Cryptography Report
description
Transcript of Cryptography Report
![Page 1: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/1.jpg)
Applications of Cryptography
EE6163: Telecommunications for Electronic Business
John Griffin
110327871
17th of December 2013
0 | P a g e
![Page 2: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/2.jpg)
Table of ContentsAbstract.................................................................................................................................................1
Introduction...........................................................................................................................................1
What is cryptography?.......................................................................................................................1
Definition.......................................................................................................................................1
History...........................................................................................................................................1
Cryptographic Goals......................................................................................................................2
Application of cryptography..................................................................................................................2
Email communication........................................................................................................................2
What is email encryption?.................................................................................................................3
The importance of encrypting email..................................................................................................3
The consequences of not encrypting email.......................................................................................4
Protocol.................................................................................................................................................5
PGP overview.....................................................................................................................................5
General functions..............................................................................................................................5
How it works......................................................................................................................................6
Authentication via Digital signature..................................................................................................8
Advantages of PGP............................................................................................................................9
Disadvantages of PGP........................................................................................................................9
Algorithm.............................................................................................................................................10
Overview......................................................................................................................................10
Difference between RSA and ElGamal.........................................................................................10
The advantages of ElGamal/Diffie Hellman over RSA:.................................................................11
The disadvantages of using ElGamel/Diffie Hellman over RSA:...................................................11
How ElGamal works.........................................................................................................................11
Conclusion...........................................................................................................................................14
References...........................................................................................................................................15
1 | P a g e
![Page 3: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/3.jpg)
Abstract
The following report examines the application of cryptography in everyday use through an
analysis of its use in email encryption. The report first looks at the importance of email
encryption and how cryptography is applied to make email a secure form of
communication .The report then examines the technical aspects which make this possible.
This is done through an examination of the protocol and then finally a look at the key
algorithms which make this protocol possible.
Introduction
What is cryptography?
DefinitionAt the most basic level cryptography is defined as secret writing. However modern
cryptography in which is used in countless applications is best defined as a function in which
transfers plaintext into cipher text, while also providing the function of decryption that
transfers cipher text into plaintext (Al-Hamdani, 2008).
HistoryThe area of cryptography is often referred to as the science of writing secret code, however
its origins can be traced back thousands of years. The first known use of cryptography is said
to have been around 1900 B.C when and Egyptian scribe used unknown hieroglyphs in and
inscription with the intention of passing information secretly. Cryptography after this time
however has been seen in many cases throughout history including Ranging in application
from battle plans to diplomatic efforts between civilisations. The modern sense of
cryptography however did not appear until the advent of the computer and the mass (Yang,
2011)1communication between users in an untrusted medium. It has primly grown in its
modern sense since 1976, when data encryption was selected as an official Federal
1
2 | P a g e
![Page 4: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/4.jpg)
Information Processing Standard (FIPS) for the United States, cryptography has gained large
attention and a great amount of application and use (Hilal M, 2012)
Cryptographic Goals
In order for cryptography to serve the function in which it is designed to it must meet
specific goals. These are privacy, data integrity, authentication, and non-repudiation. The
main goal of cryptography is to protect data and information from outside use while
maintaining the integrity of that data thus insuring the successful transition of secure
information. (Yang, 2011)
Application of cryptography
The following section examines email encryption as a widely used application of cryptography.
Email communicationOver the last twenty years email as a form of communication for businesses and individuals,
has grown in both size and importance .The growth of email usage as outlined by (The
Radicati Group, 2013) notes there are currently 3.1 billion email accounts in the world,
however this is expected to rise 4.3 billion by 2016.The enormous current and expected
email usage as a form of communication highlights its importance as a form of
communication. The mass communication through email however poses a wider problem
for those who use it. How is it possible to securely communicate through such a medium? It
is with this problem that cryptography offers a solution in providing a means by which a user
can encrypt a message thus preventing a third part from viewing its content.
Figure 1 Growth in email accounts 2012-2016 (The Radicati Group, 2013)
3 | P a g e
![Page 5: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/5.jpg)
What is email encryption?Email encryption in simple terms is the authentication and encryption of e-mail messages, a
system which in other words prevents third party users from receiving or accessing email.
