CRYPTOGRAPHY CRYPTOGRAPHY SYLLABUS Unit 1: Introduction- the concept of security-introduction the need for security - security approaches-principles of security – types of attacks. Cryptography techniques: introduction-plaintext and cipher text- substation techniques –transposition techniques- encryption and decryption – symmetric and asymmetric key cryptography – stegnography -- key range and key size - possible types of attacks. Unit 2: Computer based symmetric Key Cryptography Algorithms: Introduction-Algorithm Types and Modes-An overview of Symmetric Key Cryptography-Data Encryption Standard(DES)-International Data Encryption Algorithm(IDEA)-RC5-Blow fish- Advanced Encryption Standard(AES)-Differential and linear Cryptanalysis-Computer Based Asymmetric Cryptography Algorithm: Introduction-Brief History of Asymmetric Cryptography-An overview of Asymmetric Key Cryptography-The RSA algorithm- Symmetric and Asymmetric Key Cryptography together-Digital Signatures-Knapsack Algorithm-Some other Algorithm Text book: Cryptography and Network Security, Atul Kahate, TMH 2006 Reference: Cryptography and Network Security-Behrouz A.Forcizan, The MC Graw Hill, 2008
Transcript
CRYPTOGRAPHY
CRYPTOGRAPHY
SYLLABUS
Unit 1:
Introduction- the concept of security-introduction the need for security - security
approaches-principles of security – types of attacks. Cryptography techniques:
introduction-plaintext and cipher text- substation techniques –transposition techniques-
encryption and decryption – symmetric and asymmetric key cryptography – stegnography
-- key range and key size - possible types of attacks.
Unit 2:
Computer based symmetric Key Cryptography Algorithms: Introduction-Algorithm
Types and Modes-An overview of Symmetric Key Cryptography-Data Encryption
Standard(DES)-International Data Encryption Algorithm(IDEA)-RC5-Blow fish-
Advanced Encryption Standard(AES)-Differential and linear Cryptanalysis-Computer
Based Asymmetric Cryptography Algorithm: Introduction-Brief History of Asymmetric
Cryptography-An overview of Asymmetric Key Cryptography-The RSA algorithm-
Symmetric and Asymmetric Key Cryptography together-Digital Signatures-Knapsack
Algorithm-Some other Algorithm
Text book:
Cryptography and Network Security, Atul Kahate, TMH 2006
Reference:
Cryptography and Network Security-Behrouz A.Forcizan, The MC Graw Hill, 2008
CRYPTOGRAPHY
CRYPTOGRAPHY
UNIT I:
INTRODUCTION
Cryptography is the science of diverse field of problems related to encryption
and decryption techniques, privacy of communication, authentication, digital signatures
and much more. However, its main task is the constant quest for making the exchange of
information totaly secure. As such, its task has not change for centuries. Since secret
writing hieroglyphic system, through Juliush Cesar "Cesar cipher", German Enigma to
latest public-key systems, scientists and practitioners around the world, known as
cryptographers are in this quest of hiding information from unauthorized eyes.
Definition Cryptography is the study of mathematical techniques related to aspects of
informationsecurity such as confidentiality, data integrity, entity authentication, and data
originauthentication.Cryptography is not the only means of providing information
security, but rather one set oftechniques.
NEED FOR SECURITY:
When computer application were developed to handle
Financial and personal data the real need for security was felt like never before.
People realized that data on computers was an extremely important aspect of such
security important aspect of modern life.
Two typical (Ex)of such security mechanisms were as follows:
Provide a user id and password every user and use that information to authenticate
a user.
Encode information stored in the data base in some fashion so that is not visible to
users who do not have the right’s permission.
CRYPTOGRAPHY
Organizations employed their own mechanisms in order to provide for these
kinds’ basics security mechanisms.
Modern nature of attacks:
Difference in computer based system is mainly due to the speed at
which things happen and the accuracy that we get, as compared do the traditional
world. We can highlight a few salient features of the modern nature of attack as
follows:-
Automatic attacks:-
The speed of computer makes several attacks worth while.
For the example, in the real world, support that someone mange’s to
create a machine that can produce conducing coins.
However producing so many coins on a mass scale may not be that
much economical compared to the return on that investment.
They are quit efficient and happy in doing routine mundane and
repetitive tasks.
For the example, they would excel in somehow stealing a very low
amount from a million bank accounts in a matter of few minuets.
Humans dislike mundance and repetitive tasks. Automatically them can
cause destruction or quit rapidly.
Privacy cancers:-
Collecting information about people and later using it is turning
out to be a high problem these days.
The so called data mining applications gather process and
tabulate all sorts of details about individuals.
