You are on page 1of 11


-A primitive of Network Security

If you have found this useful please mail me your name,contact number,your feed back Urs

ABSTRACT: The past twenty years have seen cryptography move from arcane to commonplace, from difficult to easy, from expensive to cheap. Many influences are at work. Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.

The type of operations used

The number of keys used The way in which data is processed 5. TYPES OF CRYPTOGRAPHY
Secret Key Cryptography Public Key Cryptography Hash Functions 6. ALGORITHM TYPES AND STRENGTHS Stream algorithms Block algorithms

Some things about this future are already clear. Cryptographic operations will disappear into the infrastructure. The complexities of cryptography and of cryptographic key management will be hidden from users. New sorts of protocols will become practical. New sorts of businesses will be possible. We will describe several such protocols and businesses. CONTENT 1. INTRODUCTON 2. HISTORY 3. KEYWORDS


Key management


Public key encryption Digital signatures

Key encapsulation Data encapsulation

Cryptography Cryptographer Cryptanalysis Cryptology Cryptanalyst Ciphertext-only attack known-plaintext attack Chosen-plaintext attack Chosen-ciphertext attack Adaptive chosen-plaintext

Related-key attack



Quantum cryptography DNA cryptography



conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge. Encryption was used to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, among others.


Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. cryptography referred almost exclusively to encryption, which is the process of converting ordinary information into unintelligible gibberish ( ciphertext ). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext[1]. A cipher is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a key. This is a secret parameter for a specific message exchange context

Cryptography: The techniques or algorithm used for converting plaintext into ciphertext are called cryptographic techniques. The study of these techniques is known as Cryptography[1]. Cryptographer: The person who deals with Cryptography. Cryptanalysis: Studying the ciphertext to obtain plaintext or Key without knowing actual algorithm or key used is called as cryptanalysis. Cryptology: The study of cryptographer and cryptanalysis. Cryptanalyst: The person deals with cryptanalysis.


Cryptography systems are generically classified along three independent dimensions[5]


Cryptography was concerned solely with message confidentiality ( encryption)

1. The type of operations used for transmitting plaintext to ciphertext:

All encryption algorithms are based on two general principals Substitution: In which each element in plaintext is mapped into another element. Transposition: In which elements in the plaintext are rearranged. The fundamental requirement is that no information be lost. 2. The number of keys used: If both sender and receiver use the same key, the system referred to as symmetric, single key, secretkey, or conventional encryption. If the sender and receiver use a different key, the system is referred to as asymmetric, two-key,or public-key encryption. 3.The way in which the plaintext is processed: A block cipher process the input one block of elements at a time, producing an block for each input block. A stream cipher process the inputelements continuously, producing output one element at a time, as its goesalong

by their application and use. The following are the three types of Algorithm that are discussed[ Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption. Public Key Cryptography (PKC): Uses one key for encryption and another for decryption. Hash Functions: transformation to information. Uses a mathematical irreversibly "encrypt"

SYMMETRIC-KEY CRYPTOGRAPHY The most widely used symmetric key cryptographic method is the Data Encryption Standard (DES). It uses a fixed length, 56-bit key and an efficient algorithm to quickly encrypt and decrypt messages. It can be easily implemented in hardware, making the encryption and decryption process even faster. In general, increasing the key size makes the system more secure. A variation of DES, called Triple-DES or DES-EDE (encryptdecrypt-encrypt), uses three applications of DES and two independent DES keys to produce an effective key length of 168 bits. The International Data Encryption Algorithm (IDEA) was invented by James Massey and Xuejia Lai of ETH Zurich, Switzerland in 1991. IDEA uses a fixed length, 128-bit key (larger than DES but smaller than TripleDES). It is also faster than Triple-DES. In the early 1990s, Don Rivest of RSA Data Security, Inc., invented the algorithms RC2 and RC4. These use variable length keys and

TYPES OF CRYPTOGRAPHY There are several ways of classifying cryptographic algorithms. For purposes of this report they will be categorized based on the number of keys that are employed for encryption and decryption, and further defined

are claimed to be even faster than IDEA. However, implementations may be exported from the U.S. only if they use key lengths of 40 bits or fewer. Despite the efficiency of symmetric key cryptography , it has a fundamental weak spotkey management. Since the same key is used for encryption and decryption, it must be kept secure. If an adversary knows the key, then the message can be decrypted. At the same time, the key must be available to the sender and the receiver and these two parties may be physically separated. Symmetric key cryptography transforms the problem of transmitting messages securely into that of transmitting keys securely. This is an improvement , because keys are much smaller than messages, and the keys can be generated beforehand. Nevertheless, ensuring that the sender and receiver are using the same key and that potential adversaries do not know this key remains a major stumbling block. This is referred to as the key management problem.

