CRYPTOGRAPHY

1.INTRODUCTION
Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Network Security & Cryptography is a concept to protect network and data transmission over wireless network. Data Security is the main aspect of secure data transmission over unreliable network. Data Security is a challenging issue of data communications today that touches many areas including secure communication channel, strong data encryption technique and trusted third party to maintain the database. The rapid development in information technology, the secure transmission of confidential data herewith gets a great deal of attention. The conventional methods of encryption can only maintain the data security. The information could be accessed by the unauthorized user for malicious purpose. Therefore, it is necessary to apply effective encryption/decryption methods to enhance data security

CSPIT-CE

CRYPTOGRAPHY

2.HISTORY

2.1 CLASSIC CRYPTOGRAPHY

Figure 2.1 The earliest forms of secret writing required little more than local pen and paper analogs, as most people could not read. More literacy, or literate opponents, required actual cryptography. The main classical cipher types are transposition ciphers, which rearrange the order of letters in a message (e.g., 'hello world' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme), and substitution ciphers, which systematically replace letters or groups of letters with other letters or groups of letters (e.g., 'fly at once' becomes 'gmz bu podf' by replacing each letter with the one following it in the Latin alphabet). Simple versions of either have never offered much confidentiality from enterprising opponents. An early substitution cipher was the Caesar cipher, in which each letter in the plaintext was replaced by a letter some fixed number of positions further down the alphabet. Suetonius reports that Julius Caesar used it with a shift of three to communicate with his generals. Atbash is an example of an early Hebrew cipher. The earliest known use of cryptography is some carved ciphertext on stone in Egypt (ca 1900 BCE), but this may have been done for the amusement of literate observers rather than as a way of concealing information. The Greeks of Classical times are said to have known of ciphers (e.g., the scytale transposition cipher claimed to have been used by the Spartan military).

Steganography (i.e., hiding even the existence of a message so as to keep it confidential) was also first developed in ancient times. An early example, from Herodotus, concealed a messagea tattoo on a slave's shaved headunder the regrown hair. Another Greek
CSPIT-CE 2

CRYPTOGRAPHY

method was developed by Polybius (now called the "Polybius Square"). More modern examples of steganography include the use of invisible ink, microdots, and digital watermarks to conceal information. Ciphertexts produced by a classical cipher (and some modern ciphers) always reveal statistical information about the plaintext, which can often be used to break them. After the discovery of frequency analysis perhaps by the Arab

mathematician and polymath, Al-Kindi (also known as Alkindus), in the 9th century, nearly all such ciphers became more or less readily breakable by any informed attacker.

Figure 2.2 Enciphered letter from Gabriel de Luetz d'Aramon, French Ambassador to the Ottoman Empire, after 1546, with partial decipherment 16th-century book-shaped French cipher machine, with arms of Henri II of France

Figure 2.3

CSPIT-CE

CRYPTOGRAPHY

3. TYPES OF CRYPTOGRAPHY
Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information

Figure 3.1

3.1 Secret Key Cryptography

With secret key cryptography, a single key is used for both encryption and decryption. The sender uses the key (or some set of rules) to encrypt the plain text and sends the cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover the plain text. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

CSPIT-CE

CRYPTOGRAPHY

Figure 3.2 With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key. Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.

3.2 Public key cryptography

Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.

Figure 3.3 Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the
CSPIT-CE 5

CRYPTOGRAPHY

other key is used to decrypt the cipher text. The important point here is that it does not matter which key is applied first, but that both keys are required for the process to work. Because a pair of keys is required, this approach is also called asymmetric cryptography. 3.4 Digital Signatures It is a type of asymmetric cryptography.There are two algos one for signing which uses users private key and one for verifying which uses users public key.The output of signature process is called digital signature.

Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security.

Figure 3.4 Digital signatures provide benfits of: Authentication:-Secret key is bound to a specific user and a sign shows that message was sent by that user. Integrity:-If message is digitally signed then any change will invalidate the signature. Digital signatures has no certainity about the date and time it was signed.

CSPIT-CE

CRYPTOGRAPHY

4.CRYPTOGRAPHIC ALGORITHMS
DES(Data Encryption Standard):
DES (the Data Encryption Standard) is a symmetric block cipher developed by IBM. The algorithm uses a 56-bit key to encipher/decipher a 64-bit block of data. The key is always presented as a 64-bit block, every 8th bit of which is ignored. However, it is usual to set each 8th bit so that each group of 8 bits has an odd number of bits set to 1. DES is the most widely used symmetric algorithm.

