| Date post: | 01-Oct-2015 |
| Category: |
Documents |
| Upload: | charchit99 |
| View: | 40 times |
| Download: | 6 times |
A
Project Report
on
Seminar Topic
RSA Cryptography
in partial fulfillment
for the award of the Degree of
Bachelors of Technology
in Department of Computer Science
Submitted To: Submitted By:
Mohit Khandelwal Charchit Taneja
Project In-charge 11EIACS026
CSE Department CSE
IET Alwar
Department of Computer Science
Institute of Engineering and Technology, Alwar
January, 2015
i
Candidates Declaration
I hereby declare that the work, which is being presented in this report, entitled RSA
Cryptography in partial fulfillment for the award of Degree of Bachelor of Technology in
department of Computer Science, Institute of Engineering and Technology affiliated to,
Rajasthan Technical University is a record of my own investigations carried under the Guidance
of Mr. Mohit Khandelwal, Department of Computer Science Engineering, IET Alwar.
I have not submitted the matter presented in this report anywhere for the award of any other
Degree.
Charchit Taneja
11EIACS026
Computer Science
Counter Signed by:
Mohit Khandelwal
ii
Preface
This paper introduces Cryptography Techniques. Cryptography is The science of protecting data &
Network Security keeping information private and Secure from unauthorized Users.
This paper gives the Fundamental Requirements for the Data Transmission, the security attacks like
Interruption, Interception and Modification of the data Transmission.
The Cryptographic Process explaining through a generalized function is discussed through which
encryption and decryption is done by the various algorithms like RSA algorithm, Hash Functions and many
cryptographic algorithms. The Cryptanalysis is the process of attempting to discover the plain text and/ or
the key.
Applications of Various Cryptographic Technologies. Why & How to Provide Network Security in the
Certificates issuing, The Validity & Trust for Certificate Services, Certificate Revocation in the Internet,
Intranet and other Network Communications, the Applications of Network Security to the various Data
Transfer techniques and protocols. From the dawn of civilization, to the highly networked societies that we
live in Today communication has always been an integral part of our existence.
iii
Acknowledgement
It is a matter of great pleasure and privilege for me to present this seminar report, RSA
Cryptography that I had developed for fulfillment of my Bachelor of Technology in Computer
Science and Engineering. I have received enormous help, guidance and advice from many people
and I feel that it will be not be right to mention a line about at least some of them. The author
would like to express their utmost gratitude to the Institute of Engineering and Technology,
Alwar for providing opportunity to author to pursue for the degree of Bachelor of Technology.
I am grateful to our chairman Dr. V.K. Agarwal for providing me the opportunity to study in this
institution as well as providing us with all the necessary facilities.
Our principal Dr. Anil Kumar Sharma has been source of inspiration to us in our work sincerely.
I am also thankful to Prof (Dr.) S.K.Singh (H.O.D., CSE) and Mr. Mohit Khandelwal (Project
In-charge) for their encouragement and guidance. Their words of encouragement led us to finish
our work successfully.
I am also thankful to all faculty members of Computer Science & Engineering and Information
Technology Department and all other for help given to us directly or indirectly for the success of
this seminar.
Charchit Taneja
11EIACS026
CSE
iv
Table of Contents Candidates Declaration ............................................................................................................................... i
Preface .......................................................................................................................................................... ii
Acknowledgement ....................................................................................................................................... iii
Chapter 1 ....................................................................................................................................................... 1
1.1 Introduction ........................................................................................................................................ 1
1.2 HISTORY .............................................................................................................................................. 3
1.2.1 CLASSIC CRYPTOGRAPHY: ............................................................................................................ 3
1.3 THE COMPUTER ERA: .......................................................................................................................... 6
1.4 Cryptography Terminology ................................................................................................................. 8
Chapter 2 ..................................................................................................................................................... 10
2.1 Cryptography Services ...................................................................................................................... 10
2.2 Fundamental Requirements ............................................................................................................. 11
2.3 Attacks ............................................................................................................................................... 12
2.3.1 Passive Attacks: .......................................................................................................................... 12
2.3.2 Active Attacks: ............................................................................................................................ 13
2.3.3 Cipher Text Only Attack: ............................................................................................................ 13
2.3.4 Known Plaintext Attack .............................................................................................................. 14
2.3.5 Chosen Plaintext Attack: ............................................................................................................ 14
2.4 Security Attacks ................................................................................................................................. 14
2.5 Common Security Threats ................................................................................................................. 15
Chapter 3 ..................................................................................................................................................... 16
3.1 CIPHER ............................................................................................................................................... 16
3.2 CLASSICAL CIPHER ............................................................................................................................. 16
3.3 MODERN CIPHER ............................................................................................................................... 18
3.3.1 INPUT BASED CIPHERS: .............................................................................................................. 18
3.3.2 KEY BASED CIPHER: .................................................................................................................... 20
3.4 HASH FUNCTIONS: ............................................................................................................................ 23
Chapter 4 ..................................................................................................................................................... 25
4.1 ENCRYPTION MODES ........................................................................................................................ 25
4.1.1 ELECTRONIC CODEBOOK (EBC): ................................................................................................. 25
4.1.2 CIPHER BLOCK CHAINING: .......................................................................................................... 25
4.1.3 CIPHER FEEDBACK (CFB): ........................................................................................................... 25
v
4.1.4 OUTPUT FEEDBACK (OFB): ......................................................................................................... 25
4.1.5 LRW Encryption Mode ............................................................................................................... 26
4.1.6 XTS Encryption Mode ................................................................................................................. 26
Chapter 5 ..................................................................................................................................................... 28
5.1 APPLICATIONS ................................................................................................................................... 28
5.2 Public-Key Encryption for Digital Signatures ..................................................................................... 30
5.3 Public-Key Encryption for Digital Certificates ................................................................................... 30
5.4 Digital Certificate .............................................................................................................................. 30
5.4.1 Cryptographic Technologies ....................................................................................................... 31
5.4.2 Based on Algorithms .................................................................................................................. 32
Chapter 6 ..................................................................................................................................................... 34
6.1 RSA (cryptosystem) ........................................................................................................................... 34
6.2 History ............................................................................................................................................... 34
6.3 Operation .......................................................................................................................................... 35
6.3.1 Key generation ........................................................................................................................... 35
6.3.2 Encryption .................................................................................................................................. 36
6.3.3 Decryption .................................................................................................................................. 37
Chapter 7 ..................................................................................................................................................... 38
CONCLUSION ........................................................................................................................................... 38
Chapter 8 ..................................................................................................................................................... 39
Reference ................................................................................................................................................ 39
1
Chapter 1
1.1 Introduction
Cryptography comes from Greek word kryptos, meaning "hidden or secret"; and
grphin means "writing". Cryptography is the practice and study of hiding information. Modern
cryptography intersects the disciplines of mathematics, computer science, and electrical
engineering. Applications of cryptography include ATM cards, computer passwords, and
electronic commerce.
