SlideShare a Scribd company logo

Cryptography

Download as PPTX, PDF
Abhi Prithi, profile picture
Abhi Prithi

Cryptography is used to provide security goals like confidentiality, integrity, authentication and non-repudiation. It involves encryption of messages using algorithms and keys. Symmetric key cryptography uses a shared secret key while public key cryptography uses separate public and private keys. Cryptographic protocols specify the steps entities take to achieve security objectives like key exchange and authentication. Cryptanalysis involves techniques to break cryptographic systems and protocols.

EducationTechnology
1 of 32
Downloaded 112 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Cryptography
Post graduate and research department of computer application
PRESENTED BY:
CONTENT:
Cryptography
cryptography: Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography is not the only means of providing information security, but rather one set of techniques. Cryptography is the process of writing,using various method(“ciphers”)to keep message secret
Crytographic goals: CONFIDENTIALITY: Confidentiality is a service used to keep the content of information from all but those authorized to have it. Secrecy is a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. DATA INTEGRITY: Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution.
AUTHENTICATION: Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin , date of origin, data content, time sent, etc. For these reasons this aspect of cryptography is usually subdivided into two major classes: entity authentication & data origin authentication. Data origin authentication implicitly provides data integrity NON-REPUDIATION : Non-repudiation is a service which prevents an entity from denying previous commitments or actions. When disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary.
History of cryptography: Cryptography was concerned solely with message confidentiality(encryption). Conversion of message from a comprehensible form into an incomprehensible one, rendering it unreadable by interceptors without secret knowledge(decryption). Encryption was used to ensure secrecy in communication , such as military leaders & diplomats. In recent days , it has expanded beyond confidentiality concern include , digital signature, identity authentication, interactive proof & secure computation.
Classic cryptography: The earliest forms of secret writing required little more than pen & paper analogs , as most people could not read. The main classical cipher types are transposition cipher , which arrange the order of letters in a message. Transposition cipher eg : hello world becomes “ehlol owrdl”. substitution ciphers, which systematical replace letters or group of letters. substitution cipher eg : fly at once becomes “gmz bu podf”
SECURITY OF ALGORITHM:  TOTAL BREAKS: A cryptanalyst finds the key k ,such that D k(c)=p. K is a key factor  GLOBAL DEDUCTION: A cryptanalyst finds the alternative algorithm , a equivalent to D k( c)  INSTANCE OR DEDUCTION: A cryptanalyst finds the plain text of an intercepted cipher text  INFORMATION DEDUCTION: A cryptanalyst gains the information about the key or plain text . this information could be a few bit of the key.
TYPES OF ATTACKS TO THE CIPHER TEXT: There are 4 attacks , namely ! Cipher text only attack !! Known plaintext attack !!!Cryptanalyst chosen cipher text A. CIPHER TEXT-ONLY ATTACK: c1=e k(p1)….c2=e k(p2)…….c i=e k(pi) reduce : c i+1=e k(pi+1) B. KNOWN PLAINTEXT ATTACK: p1,c1=e k(p1),p2,c2=e k(p2)….pi c i=e k(pi) reduce: pi+1 from ci+1=e k(pi+1) C. cryptanalyst chosen plaintext attack: pi , ci = ek (p1),pi , ci = ek (pi) reduce: pi+1 from ci+1=ek(pi+1)
PROCEDURE OF ATTACKS: DATA COMPLEXITY: The amount of data needed as input to the attack PROCESSING: The time needed to perform the attack . This is often called as work factor. STORAGE REQUIREMENT: The amount of memory needed to attack
Information security & cryptography To introduce cryptography, an understanding of issues related to information security in general is necessary. Information security manifests itself in many ways according to the situation and requirement. Regardless of who is involved, to one degree or another, all parties to a transaction must have confidence that certain objectives associated with information security have been met.
