van ya

Upload: abhinavthedhiman

Post on 29-May-2018

225 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/9/2019 Van Ya

    1/15

    Abstract

    The expansions of the connectivity of computers make ways of protecting data and messages

    from tampering important. It is thus up to the user to ensure that communications which are

    expected to remain private actually do so. One of the techniques for ensuring privacy of files and

    communications is Cryptography. Cryptography is the art of creating and using cryptosystems.

    Cryptosystem is the entire process of using cryptography. This includes the actions of encrypting

    and decrypting a file or message, or authenticating the sender of an e-mail message.

    Encryption is the transformation of data into some unreadable form. Its purpose is to ensure

    privacy by keeping the information hidden from anyone for whom it is not intended, even those

    who can see the encrypted data. That is encryption is any process to convert plaintext into cipher

    text. Decryption is the reverse of encryption; it is the transformation of encrypted data back into

    some intelligible form. That is decryption is a process to convert cipher text back into plaintext.

    Encryption and decryption requires the use of some secret information, usually referred to as a

    key. Depending on the encryption mechanism used, the same key might be used for both

    encryption and decryption, while for other mechanisms, the keys used for encryption and

    decryption might be different.

    Cryptography is about communication in the presence of adversaries. As an example a classic

    goal of cryptography is privacy: two parties wish to communicate privately, so that an adversary

    knows nothing about what was communicated. A standard cryptographic solution to the privacy

    problem is a secret-key cryptosystem, which consists of the following:

    1. A message space M: a set of strings (plaintext messages) over some alphabet.

    2. A ciphertext space C: a set of strings (cipher-texts) over some alphabet.

    3. A key space K: a set of strings (keys) over some alphabet.

    4. An encryption algorithm E mapping (K x M) into C.

    5. A decryption algorithm D mapping (K x C) into M. The algorithms E and D must have

    the property that D(K,E(K,M))=M for all K,M.

    Todays cryptography is more than secret writing i.e. more than encryption and decryption.

    Authentication is as fundamental a part of our lives as privacy. We use authentication throughout

  • 8/9/2019 Van Ya

    2/15

    our everyday life, for instance when we sign our name to some document we use authentication.

    As we move to a world where our decisions and agreements are communicated electronically,

    we need to replicate these procedures.

    Cryptography provides mechanisms for such procedures. A digital signature binds a document to

    the possessor of a particular key, while a digital timestamp binds a document to its creation at a

    particular time. But the field of cryptography contains even more when we include some of the

    things cryptography enables us to do. With just a few basic tools it is possible to build elaborate

    schemes and protocols which allow us to pay using electronic money, to prove we know certain

    information without revealing the information itself, and to share a secret quantity in such a way

    that no fewer than three from a pool of five people (for instance) can reconstruct the secret.

    Introduction

  • 8/9/2019 Van Ya

    3/15

    There are various security requirements for a Cryptographic technique including:

    1. Authentication: The process of proving one's identity. (The primary forms of host-to-host

    authentication on the Internet today are name-based or address-based, both of which are

    notoriously weak.) Privacy/confidentiality: Ensuring that no one can read the message

    except the intended receiver.

    2. Integrity: Assuring the receiver that the received message has not been altered in any way

    from the original.

    3. Non-repudiation: A mechanism to prove that the sender really sent this message.

    Any new design of Cryptographic technique must accomplish the above requisites.

    Cryptography not only protects data from theft or alteration, but can also be used for user

    authentication.

    Cryptography:

    In general, three types of cryptographic schemes are typically used to accomplish these goals:

    1. Secret Key Cryptography: Uses a single key for encryption and decryption.

    2. Public Key Cryptography: Uses one key for encryption, and another for decryption.

    3. Hash Functions: Uses a mathematical transformation to irreversibly encrypt

    information.

    Secret Key Cryptography:

    With secret key cryptography, a single key is used for both encryption and decryption.

    The sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to

    the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover

    the plaintext. Because a single key is used for both functions, secret key cryptography is also

    called symmetric encryption.

  • 8/9/2019 Van Ya

    4/15

  • 8/9/2019 Van Ya

    5/15

    1. Data Encryption Standard (DES): DES is a block-cipher employing a 56-bitkey that

    operates on 64-bit blocks. DES has a complex set of rules and transformations that were

    designed specifically to yield fast hardware implementations and slow software

    implementations.

