Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of mathematical procedures to scramble data so that it is extremely difficult for anyone other than authorized recipients to recover the original message
The formula or algorithm converts the intended data (Credit card number, Social security number etc.) into an encoded message using a key to decode or decipher the message. Plaintext:- The message that is being protected. Key:- A series of electronic signals stored on a PC’s hard disk or transmitted as blips of data over transmission lines.
PKI:- Public Key Infrastructure creates the ability to authenticate users, maintain privacy, ensure data integrity, and process transactions without the risk of repudiation. It satisfies four e-security needs. 1. Authentication 2. Integrity 3. No repudiation- procedure that prevents sender and vendor from credibly denying that they sent or received a specific message, file etc. 4. Privacy
Cryptographic techniques are a means of securely transferring data over Internet applications. It is the science of applying complex mathematics to increase the security of electronic transactions. Basic encryption relies on two components: an algorithm and a key. Encrypting information is simple: A computer program is used that has an encryption algorithm
For encryption to work, both sender and receiver have to know the rules used to transform the original message or transaction into its coded form. A set of rules for encoding and decoding messages is called a cipher. The encoded message is called a ciphertext. A message can be decrypted only if the decryption key matches the encryption key.
3 cryptographic algorithms: Message-digest algorithms Map variable-length plaintext to fixed-length ciphertext. Secret-key algorithms Use one single key to encrypt and decrypt. Public-key algorithms Use 2 different keys – public key and private key.
It is a variable value that is used by cryptographic algorithms to produce encrypted text, or decrypt encrypted text. The length of the key reflects the difficulty to decrypt from the encrypted message. EncryptionDecryption Plaintext Ciphertext Key
It is the number of bits (bytes) in the key. A 2-bit key has four values 00, 01, 10, 11 in its key space A key of length “ n ” has a key space of 2^n distinct values. E.g. the key is 128 bits … There are 2^128 combinations
CSC1720 – Introduction to Internet 10 Encrypted Text Original Text + Secret key = Encrypted Text Original TextSecret key + = Encryption Decryption
Use a secret key to encrypt a message into ciphertext. Use the same key to decrypt the ciphertext to the original message. Also called “ Symmetric cryptography ”. 11 EncryptionDecryption Plaintext Ciphertext Secret Key
All keys need to be replaced, if one key is compromised. Not practical for the Internet environment. On the other hand, the encryption speed is fast. Suitable to encrypt your personal data. CSC1720 – Introduction to Internet 12
Involves 2 distinct keys – public, private. The private key is kept secret and never be divulged, and it is password protected (Passphase). The public key is not secret and can be freely distributed, shared with anyone. It is also called “ asymmetric cryptography ”. Two keys are mathematically related, it is infeasible to derive the private key from the public key. 100 to 1000 times slower than secret-key algorithms. EncryptionDecryption Plaintext Ciphertext Public KeyPrivate Key
First, create public and private key Public key Private key Private key stored in your personal computer Public Key Directory Public Key Public key stored in the directory
15 Public Key Directory Text User A User B ’ s Public Key Encryption Encrypted Text
User A Encrypted Text Encrypted Text Insecure Channel User B
Encrypted Text User B ’ s Private key Private key stored in your personal computer Decryption Original Text User B
It maps a variable-length input message to a fixed-length output digest. It is not feasible to determine the original message based on its digest. It is impossible to find an arbitrary message that has a desired digest. It is infeasible to find two messages that have the same digest.
A hash function is a math equation that create a message digest from message. A message digest is used to create a unique digital signature from a particular document. Hash Function Original Message (Document, ) Digest
1. RSA Algorithm:- RSA is the most commonly used public –key algorithm, although it is vulnerable to attack. Named after its inventors, Ron Rivest, Adi Shamir and Len Adleman of the Massachusetts Institute of Technology (MIT). RSA was first published in It is used for encryption as well as for electronic signatures
2. Data Encryption Standards (DES):- DES was developed by IBM in 1974 in response to a public solicitation form the U.S. Department of Commerce. It was adopted as a U.S. federal standard in 1977 and as a financial industry standard in DES is the first symmetric system to be widely adopted commercially. Any change to a message encrypted with DES turns the message into a mess of unintelligible characters. As a block cipher with 64 bit size, DES uses a 56-bit key to encrypt a 64- bit plaintext block into a 64-bit ciphertext.
3. 3DES:- A stronger version of DES, called Triple DES(3DES), uses three 56-bit keys to encrypt each block. The first key encrypts the data block, the second key decrypts the data block, and the third key encrypts the same data block again. The 3DES version requires a 168-bit key that makes the process quite secure and much safer than plain DES.
4. RC4 :- RC4 was designed by Ron Rivest Data Securtiy Inc. This variable length cipher is widely used on the Internet as the bulk encryption cipher in the Secure Sockets Layer (SSL) protocol, with key length ranging from 40 to 128 bits. RC4 has a reputation of being fast, although its security is unknown. 5. International Data Encryption Algorithm (IDEA):- IDEA was created in Switzerland in It offers strong encryption using a 128-bit key to encrypt 64-bit blocks.
Cryptoanalysis:- It is the science of deciphering encrypted messages without knowing the right key. 1. Chosen-plaintext attack:- The attacker uses an unknown key to encrypt any text or document. The challenge is to find the key that is known only to the attacker. 2. Known-plaintext attack:- The attacker knows the plaintext for part(s) of the ciphertext. He or she uses this information to decrypt the rest of the ciphertext.
3. Ciphertext-only attack:- The attacker has no idea what the message contains and works primarily from ciphertext, making guesses about the plaintext. Some ciphertext data might contain a common word as a starter. Certain documents begin in a predictable way that often gives away the contents.
4. Third-party attack:- An adversary breaks into the communication line between two parties (e.g. buyer and vendor). He or she uses a separate key with each party. Each party uses a different key that is easily known to the adversary. The adversary, in turn, decrypts the transmitted documents with the right key and encrypts it with the other key before it is sent to the recipient. Neither party has any idea that their communication system has been intercepted.