Over the centuries, an elaborate set of protocols and mechanisms has been created to deal with information security issues when the information is conveyed by physical documents. Often the objectives of information security cannot solely be achieved through mathematical algorithms and protocols alone, but require procedural techniques and abidance of laws to achieve the desired result.
Basic terminology and concepts: Sender and Receiver: Suppose a sender wants to send a message to a receiver. Moreover, this sender wants to send the message securely: She wants to make sure an eavesdropper cannot read the message. Messages and Encryption: A message is plaintext (sometimes called clear text). The process of disguising a message in such a way as to hide its substance is encryption. An encrypted message is cipher text. The process of turning Cipher text back into plaintext is decryption. (If you want to follow the ISO 7498-2 standard, use the terms “encipher” and “decipher.” It seems that some cultures find the terms “encrypt” and “decrypt” offensive, as they refer to dead bodies.)
The art and science of keeping messages secure is cryptography, and it is practiced by cryptographers. Cryptanalysts are practitioners of cryptanalysis, the art and science of breaking cipher text. The branch of mathematics encompassing both cryptography and cryptanalysis is cryptology and its practitioners are cryptologists. Modern cryptologists are generally trained in theoretical mathematics—they have to be.
Encryption and Decryption. Plaintext is denoted by M, for message, or P, for plaintext. It can be a stream of bits, a text file, a bitmap, a stream of digitized voice, a digital video image. As far as a computer is concerned, M is simply binary data. The plaintext can be intended for either transmission or storage. In any case, M is the message to be encrypted. Cipher text is denoted by C. It is also binary data: sometimes the same size as M, sometimes larger. (By combining encryption with compression, C may be smaller than M. However, encryption does not accomplish this.)
The encryption function E, operates on M to produce C. Or, in mathematical notation: E(M) = C In the reverse process, the decryption function D operates on C to produce M: D(C) = M Since the whole point of encrypting and then decrypting a message is to recover the original plaintext, the following identity must hold true: D(E(M)) = M
Notation: p is the plaintext. This is the original readable message(written in some standard language like english , french , hindi). c is ciphertext .this is the output of some encryption scheme , and is not readable by humans. E is the encryption function. E(P)=C EG. to mean that appling the encryption process E to the plaintext P produces the ciphertext C. D is the decryption function. Eg D(C)=P. NOTE: D(E(P))=P & E(D(C))=C
The encryption key is the piece of data that allows the computation of E. similarly we have the decryption key . These may or may not be same. they also may not be secret. To attack a cipher is to attempt unauthorized reading of plaintext , or to attempt unauthorized transmission of cipher text
Cryptography techniques: Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more generally, information security services A cryptanalyst is someone who engages in cryptanalysis Cryptology is the study of cryptography and cryptanalysis A cryptosystem is a general term referring to a set of cryptographic primitives used to provide information security services. Most often the term is used in conjunction with primitives providing confidentiality, i.e., encryption Cryptographic techniques are typically divided into two generic types: symmetric-key cryptography public-key cryptography
Symmetric key cryptography: Let a={ a,b,c………x ,y,z}, be the english alphabet , let m & c be the set of string of length five over A .the key E is chosen to be permutation A. To encrypt , an english message is broken up into groups each having five letter (appropriate padding , if the length of the message is not a multiple of five & permutation E is applied to each letter one at a time). To decrypt , the inverse permutation D=E/1,is applied to each letter of the cipher text , E is choosen to the permutation E= A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z. D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,A,B,C
