Data Security:Cryprography

Presented By VARAPRASAD M.Tech(Software Engineering)

A Model Of Cryptography
Terms

and Definitions

Palintext:

An intelligible message that is to be converted into an unintelligible form.

Ciphertext:

A message in encrypted form.

 Encryption:

The process of converting a plaintext to a ciphertext.

Decryption:

The process of converting a ciphertext to a plaintext.

Symmetric:

If key is the same for both encryption and decryption the system is referred to as symmetric. Cryptosystem: Is a system for encryption and decryption of information. Cryptology: Is the science for encryption and decryption of information. Cryptography: Refers to the practice of using cryptosystems to maintain confidentiality of information.

Classification Of Cryptographic Systems

Cryptographic Systems classified into Conventional systems and Modern systems Modern systems again classified into public key systems and Private Key systems

Classical Encryption Techniques

Substitution

techniques

The letters of the message are replaced by other letters or by numbers or symbols.

Transposition

techniques

Performing some sort of permutation on the messages letters

Caesar Cipher
The

earliest known use of a substitution cipher was by Julius Caesar. message: meet me after the party cipher: phhw ph diwhu wkh sduwb C= (m+3) mod 26

C= (m+k) mod 26

Monoalphabetic Cipher
Use

any permutation of the 26 alphabetic characters abcdefghijklmnopqrstuvwxyz qeryuiopasdfgwhjklzxcvbnmt under attack we need help cwyulqxxqrdbuwuuypufj

Frequency of Letters in English

14 12 10
8.5 9.25 7.75 7.75 7.75 7.5 6 4.25 12.75

8 6 4 2 0

3.5

3 2

3.5

3.75 2.75 2.75 3 1.5 1.5 0.25 0.5 0.5 0.5 2.25

1.25 0.25

A B C D E F GH I J K L MN O P Q R S T U VWX Y Z

Polyalphabetic Cipher
Using

different monoalphabetic substitution message: wearediscoveredsaveyourself key: deceptivedeceptivedeceptive Ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Transposition
Performing

sort of permutation on the message letters message: meet me after the toga party me m a t r h tg p r y et e f e t e oa at

Ciphertext: MEMATRHTGPRYETEFETEOAAT

German Enigma Machine

In the history of cryptography, the Enigma was a portable cipher machine used to encrypt and decrypt secret messages. More precisely, Enigma was a family of related electro-mechanical rotor machines comprising a variety of different models.

Practical Problems
Generating

a fully random key is practically very hard (sometimes impossible). To ensure the security of the system, key size should not be less than message size. Sending a not repeated key in same size of the message through a secure channel to the receiver is impossible.

Computational Security
An

encryption scheme is secure if it takes very long time to break the ciphertext Lifetime is defined in each application, for example:

Military orders = 1 hour to 3 years Check transaction = 1 year Business agreement = 10-15 years

Good News
With

enough number of the substitution and transposition modules we can make a strong encryption scheme

Data Encryption Standard (DES)

input (2w bits)

w bits F

w bits

round key

nonlinear function

DES
Encryption Decryption

k1
k2 Block size 64 bits Key size 56 bits k16 Permutation

k16 k15

k1

Triple DES
message DES ka kb

DES

DES

ka

cipher

Applications for Public-Key Cryptosystems

Three categories: Encryption/decryption: The sender encrypts a message with the recipients public key. Digital signature: The sender signs a message with its private key. Key echange: Two sides cooperate two exhange a session key.

Public-Key Cryptographic Algorithms

RSA and Diffie-Hellman RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977.

RSA is a block cipher The most widely implemented Echange a secret key securely Compute discrete logarithms

Diffie-Hellman

The RSA Algorithm Generation

1.
2. 3.

Key

4.
5. 6.

7.

Select p,q p and q both prime Calculate n = p x q Calculate (n) ( p 1)(q 1) gcd((n), e) 1; 1 e (n) Select integer e 1 d e mod (n) Calculate d Public Key KU = {e,n} Private key KR = {d,n}

Example of RSA Algorithm

The RSA Algorithm - Encryption

Plaintext: Ciphertext:

M<n C = Me (mod n)

The RSA Algorithm - Decryption

Ciphertext: Plaintext:

C M = Cd (mod n)

Digital Signatures
digital

signatures provide the ability to:

verify author, date & time of signature authenticate message contents be verified by third parties to resolve disputes

Digital Signature Properties

must depend on the message signed must use information unique to sender

to prevent both forgery and denial

must be relatively easy to produce must be relatively easy to recognize & verify be computationally infeasible to forge

with new message for existing digital signature with fraudulent digital signature for given message

be practical save digital signature in storage

Authentication Applications
will

consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service then X.509 directory authentication service

Kerberos
trusted

key server system from MIT provides centralised private-key third-party authentication in a distributed network

allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server

two

versions in use: 4 & 5

Kerberos Requirements
first

published report identified its requirements as:

security reliability transparency scalability

implemented

using an authentication protocol based on Needham-Schroeder

Kerberos 4 Overview
a

basic third-party authentication scheme have an Authentication Server (AS)

users initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket TGT)

have

a Ticket Granting server (TGS)

users subsequently request access to other services from TGS on basis of users TGT

Kerberos 4 Overview

Kerberos Realms
a

Kerberos environment consists of:

a Kerberos server a number of clients, all registered with server application servers, sharing keys with server

this

is termed a realm

typically a single administrative domain

if

have multiple realms, their Kerberos servers must share keys and trust

Kerberos Version 5
developed

in mid 1990s provides improvements over v4

addresses environmental shortcomings

encryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm auth

and technical deficiencies

double encryption, non-std mode of use, session keys, password attacks

specified

as Internet standard RFC 1510

References
Cryptography

and Network Security:Principles and Practice , William Stallings (Prentice Hall) Advanced Concepts in Operating Systems,Mukesh Singhal,Niranjan ECC Online tutorial , Certicome website,
http://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.html

Cryptography

: theory and practice , Douglas Robert Stinson (CRC press series)

Any Questions?

Thank you