People can then illegally sell this information for the example;
companies like expression Tran’s union and Equifax maintain
credit history of individual in the USA.
These companies have volumes of information about a majority
of citizens of that country
CRYPTOGRAPHY
These companies can collect, polish and format all sorts of
information to who server is ready to pay for the data.
Every company are collecting and processing mind boggling
amount information about us.
Distance dose not matters:-
Money in digital from inside computer and moves
around by using computer networks.
Therefore a modern thief would perhaps not like to
wear a mask and attempt a robbery.
Instead, it is far easier and cheaper to attempt on attack
on the computer system of the bank sitting at home.
SECURITY APPROCHES:-
Trusted system:
A trusted system is a computer system that can be
trusted to a specified extent to enforce a specified
security policy.
Naturally, following are the expansion from the
reference monitor.
a. It should be tamperproof
b. It should always be invoked
c. It should be small enough so that it con be independently.
The deal with lattice based information follows in computer system.
Security models:-
An organization can tasks several approaches to implement its security model let us
summarize these approaches.
No security:-
In this simplest case, the approach could be a decision to implement no security at all.
Security trough obscurity:
CRYPTOGRAPHY
In this model, a system is secure simply. Because nobody knows about its existence and
contents. This approach cannot work for attacker can come to know about it.
Host security:
In this scheme the security for each host enforced individual, this is a very safe approach.
Network security:
In this technique the focus is to control network access to various host and their scurries
rather than individual host security.
This is very efficient and scalable model.
Security management practices:-
Good security management practices always talk of a security policy being in place.
A good security policy generally takes care key aspects as follows
Affordability :: cost and effort in security implementation
Factuality:: mechanisms of providing security.
Legality :: whether the policy meats the legal requirements
Cultural issues: whether the policy gets well with people’s expectations
working style and believes.
Once a security policy is in place, the following points should be
ensured.
A. Explanation of the policy to all concerned.
B. Outline everybody responsibilities.
C. Use simple language in all communications.
D. Establishment of accountability.
E. Provisions for exception and periodic reviews.
That all about security approaches.
PRINCIPLES OF SECURITY:-
CRYPTOGRAPHY
Let as assume that a person a wants to send a check worth $100 to another
person B. Normally are the factors that A and B will think of in such case, A will write
the check for $100, put it in envelope and send it to B.
Confidently:-
A will like to ensure that no one except B gets the envelope and even if some
one else get does not come to know about the details of the check. This is the principles
of confident.
Integrity:-
A and b will further like to make sure that no one can temper with the
contends of the check as its amount, data, signature, name of the payee, etc.
Authentication:-
B would like to be assured that the check has someone posing as a. as it could
be a flack check in the case.
Non-repudiation:-
What will happen? Tomorrow if B deposits the check in her account, the
money is transferred A’s account to B’s account and then A refute this claim and settle
the dispute.
Repudiation:-
These are the four principles of security. There are tow access control and
availability which are not related to a particular message, but are linked to the over all
system as a whole.
Access control:-
The principle of access control determines who should be able to access what. For
instance, we should be able to specify the user A can view the records in a subset of an
access control matrix. Access control is broadly related to tow areas. That are,
Rule management
Role management
CRYPTOGRAPHY
Rule management: focuses on the resources side (which resources is accessible and
under what circulates).
Role management: concentrates on the user side (which user can do what)
Availability:-
The principles of availability states the resources should be
available to authorized parties at all times. This also defined seven layers of security in
the from of,
Authentications
Access control
Non-repudiation
Data integrity
Confidentiality
Assurance or availability
Not arizationor signature
TYPES OF ATTACKS:-
We shall attacks with respect to two views: the common person’s view and
a technologist’s view.
Attack a general view:
From a common person of view, can classify attack into
three categories. Let as discuss these attacks.
Criminal attacks:-
Criminal attacks are the simplest to understand. Here the sole aim of the
attackers is to maximize financial Gain by attacking computer system.
Publicity attacks:
Publicity attacks occur because the attackers want
to see there names appear on television new channels and newspaper. One of the most
famous such attacks occurred on the us department of justice’s web site in 1996. The
New York Times home page was also famously defaced tow year later.
CRYPTOGRAPHY
Legal attacks:-
The aim of the attacker is to exploit the weakness of the
judge and the jury in technology matters. For example, an attacker may sue a bank for a
performing an online transaction, which she never wanted to perform.
Security attacks:
Passive attack
Active attack
Passive attack:
The passive attack attempt to learn or make use of information from the
system. Two types of passive attacks are
Release of message
Traffic analysis
Release of message:-
A telephone conversion and electronic mail message and a transfer may can
contains sensitive or confidently information.