PUBLIC KEY CRYTOGRAPHY: Each user has an encryption function & a decryption function. Alice makes her encryption function Ea publicly known , but keeps her decryption function Da secret Bob wants to send alice a message P ,so he computes C=Ea(P) and sends it to her Alice receives C and computes P=Da(C) The point is that the encryption function & a decryption function are set up so that Da is very difficult to compute only knowing Ea. Thus even if an attacker knows Ea ,he can’t compute Da and hence can’t read bob message
PROTOCOLS: A cryptographic protocol (protocol) is a distributed algorithm defined by a sequence of steps precisely specifying the actions required of two or more entities to achieve a specific security objective Remark: (protocol vs. mechanism) As opposed to a protocol, a mechanism is a more general term encompassing protocols, algorithms (specifying the steps followed by a single entity) non-cryptographic techniques (eg : hardware protection and procedural controls) to achieve specific security objectives
Protocols play a major role in cryptography and are essential in meeting cryptographic Goals Encryption schemes, digital signatures, hash functions, and random number generation are among the primitives which may be utilized to build a protocol. Secret sharing : alice,bob,carol,….yanni,&zeke each have a piece of information that is part of a commonly held secret S. If N or more of them meet and combine their knowledge,then S can be reconstructed. But if less than N get together, S cannot be reconstructed.
Example: (a simple key agreement protocol) Alice and Bob have chosen a symmetric-key encryption scheme to use in communicating over an unsecured channel. To encrypt information they require a key. The communication protocol is the following: 1. Bob constructs a public-key encryption scheme and sends his public key to Alice over the channel. 2. Alice generates a key for the symmetric-key encryption scheme. 3. Alice encrypts the key using Bob’s public key and sends the encrypted key to Bob. 4. Bob decrypts using his private key and recovers the symmetric (secret) key. 5. Alice and Bob begin communicating with privacy by using the symmetric-key system and the common secret key.
Uses of protocols: Today we use cryptography for a lot more than just sending secret message Authentication: Alice receives cipher text from bob. How can she be sure that the message originated from bob? How can she be sure that the message wasn’t corrupted? Key exchange: Over an instance channel , Alice & bob exchange two piece of data that allows them to compute a common encryption/decryption key . But any attacker who intercepts the transmissions can’t recover the key.
Remark (causes of protocol failure): Protocols and mechanisms may fail for a number of reasons, including: 1. weaknesses in a particular cryptographic primitive which may be amplified by the protocol or mechanism; 2. claimed or assumed security guarantees which are overstated or not clearly understood; 3. the oversight of some principle applicable to a broad class of primitives such as encryption.
Classes of attacks and security models: Over the years, many different types of attacks on cryptographic primitives and protocols have been identified. The roles of an active and a passive adversary were discussed. The attacks these adversaries can mount may be classified as follows:. 1. A passive attack is one where the adversary only monitors the communication channel. A passive attacker only threatens confidentiality of data. 2. An active attack is one where the adversary attempts to delete, add, or in some other way alter the transmission on the channel. An active attacker threatens data integrity and authentication as well as confidentiality.
One Application of Cryptography: ELECTRONIC MONEY:  The definition of electronic money (also called electronic cash or digital cash) is a term that is still evolving.  It includes transactions carried out electronically with a net transfer of funds from one party to another, which may be either debit or credit and can be either anonymous or identified.  There are both hardware and software implementations.  Encryption is used in electronic money schemes to protect conventional transaction data like account numbers and transaction amounts, digital signatures can replace handwritten signatures or a credit-card authorizations, and public-key encryption can provide confidentiality.
Cryptography

