ASSSIGNMENT -2

SHIVAM SINGH
2021KUCP1001

Define and explain fundamental cryptographic concepts such as encryption,

decryption, key generation, and key management. Provide examples of symmetric
and asymmetric encryption algorithms?

Cryptography:
Cryptography is the study and practice of techniques for secure communication in
the presence of third parties called adversaries. It deals with developing and
analyzing protocols that prevents malicious third parties from retrieving
information being shared between two entities thereby following the various
aspects of information security. Secure Communication refers to the scenario
where the message or data shared between two parties can’t be accessed by an
adversary. In Cryptography, an Adversary is a malicious entity, which aims to
retrieve precious information or data thereby undermining the principles of
information security.

Principles of Cryptography:
Confidentiality refers to certain rules and guidelines usually executed under
confidentiality agreements which ensure that the information is restricted to
certain people or places.
Data integrity refers to maintaining and making sure that the data stays accurate
and consistent over its entire life cycle.
Authentication is the process of making sure that the piece of data being claimed
by the user belongs to it.
Confidentiality, Integrity, Authentication together form a CIA triad which is
considered as the core requirement of every encryption technique.
Although the use of the CIA triad to define security objectives is well established,
some in the security field feel that additional concepts are needed to present a
complete picture. Two most common are
Authenticity: The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message
originator. This means verifying that users are who they say they are and that each
input arriving at the system came from a trusted source.
Accountability: The security goal that generates the requirement for actions of an
entity to be traced uniquely to that entity. This supports nonrepudiation,
deterrence, fault isolation, intrusion detection and prevention, and afteraction
recovery and legal action. Because truly secure systems are not yet an achievable
goal, we must be able to trace a security breach to a responsible party. Systems
must keep records of their activities to permit later forensic analysis to trace
security breaches or to aid in transaction disputes.

Encryption:

Data Encryption is a method of preserving data confidentiality by transforming it

into ciphertext, which can only be decoded using a unique decryption key
produced at the time of the encryption or prior to it.

Data encryption converts data into a different form (code) that can only be
accessed by people who have a secret key (formally known as a decryption key) or
password. Data that has not been encrypted is referred to as plaintext, and data
that has been encrypted is referred to as ciphertext. Encryption is one of the most
widely used and successful data protection technologies in today’s corporate
world.
Encryption is a critical tool for maintaining data integrity, and its importance
cannot be overstated. Almost everything on the internet has been encrypted at
some point.

Types of Data Encryption:

1)Symmetric Encryption
In Symmetric-key encryption the message is encrypted by using a key and the
same key is used to decrypt the message which makes it easy to use but less
secure. It also requires a safe method to transfer the key from one party to
another.

2)Asymmetric Encryption
Asymmetric Key Encryption: Asymmetric Key Encryption is based on public and
private key encryption techniques. It uses two different key to encrypt and
decrypt the message. It is more secure than the symmetric key encryption
technique but is much slower.

Decryption:

Decryption is the transformation of data that has been encrypted and rendered
unreadable back to its unencrypted form. The garbled data is extracted by the
system and converted and transformed into texts and images that are easily
understandable by the reader as well as the system. Simply put, decryption is
essentially the reverse of encryption, which requires coding data to make it
unreadable, but the matching decryption keys can make it readable.
The recipients must have the right decryption or decoding tools to access the
original details. Decryption is performed using the best decryption software,
unique keys, codes, or passwords. The original file can be in the form of text files,
images, e-mail messages, user data, and directories.

The original format is called plaintext while the unreadable format is referred to
as ciphertext. Parties use an encryption scheme called an algorithm and keys for
encryption and decryption of messages in a private conversation. The decryption
algorithm is also known as a cipher.

Key generation and Key management

Cryptographic keys are a vital part of any security system. They do everything
from data encryption and decryption to user authentication. The compromise of
any cryptographic key could lead to the collapse of an organization’s entire
security infrastructure, allowing the attacker to decrypt sensitive data,
authenticate themselves as privileged users, or give themselves access to other
sources of classified information. Luckily, proper management of keys and their
related components can ensure the safety of confidential information. Key
Management is the process of putting certain standards in place to ensure the
security of cryptographic keys in an organization. Key Management deal with the
creation, exchange, storage, deletion, and refreshing of keys. They also deal with
the members access of the keys.

There are two aspects for Key Management:

1.Distribution of public keys.

2.Use of public-key encryption to distribute secrets.

The generation of a key is the first step in ensuring that key is secure. If the key in
question is generated with a weak encryption algorithm, then any attacker could
easily discover the value of the encryption key. Also, if the key is generated in an
insecure location, the key could be compromised as soon as it is created, resulting
in a key that cannot be safely used for encryption. Key generators, AES encryption
algorithms, or random number generators tend to be used for secure key
generation.

The next step of the key lifecycle is ensuring the safe distribution of the keys. Keys
should be distributed to the required user via a secure TLS or SSL connection, to
maintain the security of the keys being distributed. If an insecure connection is
used to distribute the cryptographic keys, then the security of any data encrypted
by these keys is in question, as an attacker could execute a man-in-the-middle
attack and steal the keys.

Once a key’s cryptoperiod, or time period the key is usable, passes, the key must
be rotated. When the key of an encrypted set of data expires, the key is retired
and replaced with a new key. First the data is decrypted by the old key or key pair
and then encrypted by the new key or key pair. Rotation is necessary because the
longer a key is in rotation, the more chance there is for someone to steal or find
out the key. Rotation of keys can happen before the cryptoperiod expires in cases
where the key is suspected to be compromised.

Examples of Symmetric and Asymmetric Encryption

Algorithms

Symmetric key encryption: AES, DES,3DES and RC4

Asymmetric key encryption: Diffie-Hellman, ECC, El Gamal, DSA and RSA