    2. Triple DES (3DES): A variant of DES that employs up to three 56-bit keys and makes

    three encryption/decryption passes over the block; 3DES is also described in FIPS 46-

    3and is the recommended replacement to DES.

    3. DESX: A variant devised by Ron Rivets. By combining 64 additional key bits to the

    plain text prior to encryption, effectively increases the key length to 120 bits.

    4. Advanced Encryption Standard (AES): This algorithm use a variable block length and

    key length; the latest specification allowed any combination of keys lengths of128, 192,

    or 256 bits and blocks of length128, 192, or 256 bits. Similarly, there are Several

    Algorithms like Blowfish, International Data Encryption Algorithm (IDEA), two fish,

    Camellia, Secure and Fast Encryption Routine (SAFER), SEED, Skipjack. These are

    algorithms are designed extending the ideas already available.

    Public Key Cryptography:

    Public-key cryptography has been said to be the most significant new development in securecommunication over a non-secure communications channel without having to share a secret key.

    Public Key Cryptography or Asymmetric cryptography provides the same message security

    guarantees as symmetric cryptography, but additionally provides the non-repudiation guarantee.

    Asymmetric refers to the fact that different keys are used for encryption and decryption.

    One key is kept secret (secret key) and the other is made public (public key), and are

    both unique. The recipients public key should be used during the encryption process to ensure

    message confidentiality as only the recipient has the necessary secret key to decrypt the message.

    If, however, the message is encrypted using the senders private key the sender cannot deny

    sending the message as his private key is unique and is only known to him.

    Typical asymmetric algorithms include RSA, El Gamal and DSA. Asymmetric

    cryptography is extremely powerful, but this comes at a cost. Especially for longer messages and

    keys, it is much slower than its symmetric cryptography counterparts. This is due in part to the

  • 8/9/2019 Van Ya

    6/15

    fact that, in order to achieve comparable security, asymmetric keys are generally around an order

    of magnitude longer than symmetric keys.

    PKC depends upon the existence of so-called one-way functions, or mathematical

    functions that are easy to computer where as their inverse function are relatively difficult to

    compute. Let me give you two simple examples: In public-key cryptosystems, the public key

    may be freely distributed, while its paired private key must remain secret. The public key is

    typically used for encryption, while the private or secret key is used for decryption. Diffie and

    Hellman showed that public-key cryptography was possible by presenting the Diffie-Hellman

    key exchange protocol.

    In addition to encryption, public-key cryptography can be used to implement digital

    signature schemes. A digital signature is reminiscent of an ordinary signature; they both have the

    characteristic that they are easy for a user to produce, but difficult for anyone else to forge.

    Digital signatures can also be permanently tied to the content of the message being signed; they

    cannot then be 'moved' from one document to another, for any attempt will be detectable.

    In digital signature schemes, there are two algorithms: one for signing, in which a secret key is

    used to process the message (or a hash of the message, or both), and one for verification, in

    which the matching public key is used with the message to check the validity of the signature.

    RSA and DSA are two of the most popular digital signature schemes. Digital signatures are

    central to the operation of public key infrastructures and many network security schemes (e.g.,

    SSL/TLS, many VPNs, etc).

    Public-key algorithms are most often based on the computational complexity of "hard"

    problems, often from number theory. For example, the hardness of RSA is related to the integer

    factorization problem. More recently, elliptic curve cryptography has developed in which

    security is based on number theoretic problems involving elliptic curves. Because of the

    difficulty of the underlying problems, most public-key algorithms involve operations such as

    modular multiplication and exponentiation, which are much more computationally expensive

    than the techniques used in most block ciphers, especially with typical key sizes. As a result,

    public-key cryptosystems are commonly hybrid cryptosystems, in which a fast high-quality

    symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric

    key is sent with the message, but encrypted using a public-key algorithm. Similarly, hybrid

  • 8/9/2019 Van Ya

    7/15

    signature schemes are often used, in which a cryptographic hash function is computed, and only

    the resulting hash is digitally signed.

    Hash Functions:

    Hash functions, also called message digests and one-way encryption, and are algorithms that, in

    some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext

    that makes it impossible for either the contents or length of the plaintext to be recovered. Hash

    algorithms are typically used to provide a digital fingerprint of a file's contents often used to

    ensure that the file has not been altered by an intruder or virus. Hash functions are also

    commonly employed by many operating systems to encrypt passwords. Hash functions, then,

    provide a measure of the integrity of a file.

