Attribution Non-Commercial (BY-NC)

3 views

Attribution Non-Commercial (BY-NC)

- Security Enhanced Key Predistribution Scheme Using Transversal Designs and Reed Muller Codes for Wireless Sensor Networks
- Encryption to learn well
- Digital Signature
- cryptography-intro-1208982511694551-8.ppt
- Logical Analysis of an Accelerated Secure Multicast Authentication Protocol
- Cam
- Introduction to Cryptography Basic Principles
- Network_security_&__Cryptography
- AISE Syllabus
- Xiau - Handbook of Security and Networks.pdf
- MIT6_00SCS11_ps4
- IJETTCS-2016-03-24-29
- En Cryptolog y
- Ecc
- encrypt > encryption
- TAG-MRTD-22_WP05
- Cryptography Nw Sec1
- Gnu Privacy Handbook
- CL-KEM-Secure and Dynamic Effective Key Management Scheme-IJAERDV04I0183342
- 06212470

You are on page 1of 4

2 (1997) 1O-l 3

Introduction to Cryptology

By Professor Fred Piper, Information Security the appropriate deciphering key k(D)

Group, Royal Holloway, University of London reproduces the plaintext from the ciphertext.

This is shown diagrammatically by the

This article provides a general introduction to the following figure.

subject of Cryptology, explains the terminology

I

and the practical application of cryptographic

I

I

the basic terms, explain some of the

fundamental concepts and highlight a few of

the problems that arise when using Figure 1

encryption. In particular we stress that having

a strong algorithm is no guarantee for security. Even if they know the deciphering algorithm

Management and the establishment of trust eavesdroppers will not, in general, know the

are the two fundamental issues which concern deciphering key and it is this lack of

those with responsibility for secure networks knowledge which, it is hoped, will prevent

and, in particular, those who are trying to them from knowing the plaintext.

establish secure electronic commerce over the Cryptography is the science of designing

Internet. cipher systems and cryptanalysis is the name

given to the process of deducing the plaintext

Some basic concepts and definitions from the ciphertext without knowing the key.

Cryptology is the collective term for both

The idea of a cipher system is to disguise cryptography and cryptanalysis.

confidential information in such a way that its

meaning is unintelligible to an unauthorized In practice most cryptanalytic attacks involve

person. The information to be concealed is trying to determine the deciphering key

called the plaintext (or just the message) and because, if successful, the attacker will then

have the same knowledge as the intended

the operation of disguising it is known as

recipient and will be able to decipher all other

enciphering or encryption. The enciphered

communications until the key is changed.

message is called the ciphertext or However, there may be instances where an

cryptogram. The person who *enciphers the attacker’s sole objective is to read a particular

message is known as the encipherer, while the message.

person to whom they send the cryptogram is

called the recipient or receiver. The set of rules One important fact should already be clear

which the encipherer uses to encipher his from our introduction: knowledge of the

plaintext is the enciphering algorithm. enciphering key is not necessary for obtaining

Normally the operation of this algorithm will the message from the ciphertext. This simple

depend on an enciphering key k(E) which the observation has had a dramatic impact on

encipherer inputs to the algorithm together modern cryptology and has led to a natural

with his message. division into two types of cipher systems.

In order that the recipient can obtain the A cipher system is called conventional or

message from the cryptogram there has to be a symmetric if it is easy to deduce the

deciphering algorithm which, when seeded by deciphering key k(D) from the enciphering

Introduction to Cryptology

infeasible to deduce k(D) from k(E) then the between symmetric and asymmetric systems

system is called asymmetric or a public key we assumed that the attacker knew the

system. The reason for distinguishing between algorithm. This, of course, will not always be

these two types of system should be clear. In true. Nevertheless, it is probably best for the

order to prevent an interceptor with designer of a cipher system to assume that any

knowledge of the algorithm from obtaining would-be attacker has as much knowledge

the plaintext from intercepted ciphertext it is and general ‘intelligence’ information as

essential that k(D) should be secret. Whereas possible.

for a symmetric system this necessitates that

k(E) should also be secret, if the system is One of the main problems facing anyone

asymmetric then knowledge of k(E) is of no wishing to design or implement a cipher

practical use to the attacker. Indeed it can, and system is how to assess whether or not the

usually is, made public. system is ‘secure enough’ for the particular

implementation. In order to assess the security

Although the statements made in the last of a system it is customary to make the

paragraph may appear to be simple and self- following three assumptions.

evident, their consequences are far reaching.