Cryptology prior to the modern age was almost synonymous with encryption, the
conversion of information from a readable state to apparent gibberish. The sender retained the
ability to decrypt the information and therefore avoid unwanted persons being able to read it. Since
First World War and the advent of the computer, the methods used to carry out cryptology have
become increasingly complex and its application more widespread.
Modern cryptography follows a strongly scientific approach, and designs cryptographic
algorithms around computational hardness assumptions that are assumed hard to break by an
adversary. Such systems are not unbreakable in theory but it is infeasible to do so for any practical
adversary. Information-theoretically secure schemes that provably cannot be broken exist but they
are less practical than computationally-secure mechanisms. An example of such systems is the
one-time pad. Alongside the advancement in cryptology-related technology, the practice has raised
a number of legal issues, some of which remain unresolved.
Until modern times cryptography referred almost exclusively to encryption, which is the
process of converting ordinary information (called plaintext) into unintelligible gibberish (called
cipher text). Decryption is the reverse, in other words, moving from the unintelligible cipher text
back to plaintext. A cipher (or cypher) is a pair of algorithms that create the encryption and the
reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in
each instance by a key. This is a secret parameter (ideally known only to the communicants) for a
specific message exchange context.
2
A "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible
cypher texts, finite possible keys, and the encryption and decryption algorithms which correspond
to each key. Keys are important, as ciphers without variable keys can be trivially broken with only
the knowledge of the cipher used and are therefore useless (or even counter-productive) for most
purposes. Historically, ciphers were often used directly for encryption or decryption without
additional procedures such as authentication or integrity checks.
In colloquial use, the term "code" is often used to mean any method of encryption or
concealment of meaning. However, in cryptography, code has a more specific meaning. It means
the replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a code word (for
example, wallaby replaces attack at dawn). Codes are no longer used in serious cryptography
except incidentally for such things as unit designations (e.g., Bronco Flight or Operation
Overlord)since properly chosen ciphers are both more practical and more secure than even the
best codes and also are better adapted to computers.
Cryptanalysis is the term used for the study of methods for obtaining the meaning of
encrypted information without access to the key normally required to do so; i.e., it is the study of
how to crack encryption algorithms or their implementations.
Some use the terms cryptography and cryptology interchangeably in English, while others
(including US military practice generally) use cryptography to refer specifically to the use and
practice of cryptographic techniques and cryptology to refer to the combined study of cryptography
3
and cryptanalysis. English is more flexible than several other languages in which cryptology (done
by cryptologists) is always used in the second sense above.
The study of characteristics of languages which have some application in cryptography (or
cryptology), i.e. frequency data, letter combinations, universal patterns, etc., is called crypto
linguistics.
1.2 HISTORY
Before the modern era, cryptography was concerned solely with message confidentiality
(i.e., encryption)conversion of messages from a comprehensible form into an incomprehensible
one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers
without secret knowledge (namely the key needed for decryption of that message). Encryption was
used to (attempt to) ensure secrecy in communications, such as those of spies, military leaders,
and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to
include techniques for message integrity checking, sender/receiver identity authentication, digital
signatures, interactive proofs and secure computation, among others.
1.2.1 CLASSIC CRYPTOGRAPHY:
The earliest forms of secret writing required little more than local pen and paper analogs,
as most people could not read. More literacy, or literate opponents, required actual cryptography.
The main classical cipher types are transposition ciphers, which rearrange the order of letters in a
message (e.g., 'hello world' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme),
and substitution ciphers, which systematically replace letters or groups of letters with other letters
or groups of letters (e.g., 'fly at once' becomes 'gmz bu podf' by replacing each letter with the
one following it in the Latin alphabet). Simple versions of either have never offered much
confidentiality from enterprising opponents.
An early substitution cipher was the Caesar cipher, in which each letter in the plaintext was
replaced by a letter some fixed number of positions further down the alphabet. It was named after
4
Julius Caesar who is reported to have used it, with a shift of 3, to communicate with his generals
during his military campaigns, just like EXCESS-3 code in boolean algebra. There is record of
several early Hebrew ciphers as well. The earliest known use of cryptography is some carved
ciphertext on stone in Egypt (ca 1900 BC), but this may have been done for the amusement of
literate observers. The next oldest is bakery recipes from Mesopotamia. Cryptography is
recommended in the books as a way for lovers to communicate without inconvenient discovery.
The Greeks of Classical times are said to have known of ciphers (e.g., the scytale
transposition cipher claimed to have been used by the Spartan military). Steganography (i.e.,
hiding even the existence of a message so as to keep it confidential) was also first developed in
ancient times. An early example, from Herodotus, concealed a messagea tattoo on a slave's
shaved headunder the regrown hair. Another Greek method was developed by Polybius (now
called the "Polybius Square"). More modern examples of steganography include the use of
invisible ink, microdots, and digital watermarks to conceal information.
