KYAMBOGO UNIVERSITY

DEPARTMENT OF COMPUTER SCIENCE

INTRODUCTION TO CRYPTOGRAPHY REPORT

BY GROUP 1

LECTURER: MR. NKALUBO LEONARD

GROUP MEMBERS:

KAMUGISHA BRUCE 23/U/ITD/06362/PD

MUHUMUZA ALBERT 23/U/ITD/08405/PD

MUJUNI VICENT 23/U/ITD/08433/PD

AHABWE FRANCIS 23/U/ITD/03023/PD

OPIO ARNOLD OKULLO 23/U/ITE/12118/PE

MAGERA WILSON 23/U/ITD/07783/PD

KISAKYE AZARIA 23/U/ITD/07088/PD

MAWANDA GEORGE 23/U/ITD/07970/PD

PULE AMON 23/U/ITD/12370/PD

MIREMBE DIVINE 23/U/ITD/08084/PD

MANIRAKIZA RONALD 23/U/ITE/07852/PE

KULOBA JOEL PAUL 22/U/ITD/3598/GV

MAKUMBI GEORGE 23/U/ITD/07818/PD

INTRODUCTION

What is cryptography?

Cryptography is the technique of obfuscating or coding data, ensuring that only the person who is
meant to see the information–and has the key to break the code–can read it
Who is a cryptographer?

A cryptographer is someone who writes (or cracks) the encryption code for data security.

Computer-encrypted data uses exceptionally long, advanced encryption algorithms that are
incredibly hard and time-consuming for people to break.

Brief History on cryptography.

The word is a hybrid of two Greek words: “kryptós”, which means hidden, and “graphein”, which
means to write. Literally, the word cryptography translates to hidden writing, but in reality, the
practice involves the secure transmission of information.

Essentially, the word refers to the study of secure communications techniques, but cryptography
is closely associated with encryption, or the act of scrambling ordinary text into what’s known as
cipher-text and then back again into ordinary text (called plaintext) when it arrives at its
destination. Several historical figures have been credited with creating and using cryptography
through the centuries, from Greek historian Polybios and French diplomat Blaise de Vigenère to
Roman Emperor Julius Caesar who is credited with using one of the first modern ciphers—and
Arthur Scherbius, who created the Enigma code-breaking machine during World War Two. Likely,
none of them would recognize the ciphers of the 21st century.

What are some of the use-cases of cryptography?

The use of cryptography can be traced to the ancient Egyptians and their creative use of
hieroglyphics. But, the art of coding has seen great strides over the millennia, and modern
cryptography combines advanced computer technology, engineering, and math among other
disciplines to create highly sophisticated and secure algorithms and ciphers to protect sensitive
data in the digital era.
For example, cryptography is used to create various types of encryption protocols that are regularly
used to protect data. These include 128-bit or 256-bit encryption, Secure Sockets Layer (SSL), and
Transport Layer Security (TLS). These encryption protocols protect all manner of digital
information and data, from passwords and emails to ecommerce and banking transactions.

There are different cryptographic types, which are useful for different purposes. For example, the
simplest is symmetric key cryptography. Here, data is encrypted using a secret key, and then both
the encoded message and the secret key are sent to the recipient for decryption. Of course, the
problem here is that if the message is intercepted, the third party can easily decode the message
and steal the information.

To create a more secure system of encoding, cryptologists devised asymmetric cryptography,

which is sometimes known as the “public key” system. In this instance, all users have two keys:
one public and one private. When creating a coded message, the sender will request the recipient’s
public key to encode the message. This way, only the intended recipient’s private key will decode
it. This way, even if the message is intercepted, a third party cannot decode it.

Why is cryptography important?

Cryptography is an essential cybersecurity tool. Its use means that data and users have an additional
layer of security that ensures privacy and confidentiality and helps keep data from being stolen by
cybercriminals. In practice, cryptography has many applications:

Confidentiality: Only the intended recipient can access and read the information, so conversations
and data remain private.

Integrity of data: Cryptography ensures that the encoded data cannot be modified or tampered
with in route from the sender to the receiver without leaving traceable marks— an example of this
is digital signatures.

Authentication: Identities and destinations (or origins) are verified.

Non-repudiation: Senders become accountable for their messages since they cannot later deny
that the message was transmitted digital signatures and email tracking are examples of this.
Types Of Cryptography

1. Symmetric Key Cryptography

It is an encryption system where the sender and receiver of a message use a single common key to
encrypt and decrypt messages. Symmetric Key Cryptography is faster and simpler but the problem
is that the sender and receiver have to somehow exchange keys securely.

