Topic: Network Security CRYPTOGRAPHY (One of Its Possible Solution)
Topic: Network Security CRYPTOGRAPHY (One of Its Possible Solution)
Networking and internet are rapidly expanding sector of computer market .The simple fact is that
the internet and fax computers are just like any other large community with both good and bad
elements.
Many companies, organizations and indeed individual have installed such systems without
realizing the risk they are running. This paper examines the risk such as hacking and provides
their solutions.
This paper address the security issue framed in the context of needs small and medium enterprise
(SME’s), ranch officers of large organization and educational institutions.
INTRODUCTION
The requirements of Information security within an organization have undergone two major changes in the last
several decades. Before the widespread use of data processing equipment, the security of information felt to be
valuable to an organization was provided primarily by physical and Administrative means. The generic name for
collection of tools designed to protect data and thwart hackers is Computer Security. Second major change that
affected security is the introduction of distributed systems and the use of networks and communications facilities for
carrying data between terminals user and computer and between computer and computer.Network Security
measures are needed to protect data during their transmission.Network security is a complicated subject, historically
only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an
increasing number of people need to understand the basics of security in a networked world.
In the following sections, we will look on network security from several angles, point out numerous pitfalls, and
discuss many algorithms and protocols for making networks more secure.
Network Security problems can be divided roughly into 4 four interwined
Areas;
• Secrecy
• Authentication
• Non-repudiation ,and
• Integrity
Secrecy has to do with keeping information out of the hands of unauthorized users. This is what
usually comes to mind when people think about network security.
Authentication deals with determining whom you are talking to before revealing sensitive information or entering
into a business deal .Authentication mechanisms help establish proof of identities.
Non-repudiation deals with signature i.e. how do you prove that your customer
really placed an electric order ?Finally, how can you be sure that a message you received was really the one sent
and not something that mallicious adversory modified in transit or concocted?
Integrity control deals with securing the message from any modifications by intruders. When the
contents of a message are changed after the sender sends it, but before it reaches the intended recipient, we say that
the integrity of the message is lost.
All these issues (secrecy,authentication, non-repudiation, and integrity control ) occur in traditional
systems too, but with some significant differences.secrecy and integrity are achieved by signing registered mail and
locking documents up.
People authenticate other people by recognizing their faces, voices, and handwriting. Signatures on
letterhead paper, raised seals, and so on handle proof of signing. Handwriting, paper and ink experts can usually
detect tampering. None of these options are available electronically. Clearly, other solutions are needed.
CRYPTOGRAPHY
Cryptography is the art of achieving security by encoding messages to make them non-readable. In
the early days, cryptography used to be performed by using manual techniques. The basic framework of performing
cryptography has remained more or less the same, of course, with a lot of improvements in the actual
implementation. More importantly, computers now perform these cryptographic functions/algorithms, thus making
the process a lot faster and secure.
Cryptology embraces both cryptography and cryptanalysis.
What is cryptography?
The messages to be encrypted, known as the plaintext,
Are transformed by a function that is parameterized by a key. The output of the encryption process, known as the
cipher text, is then transmitted, often by messenger or radio. We assume that the enemy, or the intruder, hears and
accurately copies down the complete cipher text. However, unlike the intended recipient, he does not know about
what the decryption key is and so cannot decrypt the cipher text easily. Sometimes the intruder can not only listen to
the communication channel (passive intruder ) but can also record messages and play them back later, inject his own
messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers
is called cryptanalysis. The art of devising ciphers (cryptography) and breaking them (cryptanalysis) is collectively
known as cryptology.
It will often be useful to have a notation for relating plaintext, ciphertext and keys. We
will use C=Ek(P) to mean that the encryption of the plaintext P using to get the plaintext again. It then
follows that
Dk(Ek(P))=P
How does cryptography work?
A cryptographic algorithm, or cipher, is a mathematical function used in the
encryption and decryption process. A cryptographic algorithm works in combination
with a key—a word, number, or phrase—to encrypt the plaintext.
The same plaintext encrypts to different ciphertext with different keys. The
security of encrypted data is entirely dependent on two things: the strength
of the cryptographic algorithm and the secrecy of the key.
A cryptographic algorithm, plus all possible keys and all the protocols that
make it work, comprise a cryptosystem. PGP is a cryptosystem.
Caesar’s cipher
An extremely simple example of conventional cryptography is a substitution
cipher. A substitution cipher substitutes one piece of information for another.
