Cryptography

Objectives Of Cryptography

Cryptography has four main objectives:

  • Confidentiality of the message: only the authorized recipient should be able to extract the content of the cypher. In addition, obtaining information about the content of the message (such as a statistical distribution of certain characters) should not be possible, once the cryptographic analysis becomes easier.

  • Message integrity: the recipient must be able to determine if the message was altered during transmission.

  • Authentication of the sender: the recipient should be able to identify the sender and verify if it was him who sent the message.

  • Irrevocability of the sender: it should not be possible to deny the authorship of the message.

Not all systems or cryptographic algorithms are used to achieve all the objectives described above. Usually, there are specific algorithms for each of these functions. Even in well-designed, well-implemented and properly used cryptographic systems, some of the objectives above are not practical (or even desirable) in some circumstances. For example, the sender of a message may want to remain anonymous or the system can be meant for an environment with limited computational resources.

Types Of Attacks

  • Passive Attacks

A passive attack on a cryptosystem is one in which the cryptanalyst cannot interact with any of the parties involved, attempting to break the system solely based upon observed data (i.e. the ciphertext). This can also include known plaintext attacks where both the plaintext and its corresponding ciphertext are known.

While most classical ciphers are vulnerable to this form of attack, most modern ciphers are designed to prevent this type of attack above all others.

  • Active Attacks

Assume that two computers or any communicating devices are connected and they are transferring data with each other. In Active Attack, the attacker, not just only observes data but he has direct access to it. The attacker can read and update the data without the information of any of the users. In Active Attack, the attacker tries to induce noise in the data transmission. He tries to put error bits in the transmission. The attacker tries to alter or modify the data. In other words, the data that is transmitted is modified by a third client illegally is called Active Attack.

  1. Masquerade

Assume that A and B are connected and they are transferring data to each other. A and B are genuine users. In the Masquerade attack, the attacker used the identity of the authentic users and he breaks into the communication and behaves like the authentic user and grabs all the data.

  1. Relay

Assume that A and B are connected and they are transferring data to each other. A is sending some message to B. The message is on its way but in between the attacker captures the message and now not only he can read the message but he can update and modify it too. He can create error bits in the message. Error bits are the bits that don’t belong to the original message.

  1. Denial Of Service Attack

In this attack, the attacker sends a lot of requests to the server to increase the traffic. If the server has a lot of requests then it will take a lot of time to respond to the genuine requests which are made by the authentic users. In this way, by increasing the traffic on the server, he can slow down the server. In this way, the authentic users will not get a response from the server. In this way, their service is denied.

Cryptosystems

  • Encryption Schemes

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption techniques were often utilized in military messaging. Since then, new techniques have emerged and become commonplace in all areas of modern computing. Modern encryption schemes utilize the concepts of public-key and symmetric-key. Modern encryption techniques ensure security because modern computers are inefficient at cracking the encryption.

  • Symmetric Encryption Scheme

Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption (also known as asymmetric key encryption).

  • Asymmetric Encryption (Public Key Cryptography)

Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.

In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key. This allows, for instance, a server to generate a cryptographic key intended for symmetric-key cryptography, then use a client's openly-shared public key to encrypt that newly-generated symmetric key. Now, the server can send this encrypted symmetric key on insecure channels to the client, and only the client can decrypt it using the client's private key pair to the public key used by the server to encrypt this message. With the client and server both having the same symmetric key now, they can safely transition to symmetric key encryption to securely communicate back and forth on otherwise-insecure channels. This has the advantage of not having to manually pre-share symmetric keys, while also gaining the higher data throughput advantage of symmetric-key cryptography over asymmetric key cryptography.

  • Public Key Infrastructure

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision.

Hashing

Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms.

Hashing is the process of converting a given key into another value. A hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or simply, a hash.

Cryptographic Protocols

  • Secure Socket Layer (SSL)

A Secured Socket Layer, or SSL, is the usual way that a website creates a secure connection with a web browser. Whenever a web surfer visits a secure site that uses SSL technology, it creates an encrypted link between their browser session and the web server. SSL is the industry standard for secure web communication and is used to protect millions of online transactions each day.

  • Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

PGP and similar software follow the OpenPGP, an open standard of PGP encryption software, standard (RFC 4880) for encrypting and decrypting data.