SlideShare ist ein Scribd-Unternehmen logo

cryptography

Balaji Ravi
Balaji Ravi
1 von 6
Downloaden Sie, um offline zu lesen
CRYPTOGRAPHY Cryptography is a physical process that scrambles information by rearrangement and substitution of content, making it unreadable to anyone except the person capable of unscrambling it. With the shear volume of sensitive Internet transactions that occur daily, the benefit of securing information using cryptographic processes becomes a major goal for many organizations. Since no cryptographic system is foolproof, the idea is to make the cost of acquiring the altered data greater than the potential value gained [3:27]. Essentially, it becomes an issue of deterrence. Generally, all cryptographic processes have four basic parts: Plaintext - Unscrambled information to be transmitted. It could be a simple text document, a credit card number, a password, a bank account number, or sensitive information such as payroll data, personnel information, or a secret formula being transmitted between organizations. Ciphertext - Represents plain text rendered unintelligible by the application of a mathematical algorithm. Ciphertext is the encrypted plain text that is transmitted to the receiver. Cryptographic Algorithm - A mathematical formula used to scramble the plain text to yield ciphertext. Converting plain text to ciphertext using the cryptographic algorithm is called encryption, and converting ciphertext back to plain text using the same cryptographic algorithm is called decryption. Key - A mathematical value, formula, or process that determines how a plaintext message is encrypted or decrypted. The key is the only way to decipher the scrambled information. HISTORY Cryptography has a long history, actually dating back to the time of Julius Caesar who encrypted messages by substituting each letter in the document by the letter that appears three positions further down the alphabet. Both world wars provided some scientific advances to cryptographic processes but it wasn’t until the advent of the radio that the need for cryptography became apparent. In 1967, the appearance of David Kahn’s best selling book entitled The Codebreakers introduced the general public to the secret world of cryptography. Interest continued to develop throughout the 1970s and 1980s much to the chagrin of the National Security Agency (NSA) which became America’s official cryptographic organ. With secrecy as its goal, the NSA tried repeatedly, through coercion and intimidation, to prevent the widespread public dissemination of information about cryptography. However, with
improved communication technology, the growing need for access control, electronic payments, and corporate security and the advent of the Internet, cryptography finally became public and world wide. Prior to the Internet, use of cryptography was structured around symmetric cryptography (often called conventional cryptography) and frequently involved the use of special- purpose hardware to execute the algorithms. Symmetric cryptography uses the same key to both encrypt and decrypt information. That implies that both sender and receiver must possess the same key. Prior to the Internet, this approach proved satisfactory and was the accepted approach to cryptography. Symmetric cryptography provided a great advantage over normal forms of communication but posed some new problems. For instance, as the use of cryptography expanded into the public domain, where organizational networks often spanned multiple countries with thousands of employees in each, safeguarding the transportation and safe keeping of thousands of secret keys proved a daunting task. The risk of key exposure rises dramatically as the number of users increases making symmetric cryptography more trouble than it’s worth for large organizations. With the advent of the Internet, the use of symmetric cryptography proved to be an even greater liability because sender and receiver often never met or even knew each other. As is often the case, revolutionary technology such as the Internet often forces expansion of existing technologies. Public key cryptography, introduced in 1976 by Whitfield Diffie and Martin Hellman, was developed to accommodate the tremendous risks inherent in any Internet transmission, risks that symmetric cryptography couldn’t overcome. Unlike symmetric cryptography, public key cryptography uses two keys, one public and one private. The private key never has to leave the owner, negating the high risk of transporting keys to each document recipient. The public key can be made public so everyone can have access to it by simply downloading it from the Internet. The risks of safeguarding a highly secret key during distribution to users disappears, making public key cryptography ideally suited for the Internet, large distributed systems, and big corporate networks. An example of how public key cryptography actually works will be given below under examples. ALGORITHM TYPES AND STRENGTHS Let’s take a closer look at both symmetric and public key cryptography. As a subset of cryptography, cryptographic algorithms can be divided into two categories: Stream algorithms – Operate on plaintext one byte at a time, where a byte is a character, number, or special character. The process is inefficient and slow.
