SREENIVASA INSTITUTE OF TECHNOLOGY

AND MANAGEMENT STUDIES

Department of Information Tecnology

By

G.JAYEESHA REDDY, S.SINDOORI,

rd rd
3 B.tech, 3 B.tech,
Jayeesha.reddy@gmail.com sindu_sara@yahoo.com

1
 ABSTRACT

Network security is becoming more and more crucial as the volume of the data being
exchanged over the network is increasing. The basic requirement of any secure system is to
provide confidentiality and integrity. There are basically four aspects of security, namely
Privacy, Authentication, Integrity and Non-repudiation. Through privacy we mean the same
conventional technique employed over the data over ages, i.e. data encryption.
Authentication is where we make the identity of a sender. Integrity is where we expect that
the data must arrive at the receiver exactly as it was sent. And non-repudiation means that a
receiver must be able to prove that a received message came from a specific sender.
In ensuring privacy for a data we enforce certain encryption/decryption standards,
basically designed over two methods secret key method and public key method. DES is the
most famous algorithm for the secret key method and RSA was famous in public key
method. We often combine both the secret and public keys for encryption.
The other three features of security, that is Integrity, Authentication and Non-
repudiation is achieved through Digital Signature. These digital signatures are achieved
through the same public and private keys, but with modified roles.

2
 INDEX

Introduction
Privacy
Encryption/Decryption
Cryptography
Secret key cryptography
The DES algorithm
Key distribution
Advantages of secret key cryptography
Disadvantages of secret key cryptography
Applications of secret key cryptography
Public key cryptography
The RSA algorithm
Key distribution
Advantages of public key cryptography
Disadvantages of public key cryptography
Applications of public key cryptography
Using the combination
Digital signatures
Conclusion

3
 Introduction

Network security is becoming more and more crucial as the volume of data being exchanged
on the internet increases. When people use the internet, they have certain expectations. The
expect confidentiality and data integrity. They want to be able to identify the sender of a
message. They want to be able prove that a message has infact been sent by a certain sender,
even if the sender denies it.

The four aspects of security:

Based on the above expectations, we can say that security involves four aspects: privacy
(confidentiality), message authentication, message integrity and non-repudiation.
 Privacy means that the sender and the receiver expect confidentiality. The
transmitted message should make sense to only the intended receiver. To all others,
the message should be unintelligible.
 Authentication means that the receiver is sure of the sender’s identity and that an
imposter has not sent the message.
 Data integrity means that the data must arrive at the receiver exactly as it was sent.
There must be no changes during the transmission, either accidental or malicious.
As more and more exchanges occur over the new, integrity becomes crucial.
 Non-repudiation means that a receiver must be able to prove that a received
message came from a specific sender. The sender must not be able to deny sending
a message that he, in fact, did send. The burden of proof falls on the receiver.

Privacy:

The concept of how to achieve privacy has not changed since ages: the message must be
encrypted. That is, the message must be rendered unintelligible to unauthorized parties. A
good encryption technique guarantees to some extent that a potential intruder (eaves dropper)
cannot understand the contents of a message.

Encryption/Decryption:
Encryption is the act of encoding text so that others not privy to the decryption mechanism
(the "key") cannot understand the content of the text. Encryption has long been the domain of
spies and diplomats, but recently it has moved into the public eye with the concern of the
protection of electronic transmissions and digitally stored data. Standard encryption methods
usually have two basic flaws:

4
  A secure channel must be established at some point so that the sender may
exchange the decoding key with the receiver

 There is no guarantee who has sent a given message.

