Cryptography And Network Security Principles And...

www.ijecs.in International Journal Of Engineering And Computer Science Volume1 Issue 1 Oct 2012 Page No. 01-10

Cryptography And Network Security Principles And Practices Prashant singh, Pratik kr. Sharma, Tanuj kr. Aggarwal

Dronacharya collge of engineering India

Corresponding author Prashant singh Dronacharya collge of engineering India Email: [email protected]

Abstarct

The field of network and Internet security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. That is a broad statement that covers a host of possibilities. To give you a feel for the areas covered in this paper, consider the following examples of security violations: 1. User A transmits a file to user B. The file contains sensitive information (e.g., payroll records) that is to be protected from disclosure. User C, who is not authorized to read the file, is able to monitor the transmission and capture a copy of the file during its transmission.This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet security, which rely heavily on cryptographic techniques. Cryptographic algorithms and protocols can be grouped into four main areas: Symmetric encryption: Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords. Asymmetric encryption: Used to conceal small blocks of data, such as encryption keys and hash function values, which are used in digital signatures. Data integrity algorithms: Used to protect blocks of data, such as messages, from alteration. Authentication protocols: These are schemes based on the use of cryptographicalgorithms designed to authenticate the identity of entities. Computer and network security can be described as the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/ data, and telecommunications).

Data integrity: Assures that information and programs are changed only in a specified and authorized manner.

Introduction:

This definition introduces three key objectives that are at the heart ofcomputer security: Confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Integrity: This term covers two related concepts:

System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Availability: Assures that systems work promptly and service is not denied to authorized users. We now provide some examples of applications that illustrate the requirements just enumerated. For these examples, we use three levels of impact

http://www.ijecs.in/

Prashant singh International Journal Of Engineering And Computer Science1:1oct2012(01-10)

Page

2

on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality, integrity, or availability) Low: The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals. Moderate: The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss might (i) cause a significant degradation in mission capability to an extent and duration that the organizationis able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries. High: The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss might (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious, life-threatening injuries

A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources.An active attack attempts to alter system resources or affect their operation. Passive Attacks Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. Active Attacks Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.

Security attacks

Key Based Cryptography Currently, most cryptography used in practice is key based, that is a string of bits, that is used to encode the clear text into cipher text and back again to clear text when required. Two types of key based cryptography exist, based on the availability of the key publicly:

Applying Cryptography

1. In Private key Cryptography, both the sender and the recipient share a key that must be kept private. In order to communicate with each other, the key must be passed between the two, this process is known as the key distribution and is quite complicated and difficult to do properly. The most famous example of this type of cryptography is the Data Encryption Standard (DES), other examples include Triple DES, RC2, RC4 IDEA and Skipjack. This is also known as symmetric cryptography.

2. While in Public Key Cryptography, each party has two sets of keys, one key is published to the public, called the Public


Page

3

key, while the other is kept secret and only known by the owner, the Private key. Anyone wishing to communicate with a certain party securely, will encrypt the communicated data with the recipient's public key which is available and on the other side only the party that holds the matching private key can decrypt the cipher text. Example Public key algorithms: Diffie-Hellman, RSA and Merkle-Hellman.

The public key system eliminates the key distribution process that hampers all private key systems since there no need to communicate secret keys among communicating parties. However, a problem that arises with public key system is lack of assurance of the true identity of the party on the other side, for example, if (A) wants to communicate with (B), it will use (B's) public key, but how can (A) know that that the party that sent its public key as being (B) is really (B). This problem requires a trusted third party that authenticates both (A) and (B) to each other. This trusted third party is known as a Certificate Authority (CA). A CA issues certificates and guarantees their authenticity. Digital Signatures The emergence of public key systems has introduced the concept of digital signature. A sample digital signature scenario goes as follows:

1. (A) encrypts the data to be signed with his/her private key.

2. (A) then encrypts the result from (1) with (B)'s public key and sends it to (B).

3. (B) decrypts the incoming data with his/her private key and then decrypts the result with (A)'s public key.

4. If the initial data is obtained then this will authenticate the data and the sender.

This is a simple example and not used in practice since it can be defeated by cutting and pasting from a captured authentic message.