Block algorithms – Operate on plaintext in groups of bytes, called blocks (hence the name block algorithms or block ciphers). Typical block sizes for modern algorithms is 64 bytes, small enough to work with but large enough to deter code breakers. Unfortunately, with the current speed of microprocessors, breaking a 64-byte algorithm using brute force is proving to be to relatively easy task [4]. Encrypted information is only as good as the key required to decrypt it. In theory, any key can eventually be obtained and the encrypted information decrypted successfully. It’s really a question of the time required to break the key. In the early years of cryptography, before the computer, even small keys were nearly impossible to break. The advantage gained with computers, however, is pure speed. Modern computers can operate at incredible speeds, trying literally billions of permutations each second. Generally, using brute force only (trying every possible permutation in a linear fashion), the time required to reveal a symmetric key increases exponentially with the length of the key. For example, a 32-byte key would take about 232 steps to solve. Solving a 32-byte key could be achieved on your home computer in a short time. A 40-byte key would take about 240 steps to break. Again, you could do it on your home computer in about a week’s time. Beyond 40 bytes, processing time begins to rise dramatically. For example, a 56-byte key would take a large number of personal computers working simultaneously in a distributed approach to solve in even a few months time. Larger keys such as 64 bytes can be broken by large organizations such as governments or criminal organizations who have access to very powerful computers such as supercomputers. The process, however, would still take several years. Larger keys, with 80 to 128 bytes remain relatively safe well into the future [5]. Public key algorithms can use much larger keys to achieve secrecy. Where breaking symmetric keys is usually done through brute force, public key algorithms involve deriving the matching secret key from the public key. The process depends on the kind of encryption adopted but generally involves the use of prime factors. 768-byte keys are safe for the near future and 1028-byte keys are safe for the foreseeable future, whereas 256-byte keys can be easily cracked by personal computers [5:1]. ADVANTAGES AND DISADVANTAGES Even though public key cryptography is the accepted standard, it’s not foolproof. For this reason, it has not completely replaced symmetric cryptography. Here are some of the main advantages and disadvantages [4]. Advantages: 1. The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone.
2. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization. We will look at digital timestamps and digital signatures in a moment. Disadvantages: 1. Transmission time for documents encrypted using public key cryptography are significantly slower then symmetric cryptography. In fact, transmission of very large documents is prohibitive. 2. The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection. 3. Public key cryptography is susceptible to impersonation attacks. EXAMPLES The ABC company maintains payroll information for a variety of organizations. This payroll information is frequently transmitted over the Internet from participating companies. For security reasons, the ABC company conducts all of its Internet transactions using public key cryptography. The company owns both a public and a private encryption key. The public key is made available to all participating organizations and in fact is openly available to anyone who wants to download it from the ABC website. The private key is kept secure in a bank vault at ABC headquarters. When the XYZ company wants to transmit its payroll data to the ABC company, it first encrypts the data using the ABC company’s public key. Once it’s encrypted, the scrambled payroll data is transmitted securely over the Internet to the ABC company’s processing department. If the information is intercepted along the way, all the interceptors will see is scrambled information. Even if they have the public key, which is very possible, they will not be able to unscramble the information. Only the private key can do that. Once the information is received