SEMINAR REPORT

ON
CRYPTOGRAPHY AUTHENTICATION
PRESENTED BY:

SHUBHARANSHU RANJAN SAHOO

B.TECH (COMPUTER SCIENCE AND ENGINEERING)
7TH SEMESTER
REGD. NO. : 2201333040
(2025-26)

GUIDED BY : PROF. GAYATRI R.PATI

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

SUDDHANANDA ENGINEERING AND RESEARCH CENTRE,
BHUBANESWAR

1
 SUDDHANANDA ENGINEERING AND RESEARCH
CENTRE, BHUBANESWAR
DEPARTMENT OF COMPUTER SCIENCE AND
ENGINEERING

CERTIFICATE
It is hereby recommended that the seminar on “CRYPTOGRAPHY
AUTHENTICATION” is a Bonafide work prepared by
SHUBHARANSHU RANJAN SAHOO bearing Registration Number
2201333040 under the Supervision of Prof. Gayatri R.Pati be accepted
in partial fulfilment of the requirement for the Degree of Bachelor of
Technology.

Prof. Gayatri R.Pati Prof. Subhasish Dash

Seminar Guide HOD, CSE

2
 ACKNOWLEDGEMENT
I wish to express my gratitude and indebtedness to Prof.
Gayatri R.Pati, Seminar Guide, Computer Science and Engineering
Department, SERC, Bhubaneswar, for her interest, guidance and
encouragement in carrying out this work.
I would like to convey my sincere gratitude to Hon’ble Principal of
SERC Prof. (Dr.) Chittaranjan Panda, for his cooperation.
My sincere thanks to Prof. Subhasish Dash, Head of the Department,
Computer Science and Engineering, SERC, Bhubaneswar, for his
support and encouragement.
I also like to thank all the staff members of Computer Science and
Engineering, who have directly and indirectly helped me with their
Valuable suggestion in the successful completion of this seminar
report.
Last but not the least I would like to thank my beloved parents for their
blessings, love and encouragement to successfully complete the task
by meeting all the requirements.

NAME:- Shubharanshu Ranjan Sahoo

REDG. NO.:- 2201333040

3
 ABSTRACT
In today’s digital era, securing information has become a critical
requirement for individuals, businesses, and governments.
Cryptography is the science of protecting data by transforming it into
an unreadable format, ensuring that only authorized parties can
access it. It provides confidentiality, integrity, authentication, and
non-repudiation, forming the backbone of modern cybersecurity.
Authentication, on the other hand, is the process of verifying the
identity of users, devices, or systems to prevent unauthorized access.
Together, cryptography and authentication play a vital role in
protecting sensitive information across networks, online banking, e-
commerce, cloud services, and Internet of Things (IoT) devices. This
seminar explores the fundamental concepts of cryptography,
including symmetric and asymmetric encryption, hashing, and digital
signatures, along with various authentication methods such as
passwords, biometrics, tokens, and multi-factor authentication. It
also examines the key protocols and standards like SSL/TLS, OAuth2,
SAML, and FIDO2, which enable secure communication and identity
verification. Furthermore, the seminar discusses the challenges and
threats posed by cyberattacks, social engineering, and emerging
technologies like quantum computing, while highlighting the future
prospects of advanced authentication methods and quantum-safe
cryptography.