More Related Content

PPT
Ethical Hacking and Network Defense
Rishab garg
 
PPTX
Basic cryptography
Perfect Training Center
 
PPTX
Cloud computing presentation
Priyanka Sharma
 
PPTX
Cryptography ppt
OECLIB Odisha Electronics Control Library
 
DOCX
S/MIME
maria azam
 
PDF
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
PPTX
Program security
Prachi Gulihar
 
PPS
Virus & Computer security threats
Azri Abdin
 
Ethical Hacking and Network Defense
Rishab garg
 
Basic cryptography
Perfect Training Center
 
Cloud computing presentation
Priyanka Sharma
 
Cryptography ppt
OECLIB Odisha Electronics Control Library
 
S/MIME
maria azam
 
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Program security
Prachi Gulihar
 
Virus & Computer security threats
Azri Abdin
 

What's hot (20)

PDF
Introduction to Windows Dictionary Attacks
Scott Sutherland
 
PPTX
Cryptography on cloud
krprashant94
 
PPTX
cryptography ppt free download
Twinkal Harsora
 
PPTX
Cryptanalysis 101
rahat ali
 
PPTX
Linux commands
Mannu Khani
 
PPTX
Substitution cipher and Its Cryptanalysis
Sunil Meena
 
PPTX
Public Key Cryptography
Gopal Sakarkar
 
PPT
Priority scheduling algorithms
Daffodil International University
 
PDF
RSA Algorithm
Joon Young Park
 
PPTX
Key management
Sujata Regoti
 
PPTX
Operating system critical section
Harshana Madusanka Jayamaha
 
PPT
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
PPT
Cryptography
amiable_indian
 
PPTX
ElGamal Encryption Algoritham.pptx
Indian Institute of information technology Una
 
PDF
Introduction to systems programming
Mukesh Tekwani
 
PPTX
C# in depth
Arnon Axelrod
 
PPTX
One time pad Encryption:
Asad Ali
 
PPTX
CS8792 - Cryptography and Network Security
vishnukp34
 
PDF
Network security & cryptography full notes
gangadhar9989166446
 
PDF
Introduction to Cryptography
Seema Goel
 
Introduction to Windows Dictionary Attacks
Scott Sutherland
 
Cryptography on cloud
krprashant94
 
cryptography ppt free download
Twinkal Harsora
 
Cryptanalysis 101
rahat ali
 
Linux commands
Mannu Khani
 
Substitution cipher and Its Cryptanalysis
Sunil Meena
 
Public Key Cryptography
Gopal Sakarkar
 
Priority scheduling algorithms
Daffodil International University
 
RSA Algorithm
Joon Young Park
 
Key management
Sujata Regoti
 
Operating system critical section
Harshana Madusanka Jayamaha
 
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Cryptography
amiable_indian
 
ElGamal Encryption Algoritham.pptx
Indian Institute of information technology Una
 
Introduction to systems programming
Mukesh Tekwani
 
C# in depth
Arnon Axelrod
 
One time pad Encryption:
Asad Ali
 
CS8792 - Cryptography and Network Security
vishnukp34
 
Network security & cryptography full notes
gangadhar9989166446
 
Introduction to Cryptography
Seema Goel
 
Ad

Similar to Cryptography (20)

DOCX
Cryptography- "A Black Art"
Aditya Raina
 
PDF
Cryptography and Network Lecture Notes
FellowBuddy.com
 
PPTX
Cryptography and Network Security Principles.pptx
AbrahamThompson3
 
PPSX
5 Cryptography Part1
Alfred Ouyang
 
PDF
Survey Paper: Cryptography Is The Science Of Information Security
CSCJournals
 
PPT
Cryptography - An Overview
ppd1961
 
PPT
Crypt
Mir Majid
 
PPTX
Cryptography in formtaion security
sabihabatool1
 
PPTX
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
abduganiyevbekzod011
 
PPT
Fundamentals of cryptography
Hossain Md Shakhawat
 
PPTX
Cryptography & Network Security.pptx
sunil sharma
 
PPTX
Detailed description about the concept of E Commerce UNIT IV.pptx
gstagra
 
PPT
Cryptography
gueste4c97e
 
PDF
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
PDF
chapter 1-4.pdf
zerihunnana
 
