week-7

Introduction:

Encryption is a method of converting plain text to cipher text. Generally lot of secured information’s are transferred using internet services these can be easily retrieved by eavesdroppers in the community system. Encryption is mainly employed in banking, accounting, state and national bureau, military and geographical locations.Generally we have so many encryption algorithms which encrypt data, each encryption algorithm has its own style of formatting plain text to cipher text. The main problem nowadays faced by the network engineers is security, time taken to complete, probability of encrypting the data.The basic idea of increasing key size will improve the security. But the method of implementing in single algorithm will have the same security issue. To avoid this we propose hybrid algorithm, which will use three or four encryption methods to generate a new key with more security.

Hybrid Cryptography with examples

Hybrid Cryptography with examples in Ruby and Go Romek Szczesniak security consultant Hardcore Happy Cat Ltd Eleanor McHugh system architect Games With Brains January 2015.romek an applied cryptographer since 1995 . secures systems from Biometrics to Firewalls,specialises in PKI, Smartcards, Biometrics. ellie,commercial developer since 1995.mission-critical & performance sensitive systems . specialises in Ruby and Go .design credits hybrid cryptography a mode of encryption that merges two or more encryption systems incorporates a combination of asymmetric and symmetric encryption to benefit from the strengths of each form of encryption .These strengths are respectively defined as speed and security .Hybrid encryption is considered a highly secure type of encryption hybrid encryption is considered a highly secure type of encryption as long as the public and private keys are fully secure.rarely mentioned in the literature . encryption encryption • User A encrypts the Message with the symmetric key . User A encrypts the symmetric key with the receiver’s public key .User A sends the encrypted message and the encrypted key to User B.decryption decryption . User B knows how the Message is encrypted .User B decrypts the symmetric key with his private key . User B decrypts the Message using the symmetric key. an example workflow 1. create public key pair for user B (RSA-4096) 2. create symmetric key K (AES-256-CBC) 3. encrypt K(MB) and PubB(K) for message MB 4. send PubB(K) and K(MB) to user B 5. decrypt K with PrivB 6. decrypt MB with K 7. send K(MA) to user A 8. change keys and repeat as required 9. all keys are stored in Base 64 encoding key features . a point-to-point cryptosystem . fast, easy-to-use, user-specific system . independent of underlying cryptosystems may change algorithms at any point . may change keys at any point . weasel words . danger experimental code presented here all such code is provided for entertainment purposes only and should be used with extreme caution, under adult supervision, et l. any resemblance to actual code and concepts, living or dead, is purely coincidental a simple example hybrid encryption with text strings .ruby 1.8 and later uses OpenSSL as its crypto library (McHugh, 2015).

Public key encryption

Public key encryption is used for internet secure links, such as when a browser opens a bank site or a site used with credit cards. Such addresses are prefixed by https as opposed to just http. RSA-OpenSSL is such an encryption system. An example of this secure site marking can be seen on the address of this page; this Wikibooks page (when the user is logged in) shows the https prefix or some alternative browser-specific marking that indicates that it is considered secure (Basic Public Key, 2018).

Each site has an encryption key and a decryption key of its own, termed the public and private keys respectively. These are essentially very large numbers. These keys are always different, giving rise to the term asymmetrical encryption. In fact whenever we say key we mean a pair of numbers comprising the key; a key number to use in the raising of powers and another number that is the modulus of the arithmetic to be used for the work. For those unfamiliar with modular arithmetic, refer to the Wikibooks page High School Mathematics Extensions/Primes/Modular Arithmetic for a good, yet simple description (Basic Public Key, 2018).

Figure 1: Bob knows Alice's public key and uses it to encrypt the message. Alice uses her private key to decrypt the message.

Public keys are openly available for anybody to see, but private keys are not. The receiving site makes his public key available to the message sender, or by his making use of public directories. For each message transmission the sender uses this key to make the code. In this way only the private key of the recipient will decrypt it. A worked example has been provided in the text below, and the basic process can be seen in Figure 1.In fact, the two keys used for public key encryption form a reversible function. You could encrypt with the private key and decrypt with the public key if the system designers had otherwise intended it. Of course, for less public use the public keys could just as easily be treated as secret also. This reversible nature of the key pair is useful in testing digital certificates, where the issuer encrypts a certificate with his private key so that the recipient can then use his freely available public key to test it's authenticity.The numbers used are made deliberately very large, and this makes the task of obtaining the private key from the public key too difficult for a hacker. It involves the factorization of very large numbers, and is very time consuming.Such systems, although imperfect, are nonetheless useful provided that the time to break them far exceeds the period for which the data is of any interest. The estimated time to break some such codes is many thousands of years.Signed digital certificates help certify the identity of user sites and to deliver public keys. Browsers take steps to confirm their validity.The main advantage of the public key system is that there is a low administrative burden. Everything needed to send a message to a site is available in a public directory or is sent openly as a part of setting up the link.The main disadvantage of public key cryptography is that it is too slow for modern internet use. Because of this, the internet most often uses symmetric encryption for the main task; (a different method that uses a common key for both encryption and decryption); it simply uses public key methods to conceal the symmetric keys while they are being sent to the far end (Basic Public Key, 2018).