Cipher texts produced by a classical cipher (and some modern ciphers) always reveal
statistical information about the plaintext, which can often be used to break them. After the
discovery of frequency analysis perhaps by the Arab mathematician and polymath, Al-Kindi (also
known as Alkindus), in the 9th century, nearly all such ciphers became more or less readily
breakable by any informed attacker. Such classical ciphers still enjoy popularity today, though
mostly as puzzles (see cryptogram). Al-Kindi wrote a book on cryptography entitled Risalah fi
Istikhraj al-Mu'amma (Manuscript for the Deciphering Cryptographic Messages), in which
described the first cryptanalysis techniques.
5
Essentially all ciphers remained vulnerable to cryptanalysis using the frequency analysis
technique until the development of the polyalphabetic cipher, most clearly by Leon Battista Alberti
around the year 1467, though there is some indication that it was already known to Al-Kindi.
Alberti's innovation was to use different ciphers (i.e., substitution alphabets) for various parts of a
message (perhaps for each successive plaintext letter at the limit). He also invented what was
probably the first automatic cipher device, a wheel which implemented a partial realization of his
invention. In the polyalphabetic Vigenre cipher, encryption uses a key word, which controls letter
substitution depending on which letter of the key word is used. In the mid-19th century Charles
Babbage showed that polyalphabetic ciphers of this type remained partially vulnerable to extended
frequency analysis techniques.
Although frequency analysis is a powerful and general technique against many ciphers,
encryption has still been often effective in practice; many a would-be cryptanalyst was unaware of
the technique. Breaking a message without using frequency analysis essentially required
knowledge of the cipher used and perhaps of the key involved, thus making espionage, bribery,
burglary, defection, etc., more attractive approaches to the cryptanalytically uninformed. It was
finally explicitly recognized in the 19th century that secrecy of a cipher's algorithm is not a sensible
or practical safeguard of message security; in fact, it was further realized that any adequate
cryptographic scheme (including ciphers) should remain secure even if the adversary fully
understands the cipher algorithm itself. Security of the key used should alone be sufficient for a
good cipher to maintain confidentiality under an attack. This fundamental principle was first
explicitly stated in 1883 by Auguste Kerckhoffs and is generally called Kerckhoffs' principle;
alternatively and more bluntly, it was restated by Claude Shannon, the inventor of information
theory and the fundamentals of theoretical cryptography, as Shannon's Maxim'the enemy
knows the system'.
Different physical devices and aids have been used to assist with ciphers. One of the earliest
may have been the scytale of ancient Greece, a rod supposedly used by the Spartans as an aid for
a transposition cipher. In medieval times, other aids were invented such as the cipher grille, which
was also used for a kind of steganography. With the invention of polyalphabetic ciphers came
more sophisticated aids such as Alberti's own cipher disk, Johannes Trithemius' tabula recta
scheme, and Thomas Jefferson's multi-cylinder. Many mechanical encryption/decryption devices
6
were invented early in the 20th century, and several patented, among them rotor machines
famously including the Enigma machine used by the German government and military from the
late '20s and during World War II. The ciphers implemented by better quality examples of these
machine designs brought about a substantial increase cryptanalytic difficulty after WWI.
Fig: Enigma Machine
1.3 THE COMPUTER ERA:
The development of digital computers and electronics after World War II made possible
much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of
data representable in any binary format, unlike classical ciphers which only encrypted written
language texts; this was new and significant. Computer use has thus supplanted linguistic
cryptography, both for cipher design and cryptanalysis. Many computer ciphers can be
characterized by their operation on binary bit sequences (sometimes in groups or blocks), unlike
classical and mechanical schemes, which generally manipulate traditional characters (i.e., letters
and digits) directly.
However, computers have also assisted cryptanalysis, which has compensated to some
extent for increased cipher complexity. Nonetheless, good modern ciphers have stayed ahead of
cryptanalysis; it is typically the case that use of a quality cipher is very efficient (i.e., fast and
requiring few resources, such as memory or CPU capability), while breaking it requires an effort
many orders of magnitude larger, and vastly larger than that required for any classical cipher,
7
making cryptanalysis so inefficient and impractical as to be effectively impossible. Alternate
methods of attack (bribery, burglary, threat, torture,) have become more attractive in consequence.
Credit card with smart-card capabilities. The 3-by-5-mm chip embedded in the card is
shown, enlarged. Smart cards combine low cost and portability with the power to compute
cryptographic algorithms.
Extensive open academic research into cryptography is relatively recent; it began only in
the mid-1970s. In recent times, IBM personnel designed the algorithm that became the Federal
(i.e., US) Data Encryption Standard; Whitfield Diffie and Martin Hellman published their key
agreement algorithm known as Diffie-Hellman algorithm; and the RSA algorithm was published
in Martin Gardner's Scientific American column. Since then, cryptography has become a widely
used tool in communications, computer networks, and computer security generally. Some modern
cryptographic techniques can only keep their keys secret if certain mathematical problems are
intractable, such as the integer factorization or the discrete logarithm problems, so there are deep
connections with abstract mathematics. There are no absolute proofs that a cryptographic
technique is secure (but see one-time pad); at best, there are proofs that some techniques are secure
if some computational problem is difficult to solve, or this or that assumption about
implementation or practical use is met.
As well as being aware of cryptographic history, cryptographic algorithm and system
designers must also sensibly consider probable future developments while working on their
designs. For instance, continuous improvements in computer processing power have increased the
scope of brute-force attacks, thus when specifying key lengths, the required key lengths are
similarly advancing. The potential effects of quantum computing are already being considered by
8
some cryptographic system designers; the announced imminence of small implementations of
these machines may be making the need for this preemptive caution rather more than merely
speculative.