Traffic analysis:-
The common technique for masking contents is encryption. The opponent could
determine the location and the identify of communication cost and could observe the
frequency and length of the message being exchange.
Active attack:-
An active attack involves some modification of the data stream. These are
divided into three categories.
Interruption
Modification
Fabrication
Interruption:-
Trying to pose as another entity involves masquerade attacks.
Modification:-
CRYPTOGRAPHY
Modification attacks can be classified further into replay attacks and alteration of
message.
Fabrication:-
Fabrication causes denial of service attacks.
CRYPTOGRAPHY TECHNIQUES:
Introduction:
Cryptography comes from the Greek words for secret writing. The messages to be
encrypted know as plaintext. The output of the encryption process is known as
cyphertext.
Cryptography:-
Cryptography system is characterized along three independent
diminutions.
The types of operation used for transforming pt to ct.
The number of key words
The way in which the plaintext is processed
If the sender and receiver use different keys, the system is refers to as asymmetric two
keys or public key encryption.
Stream cipher:-
A stream cipher process the input element continuously producing
output one element at a time as goes along.
Crypt analysis:-
Crypt analysis attacks rely on the nature of the algorithm.
Plus perhaps some knowledge of general characterizes tics of plaintext. There are five
types of attacks
Cipher ext only
CRYPTOGRAPHY
Known plaintext
Chosen plaintext
Chosen cipher text
Chosen text
Cipher text only:-
The cipher text only attack is the easiest to defend against
because the opponent has the least amount of information to work with.
Known plaintext:-
The known plaintext is what might be referred to as
probable work attack. If the opponent is working with the encryption of some general
message may have little knowledge of what is in the message is occur.
Chosen plaintext:-
If the analysis able to get the source system to insert into the system message
chose by the analysis then the chosen plaintext is possible.
ENCRYPTION TECHNIQUES:
There are two types of encryption techniques:
Substation techniques
Transportations techniques
A substation technique is one is which the letters of plain text are replaced by
other letters or by numbers or symbols.
Plaintext: A B C D E F G H I J K L M N O P Q R S T U
V W X Y Z
Ciphertext: O P Q R S T U V W X Y Z A B C D E F G H I
J K L M N
SUBSTUTION TECHNIQUES:-
There are seven types of categories.
Caesar cipher
CRYPTOGRAPHY
Modified version of Caesar cipher
Mono-alphabetic cipher
Homophonic substation cipher
Polygram substation cipher
Polyalphabetic substation cipher
Playfair cipher
Caesar cipher:-
One of the oldest known ciphers is the Caesar cipher attributed to Julius Caesar.
Plaintext: A B C D E F G H I J K L M N O P Q R S T U
V W X Y Z
Cyphertext: O P Q R S T U V W X Y Z A B C D E F G H I
J K L M N
Attack = DWWDFN
Meet me = PHHWPH
The encryption algorithm is:
C= E (K.P) = (P+K) MOD 26
The decryption algorithm is:
P = D (K.C) = (C-K) MOD 26
Mono-alphabetic cipher:-
The general system of symbol for symbol substation is called mono-alphabetic
cipher substation with a key being the 26 letters string corresponding to the alphabet.
In English most common letters are et,t,o,an,I,th,in,er,re,an,the,ing and ion. The most
common three letters combination is
T (x) e x h
T h (y) y a
Q Z W n z
Polygram substation cipher:-
CRYPTOGRAPHY
The Polygram substation cipher is a technique rather than replacing one plain text
alphabet with one cipher at a time.
(e.x) hello = yuqqw
Polyalphabetic substation cipher:-
This cipher uses multiple one character keys features:
It use a set of related mono-alphabetic substation rotes. It use a key that determines which
rule is used for which transformation.
Play fair cipher:-
Creation and population of matrix
Encryptions process
P L A Y F
I R E X M
B C D G H
K N O Q S
T Y W V Z
There are five type of encryption process. If the both alphabetic are
same adder x after the first alphabet.
TRANSPOSITION TECHNIQUES:
This is techniques for replace one alphabet with another there are four techniques are
available, there are
Rail fence technique
Simple columnar transposition
Verna cipher
Book cipher / running key cipher
Rail fence technique:-
CRYPTOGRAPHY
The rail fence tech is an example of transposition it is use a simple
algorithm. Text every letter in the plain text message as a number so that a, A = 0, B = 1,
z = 25.
It has very little sophistications built in.
Simple columnar transposition:-
Simple columnar transposition techs with multiple rounds are used to
improve the basic simple columnar transposition techniques.
