Applications of Cryptography

EE6163: Telecommunications for Electronic Business

John Griffin

110327871

17th of December 2013

0 | P a g e

Table of ContentsAbstract.................................................................................................................................................1

Introduction...........................................................................................................................................1

What is cryptography?.......................................................................................................................1

Definition.......................................................................................................................................1

History...........................................................................................................................................1

Cryptographic Goals......................................................................................................................2

Application of cryptography..................................................................................................................2

Email communication........................................................................................................................2

What is email encryption?.................................................................................................................3

The importance of encrypting email..................................................................................................3

The consequences of not encrypting email.......................................................................................4

Protocol.................................................................................................................................................5

PGP overview.....................................................................................................................................5

General functions..............................................................................................................................5

How it works......................................................................................................................................6

Authentication via Digital signature..................................................................................................8

Advantages of PGP............................................................................................................................9

Disadvantages of PGP........................................................................................................................9

Algorithm.............................................................................................................................................10

Overview......................................................................................................................................10

Difference between RSA and ElGamal.........................................................................................10

The advantages of ElGamal/Diffie Hellman over RSA:.................................................................11

The disadvantages of using ElGamel/Diffie Hellman over RSA:...................................................11

How ElGamal works.........................................................................................................................11

Conclusion...........................................................................................................................................14

References...........................................................................................................................................15

1 | P a g e

Abstract

The following report examines the application of cryptography in everyday use through an

analysis of its use in email encryption. The report first looks at the importance of email

encryption and how cryptography is applied to make email a secure form of

communication .The report then examines the technical aspects which make this possible.

This is done through an examination of the protocol and then finally a look at the key

algorithms which make this protocol possible.

Introduction

What is cryptography?

DefinitionAt the most basic level cryptography is defined as secret writing. However modern

cryptography in which is used in countless applications is best defined as a function in which

transfers plaintext into cipher text, while also providing the function of decryption that

transfers cipher text into plaintext (Al-Hamdani, 2008).

HistoryThe area of cryptography is often referred to as the science of writing secret code, however

its origins can be traced back thousands of years. The first known use of cryptography is said

to have been around 1900 B.C when and Egyptian scribe used unknown hieroglyphs in and

inscription with the intention of passing information secretly. Cryptography after this time

however has been seen in many cases throughout history including Ranging in application

from battle plans to diplomatic efforts between civilisations. The modern sense of

cryptography however did not appear until the advent of the computer and the mass (Yang,

2011)1communication between users in an untrusted medium. It has primly grown in its

modern sense since 1976, when data encryption was selected as an official Federal

1

2 | P a g e

Information Processing Standard (FIPS) for the United States, cryptography has gained large

attention and a great amount of application and use (Hilal M, 2012)

Cryptographic Goals

In order for cryptography to serve the function in which it is designed to it must meet

specific goals. These are privacy, data integrity, authentication, and non-repudiation. The

main goal of cryptography is to protect data and information from outside use while

maintaining the integrity of that data thus insuring the successful transition of secure

information. (Yang, 2011)

Application of cryptography

The following section examines email encryption as a widely used application of cryptography.

Email communicationOver the last twenty years email as a form of communication for businesses and individuals,

has grown in both size and importance .The growth of email usage as outlined by (The

Radicati Group, 2013) notes there are currently 3.1 billion email accounts in the world,

however this is expected to rise 4.3 billion by 2016.The enormous current and expected

email usage as a form of communication highlights its importance as a form of

communication. The mass communication through email however poses a wider problem

for those who use it. How is it possible to securely communicate through such a medium? It

is with this problem that cryptography offers a solution in providing a means by which a user

can encrypt a message thus preventing a third part from viewing its content.

Figure 1 Growth in email accounts 2012-2016 (The Radicati Group, 2013)

3 | P a g e

What is email encryption?Email encryption in simple terms is the authentication and encryption of e-mail messages, a

system which in other words prevents third party users from receiving or accessing email.