    Hash functions are sometimes misunderstood and some sources claim that no two files can have

    the same hash value. This is, in fact, not correct. Consider a hash function that provides a 128-bit

    hash value. There are, obviously, 2128 possible hash values. But there are a lot more than 212

    possible files. Therefore, there have to be multiple files in fact; there have to be an infinite

    number of files. By the above basics about the Cryptography and the study is about the

    Cryptographic Schemes available and their methodology of handling keys and way of Encoding

    generated each class of Techniques.

    Validity and Trust:

    Every user in a public key system is vulnerable to mistaking a phony key (Certificate) for a real

    one. Validity is confidence that a public key certificate belongs to its purported owner. Validity

    is essential in a public key environment where you must constantly establish whether or not a

    particular certificate is authentic.

    When youve assured yourself that a certificate belonging to someone else is valid, you can sign

    the copy on your keyring to attest to the fact that youve checked the certificate and that its an

    authentic one. If you want others to know that you gave the certificate your stamp of approval,

    you can export the signature to a certificate server so that others can see it.

  • 8/9/2019 Van Ya

    8/15

    As described in the section, Public Key Infrastructures. some companies designates one or

    more Certification Authorities (CAs) to indicate certificate validity. In an organization using a

    PKI with X.509certificates, it is the job of the CA to issue certificates to users a process which

    generally entails responding to a users request for a certificate. In an organization using PGP

    certificates without a PKI, it is the job of the CA to check the authenticity of all PGP certificates

    and then sign the good ones. Basically, the main purpose of a CA is to bind a public key to the

    identification information contained in the certificate and thus assure third parties that some

    measure of care was taken to ensure that this binding of the identification information and key is

    valid.

    The CA is the Grand Pooh-bah of validation in an organization; someone whom everyone trusts,

    and in some organizations, like those using a PKI, no certificate is considered valid unless it has

    been signed by a trusted CA.

    Checking Validity:

    One way to establish validity is to go through some manual process. There are several ways to

    accomplish this. You could require your intended recipient to physically hand you a copy of hisor her public key. But this is often inconvenient and inefficient.

    Another way is to manually check the certificates fingerprint. Just as every humans fingerprints

    are unique, every PGP certificates fingerprint is unique. The fingerprint is a hash of the users

    certificate and appears as one of the certificates properties. In PGP, the fingerprint can appear as

    a hexadecimal number or a series of so-called biometric words, which are phonetically distinct

    and are used to make the fingerprint identification process a little easier.

    You can check that a certificate is valid by calling the keys owner (so that you originate the

    transaction) and asking the owner to read his or her keys fingerprint to you and verifying that

    fingerprint against the one you believe to be the real one. This works if you know the owners

    voice, but, how do you manually verify the identity of someone you dont know? Some people

  • 8/9/2019 Van Ya

    9/15

    put the fingerprint of their key on their business cards for this very reason.

    Another way to establish validity of someones certificate is to trust that a third individual has

    gone through the process of validating it.

    A CA, for example, is responsible for ensuring that prior to issuing to a certificate, he or she

    carefully checks it to be sure the public key portion really belongs to the purported owner.

    Anyone who trusts the CA will automatically consider any certificates signed by the CA to be

    valid.

    Another aspect of checking validity is to ensure that the certificate has not been revoked.

    Establishing Trust:

    You validate certificates. You trust people. More specifically, you trust people to validate other

    people certificates. Typically, unless the owner hands you the certificate, you have to go by

    someone elses word that it is valid.

    Meta and Trusted Introducers:

    In most situations, people completely trust the CA to establish certificates validity. This means

    that everyone else relies upon the CA to go through the whole manual validation process for

    them. This is fine up to a certain number of users or number of worksites, and then it is not

    possible for the CA to maintain the same level of quality validation. In that case, adding other

    validators to the system is necessary.

    A CA can also be a meta-introducer. A meta-introducer bestows not only validity on keys, but

    bestows the ability to trust keys upon others. Similar to the king who hands his seal to his trusted

    advisors so they can act on his authority, the meta-introducer enables others to act as trusted

    introducers. These trusted introducers can validate keys to the same effect as that of the meta-

  • 8/9/2019 Van Ya

    10/15

    introducer. They cannot, however, create new trusted introducers.