PPT
Cryptography cse,ru
Hossain Md Shakhawat
 
PPT
Ch02 classic nemo
Samia Elsayed
 
PPT
Computer and Network Security
Muhammad Yousuf Abdul Qadir
 
PPT
Crytography
Anchal Kumar
 
PPT
6. cryptography
7wounders
 
Cryptography- "A Black Art"
Aditya Raina
 
Cryptography and Network Lecture Notes
FellowBuddy.com
 
Cryptography and Network Security Principles.pptx
AbrahamThompson3
 
5 Cryptography Part1
Alfred Ouyang
 
Survey Paper: Cryptography Is The Science Of Information Security
CSCJournals
 
Cryptography - An Overview
ppd1961
 
Crypt
Mir Majid
 
Cryptography in formtaion security
sabihabatool1
 
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
abduganiyevbekzod011
 
Fundamentals of cryptography
Hossain Md Shakhawat
 
Cryptography & Network Security.pptx
sunil sharma
 
Detailed description about the concept of E Commerce UNIT IV.pptx
gstagra
 
Cryptography
gueste4c97e
 
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
chapter 1-4.pdf
zerihunnana
 
Cryptography cse,ru
Hossain Md Shakhawat
 
Ch02 classic nemo
Samia Elsayed
 
Computer and Network Security
Muhammad Yousuf Abdul Qadir
 
Crytography
Anchal Kumar
 
6. cryptography
7wounders
 
Ad

Recently uploaded (20)

PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
Classroom Observation Tools for Teachers
Nicaramirez
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
RMMM.pdf make it easy to upload and study
sajedul2
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Lesson notes of climatology university.
sgladness67
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 