Message Digest Both public and private key cryptography provide message integrity checks through checksums, but its not a reliable method since encryption of messages is done usually in small blocks of text, its possible to delete or duplicate a section of the message without causing any problems with the checksum. On the other hand, message digests, provide a reliable method to check message integrity. A message digest function, also know as "one-way functions" takes a plain text message and generates from it a short fixed length string that seems random. This string is known as a hash and the original text cannot be obtained from the hash, hence the name one-way function. These attributes of a message digest permit it to act as a digital fingerprint of the original message. The message's hash will change drastically with slightest change to the original message. By combining message digests and encryption, a tamper proof digital signature method can be used to send messages across the network. The Digital Signature Standard (DSS) is such a method and it works as follows:

1. The sender runs the message to be sent through the message digest function and obtains its hash.

2. The sender then encrypts the hash using his/her private key and sends it along with the original message to the intended recipient.

3. When the recipient gets the message, he/she decrypts the hash using the sender's public key, and compares the result with the hash obtained from running the message through the message digest function again.

4. If both hashes are identical, then sender's identity and message integrity are both verified.

What network security and cryptography will provide:


Page

4

Authentication The authentication service is concerned with assuring that a communication is authentic. In the case of a single message, such as a warning or alarm signal, the function of the authentication service is to assure the recipient that the message is from the source that it claims to be from. In the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are involved. First, at the time of connection initiation, the service assures that the two entities are authentic, that is, that each is the entity that it claims to be. Second, the service must assure that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or reception. Two specific authentication services are defined in X.800: Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an association. Two entities are considered peers if they implement to same protocol in different systems; e.g., two TCP modules in two communicating systems. Peer entity authentication is provided for use at the establishment of, or at times during the data transfer phase of, a connection. It attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection. Data origin authentication: Provides for the corroboration of the source,of a data unit. It does not provide protection against the duplication or modification of data units. This type of service supports applications like electronic mail, where there are no prior interactions between the communicating entities. Access Control In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain

access must first be identified, or authenticated, so that access rights can be tailored to the individual. Data Confidentiality Confidentiality is the protection of transmitted data from passive attacks.With respect to the content of a data transmission, several levels of protection can be identified.The broadest service protects all user data transmitted between two users over a period of time. For example, when a TCP connection is set up between two systems, this broad protection prevents the release of any user data transmitted over the TCP connection. Narrower forms of this service can also be defined, including the protection of a single message or even specific fields within a message. These refinements are less useful than the broad approach and may even be more complex and expensive to implement. The other aspect of confidentiality is the protection of traffic flow from analysis. This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility. Data Integrity As with confidentiality, integrity can apply to a stream of messages, a single message, or selected fields within a message. Again, the most useful and straightforward approach is total stream protection. A connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays. The destruction of data is also covered under this service. Thus, the connection-oriented integrity service addresses both message stream modification and denial of service. On the other hand, a connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only. We can make a distinction between service with and without recovery. Because the integrity service relates to active attacks, we are concerned with detection rather than prevention. If a violation of integrity is


Page

5

detected, then the service may simply report this violation, and some other portion of software or human intervention is required to recover from the violation. Alternatively, there are mechanisms available to recover from the loss of integrity of data, as we will review subsequently. The incorporation of automated recovery mechanisms is, in general, the more attractive alternative. Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly,when a message is received, the sender can prove that the alleged receiver in fact received the message. Availability Service Both X.800 and RFC 2828 define availability to be the property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them). A variety of attacks can result in the loss of or reduction inavailability. Some of these attacks are amenable to automated countermeasures, such as authentication and encryption, whereas others require some sort of physical action to prevent or recover from loss of availability of elements of a distributed system. X.800 treats availability as a property to be associated with various security services. However, it makes sense to call out specifically an availability service.An availability service is one that protects a system to ensure its availability.This service addresses the security concerns raised by denial-of-service attacks. It depends on proper management and control of system resources and thus depends on access control service and other security services.

May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services.