    Meta-introducer and trusted introducer are PGP terms. In an X.509 environment, the meta-

    introducer is called the root Certification Authority (root CA) and trusted introducers subordinate

    Certification Authorities.

    The root CA uses the private key associated with a special certificate type called a root CA

    certificate to sign certificates. Any certificate signed by the root CA certificate is viewed as valid

    by any other certificate signed by the root. This validation process works even for certificates

    signed by other CAs in the system as long as the root CA certificate signed the subordinate

    CAs certificate, any certificate signed by the CA is considered valid to others within the

    hierarchy. This process of checking backup through the system to see who signed whose

    certificate is called tracing a certification path or certification chain.

    Trust Models

    In relatively closed systems, such as within a small company, it is easy to trace a certification

    path back to the root CA. However, users must often communicate with people outside of their

    corporate environment, including some whom they have never met, such as vendors, customers,clients, associates, and so on. Establishing a line of trust to those who have not been explicitly

    trusted by your CA is difficult.

    Companies follow one or another trust model, which dictates how users will go about

    establishing certificate validity. There are three different models:

    1. Direct Trust

    2. Hierarchical Trust

    3. A Web of Trust

  • 8/9/2019 Van Ya

    11/15

    Direct Trust

    Direct trust is the simplest trust model. In this model, a user trusts that a key is valid because he

    or she knows where it came from. All cryptosystems use this form of trust in some way. For

    example, in web browsers, the root Certification Authority keys are directly trusted because they

    were shipped by the manufacturer. If there is any form of hierarchy, it extends from these

    directly trusted certificates.

    In PGP, a user who validates keys herself and never sets another certificate to be a trusted

    introducer is using direct trust.

    Hierarchical Trust

    In a hierarchical system, there are a number of root certificates from which trust extends.

    These certificates may certify certificates themselves, or they may certify certificates that certify

    still other certificates down some chain. Consider it as a big trust tree. The leaf certificate's

    validity is verified by tracing backward from its certifier, to other certifiers, until a directly

    trusted root certificate is found.

    Web of Trust

    A web of trust encompasses both of the other models, but also adds the notion that trust is in the

    eye of the beholder (which is the real-world view) and the idea that more information is better. It

    is thus a cumulative trust model. A certificate might be trusted directly, or trusted in some chain

    going back to a directly trusted root certificate (the meta-introducer), or by some group of

    introducers.

    Perhaps youve heard of the term Six degrees of separation, which suggests that any person in

    the world can determine some link to any other person in the world using six or fewer other

    people as intermediaries. This is a web of introducers.

  • 8/9/2019 Van Ya

    12/15

    It is also the PGP view of trust. PGP uses digital signatures as its form of introduction. When any

    user signs anothers key, he or she becomes an introducer of that key. As this process goes on, it

    establishes a web of trust.

    In a PGP environment, any user can act as a certifying authority. Any PGP user can validate

    another PGP users public key certificate. However, such a certificate is only valid to another

    user if the relying party recognizes the validator as a trusted introducer. (That is, you trust my

    opinion that others keys are valid only if you consider me to be a trusted introducer. Otherwise,

    my opinion on other keys validity is moot.)

    Stored on each users public keyring are indicators of:

    1. Whether or not the user considers a particular key to be valid.

    2. The level of trust the user places on the key that the keys owner can serve as certifier of

    others keys

    You indicate, on your copy of my key, whether you think my judgment counts. Its really a

    reputation system: certain people are reputed to give good signatures, and people trust them to

    attest to other keys validity.

    Certificate Revocation

    Certificates are only useful while they are valid. It is unsafe to simply assume that a certificate is

    valid forever. In most organizations and in all PKIs, certificates have a restricted lifetime. This

    constrains the period in which a system is vulnerable should a certificate compromise occur.

    Certificates are thus created with a scheduled validity period: a start date/time and an expiration

    date/time. The certificate is expected to be usable for its entire validity period (its lifetime).When

    the certificate expires; it will no longer be valid, as the authenticity of its key/identification pair

    is no longer assured. (The certificate can still be safely used to reconfirm information that was

    encrypted or signed within the validity periodit should not be trusted for cryptographic tasks

  • 8/9/2019 Van Ya

    13/15

    moving forward, however.)

    There are also situations where it is necessary to invalidate a certificate prior to its expiration

    date, such as when the certificate holder terminates employment with the company or suspects

    that the certificates corresponding private key has been compromised. This is called revocation.

