Security & cryptography

C. Shanmugasundaram MCA Department Vel tech high tech Dr.Rangarajan Dr.Sagunthala Engineering College
veltechsundaram@gmail.com
1

S. Nithya MCA Department Vel tech high tech Dr.Rangarajan Dr.Sagunthala Engineering College
Nithi.smiles143@gmail.com

Abstract There are many different computing and networking technologies some available today, some just now emerging, some well-proven, some quite experimental. Understanding the computing dilemma more completely involves recognizing technologies; especially since a single technology by itself seldom suffices, and instead, multiple technologies are usually necessary. This paper describes a sampling of technologies of various types, by using a tutorial approach. It compares the technologies available in the three major technology areas: application support, transport networks, and sub networking. In addition, the applicability of these technologies within a particular situation is illustrated using a set of typical customer situations. This paper can be used by consultants and system designers to better understand, from a business and technical perspective, the options available to solve customers' networking problems.

A:

What is security?

Security is a broad topic and covers a multitude of sins. In its simplest form, it is concerned with making sure that nosy people cannot read, or worse yet, modify messages intended for other recipients. It is concerned with people trying to access remote services that they are not authorized to use. It also deals with the problems of legitimate message being captured and replayed, and with people trying to deny that they sent certain messages. Most security problems are intentionally caused by malicious people trying to gain some benefit or harm someone. A few of the most common perpetrators are below. Adversary Goal Student To have fun snooping on peoples email Hacker To test out someones security system; steal data Sales rep To claim to represent all of Europe, not just Andorra Spy To learn an enemys military strength B: Security services Network security problems can be divided into four intertwined areas. They are 1. SECRECY 2. AUTHENTICATION 3. NON_REPUDIATION

I. INTRODUCTION For the first few decades of their existence, computer networks were primarily used by university researches for sending email and by corporate employees for sharing printers. Under this condition, security did not get a lot of attention. But now, as millions of ordinary peoples are using networks for banking, shopping, and filling their tax returns, network security is looming on the horizon as potentially massive problem. II: SECURITY

4. INTEGRITY CONTROL

III: Cryptography: The art of devising chippers (cryptography) and breaking them (cryptanalysis) is collectively known as cryptology. Cryptology is derived from Greek kriptos logos meaning hidden word. Cryptography deals with Science and study of secret writing Study of techniques and applications that on the existence of difficult problems Widely used for information security Cryptanalysis deals with Study of how to compromise (defeat) cryptographic mechanisms A: Terminology: Encryption: Process of transforming plain text to cipher text. It involves using some secret information called key. Encryption methods have historically been divided into two categories. They are Transposition Substitution Substitution encryption: In a substitution encryption another letter or group of letters to disguise it replaces each letter or group of letters. The oldest cipher known is the Caesar cipher. In this method a becomes D, b becomes E, c becomes F and so on. For example, attack becomes DWWDFN. A slight generalisation of the Caesar cipher allows the cipher text alphabet to be shifted by k letters instead of 3 letters

Secrecy has to do with keeping information out of the hands of unauthorized users. Authentication deals with determining whom you are talking to before revealing sensitive information of entering into a business deal. Nonrepudiation deals with signatures. Integrity ensuring information has not been altered by unknown or authorized means. C: What to do? All these issues occur in traditional systems, but with some significant differences. Using registered mail and locking documents up achieve secrecy and integrity

To maintain security of network we must 1. Establish security services 2. Establish security mechanisms 3. Used advanced, proven algorithms. Services are built from mechanisms. Mechanisms use the algorithms. The security services are maintained in paper world as follows. Security services Paper world Privacy Envelops Authentication Notaries, physical presence Integrity Signatures, barcodes Non Signatures, receipts repudiation The security services are maintained in electric world as follows. Security services Privacy Authentication Integrity Non repudiation electric world Data encryption Digital signatures Hash algorithms, message digest, digital signatures Digital Signatures, audit logs

Transposition encryption: Transposition ciphers reorder the letters but do not disguise them. For example: Plain text is BORED AUDIENCE Then It is reorder as B EUEE OD DN RAIC And the cipher text is BEUEEODDNRAIC Decryption: The reverse process of encryption. Decryption is process by which we can obtain the plain text from cipher text. Authentication: Authentication is any process through which one proves and verifies certain information. Sometimes one may want to verify the origin of a document, the identity of the sender, the time and date a document was sent and/or signed, the identity of a computer or user, and so on. Digital Signatures The authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature. And photocopies do not count. For computerized message system to replace the physical transport of paper and ink documents, a solution must be found to these problems. The problem of devising a replacement for handwritten signatures is a difficult one. Basically, what is needed is a system by which one party can send a signed message to another party in such a way that 1 The receiver can verify the claimed identity of the sender.

