NS - 05 Cryptography Basic - 2

NETWORK
SECURITY
05 CRYPTOGRAPHY BASIC
Contents
5.1 5.2 5. 5.$ Definition Cryptography and Security Cryptographic !"gorith#s Cryptography on %i"es
5.1 Defining Cryptography

& Cryptography is the science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it. & !nd changing the original text to a secret message using cryptography is known as encryption.
05 CRYPTOGRAPHY BASIC 3

& C"ear'te(t data that is to )e encrypted is ca""ed plaintext. & *"ainte(t data is input into an encryption algorithm+ ,hich consists of procedures )ased on a #athe#atica" for#u"a used to encrypt the data. & ! key is a #athe#atica" -a"ue entered into the a"gorith# to produce ciphertext+ or te(t that is .scra#)"ed./

& Once the cipherte(t is trans#itted or needs to )e returned to c"ear'te(t+ the re-erse process occurs ,ith a decryption a"gorith#.
5.2 Cryptography 0 Security

& Cryptography can pro-ide )asic security protection for infor#ation. & There are fi-e )asic protections that cryptography can pro-ide1
2 Cryptography can protect the confidentiality of infor#ation )y ensuring that on"y authori3ed parties can -ie, it. 2 Cryptography can protect the integrity of the infor#ation.

