8/9/2019 Van Ya

1/15

Abstract

The expansions of the connectivity of computers make ways of protecting data and messages

from tampering important. It is thus up to the user to ensure that communications which are

expected to remain private actually do so. One of the techniques for ensuring privacy of files and

communications is Cryptography. Cryptography is the art of creating and using cryptosystems.

Cryptosystem is the entire process of using cryptography. This includes the actions of encrypting

and decrypting a file or message, or authenticating the sender of an e-mail message.

Encryption is the transformation of data into some unreadable form. Its purpose is to ensure

privacy by keeping the information hidden from anyone for whom it is not intended, even those

who can see the encrypted data. That is encryption is any process to convert plaintext into cipher

text. Decryption is the reverse of encryption; it is the transformation of encrypted data back into

some intelligible form. That is decryption is a process to convert cipher text back into plaintext.

Encryption and decryption requires the use of some secret information, usually referred to as a

key. Depending on the encryption mechanism used, the same key might be used for both

encryption and decryption, while for other mechanisms, the keys used for encryption and

decryption might be different.

Cryptography is about communication in the presence of adversaries. As an example a classic

goal of cryptography is privacy: two parties wish to communicate privately, so that an adversary

knows nothing about what was communicated. A standard cryptographic solution to the privacy

problem is a secret-key cryptosystem, which consists of the following:

1. A message space M: a set of strings (plaintext messages) over some alphabet.

2. A ciphertext space C: a set of strings (cipher-texts) over some alphabet.

3. A key space K: a set of strings (keys) over some alphabet.

4. An encryption algorithm E mapping (K x M) into C.

5. A decryption algorithm D mapping (K x C) into M. The algorithms E and D must have

the property that D(K,E(K,M))=M for all K,M.

Todays cryptography is more than secret writing i.e. more than encryption and decryption.

Authentication is as fundamental a part of our lives as privacy. We use authentication throughout

8/9/2019 Van Ya

2/15

our everyday life, for instance when we sign our name to some document we use authentication.

As we move to a world where our decisions and agreements are communicated electronically,

we need to replicate these procedures.

Cryptography provides mechanisms for such procedures. A digital signature binds a document to

the possessor of a particular key, while a digital timestamp binds a document to its creation at a

particular time. But the field of cryptography contains even more when we include some of the

things cryptography enables us to do. With just a few basic tools it is possible to build elaborate

schemes and protocols which allow us to pay using electronic money, to prove we know certain

information without revealing the information itself, and to share a secret quantity in such a way

that no fewer than three from a pool of five people (for instance) can reconstruct the secret.

Introduction

8/9/2019 Van Ya

3/15

There are various security requirements for a Cryptographic technique including:

1. Authentication: The process of proving one's identity. (The primary forms of host-to-host

authentication on the Internet today are name-based or address-based, both of which are

notoriously weak.) Privacy/confidentiality: Ensuring that no one can read the message

except the intended receiver.

2. Integrity: Assuring the receiver that the received message has not been altered in any way

from the original.

3. Non-repudiation: A mechanism to prove that the sender really sent this message.

Any new design of Cryptographic technique must accomplish the above requisites.

Cryptography not only protects data from theft or alteration, but can also be used for user

authentication.

Cryptography:

In general, three types of cryptographic schemes are typically used to accomplish these goals:

1. Secret Key Cryptography: Uses a single key for encryption and decryption.

2. Public Key Cryptography: Uses one key for encryption, and another for decryption.

3. Hash Functions: Uses a mathematical transformation to irreversibly encrypt

information.

Secret Key Cryptography:

With secret key cryptography, a single key is used for both encryption and decryption.

The sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to

the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover

the plaintext. Because a single key is used for both functions, secret key cryptography is also

called symmetric encryption.

8/9/2019 Van Ya

4/15

8/9/2019 Van Ya

5/15

1. Data Encryption Standard (DES): DES is a block-cipher employing a 56-bitkey that

operates on 64-bit blocks. DES has a complex set of rules and transformations that were

designed specifically to yield fast hardware implementations and slow software

implementations.

