Dr NGP INSTITUTE OF TECHNOLOGY

A Technical Paper on
OVERVIEW OF CRYPTOGRAPHY AND ITS APPLICATION

Paper Presented by:

NARMATHA.K (08ECE055)
SINDUJA.A (08ECE095)

CONTACT NO:

ABSTRACT
As required in the advance module and mechanism that make it up of hiding information from
authorized individuals, most algorithms can be broken and the information can be revealed if
the attacker has enough time, desire and resource. So a more realistic goal of cryptography is to
make obtaining the information too work intensive to be worth it to the attacker. Cryptography
has the ability to protecting information by encoding it into an unreadable form Data can be
encrypted using a cryptographic algorithm, transmitted in an encrypted state, and later
decrypted by the intended party. If a third party intercepts the encrypted data, it will be
difficult to decipher.
 CONTENTS

 Introduction

 The purpose of cryptography

 Types of cryptographic algorithms

 Trust Models

 Cryptographic algorithm in action

 Password protection

 IP security

 Conclusion

 Reference and further details

Does security provide comfort to paranoid are name based, both of which are
people? Or does security provide some very notoriously weak).
basic protection that we are naive to Privacy/confidentially: Ensuring that no one
believe the we do not need? During this can read the message except the intended
time when the internet provides essential receiver.
communication between tens increasingly Integrity: Assuring the receiver that the
used as a tool for security becomes a received message has not been altered in
tremendously important issue to deal with. any way from the original.
There are many aspects to security and Non-repudiation: A mechanism to
many applications, ranging from secure prove that the sender really sent this
commerce and payment to private message.
communication and protecting password. 3. TYPES OF CRYPTOGRAPHIC ALGORITHM
One essential aspect for secure
communication is that of cryptography There are several ways of classifying
which the focus of this paper is. This paper cryptographic algorithms. For purposes of
has two major purpose . The first to define this paper, they will be categorized based
some of the terms and concept behind on the number of keys that are employed
basic cryptographic method and to offer a for encryption and decryption, and further
way to compare the myriad cryptographic defined by their application and use. The
schemes in use today. The second is to three types of algorithms that will be
provide some real examples of discussed are:
cryptography in use today. 3.1 Secret Key Cryptography (SKC): Uses
a single for both encryption and decryption
3.2 Public Key Cryptography (PKC): Uses
2. PURPOSE OF CRYPTOGRAPHY one key for encryption and another for
decryption
Cryptography is the science of writing in 3.3 Hash Functions: Uses a
secret code and is an ancient art. The new mathematical transformation on to
forms of cryptography came soon after the irreversibly "encrypt" information
widespread development of computer
communication. In data and
telecommunication cryptography is
necessary when communicating over any
unauthorized medium, which include just
about any network, particularly the
internet. Within the content of any
application to application communication,
there are some specific security
requirements, including:
Authentication: The process of providing
ones identity. (The primary form of host to
host authentication on the internet today
4. TRUST MODELS Kerberos employs client/server architecture
and provides user-to-server authentication
Secure use of cryptography requires trust, rather than host-to-host authentication. In
while secret key. Cryptography can ensure this model, security and authentication will
message confidentially and hash codes be based on secret key technology where
ensure integrity, none of this work without every host on the network has its own
trust. PKC solved the secret distribution secret key. It would clearly be
problem. unmanageable with the node's key; keys
There are a number of trust models can be distributed physically or by some
employed by various cryptographic other secure means.
schemes. This section will explore three of
them. The web of trust employed
Pretty Good Privacy (PGP) users, who hold
their own set of trusted public keys.
Kerberos, a secret key distribution scheme
Used a trusted third party.
Certificates, which allow a set of
trusted third parties to authenticate each
other and, by implication, each other's
users.
Each of these trust models differs in
complexity, general applicability, scope, and
scalability
4.3 Public Key certificates and certificate
authorities
4.1. PGP Web of Trust
Widespread use of cryptography for e-
Pretty Good Privacy is a widely used private commerce application while combination of
e-mail scheme based on public key secret and public key cryptography can
methods. A PGP user maintains a local key solve the business issue, cryptography
ring of all their known and trusted public cannot alone address the trust issue that
keys. The user makes their own must exist between a customer and the
determination about the trustworthiness of vendor in the very fluid very dynamic e-
a key using what is called a "web of trust." commerce relationship.
The purposes of electronic transaction
4.2. Kerberos certificate are digital document. The specific
functions of the certificate include
Kerberos is a commonly used Establish identity: Associate or bind, a
authentication scheme on the Internet. public key to an individual, organized
Developed by MIT's Project Athena, corporate position or other entity.
Kerberos is named for the three-headed Assign Authority: Establish what action the
dog who, according to Greek mythology, holder may or may not take based upon this
guards the entrance of Hades (rather than certificate.
the exit, for some reason!).
Secure confidential information (e.g., Passwords are not saved in plaintext on