Specific Security Mechanisms

Encipherment The use of mathematical algorithms to transform data into a form that is not readily intelligible.The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Digital Signature Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient). Access Control A variety of mechanisms that enforce access rights to resources. Data Integrity A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Authentication Exchange A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Routing Control Enables selection of particular physically secure routes for certain data and allows routing changes, Mechanisms that are not specific to any particular OSI security service or protocol layer. Trusted Functionality That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection Detection of security-relevant events. Security Audit Trail


Page

6

Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.especially when a breach of security is suspected. Notarization The use of a trusted third party to assure certain properties of a data exchange.

plaintext, while the coded message is called the ciphertext.The process of converting from plaintext to ciphertext is known as enciphering or encryption; restoring the plaintext from the ciphertext is deciphering or decryption. The many schemes used for encryption constitute the area of study known as cryptography. Such a scheme is known as a cryptographic system or a cipher. Techniques used for deciphering a

opponent should be unable to decrypt ciphertext or discover the key even if he or she is in possession of a number of ciphertexts together with the plaintext that produced each ciphertext.

The encryption techniques: Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the same key. It is also known as conventional encryption. Symmetric encryption, also referred to as conventional encryption or single-key encryption, was the only type of encryption in use prior to the development of publickey encryption in the 1970s. It remains by far the most widely used of the two types of encryption. Part One examines a number of symmetric ciphers. In this chapter, we begin with a look at a general model for the symmetric encryption process; this will enable us to understand the context within which the algorithms are used. Next, we examine a variety of algorithms in use before the computer era. Finally, we look briefly at a different approach known as steganography. Chapters 3 and 5 examine the two most widely used symmetric cipher: DES and AES. Before beginning, we define some terms. An original message is known as the

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure. If someone can discover the key and knows the algorithm, all communication using this key is readable. We assume that it is impractical to decrypt a message on the basis of the ciphertext plus knowledge of the encryption/decryption algorithm. In other words, we do not need to keep the algorithm secret; we need to keep only the key secret. This feature of symmetric encryption is what makes it feasible for widespread use. The fact that the algorithm need not be kept secret means that manufacturers can and have developed low-cost chip implementations of data encryption algorithms. These chips are widely available and incorporated into a number of products.With the use of symmetric encryption, the principal security problem is maintaining the secrecy of the key. Let us take a closer look at the essential elements of a symmetric encryption scheme,. A source produces a message in plaintext, . The elements of are letters in some finite alphabet. Traditionally, the alphabet usually consisted of the 26 capital letters. Nowadays, the binary alphabet {0, 1} is typically used. For encryption, a key of the form is generated. If the key is generated at the message source, then it must also be provided to the destination by means of some secure channel. Alternatively, a third party could generate the key and securely deliver it to both source and destination.

: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. If either type of attack succeeds in deducing the key,

Brute foce attack


Page

7

the effect is catastrophic: All future and past messages encrypted with that key are compromised. We first consider cryptanalysis and then discuss brute-force attacks. Table 2.1 summarizes the various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst.The most difficult problem is presented when all that is available is the ciphertext only. In some cases, not even the encryption algorithm is known, but in general, we can assume that the opponent does know the algorithm used for encryption. One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical.Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. To use this approach, the opponent must have some general idea of the type of plaintext that is concealed, such as English French text, an EXE file, a Java source listing, an accounting file, and so on. A brute-force attack involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. shows how much time is involved for various key spaces. Results are shown for four binary key sizes. The 56-bit key size is used with the Data Encryption Standard (DES) algorithm, and the 168-bit key size is used for triple DES. The minimum key size specified for Advanced Encryption Standard (AES) is 128 bits. Results are also shown for what are called substitution codes that use a 26-character key (discussed later), in which all possible permutations of the 26 characters serve as keys. For each key size, the results are shown assuming that it takes 1 s to perform a single decryption, which is a reasonable rder of magnitude for todays machines.With the use of massively parallel organizations of microprocessors, it may be possible to achieve processing rates many orders of magnitude greater. The final column of Table 2.2 considers

the results for a system that can process 1 million keys per microsecond. As you can see, at this performance level, DES can no longer be considered computationally secure. Cryptography Cryptographic systems are characterized along three independent dimensions: 1. The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged. The fundamental requirement is that no information be lost (that is, that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions. 2. The number of keys used. If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption. 3. The way in which the plaintext is processed. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.