This involves several key elements. Public key cryptography is used so others can use a key

to encrypt a message. Private keys can then be kept secret in order to encrypt messages,

sign them digitally or else decrypt them. The importance of having the ability to do this is a

key application for cryptography as we will see with the following analysis of its application

in securing information within email. (Yang, 2011)

.

The importance of encrypting email

The problem with email security is that the majority of emails sent currently are sent in clear

text and are not encrypted, meaning that a third party can easily intercept them. Encryption

is essential in order to protect sensitive data and content in which many emails contain.

Without the use of encryption the user puts themselves in a position in which they are at

risk of data breaches, loss of intellectual property and a variety of other threats with serious

consequences. (group T. o., 2012)

The consequences of not encrypting email

If an individual fails to encrypt their email numerous situation can occur in which lead to a

breach of data. These include:

Email can be intercepted

While the vast majority of email content is of no interest to third parties, many emails con

contain sensitive files which if breached effect a large amount of people. In America for

example it was recently revealed how the NSA were tapping itno and intercepting email

content.

4 | P a g e

Lost or misplaced mobile devices

Data interception can also occur when unencrypted mobile devise such as USB sticks,

tablets laptops and mobile hard drives are lost or stolen. This occurrence has happened in

the past in numerous cases resulting in the loss of sensitive data and even intellectual party

and sensitive corporate information.

Mistakes by users

Another threat in not encrypting email content can result from simple user mistakes. For

example a user inadvertently sending an email to the wrong person. An example of this

occurred in September 2012 when an employee of North Star healthcare sent an email that

contained the names and HIV status of patient being treats for HIV or Aids to a third party.

(group T. o., 2012)

Malicious activity by users

Despite this being less common it is also still a result of not encrypting email .A employee

who is unhappy with a company for example can use sensitive content for their own means

or send it to others .Sending documents from a corporate account to a personal one for

example can mean a company could lose thousands of documents a year of a system is not

in place to block this activity by encrypting sensitive files. (group O. r., 2013)

It is for these prime reasons that changing plain text into cipher text is essential as an

application.

5 | P a g e

Protocol

The following section examines the protocol PGP (pretty good privacy) which forms a

structure in by which cryptography can be applied in order to protect the exchange of

information via email.

PGP overviewPretty good privacy(PGP) or it latest version PGP is a public key system that uses a hybrid

structuring combining the best features of public key cryptography in order to provide

security in communication. Because of this structure it is ideal for securing the medium of

email communication. PGP can use either RSA or Diffie-Hellman algorithms as its encryption

and decryption standard. (Hilal M, 2012)

General functions

PGP provides Data integrity and security by using the following core technologies:

digital signatures

encryption

compression

conversion

How it works

The sender creates a message

Data compression.

When a user encrypts a plaintext the PGP protocol first compresses that plaintext. The

compression of the plaintext has several advantages for the process. Data compression

saves transmission time and disk space and also help strengthen cryptographic security. The

majority of cryptanalysis techniques use patterns in plaintext to crack the cipher.

6 | P a g e

Compression helps reduce these patterns therefore greatly enhancing security against

cryptanalysis (Hilal M, 2012)

Creation of a session Key

The sending PGP generates a random number which becomes the session key, which is used

in that message only. In other words the session key is one time only secret key. The session

key is randomly generated using the random movements of mouse strokes and key strokes.

This session key then works with a very fast encryption algorithm to encrypt the plaintext

into cipher text.

Encryption

During this stage the session key is encrypted using the public key of the recipient. The

session key is encrypted using each recipient's public key. These encrypted session keys

start the message.

Figure 2 Send Process (Hilal M, 2012)

Decryption

7 | P a g e

The decryption work in the opposite way. The receivers PGP uses his/her private key to get

the session key which the PGP protocol uses to decrypt the encrypted cipher text. If the

message was compressed it would be thus decompressed at this stage

Fig. 3. Received Process (Hilal M, 2012)

Authentication via Digital signature

Once the massage is received within the PGP protocol the receiver can authenticate the

message using a digital signature. The digital signature uses a hash code or message digest

algorithm, and a public-key signature algorithm. The sequence is as follows: (Stallings, 2006)

1. The sender creates a message.

2. The sending software generates a hash code of the message.

8 | P a g e

3. The sending software generates a signature from the hash code using the sender's

private key.