(e.x) consider the rectangle with six columns write the message in the rectangle row by
row
C1 C2 C3 C4 C5 C6
C O M E H O
M E F O M O
R R O W -- --
Vern-am cipher:-
The vernam cipher is also called as one time pod. This is implemented using a random set
of non repeating char actors as input cipher text.
SYMMETRIC-KEY CRYPTOGRAPHY
Introduction:
An encryption system in which the sender and receiver of a message share a single,
common key that is used to encrypt and decrypt the message. Contrast this with public-
key cryptology , which utilizes two keys - a public key to encrypt messages and a private
key to decrypt them.
Symmetric-key systems are simpler and faster, but their main drawback is that the two
parties must somehow exchange the key in a secure way. Public-key encryption avoids
this problem because the public key can be distributed in a non-secure way, and the
private key is never transmitted.
CRYPTOGRAPHY
Symmetric-key cryptography is sometimes called secret-key cryptography. The most
popular symmetric-key system is the Data Encryption Standard (DES).
Symmetric-Key Cryptography:
In symmetric-key cryptography, we encode our plain text by mangling it with a secret
key. Decryption requires knowledge of the same key, and reverses the mangling.
ciphertext = encrypt( plaintext, key )
plaintext = decrypt( ciphertext, key )
Symmetric key cryptography is useful if you want to encrypt files on your computer, and
you intend to decrypt them yourself. It is less useful if you intend to send them to
someone else to be decrypted, because in that case you have a "key distribution problem":
securely communicating the encryption key to your correspondent may not be much
easier than securely communicating the original text.
It is good practice to assume the encryption algorithms that we have chosen to use are
publically known; only the key is secret to the participants. Slogan: "obscurity is no
security".
Caesar cipher
The key is a number between 1 and 25. Define code ('a') =0, code ('b') =1, ...,
code('z')=25.
encryption(c, key) = code-1
( code(c)+key mod 26 )
Pros: simple.
Cons: trivial to break.
How many keys are there?
How can you break this cipher?
Compression-then-substitution
Compress the text first (in an attempt to avoid the frequency-of-letters attack), and then
do a substitution of byte values, such as:
CRYPTOGRAPHY
original byte 0 1 2 3 ... 255
cipher byte 123 53 221 102 ... 34
ASYMMETRIC-KEY CRYPTOGRAPHY
We have now defined two functions that are hard to perform: computing
the inverse of a one-way function and distinguishing the output of a pseudo-random
function from a random function. We then gave high-level definitions of more useful
operations: cryptographic hash functions and encryption, which can be based on one-way
functions and pseudo-random functions, respectively. But shared keys are inherently
limiting; these keys must be shared between each pair of principals and complicate the
process of adding new principals to the system.
Similarly, shared key operations are not easily applicable to cases where one
principal performs an operation that affects many principals. An asymmetric key setup
would solve both of these problems: each principal has its own key information that it
does not need to share in secret with other principals.
For an example of how problems arise in symmetric-key settings, consider how
we might perform some of our shared-key operations in a context with, say, three
principals, A, B, and C. Principal A wants to send a message to B and C in such a way
that both know that it came from A. If A and B share key kAB and A and C share key kAC,
then it's not obvious how to send a bit string that guarantees this property (though such
schemes exist); the naive solution of computing a pair (MAC(m, kAB), MAC(m, kAC))
and sending it as an authenticator doesn't work if B and C don't trust each other or don't
trust A, since one element of the pair might pass the check for one principal and the other
not pass the check for the other principal. If A, B, and C all share a single key, then B or
C could create a MAC that appears to come from A.
CRYPTOGRAPHY
So, shared keys between more than two principals lose some properties. First,
they lose their binding to identities. Second, authentication for different principals cannot
be guaranteed. Third, they complicate open systems, in which new principals can appear
at any time, since new principals must be given a key shared with each other principal.
To get around this problem, recall the example of the stock broker. The client
published a pair M1 and M2 of numbers. It happened that the stock broker was the
principal that used these numbers and checked them, but any principal could have
performed the stock broker's actions, since M1 and M2 were published by the client. We
say that key information published like M1 and M2 is a public key and m1 and m2 are the
corresponding private key.
STEGANOGRAPHY
Steganography is the art and science of writing hidden messages in such a way
that no one, apart from the sender and intended recipient, suspects the existence of the
message, a form of security through obscurity.
The word steganography is of Greek origin and means "concealed writing" from
the Greek words steganos (στεγανός) meaning "covered or protected", and graphein
(γράυειν) meaning "to write".