(DES) adopted in 1977 by the National Bureau of Standards, now the National Institute of Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm (DEA).7 For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output.The same steps, with the same key, are used to reverse the encryption. The

THE DATA ENCRYPTION STANDARD


Page

8

DES enjoys widespread use. It has also been the subject of much controversy concerning how secure the DES is.To appreciate the nature of the controversy, let us quickly review the history of the DES. Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES. These concerns, by and large, fall into two areas: key size and the nature of the algorithm. The Use of 56-Bit Keys With a key length of 56 bits, there are possible keys, which is approximately keys. Thus, on the face of it, a brute-force attack appears impractical. Assuming that, on average, half the key space has to be searched, a single machine performing one DES encryption per microsecond would take more than a thousand years (see Table 2.2) to break the cipher. However, the assumption of one encryption per microsecond is overly conservative. As far back as 1977, Diffie and Hellman postulated that the technology existed to build a parallel machine with 1 million encryption devices, each of which could perform one encryption per microsecond [DIFF77]. This would bring the average search time down to about 10 hours. The authors estimated that the cost would be about $20 million in 1977 dollars. DES finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose DES cracker machine that was built for less than $250,000. The attack took less than three days.The EFF has published a detailed description of the machine, enabling others to build their own cracker [EFF98].And, of course, hardware prices will continue to drop as speeds increase, making DES virtually worthless. It is important to note that there is more to a key-search attack than simply running through all possible keys. Unless known plaintext is provided, the analyst must be able to recognize plaintext as plaintext. If the message is just plain text in English, then the result pops out easily, although the task of recognizing English would have to be

automated. If the text message has been compressed before encryption, then recognition is more difficult. And if the message is some more general type of data, such as a numerical file, and this has been compressed, the problem becomes even more difficult to automate. Thus, to supplement the brute-force approach, some degree of knowledge about the expected plaintext is needed, and some means of automatically distinguishing plaintext from garble is also needed. The EFF approach addresses this issue as well and introduces some automated techniques that would be effective in many contexts. Fortunately, there are a number of alternatives to DES, the most important of which are AES and triple DES, discussed in Chapters 5 and 6, respectively. The Nature of the DES Algorithm Another concern is the possibility that cryptanalysis is possible by exploiting the characteristics of the DES algorithm. The focus of concern has been on the eight substitution tables, or S-boxes, that are used in each iteration. Because the design criteria for these boxes, and indeed for the entire algorithm, were not made public, BLOCK CIPHER DESIGN PRINCIPLES Although much progress has been made in designing block ciphers that are cryptographically strong, the basic principles have not changed all that much since the work of Feistel and the DES design team in the early 1970s. It is useful to begin this discussion by looking at the published design criteria used in the DES effort. Then we look at three critical aspects of block cipher design: the number of rounds, design of the function F, and key scheduling.

We say that a nonzero divides if for some , where , ,and are integers.That is, divides if there is no

DIVISIBILITY AND THE DIVISION ALGORITHM Divisibility


Page

9

remainder on division.The notation is commonly used to mean b divides a.Also, if b a, we say that b is a divisor of a. b a b a b a a = mb m a b m n GF(2n) GF(p) p The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24. 13 182; -5 30; 17 289; -3 33; 17 0 Subsequently, we will need some simple properties of divisibility for integers, which are as follows: If , then . If and , then . Any 0 divides 0. If a b and b c, then a c: b Z a b b a/b/ a =a ;b a 1 a = ;1 11 66 and 66 198 = 11 198 If and , then for arbitrary integers and . To see this last point, note that If , then is of the form for some integer The Division Algorithm Given any positive integer and any nonnegative integer , if we divide by , we get an integer quotient and an integer remainder that obey the following relationship: (4.1) where is the largest integer less than or equal to . Equation (4.1) is referred to as the division algorithm. Figure 4.1a demonstrates that, given and positive , it is always possible to find and that satisfy the preceding relationship. Represent the integers on the number line; will fall somewhere on that line (positive is shown, a similar demonstration can be made for negative ). Starting at 0, proceed to , 2 , up to , such that . The distance from to is , and we have found the unique values of and .The remainder is often referred to as a

residue.