encrypting the session's symmetric key for computer systems precisely so they cannot
data confidentiality). be easily compromised. For similar reasons,
Typically, a certificate contains a public key, we don't want passwords sent in plaintext
a name, an expiration date, the name of the across a network. But for remote logon
authority that issued the certificate (and, applications, how does a client system
therefore, is vouching for the identity of the identify itself or a user to the server? One
user), a serial number, any pertinent mechanism, of course, is to send the
policies describing how the certificate was password as a hash value and that, indeed,
issued and/or how the certificate may be may be done. A weakness of that approach,
used, the digital signature of the certificate however, is that an intruder can grab the
issuer, and perhaps other information. password off of the network and use an off-
line attack (such as a dictionary attack
where an attacker takes every known word
5. CRYPTOGRAPHIC ALGORITHMS IN and encrypts it with the network's
ACTION encryption algorithm, hoping eventually to
find a match with a purloined password
The paragraphs above have provided an hash). In some situations, an attacker only
overview of the different types of has to copy the hashed password value and
cryptographic algorithms, as well as some use it later on to gain unauthorized entry
examples of some available protocols and without ever learning the actual password.
schemes. Table 3 provides a list of some An even stronger authentication method
other noteworthy schemes employed — or uses the password to modify a shared
proposed — for a variety of functions, most secret between the client and server, but
notably electronic commerce. The never allows the password in any form to
paragraphs below will show several real go across the network. This is the basis for
cryptographic applications that many of us the Challenge Handshake Authentication
employ everyday for password protection Protocol (CHAP), the remote logon process
and private communication. Cryptographic used by Windows NT.
applications that many of us employ
(knowingly or not) everyday for password 7 .IP SECURITY PROTOCOL
protection and private communication.
The Internet and the TCP/IP protocol suite
6. PASSWORD PROTECTION were not built with security in mind. This
statement is not meant as a criticism; the
Nearly all modern multiuser computer and baseline UDP, TCP, IP, and ICMP protocols
network operating systems employ were written in 1980 and built for the
passwords at the very least to protect and relatively closed ARPANET community.
authenticate users accessing computer TCP/IP wasn't designed for the commercial-
and/or network resources. But passwords grade financial transactions that they now
are not typically kept on a host or server in see nor for virtual private networks (VPNs)
plaintext, but are generally encrypted using on the Internet. To bring TCP/IP up to
some sort of hash scheme. today's security necessities, the Internet
Engineering Task Force (IETF) formed the IP
Security Protocol Working Group which, in 8. CONCLUSION
turn, developed the IP Security protocol.
IPSec is not a single protocol, in fact, but a This paper has briefly described how
suite of protocols providing a mechanism to cryptography works. The reader must
provide data integrity, authentication, beware, however, that there are a number
privacy, and no repudiation for the classic of ways to attack every one of these
Internet Protocol (IP). Although intended systems; cryptanalysis and attacks on
primarily for IP version 6 (IPv6), IPsec can cryptosystems, however, are well beyond
also be employed by the current version of the scope of this paper.. Cryptography is a
IP, namely IP version 4 (IPv4). particularly interesting field because of the
IPsec can provide either message amount of work that is, by necessity, done
authentication and/or encryption. The latter in secret. The irony is that today, secrecy is
requires more processing than the former, not the key to the goodness of a
but will probably end up being the cryptographic algorithm. Regardless of the
preferred usage for applications such as mathematical theory behind an algorithm,
VPNs and secure electronic commerce. the best algorithms are those that are well-
Central to IPsec is the concept of a security known and well-documented because they
association (SA). Authentication and are also well-tested and well-studied! In
confidentiality using AH or ESP use SAs and fact, time is the only true test of good
a primary role of IPsec key exchange it to cryptography; any cryptographic scheme
establish and maintain SAs. An SA is a that stays in use year after year is most
simplex (one-way or unidirectional) logical likely a good one. The corollary to this is
connection between two communicating IP that consumers should run, not walk, away
endpoints that provides security services to from any product that uses a proprietary
the traffic carried by it using either AH or cryptography scheme, ostensibly because
ESP procedures. The endpoint of an SA can the algorithm's secrecy is an advantage.
be an IP host or IP security gateway (e.g., a
proxy server, VPN server, etc.). Providing
security to the more typical scenario of two- 9. REFERENCE AND FUTURES DETAILS
way (bi-directional) communication
between two endpoints requires the Bamford, J. (1983). The Puzzle Palace:
establishment of two SAs (one in each Inside the National Security Agency,
direction). America's most secret intelligence
An SA is uniquely identified by a 3-tuple organization. New York: Penguin Books.
composed of: Bamford, J. (2001). Body of Secrets:
Security Parameter Index (SPI), a 32-bit Anatomy of the Ultra-Secret National
identifier of the connection Security Agency from the Cold War Through
IP Destination Address the Dawn of a New Century. New York:
security protocol (AH or ESP) identifier Doubleday.