INFORMATION SECURITY UNIT-2

-PUBLIC KEY CRYPTOGRAPHY PRINCIPLES

-RSA ALGORITHM
-KEY MANAGEMENT
-DIFFIE-HELLMAN KEY EXCHANGE
-ELLIPTIC CURVE CRYPTOGRAPHY
-MESSAGE AUTHENTICATION AND HASH FUNCTIONS
- AUTHENTICATION REQUIREMENTS AND FUNCTIONS
-MESSAGE AUTHENTICATION
-HASH FUNCTIONS AND MACs HASH AND MAC ALGORITHMS SHA-512,
-HMAC

PUBLIC KEY CROPTOGRAPHY PRINCIPLES😐/ SYMMETRIC CIPHER MODEL:

-IT has become an essential means of providing confidentiality, especially through its need of
key distribution, where users seeking private connection exchange encryption keys.
-Symmetric Encryption is the most basic and old method of encryption. It uses only one key
for the process of both the encryption and decryption of data.
-Thus, it is also known as Single-Key Encryption.
The Symmetric Cipher Model:
A symmetric cipher model is composed of five essential parts:
Public-key cryptography works on the following principles:
Plaintext − This is the readable message or information that is informer into the algorithm as
input.
Encryption algorithm − The encryption algorithm performs several conversion on the
plaintext.
Public and Private keys − Two sets of keys should be used where a public key is used for
encryption, and a private key is used for decryption. The plaintext’s transformation will
depend on the key selected from the set.
Ciphertext − This is scrambled message generated as output. It based on the plaintext and
the key. For a given message, there are two specific keys will create two different
ciphertexts.
Decryption Algorithm − This algorithm get the ciphertext and the matching key and create
the original plaintext.
The private key in this cryptography process is never shared and kept safe. The user of the
public key must input two prime numbers that were used to create it.

RSA encryption algorithm:

-RSA is the most common public-key algorithm
-RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it
works on two different keys i.e. Public Key and Private Key.
-As the name describes that the Public Key is given to everyone and the Private key is kept
private.

The idea! The idea of RSA is based on the fact that it is difficult to factorize a large integer.
-The public key consists of two numbers where one number is a multiplication of two large
prime numbers.
-And private key is also derived from the same two prime numbers. So if somebody can
factorize the large number, the private key is compromised.
-Therefore encryption strength totally lies on the key size and if we double or triple the key
size, the strength of encryption increases exponentially.
-RSA keys can be typically 1024 or 2048 bits long, but experts believe that 1024-bit keys
could be broken in the near future. But till now it seems to be an infeasible task.
RSA algorithm uses the following procedure to generate public and private keys:
-Select two large prime numbers, p and q.
-Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
-Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1).
-If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public
key <e, n>. To find ciphertext from the plain text
-To determine the private key, we use the following formula to calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1.
-The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To
calculate plain text m from the ciphertext c following formula is used to get plain text m.
m = cd mod n