The advantage of steganography, over cryptography alone, is that messages do
not attract attention to themselves. Plainly visible encrypted messages—no matter how
unbreakable—will arouse suspicion, and may in themselves be incriminating in countries
where encryption is illegal. Therefore, whereas cryptography protects the contents of a
message, steganography can be said to protect both messages and communicating parties.
Steganography includes the concealment of information within computer files. In
digital steganography, electronic communications may include steganographic coding
inside of a transport layer, such as a document file, image file, program or protocol.
Media files are ideal for steganographic transmission because of their large size.
CRYPTOGRAPHY
As a simple example, a sender might start with an innocuous image file and
adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so
subtle that someone not specifically looking for it is unlikely to notice it.
Steganographic techniques
Physical steganography
Steganography has been widely used, including in recent historical times and the present
day. Possible permutations are endless and known examples include:
Hidden messages within wax tablets — in ancient Greece, people wrote messages
on the wood, then covered it with wax upon which an innocent covering message
was written.
Hidden messages on messenger's body — also used in ancient Greece. Herodotus
tells the story of a message tattooed on a slave's shaved head, hidden by the
growth of his hair, and exposed by shaving his head again. The message allegedly
carried a warning to Greece about Persian invasion plans. This method has
obvious drawbacks, such as delayed transmission while waiting for the slave's
hair to grow, and the restrictions on the number and size of messages that can be
encoded on one person's scalp.
During World War II, the French Resistance sent some messages written on the
backs of couriers using invisible ink.
Hidden messages on paper written in secret inks, under other messages or on the
blank parts of other messages.
Messages written in Morse code on knitting yarn and then knitted into a piece of
clothing worn by a courier.
Messages written on envelopes in the area covered by postage stamps.
During and after World War II, espionage agents used photographically produced
microdots to send information back and forth. Microdots were typically minute,
approximately less than the size of the period produced by a typewriter. World
War II microdots needed to be embedded in the paper and covered with an
CRYPTOGRAPHY
adhesive, such as collodion. This was reflective and thus detectable by viewing
against glancing light. Alternative techniques included inserting microdots into
slits cut into the edge of post cards.
During World War II, a spy for Japan in New York City, Velvalee Dickinson,
sent information to accommodation addresses in neutral South America. She was
a dealer in dolls, and her letters discussed how many of this or that doll to ship.
The stegotext was the doll orders, while the concealed "plaintext" was itself
encoded and gave information about ship movements, etc. Her case became
somewhat famous and she became known as the Doll Woman.
Cold War counter-propaganda. In 1968, crew members of the USS Pueblo
intelligence ship held as prisoners by North Korea, communicated in sign
language during staged photo opportunities, informing the United States they
were not defectors, but rather were being held captive by the North Koreans. In
other photos presented to the U.S., crew members gave "the finger" to the
unsuspecting North Koreans, in an attempt to discredit photos that showed them
smiling and comfortable.
Digital steganography
Image of a tree. Removing all but the two least significant bits of each color component
produces an almost completely black image. Making that image 85 times brighter
produces the image below.
CRYPTOGRAPHY
Image of a cat extracted from above image.
Modern steganography entered the world in 1985 with the advent of the personal
computer being applied to classical steganography problems.Development following that
was slow, but has since taken off, going by the number of "stego" programs available:
Over 800 digital steganography applications have been identified by the Steganography
Analysis and Research Center.[Digital steganography techniques include:
Concealing messages within the lowest bits of noisy images or sound files.
Concealing data within encrypted data or within random data. The data to be
concealed is first encrypted before being used to overwrite part of a much larger
block of encrypted data or a block of random data (an unbreakable cipher like the
one-time pad generates ciphertexts that look perfectly random if you don't have
the private key).
Chaffing and winnowing.
Mimic functions convert one file to have the statistical profile of another. This can
thwart statistical methods that help brute-force attacks identify the right solution
in a ciphertext-only attack.
Concealed messages in tampered executable files, exploiting redundancy in the
targeted instruction set.
Pictures embedded in video material (optionally played at slower or faster speed).
Injecting imperceptible delays to packets sent over the network from the
keyboard. Delays in keypresses in some applications (telnet or remote desktop
CRYPTOGRAPHY
software) can mean a delay in packets, and the delays in the packets can be used
to encode data.
Changing the order of elements in a set.
Content-Aware Steganography hides information in the semantics a human user
assigns to a datagram. These systems offer security against a non-human
adversary/warden.
Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are
added as comments of orphaned web-logs (or pin boards on social network
platforms). In this case the selection of blogs is the symmetric key that sender and
recipient are using; the carrier of the hidden message is the whole blogosphere.
Modifying the echo of a sound file (Echo Steganography).