Cryptography:

Cryptography is the study of methods of sending messages in disguised form so that only
the intended recipients can remove the disguise and read the message. The message to be sent
is called plaintext and the disguised message is called the ciphertext. The text is written
using some alphabet which, particularly in modern encryption, is rewritten in numerical form
(e.g., A=01, etc.) In addition, the text is usually encoded in blocks of letters. In most
encryption systems, the encoding and decoding depend on some key.
A type of function of interest to cryptologist is the "trap-door function." These are functions
that are easy to calculate (in one direction), yet difficult to invert (calculate in the reverse
direction)--like a trap door, easy to go down, difficult to come back. A simple example is
provided by the multiplication and factoring of the natural numbers. It is easy (at least
relatively easy with computers) to multiply integers, but it is extremely difficult to factor an
integer (especially a very large integer) into a product of prime numbers.
There are two categories of cryptography:
1. Secret key cryptography
2. Public key cryptography

Secret key cryptography:

Secure communication channel

key
key

plain text ciphertext cipher text plain text

Encryption Decryption
algorithm algorithm

Secret key cryptography uses a single key which the sender and receiver must know. They
must keep this key a secret (hence the name) from an eavesdropper; else the interceptor will
be able to decrypt any messages encrypted using that key.

5
 The receiver uses a secret key encryption scheme (or cryptographic algorithm) to transform
a message into something resembling random noise. The scheme may be publicly known.
The security of the system comes from the secret key that Sender uses.
The basic principle:
Encryption and decryption using a secret key:
To secretly communicate with the Receiver, the Sender encrypts the messages before sending
them. There are many techniques (cryptographic algorithms) that we can use. All these
algorithms have in common that they can transform a message using a key into something
that resembles random noise. This is called encrypting the message. Only the persons who
know the key can transform the random noise back into the original message, or in other
words, decrypt the message. This means that those persons must keep this key a secret, hence
the name secret key cryptography.

How secret key cryptography works:

Secret key cryptography transforms (scrambles) a message into something resembling
random noise. The precise transformation is determined by the key. Mathematically seen, a
cryptographic algorithm is a function that maps a message onto a ciphertext (an encrypted
message). By using keys, it is possible to encrypt many different messages using one
particular cryptographic algorithm in different ways. And keeping the key a secret is much
easier than keeping a complete algorithm a secret.
Some cryptographic algorithms operate on single characters of the message. These are called
stream ciphers. Others operate on entire blocks, and therefore are called block ciphers.
Stream ciphers are easier to implement in hardware than block ciphers, and they are also
generally faster. Block ciphers tend to be harder to crack.
Popular cryptographic algorithms are DES, 3-DES, IDEA, Blowfish and recently also the
Advanced Encryption Standard (AES).

A simple secret key cryptographic system:

A very simple technique to encrypt messages is to replace every letter of the message with
one that is a certain number of positions further in the alphabet. The key then is the number
of positions. For example, the message "This is an example" can be encrypted using the key
"1 position" into the encrypted message "Uijt it bo fybnqmf". Taking the letter that is 1
position previous in the alphabet results in the original message again.
This system is of course not very secure. There are only twenty-six possible keys. The
interceptor can simply try out all the keys to see which one results in a readable message.
Furthermore, it is a well-known fact that certain letters occur more often in messages than
others. The letter "e" is the most frequently used letter in the English language, for example.
Using this fact the interceptor can simply count which letter occurs the most often in the
encrypted message and replace that one with the letter "e". She then knows how many
positions she has to rotate to get from "e" to the encrypted version of "e" and thus she
immediately knows the key.

An example of Secret key Cryptography: The DES explained:

6
 The Data Encryption Standard (DES) is a secret key encryption scheme adopted as standard
in the USA in 1977. It uses a 56-bit key, which is today considered by many to be
insufficient as it can with moderate effort be cracked by brute force. A variant called Triple-
DES (TDES or 3DES) uses a longer key and is more secure, but has never become popular.
The Advanced Encryption Standard (AES) is expected to supersede DES (and 3DES) as the
standard encryption algorithm.
DES works on bits, or binary numbers--the 0s and 1s common to digital computers. Each
group of four bits makes up a hexadecimal, or base 16, number. Binary "0001" is equal to the
hexadecimal number "1", binary "1000" is equal to the hexadecimal number "8", "1001" is
equal to the hexadecimal number "9", "1010" is equal to the hexadecimal number "A", and
"1111" is equal to the hexadecimal number "F".