2. Triple DES (3DES): A variant of DES that employs up to three 56-bit keys and makes

three encryption/decryption passes over the block; 3DES is also described in FIPS 46-

3and is the recommended replacement to DES.

3. DESX: A variant devised by Ron Rivets. By combining 64 additional key bits to the

plain text prior to encryption, effectively increases the key length to 120 bits.

4. Advanced Encryption Standard (AES): This algorithm use a variable block length and

key length; the latest specification allowed any combination of keys lengths of128, 192,

or 256 bits and blocks of length128, 192, or 256 bits. Similarly, there are Several

Algorithms like Blowfish, International Data Encryption Algorithm (IDEA), two fish,

Camellia, Secure and Fast Encryption Routine (SAFER), SEED, Skipjack. These are

algorithms are designed extending the ideas already available.

Public Key Cryptography:

Public-key cryptography has been said to be the most significant new development in securecommunication over a non-secure communications channel without having to share a secret key.

Public Key Cryptography or Asymmetric cryptography provides the same message security

guarantees as symmetric cryptography, but additionally provides the non-repudiation guarantee.

Asymmetric refers to the fact that different keys are used for encryption and decryption.

One key is kept secret (secret key) and the other is made public (public key), and are

both unique. The recipients public key should be used during the encryption process to ensure

message confidentiality as only the recipient has the necessary secret key to decrypt the message.

If, however, the message is encrypted using the senders private key the sender cannot deny

sending the message as his private key is unique and is only known to him.

Typical asymmetric algorithms include RSA, El Gamal and DSA. Asymmetric

cryptography is extremely powerful, but this comes at a cost. Especially for longer messages and

keys, it is much slower than its symmetric cryptography counterparts. This is due in part to the

8/9/2019 Van Ya

6/15

fact that, in order to achieve comparable security, asymmetric keys are generally around an order

of magnitude longer than symmetric keys.

PKC depends upon the existence of so-called one-way functions, or mathematical

functions that are easy to computer where as their inverse function are relatively difficult to

compute. Let me give you two simple examples: In public-key cryptosystems, the public key

may be freely distributed, while its paired private key must remain secret. The public key is

typically used for encryption, while the private or secret key is used for decryption. Diffie and

Hellman showed that public-key cryptography was possible by presenting the Diffie-Hellman

key exchange protocol.

In addition to encryption, public-key cryptography can be used to implement digital

signature schemes. A digital signature is reminiscent of an ordinary signature; they both have the

characteristic that they are easy for a user to produce, but difficult for anyone else to forge.

Digital signatures can also be permanently tied to the content of the message being signed; they

cannot then be 'moved' from one document to another, for any attempt will be detectable.

In digital signature schemes, there are two algorithms: one for signing, in which a secret key is

used to process the message (or a hash of the message, or both), and one for verification, in

which the matching public key is used with the message to check the validity of the signature.

RSA and DSA are two of the most popular digital signature schemes. Digital signatures are

central to the operation of public key infrastructures and many network security schemes (e.g.,

SSL/TLS, many VPNs, etc).

Public-key algorithms are most often based on the computational complexity of "hard"

problems, often from number theory. For example, the hardness of RSA is related to the integer

factorization problem. More recently, elliptic curve cryptography has developed in which

security is based on number theoretic problems involving elliptic curves. Because of the

difficulty of the underlying problems, most public-key algorithms involve operations such as

modular multiplication and exponentiation, which are much more computationally expensive

than the techniques used in most block ciphers, especially with typical key sizes. As a result,

public-key cryptosystems are commonly hybrid cryptosystems, in which a fast high-quality

symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric

key is sent with the message, but encrypted using a public-key algorithm. Similarly, hybrid

8/9/2019 Van Ya

7/15

signature schemes are often used, in which a cryptographic hash function is computed, and only

the resulting hash is digitally signed.

Hash Functions:

Hash functions, also called message digests and one-way encryption, and are algorithms that, in

some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext

that makes it impossible for either the contents or length of the plaintext to be recovered. Hash

algorithms are typically used to provide a digital fingerprint of a file's contents often used to

ensure that the file has not been altered by an intruder or virus. Hash functions are also

commonly employed by many operating systems to encrypt passwords. Hash functions, then,

provide a measure of the integrity of a file.

