Wednesday, June 17, 2015

Lightweight Introduction to Cryptography | Terminology, Security Goals and Cryptographic Attacks

Cryptographically secure pseudorandom number g...
Cryptographically secure pseudorandom number generator (Photo credit: Wikipedia)


Hello Everyone ,

Cryptography is a very important topic in this era of communication so I hope that you will understand the importance of this and will be with me for the rest of tutorials .


A Note to the Readers :-

Since this is the first tutorial of the series so its more theoretical and I will try to make it interesting but before beginning I have to tell you certain points which should be kept in mind as they will help you throughout the rest of the tutorial . The following you should remember :-
  • Read every line carefully and ask yourself what you read .
  • Don't skip any parts and read thoroughly .
  • Always practice if something is given or explained to you .
  • It should be good if you know a little programming or mathematics (Statistics specially) , though I will cover both of them.
  • Any Problem regarding my contents then feel free to ask and give suggestions . I am a student too so I might have less experience than many others . For me everyone's suggestion is like a boon .
  • This is the most important part . Please try to prove me wrong with whatever I have said (I insist as I can learn a new thing from you .)
So now we are good enough to start learning Cryptography ...

Terminology

Cryptology

Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Since the cryptanalysis concepts are highly specialized and complex, we concentrate here only on some of the key mathematical concepts behind cryptography . Cryptology can also be defined as the science of study of, or the use of, methods and procedures for translating and interpreting codes and ciphers; cryptanalysis. Therefore , Cryptology is consists of two parts : a) Cryptography b) Cryptanalysis .

So , in the above definition you came to know about two new terms Cryptography and Cryptanalysis . So what are they , proceed further to know .

Cryptography

Cryptography is a greek word which literally means "secret writing" . Cryptography refers to the art of transforming data and messages to make them secure and immune to attacks .Cryptographycan also be defined as the art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text .

Cryptanalysis

Cryptanalysis (from the Greek kryptós, "hidden", and analýein, "to loosen" or "to untie") is the art and science of analyzing information systems in order to study the hidden aspects of the systems . Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages , even if the cryptographic key is unknown .
 
Some More Terms :-

Cipher :- A mapping algorithm that is applied to a fixed number of characters at a time with an intent of concealing the contents of the message.

Code :- A mapping algorithm that is applied to a variable number of characters (according to linguistic entities) at a time with an intent of concealing the contents of the message.

Commercial Code :- A code used in business primarily to reduce cost by shortening messages. It involves no secrecy. The prime example is the 'Philips' Code.

Crib :- A word or phrase that might be expected in the plaintext that can be a "wedge" or test for decryption. More...

Deciphering :- The procedure of turning enciphered text into plain text with prior knowledge of the algorithms or keys involved. This is what the intended message receiver does.

Decryption :- The science of turning enciphered text into plain text without prior knowledge of the algorithms or keys involved. This is what the interceptor or 'cracker' does.

Digraphs :- A plaintext character pairing technique that prevents frequency analysis of commonly occurring pairs such as 'qu'. Note that trigraphs (three characters at a time) is an extension of the theme.

Homophones :- Several replacement letters for the same letter in plaintext

Key :- A word or phrase that modifies the enciphering/deciphering process in such a way that knowledge of the algorithm alone is insufficient to decipher an enciphered message.

Monoalphabets :- A single mapping of plaintext letters to ciphertext letters.

Nomenclature :- Half code and half cipher, it was a list of word/syllable substitutions and cipher alphabet with homophones.

Nulls :- Meaningless letters used to confuse by modifying frequency distributions or predictability. Sometimes used to fill a message to a specific length.

Plaintext :- The original message to be encoded or enciphered

Polyalphabets :- A method where several mappings of plaintext letters to ciphertext letters occur in a message.

Steganography :- The art of concealing a message's existence. One example would be through the use of photographic microdots.

Substitution :- Enciphering by replacing one letter by another.