RSA
RSA is a public key algorithm invented by Rivest, Shamir and Adleman. The key used for encryption is different from (but related to) the key used for decryption. The algorithm is based on modular exponentiation. Numbers e, d and N are chosen with the property that if A is a number less than N, then (Ae mod N)d mod N = A. This means that you can encrypt A with e and decrypt using d. Conversely you can encrypt using d and decrypt using e (though doing it this way round is usually referred to as signing and verification). The pair of numbers (e,N) is known as the public key and can be published. The pair of numbers (d,N) is known as the private key and must be kept secret. The number e is known as the public exponent, the number d is known as the private exponent, and N is known as the modulus. When talking of key lengths in connection with RSA, what is meant is the modulus length. An algorithm that uses different keys for encryption and decryption is said to be asymmetric. The problem with choosing long keys is that RSA is very slow compared with a symmetric block cipher such as DES, and the longer the key the slower it is. The best solution is to use RSA for digital signatures and for protecting DES keys. Bulk data encryption should be done using DES.

CSPIT-CE

CRYPTOGRAPHY

5. ENCRYPTION METHODS
5.1 TRANSPOSITIONAL CIPHERS:
In cryptography, a transposition cipher is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed. Mathematically a bijective function is used on the characters' positions to encrypt and an inverse function to decrypt. 5.1.1 Rail Fence Cipher: The Rail Fence cipher is a form of transposition cipher that gets its name from the way in which it is encoded. In the rail fence cipher, the plaintext is written downwards on successive "rails" of an imaginary fence, then moving up when we get to the bottom. The message is then read off in rows. For example, using three "rails" and a message of 'WE ARE DISCOVERED. FLEE AT ONCE', the cipherer writes out: W...E...C...R...L...T...E .E.R.D.S.O.E.E.F.E.A.O.C. ..A...I...V...D...E...N.. Then reads off: WECRL TEERD SOEEF EAOCA IVDEN

5.1.2 Columnar Transposition: In a columnar transposition, the message is written out in rows of a fixed length, and then read out again column by column, and the columns are chosen in some scrambled order. Both the width of the rows and the permutation of the columns are usually defined by a keyword. For example, the word ZEBRAS is of length 6 (so the rows are of length 6), and the permutation is defined by the alphabetical order of the letters in the keyword. In this case, the order would be "6 3 2 4 1 5".

CSPIT-CE

CRYPTOGRAPHY

In a regular columnar transposition cipher, any spare spaces are filled with nulls; in an irregular columnar transposition cipher, the spaces are left blank. Finally, the message is read off in columns, in the order specified by the keyword. For example, suppose we use the keyword ZEBRAS and the message WE ARE DISCOVERED. FLEE AT ONCE. In a regular columnar transposition, we write this into the grid as: 632415 WEARED ISCOVE REDFLE EATONC EQKJEU Providing five nulls (QKJEU) at the end. The ciphertext is then read off as: EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE In the irregular case, the columns are not completed by nulls: 632415 WEARED ISCOVE REDFLE EATONC E This results in the following cipher text: EVLNA CDTES EAROF ODEEC WIREE To decipher it, the recipient has to work out the column lengths by dividing the message length by the key length. Then he can write the message out in columns again, then reorder the columns by reforming the key word.

CSPIT-CE

CRYPTOGRAPHY

5.2 SUBSTITUTION CIPHER

In cryptography, a substitution cipher is a method of encryption by which units of plaintext are replaced with cipher text, according to a regular system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution. Substitution ciphers can be compared with transposition ciphers. In a transposition cipher, the units of the plaintext are rearranged in a different and usually quite complex order, but the units themselves are left unchanged. By contrast, in a substitution cipher, the units of the plaintext are retained in the same sequence in the ciphertext, but the units themselves are altered. There are a number of different types of substitution cipher. If the cipher operates on single letters, it is termed a simple substitution cipher; a cipher that operates on larger groups of letters is termed polygraphic. A monoalphabetic cipher uses fixed substitution over the entire message, whereas a polyalphabetic cipher uses a number of substitutions at different positions in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice versa. Substitution of single letters separatelysimple substitutioncan be demonstrated by writing out the alphabet in some order to represent the substitution. This is termed a substitution alphabet. The cipher alphabet may be shifted or reversed (creating the Caesarand Atbash ciphers, respectively) or scrambled in a more complex fashion, in which case it is called a mixed alphabet or deranged alphabet. Traditionally, mixed alphabets may be created by first writing out a keyword, removing repeated letters in it, then writing all the remaining letters in the alphabet in the usual order. Using this system, the keyword "zebras" gives us the following alphabets: Plaintext alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ

Ciphertext alphabet: ZEBRASCDFGHIJKLMNOPQTUVWXY

CSPIT-CE

10

CRYPTOGRAPHY

A message of flee at once. we are discovered! enciphers to SIAA ZQ LKBA. VA ZOA RFPBLUAOAR! Traditionally, the ciphertext is written out in blocks of fixed length, omitting punctuation and spaces; this is done to help avoid transmission errors and to disguise word boundaries from the plaintext. These blocks are called "groups", and sometimes a "group count" (i.e., the number of groups) is given as an additional check. Five letter groups are traditional, dating from when messages used to be transmitted by telegraph: SIAAZ QLKBA VAZOA RFPBL UAOAR If the length of the message happens not to be divisible by five, it may be padded at the end with "nulls". These can be any characters that decrypt to obvious nonsense, so the receiver can easily spot them and discard them.

5.2.1 CAESAR CIPHER:

In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift

cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, Bwould become E, and so on. The method is named after Julius Caesar, who used it in his private correspondence. The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the Vigenre cipher, and still has modern application in the ROT13 system. As with all single alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no communication security.

CSPIT-CE

11

CRYPTOGRAPHY

Example: The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places (the shift parameter, here 3, is used as the key): Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC When encrypting, a person looks up each letter of the message in the "plain" line and writes down the corresponding letter in the "cipher" line. Deciphering is done in reverse. Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ Plaintext: the quick brown fox jumps over the lazy dog The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A = 0, B = 1,..., Z = 25.

Encryption of a letter x by a shift n can be described mathematically as,

Decryption is performed similarly,

(There are different definitions for the modulo operation. In the above, the result is in the range 0...25. I.e., if x+n or x-n are not in the range 0...25, we have to subtract or add 26.) The replacement remains the same throughout the message, so the cipher is classed as a type of monoalphabetic substitution, as opposed to polyalphabetic substitution.

CSPIT-CE

12

CRYPTOGRAPHY

5.2.2 POLYALPHABETIC SUBSTITUTION CIPHERS: Polyalphabetic substitution ciphers were first described in 1467 by Leone Battista Alberti in the form of disks. Johannes Trithemius, in his book Steganographia (Ancient Greek for "hidden writing") introduced the now more standard form of a tableau . In a polyalphabetic cipher, multiple cipher alphabets are used. To facilitate encryption, all the alphabets are usually written out in a large table, traditionally called a tableau. The tableau is usually 2626, so that 26 full ciphertext alphabets are available. The method of filling the tableau, and of choosing which alphabet to use next, defines the particular polyalphabetic cipher. All such ciphers are easier to break than once believed, as substitution alphabets are repeated for sufficiently large plaintexts. Modern stream ciphers can also be seen, from a sufficiently abstract perspective, to be a form of polyalphabetic cipher in which all the effort has gone into making the keystream as long and unpredictable as possible.

Figure 5.1

CSPIT-CE

13

CRYPTOGRAPHY

6. MULTIPLE ENCRYPTION TECHNIQUES

The multiple encryption techniques of present time cannot provide sufficient security. In this research paper, the new encryption technique named as Multiphase Encryption is proposed. In this encryption technique, original data is encrypted many times with different strong encryption algorithms at each phase. This encryption technique enhances the complexity in encryption algorithm at large extent.This idea differs with existing data encryption techniques to provide network and information security over the wireless network. It may create complexity of data encryption number of times due to performing the same operation multiple times with different encryption key in existing way. As per cryptographic protocol, more and more complexity in data encryption technique enhances the security of data transmission over the wireless channel. Large number of encryption of encrypted data will increase the complexity of data encryption enormously, which will be very complicated to decrypt it. Example Complexity of Existing Encryption Technique / method (Multiple Encryption) = O (N*N**N) Complexity of New (As per proposed idea) Encryption Technique = O (N*N**N) (N*N*..*N). (Depending upon the multiplicity of the Encryption Technique involved.) * O (N*N*..*N) ** O

MULTIPLE ENCRYPTION TECHNIQUE

In cryptography, by encrypting a message twice with some block cipher, either with the same key or by using two different keys, then we would expect the resultant encryption to be stronger in all but some exceptional circumstances. And by using three encryptions, we would expect to achieve a yet greater level of security. For instance, the use of double encryption does not provide the expected increase in security when compared with the increased implementation requirements, and it cannot be recommended as a good alternative. Instead, triple-encryption is the point at which multiple encryptions give substantial improvements in security.