2 Cryptography can he"p ensure the availability of the data so that authori3ed users 4,ith the 5ey6 can access it. 2 Cryptography can -erify the authenticity of the sender.
& 7ut+ Not a"" types of cryptography pro-ide a"" fi-e protections.
5. Cryptographic !"gorith#s
& There are three categories of cryptographic a"gorith#s. & These are 5no,n as 1
2 hashing a"gorith#s+ 2 sy##etric encryption a"gorith#s+ and 2 asy##etric encryption a"gorith#s.
10
5.3.1 Ha hing !lgorithm
2 The #ost )asic type of cryptographic a"gorith# is a hashing a"gorith#. 2 The co##on hashing a"gorith#s are1
& 8essage Digest+ & Secure 9ash !"gorith#
11
2 Ha hing" a"so ca""ed a one#$ay ha h+ is a process for creating a unique signature for a set of data. 2 This signature+ ca""ed a ha h or dige t+ that represents the contents. 2 9ashing is used to deter#ine the integrity of a #essage or contents of a fi"e. 2 ! hash that is created fro# a set of data cannot )e re-ersed.
2 ! practica" e(a#p"e of a hash a"gorith# is used ,ith auto#atic te""er #achine 4!T86 cards.
& ! )an5 custo#er has a persona" identification nu#)er 4*:N6. & This nu#)er is hashed and the resu"ting cipherte(t is stored on a #agnetic strip on the )ac5 of the !T8 card.
13
14
2 ! hashing a"gorith# is considered secure if it has these characteristics1
& The cipherte(t hash is a %ixed i&e. ! hash of a short set of data ,i"" produce the sa#e si3e as a hash of a "ong set of data. & T,o different sets of data cannot produce the sa#e hash+ ,hich is 5no,n as a colli ion. & :t shou"d )e i#possi)"e to produce a data set that has a desired or predefined hash. & The resu"ting hash cipherte(t cannot )e re-ersed in order to deter#ine the origina" p"ainte(t.
2 9ash can )e used to defeat #an in the #idd"e attac5.
& 7oth the #essage and the hash are trans#itted. & ;pon recei-ing the #essage+ the sa#e hash is generated again on the #essage. & :f the origina" 4trans#itted6 hash e<ua"s the ne, hash+ then the #essage has not )een a"tered.
2 9ash -a"ues are often posted on :nternet sites in order to -erify the fi"e integrity of fi"es that can )e do,n"oaded.
17
'e age (ige t
2 One co##on hash a"gorith# is the 'e age (ige t )'(* a"gorith#+ ,hich has three -ersions. 2 'e age (ige t + )'(+* ta5es p"ainte(t of any "ength and creates a hash 12= )its "ong. 2 8D2 )egins )y di-iding the #essage into 12=')it sections. :f the #essage is "ess than 12= )its+ data 5no,n as padding is added.
2 !fter padding+ a 1>')yte chec5su# is appended to the #essage. Then the entire string is processed to create a 12=')it hash. 2 8D2 is considered too s"o, today and is rare"y used.
19
2 'e age (ige t , )'(,* ,as de-e"oped in 1??@ for co#puters that processed 2 )its at a ti#e. 2 Ai5e 8D2+ 8D$ ta5es p"ainte(t and creates a hash of 12= )its. 2 The p"ainte(t #essage itse"f is padded to a "ength of 512 )its. 2 %"a,s in the 8D$ hash a"gorith# ha-e pre-ented this 8D fro# )eing ,ide"y accepted.
2 The 'e age (ige t 5 )'(5*+ a re-ision of 8D$+ ,as created in 1??1 )y Ron Ri-est and designed to address 8D$Bs ,ea5nesses. 2 Ai5e 8D$+ the "ength of a #essage is padded to 512 )its. 2 The hash a"gorith# then uses four -aria)"es of 2 )its each in a round'ro)in fashion to create a -a"ue that is co#pressed to generate the hash. 2 7ut+ it is sti"" "eading to co""ision.
Sec-re Ha h !lgorithm SH!
2 ! #ore secure hash than 8D is the Sec-re Ha h !lgorithm )SH!*. 2 The first is SH!#1. S9!'1 is patterned after 8D$+ )ut creates a hash that is 1>@ )its and pads the #essages of "ess then 512 )its ,ith 3eros and an integer that descri)es the origina" "ength of the #essage.
22
2 The other hashes are 5no,n as SH!#+. 2 S9!'2 actua""y is co#prised of four -ariations+ 5no,n as S9!'22$+ S9!'25>+ S9!' =$+ and S9!'512. 2 The nu#)er fo""o,ing SH indicates the "ength in )its of the digest. 2 To date there ha-e )een no ,ea5nesses identified ,ith it. 8ost security e(perts reco##end that S9!'2 )e su)stituted in p"ace of 8D5.
.hirlpool
2 Na#ed after the first ga"a(y recogni3ed to ha-e a spira" structure+ it creates a hash of 512 )its. 2 !ccording to its creators+ Whir"poo" ,i"" not )e patented and can )e free"y used for any purpose. 2 :t ta5es a #essage of any "ength "ess than 225> )its and returns a 512')it #essage digest.
5.3.+ Symmetric Cryptographic
2 The origina" cryptographic a"gorith#s for encrypting and decrypting docu#ents are sy##etric cryptographic a"gorith#s. 2 These inc"ude the Data Encryption Standard DES+ Trip"e Data Encryption Standard DES+ !d-anced Encryption Standard !ES+ and se-era" other a"gorith#s.
2 Symmetric cryptographic algorithm use the sa#e sing"e 5ey to encrypt and decrypt a #essage. 2 :t is therefore essentia" that the 5ey )e 5ept confidentia"+ )ecause if an attac5er secured the 5ey he cou"d decrypt a"" encrypted #essages. 2 %or this reason+ sy##etric encryption is a"so ca""ed pri/ate key cryptography.
26
27
2 Sy##etric a"gorith#s can )e c"assified into t,o categories )ased on the a#ount of data that is processed at a ti#e.
Stream Cipher
2 The first category is 5no,n as a tream cipher. ! strea# cipher ta5es one character and rep"aces it ,ith one character.
28
2 The si#p"est type of strea# cipher is a -0 tit-tion cipher. Su)stitution ciphers si#p"y su)stitute one "etter or character for another.
29
2 ! #ore co#p"icated strea# cipher is a tran po ition cipher+ ,hich rearranges "etters ,ithout changing the#. 2 ! Sing"e Co"u#n Transposition Cipher )egins )y deter#ining a 5ey 4Step 16 and assigning a nu#)er to each "etter of the 5ey 4Step 26. 2 The p"ainte(t is ,ritten in ro,s )eneath the 5ey and its nu#)ers 4Step 6. 2 :n Step $+ each co"u#n is e(tracted )ased upon the nu#eric -a"ue.
31
2 With #ost sy##etric ciphers+ the fina" step is to co#)ine the cipher strea# ,ith the p"ainte(t to create the cipherte(t. 2 The process is acco#p"ished through the e(c"usi-e OR 4COR6 )inary "ogic operation )ecause a"" encryption occurs in )inary.
32
33