In Figure 2 our diagram assumes that the WC1 The cryptanalyst has a complete

sender and recipient have a ‘matching pair’ of knowledge of the cipher system.

keys, It may, in practice, be quite difficult for

WC2 The cryptanalyst has obtained a

them to reach this situation. If, for instance,

considerable amount of ciphertext.

the system is symmetric then there may be a

need to distribute a secret key value before WC3 The cryptanalyst knows the plaintext

secret messages can be exchanged. The problem equivalent of a certain amount of the

of providing adequate protection for these ciphertext.

keys should not be underestimated. In fact, the

general problem of key management, which In any given situation it is, of course,

includes key generation, distribution, storage, necessary to quantify realistically what is

change and destruction, is one of the most meant by ‘considerable’ and ‘certain’. This

difficult aspects of obtaining a secure system. will depend on the particular system under

consideration.

The problems associated with key

management tend to be different for Condition WC1 implies that there should be

symmetric and asymmetric systems. If the no reliance on keeping details of the cipher

system is symmetric then, as we have seen, system secret. However, this does not imply

there is a need to be able to distribute keys that the system should be made public.

while keeping their values secret. If the system Naturally the cryptanalyst’s task is

is asymmetric then it may be possible to avoid considerably harder if he does not know the

this particular problem by distributing only system used and it is now possible to conceal

the enciphering keys, which do not need to be this information to a certain extent, although

secret. However, it is then replaced by the there is considerable debate about how much

problem of guaranteeing the authenticity of reliance can be placed on the tamper

each participant’s enciphering key i.e. of resistance of cryptographic devices such as

guaranteeing that the person using an smartcards. From any manufacturer’s or

enciphering key knows the identify of the designer’s point of view, WC1 is an essential

‘owner’ of the corresponding deciphering key. assumption, since it removes a great deal of

Introduction to Cryptology

the ultimate responsibility involved in important and it must be recognized that there

keeping a system secret. is a ‘market’ for low level security. For almost

all non-military implementations the

WC2 is a reasonable assumption. If there is no provision of security is a costly overhead.

possibility of interception then there is no Furthermore, the addition of the security

need to use a cipher system. However, if facilities frequently degrades the overall

interception is a possibility then, presumably, performance of the system. Thus there is a

the communicators will not be able to dictate natural requirement to keep the security to a

when the interception takes place and the minimum. One common way of trying to

safest option is to assume that all determine the level of security required is to

transmissions will be intercepted. try to estimate the length of time for which the

information needs protection. If we call this

WC3 is also a realistic condition. The attacker the desired cover time of the system then we

might gain this type of information by have a crude indication of the security level

observing traffic or making intelligent required. For instance the cipher system

guesses. He might also even be able to choose suitable for a tactical network with a cover

the plaintext for which the ciphertext is time of a few minutes may be considerably

known. ‘weaker’ than that required for a

strategic system where, as in the case of

An attack which utilizes the existence of government secrets, the cover time may be

known plaintext/ciphertext pairs is called a tens of years.

known plaintext attack. If the plaintext is

selected by the attacker then it is a chosen If we assume that our deciphering algorithm

plaintext attack. is known then there is one obvious method of

attack available to the interceptor. They could,

One consequence of accepting these worst at least in theory, try each possible

case conditions is that we have to assume that deciphering key and ‘hope’ that they identify

the only information which distinguishes the the correct one. Such an attack is called an

genuine recipient from the interceptor is exhaustive key search. Of course such an

knowledge of k(D). Thus the security of the attack cannot possibly succeed unless the

system is totally dependent on the secrecy of attacker has some way of recognizing the

the deciphering key. This reinforces our earlier correct key or, as is more common, at least

assertion about the importance of good key being able to eliminate some obviously

management. incorrect ones. In a known plaintext attack, for

instance, it is clear that any choice of k(D)