The Advanced Encryption Standard (AES) was published by the National Institute of Standards and Technology (NIST) in 2001. AES is a symmetric block cipher that is intended to replace DES as the approved standard for a wide range of applications. Compared to public-key ciphers such as RSA, the structure of AES and mostsymmetric ciphers is quite complex and cannot be explained as easily as many other cryptographic algorithms. Accordingly, the reader may wish to begin with a simplified version of AES, which is described in Appendix 5B. This version allows the reader to perform encryption and decryption by hand and gain a good understanding of the working of the algorithm details. Classroom experience indicates that a study of this simplified version enhances understanding of AES.1 One possible approach is to read the chapter first, then carefully read Appendix 5B, and then re-read the main body of the chapter.it looks at the evaluation criteria used by NIST to select from among the candidates for AES, plus the rationale for picking Rijndael, which was the winning candidate. This material is useful in understanding not just the AES design but thecriteria by which to judge any symmetric encryption algorithm. AES STRUCTURE General Structure The cipher takes a plaintext block size of 128 bits, or 16 bytes.The key length can be 16, 24, or 32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, or AES-256, depending on the key length. The input to the encryption and decryption algorithms is a single 128-bit block. In FIPS PUB 197, this block is depicted as a square matrix of bytes.This block is copied into the State array, which is modified at each stage of encryption or decryption. After the final stage, State is copied to an output matrix. These operations are

ADVANCED ENCRYPTION STANDARD


Page

10

depicted in Figure 5.2a. Similarly, the key is depicted as a square matrix of bytes.This key is then expanded into an array of key schedule words. Figure 5.2b shows the expansion for the 128-bit key. Each word is four bytes, and the total key schedule is 44 words for the 128-bit key. Note that the ordering of bytes within a matrix is by column. So, for example, the first four bytes of a 128-bit plaintext input to the encryption cipher occupy the first column of the in matrix, the second four bytes occupy the second column, and so on. Similarly, the first four bytes of the expanded key, which form a word, occupy the first column of the w matrix. The cipher consists of rounds, where the number of rounds depends on the key length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a 32-byte key (Table 5.1). The first rounds consist of four distinct transformation functions: SubBytes, ShiftRows, MixColumns, and AddRoundKey, which are described subsequently. The final round contains only three transformations, and there is a initial single transformation (AddRoundKey) before the first round. CRYPTOGRAPHIC HASH FUNCTIONS The following describes a simple hash function: Choose , primes and compute Choose relatively prime to and less than .Then a number is hashed as follows: If there is an that hashes to the same value as , then So which implies that breaking this amounts to finding a multiple of , which is the hard problem in RSA. a. Write a function that takes a bitlength and generates a modulus of bitlength and less than and relatively prime to it. b. Show the output of your function from part (a) for a few outputs. Using as arguments write a function to perform the hashing.

Security often require that data be kept safe from unauthorized access. And the best line of defense is physical security (placing the machine to be protected behind physical walls). However, physical security is not always an option (due to cost and/or efficiency considerations). Instead, most computers are interconnected with each other openly, thereby exposing them and the communication channels that they use. This problem can be broken down into five requirements that must be addressed:

Conclusion

1. Confidentiality: assuring that private data remains private.

2. Authentication: assuring the identity of all parties attempting access.

3. Authorization: assuring that a certain party attempting to perform a function has the permissions to do so.

4. Data Integrity: assuring that an object is not altered illegally.

5. Non-Repudiation: assuring against a party denying a data or a communication that was initiated by them.With regards to confidentiality, cryptography is used to encrypt data residing on storage devices or traveling through communication channels to ensure that any illegal access is not successful. Also, cryptography is used to secure the process of authenticating different parties attempting any function on the system. Since a party wishing be granted a certain functionality on the system must present something that proves that they indeed who they say they are. That something is sometimes known ascredentials and additional measures must be taken to ensure that these credentials are only used by their rightful owner. The most classic and obvious credential are passwords. Passwords are encrypted to protect against illegal usage.


Page

11

Authorization is a layer built on top of authentication in the sense that the party is authenticated by presenting the credentials required (passwords, smart cards, ... etc.). After the credentials are accepted the authorization process is started to ensure that the requesting party has the permissions to perform the functions needed. Data integrity and Non-Repudiation are achieved by means of digital signature, a method that includes performing cryptography among other things.

REFRENCES:

1.cryptography principles-william stallings 2. en.wikipedia.org/wiki/Cryptography 3.e book on network security fundamentals 4.www.schneier.com/blog/archives/2011/04/security_risks_7.html 5. www.lifehacker.com

Cryptography And Network Security Principles And...

Documents

Transcript of Cryptography And Network Security Principles And...