2 :nstead of co#)ining the cipher strea# ,ith the p"ainte(t+ a -ariation is to create a tru"y rando# 5ey 4ca""ed a pad6 to )e co#)ined ,ith the p"ainte(t. 2 This is 5no,n as a one#time pad )1T2*. 2 :f the pad is a rando# string of nu#)ers that is 5ept secret and not reused then an OT* can )e considered secure.
34
3lock Cipher
2 The second category of sy##etric a"gorith#s is 5no,n as a 0lock cipher. 2 a )"oc5 cipher #anipu"ates an entire )"oc5 of p"ainte(t at one ti#e. 2 The p"ainte(t #essage is di-ided into separate )"oc5s of = to 1> )ytes+ and then each )"oc5 is encrypted independent"y. 2 %or additiona" security+ the )"oc5s can )e rando#i3ed.
2 Data Encryption Standard DES
& One of the first ,ide"y popu"ar sy##etric cryptography a"gorith#s is the (ata Encryption Standard )(ES*. & DES is a )"oc5 cipher and encrypts data in >$')it )"oc5s. 9o,e-er+ the =')it parity )it is ignored so the effecti-e 5ey "ength is on"y 5> )its. & DES encrypts >$')it p"ainte(t )y e(ecuting the a"gorith# 1> ti#es+ ,ith each ti#e or iteration ca""ed a round.
36
37
& DES is said to ha-e catapu"ted the study of cryptography into the pu)"ic arena. & ;nti" the dep"oy#ent of DES+ cryptography ,as studied a"#ost e(c"usi-e"y )y #i"itary personne". & DES he"ped #o-e cryptography i#p"e#entation and research to acade#ic and co##ercia" organi3ations. & !"though DES ,as ,ide"y i#p"e#ented+ its 5>')it 5ey is no "onger considered secure and has )een )ro5en se-era" ti#es.
38
2 Triple (ata Encryption Standard )3(ES*
& Trip"e Data Encryption Standard 4 DES6 ,as designed to rep"ace DES. & !s its na#e i#p"ies+ DES uses three rounds of encryption instead of Dust one. The cipherte(t of one round )eco#es the entire input for the second iteration. & DES e#p"oys a tota" of $= iterations in its encryption 4three iterations ti#es 1> rounds6.
39
40
& :n so#e -ersions of DES+ on"y t,o 5eys are used+ )ut the first 5ey is repeated for the third round of encryption. & The -ersion of DES that uses three 5eys is esti#ated to )e 2 to the po,er of 5> ti#es stronger than DES. & !"though DES addresses se-era" of the 5ey ,ea5nesses of DES+ it is no "onger considered the #ost secure sy##etric cryptographic a"gorith#.
41
2 !d/anced Encryption Standard )!ES*
& Ne, a"gorith# that ,as fast enough and function on o"der co#puters ,ith =')it processors as ,e"" as on current 2')it and future >$')it processors. & !ES perfor#s three steps on e-ery )"oc5 412= )its6 of p"ainte(t. & Within Step 2+ #u"tip"e rounds are perfor#ed depending upon the 5ey si3e1 a 12=')it 5ey perfor#s nine rounds+ a 1?2')it 5ey perfor#s 11 rounds+ and a 25>')it 5ey+ 5no,n as !ES'25>+ uses 1 rounds.
& Within each round+ )ytes are su)stituted and rearranged+ and then specia" #u"tip"ication is perfor#ed )ased on the ne, arrange#ent.
43
2 Other !"gorith#s
& Se-era" other sy##etric cryptographic a"gorith#s are a"so used. Ri/e t Cipher )RC* is a fa#i"y of cipher a"gorith#s designed )y Ron Ri-est. & RC+ is a )"oc5 cipher that processes )"oc5s of >$ )its. & RC, is a strea# cipher that accepts 5eys up to 12= )its in "ength. :t is used as part of the Wired E<ui-a"ent *ri-acy 4WE*6 encryption standard.
44
5.3.3 ! ymmetric Cryptographic
2 The ne,est type of cryptographic a"gorith# for encrypting and decrypting docu#ents is asy##etric cryptographic a"gorith#s. 2 These inc"ude RS!+ Diffie'9e""#an+ and e""iptic cur-e cryptography.
45
2 The pri#ary ,ea5ness of sy##etric encryption a"gorith#s is 5eeping the sing"e 5ey secure. 2 8aintaining a sing"e 5ey a#ong #u"tip"e users+ often scattered geographica""y+ poses a nu#)er of significant cha""enges. 2 Key can NOT )e sent -ia :nternet+ nor can )e encrypted as the recei-er need a ,ay to decrypted.
46
2 ! co#p"ete"y different approach to sy##etric cryptography is a ymmetric cryptographic algorithm + a"so 5no,n as p-0lic key cryptography. 2 !sy##etric encryption uses t,o 5eys instead of one. These 5eys are #athe#atica""y re"ated and are 5no,n as the pu)"ic 5ey and the pri-ate 5ey.
47
2 The p-0lic key is 5no,n to e-eryone and can )e free"y distri)uted+ ,hi"e the pri/ate key is 5no,n on"y to the recipient of the #essage. 2 !sy##etric encryption ,as de-e"oped )y Whitfie"d Diffie and 8artin 9e""#an of the 8assachusetts :nstitute of Techno"ogy 48:T6 in 1?E5.
48
49
2 *u)"ic and pri-ate 5eys can often resu"t in confusion regarding ,hose 5ey to use and ,hich 5ey shou"d )e used. 2 Ne(t ta)"e+ "ists the practices to )e fo""o,ed ,hen using asy##etric cryptography.
50
51
52
RS!
2 RS! stands for the "ast na#es of its three de-e"opers+ Ron Ri-est+ !di Sha#ir+ and Aeonard !d"e#an. 2 The RS! a"gorith# #u"tip"ies t,o "arge pri#e nu#)ers p and q+ to co#pute their product 4n=pq6. 2 Ne(t+ a nu#)er e is chosen that is "ess than n and a pri#e factor to !p"#$!q"#$.
2 !nother nu#)er d is deter#ined+ so that !ed" #$ is di-isi)"e )y !p"#$!q"#$. 2 The -a"ues of e and d are the pu)"ic and pri-ate e(ponents. 2 The pu)"ic 5ey is the pair 4n%e6 ,hi"e the pri-ate 5ey is 4n%d6. 2 The nu#)ers p and q can )e discarded. 2 RS! is s"o,er than other a"gorith#s.
(i%%ie#Hellman
2 ;n"i5e RS!+ the Diffie'9e""#an a"gorith# does not encrypt and decrypt te(t. 2 Rather+ the strength of Diffie'9e""#an is that it a""o,s t,o users to share a secret 5ey secure"y o-er a pu)"ic net,or5. 2 Once the 5ey has )een shared+ then )oth parties can use it to encrypt and decrypt #essages using sy##etric cryptography.
Elliptic C-r/e
2 E""iptic Cur-e Cryptography ,as first proposed in the #id'1?=@s. 2 :nstead of using pri#e nu#)ers as ,ith RS!+ e""iptic cur-e cryptography uses e""iptic cur-es. 2 7y adding the -a"ues of t,o points on the cur-e+ you can arri-e at a third point on the cur-e.
2 E""iptic cur-e cryptography has not )een fu""y scrutini3ed as other types of asy##etric a"gorith#s )ecause the concept is sti"" ne,. 2 The studies that ha-e )een perfor#ed so far ha-e indicated that e""iptic cur-e cryptography #ay )e a pro#ising techno"ogy.
57
5.$ Cryptography on %i"es

