1
Page
A SYNOPSIS ON
ENCRYPTION USING RSA ALGORITHM
Bachelor in Computer Applications
August,2014
Page
ABSTRACT
In the modern world where all essential communication worldwide takes place
on computers, secure data transmissions has become a prime concern. While
security has various forms and applications, one such indispensable method is
Cryptography.
This project deals with Encryption using RSA algorithm which is an instance of
the branch of study called Cryptography.
Cryptography in computer terminology is a method to enable security in
everyday transactions and can be implemented using several algorithms, of
which RSA is one of the first practicable public key cryptology algorithm.
This project hence aims to discuss the purpose of Encryption and Decryption,
briefly deal with some popular cryptographic methodologies and then, delve
into detail about the RSA algorithm and use RSA for encryption to enable
enhanced security during public communications. We shall also try to scrutinize
the limitations of this algorithm as well as establish future scope for the same.
Page
TABLE OF CONTENTS
Objective Of The Project
pg
Theoretical Background
pg
Brief Description Of The Project
pg
Types Of Cryptography
pg
How To Implement Cryptography
pg
Algorithm
pg
10
Hardware And Software Reqirements
pg
12
Encryption with RSA
pg
13
Data Flow Diagram
pg
14
Conclusion
pg
16
References
pg
18
4
Page
OBJECTIVE OF THE PROJECT
The objective of this project is to secure computerized transactions and reduce
security threats with the employment of RSA algorithm.
In other words, this project has the following objectives:
Define Cryptography and its related terms
Discuss the purpose of Encryption and Decryption
Present the following
o
o
o
o
Why we need Cryptography
Advantages of Encryption
How can we implement it with the help of Algorithms
Several popular algorithms to implement Encryption
Define and discuss the RSA Algorithm for Encryption
Explore the limitations and future scope of Cryptography in terms of the
RSA algorithm.
Page
THEORETICAL BACKGROUND
Cryptography is both an ancient art as well as science: of writing in secret code.
The first documented use of cryptography in written form can be traced back to
the 1900BC era when an Egyptian used non-standard hieroglyphs in an
inscription. Some experts argue that cryptography appeared immediately after
writing was invented, with applications ranging from informal conversations
between long distance family members to formal transmissions such as war
time strategies.
It is predictable, then, that new forms of cryptography have cropped up after
the widespread development of computer communications. In data and
telecommunications, cryptography is necessary when communicating over any
untrusted medium, which includes just about any network, particularly the
Internet. Modern cryptography therefore deals with constructing and
analysing protocols that overcome the influence of adversaries.
Page
BRIEF DESCRIPTION OF THE PROJECT
Q : What is cryptography?
Ans:Cryptography is the practice and study of hiding information.
Q : What is encryption?
Ans:Encryption is using an algorithm to change readable information into
information that is not readable. If a recipient wants to read an encrypted
message the recipient has to have a decryption algorithm to change the
encrypted information back to readable information.
Q : What is an algorithm?
Ans:An algorithm is an ordered sequence of unambiguous and well-defined
instructions that perform a task.
What is a cipher? A cipher is a key for performing encryption and decryption.
Q : What is a key?
Ans:In order to use a cipher you have to know the key. For encrypted
information to remain hidden, the key must be known to the recipient and
sender and to no one else. A symmetric key algorithm is used for both
encryption and decryption. An asymmetric key algorithm is when the sender
uses one key to encrypt messages and the recipient uses a different key to
decrypt those messages. When using an asymmetric key algorithm, each user
has a pair of cryptographic keys; a public key and a private key. One or more
people can encrypt messages using the public key. Security depends on the
secrecy of the private key. Therefore the private key is normally kept secret by
only one person, the recipient who decrypts received messages.
Q: What makes prime numbers so important in cryptography?
Ans: Prime numbers are helpful in cryptography because it is MUCH easier to
calculate the product (multiplication) of two prime numbers than to do the
reverse process (find the prime factors of a big number). The bigger the prime
numbers are, the higher the difference in time between calculating the product,
or factorizing this product back into the two prime numbers. When person A
wants to tell B a secret, they could agree on two great prime numbers (in a
secret way) and later use the product to communicate. A and B could easily
calculate the other's factor because they know their own factor. Anyone else
would have to try to factorize the huge prime number without any knowledge
which would take, ideally, longer than 4.6 billion years (the age of the Earth)
Page
TYPES OF CRYTOGRAPHY
1. Symmetric-key cryptography:
Symmetric-key cryptography, where a single key is used for encryption and
decryption
Symmetric-key cryptography refers to encryption methods in which both the
sender and receiver share the same key (or, less commonly, in which their keys
are different, but related in an easily computable way). This was the only kind
of encryption publicly known until June 1976.
One round (out of 8.5) of thepatented IDEA cipher, used in some versions
of PGP for high-speed encryption of, for instance, e-mail
Symmetric key ciphers are implemented as either block ciphers or stream
ciphers. A block cipher enciphers input in blocks of plaintext as opposed to
individual characters, the input form used by a stream cipher.
