TOPIC: NETWORK SECURITY CRYPTOGRAPHY (One of its possible solution)
Submitted to GMR Institute Of Technology. Presentation done by:
Maneesh Kumar Sethia Ht no. 03981A0525 Raghu Engineering College Email:
[email protected]
Of Raghu Engineering College.
Suman Arya Ht no. 03981A0545 Raghu Engineering College Email:
[email protected]
Abstract Networking and internet are rapidly expanding sector of computer market .The simple fact is that the internet and fax computers are just like any other large community with both good and bad elements. Many companies, organizations and indeed individual have installed such systems without realizing the risk they are running. This paper examines the risk such as hacking and provides their solutions. This paper address the security issue framed in the context of needs small and medium enterprise (SME’s), ranch officers of large organization and educational institutions.
INTRODUCTION The requirements of Information security within an organization have undergone two major changes in the last several decades. Before the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provided primarily by physical and Administrative means. The generic name for collection of tools designed to protect data and thwart hackers is Computer Security. Second major change that affected security is the introduction of distributed systems and the use of networks and communications facilities for carrying data between terminals user and computer and between computer and computer.Network Security measures are needed to protect data during their transmission.Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. In the following sections, we will look on network security from several angles, point out numerous pitfalls, and discuss many algorithms and protocols for making networks more secure. Network Security problems can be divided roughly into 4 four interwined Areas; •
Secrecy
•
Authentication
•
Non-repudiation ,and
•
Integrity Secrecy has to do with keeping information out of the hands of unauthorized users. This is what
usually comes to mind when people think about network security. Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal .Authentication mechanisms help establish proof of identities. Non-repudiation deals with signature i.e. how do you prove that your customer really placed an electric order ?Finally, how can you be sure that a message you received was really the one sent and not something that mallicious adversory modified in transit or concocted? Integrity control deals with securing the message from any modifications by intruders. When the contents of a message are changed after the sender sends it, but before it reaches the intended recipient, we say that the integrity of the message is lost. All these issues (secrecy,authentication, non-repudiation, and integrity control ) occur in traditional systems too, but with some significant differences.secrecy and integrity are achieved by signing registered mail and locking documents up. People authenticate other people by recognizing their faces, voices, and handwriting. Signatures on letterhead paper, raised seals, and so on handle proof of signing. Handwriting, paper and ink experts can usually detect tampering. None of these options are available electronically. Clearly, other solutions are needed.
CRYPTOGRAPHY Cryptography is the art of achieving security by encoding messages to make them non-readable. In the early days, cryptography used to be performed by using manual techniques. The basic framework of performing cryptography has remained more or less the same, of course, with a lot of improvements in the actual
implementation. More importantly, computers now perform these cryptographic functions/algorithms, thus making the process a lot faster and secure. Cryptology embraces both cryptography and cryptanalysis.
What is cryptography? The messages to be encrypted, known as the plaintext, Are transformed by a function that is parameterized by a key. The output of the encryption process, known as the cipher text, is then transmitted, often by messenger or radio. We assume that the enemy, or the intruder, hears and accurately copies down the complete cipher text. However, unlike the intended recipient, he does not know about what the decryption key is and so cannot decrypt the cipher text easily. Sometimes the intruder can not only listen to the communication channel (passive intruder ) but can also record messages and play them back later, inject his own
messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers is called cryptanalysis. The art of devising ciphers (cryptography) and breaking them (cryptanalysis) is collectively known as cryptology.
Encryption and decryption Data that can be read and understood without any special measures is called Plaintext or clear text. The method of disguising plaintext in such a way as to Hide its substance is called encryption. Encrypting plaintext results in unreadable Gibberish called cipher text. You use encryption to make sure that information Is hidden from anyone for whom it is not intended, even those who Can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption.
The following figure shows this process.
plaintext
encryption
ciphertext
decryption
plaintext
It will often be useful to have a notation for relating plaintext, ciphertext and keys. We will use C=Ek(P) to mean that the encryption of the plaintext P using to get the plaintext again. It then follows that Dk(Ek(P))=P
How does cryptography work? A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key—a word, number, or phrase—to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work, comprise a cryptosystem. PGP is a cryptosystem.
plaintext
encryption
ciphertext
decryption
plaintext
Caesar’s cipher An extremely simple example of conventional cryptography is a substitution cipher. A substitution cipher substitutes one piece of information for another. For example, if we encode the word “SECRET” using Caesar’s key value of 3, we offset the alphabet so that the 3rd letter down (D) begins the alphabet. So starting with ABCDEFGHIJKLMNOPQRSTUVWXYZ and sliding everything up by 3, you get DEFGHIJKLMNOPQRSTUVWXYZABC where D=A, E=B, F=C, and so on. Using this scheme, the plaintext, “SECRET” encrypts as “VHFUHW.” To
allow someone else to read the ciphertext, you tell them that the key is 3. Encryption methods have historically been divided into 2 categories: • Substitution Ciphers • Transposition Ciphers
Substitution Ciphers: In a Substitution Cipher each letter or group of letters is replaced by another letter of letters to disguise it. For example, Plaintext: a b c d e f g h I j k l m n o p q r s t u v w x y z Ciphertext: Q W E R T Y I O P A S D F G H J K L Z X C V B N M This general system is called a monoalphabetic substitution, with the key being the 26-letter string corresponding to the full alphabet. For the key above, the plaintext attack would be transformed into ciphertext QZZQEA.