Hash functions are sometimes misunderstood and some sources claim that no two files can have

the same hash value. This is, in fact, not correct. Consider a hash function that provides a 128-bit

hash value. There are, obviously, 2128 possible hash values. But there are a lot more than 212

possible files. Therefore, there have to be multiple files in fact; there have to be an infinite

number of files. By the above basics about the Cryptography and the study is about the

Cryptographic Schemes available and their methodology of handling keys and way of Encoding

generated each class of Techniques.

Validity and Trust:

Every user in a public key system is vulnerable to mistaking a phony key (Certificate) for a real

one. Validity is confidence that a public key certificate belongs to its purported owner. Validity

is essential in a public key environment where you must constantly establish whether or not a

particular certificate is authentic.

When youve assured yourself that a certificate belonging to someone else is valid, you can sign

the copy on your keyring to attest to the fact that youve checked the certificate and that its an

authentic one. If you want others to know that you gave the certificate your stamp of approval,

you can export the signature to a certificate server so that others can see it.

8/9/2019 Van Ya

8/15

As described in the section, Public Key Infrastructures. some companies designates one or

more Certification Authorities (CAs) to indicate certificate validity. In an organization using a

PKI with X.509certificates, it is the job of the CA to issue certificates to users a process which

generally entails responding to a users request for a certificate. In an organization using PGP

certificates without a PKI, it is the job of the CA to check the authenticity of all PGP certificates

and then sign the good ones. Basically, the main purpose of a CA is to bind a public key to the

identification information contained in the certificate and thus assure third parties that some

measure of care was taken to ensure that this binding of the identification information and key is

valid.

The CA is the Grand Pooh-bah of validation in an organization; someone whom everyone trusts,

and in some organizations, like those using a PKI, no certificate is considered valid unless it has

been signed by a trusted CA.

Checking Validity:

One way to establish validity is to go through some manual process. There are several ways to

accomplish this. You could require your intended recipient to physically hand you a copy of hisor her public key. But this is often inconvenient and inefficient.

Another way is to manually check the certificates fingerprint. Just as every humans fingerprints

are unique, every PGP certificates fingerprint is unique. The fingerprint is a hash of the users

certificate and appears as one of the certificates properties. In PGP, the fingerprint can appear as

a hexadecimal number or a series of so-called biometric words, which are phonetically distinct

and are used to make the fingerprint identification process a little easier.

You can check that a certificate is valid by calling the keys owner (so that you originate the

transaction) and asking the owner to read his or her keys fingerprint to you and verifying that

fingerprint against the one you believe to be the real one. This works if you know the owners

voice, but, how do you manually verify the identity of someone you dont know? Some people

8/9/2019 Van Ya

9/15

put the fingerprint of their key on their business cards for this very reason.

Another way to establish validity of someones certificate is to trust that a third individual has

gone through the process of validating it.

A CA, for example, is responsible for ensuring that prior to issuing to a certificate, he or she

carefully checks it to be sure the public key portion really belongs to the purported owner.

Anyone who trusts the CA will automatically consider any certificates signed by the CA to be

valid.

Another aspect of checking validity is to ensure that the certificate has not been revoked.

Establishing Trust:

You validate certificates. You trust people. More specifically, you trust people to validate other

people certificates. Typically, unless the owner hands you the certificate, you have to go by

someone elses word that it is valid.

Meta and Trusted Introducers:

In most situations, people completely trust the CA to establish certificates validity. This means

that everyone else relies upon the CA to go through the whole manual validation process for

them. This is fine up to a certain number of users or number of worksites, and then it is not

possible for the CA to maintain the same level of quality validation. In that case, adding other

validators to the system is necessary.

A CA can also be a meta-introducer. A meta-introducer bestows not only validity on keys, but

bestows the ability to trust keys upon others. Similar to the king who hands his seal to his trusted

advisors so they can act on his authority, the meta-introducer enables others to act as trusted

introducers. These trusted introducers can validate keys to the same effect as that of the meta-

8/9/2019 Van Ya

10/15

introducer. They cannot, however, create new trusted introducers.