PUBLIC-KEY CRYPTOGRAPHY Asymmetric key cryptography overcomes the key management problem by using different encryption and decryption key pairs. Having knowledge of one key, say the encryption key, is not sufficient enough to determine the other key - the decryption key. Therefore, the encryption key can be made public, provided the decryption key is held only by the party wishing to receive encrypted messages (hence the name public/private key cryptography). Anyone can use the public key to encrypt a message, but only the recipient can decrypt it. [3] RSA is a widely used public/private key algorithm is, named after the initials of its inventors, Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman [RSA 91]. It depends on the difficulty of factoring the product of two very large prime numbers. Although used for encrypting whole messages, RSA is much less efficient than symmetric key algorithms such as DES. ElGamal is another public/private key algorithm .This uses a different arithmetic algorithm than RSA, called the discrete logarithm problem. The mathematical relationship between the public/private key pair permits a general rule: any message encrypted with one key of the pair can be successfully decrypted only with that key's counterpart. To encrypt with the public key means you can decrypt only with



the private key. The converse is also true - to encrypt with the private key means you can decrypt only with the public key. HASH FUNCTION Is a type of one-way function this are fundamental for much of cryptography. A one way function - is a function that is easy to calculate but hard to invert. It is difficult to calculate the input to the function given its output. The precise meanings of "easy" and "hard" can be specified mathematically. With rare exceptions, almost the entire field of public key cryptography rests on the existence of one-way functions.

hash function ca also be referred to as a function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. It takes a long string (or message) of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint.


Lets take a closer look at both symmetric and public key cryptography. As a subset of cryptography, cryptographic algorithms can be divided into two categories: Stream algorithms Operate on plaintext one byte at a time, where a byte is a character, number, or special character. The process is inefficient and slow. In this application, functions are characterized and evaluated in terms of their ability to withstand attack by an adversary. More specifically, given a message x, if it is computationally infeasible to find a message y not equal to x such that H(x) = H(y) then H is said to be a weakly collision-free hash function. A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x) = H(y). The requirements for a good cryptographic hash function are stronger than those in many other applications (error correction and audio identification not included). For this reason, cryptographic hash functions make good stock hash functions--even functions whose cryptographic security is compromised, such as MD5 and SHA-1. The SHA-2 algorithm, however, has no known compromises Block algorithms Operate on plaintext in groups of bytes, called blocks (hence the name block algorithms or block ciphers). Typical block sizes for modern algorithms is 64 bytes, small enough to work with but large enough to deter code breakers. Unfortunately, with the current speed of microprocessors, breaking a 64-byte algorithm using brute force is proving to be to relatively easy task.

Symmetric-key cryptosystems use the same key for encryption and decryption of a message, though a message or group of messages may have a different key than others. A significant disadvantage of symmetric ciphers is the key management necessary to use them securely. Each distinct pair of communicating parties must, ideally, share

a different key, and perhaps each ciphertext exchanged as well. The number of keys required increases as the square of the number of network members, which very quickly requires complex key management schemes to keep them all straight and secret.

they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair. In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. The public key is typically used for encryption, while the private or secret key is used for decryption. Padlock icon from the Firefox Web browser, meant to indicate a page has been sent in SSL or TLS-encrypted protected form. However, such an icon is not a guarantee of security; any subverted browser might mislead a user by displaying such an icon when a transmission is not actually being protected by SSL or TLS. The two main branches of public key cryptography are:

One disadvantage of symmetric-key algorithms is the requirement of a shared secret key, with one copy at each end. In order to ensure secure communications between everyone in a population of n people a total of n(n 1)/2 keys are needed, which is the total number of possible communication channels.[1] To limit the impact of a potential discovery by a cryptographic adversary, they should be changed regularly and kept secure during distribution and in service. The process of selecting, distributing and storing keys is known as key management, and is difficult to achieve reliably and securely.

