29-12-2012, 06:41 PM
CRYPTOGRAPHY & SECURITY A SEMINAR REPORT
1CRYPTOGRAPHY.pdf (Size: 610.75 KB / Downloads: 118)
ABSTRACT
Electronic computers have evolved from exiguous experimental enterprises in
the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on
these systems to process and store data, we have also come to wonder about their ability to
protect valuable data.
Data security is the science and study of methods of protecting data in
computer and communication systems from unauthorized disclosure and modification. The goal
of this seminar is to introduce the mathematical principles of data security and to show how these
principles apply to ATM,Smart cards,e-commerce and other purposes.
Data security has evolved rapidly since 1975. Exciting developments in
cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES),
key safeguarding schemes, and key distribution protocols. We have developed techniques for
verifying that programs do not leak confidential data, or transmit classified data to users with
lower security clearances. We have come to a better understanding of the theoretical and
practical limitations to security.
INTRODUCTION
Cryptography, art and science of preparing coded or protected communications
intended to be intelligible only to the person possessing a key. Cryptography (Greek kryptos,
“secret”; graphos, “writing”) refers both to the process or skill of communicating in or
deciphering secret writings (codes, or ciphers) and to the use of codes to convert computerized
data so that only a specific recipient will be able to read it using a key (see Encryption).
Cryptographers call an original communication the cleartext or plaintext. Once the original
communication has been scrambled or enciphered, the result is known as the ciphertext or
cryptogram. The enciphering process usually involves an algorithm and a key. An encryption
algorithm is a particular method of scrambling—a computer program or a written set of
instructions. The key specifies the actual scrambling process. The original communication may
be a written or broadcast message or a set of digital data.
In its broadest sense, cryptography includes the use of concealed messages, ciphers,
and codes. Concealed messages, such as those hidden in otherwise innocent text and those
written in invisible ink, depend for their success on being unsuspected. Once they are discovered,
they frequently are easy to decipher. Codes, in which predetermined words, numbers, or symbols
represent words and phrases, are usually impossible to read without the key codebook.
Cryptography also includes the use of computerized encryption to protect transmissions of data
and messages.
Today most communication leaves some kind of recorded trail. For example,
communications over telephone lines, including faxes and e-mail messages, produce a record of
the telephone number called and the time it was called. Financial transactions, medical histories,
choices of rental movies, and even food choices may be tracked by credit card receipts or
insurance records. Every time a person uses the telephone or a credit card, the telephone
company or financial institution keeps a record of the number called or the transaction amount,
location, and date. In the future, as telephone networks become digital, even the actual
conversations may be recorded and stored. All of this amounts to a great privacy. The ability to
encrypt data, communications, and other information gives individuals the power to restore
personal privacy.
TYPES OF CRYPTOGRAPHY
There are many types of cryptography, including codes, steganography (hidden or
secret writing), and ciphers. Codes rely on codebooks. Steganography relies on different ways to
hide or disguise writing. Ciphers include both computer-generated ciphers and those created by
encryption methods. The different types of ciphers depend on alphabetical, numerical, computerbased,
or other scrambling methods.
Codes and Codebooks
A well-constructed code can represent phrases and entire sentences with symbols,
such as five-letter groups, and is often used more for economy than for secrecy. A properly
constructed code can give a high degree of security, but the difficulty of printing and distributing
codebooks—books of known codes—under conditions of absolute secrecy limits their use to
places in which the books can be effectively guarded. In addition, the more a codebook is used,
the less secure it becomes.
Imagine a codebook with two columns. In the first column is a list of all the words
that a military commander could possibly need to use to communicate. For example, it contains
all the possible geographic areas in a region, all possible times, and all military terms. In the
other column is a list of plain words. To create a coded message, the encoder writes down the
actual message. He then substitutes words in the codebook by finding matches in the second
column for the words in the message and using the new words instead. For example, suppose the
message is Attack the hill at dawn and the codebook contains the following word pairs: attack =
bear, the = juice, hill = orange, at = calendar, and dawn = open. The encoded message would
read Bear juice orange calendar open.
Ciphers
Ease of use makes ciphers popular. There are two general types of ciphers.
Substitution ciphers require a cipher alphabet to replace plaintext with other letters or symbols.
Transposition ciphers use the shuffling of letters in a word to make the word incomprehensible.
Ciphers are the secret codes used to encrypt plaintext messages. Ciphers of various
types have been devised, but all of them are either substitution or transposition ciphers.
Computer ciphers are ciphers that are used for digital messages. Computer ciphers differ from
ordinary substitution and transposition ciphers in that a computer application performs the
encryption of data. The term cryptography is sometimes restricted to the use of ciphers or to
methods involving the substitution of other letters or symbols for the original letters of a
message.
Computer Ciphers & Encryption
Government agencies, banks, and many corporations now routinely send a great deal
of confidential information from one computer to another. Such data are usually transmitted via
telephone lines or other nonprivate channels, such as the Internet. Continuing development of
secure computer systems and networks will ensure that confidential information can be securely
transferred across computer networks.
In 1978 three American computer scientists, Ronald L. Rivest, Adi Shamir, and
Leonard Adleman, who later founded the company RSA Data Security, created the Rivest-
Shamir-Adleman (RSA) system. The RSA system uses two large prime numbers, p and q,
multiplied to form a composite, n.
Cryptanalysis
Cryptanalysis is the art of analyzing ciphertext to extract the plaintext or the key. In
other words, cryptanalysis is the opposite of cryptography. It is the breaking of ciphers.
Understanding the process of code breaking is very important when designing any encryption
system. The science of cryptography has kept up with the technological explosion of the last half
of the 20th century. Current systems require very powerful computer systems to encrypt and
decrypt data. While cryptanalysis has improved as well, some systems may exist that are
unbreakable by today’s standards.
Today’s cryptanalysis is measured by the number and speed of computers available
to the code breaker. Some cryptographers believe that the National Security Agency (NSA) of
the United States has enormous, extremely powerful computers that are entirely devoted to
cryptanalysis.
The substitution ciphers described above are easy to break. Before computers were
available, expert cryptanalysts would look at ciphertext and make guesses as to which letters
were substituted for which other letters. Early cryptanalysis techniques included computing the
frequency with which letters occur in the language that is being intercepted. For example, in the
English language, the letters e, s, t, a, m, and n occur much more frequently than do q, z, x, y, and
w. So, cryptanalysts look at the ciphertext for the most frequently occurring letters and assign
them as candidates to be e, s, t, a, m, and n. Cryptanalysts also know that certain combinations of
letters are more common in the English language than others are. For example, q and u occur
together, and so do t and h. The frequency and combinations of letters help cryptanalysts build a
table of possible solution letters. The more ciphertext that is available, the better the chances of
breaking the code.
DIGITAL SIGNATURES
A major benefit of public key cryptography is that it provides a method for employing
digital signatures. Digital signatures enable the recipient of information to verify the authenticity
of the information’s origin, and also verify that the information is intact. Thus, public key digital
signatures provide authentication and data integrity. A digital signature also provides
nonrepudiation, which means that it prevents the sender from claiming that he or she did not
actually send the information. These features are every bit as fundamental to cryptography as
privacy, if not more.A digital signature serves the same purpose as a handwritten
signature.However, a handwritten signature is easy to counterfeit. A digital signature is superior
to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the
contents of the information as well as to the identity of the signer.Some people tend to use
signatures more than they use encryption. For example, you may not care if anyone knows that
you just deposited $1000 in your account, but you do want to be darn sure it was the bank teller
you were dealing with.