This involves several key elements. Public key cryptography is used so others can use a key
to encrypt a message. Private keys can then be kept secret in order to encrypt messages,
sign them digitally or else decrypt them. The importance of having the ability to do this is a
key application for cryptography as we will see with the following analysis of its application
in securing information within email. (Yang, 2011)
.
The importance of encrypting email
The problem with email security is that the majority of emails sent currently are sent in clear
text and are not encrypted, meaning that a third party can easily intercept them. Encryption
is essential in order to protect sensitive data and content in which many emails contain.
Without the use of encryption the user puts themselves in a position in which they are at
risk of data breaches, loss of intellectual property and a variety of other threats with serious
consequences. (group T. o., 2012)
The consequences of not encrypting email
If an individual fails to encrypt their email numerous situation can occur in which lead to a
breach of data. These include:
Email can be intercepted
While the vast majority of email content is of no interest to third parties, many emails con
contain sensitive files which if breached effect a large amount of people. In America for
example it was recently revealed how the NSA were tapping itno and intercepting email
content.
4 | P a g e
![Page 6: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/6.jpg)
Lost or misplaced mobile devices
Data interception can also occur when unencrypted mobile devise such as USB sticks,
tablets laptops and mobile hard drives are lost or stolen. This occurrence has happened in
the past in numerous cases resulting in the loss of sensitive data and even intellectual party
and sensitive corporate information.
Mistakes by users
Another threat in not encrypting email content can result from simple user mistakes. For
example a user inadvertently sending an email to the wrong person. An example of this
occurred in September 2012 when an employee of North Star healthcare sent an email that
contained the names and HIV status of patient being treats for HIV or Aids to a third party.
(group T. o., 2012)
Malicious activity by users
Despite this being less common it is also still a result of not encrypting email .A employee
who is unhappy with a company for example can use sensitive content for their own means
or send it to others .Sending documents from a corporate account to a personal one for
example can mean a company could lose thousands of documents a year of a system is not
in place to block this activity by encrypting sensitive files. (group O. r., 2013)
It is for these prime reasons that changing plain text into cipher text is essential as an
application.
5 | P a g e
![Page 7: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/7.jpg)
Protocol
The following section examines the protocol PGP (pretty good privacy) which forms a
structure in by which cryptography can be applied in order to protect the exchange of
information via email.
PGP overviewPretty good privacy(PGP) or it latest version PGP is a public key system that uses a hybrid
structuring combining the best features of public key cryptography in order to provide
security in communication. Because of this structure it is ideal for securing the medium of
email communication. PGP can use either RSA or Diffie-Hellman algorithms as its encryption
and decryption standard. (Hilal M, 2012)
General functions
PGP provides Data integrity and security by using the following core technologies:
digital signatures
encryption
compression
conversion
How it works
The sender creates a message
Data compression.
When a user encrypts a plaintext the PGP protocol first compresses that plaintext. The
compression of the plaintext has several advantages for the process. Data compression
saves transmission time and disk space and also help strengthen cryptographic security. The
majority of cryptanalysis techniques use patterns in plaintext to crack the cipher.
6 | P a g e
![Page 8: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/8.jpg)
Compression helps reduce these patterns therefore greatly enhancing security against
cryptanalysis (Hilal M, 2012)
Creation of a session Key
The sending PGP generates a random number which becomes the session key, which is used
in that message only. In other words the session key is one time only secret key. The session
key is randomly generated using the random movements of mouse strokes and key strokes.
This session key then works with a very fast encryption algorithm to encrypt the plaintext
into cipher text.
Encryption
During this stage the session key is encrypted using the public key of the recipient. The
session key is encrypted using each recipient's public key. These encrypted session keys
start the message.
Figure 2 Send Process (Hilal M, 2012)
Decryption
7 | P a g e
![Page 9: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/9.jpg)
The decryption work in the opposite way. The receivers PGP uses his/her private key to get
the session key which the PGP protocol uses to decrypt the encrypted cipher text. If the
message was compressed it would be thus decompressed at this stage
Fig. 3. Received Process (Hilal M, 2012)
Authentication via Digital signature
Once the massage is received within the PGP protocol the receiver can authenticate the
message using a digital signature. The digital signature uses a hash code or message digest
algorithm, and a public-key signature algorithm. The sequence is as follows: (Stallings, 2006)
1. The sender creates a message.
2. The sending software generates a hash code of the message.
8 | P a g e
![Page 10: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/10.jpg)
3. The sending software generates a signature from the hash code using the sender's
private key.