Symmetric vs. asymmetric algorithms

Unlike symmetric algorithms, asymmetric key algorithms use a different key for encryption than for decryption. I.e., a user knowing the encryption key of an asymmetric algorithm can encrypt messages, but cannot derive the decryption key and cannot decrypt messages encrypted with that key. A short comparison of these two types of algorithms is given below: Whitfield Diffie and Martin Hellman proposed the notion of public-key (asymmetric key) cryptography in which two different but mathematically related keys are used a public key and a private key. A public key system is so constructed that calculation of one key ('private key') is computationally infeasible from the other ('public key'), even though

Public key encryption a message encrypted with a recipient's public key cannot be decrypted by anyone except a possessor of the matching private key -- presumably, this will be the owner of that key and the person associated with the public key used. This is used for confidentiality. Digital signatures a message signed with a sender's private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender had access to the private key (and therefore is likely to be the person associated with the public key used), and the part of the message that has not been tampered with. In digital signature schemes, there are two algorithms: one for signing, in which a secret key is used to process the message (or a hash of the message, or both), and

one for verification, in which the matching public key is used with the message to check the validity of the signature.

A hybrid cryptosystem can be constructed using any two separate cryptosystems:

a key encapsulation scheme, which is a public-key cryptosystem, and a data encapsulation scheme, which is a symmetric-key cryptosystem.

RSA and DSA are two of the most popular digital signature schemes. Digital signatures are central to the operation of public key infrastructures and many network security schemes. Public-key cryptosystems are commonly hybrid cryptosystems, in which a fast highquality symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric key is sent with the message, but encrypted using a public-key algorithm. Similarly, hybrid signature schemes are often used, in which a cryptographic hash function is computed, and only the resulting hash is digitally signed HYBRID CRYPTOSYSTEMS In modern cryptosystems designs, both asymmetric (public key) and symmetric algorithms are used to take advantage of the virtues of both. Asymmetric algorithms are used to distribute symmetric-keys at the start of a session. Once a symmetric key is known to all parties of the session, faster symmetric-key algorithms using that key can be used to encrypt the remainder of the session. This simplifies the key distribution problem, because asymmetric keys only have to be distributed authentically, whereas symmetric keys need to be distributed in an authentic and confidential manner.

The hybrid cryptosystem is itself a publickey system, whose public and private keys are the same as in the key encapsulation scheme. CRYPTANALISIS
Cryptanalysis has coevolved together with cryptography, and the contest can be traced through the history of cryptographynew ciphers being designed to replace old broken designs, and new cryptanalytic techniques invented to crack the improved schemes. In practice, they are viewed as two sides of the same coin: in order to create secure cryptography, you have to design against possible cryptanalysis.

It is a common misconception that every encryption method can be broken. Most ciphers, apart from the one-time pad, can be broken with enough computational effort by brute force attack, but the amount of effort needed may be exponentially dependent on the key size, as compared to the effort needed to use the cipher.

4.Chosen-ciphertext attack:

The cryptanalyst may be able to choose ciphertexts and learn their corresponding plaintexts.

chosen-plaintext: like a chosen-plaintext attack, except the attacker can choose subsequent plaintexts based on information learned from previous encryptions. Similarly Adaptive chosen ciphertext attack. 6.Related-key attack: Like a chosenplaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys. The keys are unknown, but the relationship between them is known; for example, two keys that differ in the one bit. Variants of the Enigma machine, used by Germany's military and civil authorities from the late 1920s through World War II, implemented a complex electromechanical polyalphabetic cipher. There are a wide variety of cryptanalytic attacks, and they can be classified in any of several ways. A common distinction turns on what an attacker knows and what capabilities are available.
1.Ciphertext-only attack:

