and in what follows as Alice (is commonly used) wants to send a message m to a receiver referred to as Bob. She uses an insecure communication channel. For example, the channel could be a computer network or a telephone line. There is a problem if the message contains confidential information. The message could be intercepted and read by eavesdropper. Or even worse, some might be able to modify the message during transmission, so Bob does not detect the manipulation. Cryptography has provided us with digital signature that resemble in functionality the hand-written signature and digital certificates that related to an [5]

ID CARD or other official documents. Modern cryptography provides essential techniques for securing information and protecting data. 1.1 Definition of Cryptography Cryptography is the study of mathematical techniques related to aspects of information security, such as confidentially or privacy, data integrity and entity authentication. Cryptography is not the only means of providing information security, but rather one set of techniques.

2. Cryptography Cryptographic systems are characterized along three independent dimensions. The type of operations used for transforming plain text to cipher text. All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped in to another element, and transposition, in which elements in the plaintext are rearranged. The fundamental requirement is that no information be lost. Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions. The number of keys used. If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver each use a different key, the system is referred to as asymmetric, two-key, or public-key encryption. The way in which the plaintext is processed. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processed the input elements continuously, producing output one element at a time, as it goes along.

some knowledge of the general characteristics of the plaintext or even some sample plaintext-cipher text pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. If the attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised.

2.2 Related Terms

Generally, all cryptographic processes have four basic parts: 1. Plaintext Unscrambled information to be transmitted. It could be a simple text document, a credit card number, a password, a bank account number, or sensitive information such as payroll data, personnel information, or a secret formula being transmitted between organizations. 2. Cipher text - Represents plain text rendered unintelligible by the application of a mathematical algorithm. Cipher text is the encrypted plain text that is transmitted to the receiver. 3. Key - A mathematical value, formula, or process that determines how a plaintext message is encrypted or decrypted. The key is the only way to decipher the scrambled information.

2.1 Cryptanalysis
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps [6]

3.1 Symmetric key cryptography

Sender and Receiver share a key. A secret piece of information used to encrypt or decrypt the message. If a key is secret, than nobody other than sender or receiver can read the message If Alice and bank each has secret key, than they may send each other private message. The task of privately choosing a key before communication however can be problematic.

Fig. 2.1 Related Terms 4. Cryptographic Algorithm A mathematical formula used to scramble the plain cryptographic algorithm is called encryption, and converting cipher text back to plain text using the same cryptographic algorithm is called decryption. Fig. 3.1 Symmetric key

3. Categories of Cryptographic

3.2 Asymmetric key cryptography

Solves the key exchange problem by defining an algorithm which uses two keys, each of which can be use to encrypt the message.

System
There are main two cryptographic algorithm. 1: - Symmetric key 2: - Asymmetric key types of

[7]

If one is used to encrypt a message, another key must be used to decrypt it. This makes it possible to receive secure message by simply publishing one key (public key) and keeping another secret (private key). Any one may encrypt a message using public key, but only the owner of the public key is able to read it. In this way Alice may send private message to owner of a key-pair (the bank) by encrypting it using their public-key. Only bank can decrypt it.

such that an opponent who knows the algorithm and has access to one or more cipher text would be unable to decipher the cipher text or figure out the key. This requirement is usually stated in a stronger form: The opponent should be unable to decrypt cipher text or discover the key even if he or she is in possession of a number of cipher texts together with the plaintext that produced each cipher text. 2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure. If some one can discover the key and knows the algorithm, all communication using this key is readable.

Fig.4.1 Simplified Model of Conventional Encryption Fig. 3.1 Asymmetric key

4. Simplified Model of Conventional Encryption

There are two requirements for secure use of conventional encryption: 1. We need a strong encryption algorithm. At s minimum, we would like the algorithm to be [8]

We assume that it is impractical to decrypt a message on the basis of the cipher text plus knowledge of the encryption/decryption algorithm. In other words we do not need to keep the algorithm secret; we need to keep only the key secret. This feature of symmetric encryption is what makes it feasible for widespread use. The fact that the algorithm need not be kept secret means that manufacturers can end has developed low-cost chip implementations of data encryption algorithms. These chips are widely available and incorporated into a number of products. With the use of symmetric encryption, the principal security problem is maintaining the secrecy of the key.