We must stress that assessing the security level which does not give the correct plaintext for

of a cipher system is not an exact science. All all the corresponding ciphertext cannot

assessments are based upon assumptions, not possibly be the correct key.

only on the knowledge available to an

attacker, but also on the facilities available to Uses of cryptography

them. The best general principle is to assume

the worst and/or err on the side of caution. It In the introductory section we assumed that

is also worth stressing that, in general, the cryptography was being used to provide

relevant question is not “is this an secrecy. Although this is its ‘traditional’ use it

exceptionally secure system?” but, rather, “is is no longer its only application. In fact, it is

this system secure enough for this particular probably true to say the provision of secrecy is

application?” This latter observation is very no longer its main purpose.

Introduction to Cryptology

When messages are sent over open networks symmetric systems. In each case an attacker

there may not be any need for confidentiality, has two different methods of attacking the

but the user is likely to need assurance that the system. One is to obtain the relevant secret

message received has not been altered during key. This might be achieved by computing the

transmission. Furthermore, they will also need secret key from the public key or by obtaining

to be confident that they know the identity of a device which stores and/or uses that key.

the sender. Cryptography may be used to (The computation attack is prevented by using

provide these assurances. suitable large keys and relying on the

infeasibility of the attacker successfully

This is an appropriate place to point out a completing the necessary calculations. Attacks

fundamental difference between the use of which involve the misuse of devices must be

symmetric and asymmetric algorithms. If a thwarted by good management and/or the

symmetric algorithm is used then the receiver use of suitably tamper resistant devices.) The

and sender share the same secret key and it is other attack is to substitute a public key for the

the use of this secret key that identifies them to genuine one. If the public key system is being

each other and provides the assurances about used to encrypt a symmetric key then, since

the integrity of the data and the identity of the the attacker’s key has been used for the

sender. Provided that they remain the only encryption, it will be the attacker and not the

two people who know the secret key then they intended recipient who obtains the symmetric

have protection against all third parties. key. If the public key system is being used to

However, they have no protection from each provide digital signatures then, clearly, the

other. Either one of them could use the secret attacker can forge the signature of the genuine

key and claim that the other must be signer.

responsible. Thus symmetric systems are only

appropriate when the two parties trust each This last paragraph highlights the need for

other. If two parties need protection from each being able to guarantee the authenticity of

public keys. This is not an easy problem and

other, in the sense that, say, the sender should

most solutions involve the use of a trusted

not be able to deny sending a particular

third party, called a Certification Authority

message, then there must be some form of

(CA), which digitally signs a certificate which

asymmetry between them. In this case data

binds the identity of the key owner to the

integrity and user authentication are provided

value of the public key. Anyone who has an

by the use of a digital signature which is a authentic copy of the CA’s public key, and has

cryptographic checksum added by the sender confidence that the CA will have checked the

but with the property that only the sender, key owner’s credentials, will then be able to

could have computed it. In most confirm the authenticity of the public key by

circumstances any third party, e.g. a judge, checking the CA’s signature. These certificates

will be able to verify that the checksum was can also be used to verify a user’s identity by

computed by the actual sender. issuing a challenge which they must encrypt

using their secret key. The issuer of the

Public key systems tend to use arithmetic challenge can use the public key value in the

processes involving very large numbers and, certificate to decrypt the response and, if the

as a result, are usually significantly slower answer is correct, knows that the response

than symmetric algorithms. Thus they tend must have come from the user identified in the

not to be used for encrypting large passages of certificate. Of course the problem now is

text. The two main uses of public key systems ensuring that we can have confidence in the

are the provision of digital signature and as CA and be sure that we have an authentic

key encrypting keys to distribute keys for copy of that CA’s public key.