Essentially, prior to the early 20th century, cryptography was chiefly concerned with
linguistic and lexicographic patterns. Since then the emphasis has shifted, and cryptography now
makes extensive use of mathematics, including aspects of information theory, computational
complexity, statistics, combinatory, abstract algebra, number theory, and finite mathematics
generally. Cryptography is, also, a branch of engineering, but an unusual one as it deals with active,
intelligent, and malevolent opposition (see cryptographic engineering and security engineering);
other kinds of engineering (e.g., civil or chemical engineering) need deal only with neutral natural
forces. There is also active research examining the relationship between cryptographic problems
and quantum physics (see quantum cryptography and quantum computing).
1.4 Cryptography Terminology
a) Plaintext: The original intelligible message.
b) Cipher text: The transformed message.
c) Cipher: An algorithm for transforming an intelligible message to unintelligible by transposition.
d) Key: Some critical information used by the cipher, known only to the sender & receiver.
e) Encipher :( Encode) the process of converting plaintext to cipher text using a cipher and a key.
f) Decipher :( Decode) the process of converting cipher text back into plaintext using a cipher &
key.
g) Cryptanalysis: The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called code breaking
h) Cryptology: Both cryptography and cryptanalysis
9
i) Code: an algorithm for transforming an intelligible message into an unintelligible one using
codes.
j) Hash algorithm: Is an algorithm that converts text string into a string of fixed length.
k) Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
l) Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
m) Pretty Good Privacy (PGP): PGP is a hybrid cryptosystem.
n) Public Key Infrastructure (PKI): PKI feature is Certificate authority.
10
Chapter 2
2.1 Cryptography Services
Any new design of Cryptographic technique must accomplish the above requisites.
Cryptography not only protects data from theft or alteration, but can also be used for user
authentication.
Hence, the various security requirements for a Cryptographic technique including:
Authentication: The process of proving one's identity. (The primary forms of host-to-
host authentication on the Internet today are name-based or address-based, both of which
are notoriously weak.)
Privacy/confidentiality: Ensuring that no one can read the message except the intended
receiver.
Integrity: Assuring the receiver that the received message has not been altered in any
way from the original.
Non-repudiation: A mechanism to prove that the sender really sent this message.
Access-control: A method in which the access to unauthorized users is prohibited, i.e.
only the authorized user can have access to its documents.
Availability: This method guarantees that the system services are always available when
needed.
Security-Audit: With the help of this mechanism a record of all the previous transactions
are kept which may provide useful information at a later stage.
11
Source Destination
Unauthorized user
Key-Management: This method allows negotiating, as well as setup and maintaining
keys between the communicating entities.
2.2 Fundamental Requirements
Confidential: Is the process of keeping information private and Secret so that only the intended
recipient is able to understand the information.
Authentication: Is the process of providing proof of identity of the sender to the recipient, so that
the recipient can be assured that the person sending the information is who and what he or she
claims to be.
Integrity: Is the method to ensure that information is not tampered with during its transit or its
storage on the network. Any unauthorized person should not be able to tamper with the information
or change the Information during transit
Non-repudiation: Is the method to ensure that information cannot be disowned. Once the non-
repudiation process is in place, the sender cannot deny being the originator of the data.
12
2.3 Attacks
According to the cryptanalyst Kent, there are many ways in which the personal information
shared between two peoples can be interrupted with. Here an intermediate person, known as an
attacker, has an access to the information being transferred called as passive attacker, and can even
change the information being exchanged with the help of some technology and is called as an
active attacker.
2.3.1 Passive Attacks:
This kind of attacks is generally carried by a passive intruder who only has an access to the
information or message being exchanged. Considering the trivial case of Bob and Alice where Bob
wants to send a message to Alice. Here the intruder has access to the contents only i.e. he can read
the message but cannot tamper with it. So due to the inability to create any changes the intruder is
called as a passive attacker.
13
2.3.2 Active Attacks:
This kind of attacks is generally carried by an active intruder who not only has an access to the
information or message being exchanged but can also tamper or manipulate the message being
exchanged. So due to the ability to create any changes the intruder is called as an active attacker.
Some other types of attack can also be considered such as:
2.3.3 Cipher Text Only Attack:
This is the situation where the attacker does not know anything about the contents of the message,
and must work from cipher text only. In practice it is quite often possible to make guesses about
the plaintext, as many types of messages have fixed format headers. Even ordinary letters and
documents begin in a very predictable way. It may also be possible to guess that some cipher text
block contains a common word.
14
2.3.4 Known Plaintext Attack:
The attacker knows or can guess the plaintext for some parts of the cipher text. The task is to
decrypt the rest of the cipher text blocks using this information. This may be done by determining
the key used to encrypt the data, or via some shortcut.
2.3.5 Chosen Plaintext Attack:
The attacker is able to have any text he likes encrypted with the unknown key. The task is to
determine the key used for encryption. Some encryption methods, particularly RSA, are extremely
vulnerable to chosen-plaintext attacks. When such algorithms are used, extreme care must be taken
to design the entire system so that an attacker can never have chosen plaintext encrypted.
2.4 Security Attacks
Interruption: In an attack where one or more of the systems of the organization become unusable
due to attacks by unauthorized users. This leads to systems being unavailable for use.
Interception: An unauthorized individual intercepts the message content and changes it or uses it
for malicious purposes. After this type of attack, the message does not remain confidential.
Modification: The content of the message is modified by a third party. This attack affects the
integrity of the message. So for maintaining the data secretly while communicating data between
two persons or two organizations data is to be converted to other format and the data is to be
transmitted. So now we deal with the Cryptography which is process of transmitting data securely
without any interruption. Network security is the security of data transmission in the
communication.
15
2.5 Common Security Threats
Identity interception: It means that someone might steal your identity and use it as their own.
Masquerading. If you send your username and password in clear text form, someone might be able
to grab it from the network and use it elsewhere with the intention of perpetrating fraud.
Replay attack: They might capture your request of withdrawing 1000 dollars from your Bank
account and then replay that request over the network.
