ASSIGNMENT ON ENCRYPTION Course: e-Business Subject Code: MS 114 Semester: MBA II 2012 2014 Instructor: Ms.

. Khushbu Arora Batch:

Distinguish between a. Authentication and non-repudiation Ans: Authenticity is about one party (say, Alice) interacting with another (Bob) to
convince Bob that some data really comes from Alice. Non-repudiation is about Alice showing to Bob a proof that some data really comes from Alice, such that not only Bob is convinced, but Bob also gets the assurance that he could show the same proof to Charlie, and Charlie would be convinced, too, even if Charlie does not trust Bob. Authentication and non-repudiation are two different sorts of concepts.
Authentication is a technical concept: e.g., it can be solved through cryptography. Non-repudiation is a legal concept: e.g., it can only be solved through legal and social

processes (possibly aided by technology).

b. Integrity and Privacy Ans: Privacy

Privacy means that it should not be possible for an unauthorized user to intercept and read data. Data Privacy (TDP) is to provide an international forum for researchers on all topics related to data privacy technologies. The journal will publish original and high quality papers. TDP welcomes archival research papers, comprehensive reviews, authoritative tutorials, short notes and comprehensive book reviews. All papers will be peer-reviewed. The journal will accept submissions from multiple disciplines related to the various aspects of data privacy (e.g. data mining, statistics, cryptography, database technology, data communication, etc.). Regarding the application

papers, contributions to solving privacy problems in the main application areas (e.g. official statistics, electronic commerce and Internet, healthcare, telecommunications, etc.) are welcome. Papers can be theoretical or applied.

Integrity
Integrity means that it should not be possible for an unauthorized user to alter data. It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter. Integrity can even include the notion that the person or entity in question entered the right information -- that is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and that under the same circumstances would generate identical data (what statisticians call "reliability"). On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.

c. Non-repudiation and integrity Ans: Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. To repudiate means to deny. For many years, authorities have sought to make repudiation impossible in some situations. You might send registered mail, for example, so the recipient cannot deny that a letter was delivered. Similarly, a legal document typically requires witnesses to signing so that the person who signs cannot deny having done so. On the Internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person that purported to sign the document, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature. Since no security technology is absolutely fool-proof, some experts warn that a digital signature alone may not always guarantee nonrepudiation. It is suggested that multiple approaches be used, such as capturing unique biometric information and other data about the sender or signer that collectively would be difficult to repudiate. Integrity
Integrity means that it should not be possible for an unauthorized user to alter data.

It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter. Integrity can even include the notion that the person or entity in question entered the right information -- that is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and that under the same circumstances would generate identical data (what statisticians call "reliability"). On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.

d. Cipher and cipher text Ans: cipher text

In cryptography, ciphertext (or cyphertext) is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it. Decryption, the inverse of encryption, is the process of turning ciphertext into readable plaintext. Ciphertext is not to be confused with code text because the latter is a result of a Code, not a cipher.

Cipher
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryptiona series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. To encipher or encode is to convert information from plain text into code or cipher. In non-technical usage, a "cipher" is the same thing as a "code"; however, the concepts are distinct in cryptography. In classical cryptography, ciphers were distinguished from codes. Codes operated by substituting according to a large codebook which linked a random string of characters or numbers to a word or phrase. For example, "UQJHSE" could be the code for "Proceed to the following coordinates". When using a cipher the original information is known as plaintext, and the encrypted form as cipher text. The ciphertext message contains all the information of the plaintext message, but is not in a format readable by a human or computer without the proper mechanism to decrypt it. The operation of a cipher usually depends on a piece of auxiliary information, called a key(or, in traditional NSA parlance, a cryptovariable). The encrypting procedure is varied depending on the key, which changes the detailed operation of the algorithm. A key must be selected before using a cipher to encrypt a message. Without knowledge of the key, it should be difficult, if not nearly impossible, to decrypt the resulting ciphertext into readable plaintext.

e. Stream cipher and block cipher Ans: What is the difference between a Stream Cipher and a Block Cipher?
Although both stream ciphers and block ciphers belong to the family of symmetric encryption ciphers, there are some key differences. Block ciphers encrypt fixed length blocks of bits, while stream ciphers combine plain-text bits with a pseudorandom cipher bits stream using XOR operation. Even though block ciphers use the same transformation, stream ciphers use varying transformations based on the state of the engine. Stream ciphers usually execute faster than block ciphers. In terms of hardware complexity, stream ciphers are relatively less complex. Stream ciphers are the typical preference over block ciphers when the plain-text is available in varying quantities (for e.g. a secure wifi connection), because block ciphers cannot operate directly on blocks shorter than the block size. But sometimes, the difference between stream ciphers and block ciphers is not very clear. The reason is that, when using certain modes of operation, a block cipher can be used to act as a stream cipher by allowing it to encrypt the smallest unit of data available.