4
 CONTENTS
CHAPTER TITTLE PAGE

1 Introduction 1

2 Objectives of Cryptography & 2-3

Authentication
3 Basics of Cryptography 4-6

4 Types of Cryptography 6-8

5 What is Authentication? 9-10

6 Cryptography in Authentication 11-13

7 Authentication Protocols & 14-17

Standards
8 Challenges and Threats 18-20

9 Future Scope & Conclusion 21-22

10 Reference 23

5
 Introduction
In today’s digital era, information is one of the most valuable
assets. Every day, millions of transactions and communications take
place over the internet, including emails, online banking, e-
commerce purchases, social media interactions, and cloud-based
services. With this increasing flow of digital data comes the critical
need to protect it from unauthorized access, theft, tampering, and
misuse. This is where cryptography and authentication play a vital
role in maintaining digital security and trust.
Cryptography is the science of transforming information into a
secure format using mathematical techniques. It ensures that data
remains confidential, intact, and authentic. For example, encryption
converts readable data into a coded form so that only authorized
parties can understand it, preventing eavesdropping or interception
by malicious users. Cryptography also provides integrity, ensuring
that data has not been altered, and non-repudiation, meaning that
the sender cannot deny sending the message.
Authentication complements cryptography by verifying the identity
of users, devices, or systems before granting access to sensitive
information or resources. Without proper authentication, even
encrypted data could be accessed by unauthorized entities.
Authentication methods can include something the user knows
(passwords or PINs), something the user has (smart cards or
tokens), or something the user is (biometric verification such as
fingerprints or facial recognition). Multi-factor authentication (MFA)
combines two or more of these factors for stronger security.

6
 Objectives of Cryptography & Authentication
The main purpose of cryptography and authentication is to protect
digital information and ensure secure communication between
parties in a networked environment. As cyber threats continue to
grow, understanding these objectives is essential for individuals,
businesses, and governments.
1. Confidentiality
Confidentiality ensures that sensitive information is accessible only to
authorized parties. Encryption techniques in cryptography convert
readable data into unreadable code, which can only be deciphered
with the correct key. This prevents unauthorized users, hackers, or
attackers from accessing confidential data. Examples include secure
online banking, private emails, and confidential business
transactions.
2. Data Integrity
Data integrity guarantees that the information sent or stored has not
been altered in an unauthorized manner. Cryptographic hash
functions, digital signatures, and message authentication codes
(MACs) help detect any tampering or corruption. This ensures the
receiver can trust that the data is accurate and unchanged during
transmission.
3. Authentication
Authentication is the process of verifying the identity of users,
devices, or systems before granting access to information or services.
By confirming identities, it prevents unauthorized access and ensures
that only legitimate users interact with sensitive data. Authentication
methods include passwords, tokens, smart cards, biometrics, and
multi-factor authentication (MFA).
7
4. Non-Repudiation
Non-repudiation ensures that the sender of a message cannot deny
sending it, and the receiver cannot deny receiving it. Digital
signatures and certificates provide legal and technical evidence,
which is particularly important in e-commerce, online contracts, and
financial transactions.
5. Secure Communication
One of the key objectives is to enable safe and secure
communication over insecure networks, such as the internet.
Cryptography and authentication work together to prevent
eavesdropping, interception, and impersonation attacks, allowing
users to exchange information with confidence.
6. Prevention of Unauthorized Access
Authentication mechanisms combined with cryptographic techniques
help restrict access to sensitive resources. This is crucial for
protecting systems from hacking attempts, identity theft, and insider
threats.
7. Building Trust in Digital Systems
By providing confidentiality, integrity, authentication, and non-
repudiation, cryptography and authentication establish trust
between users, businesses, and systems. Trust is fundamental for
online transactions, cloud computing, IoT devices, and other digital
services.

8
 Basics of Cryptography
Cryptography is the science of securing information by transforming
it into a format that is unreadable to unauthorized users. It uses
mathematical algorithms and techniques to ensure that sensitive
data remains confidential, authentic, and unaltered during storage or
transmission. Cryptography forms the foundation of modern digital
security and is widely used in online banking, e-commerce, secure
communication, and cloud computing.
1. Encryption and Decryption
• Encryption is the process of converting plain, readable
information (plaintext) into an unreadable format (ciphertext)
using a cryptographic algorithm and a key.
• Decryption is the reverse process, where ciphertext is
converted back into readable plaintext using the appropriate
key.
• Example: When you send a message on WhatsApp, it is
encrypted so that only the recipient can read it.
2. Symmetric Cryptography
• Symmetric cryptography uses the same key for both encryption
and decryption.
• Common algorithms include AES (Advanced Encryption
Standard) and DES (Data Encryption Standard).
• Advantage: Fast and efficient for large volumes of data.
• Limitation: Secure key distribution is challenging; both sender
and receiver must share the secret key safely.
3. Asymmetric Cryptography