There are several methods that hackers use to break coding:The brute force cracking of a key refers to trying every possible combination of private key while testing it against the relevant cyphertext. Such testing is time consuming, because a dictionary check or human intervention is needed at each iteration to decide whether or not plain language has emerged. Also, the numbers are very large, so this method is rarely of much interest.A mathematical attack refers to the finding of the two prime numbers, the product of which makes the modulus of the publicly available key. If these can be found then it simplifies the finding of the private key (more later); this method has the advantage that computers can be left to the task without much intervention. At the time of writing (2014) the record for breaking a key by mathematical attack is by Lenstra et al, on 12 December 2009, when an RSA-768 bit modulus (232 decimal digits) was factored using a method called the General Number Field Sieve (GNFS). The process required two years of collaboration and many hundreds of computing machines. (see: http://eprint.iacr.org/2010/006.pdf) Today most encryption keys in use are much bigger than the one that was broken, and a 1024 or 2048-bit key in an SSL certificate is still considered fairly safe against a mathematical attack. Note that the difficulty of breaking such a key increases exponentially with the key length.The history of successful intrusions has not involved code breaking however, but the hacking of the servers for their data and private keys. Other exploits have relied on the security omissions of individuals, or defective programming. For example, a recent SSL exploit, (2000-2014?), has involved accessing data, not by code breaking, but by a programing flaw that allows the sender to download blocks of memory content from the destination's server. The intention in SSL is to allow some text from the recipient's server to be returned as proof of message receipt and successful decryption. For this purpose the sender can specify the length of text to return, usually a header, and in any case less than 64Kbits in length. The core of the flaw was that if a very short message was sent but the sender asked for a larger block to be returned than was sent, the faulty program would oblige, so returning data that included other secure material from memory. Repeating this process every few seconds allowed a hacker to accumulate a large data block. The matter is stated to have been since corrected, but is said to have been available to any who knew of it for a period of about four years (Basic Public Key, 2018).

Password Protection

Unix/Linux, for example, uses a well-known hash via its crypt() function. Passwords are stored in the /etc/passwd file (Figure 7A); each record in the file contains the username, hashed password, user's individual and group numbers, user's name, home directory, and shell program; these fields are separated by colons (:). Note that each password is stored as a 13-byte string. The first two characters are actually a salt, randomness added to each password so that if two users have the same password, they will still be encrypted differently; the salt, in fact, provides a means so that a single password might have 4096 different encryptions. The remaining 11 bytes are the password hash, calculated using DES.As it happens, the /etc/passwd file is world-readable on Unix systems. This fact, coupled with the weak encryption of the passwords, resulted in the development of the shadow password system where passwords are kept in a separate, non-world-readable file used in conjunction with the normal password file. When shadow passwords are used, the password entry in /etc/passwd is replaced with a "*" or "x" (Figure 7B.1) and the MD5 hash of the passwords are stored in /etc/shadow along with some other account information (Figure 7B.2).Windows NT uses a similar scheme to store passwords in the Security Access Manager (SAM) file. In the NT case, all passwords are hashed using the MD4 algorithm, resulting in a 128-bit (16-byte) hash value (they are then obscured using an undocumented mathematical transformation that was a secret until distributed on the Internet). The password password, for example, might be stored as the hash value (in hexadecimal) 60771b22d73c34bd4a290a79c8b09f18.Passwords are not saved in plaintext on computer systems precisely so they cannot be easily compromised. For similar reasons, we don't want passwords sent in plaintext across a network. But for remote logon applications, how does a client system identify itself or a user to the server? One mechanism, of course, is to send the password as a hash value and that, indeed, may be done. A weakness of that approach, however, is that an intruder can grab the password off of the network and use an off-line attack (such as a dictionary attack where an attacker takes every known word and encrypts it with the network's encryption algorithm, hoping eventually to find a match with a purloined password hash). In some situations, an attacker only has to copy the hashed password value and use it later on to gain unauthorized entry without ever learning the actual password.An even stronger authentication method uses the password to modify a shared secret between the client and server, but never allows the password in any form to go across the network. This is the basis for the Challenge Handshake Authentication Protocol (CHAP), the remote logon process used by Windows NT (Gary, 2018).

References

Basic public Key .(2018). Retrieved from https://en.wikibooks.org/wiki/Cryptography/A_Basic_Public_Key_Example

Gary ,C. K.(2018). Over view of Cryptography . Retrieved from https://www.garykessler.net/library/crypto.html

McHugh, E.(2015). Hybrid Cryptography. Retrieved from https://www.slideshare.net/feyeleanor/hybrid-cryptography-with