CRYPTOGRAPHY

&
INFORMATION SECURITY

Overview of Cryptography & Its Applications:

People want and need privacy and security while communicating.
In the past, cryptography is heavily used for military applications to

keep sensitive information secret from enemies (adversaries). Julius

Caesar used a simple shift cipher to communicate with his generals in
the
battlefield.
Now a days, with the technologic progress as our dependency on

electronic systems has increased we need more sophisticated techniques.

Cryptography provides most of the methods and techniques for a

secure communication.

Overview of Information Security & Its

Applications:
It mainly specifies that how a particular information is protected. i.e.,
protection
Security makes the information to in access it by the third party. It contains 4

basic structures, namely

1. Security Attacks
2. Security Services
3. Security Mechanisms
4. A model for network security

Security attacks:
Any action that comprises the security of information wont by an
organization.
Normal Information Flow

SOURCE

DESTINATION

The 4 general categories of attacks are namely,

Interruption: This is an attack on availability in which the resources of a computer
system are damaged or becomes unavailable.

SOURCE

DESTINATION

Interception: It affects the confidentiality of information in which an

unauthorized person or program gets the access or control to some system
resource.
SOURCE

DESTINATION
INTRUDER

Modification: It is an attack against the integrity of the Information.

i.e., modifying the values in a data file.
DESTINATION

SOURCE
INTRUDER

Fabrication: This is an attack on the authenticity of a message in which

an unauthorized party adds fake objects into the system.
SOURCE

DESTINATION
INTRUDER

Security attacks(contd.):
There are 2 types of attacks, namely
Passive Attack: It refers to the process of monitoring or wiretapping of the
ongoing transmission. It includes
1. Release of message contents
2. Traffic Analysis

Active Attack: An Attacker can alter the information or sometimes generates

fraudulent information into the network. It includes
1. Masuerade
2. Replay
3. Modification
4. Denial of service

Security Services:
X.800 defines it as: a service provided by a protocol layer of communicating open

systems, which ensures adequate security of the systems or of data transfers

RFC 2828 defines it as: a processing or communication service provided by a

system to give a specific kind of protection to system resources

X.800 defines it in 5 major categories
Authentication - assurance that the communicating entity is the one claimed
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in communication.

Security Mechanisms:
The security mechanisms in x.800 are categorized into 2 types,namely
Specific security mechanisms: The Mechanisms that are executed in a
particular protocol layer. It includes,
1. Encipherment
2. Digital Signatures
3. Access Controls
4. Data Integrity
5. Authentication Exchange
6. Traffic Padding
7. Routing Control
8. Notarization

Security Mechanisms:(contd.)
Pervasive Mechanisms: The Mechanisms that are not specific to any
protocol layer. It includes,
1. Trusted functionality
2. Security Labels
3. Event Detection
4. Security Audit Trails
5. Security Recovery

A Model For Network Security:

Trusted Third Party

MS
G

secure
Messag
e

(Secret Information)
Information)

Information
Channel

(Opponent)

Secure
Messag
e

MSG

(Secret

Terminology Related To Cryptography:

Cryptology: All-inclusive term used for the study of secure
communication over non-secure channels and related problems.

Cryptography: The process of designing systems to realize secure

communications over non-secure channels.

Cryptoanalysis: The discipline of breaking the cryptographic systems.

Coding Theory: Deals with representing the information using codes. It
covers: compression, secrecy, and error-correction. Recently, it is
predominantly associated with error-correcting codes which ensures the
correct transmissions over noisy-channels.

Cryptography: process of making and using codes to secure

transmission of information

Encryption: converting original message into a form unreadable by

unauthorized individuals. i.e., converting a given particular plain text
into cipher text.

Decryption: Converting the obtained cipher text into original message.

i.e., Plain Text.

Secure Communications:

Encryption Key

Alice

plaintext

Encrypt

Mallory
Oscar

Decryption Key
ciphertext

Eve

Decrypt

Enemy or
Adversary

Basic Communication Scenario

Bob

Eves Goals:
1. Read the message
2. Figure out the key Alice is using and read all the messages encrypted with

that key
3. Modify the content of the message in such a way that Bob will think Alice

sent the altered message.

4. Impersonate Alice and communicate with Bob who thinks he is

communicating with Alice.

Oscar is a passive observer who is trying to perform (1) and (2).
Mallory is more active and evil who is trying to perform
(3) And (4).

Attack Methods:
1. Ciphertext only: Alice has only a copy of ciphertext
2. Known Plaintext: Eve has a copy of ciphertext and the corresponding
plaintext and tries the deduce the key.