KEY MANAGEMENT:
Key management define as managing cryptographic keys within a cryptosystem. It can
manage with generating, exchanging, saving, using and replacing keys as required at the user
level.
-A key management system will also contains key servers, user process and protocols,
including cryptographic protocol design. The security of the cryptosystem is based upon
successful key management.
-Cryptographic keys play an essential role in protecting sensitive data, avoiding data
breaches, and understanding with regulations. Unfortunately, a lost or stolen key can lead to
costly losses of systems and information.
-Encryption key management is a group of practices and rules that provide the secured use
of cryptographic keys. Proper management provides a key stays secure throughout its
lifecycle, from generation and use to saving and deletion.
-A cryptographic key is a document that include a string of letters and numbers that can
encrypt and decrypt information when processed by a crypto algorithm. The main objective
of key management is to maintain these files away from unauthorized users and systems.
-Key Management manage with the generation, exchange, storage, deletion, and updating of
keys. They also manage with the members access of the keys.
-Key management forms the basis of all information security. Data is encrypted and
decrypted through the use of encryption keys.
-Keys also provide the secure transmission of information across an Internet connection.
-Key management servers (KMS) are used to administer the complete lifecycle of
cryptographic keys and secure them from loss or misuse.
-KMS solutions, and other key management technology, directly control the generation,
management, storage, archival, and removal of encryption keys.
DIFFIE-HELLMAN KEY EXCHANGE:
The Diffie Hellman key exchange method was first used to develop and exchange keys over
an insecure channel safely. It set a milestone in cryptography and is still used today in
various applications where encryption is required.
Let’s understand the mechanism with the following example,
You want to communicate with a spy from an allied nation who is not known to you. There is
no secure channel to talk to them.
Messages sent without encryption can make any undesirable person read the contents. If
the encryption is done on the message, no one will be able to read it.
This issue can be handled easily with the Diffie Hallman key exchange, which makes this
method unique.
The algorithm provisions safely create a shared key on a secure channel and even over an
insecure channel tracked by the adversaries.
Method of Operation in Diffie-Hellman Key Exchange
Diffie-Hellman key exchange algorithm is based on the principles of modular exponentiation
and discrete logarithms to allow two parties to securely establish a shared secret key over an
insecure communication channel. Here is an operational overview of the process in context
to Alice and Bob :
1. Parameters Setup
Alice and Bob must agree upon two number:
A large prime number p,
A generator g of p, which is the primitive root of p
These two number are shared and are not kept secret.
2. Key Generation
Alice and Bob randomly chose a private key, say xa and xb, where xa is the private key of
Alice and xb is the private key of Bob.
These private keys are kept secret and not being shared.
3. Public Key Exchange
Both Alice and Bob perform a calculation to generate their corresponding public keys.
ya = ga (mod p)
yb = gb (mod p),
where ya is the public key of Alice and yb is the public key of Bob
The public key are then shared with each other, ya is shared with Bob and yb is shared with
Alice.
4.Shared Secret Key Calculation
Alice then calculates the shared secret using the yb received from Bob and her private key
as:
k = (yb)xa (mod p)
Bob also calculates the shared secret using the ya received from Alice and his private key xb
as:
k = (ya)xb (mod p)
5. Resulting Secret
lice and Bob will end upon the same shared secret key, which can be used for encryption and
decryption of information using symmetric key algorithms.
ELLIPTIC CURVE CRYPTOGRAPHY:
Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic
curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
ECC is an alternative to the Rivest-Shamir-Adleman (RSA) cryptographic algorithm and is
most often used for digital signatures in cryptocurrencies, such as Bitcoin and Ethereum, as
well as one-way encryption of emails, data and software.
Public key cryptography systems, like ECC, use a mathematical process to merge two distinct
keys and then use the output to encrypt and decrypt data.
One is a public key that is known to anyone, and the other is a private key that is only
known by the sender and receiver of the data.
Components of Elliptic Curve Cryptography:
1.ECC keys:
Private key: ECC cryptography’s private key creation is as simple as safely producing a
random integer in a specific range, making it highly quick. Any integer in the field represents
a valid ECC private key.
Public keys: Public keys within ECC are EC points, which are pairs of integer coordinates x,
and y that lie on a curve. Because of its unique features, EC points can be compressed to a
single coordinate + 1 bit (odd or even).
2. Generator Point:
ECC cryptosystems establish a special pre-defined EC point called generator point G (base
point) for elliptic curves over finite fields, which can generate any other position in its
subgroup over the elliptic curve by multiplying G from some integer in the range [0…r].
The number r is referred to as the “ordering” of the cyclic subgroup.
Elliptic curve subgroups typically contain numerous generator points, but cryptologists
carefully select one of them to generate the entire group (or subgroup), and is excellent for
performance optimizations in calculations. This is the “G” generator.

-MESSAGE AUTHENTICATION AND HASH FUNCTIONS:

MESSAGE AUTHENTICATION:
-Data is prone to various attacks. One of these attacks includes message authentication.
-This threat arises when the user does not have any information about the originator of the
message.
-Message authentication can be achieved using cryptographic methods which further make
use of keys.
All message authentication and digital signature mechanisms are based on two functionality
levels:
Lower level: At this level, there is a need for a function that produces an authenticator,
which is the value that will further help in the authentication of a message.
Higher-level: The lower level function is used here in order to help receivers verify the
authenticity of messages.
Message encryption: While sending data over the internet, there is always a risk of a Man in
the middle(MITM) attack.
A possible solution for this is to use message encryption. In message encryption, the data is
first converted to a ciphertext and then sent any further. Message encryption can be done in
two ways:
Symmetric Encryption: Say we have to send the message M from a source P to destination
Q. This message M can be encrypted using a secret key K that both P and Q share. Without
this key K, no other person can get the plain text from the ciphertext.
This maintains confidentiality. Further, Q can be sure that P has sent the message. This is
because other than Q, P is the only party who possesses the key K and thus the ciphertext
can be decrypted only by Q and no one else.
This maintains authenticity. At a very basic level, symmetric encryption