4. The Binary signature is then attached to the message

5. The receiving software keeps a copy of the message signature.

6. The receiving software generates a new hash code for the received message and

verifies it using the message's signature. If the verification is successful, the message

is accepted as

Authentic.

Fig 4. Authentication through digital signature (Stallings, 2006)

9 | P a g e

Advantages of PGPFlexibility-secure messages can be sent to multiple users at the same time, and each of

these users can decrypt the message using their own private key. Added to this users can

use their private keys to encrypt personal files and documents.

Authentication-Users can sign clear messages with their PGP encrypted signatures which

other users can then then verify, providing a means by which users can authenticate

messages which increases trust.

Security-Asymmetric keys are incredibly hard to craic meaning the protocol provides an

extremely secure process.

Disadvantages of PGP

Software-The software is not built into email therefore users need the necessary software

and key in order to use the protocol.

Cost-The purchase and installation of the protocol can be financially high, so the user must

value their security highly in order to justify the protocol. (group O. r., 2013)

Algorithm

The following section examines one of the key algorithms within the PGP protocol. The algorithm

examined is ElGamel. An outline of the algorithm is first examined. A comparison with its main

alternative is then carried out before finally taking a look the working of the algorithm.

OverviewElGamal is an extension of Diffie Hellman’s shared secret generation. It generates a shared

secret and uses it as a one-time pad in order to encrypt data.ElGamel can be used within the

10 | P a g e

PGP protocol to both encrypt and decrypt the message. For this reason it is necessary to

examines it algorithm.

Difference between RSA and ElGamal

The PGP protocol can also use RSA, for that reason alone ElGamel can be seen as an

alternative to RSA. The main difference between the two is as follows. The security of the

RSA algorithm revolves around the difficulty of factoring large integers, however ElGamal

depends on the difficulty of computing discrete logs in large prime modulus.

The advantages of ElGamal/Diffie Hellman over RSA:

1. The requirement for a secure Random Number Generation (RNG). A

cryptographically secure RNG is already available

2. Major message expansion. The size of the message doubles once encrypted. This

however is not an issue as ElGamal is only used to encrypt the session key to each

recipient.

3. Speed. Encryption using ElGamal is slower than RSA.

The disadvantages of using ElGamel/Diffie Hellman over RSA:

1. ElGamal is totally unencumbered by copyright and patents. This means that ElGamal

can be used globally without the need for licensing. RSA, however, needs licensing

from RSA Labs for use in commercial products. RSA does provide free licenses for

RSA, but there are some prohibitive licensing issues

2. Using RSA, someone could generate a fake prime or one of a special form that

facilitates factoring. Without access to the private key it is simply impossible to

check. Describes a method of checking that the numbers used in DSA/DH are

computed randomly and are indeed prime.

11 | P a g e

3. RSA is not appropriate for use in situations where key generation occurs regularly

(e.g. for each message), such as in systems that employ ephemeral keys.

How ElGamal works

The following algorithm is describe by (Rashmi Singh, 2012) and is illustrated from the model below

Fig 5. Determination of the public and private Key

Sender A chooses a large prime number p such that ø (p) has a large prime factor. Choose g: primitive root of p. B. Choose an integer x such that 1 <x< ø (p). Compute y=g^x mod p. C. The triplet (x,g,p) forms the private key and the triplet (y,g,p) forms the public key of the user ’A’. D. User ‘A’ keeps the private key (x,g,p) secret and makes the public key (y,g,p) available to all those users with whom ‘A’ intends to communicate.