9
 • Asymmetric cryptography uses two separate keys: a public key
for encryption and a private key for decryption.
• Common algorithms include RSA (Rivest-Shamir-Adleman) and
ECC (Elliptic Curve Cryptography).
• Advantage: Secure key exchange without needing to share a
secret key.
• Limitation: Slower than symmetric encryption and
computationally more intensive.
4. Hash Functions
• Hash functions convert data into a fixed-length unique string,
called a hash or digest.
• Common hash algorithms: SHA-256, MD5.
• Purpose: Ensure data integrity by detecting changes; even a
small modification in the input produces a completely different
hash.
• Example: Hashing is used to store passwords securely in
databases.
5. Digital Signatures
• Digital signatures use cryptography to verify the authenticity
and integrity of digital messages or documents.
• They ensure non-repudiation, meaning the sender cannot deny
sending the message.
• Example: Signing an email or an online contract digitally.
6. Message Authentication Codes (MAC)
• MACs provide a way to verify data integrity and authenticity
using a secret key shared between sender and receiver.
10
 • Example: Ensuring that a transaction message has not been
tampered with during transmission.
7. Real-World Applications of Cryptography
• Securing online banking and financial transactions.
• Protecting personal communication via apps like WhatsApp and
Telegram.
• Ensuring integrity of software downloads and updates.
• Safeguarding cloud storage data.

11
 Types of Cryptography
Cryptography is broadly classified based on the way keys are used
and the purpose it serves. Understanding the different types is
essential to implement secure systems and protect sensitive
information. The main types of cryptography are Symmetric,
Asymmetric, Hash Functions, and Hybrid cryptography.
1. Symmetric Key Cryptography
• In symmetric cryptography, the same key is used for both
encryption and decryption.
• Example algorithms: AES (Advanced Encryption Standard), DES
(Data Encryption Standard), 3DES, and Blowfish.
• Advantages:
o Fast and efficient for encrypting large amounts of data.
o Simple implementation.
• Disadvantages:
o Secure key distribution is challenging; if the key is
intercepted, security is compromised.
o Not suitable for communication between multiple parties
without a secure key exchange method.
• Applications: File encryption, VPNs, secure data storage.
2. Asymmetric Key Cryptography (Public Key Cryptography)
• Uses two separate keys: a public key for encryption and a
private key for decryption.
• Example algorithms: RSA, ECC (Elliptic Curve Cryptography),
DSA (Digital Signature Algorithm).

12
 • Advantages:
o Secure key distribution without the need to share a secret
key.
o Supports digital signatures for authentication and non-
repudiation.
• Disadvantages:
o Slower than symmetric cryptography due to complex
computations.
o Requires more computational resources.
• Applications: Secure email (PGP), SSL/TLS for websites, digital
signatures.
3. Hash Functions
• A hash function converts any input into a fixed-length string
called a hash or digest.
• Common algorithms: SHA-256, SHA-3, MD5.
• Purpose:
o Ensures data integrity.
o Detects unauthorized changes to data.
• Applications: Password storage, file verification, blockchain
technology.
4. Hybrid Cryptography
• Combines symmetric and asymmetric cryptography to leverage
the advantages of both.
• Typical approach:

13
 o Use asymmetric cryptography to securely exchange a
symmetric key.
o Use the symmetric key to encrypt large data efficiently.
• Applications: SSL/TLS protocols for secure web communication,
secure email systems.
5. Modern and Emerging Cryptography
• Post-Quantum Cryptography: Algorithms designed to resist
attacks by quantum computers.
• Lightweight Cryptography: Optimized for IoT devices and low-
power systems.
• Homomorphic Encryption: Allows computations on encrypted
data without decrypting it.

14
 What is Authentication?
Authentication is a critical aspect of cybersecurity that ensures the
identity of a user, device, or system before granting access to
sensitive information or resources. While cryptography protects the
confidentiality and integrity of data, authentication ensures that
only authorized entities can access or modify that data. Without
proper authentication, even encrypted information could be exposed
to unauthorized users, leading to data breaches, financial losses, or
identity theft.
1. Purpose of Authentication
The main purpose of authentication is to verify that the party
requesting access is indeed who they claim to be. This helps prevent
unauthorized access, impersonation, and fraudulent activities.
Authentication also provides accountability and forms the foundation
for secure communication between systems.
2. Factors of Authentication
Authentication methods are generally categorized into three factors:
1. Something You Know (Knowledge Factor):
o Passwords, PINs, security questions.
o Most commonly used but vulnerable to phishing,
guessing, or brute-force attacks.
2. Something You Have (Possession Factor):
o Smart cards, hardware tokens, OTP (One-Time Password)
generators, mobile devices.
o Provides an extra layer of security, often used in
combination with passwords.