by ABC, the private key is used to unscramble the information, allowing the processing department to process the payroll. Using symmetric cryptography the ABC company would have to deliver, through some secure means (such as a courier), a copy of its one and only private key. Since the same key is used to both encrypt and decrypt the information, both sender and receiver must have a copy. So if XYZ is a new client for ABC, ABC must send XYZ a copy of the secret key so that XYZ can then encrypt its payroll information and transmit it to ABC. ABC, using the same key, decrypts XYZ’s information and processes the payroll data. Since a system is only as strong as its weakest link, key security during transmission becomes as important for XYZ as encrypting the data. As mentioned earlier, public key cryptography lends itself to a new technology called digital signatures. Digital signatures involve a reversing of the normal public/private encryption/decryption process. Here is an example that demonstrates its use. Suppose Mary wants to send the ABC company a request for a special document. Before the ABC company can send that document, they must be assured that the requestor is actually
Mary. A digital signature can verify Mary’s validity to ABC in the following way. Mary first encrypts her name using her private key. She then encrypts the request along with the encrypted name using the ABC company’s well-known public key. When the ABC company receives the message, it decrypts the request using its private key and then decrypts the signature using Mary’s well-publicized public key. If the name decrypts successfully, then it must be Mary’s signature since she is the only one who could have encrypted it with her secret private key. The request can be safely processed. Digital signatures are gaining popularity in many Internet transactions involving signature verification such as contracts and other legal negotiations as well as court documents. Recent enhancements to digital signatures include digital timestamps. Digital timestamps apply a “when” criteria to a digital signature by attaching a widely publicized summary number to the signature. That summary number is only produced at some given point in time, essentially linking that signature to a certain date/time. It’s an especially effective technology since it doesn’t rely on the security of keys. I mentioned earlier that for large documents, use of public key cryptography is prohibitive because transmission speeds are so slow. By using something called a digital envelope, the best of both symmetric (transmission speed) and public key (security) cryptography can be used. Here is an example of how a digital envelope works. Mary wants to send a very large document to her main office overseas. Because of its sensitivity, Mary believes it should be sent using public key cryptography but knows she can’t because it’s too large. She decides to use a digital envelope. Mary first creates a special session key and uses this key to symmetrically encrypt her document. That is, she uses a symmetric cryptographic algorithm. She then encrypts the session key with her organization’s public key. So now the document is encrypted using symmetric cryptography and the key that encrypted it is encrypted using public key cryptography. The encrypted key is called the digital envelope. She then transmits both the key and the document to the main office. At the main office, the company’s private key is used to decrypt the session key. Then the session key is used to decrypt the document. Transmission was fast and just as secure as using public key cryptography exclusively [1:24]. Digital envelops offer the benefits of both approaches without sacrificing security. FUTURE DEVELOPMENTS There are two areas that show promise in the field of cryptography: Quantum cryptography and DNA cryptography. Quantum cryptography attempts to achieve the same security of information as other forms of cryptography but through the use of photons, or packets of light. The process, though still in experimental stages, makes use of the polarization nature of light and is proving to be a very promising defense against eavesdropping [4].
DNA cryptography makes use of specially selected DNA strands whose combination results to a specific solution to a problem. Still in its infancy, DNA cryptography looks promising [4]. REFERENCES 1. Stein, Lincoln D., Web Security, New York: New York Addison-Wesley, 1988 2. McGraw, Gary, Felten, Edward F, Securing Java, New York: New York, John Wiley & Sons, 1999 3. Feghhi, Jalal, Feghhi, Jalil, Williams, Peter, Digital Certificates, Addison Wesley Longman, Inc., 1999 4. Christoyannis, Costas, http://www.hack.gr/users/dij/crypto/ 5. SSH Communications Security, http://www.ssh.fi/tech/crypto/intro.html#algorithms

