White Paper on Cryptography
2 likes2,132 views
Cryptography is the process of securing communication and information. It involves encrypting plaintext into ciphertext using algorithms and decrypting the ciphertext back to plaintext. The main goals of cryptography are confidentiality, integrity, non-repudiation, authentication, access control, and availability. There are three main types of cryptographic algorithms - secret key cryptography which uses the same key for encryption and decryption, public key cryptography which uses different keys for encryption and decryption, and hash functions which are one-way functions to encrypt information irreversibly. Common cryptographic hash functions include MD5 and SHA-1 which are used to verify integrity of files and messages.
White Paper on Cryptography
- 1. Cyber Octet Pvt. Ltd. Page 1 A White Paper: Cryptography By: Dungesh Kumar Malviya, Cyber Octet Pvt. Ltd. Definition:- 1. Cryptography is derived from the Greek words: kryptós, "hidden", and gráphein, "to write" - or "hidden writing". People who study and develop cryptography are called cryptographers. “Cryptography is the study of information hiding and verification.” 2. Cryptography is the process of converting recognizable data into an encrypted code for transmitting it over a network (either trusted or untrusted).Data is encrypted at the source, i.e. sender's end and decrypted at the destination, i.e. receiver’s end. When information is transformed from a useful form of understanding to an opaque form of understanding, this is called encryption. When the information is reverted back into a useful form, it is called decryption. Plaintext =>Ciphertext=> Plaintext=>Encryption=> Decryption The information in its useful form is called plaintext. Its encrypted form it is called Ciphertext. The algorithm used for encryption and decryption is called a cipher. The secret knowledge is commonly called the key, though the secret knowledge may include the entire process or algorithm that is used in the encryption/decryption. Types of Cryptography:- 1. Stream-based Ciphers a. One at a time, please b. Mixes plaintext with key stream c. Good for real-time services
- 2. Cyber Octet Pvt. Ltd. Page 2 2. Block Ciphers a. Amusement Park Ride b. Substitution and transposition 3. Steganography a. Hiding a message within another medium, such as an image b. No key is required c. Example:-Modify color map of JPEG image The common goals in Cryptography:- 1. Message confidentiality: Only an authorized recipient should be able to extract the contents of the message from its encrypted form. 2. Message integrity: Assuring the receiver that the received message has not been altered in any way from the original or the recipient should be able to determine if the message has been altered. 3. Non-repudiation: A mechanism to prove that the sender really sent this message 4. Sender authentication: The recipient should be able to verify from the message, the identity of the sender, the origin or the path it traveled (or combinations) so to validate claims from emitter or to validated the recipient expectations. 5. Message access control: Who are the valid recipients of the message. 6. Message availability: By providing means to limit the validity of the message, channel, emitter or recipient in time or space. Cryptographic algorithms:- Classified into three categories: 1. Secret Key Cryptography: If the sender and recipient must have the same key in order to encode or decode the protected information, then the cipher is a symmetric key cipher since everyone uses the same key for the same message. Plaintext key1 Ciphertext key1 plaintext 2. Public Key Cryptography: If the sender and recipient have different keys respective to the communication roles they play, then the cipher is an asymmetric key cipher as different keys exist for encoding and decoding the same message. Plaintext key 1 Ciphertext key 2 plaintext
- 3. Cyber Octet Pvt. Ltd. Page 3 3. Hash Functions: Hash Functions are unkeyed message digests with special properties or Uses a mathematical transformation to irreversibly "encrypt" information. Hash functions have no key since the plaintext is not recoverable from the Ciphertext. Plaintext hash function Ciphertext 1. Secret Key Cryptography:- In the simpler types of cryptography, the same key is used to encrypt and decrypt information. This key is sometimes called a symmetric key. Everybody who is supposed to be able to read the information must have the key. Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block. Secret key cryptography algorithms:- 1. Data Encryption Standard: This secret key encryption algorithm uses a key that is 56 bits, or seven characters long, and thus it is now susceptible to "brute force" attacks. The Triple-DES variant was developed after it became clear that DES by itself was too easy to crack. It uses three 56-bit DES keys, giving a total key length of 168 bits. Encryption using Triple-DES is simply Encryption using DES with the first 56-bit key Decryption using DES with the second 56-bit key Encryption using DES with the third 56-bit key 2. Advanced Encryption Standard: The algorithm can use a variable block length and key length. 3. International Data Encryption Algorithm 4. Blowfish 5. Rivest Ciphers Key point of secret key cryptography:- Also known as private key Both parties must agree on the key in advance D_K(E_K(P)) = P Not very computationally intensive Key must be securely sent to both parties