4. The Binary signature is then attached to the message
5. The receiving software keeps a copy of the message signature.
6. The receiving software generates a new hash code for the received message and
verifies it using the message's signature. If the verification is successful, the message
is accepted as
Authentic.
Fig 4. Authentication through digital signature (Stallings, 2006)
9 | P a g e
![Page 11: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/11.jpg)
Advantages of PGPFlexibility-secure messages can be sent to multiple users at the same time, and each of
these users can decrypt the message using their own private key. Added to this users can
use their private keys to encrypt personal files and documents.
Authentication-Users can sign clear messages with their PGP encrypted signatures which
other users can then then verify, providing a means by which users can authenticate
messages which increases trust.
Security-Asymmetric keys are incredibly hard to craic meaning the protocol provides an
extremely secure process.
Disadvantages of PGP
Software-The software is not built into email therefore users need the necessary software
and key in order to use the protocol.
Cost-The purchase and installation of the protocol can be financially high, so the user must
value their security highly in order to justify the protocol. (group O. r., 2013)
Algorithm
The following section examines one of the key algorithms within the PGP protocol. The algorithm
examined is ElGamel. An outline of the algorithm is first examined. A comparison with its main
alternative is then carried out before finally taking a look the working of the algorithm.
OverviewElGamal is an extension of Diffie Hellman’s shared secret generation. It generates a shared
secret and uses it as a one-time pad in order to encrypt data.ElGamel can be used within the
10 | P a g e
![Page 12: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/12.jpg)
PGP protocol to both encrypt and decrypt the message. For this reason it is necessary to
examines it algorithm.
Difference between RSA and ElGamal
The PGP protocol can also use RSA, for that reason alone ElGamel can be seen as an
alternative to RSA. The main difference between the two is as follows. The security of the
RSA algorithm revolves around the difficulty of factoring large integers, however ElGamal
depends on the difficulty of computing discrete logs in large prime modulus.
The advantages of ElGamal/Diffie Hellman over RSA:
1. The requirement for a secure Random Number Generation (RNG). A
cryptographically secure RNG is already available
2. Major message expansion. The size of the message doubles once encrypted. This
however is not an issue as ElGamal is only used to encrypt the session key to each
recipient.
3. Speed. Encryption using ElGamal is slower than RSA.
The disadvantages of using ElGamel/Diffie Hellman over RSA:
1. ElGamal is totally unencumbered by copyright and patents. This means that ElGamal
can be used globally without the need for licensing. RSA, however, needs licensing
from RSA Labs for use in commercial products. RSA does provide free licenses for
RSA, but there are some prohibitive licensing issues
2. Using RSA, someone could generate a fake prime or one of a special form that
facilitates factoring. Without access to the private key it is simply impossible to
check. Describes a method of checking that the numbers used in DSA/DH are
computed randomly and are indeed prime.
11 | P a g e
![Page 13: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/13.jpg)
3. RSA is not appropriate for use in situations where key generation occurs regularly
(e.g. for each message), such as in systems that employ ephemeral keys.
How ElGamal works
The following algorithm is describe by (Rashmi Singh, 2012) and is illustrated from the model below
Fig 5. Determination of the public and private Key
Sender A chooses a large prime number p such that ø (p) has a large prime factor. Choose g: primitive root of p. B. Choose an integer x such that 1 <x< ø (p). Compute y=g^x mod p. C. The triplet (x,g,p) forms the private key and the triplet (y,g,p) forms the public key of the user ’A’. D. User ‘A’ keeps the private key (x,g,p) secret and makes the public key (y,g,p) available to all those users with whom ‘A’ intends to communicate.
12 | P a g e
![Page 14: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/14.jpg)
Encryption (Say by User B)
When any user (say user B) possessing A’s public key (y,g,p) intends to send a message M(0≤M<p) to user ‘A’ user ‘B’ proceeds as follows:-
A. Choose a random integer k such that (1<k< ø (p)).
B. Knowing public key (y,g,p) of intended recipient ‘A’. User ‘B’ computes the cipher-text, Which comprises of a pair of integers: - (g^K mod P,my^K mod P)
C .User B transmits the cipher text to the intended recipient user A
The first component of the cipher text i.e g^k mod p is called CLUE.It contains a clue of the random value K,which is not known to the intended recipient of CLUE for the extraction of the plaintext from the second component of the cipher text.