Empfohlen

Cryptointro
CryptointroCryptointro
Cryptointro
losalamos
 
Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122
Sathya Madhesh
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
Cryptoandnetworksecuritylitreview
Faith Nweke
 
Cryptography
CryptographyCryptography
Cryptography
Jasim Jas
 
A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...
eSAT Journals
 
A novel approach to information security using safe
A novel approach to information security using safeA novel approach to information security using safe
A novel approach to information security using safe
eSAT Publishing House
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric key
Rajat Tripathi
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
irjes
 

Empfohlen

Cryptointro
CryptointroCryptointro
Cryptointro
losalamos
 
Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122
Sathya Madhesh
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
Cryptoandnetworksecuritylitreview
Faith Nweke
 
Cryptography
CryptographyCryptography
Cryptography
Jasim Jas
 
A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...
eSAT Journals
 
A novel approach to information security using safe
A novel approach to information security using safeA novel approach to information security using safe
A novel approach to information security using safe
eSAT Publishing House
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric key
Rajat Tripathi
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithms
ijtsrd
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
IJNSA Journal
 
Ijtra150171
Ijtra150171Ijtra150171
Ijtra150171
International Journal of Technical Research & Application
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
lakshmansoft7
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data Communication
CSCJournals
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloud
krprashant94
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
Editor IJCATR
 
Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...
IOSR Journals
 
s117
s117s117
s117
s1170034
 
fucking shit
fucking shitfucking shit
fucking shit
eyalrav
 
Cryptography
CryptographyCryptography
Cryptography
Sajal Agarwal
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and security
research30
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
WE-IT TUTORIALS
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
Cyber public key cryptography
Cyber public key cryptographyCyber public key cryptography
Cyber public key cryptography
Gopika Babu
 
How encryption works
How encryption worksHow encryption works
How encryption works
RaxTonProduction
 
POST-QUANTUM CRYPTOGRAPHY
POST-QUANTUM CRYPTOGRAPHYPOST-QUANTUM CRYPTOGRAPHY
POST-QUANTUM CRYPTOGRAPHY
Pavithra Muthu
 
Pgp
PgpPgp
Pgp
Nilanjan Danda
 
Security
SecuritySecurity
Security
Sri Manakula Vinayagar Engineering College
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
Haruki0428
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
Haruki0428
 

Weitere ähnliche Inhalte

Was ist angesagt?

International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithms
ijtsrd
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
IJNSA Journal
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
Editor IJCATR
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
WE-IT TUTORIALS
 

Was ist angesagt? (20)

International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithms
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
 
Ijtra150171
Ijtra150171Ijtra150171
Ijtra150171
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data Communication
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloud
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...
 
s117
s117s117
s117
 
fucking shit
fucking shitfucking shit
fucking shit
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and security
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Cyber public key cryptography
Cyber public key cryptographyCyber public key cryptography
Cyber public key cryptography
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
POST-QUANTUM CRYPTOGRAPHY
POST-QUANTUM CRYPTOGRAPHYPOST-QUANTUM CRYPTOGRAPHY
POST-QUANTUM CRYPTOGRAPHY
 
Pgp
PgpPgp
Pgp
 
Security
SecuritySecurity
Security
 

Ähnlich wie cryptography

10.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.1210.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.12
Arindam Paul
 
How Encryption Works
How Encryption WorksHow Encryption Works
How Encryption Works
ray0510711s
 

Ähnlich wie cryptography (12)

Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
Kadai1
Kadai1Kadai1
Kadai1
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
L017136269
L017136269L017136269
L017136269
 
10.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.1210.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.12
 
Sw2
Sw2Sw2
Sw2
 
Week12
Week12Week12
Week12
 
Week12
Week12Week12
Week12
 
Week12
Week12Week12
Week12
 
128 BIT WHAT?
128 BIT WHAT?128 BIT WHAT?
128 BIT WHAT?
 
How Encryption Works
How Encryption WorksHow Encryption Works
How Encryption Works
 

Mehr von Balaji Ravi

Quest_Software_Best_Practices_for_Exchange_2007
Quest_Software_Best_Practices_for_Exchange_2007Quest_Software_Best_Practices_for_Exchange_2007
Quest_Software_Best_Practices_for_Exchange_2007
Balaji Ravi
 
forgot_administrator_password.htm
forgot_administrator_password.htmforgot_administrator_password.htm
forgot_administrator_password.htm
Balaji Ravi
 
lost-xp-password.html
lost-xp-password.htmllost-xp-password.html
lost-xp-password.html
Balaji Ravi
 
Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008
Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008
Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008
Balaji Ravi
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
Balaji Ravi
 
L03-ajc-C-arrays
L03-ajc-C-arraysL03-ajc-C-arrays
L03-ajc-C-arrays
Balaji Ravi
 
3852_wlan_revised
3852_wlan_revised3852_wlan_revised
3852_wlan_revised
Balaji Ravi
 
Virtualizing_Exchange2003
Virtualizing_Exchange2003Virtualizing_Exchange2003
Virtualizing_Exchange2003
Balaji Ravi
 

Mehr von Balaji Ravi (17)