Transposition Ciphers: Substitution ciphers preserve the order of the plaintext symbols but disguise them. Transposition Ciphers in contrast, reorder the letters but do not disguise them. Below fig. Depicts a common transposition cipher, the columnar transposition.The cipher is keyed by a word or phrase not conaining any repeated letters. In this egg. MEGABUCK is the key. The purpose of the key is to number the columns, column 1 being under the key letter closest to the start of the alphabet, and so on. The plain text is written horizontally in rows. The cipher text is read out by columns, starting with the column whose key letter is the lowest. M E G A B U C K 7 4 5 1 2 8
3
5
e a s e t
r
p
l
a
n s
f e r o
e m I l d
o
l I o
l l a
Plaintext
n
pleasetransformonemilliondollarsto
n
myswissbankaccountsixtwotwo
r s
t
o m
y s w I s
s
Ciphertext
b a
n k a
o
AFLISKSOSELAWAIATOOSSCTCLNMOMANT
x t w
ESILYNTWRNNTSOWDPAEDOBUOERIRICXB
u n t o
s I
c c
t w o a b c
d
Fig. Transposition Cipher There have been many known cryptographic algorithms. The crux of any cryptographic algorithm is the “seed” or the “key” used for encrypting/decrypting the information. Many of the cryptographic algorithms are available publicly, though some organizations believe in having the algorithm a secret. The general method is in using a publicly known algorithm while maintaining the key a secret. CLASSIFICATION OF CRYPTOSYSTEMS : •
Symmetric ( secret key cryptography )
•
Asymmetric ( public key cryptography )
In Symmetric Key Cryptosystems, we use the same key for both Encryption as well as the corresponding decryption. i.e. if K was the key and M was the message, then, we have DK(EK(M)) = M. Asymmetric or Public key or shared key cryptosystems use two different keys. One is used for encryption while the other key is used for decryption. The two keys can be used interchangeably. One of the keys is made public (shared) while the other key is kept a secret. i.e. let k1 and k2 be public and private keys respectively. Let M be the message, then Dk2(Ek1(M)) = Dk1(Ek2(M)) = M. In general, symmetric key cryptosystems are preferred over public key systems due to the following factors: 1.
Ease of computation
2.
Smaller key length providing the same amount of security as compared to a larger key in Public key systems.
Hence the common method adopted is to use a public key system to securely transmit a “secret key”. Once we have securely exchanged the Key, we then use this key for encryption and decryption using a Symmetric Key algorithm.
1. Secret Key Cryptography: This type of cryptosystem uses the same key for both encryption and decryption. Some of the advantages of such a system are -
Very fast relative to public key cryptography
-
Considered secure, as long as the key is strong Symmetric key cryptosystems have some disadvantages too. Exchange and administration
of the key becomes complicated. Non-repudiation is not possible. Some of the examples of Symmetric key cryptosystems include DES, 3-DES, RC4, RC5 etc.
2. Public Key Cryptography: This type of cryptosystems uses different keys for encryption and decryption. Each user has a public key, which is known to all others, and a private key, which remains a secret. The private key and public key are mathematically linked. Encryption is performed with the public key and the decryption is performed with the private key. Public key cryptosystems are considered to be very secure and supports Non-repudiation. No exchange of keys is required thus reducing key administration to a minimum. But it is much slower than Symmetric key algorithms and the cipher text tend to be much larger than plaintext. Some of the examples of public key cryptosystems include Diffie-Hellman, RSA and Elliptic Curve Cryptography.
Because it uses two keys, it is sometimes called asymmetric cryptography
plaintext encryption ciphertext decryption plaintext
CONCLUSION Cryptographic solutions Cryptographic solutions, can be provided in a number of ways including: Security Applied at Higher Layers of the OSI Model The best-known example of this is Secure Sockets Layer (SSL), used to protect sensitive Internet connections between a user’s browser and a server (for example, during an online banking transaction). SSL is an application that “sits” above the TCP/IP layers and offers one or two-way authentication between the browser and the server by means of digital certificates and encryption of the transmitted information. However, it only protects the communications, not the business or user application. Operating System Security Operating systems have a number of inbuilt security features, including cryptographic functions. However, such security is largely based on access control mechanisms, which can be easily by-passed in many cases. Application Level Security By this, we mean that cryptographic security is integrated with the business or user application and is intimately linked to that application. This is the subject of the remainder of this paper, specifically the advantages and disadvantages vis-à-vis network level security. Security is not a product nor is it a technology. It is a process and it not only includes policy, procedures, and training but also contains preventive control measures and healthy dosage of awareness. It includes disaster recovery and business continuity. Security is an ongoing process with constant revaluation and changes , as new threats and solutions are released.
BIBLIOGRAPHY [1]
William Stallings “Cryptography and Network Security”, Prentice Hall 2/e, 1999.
[2]
Andrew S.TanenBaum, “Computer Networks”, Prentice Hall 2/e, 1995.
[3]
Herbert Schildt “Java The Complete Reference”,Tata McGraw-Hill Publications,2001
[4]
Bruce Schneier, John Wiley (2nd Edition) “Applied Cryptography”
[5]
Atul Kahate ,”Cryptography and Network Security”,Tata McGraw-Hill Publications
[6]
Roger S.Pressman , “Software Engineering: A Practitioner’s Approach”, McGraw-Hill International Edition
[7] www.certicom.com