15
 3. Something You Are (Inherence Factor):
o Biometric methods such as fingerprints, facial recognition,
retina scans, and voice recognition.
o Harder to forge and increasingly used in mobile devices
and secure facilities.
3. Multi-Factor Authentication (MFA)
• MFA combines two or more factors from the categories above.
• Example: ATM access requires a card (possession) and a PIN
(knowledge).
• Online platforms often combine passwords (knowledge) with
OTPs sent to phones (possession) or fingerprint scans
(inherence).
• MFA significantly increases security and reduces the risk of
unauthorized access.
4. Importance of Authentication
• Ensures that only authorized users can access sensitive data or
perform actions.
• Protects against identity theft, fraud, and unauthorized system
access.
• Enhances trust in digital systems, e-commerce, banking, and
cloud services.

16
 Cryptography in Authentication
Cryptography plays a fundamental role in authentication by
protecting the verification process and ensuring that identities are
securely validated. While authentication confirms “who you are,”
cryptography ensures that this verification is safe from interception,
tampering, or forgery. Together, they form the backbone of secure
digital systems.
1. Password Security
• Cryptography is used to store and protect passwords.
• Passwords are hashed using cryptographic algorithms (e.g.,
SHA-256) before being stored in a database.
• Salting adds random data to passwords before hashing,
preventing attacks such as rainbow table attacks.
• Example: When you log into Gmail, your password is not stored
in plaintext but as a hashed value.
2. Digital Signatures
• Digital signatures use asymmetric cryptography to verify the
authenticity and integrity of messages or documents.
• A sender signs a message with their private key, and the
receiver verifies it using the sender’s public key.
• This ensures non-repudiation, meaning the sender cannot deny
sending the message.
• Applications: Secure email, online contracts, financial
transactions.
3. Certificates & Public Key Infrastructure (PKI)

17
 • PKI uses cryptography to bind public keys to real-world
identities through digital certificates.
• Certificates issued by Certificate Authorities (CAs) ensure trust
in websites, email servers, and applications.
• Example: SSL/TLS certificates for HTTPS websites confirm that
the site is legitimate and encrypt communication.
4. Challenge-Response Protocols
• These protocols use cryptographic techniques to verify
identities without transmitting secrets in plaintext.
• The system sends a challenge (random value) to the user, who
responds using a secret key or password.
• Example: One-time passwords (OTPs) and token-based logins
use challenge-response mechanisms.
5. Multi-Factor Authentication and Cryptography
• Cryptography strengthens MFA by encrypting token-based
communications and ensuring secure storage of biometric data.
• Examples:
o OTPs sent via encrypted channels.
o Biometric templates stored securely using cryptographic
algorithms.
6. Benefits of Cryptography in Authentication
• Prevents unauthorized access and identity theft.
• Ensures integrity and authenticity of login credentials.
• Supports secure communication even over untrusted networks.

18
• Forms the foundation for secure digital transactions, cloud
services, and enterprise networks.
• Facilitate scalable authentication for organizations of any size.
• Comply with industry standards (e.g., NIST, ISO/IEC 27001) for
cybersecurity.
• Provide a framework for secure identity management, access
control, and auditing.

19
 Authentication Protocols & Standards
Authentication protocols and standards are the backbone of secure
communication systems. They define how identities are verified,
how credentials are exchanged, and how access is controlled,
ensuring the safety of sensitive data in networks, cloud platforms,
and digital services. With the growing number of cyberattacks,
adhering to robust protocols is essential for maintaining trust and
security.
1. Kerberos
• Kerberos is a trusted third-party network authentication
protocol that uses tickets to allow users and devices to prove
their identities without transmitting passwords over the
network.
• Uses symmetric key cryptography and a central Key
Distribution Center (KDC) to issue time-limited tickets and
session keys.
• Common in enterprise networks, Windows Active Directory,
and secure file sharing systems.
• Advantage: Reduces the risk of password interception and
replay attacks.
2. OAuth 2.0 and OpenID Connect
• OAuth 2.0: Authorization framework allowing third-party
applications to access user resources securely without exposing
credentials.
• OpenID Connect (OIDC): Authentication layer built on OAuth
2.0 for verifying user identity.