Quest_Software_Best_Practices_for_Exchange_2007
Quest_Software_Best_Practices_for_Exchange_2007Quest_Software_Best_Practices_for_Exchange_2007
Quest_Software_Best_Practices_for_Exchange_2007
 
forgot_administrator_password.htm
forgot_administrator_password.htmforgot_administrator_password.htm
forgot_administrator_password.htm
 
lost-xp-password.html
lost-xp-password.htmllost-xp-password.html
lost-xp-password.html
 
Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008
Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008
Upgrading_and_Migrating_to_Exchange_Server_2007_and_Windows_2008
 
1.Routing-eng
1.Routing-eng1.Routing-eng
1.Routing-eng
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
 
b
bb
b
 
bldef_ap.htm
bldef_ap.htmbldef_ap.htm
bldef_ap.htm
 
exch2003
exch2003exch2003
exch2003
 
L03-ajc-C-arrays
L03-ajc-C-arraysL03-ajc-C-arrays
L03-ajc-C-arrays
 
10307021
1030702110307021
10307021
 
show.php.htm
show.php.htmshow.php.htm
show.php.htm
 
182
182182
182
 
3852_wlan_revised
3852_wlan_revised3852_wlan_revised
3852_wlan_revised
 
a
aa
a
 
Virtualizing_Exchange2003
Virtualizing_Exchange2003Virtualizing_Exchange2003
Virtualizing_Exchange2003
 