4.1.2 Caesar Cipher: The earliest known use of a substitution cipher, and the simplest, was by Julius Caesar. The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. For example Plain: meet me after the toga party Cipher: PHHW PH DIWHU WKH WRJD SDUWB Note that the alphabet is wrapped around, so that the latter following Z is A. We can define the transformation by listing all possibilities, as follow: Plain: a b c d e f g h I j k l m n o p q r s tuvwxyz Cipher: D E F G H I J K L M N O P Q RSTUVWXYZABC Let us assign a numeric equivalent to each letter: Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the cipher letter C: C = E (p) = (P+3) mod (26) A shift may be of any amount, so that the general Caesar algorithm is C = E (p) = (p + k) mod (26) Where k takes on a value in the range 1 to 25. The decryption algorithm is simply P = D(C) = (C-k) mod (26) 4.1.3 Transposition Techniques: All the techniques examined so far involve the substitution of a cipher text symbol for a plaintext symbol. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher. The simplest such cipher is the rail fence [9]

4.1

Classical Techniques

Encryption

A study of these techniques unable us to illustrate the basic approaches to symmetric encryption used today and the types of cryptanalytic that must be anticipated. The two basic building blocks of all encryption techniques are substitution and transposition. We examine these in the next two sections. Finally, we discuss a system that combines both substitution and transposition. 4.1.1 Substitution Techniques: A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns.

technique, in which the plaintext is writtenKey: 4 3 1 2 5 6 7 down as a sequence of diagonals and then Input: t t n a a p t read off as a sequence of rows. For, example, to m t s u o a o encipher the message meet me after the d w c o I x k toga party with a rail fence of depth 2, we n l y p e t z write the following. Mematrhtgpry Output: Etefeteoaat NSCYAUOPTTWLTMDNAOIEPAXTTOKZ The encrypted message is MEMATRHTGPRYETEFETEOAAT

4.1.4 Modern Techniques:

This sort of thing would be trivial to crypt Virtually all-symmetric analyze. A more complex scheme is to write theblock encryption algorithm in current messages in a rectangle, row by row, and readuse is based on a structure referred to as the message off, column by column, buta Feistel block cipher. We begin with a permute the order of the columns. The order ofcomparison of stream ciphers and block the columns then becomes the key to theciphers. algorithm. For example, Stream ciphers: Key: 4312567 Plaintext: a t t a c k p A stream cipher is one that os t p on e encrypts a digital data stream one bit or du n t I l t one byte at a time. Example of classical woa m x y z stream ciphers is auto keyed Vigenere cipher and the Vernam cipher. Ciphertext: Block ciphers: TTNAAPTMTSUOAODWCOIXKNLYPETZ

A block cipher is one in which a A pure transposition cipher is easily recognizedblock of plaintext is treated as a whole because it has the same letter frequencies as theand used to produced a cipher text block original plaintext. For the type of columnarof equal length. Typically, a block size transposition just shown, cryptanalysis is fairlyof 64 or 128 bits is used. Using some of straightforward and involves laying out thethe modes of operation explained later in cipher text in a matrix and playing around withthis chapter, a block cipher can be used column positions. Diagram and trigramto achieve the same effect as a stream frequency tables can be useful. cipher. Far more effort has gone into The transposition cipher can be madeanalyzing block ciphers. In general, they significantly more secure by performing moreseem applicable to a broader range of than one stage of transposition. The result is aapplications than stream ciphers. The more complex permutation that is not easilyvast majority of network-based reconstructed. Thus, if the foregoing message issymmetric cryptographic applications re-encrypted using the algorithm. make use of block ciphers.