- Security Enhanced Key Predistribution Scheme Using Transversal Designs and Reed Muller Codes for Wireless Sensor NetworksUploaded byAIRCC - IJNSA
- Encryption to learn wellUploaded bylucas
- Digital SignatureUploaded byBibinMathew
- cryptography-intro-1208982511694551-8.pptUploaded bydeepa367ymailcom
- Logical Analysis of an Accelerated Secure Multicast Authentication ProtocolUploaded byijcsis
- CamUploaded bysandeepsaraswat
- Introduction to Cryptography Basic PrinciplesUploaded byReddy Sumanth
- Network_security_&__CryptographyUploaded bySujit Seela
- AISE SyllabusUploaded byShivam Chhabra
- Xiau - Handbook of Security and Networks.pdfUploaded byAdub Amatuag
- MIT6_00SCS11_ps4Uploaded bymra3210
- IJETTCS-2016-03-24-29Uploaded byAnonymous vQrJlEN
- En Cryptolog yUploaded bylipika008
- EccUploaded byxcekax_net1666
- encrypt > encryptionUploaded byapi-25988294
- TAG-MRTD-22_WP05Uploaded bymmaannii08
- Cryptography Nw Sec1Uploaded byManoj Kumar
- Gnu Privacy HandbookUploaded byMarcelo Ave
- CL-KEM-Secure and Dynamic Effective Key Management Scheme-IJAERDV04I0183342Uploaded byEditor IJAERD
- 06212470Uploaded byshailygoyal
- comp-netwUploaded bypooojauptuamity
- Bsc-it Sem 5 Network Security Unit 3Uploaded byRahul Dhande
- E - commUploaded byMoygaon Rockers
- 10[1].1.1.22Uploaded byAvinash A P Gowda
- Cloud Computing 5Uploaded byRishikaa Ram
- CHAPTER 4Uploaded byLucien Yemah
- IKE IPSECUploaded bycompermise515356
- V2I400162Uploaded byvettrichelv
- ExamplesUploaded bydeepeshz
- Paper 16Uploaded byRakeshconclave

- Overview of Telecom NetworkUploaded byAkansha Lal Srivastava
- unit 3 cf.pptxUploaded byajith
- Windchill PDM Essentials-eBookUploaded byMiguel Farah
- Oracle_11.2.0.4_lnxUploaded byAde Rahman
- Scalable Cloud Database SolutionFor Sensor NetworksUploaded byWarren Smith QC (Quantum Cryptanalyst)
- Harq TechniqueUploaded byDeepak
- 8. Dynamic Routing Control Based on a Genetic AlgorithmUploaded byRohit Chahal
- WE2110 Reference_P53_3[1].3Uploaded bynen73l
- Basic Pocket GuideUploaded byscience1990
- Se Lab ManualUploaded bysampurnakumar
- Wireless Biometric Attendance Management SystemUploaded byEditor IJRITCC
- QoSUploaded byLeo Lima
- Smart School Qualification Standards IndicatorsUploaded byReni Bin Rasli
- MVC Pattern (MVC Framework)Uploaded byduongtuanvn
- toyotaUploaded byNikita Batule
- password security research paperUploaded byapi-273822462
- Sonardyne Ranger 2Uploaded byArnoldo López Méndez
- the-basics-of-crm-1192515866472962-1Uploaded byRANG2812
- 4614 Tech Re FadUploaded byLuis Tavis
- Active DirectoryUploaded byaljohntj
- know_thy_enemy_by_watch_guard.docxUploaded bysergiojunior_ep
- GSM to UMTS TransitionUploaded byRajib Chakrabarti
- Adaptiv Huffman Coding pptUploaded byHermandeep Kaur
- Data Flow DiagramUploaded byFreiherr Leo
- BCD Adder-subtractorUploaded bySingamaneni Ashokkumar
- LaboratoryManualForEmbeddedControllers.pdfUploaded byeng_refaat
- EN-PK635 4.11Uploaded byLucian Bălan
- Bizhub c554e c454e c364e c284e c224e Quick Reference en 1 0 0Uploaded byAtila Gubic
- Dell SAP Sizing Form v4Uploaded byAnnapureddy Srinivasa Reddy
- USB-Link 2 NEXIQ 2sided WiFi and Bluetooth FINALUploaded byUlises Gonzalez