HASH FUNCTIONS:
Hash functions are extremely useful and appear in almost all information security
applications.
A hash function is a mathematical function that converts a numerical input value into
another compressed numerical value. The input to the hash function is of arbitrary length
but output is always of fixed length.
Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function –
Features of Hash Functions
The typical features of hash functions are −
Fixed Length Output (Hash Value)
Hash function coverts data of arbitrary length to a fixed length. This process is often referred
to as hashing the data.
In general, the hash is much smaller than the input data, hence hash functions are
sometimes called compression functions.
Since a hash is a smaller representation of a larger data, it is also referred to as a digest.
Hash function with n bit output is referred to as an n-bit hash function. Popular hash
functions generate values between 160 and 512 bits.
Efficiency of Operation
Generally for any hash function h with input x, computation of h(x) is a fast operation.
Computationally hash functions are much faster than a symmetric encryption.
AUTHENTICATION REQUIREMENTS AND FUNCTIONS:
Authentication Requirements:
Revelation: It means releasing the content of the message to someone who does not have
an appropriate cryptographic key.
Analysis of Traffic: Determination of the pattern of traffic through the duration of connection
and frequency of connections between different parties.
Deception: Adding out of context messages from a fraudulent source into a communication
network. This will lead to mistrust between the parties communicating and may also cause
loss of critical data.
Modification in the Content: Changing the content of a message. This includes inserting new
information or deleting/changing the existing one.
Modification in the sequence: Changing the order of messages between parties. This
includes insertion, deletion, and reordering of messages.
Modification in the Timings: This includes replay and delay of messages sent between
different parties. This way session tracking is also disrupted.
Source Refusal: When the source denies being the originator of a message.
Destination refusal: When the receiver of the message denies the reception.
MESSAGE AUTHENTICATION CODE:(MAC)
An alternative authentication technique involves the use of a secret key to generate a
small fixed-size block of data, known as cryptographic checksum or MAC, which is appended
to the message.
This technique assumes that both the communicating parties say A and B share a common
secret key K.
When A has a message to send to B, it calculates MAC as a function C of key and message
given as: MAC=Ck(M) The message and the MAC are transmitted to the intended recipient,
who upon receiving performs the same calculation on the received message, using the same
secret key to generate a new MAC.
The received MAC is compared to the calculated MAC and only if they match, then:
1. The receiver is assured that the message has not been altered: Any alternations been
done the MAC’s do not match.
2. The receiver is assured that the message is from the alleged sender: No one except the
sender has the secret key and could prepare a message with a proper MAC.
3. If the message includes a sequence number, then receiver is assured of proper sequence
as an attacker cannot successfully alter the sequence number.
There are three different situations where use of a MAC is desirable: a message is broadcast
to several destinations in a network (such as a military control center), then it is cheaper and
more reliable to have just one node responsible to evaluate the authenticity –message will
be sent in plain with an attached authenticator.
one side has a heavy load, it cannot afford to decrypt all messages –it will just check the
authenticity of some randomly selected messages.
Authentication of computer programs in plaintext is very attractive service as they need not
be decrypted every time wasting of processor resources.
HMAC:
Interest in developing a MAC, derived from a cryptographic hash code has been
increasing mainly because hash functions are generally faster and are also not limited by
export restrictions unlike block ciphers.
Additional reason also would be that the library code for cryptographic hash functions is
widely available.
The original proposal is for incorporation of a secret key into an existing hash algorithm
and the approach that received most support is HMAC.
HMAC is specified as Internet standard RFC2104.
HMAC Design Objectives
To use, without modifications, available hash functions
To allow for easy replaceability of the embedded hash function
To preserve the original performance of the hash function To use and handle keys in a simple
way
To have a well understood cryptographic analysis of the strength of the MAC based on
reasonable assumptions on the embedded hash function.
The first two objectives are very important for the acceptability of HMAC. HMAC treats the
hash function as a “black box”, which has two benefits.
First is that an existing implementation of the hash function can be used for implementing
HMAC making the bulk of HMAC code readily available without modification.
Second is that if ever an existing hash function is to be replaced, the existing hash function
module is removed and new module is dropped in.
The last design objective provides the main advantage of HMAC over other proposed hash-
based schemes.
HMAC can be proven secure provided that the embedded hash function has some
reasonable cryptographic strengths.