A Paper Presentation on

ABSTRACT
Network Security is becoming more and more crucial as the volume of data being exchanged on the Internet increases. Security is a broad topic and covers a multitude of sins. Malicious people trying to gain some benefit, get attention or to harm someone intentionally cause most security problems. Network security problems can be roughly divided into 4 closely intertwined areas. They are,

Privacy:
. Privacy means that the sender and the receiver expect the confidentiality. The Transmitted message should make sense to only the intended receiver. To all others the message should be unintelligible.

Authentication:

Ensures that the sender and the receiver are who they are claiming to be

Data integrity:
Ensure that data is not changed from source to destination

Non-repudiation:
Ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message. Cryptography comes from Greek words for Secret Writing. It has a long and colorful history going back thousands of years. It is one of the State-of-the-art in network security. In network security it comes under Privacy .The concept of how to achieve privacy has not changed for thousands of years, the message must be encrypted. That is, the message must be rendered unintelligible to unauthorized parties. A good Encryption/Decryption technique guarantees to some extent that a potential intruder (caves dropper) cannot understand the contents of the message. There are two categories of Encryption/Decryption methods 1.Secret Key Method 2. Public Key Method

INTRODUCTION

As far as cryptography is concerned historically it was developed by four groups of people had contributed to the growth of cryptography they are 1.The Military 2. The diplomatic corps 3. Diarists 4.Lovers.Of these military had worked more on cryptography In order to send secret message safely.

The above fig shows the basic encryption/decryption model for public key. The message to encrypt is known as plain text, are transformed by a function that is parameterized by a key. The out put of encryption process, know as cipher text, is then transmitted, often by messenger or radio. We assume that the enemy or intruder hears and accurately copies down the complete cipher text. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt cipher text easily. Sometimes the intruder cannot only listen to the communication channel (Passive intruder) but can also record messages and play them back later, inject his own messages or modify legitimate messages before they get to the receiver (Active intruder). The art of breaking ciphers, called Cryptanalysis, and art of devising them is collectively known as Cryptography.

Cryptographic Algorithms
Cryptographic algorithms can implemented either hardware (for speed), or in software (for flexibility). There are 3 classes of algorithms they are, Symmetric (secret key) algorithms 2. Asymmetric (public key) algorithms 3. Hash function algorithm.
1.

Symmetric (secret key) algorithm

. Examples are DES, 3DES algorithms

DES ALGORITHM:
Operates clear text in blocks of data 64 bits key length 16 sub keys derived from sub key for 16 rounds running Usually each block XORed with the previous block in chain mode. Cipher text has the same length as the clear text. 3DES ALGORITHM:

192bits key length 3-DES sized keys are derived from secret keys. Total 48 round running.

Advantages:
Ease for hardware implementations.

Disadvantages:

Vulnerable to powerful computing Asymmetric (public key) Algorithms:

Examples of Asymmetric algorithms are RSA algorithm. Features of RSA algorithm:

Increase key length can increase security. Difficult to try the key for intruder. Provides the authentication and non-repudiation. Widely used in key exchange and digital signature. Drawbacks:

Difficult to implement in hardware.

Hash function:

Features:
Variable length input, fixed length output Provides integrity check.

Requirements:
Cant deduce input from output Cant generate a given output Cant find two inputs, which find same output.

Used to:
Produce fixed length fingerprint of arbitrary length data. Produce data checksums to enable detection of modifications. Distill passwords down to fixed length encryption keys. Also called message digests or fingerprints.

So those are different algorithms used in cryptography and now we are dealing with R.S.A algorithm, which comes under the asymmetric encryption/decryption. The basic structure of the asymmetric algorithm is as follows,

Public Key Algorithm:

D (E (P)) =P. It is exceedingly difficult to deduce D from E.

E cannot be broken by a chosen plaintext attack. The first requirement says that if we apply D to an encrypted message E (P) we get the original plaintext message P back. Without this property the legitimate receiver could not decrypt the cipher text. The second requirement speaks for itself. That is it is very difficult to deduce even the intruder know the encryption key, to deduce the decryption key. The third requirement is needed because, as we shall see in a moment, intruders may experiment with the algorithm to their heart s content. Under these conditions, there is no reason that the encryption key made public. The encryption algorithm and the key are made public, hence the name Public Key Cryptography . R.S.A Algorithm: The R.S.A is known by the initials of the three discovers Rivest, Shamir and Adleman (R.S.A). It has survived all attempts to break if for more than a quarter of a century and it is consider very strong. The R.S.A method is based on some principles from number theory. We will now summarize how to use the method, 1. Use a random process to select two large prime numbers P and Q. 2. Compute M = P*Q. This number is called the modulus, and is made publicly available. (RSA currently recommends a modulus thats at least 768 bits long). 3. Compute T = (P-1)*(Q-1). Keep this number secret. 4. Randomly choose a public key E that has no factors in common with T = (P-1)*(Q-1). 5. Compute a private key D so that E*D leaves a remainder of 1 when divided by T. (We say E*D is congruent to 1 modulo T). Note that D is easy to compute only if one knows the value of T. This is essentially the same as knowing the values of P and Q. E*D If N is any number that is not divisible by M, then dividing N by M and taking the remainder yields the original value N. E*D This is a relatively deep mathematical theorem, which we can write as N mod M = N. If N is a numeric encoding of a block of plaintext, the cipher text is C = NE mod M.Then CD mod M = (NE)D mod M = NE*D mod M = N. Thus, we can recover the plaintext N with the private key D. Multiplying P by Q is easy: the number of operations depends on the number of bits (number of digits) in P and Q. Example: Multiplying two 384-bit numbers takes approximately 3842 = 147,456 bit operations

If one knows only M, finding P and Q is hard: in essence, the number of operations depends on the value of M. The simplest method for factoring a 768-bit number takes about 2384 trial divisions. A more sophisticated methods takes about 285 A still more sophisticated method takes about 241 3.87 3.94 10115

1025 trial divisions.

219,000,000,000 trial divisions.

No one has found an really quick algorithm for factoring a large number M.

Digital signature:
The idea is similar to the signing of a document. When we send a document electronically we can also sign it. There we can sign whole document or a digest of a document. Digital signature does not provide privacy. If there is a need for privacy another layer of encryption or decryption must be applied. Digital signature cannot be achieved using secret key encryption. Digital Signature provides Integrity, Authentication and Non-repudiation.

Signing the whole document:

Public key encryption can be used to sign a document. But, here the roles of public and private keys are different. The sender uses the private key to encrypt (sign) the message just as a person uses his signature to sign a paper document. The receiver on the other hand uses the public key of the sender to decrypt the message.

Signing the digest:

If we are sending a large message public key is inefficient to sign the entire message. The solution is to let the sender sign a digest of the document instead of a whole document. The sender creates a miniature version of the document and signs it. To create a digest of a message, we use a hash function. The hash function creates a fixed size digest from a variable length message. After digest has been created it is encrypted using the senders private key. The encrypted digest is attached to original message and sent to receiver. The receiver receives the original message and the encrypted digest and separates the two. The receiver applies the same hash function to the message to create a second digest. The receiver also decrypts the received digest using the public key of the sender. If the two digests are the same, all three aspects of security are preserved.

Conclusion:
As the proverb says that Even a crow can peck an elephant which is stuck in the mud. Even though we are providing high security by cryptography there are many pitfalls in it also. Nothing in the world is 100% secured. Cryptography is one of the way to provide network security but it is not only the path to achieve network security.

References:

Network Security Essentials - (William Stallings) www.microsoft.com/windows www.suse.de/mha/hypernews