Meta-introducer and trusted introducer are PGP terms. In an X.509 environment, the meta-

introducer is called the root Certification Authority (root CA) and trusted introducers subordinate

Certification Authorities.

The root CA uses the private key associated with a special certificate type called a root CA

certificate to sign certificates. Any certificate signed by the root CA certificate is viewed as valid

by any other certificate signed by the root. This validation process works even for certificates

signed by other CAs in the system as long as the root CA certificate signed the subordinate

CAs certificate, any certificate signed by the CA is considered valid to others within the

hierarchy. This process of checking backup through the system to see who signed whose

certificate is called tracing a certification path or certification chain.

Trust Models

In relatively closed systems, such as within a small company, it is easy to trace a certification

path back to the root CA. However, users must often communicate with people outside of their

corporate environment, including some whom they have never met, such as vendors, customers,clients, associates, and so on. Establishing a line of trust to those who have not been explicitly

trusted by your CA is difficult.

Companies follow one or another trust model, which dictates how users will go about

establishing certificate validity. There are three different models:

1. Direct Trust

2. Hierarchical Trust

3. A Web of Trust

8/9/2019 Van Ya

11/15

Direct Trust

Direct trust is the simplest trust model. In this model, a user trusts that a key is valid because he

or she knows where it came from. All cryptosystems use this form of trust in some way. For

example, in web browsers, the root Certification Authority keys are directly trusted because they

were shipped by the manufacturer. If there is any form of hierarchy, it extends from these

directly trusted certificates.

In PGP, a user who validates keys herself and never sets another certificate to be a trusted

introducer is using direct trust.

Hierarchical Trust

In a hierarchical system, there are a number of root certificates from which trust extends.

These certificates may certify certificates themselves, or they may certify certificates that certify

still other certificates down some chain. Consider it as a big trust tree. The leaf certificate's

validity is verified by tracing backward from its certifier, to other certifiers, until a directly

trusted root certificate is found.

Web of Trust

A web of trust encompasses both of the other models, but also adds the notion that trust is in the

eye of the beholder (which is the real-world view) and the idea that more information is better. It

is thus a cumulative trust model. A certificate might be trusted directly, or trusted in some chain

going back to a directly trusted root certificate (the meta-introducer), or by some group of

introducers.

Perhaps youve heard of the term Six degrees of separation, which suggests that any person in

the world can determine some link to any other person in the world using six or fewer other

people as intermediaries. This is a web of introducers.

8/9/2019 Van Ya

12/15

It is also the PGP view of trust. PGP uses digital signatures as its form of introduction. When any

user signs anothers key, he or she becomes an introducer of that key. As this process goes on, it

establishes a web of trust.

In a PGP environment, any user can act as a certifying authority. Any PGP user can validate

another PGP users public key certificate. However, such a certificate is only valid to another

user if the relying party recognizes the validator as a trusted introducer. (That is, you trust my

opinion that others keys are valid only if you consider me to be a trusted introducer. Otherwise,

my opinion on other keys validity is moot.)

Stored on each users public keyring are indicators of:

1. Whether or not the user considers a particular key to be valid.

2. The level of trust the user places on the key that the keys owner can serve as certifier of

others keys

You indicate, on your copy of my key, whether you think my judgment counts. Its really a

reputation system: certain people are reputed to give good signatures, and people trust them to

attest to other keys validity.

Certificate Revocation

Certificates are only useful while they are valid. It is unsafe to simply assume that a certificate is

valid forever. In most organizations and in all PKIs, certificates have a restricted lifetime. This

constrains the period in which a system is vulnerable should a certificate compromise occur.

Certificates are thus created with a scheduled validity period: a start date/time and an expiration

date/time. The certificate is expected to be usable for its entire validity period (its lifetime).When

the certificate expires; it will no longer be valid, as the authenticity of its key/identification pair

is no longer assured. (The certificate can still be safely used to reconfirm information that was

encrypted or signed within the validity periodit should not be trusted for cryptographic tasks

8/9/2019 Van Ya

13/15

moving forward, however.)

There are also situations where it is necessary to invalidate a certificate prior to its expiration

date, such as when the certificate holder terminates employment with the company or suspects

that the certificates corresponding private key has been compromised. This is called revocation.