Cryptanalysis of symmetric-key ciphers typically involves looking for attacks against the block ciphers or stream ciphers that are more efficient than any attack that could be against a perfect cipher. For example, a simple brute force attack against DES requires one known plaintext and 255 decryptions, trying approximately half of the possible keys, to reach a point at which chances are better than even the key sought will have been found. But this may not be enough assurance; a linear cryptanalysis attack against DES requires 243 known plaintexts and approximately 243 DES operations. This is a considerable improvement on brute force attacks. Public-key algorithms are based on the computational difficulty of various problems. While pure cryptanalysis uses weaknesses in the algorithms themselves, other attacks on cryptosystems are based on actual use of the algorithms in real devices, and are called side-channel attacks. If a cryptanalyst has access to, say, the amount of time the device took to encrypt a

The cryptanalyst has access only to the ciphertext (good modern cryptosystems are usually effectively immune to ciphertextonly attacks).
2.known-plaintext attack:

The cryptanalyst has access to a ciphertext and its corresponding plaintext (or to many such pairs).
3.Chosen-plaintext attack:

The cryptanalyst may choose a plaintext and learn its corresponding ciphertext (perhaps many times).

number of plaintexts or report an error in a password or PIN character, he may be able to use a timing attack to break a cipher that is otherwise resistant to analysis. An attacker might also study the pattern and length of messages to derive valuable information; this is known as traffic analysis and can be quite useful to an alert adversary. And, of course, social engineering, and other attacks against the personnel who work with cryptosystems or the messages they handle (e.g., bribery, extortion, blackmail, espionage, torture, ...) may be the most productive attacks of all.

and forth communication among two or more parties in space or across time .Such cryptosystems are sometimes called cryptographic protocols.[4] Some widely known cryptosystems: RSA encryption, Schnorr signature, ElGamal encryption, PGP

There are two areas that show promise in the field of cryptography: Quantum cryptography and DNA cryptography. Quantum cryptography attempts to achieve the same security of information as other forms of cryptography but through the use of photons, or packets of light. The process, though still in experimental stages, makes use of the polarization nature of light and is proving to be a very promising defense against eavesdropping . DNA cryptography makes use of specially selected DNA strands whose combination results to a specific solution to a problem. Still in its infancy, DNA cryptography looks promising .
APPLICATIONS Cryptography is used in applications ATM cards. Computer passwords. Electronic commerce which all depend on cryptography. Emails. Computer networks. ADVANTAGES AND DISADVANTAGES

Much of the theoretical work in cryptography concerns cryptographic primitives algorithms with basic cryptographic propertiesMuch of the theoretical work in cryptography concerns cryptographic primitives algorithms with basic cryptographic properties. These primitives provide fundamental properties, which are used to develop more complex tools called cryptosystems or cryptographic protocols, which guarantee one or more high-level security properties. Typical examples of cryptographic primitives include pseudorandom functions, one-way functions, etc.

One or more cryptographic primitives are often used to develop a more complex algorithm, called a cryptographic system, or cryptosystem. . Cryptosystems) are designed to provide particular functionality (e.g. public key encryption) while guaranteeing certain security properties .Cryptosystems use the properties of the underlying cryptographic primitives to support the system's security properties. A sophisticated cryptosystem can be derived from a combination of several more primitive cryptosystems. In many cases, the cryptosystem's structure involves back

Even though public key cryptography is the accepted standard, its not foolproof. For this reason, it has not completely replaced symmetric cryptography. Here are some of the main advantages and disadvantages [5].


1. The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone. 2. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization. We will look at digital timestamps and digital signatures in a moment.

1. Transmission time for documents encrypted using public key cryptography are significantly slower then symmetric cryptography. In fact, transmission of very large documents is prohibitive. 2. The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection. 3. Public key cryptography is susceptible to impersonation attacks.

CONCLUSION: Cryptography is not as scary as it seems at first. It is up to you as a developer and/or architect to make sure that your applications maintain data integrity, secrecy, and authenticity. With .NET's built-in support for symmetric and asymmetric ciphers your application should be able to protect data in a variety of different situations. Protecting a single field in a database or protecting-large scale B2B communications has now been made much easier with .NET. REFERENCES: [1]. hy. [2]. [3]. [4] em.
[5].Cryptography And Network Security -- William Stallings.