12 | P a g e

Encryption (Say by User B)

When any user (say user B) possessing A’s public key (y,g,p) intends to send a message M(0≤M<p) to user ‘A’ user ‘B’ proceeds as follows:-

A. Choose a random integer k such that (1<k< ø (p)).

B. Knowing public key (y,g,p) of intended recipient ‘A’. User ‘B’ computes the cipher-text, Which comprises of a pair of integers: - (g^K mod P,my^K mod P)

C .User B transmits the cipher text to the intended recipient user A

The first component of the cipher text i.e g^k mod p is called CLUE.It contains a clue of the random value K,which is not known to the intended recipient of CLUE for the extraction of the plaintext from the second component of the cipher text.

Decryption (User B):

User ‘A’ receives the cipher-text (g^k mod p, M^k mod p). ‘A’ proceeds to decrypt the received cipher-text using its private key(x,g,p).

1) Choose (-x) mod ø (p) = ø (p)-x = p-1-x

2) Compute (g^k mod p) ^ (-x mod ø (p)) mod p = g^ -kx mod p.

3) Compute M= ((My^k mod p). (g^-kx mod p))Mod p.

Working of Elgamal’s Algorithm:

Message decrypted at the recipient end

= ((My^k mod p) (g^-kx mod p)) mod p

= ((Mg^kx mod p) (g^-kx mod p)) mod p

= ((Mg^kx g^-kx) mod p = M mod p

=M (same as the message sent)

Thus, the recipient is able to extract the original plaintext message M from the received cipher-text. Proved that the message received at the recipient end is same as the message sent.

13 | P a g e

Determination of public and private key

Let p=11; g=2 Let x=5 Y=g^x mod p = 2^5 mod 11 = 32 mod 11=10

Thus, ‘A’ is the PRIVATE KEY =(x,g,p) = (5,2,11) And ‘A’ s public key = (y,g,p)= (10,2,11)

Encryption

Suppose a user ‘B’ wants to send message M= 3 to ‘A’ , then ‘B’ will encrypt M a follows and transmit C to A:- ‘B’ will select an integer k such that 0<k<ø(p).

Let k=7

C= (g^k mod p, My^k mod p)

= (2^7 mod 11, 3x 10^7 mod 11)

= (128 mod 11, (100x100x100x30) mod 11)

= (7,8)

.

Decryption

Knowing (x,g,p), user ‘A’ will decrypt the cipher-text C as follows:-

Compute (-x) mod ø (p) = (-x) mod 10=10-x=10-5=5.

Compute (g^k)^-x mod p =(7)^5 mod 11 = (49x49x7)mod 11

Compute (M.y^k.g^-xk) mod p

= (8x 10) mod 11

=3

=M (Original Message) (Rashmi Singh, 2012)

14 | P a g e

ConclusionThe application of cryptography in securing email is only one of its many essential

applications in the modern world, however without it many individuals and companies

security and privacy would be under huge risk with the result of major consequences. It is

for this reason that the development of the protocols and algorithms which ensure this

security has become an issue of utmost importance. This report simply outlines an example

of a basic application and the functions of one of the uses of cryptography but in the end it

shows that even this most basic application is of key importance to almost everyone using

this modern form of communication.

ReferencesA.J Menezes P.C Van Oarschot, S. V. (1996). Handbook of Applied Cryptography. London:

CRC Press.

group, O. r. (2013). Why Should You Encrypt Email and what happens if you don't? Symantic.

group, T. o. (2012). Why Securing Communications and content is a critical best practive. The osterman research group.

Hilal M, Y. A.-B. (2012). PGP Protocols and it's applications. In D. Sen, Cryptography and security in computing (pp. 182-202). Rijeka: InTech.

Rashmi Singh, S. K. (2012). Elgamal’s Algorithm in Cryptography. International Journal of Scientific & Engineering, 1-4.

Stallings, W. (2006). Digital Signatures. In W. Stallings, Cryptography and Network security. London: Pearson Education.

The Radicati Group, I. (2013). Email Statistics Report, 2011-2015 . Palo Alto: The Radicati Group, Inc.

W Diffie, M. H. (1976). New Directions In cryptography. IEEE Transactions on information theory.

Yang, H. R. (2011). Applied cryptography for cyber security and defense. New York: Hershey.

15 | P a g e

16 | P a g e