CSPIT-CE

14

CRYPTOGRAPHY

Example Original Algorithm Cipher C Text

of Data/ = ((P +

Existing Plain 3) + 3) + Text 3

Multiple . (After Second Third + 3) First

Encryption GURUKULA (N Times) Cycle) Cycle) Cycle)

JKOCPUJW (After (After

dfb MNRFSXMZ PQUIVAPC

.. ENCRYPTED N TIMES In such a way, multiple encryptions will occur in each phase and this process will be repeated number of times up to desired extent. So, multi-phase encryption comprises number of such phases which are strongly protected due to multiple encryption in each phase.

7.MULTIPHASE ENCRYPTION TECHNIQUE

Multiphase Data Encryption describes the enhanced complexity of data encryption due to performing the same operation multiple times in existing way (single phase encryption techniques). Example Original Algorithm C of Data/ = ((P proposed Plain + 1) + 3) Multi-phase Text + 5 .. Encryption GURUKULA (N Times)

Cipher Text HVSVLVMB (After First Cycle) KYVYOYPE (After Second Cycle) PDADTDUJ (After Third Cycle. ... ENCRYPTED N TIMES In such a way, multiple encryption occurs with different encryption keys (encryption algorithms) in each phase of multiphase encryption.

CSPIT-CE

15

CRYPTOGRAPHY

8. LEGAL ISSUES
PROHIBITIONS: Cryptography has long been of interest to intelligence gathering and law enforcement agencies. Secret communications may be criminal or even treasonous. Because of its facilitation of privacy, and the diminution of privacy attendant on its prohibition, cryptography is also of considerable interest to civil rights supporters. Accordingly, there has been a history of controversial legal issues surrounding cryptography, especially since the advent of inexpensive computers has made widespread access to high quality cryptography possible. In some countries, even the domestic use of cryptography is, or has been, restricted. Until 1999, France significantly restricted the use of cryptography domestically, though it has since relaxed many of these rules. In China, a license is still required to use cryptography. Many countries have tight restrictions on the use of cryptography

NSA INVOLVEMENT: Another contentious issue connected to cryptography in the United States is the influence of the National Security Agency on cipher development and policy. The NSA was involved with the design of DES during its development at IBM and its consideration by the National Bureau of Standards as a possible Federal Standard for cryptography.DES was designed to be resistant to differential cryptanalysis, a powerful and general cryptanalytic technique known to the NSA and IBM, that became publicly known only when it was rediscovered in the late 1980s. According to Steven Levy, IBM discovered differential cryptanalysis,but kept the technique secret at the NSA's request. The technique became publicly known only when Biham and Shamir re-discovered and announced it some years later. The entire affair illustrates the difficulty of determining what resources and knowledge an attacker might actually have.

CSPIT-CE

16

CRYPTOGRAPHY

DIGITAL RIGHTS MANAGEMENT: Cryptography is central to digital rights management (DRM), a group of techniques for technologically controlling use of copyrighted material, being widely implemented and deployed at the behest of some copyright holders. In 1998, American President Bill Clinton signed the Digital Millennium Copyright Act (DMCA), which criminalized all production, dissemination, and use of certain cryptanalytic techniques and technology (now known or later discovered); specifically, those that could be used to circumvent DRM technological schemes.This had a noticeable impact on the cryptography research community since an argument can be made that any cryptanalytic research violated, or might violate, the DMCA. Similar statutes have since been enacted in several countries and regions, including the implementation in the EU Copyright Directive. Similar restrictions are called for by treaties signed by World Intellectual Property Organization member-states.

CSPIT-CE

17

CRYPTOGRAPHY

9. BENEFITS
Within the context of any application-to-application communication, there are some specific security requirements, including:

Authentication of identity: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)

Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.

Integrity: Assuring the receiver that the received message has not been altered in any way from the original.

Non-repudiation: A mechanism to prove that the sender really sent this message. Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication.

CSPIT-CE

18

CRYPTOGRAPHY

10.CONCLUSION
Cryptography is an international threat stimulated by internet.Encryption challenges ability if law enforcement agencies to fight terrorism and crime.Led to social disorder.It can facilitate products that supports

information security requirements of global information infrastructures.Key escrow encryption can meet allowing government to fight against crime

confidentiality needs of organizations.

CSPIT-CE

19

CRYPTOGRAPHY

11. REFERNCES
1. http://en.wikipedia.org/wiki/Cryptography 2. http://en.wikipedia.org/wiki/Network_Security_Cryptography
3. http://www.1000projects.com 4. Cryptography And Network Security -- William Stallings

CSPIT-CE

20

CRYPTOGRAPHY

CSPIT-CE

21