3. Chosen Plaintext: Eve has a copy of ciphertext corresponding to a copy

of plaintext selected by Alice who believes it is useful to deduce the key.

4. Chosen Ciphertext: Eve has a copy plaintext corresponding to a copy

of ciphertext selected by Alice who believes it is useful to deduce the key.

Cryptographic Algorithms:
Often grouped into two broad categories, symmetric and asymmetric;

todays popular cryptosystems use hybrid combination of symmetric

and asymmetric algorithms
Symmetric and asymmetric algorithms distinguished by types of keys

used for encryption and decryption operations

Cryptographic Algorithms (continued):

Symmetric encryption: uses same secret key to encipher and

decipher

message
Encryption methods can be extremely efficient, requiring minimal

processing
Both sender and receiver must possess encryption key
If either copy of key is compromised, an intermediate can decrypt and read

messages

Cryptographic Algorithms (continued):

Data Encryption Standard (DES): one of most popular symmetric
encryption cryptosystems
64-bit block size; 56-bit key
Adopted by NIST in 1976 as federal standard for encrypting non-

classified information

Triple DES (3DES): created to provide security far beyond DES

Advanced Encryption Standard (AES): developed to replace both DES
and 3DES

Cryptographic Algorithms (continued):

Asymmetric Encryption (public key encryption):
Uses two different but related keys; either key can encrypt or

decrypt message
If Key A encrypts message, only Key B can decrypt
Highest value when one key serves as private key and the other

serves as public key

Fundamental Cryptographic Applications:

Confidentiality
Hiding the contents of the messages exchanged in a transaction

Authentication
Ensuring that the origin of a message is correctly identified

Integrity
Ensuring that only authorized parties are able to modify
computer system assets and transmitted information

Non-repudiation
Requires that neither of the authorized parties deny the
aspects of a valid transaction

Other Cryptographic Applications:

Digital Signatures: allows electronically sign (personalize) the electronic
documents, messages and transactions
Identification: is capable of replacing password-based identification

methods with more powerful (secure) techniques.

Key Establishment: To communicate a key to your correspondent (or

perhaps actually mutually generate it with him) whom you have never
physically met before.

Secret Sharing: Distribute the parts of a secret to a group of people who

can never exploit it individually.
E-commerce: carry out the secure transaction over an insecure channel like

Internet. (E-cash and Games)

Protocols for Secure Communications:

Secure Socket Layer (SSL) protocol: uses public key encryption to secure
channel over public Internet

Secure Hypertext Transfer Protocol (S-HTTP): extended version of

Hypertext Transfer Protocol; provides for encryption of individual messages
between client and server across Internet
S-HTTP is the application of SSL over HTTP; allows encryption of

information passing between computers through protected and secure

virtual connection

Protocols for Secure Communications (continued):

Securing E-mail with S/MIME, PEM, and PGP
Secure Multipurpose Internet Mail Extensions (S/MIME): builds on

Multipurpose Internet Mail Extensions (MIME) encoding format by adding

encryption and authentication
Privacy Enhanced Mail (PEM): proposed as standard to function with

public key cryptosystems; uses 3DES symmetric key encryption

Pretty Good Privacy (PGP): uses IDEA Cipher for message encoding

Protocols for Secure Communications (continued):

Securing Web transactions with SET, SSL, and S-HTTP
Secure Electronic Transactions (SET): developed by MasterCard and

VISA in 1997 to provide protection from electronic payment fraud

Uses DES to encrypt credit card information transfers
Provides security for both Internet-based credit card transactions and

credit card swipe systems in retail stores

Advantages& Disadvantages of
Cryptography and Information Security:
Advantages: There will be a perfect security to the secret writing.

Disadvantages: There will be hacking problems, i.e., There is a problem to

secret writing.

Future of Cryptography &

Information Security:
There will be Technology like Quantum Computing, where quantum

computer would deal with quantum bits (qubits) that can simultaneously
represent both 0 and 1 by simultaneously spinning in different directions.

Conclusion:
Information security is increasingly important
Have varying degrees of sensitivity of information

--cf military info classifications: confidential, secret etc

Subjects (people or programs) have varying rights of access to objects

(information)
Cryptography and encryption provide sophisticated approach to security
Many security-related tools use embedded encryption technologies
Encryption converts a message into a form that is unreadable by the

unauthorized
Many tools are available and can be classified as symmetric or asymmetric, each

having advantages and special capabilities