Figure 1: Symmetric Key Cryptography

Commonly used systems and algorithms in symmetric key infrastructure:

(i) Advanced Encryption Standard (AES): Is a popular encryption algorithm which uses
the same key for encryption and decryption It is a symmetric block cipher algorithm
with block size of 128 bits, 192 bits or 256 bits.
(ii) Data Encryption Standard (DES): Is an older encryption algorithm that is used to
convert 64-bit plaintext data into 48-bit encrypted cipher-text. It uses symmetric keys
(which means same key for encryption and decryption).
(iii) 3DES (Triple DES): This is an improved version of DES that applies the encryption
three times to increase security, but slower compared to modern standards like AES. It
is used for encrypting financial transactions and in payment systems.

Asymmetric Key Cryptography

In Asymmetric Key Cryptography, a pair of keys is used to encrypt and decrypt information.
A receiver’s public key is used for encryption and a receiver’s private key is used for
decryption. Public keys and Private keys are different.

Even if the public key is known by everyone the intended receiver can only decode it because
he alone knows his private key.
Asymmetric key cryptography algorithm:

1. RSA (Rivest-Shamir-Adleman): RSA is one of the earliest public-key cryptosystems and

is still widely used. It is based on the difficulty of factoring large prime numbers. Typically
ranges from 2048 to 4096 bits.

2. ECC (Elliptic Curve Cryptography): ECC is based on the algebraic structure of elliptic
curves over finite fields. It provides strong security with relatively smaller key sizes compared
to RSA.

Hash function:

A hash function in cryptography is like a mathematical function that takes various inputs, like
messages or data, and transforms them into fixed-length strings of characters. Means the input
to the hash function is of any length but output is always of fixed length. Hash values, or
message digests, are values that a hash function returns. The hash function is shown in the
image below;

CRYPTOGRAPHIC PROTOCOLS

Cryptographic protocols provide secure connections, enabling two parties to communicate with
privacy and data integrity.

SSL( Secure Socket Layer) / TLS(Transport Layer Security)

The TLS protocol enables two parties to identify and authenticate each other and communicate
with confidentiality and data integrity.

The TLS protocol provides communications security over the internet, and allow client/server
applications to communicate in a way that is confidential and reliable. A TLS connection is
initiated by an application, which becomes the TLS client. The application which receives the
connection becomes the TLS server

Kerberos provides a centralized authentication server whose function is to authenticate users to

servers and servers to users. In Kerberos Authentication server and database is used for client
authentication. Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is a principal

Ip sec

In computing, Internet Protocol Security is a secure network protocol suite that authenticates and
encrypts packets of data to provide secure encrypted communication between two computers over
an Internet Protocol network. It is used in virtual private networks

VPN connections take place over public networks, but the data exchanged over the VPN is still
private because it is encrypted

A network port is the virtual location where data goes in a computer. Ports are how computers keep
track of different processes and connections; if data goes to a certain port, the computer's operating
system knows which process it belongs to. IPsec usually uses port 500.

PGP(Pretty Good Privacy:

Pretty Good Privacy (PGP) is a security program used to decrypt and encrypt email and
authenticate email messages through digital signatures and file encryption. The data encryption
program provides cryptographic authentication and privacy for data used in online communication.

PGP was one of the first public-key cryptography software publicly available for free. Originally,
it was used to enable individual users to communicate on bulletin board system computer servers.
Later, it was standardized and supported by other applications such as email. It has now become a
core standard in email security and has been widely used to protect individuals and organizations.

Attacks on Cryptography
Brute-Force Attack: In this attack, an attacker tries all possible keys until the correct one is found.
It's a time-consuming process but can be effective if the key length is short.

Ciphertext-Only Attack: The attacker only has access to the ciphertext (encrypted message) and
attempts to decrypt it or find patterns. Success depends on the strength of the encryption algorithm.

Replay Attack: In this attack, an attacker captures and replays a legitimate communication message
to trick the system into performing unauthorized actions. It typically targets authentication
protocols.

Man-in-the-Middle (MITM) Attack: An attacker intercepts communication between two parties

without their knowledge. The attacker can decrypt, alter, or inject data, making it appear as though
the communication is legitimate.

Side-Channel Attack: Rather than attacking the algorithm directly, the attacker uses information
gained from the physical implementation of the system (such as timing information, power
consumption, or electromagnetic leaks) to deduce secret keys.

Cryptanalysis: This is the study of analyzing cryptographic algorithms to break them. Techniques
include linear cryptanalysis and differential cryptanalysis, often used against block ciphers.

APPLICATIONS OF CRYPTOGRAPHY

Authentication is any process through which one proves and verifies certain information.
Sometimes one may want to verify the origin of a document, the identity of the sender, the time and
date a document was sent and/or signed, the identity of a computer or user, and so on.

Secures Communication. This is through the Secure Socket Layer(SSL)for online transactions,
VPNS for remote access, Secure messaging apps e.g. WhatsApp this ensures secure
communication over the internet preventing Eaves dropping.