8
Page
2. Public-key cryptography:
Public-key cryptography, where different keys are used for encryption and
decryption
In a groundbreaking 1976 paper, Whitfield Diffie and Martin Hellman proposed
the notion of public-key (also, more generally, called asymmetric key)
cryptography in which two different but mathematically related keys are used
a public key and a private key. A public key system is so constructed that
calculation of one key (the private key) is computationally infeasible from the
other (the public key), even though they are necessarily related. Instead, both
keys are generated secretly, as an interrelated pair.The historian David Kahn
described public-key cryptography as the most revolutionary new concept in
the field since polyalphabetic substitution emerged in the Renaissance.
In public-key cryptosystems, the public key may be freely distributed, while its
paired private key must remain secret. In a public-key encryption system,
the public key is used for encryption, while the private or secret key is used for
decryption. While Diffie and Hellman could not find such a system, they
showed that public-key cryptography was indeed possible by presenting
the DiffieHellman key exchange protocol, a solution that is now widely used in
secure communications to allow two parties to secretly agree on a shared
encryption key.
Diffie and Hellmans publication sparked widespread academic efforts in
finding a practical public-key encryption system. This race was finally won in
Page
1978 by Ronald Rivest, Adi Shamir, and Len Adleman, whose solution has
since become known as the RSA algorithm.The DiffieHellman and RSA
algorithms, in addition to being the first publicly known examples of high
quality public-key algorithms, have been among the most widely used. Others
include the CramerShoup cryptosystem, ElGamal encryption, and
various elliptic curve techniques.
HOW TO IMPLEMENT CYPTOGRAPHY
Page
10
ALGORITHM
We will use the following scenario to demonstrate examples of how C++ can be
used in cryptography to change readable information into information that is not
readable:
One of your clients has been having problems controlling access to their
research and development facility. Their associates use a plastic card the size of
a credit card to gain entrance to the facility by swiping the card through a door
card reader. Each card has a magnetic strip containing a four digit number.
Occasionally the associate cards are lost or stolen. Your client is concerned that
these lost or stolen cards could be used by competitors to gain access to the
facility and steal trade secrets. You have been asked to encrypt the four digit
numbers in a manner that will permit electronic reissuance of the four digits.
Your client is confident, that with the right software, his door card readers can
both read the four digits from the card and write new digits to the card as the
card is read. An alarm would sound, and security guards would intervene when
the card reader did not read the correct updated four digits.
After careful thought you have decided to use the following six step symmetric
key algorithm:
Step 1. Read in a four digit number.
Step 2. Perform a random number selection of addition, subtraction,
multiplication, or division on each of the four digits. For example, add 7 to each
digit of the four digit number.
Step 3. Perform a random number selection of addition, subtraction,
multiplication, or division on each of the four digits. For example, divide each
digit of the four digit number by 9.
Step 4. Perform a random number swap. For example, swap the first digit of the
four digit number with the third digit.
Page
11
Step 5. Perform a random number swap. For example, swap the second digit of
the four digit number with the fourth digit.
Step 6. Round up each of the four digits.
You have decided to use the elements of an array and a vector to create an audit
trail of each step of the encryption. You will use these audit trails to create the
symmetric key algorithm for decryption.
RSA algorithm is a block cipher technique in which plain text and cipher text
are integers between 0 and n-1 from some n. In RSA algorithm encryption
and decryption are of following form, for some plain text M and cipher text C:
C = M^e mod n
M = C^d mod n
Both sender and receiver must know the value of n. The sender knows the
value of e and only receiver knows the value of d. Thus, this is a public-key
encryption algorithm with a public key of KU={e, n} and private key of
KR={d, n}. For the algorithm to be satisfactory for public-key encryption, the
following requirement must be met
1.
It is possible to find values of e, d, n such that M^ed = M mod n for all
M<n.
2.
It is relatively easy to calculate M^e and C^d for all values of M<n.
3.
It is infeasible to determine d given e and n.
12
Page
HARDWARE AND SOFTWARE REQUIREMENTS
HARDWARE:
Processor
Pentium II or higher
Processor Speed
500 MHZ
Hard Disk Space
20 GB (min)
RAM Memory
32 MB (64 MB recommended)
SOFTWARE:
Operating System
Windows XP/ 7/8
Database Server
ORACLE 9.1
Front End
Turbo C++
Page
13
Examples of Applied Cryptography:
Phone cards, cell phones, remote controls
Cash machines, money transfer between banks
Electronic cash, online banking, secure email
Satellite TV, pay-per-view TV
Immobilizer systems in cars
Digital Rights Management (DRM)
Cryptography is no longer limited to agents, diplomats, and the military.
Cryptography is a modern, mathematically characterized science.
The breakthrough of cryptography followed the broadening usage
of the Internet
For companies and governments it is important that systems are secure and
that users (i.e., clients and employees)are aware of and understand IT security!
14
Page
Encryption with RSA
Basis of the SSL protocol (access to protected websites), among others
Asymmetric encryption using RSA
Every user has a key pair one public and one private key.
Sender encrypts with public key of the recipient.
Recipient decrypts with his or her private key.