Data interception and manipulation: If someone can read your credit card information while it
is on the wire, they could cause a lot of trouble for you.
Repudiation: When someone performs a transaction and then deny it later can be a big problem
in ecommerce.
For example, if you are manufacturer of something and you received a 1 million dollar purchase
request from a customer, you will want to make sure that person does not deny it after the
transaction has been completed. We all know what denial of service means.
16
Chapter 3
3.1 CIPHER
A cipher is an algorithm for performing encryption or decryption using a series of well-
defined steps that can be followed as a procedure.
For a cipher to be of practical value:
1. It must be difficult to be broken by enemy cryptanalyst.
2. It must be easy to encrypt decrypt with knowledge of secret key.
Data that can be read and understood without any special measures is called plaintext or clear text.
The method of disguising plaintext in such a way as to hide its substance is called encryption.
Encrypting plaintext results in unreadable gibberish called cipher text. You use encryption to make
sure that information is hidden from anyone for whom it is not intended, even those who can see
the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.
3.2 CLASSICAL CIPHER
Historical pen and paper ciphers used in the past are sometimes known as classical ciphers.
They include simple substitution ciphers or Caesars cipher and transposition ciphers. For
example GOOD DOG can be encrypted as PLLX XLP where L substitutes for O, P for
17
G, and X for D in the message. Transposition of the letters GOOD DOG can result in
DGOGDOO. Julius Caesar used to substitute each alphabet key characters down or up
accordingly and where the key used by him was 3.
Figure: Caesar Cipher
These simple ciphers and examples are easy to crack, even without plaintext-cipher text
pairs. Simple ciphers were replaced by polyalphabetic substitution ciphers which changed the
substitution alphabet for every letter. For example GOOD DOG can be encrypted as PLSX
TWF where L, S, and W substitute for O. With even a small amount of known or
estimated plaintext, simple polyalphabetic substitution ciphers and letter transposition ciphers
designed for pen and paper encryption are easy to crack. Another advancement in the theory was
the transposition cipher where the characters retain their plaintext form but change their positions
to create the cipher text. Here the text is organized into two dimensional tables, and the rows and
columns are interchanged according to a key. Consider the plaintext attackatxdawn and the
cipher text obtained using the transposition algorithm is xtawxnattxadakc as shown in the
figure below. In the following example the rows 1-5 and columns 1-3 are permutated to give new
set of rows (3,5,1,4,2) and columns (1,3,2).
18
Figure: Double Transposition
3.3 MODERN CIPHER
In cryptography several new ways of encrypting the message was further devised. These
algorithms were a bit more complicated than the previous classical ciphers. Generally modern
ciphers are classified according to their input size based or key based.
3.3.1 INPUT BASED CIPHERS:
The most common input size based ciphers are block cipher and stream cipher and are
described as follows.
3.3.1.1 BLOCK CIPHER:
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups
of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm
might take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit
block of cipher text. The exact transformation is controlled using a second input the secret key.
Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of cipher
text together with the secret key, and yields the original 128-bit block of plaintext.
Permute rows and columns
19
A message longer than the block size (128 bits in the above example) can still be encrypted with
a block cipher by breaking the message into blocks and encrypting each block individually.
However, in this method all blocks are encrypted with the same key, which degrades security
(because each repetition in the plaintext becomes a repetition in the cipher text). To overcome this
issue, modes of operation are used to make encryption probabilistic.
3.3.1.2 STREAM CIPHER:
In cryptography, a stream cipher is a symmetric key cipher where plaintext bits are combined
with a pseudorandom cipher bit stream (key stream), typically by an exclusive-or (xor) operation.
In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of
successive digits varies during the encryption. An alternative name is a state cipher, as the
encryption of each digit is dependent on the current state. In practice, the digits are typically single
bits or bytes.
20
Stream ciphers represent a different approach to symmetric encryption from block ciphers.
Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This
distinction is not always clear-cut: in some modes of operation, a block cipher primitive is used in
such a way that it acts effectively as a stream cipher. Stream ciphers typically execute at a higher
speed than block ciphers and have lower hardware complexity. However, stream ciphers can be
susceptible to serious security problems if used incorrectly: see stream cipher attacks in
particular, the same starting state must never be used twice.
3.3.2 KEY BASED CIPHER:
Apart from the block and stream ciphers a more enhanced methods were developed involving
the usage of a public and private key. The most widely used amongst them are described as follows.
3.3.2.1 SYMMETRIC KEY CRYPTOGRAPHY:
With secret key cryptography, a single key is used for both encryption and decryption. As
shown in figure, the sender uses the key (or some set of rules) to encrypt the plaintext and sends
the cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message
and recover the plaintext. Because a single key is used for both functions, secret key cryptography
is also called symmetric encryption. Secret key cryptography schemes are generally categorized
as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or
computer word) at a time and implement some form of feedback mechanism so that the key is
constantly changing. A block cipher is so called because the scheme encrypts one block of data at
a time using the same key on each block. In general, the same plaintext block will always encrypt
to the same cipher text when using the same key in a block cipher whereas the same plaintext will
encrypt to different cipher text in a stream cipher.
21
Figure: Symmetric Key Cryptography
It can be seen that symmetric key cryptography requires less time to encrypt a message so its
efficiency is high but on the other hand it must also be noted that each pair of users must have a
unique key, so N users need N(N-1)/2 keys. As a result the key distribution becomes difficult.
The most commonly used algorithms in symmetric key cryptography to encrypt the message are:
DES (Data Encryption Standard) and derivatives: double DES and triple DES
IDEA (International Data Encryption Algorithm)
Blowfish
RC5 (Rivest Cipher #5)
AES (Advance Encryption Standard)
22
3.3.2.2 PUBLIC KEY CRYPTOGRAPHY:
Public-key cryptography has been said to be the most significant new development in secure
communication over a non-secure communications channel without having to share a secret key.