    A revoked certificate is much more suspect than an expired certificate. Expired certificates are

    unusable, but do not carry the same threat of compromise as a revoked certificate.

    Anyone who has signed a certificate can revoke his or her signature on the certificate (provided

    he or she uses the same private key that created the signature). A revoked signature indicates that

    the signer no longer believes the public key and identification information belong together, or

    that the certificates public key (or corresponding private key) has been compromised. A revoked

    signature should carry nearly as much weight as a revoked certificate.

    With X.509 certificates, a revoked signature is practically the same as a revoked certificate given

    that the only signature on the certificate is the one that made it valid in the first placethe

    signature of the CA. PGP certificates provide the added feature that you can revoke your entire

    certificate (not just the signatures on it) if you yourself feel that the certificate has been

    compromised.

    Only the certificates owner (the holder of its corresponding private key) or someone whom the

    certificates owner has designated as a revoker can revoke a PGP certificate. (Designating a

    revoker is a useful practice, as its often the loss of the pass phrase for the certificates

    corresponding private key that leads a PGP user to revoke his or her certificatea task that is

    only possible if one has access to the private key.) Only the certificates issuer can revoke an

    X.509 certificate.

    Communicating That a Certificate Has Been Revoked

    When a certificate is revoked, it is important to make potential users of the certificate aware that

    it is no longer valid. With PGP certificates, the most common way to communicate that a

  • 8/9/2019 Van Ya

    14/15

    certificate has been revoked is to post it on a certificate server so others who may wish to

    communicate with you are warned not to use that public key.

    In a PKI environment, communication of revoked certificates is most commonly achieved via a

    data structure called a Certificate Revocation List, or CRL, which is published by the CA. The

    CRL contains a time-stamped, validated list of all revoked, unexpired certificates in the system.

    Revoked certificates remain on the list only until they expire, then they are removed from the list

    this keeps the list from getting too long.

    The CA distributes the CRL to users at some regularly scheduled interval (and potentially off-

    cycle, whenever a certificate is revoked). Theoretically, this will prevent users from unwittingly

    using a compromised certificate. It is possible though, that there may be a time period between

    CRLs in which a newly compromised certificate is used.

    What is a Passphrase?

    Most people are familiar with restricting access to computer systems via a password, which is a

    unique string of characters that a user types in as an identification code.

    A passphrase is a longer version of a password, and in theory, a more secure one. Typically

    composed of multiple words, a pass phrase is more secure against standard dictionary attacks,

    where in the attacker tries all the words in the dictionary in an attempt to determine your

    password. The best passphrases are relatively long and complex and contain a combination of

    upper and lowercase letters, numeric and punctuation characters.

    PGP uses a passphrase to encrypt your private key on your machine. Your private key is

    encrypted on your disk using a hash of your pass phrase as the secret key. You use the

    passphrase to decrypt and use your private key. A pass phrase should be hard for you to forget

    and difficult for others to guess. It should be something already firmly embedded in your long-

    term memory, rather than something you make up from scratch. Why? Because if you forget

    your passphrase; you are out of luck. Your private key is totally and absolutely useless without

  • 8/9/2019 Van Ya

    15/15

    your passphrase and nothing can be done about it. Remember, PGP is cryptography that will

    keep major governments out of your files. It will certainly keep you out of your files, too. Keep

    that in mind when you decide to change your passphrase to the punch line of that joke you can

    never quite remember.

    Key Splitting

    They say that a secret is not a secret if it is known to more than one person. Sharing a private key

    pair poses such a problem. While it is not a recommended practice, sharing a private key pair is

    necessary at times. Corporate Signing Keys, for example, are private keys used by a company to

    sign for example legal documents, sensitive personnel information, or press releases to

    authenticate their origin. In such a case, it is worthwhile for multiple members of the company to

    have access to the private key. However, this means that any single individual can act fully on

    behalf of the company.

    In such a case it is wise to split the key among multiple people in such a way that more than one

    or two people must present a piece of the key in order to reconstitute it to a usable condition. If

    too few pieces of the key are available, then the key is unusable.

    Some examples are to split a key into three pieces and require two of them to reconstitute the

    key, or split it into two pieces and require both pieces. If a secure network connection is used

    during the reconstitution process, the keys shareholders need not be physically present in order

    to rejoin the key.