it security

Running Head: CRYPTOGRAPHY

CRYPTOGRAPHY 2

CRYPTOGRAPHY SECURITY TECHNOLOGY

Kiran Kumar goud, Cikka

569651

Campbellsville

Cryptography

Abstract

Cryptography is a technology security which is aimed at procuring the conversation between various computer devices. It prevents an unauthorized person or system from reading information. It engages the elements of information security like data confidentiality, authentication, data integrity. Cryptography is a concept which enables the users to send encoded messages while the system that consumes the message should decode the information to access it. This paper spots at the different cryptography schemes like the symmetric and a private key cryptography. The technology involves in the conversion of a readable information to a something that cannot be read except by the authorized people. The application of the cryptography uses to various fields like E-commerce, military and the computer passwords are also discussed. Arguments like the lawful restrictions and concerns about the encryption is also studied.

Introduction

These days a secure communication between two systems/people is an big an issue over the world. It raised a concerns about the security of transmitting media. After the rise and spread of the inter-networking between computer devices over the world, the process of securing the information shared over such networks has brought issues with it.

Basically, cryptosystem would be involved in the sender and the recipient who are able to communicate in insecure channel. The process through which a conversation takes place is referred to as encryption. After receiving the cipher text, the recipient has to decrypt for reading original message. Only the sender and the recipient who hold encryption key will be able to read the message and thus be difficult for others who do not have the key to decrypt the message.

There are like set of rules or steps which are followed during the dissemination of the message between the sender and the recipient which is referred to as protocol. Such cryptosystem protocols are implemented so as to ensure every user communicates irrespective of the environmental constraints. Efforts to engineer computers with Encryption programming as well as decryption and with the communicating nodes with the protocols are made to implement the security.

Today’s cryptography depends heavily on computer science and mathematical theory which are developed as a result of computational hardness which makes the algorithms of encryption hard to crack. It’s being claimed that the technology is potentially usable as a sedition and espionage tool which the government would categorize it one of the weapons, hence limiting their use. For jurisdictions which would involve cryptography use, laws are set to enable investigators to have access to encryption keys for investigation purposes.

Types of Cryptography

Systematic –key cryptography

This is the method of encryption which involves having both the receiver and sender sharing a common key or a single key is used. The DES is however used in applications such as email privacy, ATM encryption as well as remote access encryption. other standards had been evolving but some like FEAL has been broken.

On the other hand, stream ciphers are used to create arbitrarily long key material stream that gets combined with plaintext character-by-character or bit-by-bit. In this form, the cipher output stream gets developed based on internal state that is hidden which change while the cipher is operating. A secret key is used to setup the initial internal state. Example of stream cipher is RC4.

Figure 1: Symmetric key cryptography

However, there is a problem of symmetric-key cryptography because it has complexities in key management. In this cryptosystem, a single key is used for message decryption and encryption. As the network members increase, these keys would increase in a square form. i.e if the n represents the number of keys and t the number of networks, then n=t2. Such a big increase of the keys results to a complex management of key while trying to maintain secrecy and consistency

Public Key cryptography

The public key notion which was developed by Martin Hellman and Diffie in 1976 is also referred to as asymmetric key cryptography. Both keys get developed or generated secretly but are interrelated pair.

In this cryptography, the public keys are distributed freely but this private keys are supposed to be secret. In other words, the public keys are used to encrypt the message while private keys are used to decrypt the message. One of the well know algorithm used in this cryptosystem is the RSA. Other algorithms include Elliptic curve, ELGamal, Cramer-Shoup among others.

Figure 2: Public-private key cryptography

The cryptography which is used to implement schemes for digital signature that prevent the forgery. The digital signature gets tied to the message and cannot be moved to the another document. The DSA and the RSA are common schemes for processing digital signatures.

The computational complexity is the basis for the development and the operation of public-key algorithms. For instance, this integer factorization is used to create the hardness to RSA and discrete the logarithm is used harden DSA. Elliptic curves are as well involved in the theoretic development of the complexity for this cryptosystem.

Digital signatures are the reverse of how private and public keys work in encryption. Instead of using the public key of the receiver to encrypt, the private key of the sender is used to encrypt the message. However, the dangers come by when the sender’s computer is attack and its signature used inappropriately to sign and send documents.

Session Keys and digital envelops

One of the bad things about public key encryption is the slow speed than the private key, hence there is need for an improvement because business exchanges would be reduced to crawling pace with public key usage. Thus the use of envelops and session keys would maximize the speed by using symmetric key encryption for bulk documents then a public key is used in delivering the key

Legal Issues with Cryptography

There are raised concerns about the use of cryptography technology that resulted in legal issues. In some countries, it is illegal to use the cryptography. In some other governments like Iran and Singapore there is a limitation on its use. Some would require licensure. In US, cryptography is legal for domestic use.

Cryptanalysis

Specialists are involved in the testing and breaking of the algorithms which are used for the encryption. With computational effort, some of the ciphers would be be broken in a process called brute force even though the effort amount is too big. Cryptologists involved in research for commercial encryption techniques and systems, ensure that the vulnerabilities are filled up. The relations between bits and encryption key of cipher text is the main study of encryption algorithm to identify attacks and weaknesses.