Decryption (User B):
User ‘A’ receives the cipher-text (g^k mod p, M^k mod p). ‘A’ proceeds to decrypt the received cipher-text using its private key(x,g,p).
1) Choose (-x) mod ø (p) = ø (p)-x = p-1-x
2) Compute (g^k mod p) ^ (-x mod ø (p)) mod p = g^ -kx mod p.
3) Compute M= ((My^k mod p). (g^-kx mod p))Mod p.
Working of Elgamal’s Algorithm:
Message decrypted at the recipient end
= ((My^k mod p) (g^-kx mod p)) mod p
= ((Mg^kx mod p) (g^-kx mod p)) mod p
= ((Mg^kx g^-kx) mod p = M mod p
=M (same as the message sent)
Thus, the recipient is able to extract the original plaintext message M from the received cipher-text. Proved that the message received at the recipient end is same as the message sent.
13 | P a g e
![Page 15: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/15.jpg)
Determination of public and private key
Let p=11; g=2 Let x=5 Y=g^x mod p = 2^5 mod 11 = 32 mod 11=10
Thus, ‘A’ is the PRIVATE KEY =(x,g,p) = (5,2,11) And ‘A’ s public key = (y,g,p)= (10,2,11)
Encryption
Suppose a user ‘B’ wants to send message M= 3 to ‘A’ , then ‘B’ will encrypt M a follows and transmit C to A:- ‘B’ will select an integer k such that 0<k<ø(p).
Let k=7
C= (g^k mod p, My^k mod p)
= (2^7 mod 11, 3x 10^7 mod 11)
= (128 mod 11, (100x100x100x30) mod 11)
= (7,8)
.
Decryption
Knowing (x,g,p), user ‘A’ will decrypt the cipher-text C as follows:-
Compute (-x) mod ø (p) = (-x) mod 10=10-x=10-5=5.
Compute (g^k)^-x mod p =(7)^5 mod 11 = (49x49x7)mod 11
Compute (M.y^k.g^-xk) mod p
= (8x 10) mod 11
=3
=M (Original Message) (Rashmi Singh, 2012)
14 | P a g e
![Page 16: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/16.jpg)
ConclusionThe application of cryptography in securing email is only one of its many essential
applications in the modern world, however without it many individuals and companies
security and privacy would be under huge risk with the result of major consequences. It is
for this reason that the development of the protocols and algorithms which ensure this
security has become an issue of utmost importance. This report simply outlines an example
of a basic application and the functions of one of the uses of cryptography but in the end it
shows that even this most basic application is of key importance to almost everyone using
this modern form of communication.
ReferencesA.J Menezes P.C Van Oarschot, S. V. (1996). Handbook of Applied Cryptography. London:
CRC Press.
group, O. r. (2013). Why Should You Encrypt Email and what happens if you don't? Symantic.
group, T. o. (2012). Why Securing Communications and content is a critical best practive. The osterman research group.
Hilal M, Y. A.-B. (2012). PGP Protocols and it's applications. In D. Sen, Cryptography and security in computing (pp. 182-202). Rijeka: InTech.
Rashmi Singh, S. K. (2012). Elgamal’s Algorithm in Cryptography. International Journal of Scientific & Engineering, 1-4.
Stallings, W. (2006). Digital Signatures. In W. Stallings, Cryptography and Network security. London: Pearson Education.
The Radicati Group, I. (2013). Email Statistics Report, 2011-2015 . Palo Alto: The Radicati Group, Inc.
W Diffie, M. H. (1976). New Directions In cryptography. IEEE Transactions on information theory.
Yang, H. R. (2011). Applied cryptography for cyber security and defense. New York: Hershey.
15 | P a g e
![Page 17: Cryptography Report](https://reader031.fdocuments.us/reader031/viewer/2022012311/563db9d7550346aa9aa06f41/html5/thumbnails/17.jpg)
16 | P a g e