DES works by encrypting groups of 64 message bits, which is the same as 16 hexadecimal
numbers. To do the encryption, DES uses "keys" where are also apparently 16 hexadecimal
numbers long or apparently 64 bits long. However, every 8th key bit is ignored in the DES
algorithm, so that the effective key size is 56 bits. But, in any case, 64 bits (16 hexadecimal
digits) is the round number upon which DES is organized.

For example, if we take the plaintext message "8787878787878787", and encrypt it with the
DES key "0E329232EA6D0D73", we end up with the ciphertext "0000000000000000". If
the ciphertext is decrypted with the same secret DES key "0E329232EA6D0D73", the result
is the original plaintext "8787878787878787".
This example is neat and orderly because our plaintext was exactly 64 bits long. The same
would be true if the plaintext happened to be a multiple of 64 bits. But most messages will
not fall into this category. They will not be an exact multiple of 64 bits (that is, an exact
multiple of 16 hexadecimal numbers).

Key distribution in secret key cryptography:

Consider a situation where a secret key must be shared between two parties A and B. We can
have the following ways of distribution:
 A key can be selected by A and physically delivered to B.
 A third party can select the key and physically deliver it to A and B.
 If A and B have previously and recently used a key, one party can transmit the new key
to the other, encrypted using the old key.
 If A and B, each has an encrypted connection to a third party C, C can deliver a key on
the encrypted links to A and B.
Advantages of secret key cryptography:
Secret key algorithms are efficient; it takes less time to encrypt a message using a secret key
algorithm than it takes for a public key algorithm. The reason is that the key is usually
smaller, hence used to encrypt or decrypt long messages.
Disadvantages of secret key cryptography

7
Secret key cryptography has two major disadvantages:
 Each pair of users must have a secret key. This means that if N users want to use this
method for communication, there needs to be N(N-1)/2 secret keys.
 The distribution of the keys between two parties can be difficult.
Applications of secret key cryptography
Secret key encryption is most often used to encrypt data to be stored on a particular location.
If the encrypted data has to be transmitted, there always is the problem of how to get the
secret key to the recipient in a safe way. Usually the key is encrypted using public key
encryption so it can be transmitted safely.
Public Key Cryptography:

Cipher text cipher text

E(p) E(p)
User A user B
As modern computers began to render many encoding schemes useless, Martin Hellman and
Whitfield Diffie developed a method that seemed to guarantee secure communications
without the need for a secret key. These algorithms lead to several varieties of public key
encryption. Public key cryptography addresses three issues that flaw many encryption
schemes:
 Public key cryptography is computationally difficult to decode.
 Public key cryptography does not require a secure channel to send the key; the key is,
in fact, public.
 Public key cryptography can be used as a basis of a personal (digital) signature so that
the sender may always be identified.

An example of public key cryptography: The RSA Algorithm

The RSA algorithm, named for its creators Ron Rivest, Adi Shamir, and Leonard Adleman,
is currently one of the favorite public key encryption methods. Here is the algorithm:

1. Choose two (in practice, large 100 digit) prime numbers p and q and let n = pq.
2. Let Pi be the block of (plain) text to be encrypted. Actually Pi is the numerical equivalent
of the text which may either be single letters or blocks of letters, just as long as

8
3. Choose a random value E (usually small) such that E is relatively prime to . Then
the encrypted text is calculated from

The pair of values (n, E) acts as the public key.

4. To decode the ciphertext, we need to find an exponent D, which is known only to the
person decoding the message, such that

Note that . Then we may calculate

This step is based on the following result:

Where

By Euler's theorem

Provided E and are relatively prime, which is true by the choice of E. So we obtain

Advantages of public key cryptography:

Public key cryptography has two advantages:
 The whole idea behind public key cryptography is to remove the restriction of a shared
secret key between two entities (persons, for example) who need to communicate with each
other. This key is shared by two parties and cannot be used when one of them wants to
communicate to a third party. Whereas in public key cryptography, each entity can create a
pair of keys, keep the private one and distribute the public one. Each entity is independent
and the pair of keys created can be used to communicate with any other entity.

9
 The number of keys needed is reduced tremendously. In this system, for one million users
to communicate, only two million keys are required, not a as half a billion, as required by the
secret key method.