2 The sender cannot later repudiate the contents of the message. 3 The receiver cannot possibly have concocted the message himself. The first requirement is needed, for example, in financial systems. When a customers computer orders a banks computer to buy a ton of gold, the banks computer needs to be able to make sure that the computer giving the order really belongs to the company whose account is to be debited. The second requirement is needed to protect the bank against fraud. Suppose that the bank buys the ton of gold, and immediately thereafter the price of gold drops sharply. A dishonest customer might sue the bank, claiming that he never issued any order to buy gold. When the bank produces the message in court, the customer denies having sent it. The third requirement is needed to protect the customer in the event that the price of gold shoots up and the bank tries to construct a signed message in which the customer asked for one bar of gold instead of one ton. Message Digest: The idea of a one-way hash function the takes an arbiritrarily long piece of plaintext and from it computes a fixed-length bit string. This has function, often called a message digest, has three important properties: 1. Given P, it is easy to compute MD (P) 2. Given MD (P), it is effectively impossible to fine P 3. No one can generate two messages that have the same message digest Traditional cryptography:

The messages to be encrypted, known as the plain text, are transformed by a function that is parameterized by a key. Messenger or radio then transmits the output of the encryption process, known as the ciphertext, often. We assume that the enemy, or intruder, hears and accurately copies down the complete ciphertext. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Some times the intruder cannot only listen to communication channel but can also record messages and play them back, inject his own messages, or modify legitimate messages before they get to the receiver.

64-bit plain text. The last stage is the exact inverse of this transposition. The stage prior to the last one exchanges the left most 32 bits with the rightmost 32 bits. The remaining 16 stages are functionally identical but are parameterized by different functions of the key. Before the algorithm starts a 56-bit transposition is applied to the key. Just before each iteration, the key is partitioned into two 28-bit units, each of which is rotated left by a number of bits dependent on the iteration number. K (i) is derived from this rotated key by applying yet another 56 bit transposition to it. The operation of one of these stages is illustrated below. Each stage takes two 32-bit inputs and produces two 32-bit outputs. The left output is simply a copy of the right input. The right output is the bit wise EXCLUSIVE OR of the left input and a function of the right input and key for this stage, k (i). Advantages of symmetric key cryptography: Symmetric key cryptography is computationally less intensive. Disadvantages of symmetric key cryptography: Key exchange in large environments is very difficult. Maintenance of number of keys.

IV: TYPES OF CRYPTOGRAPHIC TECHNIQUES:

Cryptographic techniques are two types. They are Symmetric key cryptographic Asymmetric key cryptographic 1. Symmetric key cryptographic: Symmetric key cryptographic is also known as secret key cryptographic technique. In symmetric cryptography, the sender and receiver of a message know and use the same secret key; the sender uses the secret key to encrypt the message, and the receiver uses the same secret key to decrypt the message. This method is known as secret key cryptography. In secret key cryptography we use single private key that is used for both encryption and decryption. For this cryptography we use several algorithms. They are RC2, RC4, DES, BLOWFISH and etc. In this cryptography the communication is between known persons only, not for unknowns. DES algorithm: An outline of DES is shown in below. Plain text is encrypted in blocks of 64 bits, yielding 64 bits of cipher text. The algorithm, which is parameterized by a 56-bit key, has 19 distinct stages. The first stage is a key independent transposition on the

Key management problem The main challenge is getting the sender and receiver to agree on the secret key without anyone else finding out. If they are in separate physical locations, they must trust a courier, a phone system, or some other transmission medium to prevent the disclosure of the secret key. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all messages encrypted or authenticated using that key. The generation, transmission and storage of keys is called key management. All cryptosystems must deal with key management issues. Because all keys in a secret-key cryptosystem must remain secret, secret-key cryptography often has difficulty providing secure key management, especially in open systems with a large number of users. Solution to key management problem