Balaji
BalajiBalaji
Balaji
 

cryptography

  • 1. CRYPTOGRAPHY Cryptography is a physical process that scrambles information by rearrangement and substitution of content, making it unreadable to anyone except the person capable of unscrambling it. With the shear volume of sensitive Internet transactions that occur daily, the benefit of securing information using cryptographic processes becomes a major goal for many organizations. Since no cryptographic system is foolproof, the idea is to make the cost of acquiring the altered data greater than the potential value gained [3:27]. Essentially, it becomes an issue of deterrence. Generally, all cryptographic processes have four basic parts: Plaintext - Unscrambled information to be transmitted. It could be a simple text document, a credit card number, a password, a bank account number, or sensitive information such as payroll data, personnel information, or a secret formula being transmitted between organizations. Ciphertext - Represents plain text rendered unintelligible by the application of a mathematical algorithm. Ciphertext is the encrypted plain text that is transmitted to the receiver. Cryptographic Algorithm - A mathematical formula used to scramble the plain text to yield ciphertext. Converting plain text to ciphertext using the cryptographic algorithm is called encryption, and converting ciphertext back to plain text using the same cryptographic algorithm is called decryption. Key - A mathematical value, formula, or process that determines how a plaintext message is encrypted or decrypted. The key is the only way to decipher the scrambled information. HISTORY Cryptography has a long history, actually dating back to the time of Julius Caesar who encrypted messages by substituting each letter in the document by the letter that appears three positions further down the alphabet. Both world wars provided some scientific advances to cryptographic processes but it wasn’t until the advent of the radio that the need for cryptography became apparent. In 1967, the appearance of David Kahn’s best selling book entitled The Codebreakers introduced the general public to the secret world of cryptography. Interest continued to develop throughout the 1970s and 1980s much to the chagrin of the National Security Agency (NSA) which became America’s official cryptographic organ. With secrecy as its goal, the NSA tried repeatedly, through coercion and intimidation, to prevent the widespread public dissemination of information about cryptography. However, with
  • 2. improved communication technology, the growing need for access control, electronic payments, and corporate security and the advent of the Internet, cryptography finally became public and world wide. Prior to the Internet, use of cryptography was structured around symmetric cryptography (often called conventional cryptography) and frequently involved the use of special- purpose hardware to execute the algorithms. Symmetric cryptography uses the same key to both encrypt and decrypt information. That implies that both sender and receiver must possess the same key. Prior to the Internet, this approach proved satisfactory and was the accepted approach to cryptography. Symmetric cryptography provided a great advantage over normal forms of communication but posed some new problems. For instance, as the use of cryptography expanded into the public domain, where organizational networks often spanned multiple countries with thousands of employees in each, safeguarding the transportation and safe keeping of thousands of secret keys proved a daunting task. The risk of key exposure rises dramatically as the number of users increases making symmetric cryptography more trouble than it’s worth for large organizations. With the advent of the Internet, the use of symmetric cryptography proved to be an even greater liability because sender and receiver often never met or even knew each other. As is often the case, revolutionary technology such as the Internet often forces expansion of existing technologies. Public key cryptography, introduced in 1976 by Whitfield Diffie and Martin Hellman, was developed to accommodate the tremendous risks inherent in any Internet transmission, risks that symmetric cryptography couldn’t overcome. Unlike symmetric cryptography, public key cryptography uses two keys, one public and one private. The private key never has to leave the owner, negating the high risk of transporting keys to each document recipient. The public key can be made public so everyone can have access to it by simply downloading it from the Internet. The risks of safeguarding a highly secret key during distribution to users disappears, making public key cryptography ideally suited for the Internet, large distributed systems, and big corporate networks. An example of how public key cryptography actually works will be given below under examples. ALGORITHM TYPES AND STRENGTHS Let’s take a closer look at both symmetric and public key cryptography. As a subset of cryptography, cryptographic algorithms can be divided into two categories: Stream algorithms – Operate on plaintext one byte at a time, where a byte is a character, number, or special character. The process is inefficient and slow.
  • 3. Block algorithms – Operate on plaintext in groups of bytes, called blocks (hence the name block algorithms or block ciphers). Typical block sizes for modern algorithms is 64 bytes, small enough to work with but large enough to deter code breakers. Unfortunately, with the current speed of microprocessors, breaking a 64-byte algorithm using brute force is proving to be to relatively easy task [4]. Encrypted information is only as good as the key required to decrypt it. In theory, any key can eventually be obtained and the encrypted information decrypted successfully. It’s really a question of the time required to break the key. In the early years of cryptography, before the computer, even small keys were nearly impossible to break. The advantage gained with computers, however, is pure speed. Modern computers can operate at incredible speeds, trying literally billions of permutations each second. Generally, using brute force only (trying every possible permutation in a linear fashion), the time required to reveal a symmetric key increases exponentially with the length of the key. For example, a 32-byte key would take about 232 steps to solve. Solving a 32-byte key could be achieved on your home computer in a short time. A 40-byte key would take about 240 steps to break. Again, you could do it on your home computer in about a week’s time. Beyond 40 bytes, processing time begins to rise dramatically. For example, a 56-byte key would take a large number of personal computers working simultaneously in a distributed approach to solve in even a few months time. Larger keys such as 64 bytes can be broken by large organizations such as governments or criminal organizations who have access to very powerful computers such as supercomputers. The process, however, would still take several years. Larger keys, with 80 to 128 bytes remain relatively safe well into the future [5]. Public key algorithms can use much larger keys to achieve secrecy. Where breaking symmetric keys is usually done through brute force, public key algorithms involve deriving the matching secret key from the public key. The process depends on the kind of encryption adopted but generally involves the use of prime factors. 768-byte keys are safe for the near future and 1028-byte keys are safe for the foreseeable future, whereas 256-byte keys can be easily cracked by personal computers [5:1]. ADVANTAGES AND DISADVANTAGES Even though public key cryptography is the accepted standard, it’s not foolproof. For this reason, it has not completely replaced symmetric cryptography. Here are some of the main advantages and disadvantages [4]. Advantages: 1. The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone.
