25-04-2011, 03:59 PM
ABSTRACT of Cryptography& information security.doc (Size: 1.08 MB / Downloads: 139)
Abstract
Cryptology is the study of both cryptography and cryptanalysis. Cryptology is sometimes mistaken as Cryptography or cryptanalysis. Cryptanalysis is the process of recovering the original text from encrypted text without the knowledge of the key. Cryptanalysis is the reverse of cryptography. The attempts made by a cryptanalyst to unhide the plaintext depend upon the level of information available to him. Cryptography is part of Cryptology in which encryption and decryption of original plaintext is done to make sure that the information is hidden and only intended recipients can read it. Conversion of plaintext to cipher text is called Encryption. Unhiding the information from cipher text to plaintext is called Decryption.
People want and need privacy and security while communicating. In the past, Cryptography is heavily used for “military applications” to keep sensitive information secret from enemies (adversaries). Julius Caesar used a simple shift cipher to communicate with his generals in the battlefield. Now a days, with the technologic progress as our dependency on electronic systems has increased we need more sophisticated techniques. Cryptography provides most of the methods and techniques for a secure communication.
Security mainly specifies that how a particular “information” is protected. i.e., protection. Security makes the information to in access it by the third party. Any action that comprises the security of information wont by any organization. It mainly constitutes security attacks (Interruption, Interception, Modification, Fabrication).
Mainly Security Service is a service that is used to enhance the security of a data processing system and the information flow within an Organization. They are meant to tackle security attacks by employing one or more Security Mechanisms. The Security Services will be like Confidentiality, Authentication, Nonrepudiation, Integrity, Availability, Access Control.
Importantly, The Security Mechanisms in X.800 are categorized into 2 types. They are as follows,
1, The Mechanisms that are executed in a particular protocol layer.
2, The Mechanisms that are not specific to any protocol layer.
According to the above mentioned points 1 and 2, Under 1, Encipherment, Digital Signature, Access Control, Data Integrity, Authentication Exchange, Traffic Padding, Routing Control, Notarization will be valid. Under 2, Trusted Functionality, Security Label, Event Detection, Security Audit Trail, Security Recovery will be valid.
1. INTRODUCTION
Cryptology is the study of both cryptography and cryptanalysis. Cryptology is sometimes mistaken as Cryptography or cryptanalysis. Cryptanalysis is the process of recovering the original text from encrypted text without the knowledge of the key. Cryptanalysis is the reverse of cryptography. The attempts made by a cryptanalyst to unhide the plaintext depend upon the level of information available to him. Cryptography is part of Cryptology in which encryption and decryption of original plaintext is done to make sure that the information is hidden and only intended recipients can read it. Conversion of plaintext to cipher text is called Encryption. Unhiding the information from cipher text to plaintext is called Decryption.
Security mainly specifies that how a particular “information” is protected. i.e., protection. Security makes the information to in access it by the third party. Any action that comprises the security of information wont by any organization. It mainly constitutes security attacks (Interruption, Interception, Modification, Fabrication).
2.SECURITY APPLICATIONS
Security makes the information to in access it by the third party. It contains 4 basic structures, namely
1. Security Attacks
2. Security Services
3. Security Mechanisms
4. A model for network security
SECURITY ATTACKS:
Any action that comprises the security of information wont by an organization
The 4 general categories of attacks are namely,
Interruption: This is an attack on availability in which the resources of a computer system are damaged or becomes unavailable.
Interception: It affects the confidentiality of information in which an unauthorized person or program gets the access or control to some system resource.
Modification: It is an attack against the integrity of the Information. i.e., modifying the values in a data file.
Fabrication: This is an attack on the authenticity of a message in which an unauthorized party adds fake objects into the system.
SECURITY SERVICES:
• X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
• RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
àX.800 defines it in 5 major categories
Authentication - assurance that the communicating entity is the one claimed
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality –protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in communication.
SECURITY MECHANISMS:
The security mechanisms in x.800 are categorized into 2 types,namely
Specific security mechanisms: The Mechanisms that are executed in a particular protocol layer. It includes,
1. Encipherment
2. Digital Signatures
3. Access Controls
4. Data Integrity
5. Authentication Exchange
6. Traffic Padding
7. Routing Control
8. Notarization
Pervasive Mechanisms: The Mechanisms that are not specific to any protocol layer. It includes,
1. Trusted functionality
2. Security Labels
3. Event Detection
4. Security Audit Trails
5. Security Recovery
A MODEL FOR NETWORK SECURITY:
Usually, data which is in the form of a stream or a block, can be transmitted over network between the 2 communication parties. The entity which is responsible for transmitting the data is called sender and the entity which receives the data(from sender) is called receiver. Both the parties must have some sort of coordination between them in order to exchange the data. If sender and receiver are linked through some connection oriented protocol like TCP/IP for transmitting the data. During the process of data transmission, some unauthorized interruption from intruders occur which can be avoided by providing some form of security to the transmitting data.
3. TERMINOLOGY RELATED TO CRYPTOGRAPHY
Cryptology: All-inclusive term used for the study of secure communication over non-secure channels and related problems.
Cryptography: The process of designing systems to realize secure communications over non-secure channels.
Cryptanalysis: The discipline of breaking the cryptographic systems.
Coding Theory: Deals with representing the information using codes. It covers: compression, secrecy, and error-correction. Recently, it is predominantly associated with error-correcting codes which ensures the correct transmissions over noisy-channels.
Cryptography: process of making and using codes to secure transmission of information
Encryption: converting original message into a form unreadable by unauthorized individuals. i.e., converting a given particular plain text into cipher text.
Decryption: Converting the obtained cipher text into original message. i.e., Plain Text.