By C.

KRISHNAPRASAD II Year MBA-BT

Boundary subsystem establishes interface between the wouldbe user of a computer system and the computer system itself. Three major purposes To establish the identity and authenticity of would-be users of a computer system To establish the identity and authenticity of the resources that users wish to employ To restrict users who obtain computer resources to a set of authorised actions First boundary controls were not considered important

Continued
Two factors led to a marked increase in the use and strength of boundary controls First is widespread deployment of distributed systems resulting in many users dispersed physically eg: wide area network, local area network, client-server Computing Second, rapid growth of electronic commerce systems In boundary subsystem there are some major types of controls exercised and we are going to discuss about cryptographic controls

Cryptographic controls are designed to protect the privacy of data and to prevent unauthorized modifications of data It has become important to prevent unauthorised access of data Used in several subsystems as there are important controls like passwords, PINs and digital signatures. NATURE OF CRYPTOGRAPHY Cryptology is the science of secret codes and it incorporates the study of cryptography and cryptanalysis Cryptography deals with transformation of data into codes and cryptanalysis deals with recovering of data from cryptograms.

CRYPTOGRAPHIC TECHNIQUES

Cryptographic technique encrypts cleartext data into cryptograms known as cipher text Three types of encipherment techniques 1.Transposition ciphers 2.Substitution ciphers 3.Product ciphers

TRANSPOSITION CIPHERS
Transposition ciphers use some rule to change the order of characters within a string of data Eg: Simple transposition rule is to swap the position of characters in consecutive pairs PEACE IS OUR OBJECTIVE would be coded as EPCA ESIO RUO JBCEITEV

SUBSTITUTION CIPHERS

Substitution ciphers retain the position of characters within a message and hide the identity of the characters by replacing them with other characters according to some rule Eg: Caesar Cipher- In the word IDEOGRAPHY(key) Clear text : ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext: IDEOGRAPHYBCFJKLMNQSTUVWXZ PEACE IS OUR OBJECTIVE will be coded as LGIEG HQ KTN KDYGESHUG Many other complex substitution ciphers were widely used before advent of computers but now it can be easily broken using a computer

PRODUCT CIPHERS

Product ciphers use a combination of transposition and substitution methods Research has shown that they are resistant to cryptanalysis, so product ciphers are now the major methods of encryption used A cipher system has two components 1.An encipherment method or algorithm that constitutes basic cryptographic technique 2.A cryptographic key upon which the algorithm operates in conjunction with clear text to produce ciphertext Shannon(1949) listed five properties of a cipher system

CHOOSING A CIPHER SYSTEM

PROPERTIES High work factor- cipher should be difficult for the cryptanalyst to break Small key- cryptographic key should be small so it can be changed frequently and easily Simplicity- complex cipher systems can be costly Low error propagation- some ciphertext depends on previous ciphertext generated for a message, so corruption to single bit will cause error for decryption Little expansion of message- some cipher systems use noise in the message to protect from breaking of codes Shanon shows that properties cannot be achieved simultaneously The systems use a simple algorithm and a long key are called long-key systems

Continued..

The cipher systems that rely on known algorithm for their strength are called strong-algorithm systems IBM developed a standard algorithm for cryptographic system in 1977 accepted by National Bureau of Standards(NBS) in US known as Data Encryption Standards(DES) DES uses 64 bit key in which algorithm uses 56 bits and 8 bits for parity

PUBLIC KEY CRYPTOSYSTEMS

Diffie and Hellman(1976) proposed asymmetric key cryptography Public key is a common key known in public while private key is secured not to be distributed. By this we can send and receive message without any tampering Most widely used scheme is Rivest, Shamir and Adleman (1978) called as RSA algorithm Major disadvantage is that public key cryptosystems is slow compared to private key cryptosystems
To maintain cryptographic key securely is important so key management involves three functions, key generation, key distribution and key installation

KEY MANAGEMENT

KEY GENERATION

Key generation is based on three questions First, what keys must be generated? For which multiple key must be generated because it is secure compared to single key but the only disadvantage is that it is complex for generation Second, how should these keys must be generated? The most critical keys must be generated via complete random process while less critical keys must be generated via pseudorandom number generator

Third, how long must the keys be?

As computers become faster and more powerful, the keys must be lengthened to protect them against brute force attacks

KEY DISTRIBUTION
The keys must be distributed to different locations as the key generated and key distributed place must not be same. Distribution can be done by two ways The key might be carried physically but it must be broken into fragments and distributed in order to enhance security. It can also be distributed electronically using public key cryptosystems.

KEY INSTALLATION

The key is not generated internally it must be installed from external source The cryptographic devices developed by organisations can be used to generate and install keys in another device which is held in secure memory and can only be transferred physically The key gets installed and handshaking procedure is done if the key is transferred electronically to ensure both has same key

THANK YOU