[10]

5. Public-key cryptography
The development of public-key cryptography is the greatest and perhaps the only true revolution in the entire history of cryptography. From its earliest beginning to modern times, virtually all cryptographic system have been based on the elementary tools of substitution and permutation.

5.1

Principle of Public-key cryptosystem

signatures ". If the use of cryptography was to become widespread, not just in military situations but for commercial and private purposes, then electronic message and documents would need the equivalent of signatures used in paper documents. That is, could a method be devised that would stipulate, to the satisfaction of all parties that a digital message had been sent by a particular person? This is a somewhat broader requirement than that of authentication, and its characteristics and ramifications are explored.

The concept of public-key cryptography evolved from an attempt to attack two of the most difficult problems associated with symmetric encryption. The first problem is that of key distribution.
As we have seen, key distribution under symmetric encryption requires either

(1) That to communicants already share a key, which somehow has been distributed to them; or (2) The use of a key distribution center Whitfield Diffie. One of the discoverers of public-key encryption (along with Martin Hellman, both at Stanford University at the time), reasoned that this second requirement negated the very essence of cryptography, the ability to maintain total secrecy over your own communication. As Diffie put to (DIFF88), what good would it do after all to develop impenetrable cryptosystems, if their users were forced to share their keys with a KDC that could be compromised by either burglary or subpoena? The second problem that Diffie pondered, and one that was apparently unrelated to the first was that of digital [11]

Fig.5.1 Principle of Public-key cryptosystem In the next subsection, we look at the overall framework for public-key cryptography. Then we examine the requirements for the encryption/decryption algorithm that is at the heart of the scheme.

5.2 Public-key cryptosystems

The public-key algorithms rely on one key for encryption and a different but related key for decryption. These algorithms have the following important characteristics:

1. Either of the two related keys can be used for encryption, with other used for decryption. 2. Plaintext: - This is the readable message or data that is fed into the algorithm as input. 3. Encryption algorithm: - The encryption algorithm performs various transformations on the plaintext. 4. Public and private key: - This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the encryption algorithm depend on the public or private key that is provided as input. 5. Cipher text: - This is the scrambled message produced as input. It depends on the plaintext and the key. For a given message, two different keys will produce two different cipher texts. 6. Decryption algorithm: - This algorithm accepts the cipher text and the matching key and produces the original plaintext. o Each user generates a pair of keys to be used for the encryption and decryption of messages. o Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. As figure suggests, each

user maintains a collection of public keys obtained from others. o If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice's public key. o When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice's private key. With this approach, all participants have access to public keys, and private keys, are generated locally by each participant and therefore need never be distributed. As long as a system controls its private key, its incoming communication is secure. At any time, a system can change its private key and publish the companion public key to replace its old public key.

[12]

Fig.5.2 Public-key cryptography

6. Comparison between Conventional Encryption & Public-key Encryption

Conventional Encryption Public-key Encryption Table shows some of the important aspects of symmetric and public-key encryption. To discriminate between the two, we will generally refer to the key used in symmetric encryption as a secret key. The two keys used for public-key encryption are Needed to work: Needed to Work:referred to the public key and private key. Invariably, the private key is kept secret, but it is referred to as a private key than a secret key to avoid confusion with symmetric 1) The same algorithm with the same key 1) One algorithm is used for encryption encryption is used for encryption and decryption. and decryption with a pair of keys, one for encryption and one for decryption. 2) The sender and receiver must share the algorithm and the key. Needed for Security: 1) The key must be kept secret. secret. 2) It may be impossible or at least impractical to decipher a message if no other information is available. 3) Knowledge of the algorithm plus samples of cipher text must be insufficient to determine the key. 2) The sender and receiver must each Have one of the matched pair of keys (not the same one ). Needed for Security:1) One of the two keys must be kept 2) It may be impossible or at least impractical to decipher a message If no other information is available. [13] 3) Knowledge of the algorithm plus of the keys plus samples of cipher text must be insufficient to determine the other key.