Application of cryptography

Digital currencies

Digital currencies or crypto currencies have been using the concept of cryptography in order to secure the wallets and transactions that involve in these digital currencies. Money is a sensitive thing and without security, it would be a big problem that would result to a great loss. Digital currencies would hence need a form of encryption that prevents hacking or interception of the digital transactions.

Computer passwords

Passwords in a computer are stored in encrypted format. In Linux operating system, such encryption is done to the passwords and they are stored in a filed called the shadow file. In this file, the passwords are hashed making them unreadable to the user. When the password stored in the file is strong enough, it would be difficult to crack the password through brute force.

Military communication

Cryptography is also used in securing of military information. This is especially an important measure that would ensure the vital messages and military secrets are protected from interception by people who are not authorized to gain access to it. This concept was also used during World war 2.

Electronic commerce

E-commerce is web based and the internet is known as unsecure channel. Hence, encryption is necessary for its development. Cryptography would help to ensure secure e-commerce where the customers who share sensitive information like credit card details are satisfied when making purchases online. In e-commerce, encryption would help to hamper the associated threats like misappropriation, unauthorized access, and destruction and alteration of systems and the data. Many users of the e-commerce need confidence that they can conduct the commercial and financial transactions safely with the assurance that their information is secure and uninterrupted from untrusted connections.

Public Key infrastructure

There are a set of implementations that would ensure the maintenance of cryptographic components and the protocols especially when cryptography is used in public domains. Such infrastructure enables individuals and the businesses to have trust when sending over information in a public network. The following are components of PKI;

Trusted and authorized third parties

These are licensed parties especially the law enforcement agencies which are authorized to decrypt and intercept information. Also, this consists of those groups or parties that are given license to offer encryption services.

Certification Authorities

These are organizations entrusted with the certification of users using encryption and would establish credentials for transactions over the web. Such CA certificates issued contain information about the users like serial number, username, digital signature and a copy of the public key of the holder

Secure Sockets Layer (SSL)

This is a protocol that Netscape developed to secure internet communication. The infrastructure uses public-key cryptography and the digital certificates which enable authentication of the web server when transacting and would protect private messages which would pass between receiver and sender.

Figure 3: SSL infrastructure design

Secure Electronic Transactions or SET

This infrastructure was developed by MasterCard, Visa and Netscape which is aimed at securing credit-card transactions as a customer transacts with the merchant. This mechanism uses digital signatures, encryption and message digests. For each party to have their identity established – bank, merchant and card holder- private and public key pairs are used as well as the signed certificates.

Conclusion

This paper has taken into analysis of the technology of cryptography. Study has been made on the forms of modern cryptosystems which include symmetric and private-public keys encryption. Although symmetric cryptology is faster, its main challenge is encryption key management. The challenges of symmetric cryptography are solved by use of public keys where the sender would produce a public key and a private key. However, this cryptography has a challenge of speed. Hence, a mixture of both encryption methods is necessary to maximize on their advantages and reduce their disadvantages. For instance, with the help of session keys and digital envelops, one would be able to encrypt bulk message with symmetric encryption and only encrypt the key with public key cryptography hence maximizing on speed while managing the keys securely.

The paper also states the importance of the encryption in various applications like e-commerce, computer passwords, and military. Encryption is done to ensure that the security of the customers making purchases online are assured of security of their information.

References

Ellison C. & Schneier B. (2000) Risks of PKI, 116. Communications of the ACM, (42),12.

Davis, V. M., Cutino, S. C., Berg, M. J., Conklin, F. S., & Pringle, S. J. (2001). U.S. Patent No. 6,282,522. Washington, DC: U.S. Patent and Trademark Office.

Koops, B. J. (2013). Overview per country. Cryptolaw. org.

Cowie, B., & Irwin, B. (2012, July). Literature Survey: An investigation into the eld of cryptography and cryptographic protocols. In 2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE).

Miyan, M. (2017). Analysis on the Algorithm for Cryptography Based MSLDIP Watermarking. International Journal of Advanced Research in Computer Science, 8(3).

Torrubia, A., Francisco, J. M., & Marti, L. (2001). Cryptography Regulations for E-commerce and Digital Rights Management. Computers & Security, 20(8), 724-738.

Al-Vahed, A., & Sahhavi, H. (2011). An overview of modern cryptography. World Applied Programming, 1(1), 55-61.

Ranger, S. (2016). The undercover war on your internet secrets: How online surveillance cracked our trust in the web. Retrieved July 3, 2018 from https://web.archive.org/web/20160612190952/http://www.techrepublic.com/article/the-undercover-war-on-your-internet-secrets-how-online-surveillance-cracked-our-trust-in-the-web/

Schneier, B. (1996). Applied Cryptography, 2nd edn, John Wiley and Sons.

Deitel H., Deitel P. & Nieto T. (2001) e-Business & e-Commerce: How to Program. Prentice Hall NJ.

Deshmukh, M. B., Jadhav, M. D., & Sakarkar, M. G. Cryptography Algorithm Using Neither EX-NOR Operation in Mobility.