20
 • Used for Single Sign-On (SSO): Logging into multiple apps using
one account (e.g., Google or Facebook login).
• Enhances security: Third-party apps do not store user
passwords.
3. SAML (Security Assertion Markup Language)
• SAML is an XML-based standard for exchanging authentication
and authorization data.
• Enables SSO across different organizations and applications.
• Commonly used in enterprise cloud services, education portals,
and federated systems.
• Ensures that user credentials are never exposed to service
providers directly.
4. FIDO2 / WebAuthn
• FIDO2 is a passwordless authentication standard that uses
public-key cryptography for secure login.
• WebAuthn allows browsers and devices to authenticate users
using biometrics or hardware keys.
• Examples: Fingerprint login on mobile devices, security keys like
YubiKey, facial recognition systems.
• Benefits: Mitigates phishing and password theft, provides
strong authentication.
5. RADIUS and TACACS+
• RADIUS (Remote Authentication Dial-In User Service) and
TACACS+ are network protocols for authentication,
authorization, and accounting (AAA).

21
 • RADIUS: Common for VPNs, Wi-Fi networks, and remote access.
Uses shared secrets between client and server.
• TACACS+: Separates authentication, authorization, and
accounting for more control and flexibility.
• Widely used in enterprise network devices like routers,
firewalls, and switches.
6. Kerberos Extensions & Modern Protocols
• PKINIT: Extension to Kerberos for using public key cryptography.
• SPNEGO: Simplified protocol for negotiating authentication in
Windows and web applications.
• Modern systems integrate OAuth + OpenID + FIDO2 to provide
layered security for cloud and mobile applications.
7. Importance of Protocol Standards
• Ensure interoperability between different systems, devices, and
applications.
• Facilitate scalable authentication for organizations of any size.
• Comply with industry standards (e.g., NIST, ISO/IEC 27001) for
cybersecurity.
• Provide a framework for secure identity management, access
control, and auditing.
8. Real-World Examples
• Logging into Gmail using OAuth2 with two-factor
authentication.
• Enterprise SSO using SAML to access multiple internal
applications.

22
• Banking apps using FIDO2 with fingerprint or facial recognition
for secure login.
• Corporate Wi-Fi secured with RADIUS authentication.
• Example: ATM access requires a card (possession) and a PIN
(knowledge).
• Online platforms often combine passwords (knowledge) with
OTPs sent to phones (possession) or fingerprint scans
(inherence).

23
 Challenges and Threats
While cryptography and authentication provide essential security for
digital systems, they are not without challenges and vulnerabilities.
As cyber threats evolve, attackers continuously develop new methods
to bypass security measures. Understanding these challenges is
critical to designing robust systems and ensuring safe
communication.
1. Cyber Attacks Targeting Authentication
• Phishing Attacks: Attackers trick users into revealing credentials
through fake websites or emails.
• Brute-Force Attacks: Automated tools try all possible passwords
until the correct one is found.
• Credential Stuffing: Attackers use stolen username-password
pairs from one service to access other accounts.
• Social Engineering: Manipulating individuals to disclose
confidential information, bypassing cryptographic protections.
2. Threats to Cryptography
• Man-in-the-Middle (MITM) Attacks: Intercepting
communication between sender and receiver to steal or alter
data.
• Replay Attacks: Reusing intercepted messages to gain
unauthorized access.
• Side-Channel Attacks: Exploiting hardware or implementation
flaws to extract secret keys (e.g., timing attacks, power
analysis).