Table 6.1 Comparison between Conventional Encryption & Public-key Encryption

[14]

7. ADVANTAGES AND DISADVANTAGES Even though public key cryptography is the accepted standard, its not foolproof. For this reason, it has not completely replaced symmetric cryptography. Here are some of the main advantages and disadvantages. 7.1 Advantages The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization. We will look at digital timestamps and digital signatures in a moment.

8. Application
Cryptography is extremely useful; there is a multitude of applications, many of which are currently in use. A typical application of cryptography is a system built out of the basic techniques. Such systems can be of various levels of complexity. Some of the more simple applications are secure communication, identification, authentication, and secret sharing. More complicated applications include systems for electronic commerce, certification, secure electronic mail, key recovery, and secure computer access. In general, the less complex the application, the more quickly it becomes a reality. Identification and authentication schemes exist widely, while electronic commerce systems are just beginning to be established. However, there are exceptions to this rule; namely, the adoption rate may depend on the level of demand. For example, SSL-encapsulated HTTP (see Question 5.1.2) gained a lot more usage much more quickly than simpler linklayer encryption has ever achieved. The adoption rate may depend on the level of demand. 8.1 Secure Communication Secure communication is the most straightforward use of cryptography. Two people may communicate securely by encrypting the messages sent between them. This can be done in such a way that a third party eavesdropping may never be able to decipher the messages. While secure communication has existed for centuries, [15]

7.2 Disadvantages: Transmission times for documents encrypted using public key cryptography are significantly slower then symmetric cryptography. In fact, transmission of very large documents is prohibitive. The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection. Public key cryptography is susceptible to impersonation attacks.

the key management problem has prevented it from becoming commonplace. Thanks to the development of public-key cryptography, the tools exist to create a large-scale network of people who can communicate securely with one another even if they had never communicated before. 8.2 Identification and Authentication Identification and authentication are two widely used applications of cryptography. Identification is the process of verifying someone's or something's identity. For example, when withdrawing money from a bank, a teller asks to see identification (for example, a driver's license) to verify the identity of the owner of the account. This same process can be done electronically using cryptography. Every automatic teller machine (ATM) card is associated with a ``secret'' personal identification number (PIN), which binds the owner to the card and thus to the account. When the card is inserted into the ATM, the machine prompts the cardholder for the PIN. If the correct PIN is entered, the machine identifies that person as the rightful owner and grants access. Another important application of cryptography is authentication. Authentication is similar to identification, in that both allow an entity access to resources (such as an Internet account), but authentication is broader because it does not necessarily involve identifying a person or entity. Authentication merely determines whether that person or entity is authorized for whatever is in question. For more information on authentication and identification, see Question 2.2.5.

8.3 Secret Sharing Another application of cryptography, called secret sharing, allows the trust of a secret to be distributed among a group of people. For example, in a (k, n)-threshold scheme, information about a secret is distributed in such a way that any k out of the n people (k n) have enough information to determine the secret, but any set of k1 people do not. In any secret sharing scheme, there are designated sets of people whose cumulative information suffices to determine the secret. In some implementations of secret sharing schemes, each participant receives the secret after it has been generate.

[16]

Conclusion
By analysis of this report and their subtopics which are mentioned above, which are inherently guides us about various cryptographic techniques used in data security. By using of encryption techniques a fair unit of confidentiality, authentication, integrity, access control and availability of data is maintained. Using cryptography Electronic Mail Security, Mail Security, IP Security, Web security can be achieved.

[17]

Bibliography
Cryptography And Network Security (William Stallings). Computer Network ( Andrew S. Tanenbaum). www.io.com/~hcexres/power_tools/hyperweb/website1 http://www.hack.gr/users/dij/crypto/ http://www.ssh.fi/tech/crypto/intro.html#algorithms

[18]