Public Key Cryptography or Asymmetric cryptography provides the same message security
guarantees as symmetric cryptography, but additionally provides the non-repudiation guarantee.
Asymmetric refers to the fact that different keys are used for encryption and decryption. One
key is kept secret (secret key) and the other is made public (public key), and are both unique.
The recipients public key should be used during the encryption process to ensure message
confidentiality as only the recipient has the necessary secret key to decrypt the message. If,
however, the message is encrypted using the senders private key the sender cannot deny sending
the message as his private key is unique and is only known to him. Asymmetric cryptography is
extremely powerful, but this comes at a cost. Especially for longer messages and keys, it is much
slower than its symmetric cryptography counterparts. This is due in part to the fact that, in order
to achieve comparable security, asymmetric keys are generally around an order of magnitude
longer than symmetric keys.
Figure: Public Key Encryption
Typically used asymmetric key algorithm includes:
23
RSA (Rivest, Shamir, Adleman)
DH (Diffie-Hellman Key Agreement Algorithm)
ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm)
RPK (Raike Public Key)
3.4 HASH FUNCTIONS:
The system described above has some problems. It is slow, and it produces an enormous
volume of dataat least double the size of the original information. An improvement on the above
scheme is the addition of a one-way hash function in the process. A one-way hash function takes
variable-length input in this case, a message of any length, even thousands or millions of bits
and produces a fixed-length output; say, 160 bits.
The hash function ensures that, if the information is changed in any wayeven by just one
bitan entirely different output value is produced. PGP uses a cryptographically strong hash
24
function on the plaintext the user is signing. This generates a fixed-length data item known as a
message digest. Then PGP uses the digest and the private key to create the signature. PGP
transmits the signature and the plaintext together. Upon receipt of the message, the recipient uses
PGP to recompute the digest, thus verifying the signature. PGP can encrypt the plaintext or not;
signing plaintext is useful if some of the recipients are not interested in or capable of verifying the
signature. As long as a secure hash function is used, there is no way to take someones signature
from one document and attach it to another, or to alter a signed message in any way. The slightest
change to a signed document will cause the digital signature verification process to fail. Digital
signatures play a major role in authenticating and validating the keys of other PGP users.
25
Chapter 4
4.1 ENCRYPTION MODES
The ciphers in use are generally following these four encryption modes:
4.1.1 ELECTRONIC CODEBOOK (EBC):
Electronic Codebook (ECB) mode is the simplest, most obvious application: the secret key is
used to encrypt the plaintext block to form a cipher text block. Two identical plaintext blocks,
then, will always generate the same cipher text block. Although this is the most common mode
of block ciphers, it is susceptible to a variety of brute-force attacks
4.1.2 CIPHER BLOCK CHAINING:
Cipher Block Chaining (CBC) mode adds a feedback mechanism to the encryption scheme. In
CBC, the plaintext is exclusively-O Red (XORed) with the previous cipher text block prior to
encryption. In this mode, two identical blocks of plaintext never encrypt to the same cipher
text.
4.1.3 CIPHER FEEDBACK (CFB):
Cipher Feedback (CFB) mode is a block cipher implementation as a self-synchronizing stream
cipher. CFB mode allows data to be encrypted in units smaller than the block size, which might
be useful in some applications such as encrypting interactive terminal input. If we were using
1-byte CFB mode, for example, each incoming character is placed into a shift register the same
size as the block, encrypted, and the block transmitted. At the receiving side, the cipher text is
decrypted and the extra bits in the block (i.e., everything above and beyond the one byte) are
discarded.
4.1.4 OUTPUT FEEDBACK (OFB):
Output Feedback (OFB) mode is a block cipher implementation conceptually similar to a
synchronous stream cipher. OFB prevents the same plaintext block from generating the same
26
cipher text block by using an internal feedback mechanism that is independent of both the
plaintext and cipher text bit streams.
4.1.5 LRW Encryption Mode
BestCrypt uses LRW encryption mode with all encryption algorithms supported by the
software. "LRW" is derived from the names Liskov, Rivest, Wagner - the authors of the
encryption mode. The Institute of Electrical and Electronics Engineers (IEEE) has published a
description of the LRW mode in IEEE P1619 document.
LRW mode is less susceptible to attack or being compromised than other current techniques
such as Counter-Mode encryption or Cipher Block Chaining (CBC) encryption. The mode
addresses threats such as copy-and-paste and dictionary attacks. LRW mode is specially
designed for encryption of storage at the sector level.
LRW mode uses its own secret Secondary Encryption Key that is completely different from a
Primary Encryption Key used by certain encryption algorithms. The size of an LRW Secondary
Key is equal to the block size of the particular encryption algorithm. For example, if the block
size of an AES encryption algorithm is 128 bits, the LRW mode requires a 128-bit Secondary
Key.
As a result, the effective key length for the pair LRW mode + AES becomes higher than AES
originally has. While the AES key length is 256 bits, LRW+AES pair uses 256+128 = 384 bits
key.
Depending on your system, there can be some read /write performance degradation when using
LRW. Please use the Benchmark Utility to test.
4.1.6 XTS Encryption Mode
Best Crypt uses XTS encryption mode with AES (Rijndael), RC6, Serpent, and Two fish
encryption algorithms.
27
The Institute of Electrical and Electronics Engineers (IEEE) has approved XTS mode for
protection of information on block storage devices according to IEEE 1619 standard released
on 19th December, 2007. The IEEE 1619 document states the following for AES encryption
algorithm used as subroutine in XTS mode:
"XTS-AES is a tweak able block cipher that acts on data units of 128 bits or more and uses the
AES block cipher as a subroutine. The key material for XTS-AES consists of a data encryption
key (used by the AES block cipher) as well as a "tweak key" that is used to incorporate the
logical position of the data block into the encryption. XTS-AES is a concrete instantiation of
the class of tweak able block ciphers described in Rogaway article (Phillip Rogaway - author
of the mode). The XTS-AES addresses threats such as copy-and-paste attack, while allowing
parallelization and pipelining in cipher implementations."