Transmission Security :- The art of concealing an electrically transmitted message through burst encoding or spread spectrum methods.

Transposition :- Enciphering by shuffling the order of letters.

Purpose Of Cryptography

Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.

Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric) cryptography, and hash functions, each of which is described below. In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext. Cryptography is used mainly to achieve the Security Goals and protect them from Cryptographic Attacks . (Discussed below about the Security goals .)

Security Goals

Within the context of any application-to-application communication, there are some specific security requirements, including:

Authentication : The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)

Privacy/confidentiality : Keeping information secret from all, but those who are authorized to see it. Confidentially is the protection of transmitted data from passive attacks. With respect to the content of data transmission, several levels of protection can be identified . The aspect of Confidentially is the protection of traffic flow from analysis . This requires that an attacker not be able to observe to source and destination, frequency, length or any other characteristics of the traffic on a communication facility .

Integrity :
Ensuring the information has not been altered by unauthorized or unknown means. One must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution

Non-repudiation : Non-repudiation prevents either sender or receiver from denying a message. Thus, when a message is sent, the receiver can prove that the message was in fact send by the alleged sender. Similarly, when a message is received, the sender can prove the alleged receiver in fact received that message.

Types Of Cryptography Algorithms

There are several ways of classifying cryptographic algorithms. But in general they are classified into three catagories :-
  1. Secret Key Cryptography (SKC)
  2. Public Key Cryptography (PKC)
  3. Hash Functions
Secret Key Cryptography

Symmetric-key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. ex. DES , AES .

[Image: secret-key.png]

Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.

1. Stream ciphers:It operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing.

2. Block cipher :It is so-called because the scheme encrypts one block of data at a time using the same key on each block . In general, the same plaintext block will always encrypt to the same ciphertext when using the same key in a block cipher whereas the same plaintext will encrypt to different ciphertext in a stream cipher .

Public Key Cryptography

Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself . The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.

[Image: Cryptography.jpg]
Public-key cryptography is widely used . It is an approach used by many cryptographic algorithms and cryptosystems . It underpins such Internet standards as Transport Layer Security (TLS), PGP, and GPG . There are three primary kinds of public key systems: public key distribution systems, digital signature systems, and public key cryptosystems, which can perform both public key distribution and digital signature services .

Hash Functions

This technique does not involve any key. Rather it uses a fixed length hash value that is computed on the basis of the plain text message. Hash functions are used to check the integrity of the message to ensure that the message has not be altered,compromised or affected by virus.

[Image: hash-function.png]

So we see that how different types of cryptography techniques (described above) are used to implement the basic principles that we discussed earlier. In the future article of this series, we’ll cover more advanced topics on Cryptography.


Cryptographic Attacks

Cryptographic Attacks can be broadly classified into two types :-

1. Cryptanalytic Attacks
2. Non-Cryptanalytic Attacks


Cryptanalytic Attacks

Cryptanalytic Attacks are a combination of statistical and algebraic techniques aimed at ascertaining the secret key of a cipher . These methods inspect the mathematical properties of the cryptographic algorithms and aims at finding distinguishers of the output distribution of cryptographic algorithms from uniform distributions . The objective of cryptanalysis is to findthe properties of the cipher which does not exists in a random function . That is what we mean by "distinguishers" , and all attacks are fundamentally distinguishers .

Non-Cryptanalytic Attacks

The type of attacks that do not exploit the mathematical weakness of the cryptographic algorithms fall under this section . The threats to Security goals can be from three threats they are as follows :-

1. Threats To Confidentiality .
2. Threats To Integrity .
3. Threats to Availability .

The image below will make it clear .

[Image: secgoals_zps2de577d0.png]


References

1. Wikipedia.
2. Cryptography and Network Security by Behrouz A. Forouzan
3. http://www.garykessler.net/

Thank you and I hope you enjoyed this tutorial. Please share this blog post.

0 comments :

Post a Comment

Follow Me!

Blog Archive

Followers

Visitor Map