For example, if we encode the word “SECRET” using Caesar’s key value of 3,
we offset the alphabet so that the 3rd letter down (D) begins the alphabet.
So starting with
ABCDEFGHIJKLMNOPQRSTUVWXYZ
and sliding everything up by 3, you get
DEFGHIJKLMNOPQRSTUVWXYZABC
where D=A, E=B, F=C, and so on.
Using this scheme, the plaintext, “SECRET” encrypts as “VHFUHW.” To
allow someone else to read the ciphertext, you tell them that the key is 3.
Encryption methods have historically been divided into 2 categories:
• Substitution Ciphers
• Transposition Ciphers
Substitution Ciphers:
In a Substitution Cipher each letter or group of letters is replaced by another letter of
letters to disguise it. For example,
Plaintext: a b c d e f g h I j k l m n o p q r s t u v w x y z
Ciphertext: Q W E R T Y I O P A S D F G H J K L Z X C V B N M
This general system is called a monoalphabetic substitution, with the key being the 26-letter string
corresponding to the full alphabet. For the key above, the plaintext attack would be transformed into
ciphertext QZZQEA.
Transposition Ciphers:
Substitution ciphers preserve the order of the plaintext symbols but disguise them.
Transposition Ciphers in contrast, reorder the letters but do not disguise them. Below fig. Depicts a common
transposition cipher, the columnar transposition.The cipher is keyed by a word or phrase not conaining any
repeated letters. In this egg. MEGABUCK is the key. The purpose of the key is to number the columns,
column 1 being under the key letter closest to the start of the alphabet, and so on. The plain text is written
horizontally in rows. The cipher text is read out by columns, starting with the column whose key letter is the
lowest.
M E G A B U C K
7 4 5 1 2 8 3 5 Plaintext
p l e a s e t r
a n s f e r o n pleasetransformonemilliondollarsto
e m I l l I o n myswissbankaccountsixtwotwo
d o l l a r s t
o m y s w I s s Ciphertext
b a n k a c c o AFLISKSOSELAWAIATOOSSCTCLNMOMANT
u n t s I x t w ESILYNTWRNNTSOWDPAEDOBUOERIRICXB
o t w o a b c d
There have been many known cryptographic algorithms. The crux of any cryptographic
algorithm is the “seed” or the “key” used for encrypting/decrypting the information. Many of the cryptographic
algorithms are available publicly, though some organizations believe in having the algorithm a secret. The general
method is in using a publicly known algorithm while maintaining the key a secret.
CLASSIFICATION OF CRYPTOSYSTEMS :
• Symmetric ( secret key cryptography )
• Asymmetric ( public key cryptography )
In Symmetric Key Cryptosystems, we use the same key for both Encryption as well as the
corresponding decryption. i.e. if K was the key and M was the message, then, we have DK(EK(M)) = M.
Asymmetric or Public key or shared key cryptosystems use two different keys. One is used for
encryption while the other key is used for decryption. The two keys can be used interchangeably. One of the keys is
made public (shared) while the other key is kept a secret. i.e. let k1 and k2 be public and private keys respectively.
Let M be the message, then Dk2(Ek1(M)) = Dk1(Ek2(M)) = M.
In general, symmetric key cryptosystems are preferred over public key systems due to the
following factors:
1. Ease of computation
2. Smaller key length providing the same amount of security as compared to a larger key in Public key
systems.
Hence the common method adopted is to use a public key system to securely transmit a “secret key”. Once we have
securely exchanged the Key, we then use this key for encryption and decryption using a Symmetric Key algorithm.
The best-known example of this is Secure Sockets Layer (SSL), used to protect sensitive
Internet connections between a user’s browser and a server (for example, during an online
banking transaction). SSL is an application that “sits” above the TCP/IP layers and offers one or
two-way authentication between the browser and the server by means of digital
certificates and encryption of the transmitted information. However, it only protects the
communications, not the business or user application.
By this, we mean that cryptographic security is integrated with the business or user
application and is intimately linked to that application. This is the subject of the remainder of
this paper, specifically the advantages and disadvantages vis-à-vis network level security.
Security is not a product nor is it a technology. It is a process and it not only includes policy, procedures, and
training but also contains preventive control measures and healthy dosage of awareness. It includes disaster
recovery and business continuity. Security is an ongoing process with constant revaluation and changes , as
new threats and solutions are released.
BIBLIOGRAPHY
[1] William Stallings “Cryptography and Network Security”, Prentice Hall 2/e, 1999.