- 4. Cyber Octet Pvt. Ltd. Page 4 Example:- k = 4 Turn plaintext SECRET into Ciphertext S+4=W, E+4=I, C+4=G, R+4=V, E+4=I, T+4=X 1. Public Key Cryptography:- In November 1976, a paper published in the journal IEEE Transactions on Information Theory, titled "New Directions in Cryptography," addressed this problem and offered up a solution: public-key encryption. Also known as asymmetric-key encryption, public- key encryption uses two different keys at once -- a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. Although a message sent from one computer to another won't be secure since the public key used for encryption is published and available to anyone, anyone who picks it up can't read it without the private key. The key pair is based on prime numbers (numbers that only have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of long length. Public-key cryptography algorithms:- 1. RSA: RSA is one of the first practicable public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages. • Two keys: public k, private k’ • Private key not required for both parties
- 5. Cyber Octet Pvt. Ltd. Page 5 The keys for the RSA algorithm are generated the following way: Step1. Choose two distinct prime numbers p and q. For example p=61 and q=53 Step2. Compute n = pq giving For example n=61*53=3233 Where n= is used as the modulus for both the public and private keys. Step3. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n - (p + q -1), where φ is Euler's totient function. φ(3233)=(61-1)(53-1)=3120 Step4. Choose an integer e such that 1 < e < φ (n) and gcd(e, φ(n)) = 1; i.e., e and φ(n) are coprime Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is not a divisor of 3120. Let e=17 Step5. Determine d as d ≡ e−1 (mod φ (n)); i.e., d is the multiplicative inverse of e (modulo φ(n)). d=2753 The public key is (n = 3233, e = 17). For a padded plaintext message m, the Encryption function is C (M) =M^17 mod 3233 The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the Decryption function is M (C) =C^2753 mod 3233 For instance, in order to encrypt m = 65, we calculate C=65^17 mod 3233 To decrypt c = 2790, we calculate M=2790^2753 mod 3233 2. Hash Functions:- A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone. The input data is often called the message, and the hash value is often called the message digest or simply the digest.
- 6. Cyber Octet Pvt. Ltd. Page 6 The ideal cryptographic hash function has four main properties: it is easy to compute the hash value for any given message it is infeasible to generate a message that has a given hash it is infeasible to modify a message without changing the hash it is infeasible to find two different messages with the same hash. This function can be used to map data of arbitrary size to data of fixed size, with slight differences in input data producing very big differences in output data. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes. A cryptographic hash function is a kind of algorithm that can be run on a piece of data, often an individual file, producing a value called a checksum. Two files can be assured to be identical only if the checksums generated from each file, using the same cryptographic hash function, are identical. Some commonly used cryptographic hash functions include MD5 and SHA-1, though many others also exist. Checksum: A checksum is the outcome of running an algorithm, called a cryptographic hash function, on a piece of data, usually a single file. MD5: MD5, technically called MD5 Message-Digest Algorithm, is a cryptographic hash function. The MD5 cryptographic hash function is most often used to verify that a file has been unaltered by comparing the checksums created after running the algorithm on two seemingly identical files. MD5 has certain flaws and so it isn't useful for advanced encryption applications but it's perfectly acceptable to use for standard file verifications. SHA-1 is another commonly used cryptographic hash function. MD5 for files: you can easily create a function to calculate the MD5 hash for a given file. All you need is included in two units: IdHashMessageDigest and idHash. Uses IdHashMessageDigest, idHash; //returns MD5 has for a file Function MD5 (const filename: string): string; Var idmd5: TIdHashMessageDigest5;
- 7. Cyber Octet Pvt. Ltd. Page 7 Fs: TFileStream; Hash: T4x4LongWordRecord; Begin idmd5:= TIdHashMessageDigest5.Create; Fs: = TFileStream. Create(filename, fmOpenRead OR fmShareDenyWrite) ; Try Result: = idmd5.AsHex (idmd5.HashValue (fs)); Finally Fs. Free; idmd5.Free; End; End; Applications 1. Verifying the integrity of files or messages: An important application of secure hashes is verification of message integrity. Determining whether any changes have been made to a message (or a file), for example, can be accomplished by comparing message digests calculated before, and after, transmission (or any other event). MD5, SHA1, or SHA2 hashes are sometimes posted along with files on websites or forums to allow verification of integrity. 2. Password verification: Storing all user passwords as clear text can result in a massive security breach if the password file is compromised. One way to reduce this danger is to only store the hash digest of each password. To authenticate a user, the password presented by the user is hashed and compared with the stored hash. 3. File or data identifier: Hashes are used to identify files on peer-to-peer file sharing networks. One of the main applications of a hash function is to allow the fast look-up of a data in a hash table. Hash table: the hash function is used to map the search key (the headword) to an index; the index gives the place in the hash table where the corresponding record should be stored. Hash tables, in turn, are used to implement associative and dynamic sets. 4. Pseudorandom generation and key derivation: Hash functions can also be used in the generation of pseudorandom bits, or to derive new keys or passwords from a single, secure key or password.