  • 4. 2. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization. We will look at digital timestamps and digital signatures in a moment. Disadvantages: 1. Transmission time for documents encrypted using public key cryptography are significantly slower then symmetric cryptography. In fact, transmission of very large documents is prohibitive. 2. The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection. 3. Public key cryptography is susceptible to impersonation attacks. EXAMPLES The ABC company maintains payroll information for a variety of organizations. This payroll information is frequently transmitted over the Internet from participating companies. For security reasons, the ABC company conducts all of its Internet transactions using public key cryptography. The company owns both a public and a private encryption key. The public key is made available to all participating organizations and in fact is openly available to anyone who wants to download it from the ABC website. The private key is kept secure in a bank vault at ABC headquarters. When the XYZ company wants to transmit its payroll data to the ABC company, it first encrypts the data using the ABC company’s public key. Once it’s encrypted, the scrambled payroll data is transmitted securely over the Internet to the ABC company’s processing department. If the information is intercepted along the way, all the interceptors will see is scrambled information. Even if they have the public key, which is very possible, they will not be able to unscramble the information. Only the private key can do that. Once the information is received by ABC, the private key is used to unscramble the information, allowing the processing department to process the payroll. Using symmetric cryptography the ABC company would have to deliver, through some secure means (such as a courier), a copy of its one and only private key. Since the same key is used to both encrypt and decrypt the information, both sender and receiver must have a copy. So if XYZ is a new client for ABC, ABC must send XYZ a copy of the secret key so that XYZ can then encrypt its payroll information and transmit it to ABC. ABC, using the same key, decrypts XYZ’s information and processes the payroll data. Since a system is only as strong as its weakest link, key security during transmission becomes as important for XYZ as encrypting the data. As mentioned earlier, public key cryptography lends itself to a new technology called digital signatures. Digital signatures involve a reversing of the normal public/private encryption/decryption process. Here is an example that demonstrates its use. Suppose Mary wants to send the ABC company a request for a special document. Before the ABC company can send that document, they must be assured that the requestor is actually
  • 5. Mary. A digital signature can verify Mary’s validity to ABC in the following way. Mary first encrypts her name using her private key. She then encrypts the request along with the encrypted name using the ABC company’s well-known public key. When the ABC company receives the message, it decrypts the request using its private key and then decrypts the signature using Mary’s well-publicized public key. If the name decrypts successfully, then it must be Mary’s signature since she is the only one who could have encrypted it with her secret private key. The request can be safely processed. Digital signatures are gaining popularity in many Internet transactions involving signature verification such as contracts and other legal negotiations as well as court documents. Recent enhancements to digital signatures include digital timestamps. Digital timestamps apply a “when” criteria to a digital signature by attaching a widely publicized summary number to the signature. That summary number is only produced at some given point in time, essentially linking that signature to a certain date/time. It’s an especially effective technology since it doesn’t rely on the security of keys. I mentioned earlier that for large documents, use of public key cryptography is prohibitive because transmission speeds are so slow. By using something called a digital envelope, the best of both symmetric (transmission speed) and public key (security) cryptography can be used. Here is an example of how a digital envelope works. Mary wants to send a very large document to her main office overseas. Because of its sensitivity, Mary believes it should be sent using public key cryptography but knows she can’t because it’s too large. She decides to use a digital envelope. Mary first creates a special session key and uses this key to symmetrically encrypt her document. That is, she uses a symmetric cryptographic algorithm. She then encrypts the session key with her organization’s public key. So now the document is encrypted using symmetric cryptography and the key that encrypted it is encrypted using public key cryptography. The encrypted key is called the digital envelope. She then transmits both the key and the document to the main office. At the main office, the company’s private key is used to decrypt the session key. Then the session key is used to decrypt the document. Transmission was fast and just as secure as using public key cryptography exclusively [1:24]. Digital envelops offer the benefits of both approaches without sacrificing security. FUTURE DEVELOPMENTS There are two areas that show promise in the field of cryptography: Quantum cryptography and DNA cryptography. Quantum cryptography attempts to achieve the same security of information as other forms of cryptography but through the use of photons, or packets of light. The process, though still in experimental stages, makes use of the polarization nature of light and is proving to be a very promising defense against eavesdropping [4].
  • 6. DNA cryptography makes use of specially selected DNA strands whose combination results to a specific solution to a problem. Still in its infancy, DNA cryptography looks promising [4]. REFERENCES 1. Stein, Lincoln D., Web Security, New York: New York Addison-Wesley, 1988 2. McGraw, Gary, Felten, Edward F, Securing Java, New York: New York, John Wiley & Sons, 1999 3. Feghhi, Jalal, Feghhi, Jalil, Williams, Peter, Digital Certificates, Addison Wesley Longman, Inc., 1999 4. Christoyannis, Costas, http://www.hack.gr/users/dij/crypto/ 5. SSH Communications Security, http://www.ssh.fi/tech/crypto/intro.html#algorithms