Usually implemented in combination with symmetric methods (hybrid
encryption): the
symmetric key is transmitted using RSA asymmetric
encryption/decryption
Encryption using RSA Mathematical background / algorithm
Public key: (n, e) [the modulus N is often capitalized]
Private key: (d) where p, q are large, randomly chosen prime numbers with n
= p*q;d is
calculated under the constraints gcd[(n),e] = 1; e*d 1 mod
(n).
Encryption and decryption operation: (me) d m mod n
n is the modulus (its length in bits is referred to as the key length of RSA).
gcd = greatest common divisor.
(n) is Eulers totient function.
Procedure:
Transform the message into its binary representation
Encrypt message blockwise such that m = m1,,mk where for all mj : 0
mj < n; The maximum block size r should be chosen such that 2r n (and 2r-1
< n)
15
Page
DATA FLOW DIAGRAM
Page
16
CONCLUSION
The benefits of cryptography are well recognized. Encryption can protect
communications and stored information from unauthorized access and
disclosure. Other cryptographic techniques, including methods of authentication
and digital signatures, can protect against spoofing and message forgeries.
Practically everyone agrees that cryptography is an essential information
security tool, and that it should be readily available to users. I take this as a
starting assumption and, in this respect, have no disagreement with the crypto
anarchists.
Less recognized are cryptographys limitations. Encryption is often oversold as
the solution to all security problems or to threats that it does not address. For
example, the headline of Jim Warrens op-ed piece in the San Jose Mercury
News reads Encryption could stop computer crackers [2]. Unfortunately,
encryption offers no such aegis. Encryption does nothing to protect against
many common methods of attack including those that exploit bad default
settings or vulnerabilities in network protocols or software even encryption
software. In general, methods other than encryption are needed to keep out
intruders. Secure Computing Corporations Sidewinder[TM] system defuses the
forty-two bombs (security vulnerabilities) in Cheswick and Bellovins book,
Firewalls and Network Security (Addison Wesley, 1994), without making use of
any encryption [3].
Moreover, the protection provided by encryption can be illusory. If the system
where the encryption is performed can be penetrated, then the intruder may be
able to access plaintext directly from stored files or the contents of memory or
modify network protocols, application software, or encryption programs in
order to get access to keys or plaintext data or to subvert the encryption process.
For example, PGP (Pretty Good Privacy) could be replaced with a Trojan horse
that appears to behave like PGP but creates a secret file of the users keys for
later transmission to the programs owner much like a Trojan horse login
program collects passwords. A recent penetration study of 8932 computers by
the Defense Information Systems Agency showed 88% of the computers could
be successfully attacked. Using PGP to encrypt data transmitted from or stored
on the average system could be like putting the strongest possible lock on the
back door of a building while leaving the front door wide open. Information
security requires much more than just encryption authentication, configuration
Page
17
management, good design, access controls, firewalls, auditing, security
practices, and security awareness training are a few of the other techniques
needed.
The drawbacks of cryptography are frequently overlooked as well. The
widespread availability of unbreakable encryption coupled with anonymous
services could lead to a situation where practically all communications are
immune from lawful interception (wiretaps) and documents from lawful search
and seizure, and where all electronic transactions are beyond the reach of any
government regulation or oversight. The consequences of this to public safety
and social and economic stability could be devastating. With the government
essentially locked out, computers and telecommunications systems would
become safe havens for criminal activity. Even May himself acknowledges that
crypto anarchy provides a means for tax evasion, money laundering, espionage
(with digital dead drops), contract killings, and implementation of data havens
for storing and marketing illegal or controversial material. Encryption also
threatens national security by interfering with foreign intelligence operations.
The United States, along with many other countries, imposes export controls on
encryption technology to lessen this threat.
Cryptography poses a threat to organizations and individuals too. With
encryption, an employee of a company can sell proprietary electronic
information to a competitor without the need to photocopy and handle physical
documents. Electronic information can be bought and sold on black networks
such as Black-Net [1] with complete secrecy and anonymity a safe harbor for
engaging in both corporate and government espionage. The keys that unlock a
corporations files may be lost, corrupted, or held hostage for ransom, thus
rendering valuable information inaccessible.
When considering the threats posed by cryptography, it is important to
recognize that only the use of encryption for confidentiality, including
anonymity, presents a problem. The use of cryptography for data integrity and
authentication, including digital signatures, is not a threat. Indeed, by
strengthening the integrity of evidence and binding it to its source,
cryptographic tools for authentication are a forensic aid to criminal
investigations. They also help enforce accountability. Because different
cryptographic methods can be employed for confidentiality and authentication,
any safeguards that might be placed on encryption to counter the threats need
Page
18
not affect authentication mechanisms or system protocols that rely on
authentication to protect against system intrusions, forgeries, and substitution of
malicious code.
BOOKS REFERRED TO:
Page
19
REFERENCES
Cryptography and Network Security by Atul Kahate
Cryptography and Network Security by Farouzan
WEBSITES REFERRED TO:
www.wikipedia.com
www.studentpulse.com
msdn.microsoft.com