Cryptography

  • 2. Post graduate and research department of computer application
  • 6. cryptography: Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography is not the only means of providing information security, but rather one set of techniques. Cryptography is the process of writing,using various method(“ciphers”)to keep message secret
  • 7. Crytographic goals: CONFIDENTIALITY: Confidentiality is a service used to keep the content of information from all but those authorized to have it. Secrecy is a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. DATA INTEGRITY: Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution.
  • 8. AUTHENTICATION: Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin , date of origin, data content, time sent, etc. For these reasons this aspect of cryptography is usually subdivided into two major classes: entity authentication & data origin authentication. Data origin authentication implicitly provides data integrity NON-REPUDIATION : Non-repudiation is a service which prevents an entity from denying previous commitments or actions. When disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary.
  • 9. History of cryptography: Cryptography was concerned solely with message confidentiality(encryption). Conversion of message from a comprehensible form into an incomprehensible one, rendering it unreadable by interceptors without secret knowledge(decryption). Encryption was used to ensure secrecy in communication , such as military leaders & diplomats. In recent days , it has expanded beyond confidentiality concern include , digital signature, identity authentication, interactive proof & secure computation.
  • 10. Classic cryptography: The earliest forms of secret writing required little more than pen & paper analogs , as most people could not read. The main classical cipher types are transposition cipher , which arrange the order of letters in a message. Transposition cipher eg : hello world becomes “ehlol owrdl”. substitution ciphers, which systematical replace letters or group of letters. substitution cipher eg : fly at once becomes “gmz bu podf”
  • 11. SECURITY OF ALGORITHM:  TOTAL BREAKS: A cryptanalyst finds the key k ,such that D k(c)=p. K is a key factor  GLOBAL DEDUCTION: A cryptanalyst finds the alternative algorithm , a equivalent to D k( c)  INSTANCE OR DEDUCTION: A cryptanalyst finds the plain text of an intercepted cipher text  INFORMATION DEDUCTION: A cryptanalyst gains the information about the key or plain text . this information could be a few bit of the key.
  • 12. TYPES OF ATTACKS TO THE CIPHER TEXT: There are 4 attacks , namely ! Cipher text only attack !! Known plaintext attack !!!Cryptanalyst chosen cipher text A. CIPHER TEXT-ONLY ATTACK: c1=e k(p1)….c2=e k(p2)…….c i=e k(pi) reduce : c i+1=e k(pi+1) B. KNOWN PLAINTEXT ATTACK: p1,c1=e k(p1),p2,c2=e k(p2)….pi c i=e k(pi) reduce: pi+1 from ci+1=e k(pi+1) C. cryptanalyst chosen plaintext attack: pi , ci = ek (p1),pi , ci = ek (pi) reduce: pi+1 from ci+1=ek(pi+1)
  • 13. PROCEDURE OF ATTACKS: DATA COMPLEXITY: The amount of data needed as input to the attack PROCESSING: The time needed to perform the attack . This is often called as work factor. STORAGE REQUIREMENT: The amount of memory needed to attack
  • 14. Information security & cryptography To introduce cryptography, an understanding of issues related to information security in general is necessary. Information security manifests itself in many ways according to the situation and requirement. Regardless of who is involved, to one degree or another, all parties to a transaction must have confidence that certain objectives associated with information security have been met.
  • 15. Over the centuries, an elaborate set of protocols and mechanisms has been created to deal with information security issues when the information is conveyed by physical documents. Often the objectives of information security cannot solely be achieved through mathematical algorithms and protocols alone, but require procedural techniques and abidance of laws to achieve the desired result.
  • 16. Basic terminology and concepts: Sender and Receiver: Suppose a sender wants to send a message to a receiver. Moreover, this sender wants to send the message securely: She wants to make sure an eavesdropper cannot read the message. Messages and Encryption: A message is plaintext (sometimes called clear text). The process of disguising a message in such a way as to hide its substance is encryption. An encrypted message is cipher text. The process of turning Cipher text back into plaintext is decryption. (If you want to follow the ISO 7498-2 standard, use the terms “encipher” and “decipher.” It seems that some cultures find the terms “encrypt” and “decrypt” offensive, as they refer to dead bodies.)
  • 17. The art and science of keeping messages secure is cryptography, and it is practiced by cryptographers. Cryptanalysts are practitioners of cryptanalysis, the art and science of breaking cipher text. The branch of mathematics encompassing both cryptography and cryptanalysis is cryptology and its practitioners are cryptologists. Modern cryptologists are generally trained in theoretical mathematics—they have to be.
  • 18. Encryption and Decryption. Plaintext is denoted by M, for message, or P, for plaintext. It can be a stream of bits, a text file, a bitmap, a stream of digitized voice, a digital video image. As far as a computer is concerned, M is simply binary data. The plaintext can be intended for either transmission or storage. In any case, M is the message to be encrypted. Cipher text is denoted by C. It is also binary data: sometimes the same size as M, sometimes larger. (By combining encryption with compression, C may be smaller than M. However, encryption does not accomplish this.)
  • 19. The encryption function E, operates on M to produce C. Or, in mathematical notation: E(M) = C In the reverse process, the decryption function D operates on C to produce M: D(C) = M Since the whole point of encrypting and then decrypting a message is to recover the original plaintext, the following identity must hold true: D(E(M)) = M