& Cryptography can )e app"ied to indi-idua" fi"es or a group of fi"es. & *rotecting indi-idua" fi"es or #u"tip"e fi"es through fi"e syste# cryptography can )e perfor#ed using1
2 *retty Food *ri-acy 4*F*6+ and 2 8icrosoft Windo,s Encrypting %i"e Syste#.
58

& 8ost ,ide"y used asy##etric cryptography syste# for fi"es and e'#ai" #essages is a co##ercia" product ca""ed 2retty 4ood 2ri/acy )242*. & ! si#i"ar progra# 5no,n as 45U 2ri/acy 4-ard )424* is an open'source product. & 8essages encrypted 0y 242 can genera""y )e decrypted 0y 424 and -ice -ersa.

& *F* and F*F use )oth asy##etric and sy##etric cryptography. & *F*GF*F generates a rando# sy##etric 5ey and uses it to encrypt the #essage. & The sy##etric 5ey is then encrypted using the recei-erBs pu)"ic 5ey and sent a"ong ,ith the #essage.
60

& *F* can use either RS! or the Diffie' 9e""#an a"gorith# for asy##etric encryption and :DE! for sy##etric encryption. & F*F is una)"e to use :DE! )ecause :DE! is patented. & :nstead+ F*F uses one of se-era" open' source a"gorith#s.

& 8icrosoftBs Encrypting 6ile Sy tem )E6S* is a cryptography syste# for Windo,s operating syste#s that use the Windo,s NT%S fi"e syste#. & !ny fi"e created in an encrypted fo"der or added to an encrypted fo"der is auto#atica""y encrypted.
62

& E%S fi"es are encrypted ,ith a sing"e sy##etric 5ey+ and then the sy##etric 5ey is encrypted t,ice1 once ,ith the userBs E%S pu)"ic 5ey 4to a""o, transparent decryption6+ and once ,ith the reco-ery agentBs 5ey to a""o, data reco-ery.
63

& When using E%S+ the fo""o,ing shou"d )e considered1
2 %irst encrypt the fo"der and then #o-e the fi"es to )e protected into that fo"der. 2 Do not encrypt the entire dri-e that contains the syste# fo"derH this cou"d significant"y decrease perfor#ance and e-en cause the syste# to not )oot. 2 ! fo"der can )e either co#pressed or encrypted )ut not )oth.

NS - 05 Cryptography Basic - 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NS - 05 Cryptography Basic - 2

Uploaded by

Copyright:

Available Formats

NETWORK

5.1 Defining Cryptography

5.1 Defining Cryptography

5.1 Defining Cryptography

5.1 Defining Cryptography

5.2 Cryptography 0 Security

5.2 Cryptography 0 Security

5.2 Cryptography 0 Security

5.$ Cryptography on %i"es

5.$ Cryptography on %i"es

5.$ Cryptography on %i"es

5.$ Cryptography on %i"es

5.$ Cryptography on %i"es

5.$ Cryptography on %i"es

5.$ Cryptography on %i"es

You might also like