XTS mode uses its own secret key (a "tweak key") that is completely different from Primary
Encryption Key used by certain encryption algorithm.
For example, if block size of AES encryption algorithm is 128 bits, XTS mode requires 128-
bit key. As a result, the effective key length for the pair XTS mode + AES becomes higher
than AES originally has. While AES key length is 256 bits, XTS+AES pair uses 256+128 =
384 bits key.
The size of XTS key is equal to block size of the certain encryption algorithm, and IEEE 1619
standard states that it must be 128 bits or more. It is the reason why Best Crypt uses XTS mode
only with encryption algorithms with block sizes not less than 128 bits.
28
Chapter 5
5.1 APPLICATIONS
Cryptography is best known as a way of keeping the contents of a message secret.
Confidentiality of network communications, for example, is of great importance for e-commerce
and other network applications. However, the applications of cryptography go far beyond simple
confidentiality. In particular, cryptography allows the network business and customer to verify the
authenticity and integrity of their transactions. If the trend to a global electronic marketplace
continues, better cryptographic techniques will have to be developed to protect business
transactions.
Sensitive information sent over an open network may be scrambled into a form that cannot be
understood by a hacker or eavesdropper. This is done using a mathematical formula, known as an
encryption algorithm, which transforms the bits of the message into an unintelligible form. The
intended recipient has a decryption algorithm for extracting the original message. There are many
examples of information on open networks, which need to be protected in this way, for instance,
bank account details, credit card transactions, or confidential health or tax records.
In order to allow different users to use the same algorithm, the algorithm is used in
conjunction with a secret key, a long sequence of binary numbers, as shown in the illustration,
which is known only by the legitimate users. Only users sharing the same key will be able to
29
decrypt each other's encrypted messages. Since the key allows access to the encrypted information,
it is of paramount importance that it is kept secret and is frequently changed.
Before two parties can send information securely, they must first exchange a secret key.
This however presents a dilemma, sometimes called the Catch 22 of Cryptography how can
the two parties exchange a key secretly before they can communicate in secret? Even if the sender
and receiver found a channel that they believed to be secure, in the past there has been no way to
test the secrecy of each key. Quantum cryptography solves this problem. It allows the sender and
receiver to test and guarantee the secrecy of each individual key. There are various types of
applications which are given below.
1. Defense Services
2. Secure Data Manipulation
3. E Commerce
4. Business Transactions
5. Internet Payment Systems
6. Pass Phrasing
7. Secure Internet Comm.
8. User Identification Systems
9. Access Control
10. Computational Security
11. Secure access to Corp Data
12. Data Security.
30
5.2 Public-Key Encryption for Digital Signatures
A major benefit of public key cryptography is that it provides a method for employing digital
signatures. Digital signatures enable the recipient of information to verify the authenticity of the
information's origin, and also verify that the information is intact. Thus, public key digital
signatures provide authentication and data integrity. A digital signature also provides non-
repudiation, which means that it prevents the sender from claiming that he or she did not actually
send the information. These features are every bit as fundamental to cryptography as privacy, if
not more.
A digital signature serves the same purpose as a handwritten signature. However, a handwritten
signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it
is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to
the identity of the signer.
5.3 Public-Key Encryption for Digital Certificates
Digital certificates, or cert., simplify the task of establishing whether a public key truly belongs
to the purported owner. A certificate is a form of credential. Examples might be your birth
certificate.
Each of these has some information on it identifying you and some authorization stating that
someone else has confirmed your identity. Some certificates, such as your passport, are important
enough confirmation of your identity that you would not want to lose them, lest someone use them
to impersonate you.
5.4 Digital Certificate
A digital certificate is data that functions much like a physical certificate. A digital certificate is
information included with a person's public key that helps others verify that a key is genuine or
valid.
31
Digital certificates are used to thwart attempts to substitute one person's key for another.A digital
certificate consists of three things:
A public key.
Certificate information. ("Identity" information about the user, such as name, user ID, and
so on.)
One or more digital signatures.
The purpose of the digital signature on certificate is to state that the certificate information has
been attested to by some other person or entity. The digital signature does not attest to the
authenticity of the certificate as a whole; it vouches only that the signed identity information goes
along with, or is bound to, the public key. Thus, a certificate is basically a public key with one or
two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.
5.4.1 Cryptographic Technologies
Based on Layers
Link layer encryption
Network layer encryption
IPSEC, VPN, SKIP
Transport layer
SSL, PCT(Private Communication Technology)
Application layer
PEM (Privacy Enhanced Mail)
PGP (Pretty Good Privacy)
SHTTP
Cryptographic process can be implemented at various layers starting from the link Layer all the
way up to the application layer. The most popular encryption scheme is SSL and it is implemented
at the transport layer. If the encryption is done at the transport layer, any application that is running
on the top of the transport layer can be protected.
32
5.4.2 Based on Algorithms
Secret-key encryption algorithms (Symmetric algorithms)
DES (Data Encryption Standard) -- 56 bit key
Triple DES --112 bit key
IDEA (International Data Encryption Algorithm) --128bit key
33
34
Chapter 6
6.1 RSA (cryptosystem)
RSA is one of the first practicable public-key cryptosystems and is widely used for secure data
transmission. In such a cryptosystem, the encryption key is public and differs from the decryption
key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring
the product of two large prime numbers, the factoring problem. RSA stands for Ron Rivest, Adi
Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. Clifford Cocks,
an English mathematician, had developed an equivalent system in 1973, but it was not declassified
until 1997.
A user of RSA creates and then publishes a public key based on the two large prime numbers,
along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public
key to encrypt a message, but with currently published methods, if the public key is large enough,
only someone with knowledge of the prime numbers can feasibly decode the message. Breaking
RSA encryption is known as the RSA problem; whether it is as hard as the factoring problem
remains an open question.