 In public key cryptography we use two keys. The

In order to solve the key management problem, Whitfield Diffie and Martin Hellmann introduced the concept of public key cryptography in 1976. public key is used for encryption and the private key is used for decryption. For this cryptography we use several algorithms. They are RSA, DH and etc. RSA algorithm: 2: Public key cryptography: Due to potential advantages of public key cryptography, many researchers are hard at work, and some algorithms have already been published. A group at M.I.T, called RSA algorithm, discovered one good method. This method is summarized as follows. Choose two large primes, p and q (typically greater than 10 pow 100). Compute n= p*q and z=(p-1) * (q-1) Choose a number relatively prime to z and call it d. Find e such that e*d= 1 mod z. For example the word SUZANNE can be sent as follows. For this we assume p=3,q=11 then n=33 and z=20.a suitable value for d is 7.since 7 and 20 have no common factors. With these choices, e can be found by solving the equation 7e=1 (mod 20), which yields e=3. The ciphertext, C, for a plaintext message, P, is given by C=P POW 3 (mod 33). The ciphertext is decrypted by the receiver according to the rule P=C POW (mod 33). Authentication Using Public-Key cryptography

Public-key cryptosystems have two primary uses, encryption and digital signatures. In their system, each person gets a pair of keys, one called the public key and the other called the private key. The public key is published, while the private key is kept secret. The need for the sender and receiver to share secret information is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. In this system, it is no longer necessary to trust the security of some means of communications. The only requirement is that public keys be associated with their users in a trusted (authenticated) manner (for instance, in a trusted directory). Anyone can send a confidential message by just using public information, but the message can only be decrypted with a private key, which is in the sole possession of the intended recipient. Furthermore, public-key cryptography can be used not only for privacy (encryption), but also for authentication (digital signatures) and other various techniques. In a public-key cryptosystem, the private key is always linked mathematically to the public key. Therefore, it is always possible to attack a public-key system by deriving the private key from the public key. Typically, the defense against this is to make the problem of deriving the private key from the public key as difficult as possible. For instance, some public-key cryptosystems are designed such that deriving the private key from the public key requires the attacker to factor a large number, it this case it is computationally infeasible to perform the derivation. This is the idea behind the RSA public-key cryptosystem.

Eb(A,RA)

EA(RA,RB,KS) KS(RB)

Here A starts by encrypting his identity and a random number, R (A), using Bs public (or encryption) key, E (B). When B receives this message, he has no idea of whether it came from A or from others, but he plays along and sends A back a message containing As R (A),

his own random number, R (B), and a proposed session key, K (S). When A gets message 2, he decrypts it using his private key. He sees R (A) in it. The message must have come from B, since others has no way of determining R (A). A agrees to the session by sending back message 3. When B sees R (B) encrypted with the session key he just generated, he knows A got message 2 and verified R (A). Privacy using Public Cryptography: Recipients Public KeyRecipients Private Key

Clear Text
Encrypt

Cipher Text

Clear Text

Decrypt

Originator

Recipient V. CONCLUSION:

Now let us see if we can solve the problem of establishing a secure channel between A and B, who have never had any previous contact. Both As encryption key, E (A), and Bs encryption key, E (B), are assumed to be in a publicly readable file. (Basically, all users of the network are expected to publish their encryption keys as soon as they become network users.) Now A takes his first message, P, computes E (B) (P), and sends it to B. B then decrypts it by applying his secret key D (B) (i.e., he computed D (B) (E (B) (P)))=P). No one else can read the encrypted message, E (B)(P), because the encryption system is assumed strong and because it is too difficult to derive D (B) from the publicly known E (B). A and B can now communicate securely. Applications: 1. Secure e-mail and other communication. 2. Secure www transactions. Consumer merchant purchases. Online banking 3. business-to-business transactions.

Thus we use different types of algorithms to establish security services in different services mechanisms. We use either private key cryptography or public key cryptography according to requirements. If we want to send messages quickly we use private key algorithms. If we want to send messages secretly we use public key algorithms.

VI. REFERENCE www.computer.org/publications/dlib. http://en.wikipedia.org/wiki/Cryptography