  • 20. Notation: p is the plaintext. This is the original readable message(written in some standard language like english , french , hindi). c is ciphertext .this is the output of some encryption scheme , and is not readable by humans. E is the encryption function. E(P)=C EG. to mean that appling the encryption process E to the plaintext P produces the ciphertext C. D is the decryption function. Eg D(C)=P. NOTE: D(E(P))=P & E(D(C))=C
  • 21. The encryption key is the piece of data that allows the computation of E. similarly we have the decryption key . These may or may not be same. they also may not be secret. To attack a cipher is to attempt unauthorized reading of plaintext , or to attempt unauthorized transmission of cipher text
  • 22. Cryptography techniques: Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more generally, information security services A cryptanalyst is someone who engages in cryptanalysis Cryptology is the study of cryptography and cryptanalysis A cryptosystem is a general term referring to a set of cryptographic primitives used to provide information security services. Most often the term is used in conjunction with primitives providing confidentiality, i.e., encryption Cryptographic techniques are typically divided into two generic types: symmetric-key cryptography public-key cryptography
  • 23. Symmetric key cryptography: Let a={ a,b,c………x ,y,z}, be the english alphabet , let m & c be the set of string of length five over A .the key E is chosen to be permutation A. To encrypt , an english message is broken up into groups each having five letter (appropriate padding , if the length of the message is not a multiple of five & permutation E is applied to each letter one at a time). To decrypt , the inverse permutation D=E/1,is applied to each letter of the cipher text , E is choosen to the permutation E= A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z. D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,A,B,C
  • 24. PUBLIC KEY CRYTOGRAPHY: Each user has an encryption function & a decryption function. Alice makes her encryption function Ea publicly known , but keeps her decryption function Da secret Bob wants to send alice a message P ,so he computes C=Ea(P) and sends it to her Alice receives C and computes P=Da(C) The point is that the encryption function & a decryption function are set up so that Da is very difficult to compute only knowing Ea. Thus even if an attacker knows Ea ,he can’t compute Da and hence can’t read bob message
  • 25. PROTOCOLS: A cryptographic protocol (protocol) is a distributed algorithm defined by a sequence of steps precisely specifying the actions required of two or more entities to achieve a specific security objective Remark: (protocol vs. mechanism) As opposed to a protocol, a mechanism is a more general term encompassing protocols, algorithms (specifying the steps followed by a single entity) non-cryptographic techniques (eg : hardware protection and procedural controls) to achieve specific security objectives
  • 26. Protocols play a major role in cryptography and are essential in meeting cryptographic Goals Encryption schemes, digital signatures, hash functions, and random number generation are among the primitives which may be utilized to build a protocol. Secret sharing : alice,bob,carol,….yanni,&zeke each have a piece of information that is part of a commonly held secret S. If N or more of them meet and combine their knowledge,then S can be reconstructed. But if less than N get together, S cannot be reconstructed.
  • 27. Example: (a simple key agreement protocol) Alice and Bob have chosen a symmetric-key encryption scheme to use in communicating over an unsecured channel. To encrypt information they require a key. The communication protocol is the following: 1. Bob constructs a public-key encryption scheme and sends his public key to Alice over the channel. 2. Alice generates a key for the symmetric-key encryption scheme. 3. Alice encrypts the key using Bob’s public key and sends the encrypted key to Bob. 4. Bob decrypts using his private key and recovers the symmetric (secret) key. 5. Alice and Bob begin communicating with privacy by using the symmetric-key system and the common secret key.
  • 28. Uses of protocols: Today we use cryptography for a lot more than just sending secret message Authentication: Alice receives cipher text from bob. How can she be sure that the message originated from bob? How can she be sure that the message wasn’t corrupted? Key exchange: Over an instance channel , Alice & bob exchange two piece of data that allows them to compute a common encryption/decryption key . But any attacker who intercepts the transmissions can’t recover the key.
  • 29. Remark (causes of protocol failure): Protocols and mechanisms may fail for a number of reasons, including: 1. weaknesses in a particular cryptographic primitive which may be amplified by the protocol or mechanism; 2. claimed or assumed security guarantees which are overstated or not clearly understood; 3. the oversight of some principle applicable to a broad class of primitives such as encryption.
  • 30. Classes of attacks and security models: Over the years, many different types of attacks on cryptographic primitives and protocols have been identified. The roles of an active and a passive adversary were discussed. The attacks these adversaries can mount may be classified as follows:. 1. A passive attack is one where the adversary only monitors the communication channel. A passive attacker only threatens confidentiality of data. 2. An active attack is one where the adversary attempts to delete, add, or in some other way alter the transmission on the channel. An active attacker threatens data integrity and authentication as well as confidentiality.
  • 31. One Application of Cryptography: ELECTRONIC MONEY:  The definition of electronic money (also called electronic cash or digital cash) is a term that is still evolving.  It includes transactions carried out electronically with a net transfer of funds from one party to another, which may be either debit or credit and can be either anonymous or identified.  There are both hardware and software implementations.  Encryption is used in electronic money schemes to protect conventional transaction data like account numbers and transaction amounts, digital signatures can replace handwritten signatures or a credit-card authorizations, and public-key encryption can provide confidentiality.