Disadvantages of public key cryptography

The big disadvantage of the public key cryptography is the complexity of the algorithm. If
we wanted the method to be effective, we need large numbers. Calculating the ciphertext
from plaintext using the long keys takes a lot of time and this is the reason the public key
cryptography is not recommended for large amounts of text.

Privacy using the combination:

We can combine the advantages both the secret and public key cryptographies and encrypt
the messages, as the public key is used to encrypt the secret key and in turn the secret key is
used to encrypt the message. The procedure is as follows:
a) The sender chooses a secret key; this key is called the one-session key; it is used only
once.
b) The sender uses the public key of the receiver to encrypt the secret key (as text) and
sends the encrypted secret key to the receiver. Remember that we said the public key method
is good for short messages. A secret key is a short text message.
c) The receiver uses the private key to decrypt the secret key.
d) The sender uses the secret key to encrypt the actual message.

Digital signatures:
Public key cryptography is not only used to protect messages. An important application is the
creation and checking of so-called digital signatures. Digital signatures are coupled to the
electronic document to which they apply. This coupling is established using public-key

10
cryptography and so-called cryptographic hash functions. We said that security has four
aspects: privacy, authentication, integrity, and non-repudiation. We have already discussed
privacy. The other three can be achieved using these so called digital signatures.
In public key cryptography, any message a sender encrypts with the receiver's public key can
be decrypted by the receiver with his corresponding private key. The sender can also encrypt
a message with a private key, which means that the receiver can decrypt it with the sender's
public key. Since the public key is, as the name suggests, publicly available, this is not very
good idea if the sender wants to keep that message a secret. Eavesdroppers can also simply
obtain a copy of the sender's public key and thus also decrypt the message.

But because the sender keeps his private key to himself, the receiver knows that only that the
sender could have encrypted this sent message and thus the receiver can now be sure that this
message was written by the sender. As a signature on a paper message serves as proof that
the message on the paper was written by the person who had signed it, similar principle
works here. Encrypting with a private key thus can be regarded as an equivalent to placing
one's signature on the message. This is why the process is called creating a digital signature
for the message.

The digital signatures shall have the following properties:

 It must be able to verify the author and the date and time of the signature.
 It must be able to authenticate the contents at the time of the signature.
 The signature must be verifiable by third parties, to resolve disputes.

On the basis of these properties, we can formulate the following requirements:

 The signature must be a bit pattern that depends on the message being signed.
 Signature must use some information unique to the sender, to prevent both forgery and
denial.
 It must be relatively easy to produce the digital signature.
 It must be relatively easy to recognize and verify the digital signature.
 It must be computationally infeasible. To forge a digital signature, either by constructing
a new message for an existing digital signature or by constructing a fraud tolerant digital
signature for a given message.
 It must be practical to retain a copy of the digital signature in storage.

11
Conclusions:
Security is a very difficult topic. Everyone has a different idea of what ``security'' is, and
what levels of risk are acceptable. The key for building a secure network is to define “what
security means to an organization?”. Once that has been defined, everything that goes on
with the network can be evaluated with respect to that policy. Projects and systems can then
be broken down into their components, and it becomes much simpler to decide whether what
is proposed will conflict with your security policies and practices.

Many people pay great amounts of lip service to security, but do not want to be bothered with
it when it gets in their way. It's important to build systems and networks in such a way that
the user is not constantly reminded of the security system around him. Users who find
security policies and systems too restrictive will find ways around them. It's important to get
their feedback to understand what can be improved, and it's important to let them know why
and what has been done, also the sorts of risks that are deemed unacceptable, and what has
been done to minimize the organization's exposure to them.

Security is everybody's business, and only with everyone's cooperation, an intelligent policy,
and consistent practices, will it be achievable.

Bibliography

BOOKS:

Computer networking: A Top-Down Approach Featuring the Internet-James

F.Kurose, Keith W.Ross.
Networks for Computer Scientists and Engineers: Youlu Zheng, Shakil Akhtar.

WEBSITES:

- www.iec.org/online
- http://ftp.research.att.com/dist/internetsecurity/
- http://www.jjtc.com/stegdoc/

12