Digital Signatures. These verify the integrity of digital messages, documents and software. For
example Email Authentication, Digital Certificates like SST, Cryptocurrencies

Cryptographic Tokens and Authentication systems. These Securely verify user identities and
control access. This is through Two factor authentication, Smart cards , Password less
authentication (biometrics)
Data Encryption: Cryptography is used to encrypt sensitive data stored on devices or transmitted
over networks, ensuring that only authorized individuals can access it. This includes encrypting
files, emails, and databases to protect against unauthorized access.

Secure File Transfer: Cryptographic protocols like Secure File Transfer Protocol (SFTP) and
Pretty Good Privacy (PGP) are used to encrypt files being transferred over the internet, ensuring
data privacy during transit.

Block-chain and Cryptocurrencies: Cryptography is essential for securing block-chain networks

and enabling cryptocurrency transactions. It ensures the integrity and immutability of block-chain
records and is used to generate cryptographic keys for wallet addresses.

Access Control Systems: Cryptography is used in access control mechanisms, such as smart
cards, electronic locks, and security tokens, to ensure that only authorized personnel can access
restricted areas or systems.
CONCLUSION:

What Cryptography Has Done?

Cryptography has a long history of securing communications, dating back to ancient civilizations
like the Egyptians who used hieroglyphics to encode messages. Over centuries, cryptographic
methods have evolved significantly, influencing major historical events. For example, the Caesar
cipher used by Julius Caesar for secure military communication laid foundational principles for
modern encryption. During World War II, the Enigma machine’s encryption was a crucial factor
in military strategies, and its eventual decryption helped the Allies gain a strategic advantage.

What Cryptography is doing now?

Today, cryptography serves as a cornerstone of cybersecurity, protecting data integrity,

confidentiality, and authenticity across various digital platforms. It secures online transactions
through protocols like Secure Socket Layer (SSL) and Transport Layer Security (TLS), ensuring
safe communication between web servers and clients. Cryptographic techniques are also vital for
authenticating users via digital signatures and multi-factor authentication, verifying identities, and
preventing unauthorized access.

Where Cryptography Has Been Used

Military and Intelligence: Historically, cryptography was heavily utilized in military operations
for secure communication, especially during wars. Today, military and intelligence agencies
continue to use it to protect classified information.

Finance: In banking and financial services, cryptography secures online banking transactions,
encrypts sensitive customer data, and safeguards payment systems. Protocols like TLS protect data
exchanged between financial institutions.

Healthcare: Cryptography ensures the confidentiality of patient records, securing data shared
between healthcare providers and stored in electronic health records (EHRs).
RECOMMENDATION:

Cryptography plays a vital role in today's digital world, ensuring data security, privacy, and trust.
As Uganda continues to develop its digital infrastructure, strengthening cryptographic practices is
crucial to address the country's current challenges and improve security across various sectors.

Expand the Use of Encryption:- Organizations in Uganda should adopt encryption for all
sensitive data, both in transit and at rest. Implementing strong encryption protocols like TLS/SSL
for online communications and using advanced encryption algorithms such as AES for data storage
can significantly enhance security against potential breaches. Given the country's ongoing digital
transformation, this would be a critical step in protecting personal data, government
communications, and corporate assets from cyber threats.

Adopt Multi-Factor Authentication (MFA) :- Integrating MFA with cryptographic methods

such as digital signatures and biometric data can provide stronger authentication and reduce risks
associated with password theft and phishing attacks. As Uganda's digital economy expands,
adopting MFA across government and business sectors will be essential for securing online
transactions and access to digital services.

Enhance Secure Communication Practices:- Uganda's expanding internet user base increases
the risk of eavesdropping and man-in-the-middle attacks. Individuals and companies should
therefore use encrypted communication tools like VPNs, encrypted emails, and secure messaging
apps. Enhancing secure communication practices will help protect data privacy, especially for
financial transactions and personal information exchanges.

Integrate Cryptography in Access Control Systems:- Employing cryptographic methods for

access control, such as smart cards, digital certificates, and token-based systems, can help prevent
unauthorized access. In Uganda, where secure access to both digital and physical environments is
critical for development, integrating these methods will strengthen overall infrastructure security,
including in sectors such as healthcare, banking, and education.

By expanding the use of cryptography and enhancing its implementation, Uganda can improve its
data security, support economic development, and build a safer digital environment amidst its
evolving challenges.
References:

1. https://us.norton.com/blog/privacy/what-is-encryption visited on 20 September 2024 at

9:45pm
2. https://kinsta.com/knowledgebase/what-is-encryption/ visited on 22 September 2024 at
8:32am
3. https://www.tutorialspoint.com/cryptography/cryptography_hash_functions.htm visited
on 24 September 2024 at 8:12 am
4. https://www.geeksforgeeks.org/asymmetric-key-cryptography/ visited on 27 September
2024 at 8:22 am
5. https://www.geeksforgeeks.org/cryptography-and-its-types/ visited on 27 September 2024
at 5:16 pm
6. https://medium.com/@prashanthreddyt1234/real-life-applications-of-cryptography-
162ddf2e917d visited on 28 September 2024 at 9:12pm