6.2 History
The RSA algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard
Adleman at MIT; the letters RSA are the initials of their surnames, listed in the same order as on
the paper.
MIT was granted U.S. Patent 4,405,829 for a "Cryptographic communications system and method"
that used the algorithm, on September 20, 1983. Though the patent was going to expire on
September 21, 2000 (the term of patent was 17 years at the time), the algorithm was released to
the public domain by RSA Security on September 6, 2000, two weeks earlier. Since a paper
describing the algorithm had been published in August 1977, prior to the December 1977 filing
date of the patent application, regulations in much of the rest of the world precluded patents
elsewhere and only the US patent was granted. Had Cocks' work been publicly known, a patent in
the US might not have been possible, either.
From the DWPI's abstract of the patent,
35
The system includes a communications channel coupled to at least one terminal having an
encoding device and to at least one terminal having a decoding device. A message-to-be-
transferred is enciphered to ciphertext at the encoding terminal by encoding the message as a
number M in a predetermined set. That number is then raised to a first predetermined power
(associated with the intended receiver) and finally computed. The remainder or residue, C, is...
computed when the exponentiated number is divided by the product of two predetermined prime
numbers (associated with the intended receiver).
Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ,
described an equivalent system in an internal document in 1973, but given the relatively expensive
computers needed to implement it at the time, it was mostly considered a curiosity and, as far as
is publicly known, was never deployed. His discovery, however, was not revealed until 1998 due
to its top-secret classification, and Rivest, Shamir, and Adleman devised RSA independently of
Cocks' work.
6.3 Operation
The RSA algorithm involves three steps: key generation, encryption and decryption.
6.3.1 Key generation
RSA involves a public key and a private key. The public key can be known by everyone and is
used for encrypting messages. Messages encrypted with the public key can only be decrypted in a
reasonable amount of time using the private key. The keys for the RSA algorithm are generated
the following way:
1. Choose two distinct prime numbers p and q.
o For security purposes, the integers p and q should be chosen at random, and should
be of similar bit-length. Prime integers can be efficiently found using a primality
test.
2. Compute n = pq.
o n is used as the modulus for both the public and private keys. Its length, usually
expressed in bits, is the key length.
36
3. Compute (n) = (p)(q) = (p 1)(q 1) = n - (p + q -1), where is Euler's totient function.
4. Choose an integer e such that 1 < e < (n) and gcd(e, (n)) = 1; i.e., e and (n) are coprime.
o e is released as the public key exponent.
o e having a short bit-length and small Hamming weight results in more efficient
encryption most commonly 216 + 1 = 65,537. However, much smaller values of e
(such as 3) have been shown to be less secure in some settings.[5]
5. Determine d as d e1 (mod (n)); i.e., d is the multiplicative inverse of e (modulo (n)).
This is more clearly stated as: solve for d given de 1 (mod (n))
This is often computed using the extended Euclidean algorithm. Using the
pseudocode in the Modular integers section, inputs a and n correspond to e and
(n), respectively.
d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the modulus n and the private (or decryption) exponent d, which must be kept
secret. p, q, and (n) must also be kept secret because they can be used to calculate d.
An alternative, used by PKCS#1, is to choose d matching de 1 (mod ) with = lcm(p
1, q 1), where lcm is the least common multiple. Using instead of (n) allows more
choices for d. can also be defined using the Carmichael function, (n).
The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p
and q match additional requirements: being strong primes, and being different enough that
Fermat factorization fails.
6.3.2 Encryption
Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then wishes to
send message M to Alice.
37
He first turns M into an integer m, such that 0 m < n by using an agreed-upon reversible protocol
known as a padding scheme. He then computes the ciphertext c corresponding to
This can be done efficiently, even for 500-bit numbers, using Modular exponentiation. Bob then
transmits c to Alice.
Note that at least nine values of m will yield a ciphertext c equal to m,[note 1] but this is very unlikely
to occur in practice.
6.3.3 Decryption
Alice can recover m from c by using her private key exponent d via computing
Given m, she can recover the original message M by reversing the padding scheme.
38
Chapter 7
CONCLUSION
Cryptography is a particularly interesting field because of the amount of work that is, by necessity,
done in secret. The irony is that today, secrecy is not the key to the goodness of a cryptographic
algorithm. Regardless of the mathematical theory behind an algorithm, the best algorithms are
those that are well-known and well-documented because they are also well-tested and well-
studied! In fact, time is the only true test of good cryptography; any cryptographic scheme that
stays in use year after year is most likely a good one. The strength of cryptography lies in the
choice (and management) of the keys; longer keys will resist attack better than shorter keys.
Cryptography protects users by providing functionality for the encryption of data and
authentication of other users. This technology lets the receiver of an electronic message verify the
sender, ensures that a message can be read only by the intended person, and assures the recipient
that a message has not be altered in transit. This paper describes the cryptographic concepts of
symmetric key encryption, public-key encryption, types of encryption algorithms, hash algorithms,
digital signatures, and key exchange. The Cryptography Attacking techniques like Cryptanalysis
and Brute Force Attack. This Paper provides information of Network Security Needs and
Requirements.
Cryptography is a particularly interesting field because of the amount of work that is, by necessity,
done in secret. The irony is that today, secrecy is not the key to the goodness of a cryptographic
algorithm. Regardless of the mathematical theory behind an algorithm, the best algorithms are
those that are well known and well-documented because they are also well-tested and well-studied!
In fact, time is the only true test of good cryptography; any cryptographic scheme that stays in use
year after year is most likely a good one. The strength of cryptography lies in the choice (and
management) of the keys; longer keys will resist attack better than shorter keys.
39
Chapter 8
Reference
Cryptography and Network Security By William Stallings.
Introduction to Cryptography By Aysel Ozgur
http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29
http://www-users.cs.umn.edu/