A revoked certificate is much more suspect than an expired certificate. Expired certificates are

unusable, but do not carry the same threat of compromise as a revoked certificate.

Anyone who has signed a certificate can revoke his or her signature on the certificate (provided

he or she uses the same private key that created the signature). A revoked signature indicates that

the signer no longer believes the public key and identification information belong together, or

that the certificates public key (or corresponding private key) has been compromised. A revoked

signature should carry nearly as much weight as a revoked certificate.

With X.509 certificates, a revoked signature is practically the same as a revoked certificate given

that the only signature on the certificate is the one that made it valid in the first placethe

signature of the CA. PGP certificates provide the added feature that you can revoke your entire

certificate (not just the signatures on it) if you yourself feel that the certificate has been

compromised.

Only the certificates owner (the holder of its corresponding private key) or someone whom the

certificates owner has designated as a revoker can revoke a PGP certificate. (Designating a

revoker is a useful practice, as its often the loss of the pass phrase for the certificates

corresponding private key that leads a PGP user to revoke his or her certificatea task that is

only possible if one has access to the private key.) Only the certificates issuer can revoke an

X.509 certificate.

Communicating That a Certificate Has Been Revoked

When a certificate is revoked, it is important to make potential users of the certificate aware that

it is no longer valid. With PGP certificates, the most common way to communicate that a

8/9/2019 Van Ya

14/15

certificate has been revoked is to post it on a certificate server so others who may wish to

communicate with you are warned not to use that public key.

In a PKI environment, communication of revoked certificates is most commonly achieved via a

data structure called a Certificate Revocation List, or CRL, which is published by the CA. The

CRL contains a time-stamped, validated list of all revoked, unexpired certificates in the system.

Revoked certificates remain on the list only until they expire, then they are removed from the list

this keeps the list from getting too long.

The CA distributes the CRL to users at some regularly scheduled interval (and potentially off-

cycle, whenever a certificate is revoked). Theoretically, this will prevent users from unwittingly

using a compromised certificate. It is possible though, that there may be a time period between

CRLs in which a newly compromised certificate is used.

What is a Passphrase?

Most people are familiar with restricting access to computer systems via a password, which is a

unique string of characters that a user types in as an identification code.

A passphrase is a longer version of a password, and in theory, a more secure one. Typically

composed of multiple words, a pass phrase is more secure against standard dictionary attacks,

where in the attacker tries all the words in the dictionary in an attempt to determine your

password. The best passphrases are relatively long and complex and contain a combination of

upper and lowercase letters, numeric and punctuation characters.

PGP uses a passphrase to encrypt your private key on your machine. Your private key is

encrypted on your disk using a hash of your pass phrase as the secret key. You use the

passphrase to decrypt and use your private key. A pass phrase should be hard for you to forget

and difficult for others to guess. It should be something already firmly embedded in your long-

term memory, rather than something you make up from scratch. Why? Because if you forget

your passphrase; you are out of luck. Your private key is totally and absolutely useless without

8/9/2019 Van Ya

15/15

your passphrase and nothing can be done about it. Remember, PGP is cryptography that will

keep major governments out of your files. It will certainly keep you out of your files, too. Keep

that in mind when you decide to change your passphrase to the punch line of that joke you can

never quite remember.

Key Splitting

They say that a secret is not a secret if it is known to more than one person. Sharing a private key

pair poses such a problem. While it is not a recommended practice, sharing a private key pair is

necessary at times. Corporate Signing Keys, for example, are private keys used by a company to

sign for example legal documents, sensitive personnel information, or press releases to

authenticate their origin. In such a case, it is worthwhile for multiple members of the company to

have access to the private key. However, this means that any single individual can act fully on

behalf of the company.

In such a case it is wise to split the key among multiple people in such a way that more than one

or two people must present a piece of the key in order to reconstitute it to a usable condition. If

too few pieces of the key are available, then the key is unusable.

Some examples are to split a key into three pieces and require two of them to reconstitute the

key, or split it into two pieces and require both pieces. If a secure network connection is used

during the reconstitution process, the keys shareholders need not be physically present in order

to rejoin the key.