24
 • Quantum Computing Threats: Future quantum computers
could break traditional encryption algorithms like RSA and ECC.
3. Key Management Challenges
• Secure generation, storage, distribution, and rotation of
cryptographic keys are essential.
• Weak key management can compromise the strongest
encryption methods.
• Example: Storing private keys insecurely can allow attackers to
decrypt sensitive data.
4. Usability vs. Security Trade-Off
• Complex authentication methods (e.g., multi-factor, biometrics)
improve security but may reduce user convenience.
• Users often choose weak passwords or bypass security features
for ease of use.
• Organizations must balance strong security with user-friendly
systems.
5. Insider Threats
• Employees or authorized personnel may misuse access
privileges to steal or manipulate data.
• Insider attacks are difficult to detect and often bypass
cryptographic protections.
6. Emerging Threats
• Advanced Persistent Threats (APTs): Long-term, targeted
attacks on organizations using sophisticated techniques.
• Malware and Ransomware: Can bypass authentication, steal
keys, or lock encrypted data.
25
 • IoT Vulnerabilities: Internet of Things devices often have weak
authentication, making them targets for attacks.
7. Mitigation Strategies
• Regularly update encryption algorithms and authentication
protocols.
• Implement multi-factor authentication (MFA) to reduce risk of
compromised passwords.
• Educate users about phishing and social engineering attacks.
• Use hardware security modules (HSMs) for secure key storage.
• Plan for post-quantum cryptography to counter quantum
threats.

26
 Future Scope & Conclusion
Future Scope of Cryptography & Authentication
The field of cryptography and authentication is evolving rapidly in
response to the increasing complexity of cyber threats and
technological advancements. Several emerging trends and future
prospects are shaping the way secure communication and identity
verification will function:
1. Passwordless Authentication
o Moving beyond traditional passwords, the future focuses
on biometrics, security keys, and behavioral
authentication.
o Reduces the risk of phishing, password theft, and
credential reuse.
2. Quantum-Safe Cryptography
o Quantum computers pose a potential threat to current
encryption algorithms such as RSA and ECC.
o Research is ongoing into post-quantum cryptography
algorithms that remain secure even against quantum
attacks.
3. Artificial Intelligence in Security
o AI and machine learning can detect anomalous behavior,
phishing attempts, and suspicious login activity.
o Can enhance authentication systems by learning user
patterns for adaptive security.
4. Blockchain and Decentralized Authentication

27
 o Blockchain can provide tamper-proof authentication
records, reducing reliance on central authorities.
o Enhances transparency and trust in identity management.
5. Internet of Things (IoT) Security
o As IoT devices proliferate, secure authentication and
lightweight cryptography become critical.
o Future systems will focus on efficient, low-power security
solutions for smart homes, healthcare devices, and
industrial IoT.
6. Integration of Multi-Layered Security
o Combining biometrics, cryptography, and behavioral
analytics will provide stronger, adaptive security.
o Continuous authentication will monitor user behavior
throughout a session rather than only at login.

28
 Conclusion
Cryptography and authentication are the cornerstones of modern
digital security, protecting sensitive data and ensuring trust in online
systems. Cryptography provides confidentiality, integrity, and non-
repudiation, while authentication verifies the identity of users and
devices. Together, they enable secure communication, protect
against unauthorized access, and support digital transactions, e-
commerce, cloud services, and IoT networks.
Despite challenges such as cyberattacks, key management issues, and
emerging quantum threats, advances in cryptography, authentication
protocols, and emerging technologies promise a safer digital future.
With passwordless systems, AI-driven security, blockchain-based
authentication, and post-quantum cryptography, the scope of these
technologies is vast.
In summary, the continued development and adoption of strong
cryptography and authentication mechanisms are essential to
protect information, maintain trust, and secure the ever-expanding
digital world.

29
 References
1. William Stallings, Cryptography and Network Security: Principles
and Practice, 8th Edition, Pearson, 2019.
2. Bruce Schneier, Applied Cryptography: Protocols, Algorithms,
and Source Code in C, 20th Anniversary Edition, Wiley, 2015.
3. Behrouz A. Forouzan, Cryptography and Network Security, 3rd
Edition, McGraw-Hill, 2015.
4. NIST (National Institute of Standards and Technology), FIPS
Publication 140-3: Security Requirements for Cryptographic
Modules, 2019.
5. RFC 6749, The OAuth 2.0 Authorization Framework, Internet
Engineering Task Force (IETF), 2012.
6. RFC 7522, Assertion Framework for OAuth 2.0 Client
Authentication and Authorization Grants, IETF, 2015.
7. SAML Technical Overview, OASIS Standard, Security Assertion
Markup Language (SAML) V2.0, 2005.
8. FIDO Alliance, FIDO2: Web Authentication (WebAuthn) & CTAP,
2021. https://fidoalliance.org/fido2/
9. Bruce Schneier, Secrets and Lies: Digital Security in a Networked
World, Wiley, 2000.

30