CRYPTOGRAPHIC ALGORITHMS FOR DATA SECURITY by

1
CRYPTOGRAPHIC ALGORITHMS FOR DATA SECURITYby

• Dr. P. S. Avadhani
• Professor
• Dept. of C. S. S. E
• ANDHRA UNIVERSITY
• VISAKHAPATNAM

2
Cryptography is..

• The Study of methodologies for secure
  communication.

3
Security Threats

• Pentagon sites are hacked more than 250 thousand
  times in year.
• In August, 1996 U.S. Department of Justice
  Website (www.usdoj.gov) was vandalized.
• CIA website (www.odci.gov/cia) was cracked by a
  group of Swedish hackers.
• A challenge to decipher a message encrypted using
  a 40-bit key was deciphered in 3 and half hours
  time ( which was expected to take 40,000 years).

4
Basic Principle..
TRANSMITTED CYPHER TEXT
ENCRYPTION
PLAIN TEXT (SENDER)
DECRYPTION
PLAINTEXT (RECEIVER)
5
Basic Security Threat..
TRANSMITTED CYPHER TEXT
ENCRYPTION
PLAIN TEXT (SENDER)
DECRYPTION
PLAINTEXT (RECEIVER)
ATTACK BY AN INTRUDER
6
Issues Involved...

• How to encrypt messages that withstand attacks?
• How do we decrypt messages that withstand
  attacks?
• When can we say that this process is secure?
• What are the possible attacks?

7
Solutions to Issues Involved.

• Encryption - Using algorithms
• Decryption- Using Algorithms which are generally
  inverses of encryption algorithms

8
Objectives of Security

• SECRECY Information should not be disclosed to
  unauthorized users. For example, a student should
  not be allowed to examine other students grades
• INTEGRITYOnly authorized users should be allowed
  to modify data. For example, students may be
  allowed to see their grades,yet not allowed to
  modify them
• AVAILABILITY Authorized users should not be
  denied access. For example, an instructor who
  wishes to change a grade should be allowed to so.
  

9
Objectives of Security contd...

• AUTHENTICATION Verification of the Origin
• NON-REPUDIATION Proof of Origin, Receipt and
  Contents. ( The sender cannot falsely deny
  sending or receiving the message )

10
Types Of Attacks

• Cipher text-only Attack Knowing algorithm and
  some cipher text, finding the plain text or the
  key.
• Known Plain Text Attack Knowing the algorithm,
  the plain text and its ciphertext, finding the
  key.

11
Types Of Attacks contd...

• Chosen Plain text Attack Knowing the algorithm
  and the cipher text for a chosen plain text,
  finding the key so as to decrypt additional
  cipher text using it.
• Timing Attack Finding the key or plain text or
  both, knowing the time taken for decryption and
  the cipher text.
• Brute Force Attack Trying all Possibilities.

12
Cryptographic Techniques for Ensuring Security

• Symmetric key Cryptosystems
• Public Key Cryptosystems

13
Symmetric Key Cryptosystems

• Based on Substitution and Permutation methods, a
  key and a function
• Sender and Receiver use the same Key
• Key has to be transported by sender to Receiver.

14
Some well Known Symmetric Key Algorithms

• DES ( Data Encryption Standard)
• IDEA ( International Data Encryption Algorithm )
• Blowfish Algorithm
• RC5
• CAST

15
General Security Measures

• Key Length
• Strength of the algorithm

16
Data Encryption Standard

• Sixteen Rounds of Permutations based on the key
  and a function.
• Key length 56 bits
• Plain Text block length 64 bits
• Strong in Avalanche Effect
• Vulnerable for known Plain Text Attack
• Secure for other attacks

17
International Data Encryption Algorithm

• Eight Rounds of Permutations followed by a
  transformation
• Block Length 64 bits
• Key Length 128 bits
• Considered to be secure for all attacks

18
Blowfish Algorithm

• Sixteen Rounds of Permutations followed by a
  transformation
• Key length varies from 32 bits to 448 bits
• Block Length 64 bits
• Considered to be secure because of variable
  length key

19
Public key Cryptosystems

• Depend on Mathematical theory like Number Theory,
  Elliptic Curves, Discrete Logarithms etc.
• Two keys used ( one for Encryption and one for
  Decryption called Public and Private Keys one is
  the inverse of the other.) Knowing one it is
  exponentially complex to find the other.
• Based on NP-Hard Problems

20
Some Well Known Public Key Cryptosystems

• RSA Algorithm
• NTRU Cryptosystem
• Knapsack Cryptosystem
• Spline Cryptosystem

21
How it works...
ORIGINAL TEXT (SENDER)
ENCRYPT WITH RECEIVERS PUBLIC KEY

• CIPHER TEXT

DECRYPT WITH RECEIVERS PRIVATE KEY
ORIGINAL TEXT (RECEIVER)
22
How It Works For Authentication
ORIGINAL TEXT (SENDER)
ENCRYPT WITH SENDERS PRIVATE KEY
ENCRYPT WITH RECEIVERS PUBLIC KEY
DECRYPT WITH SENDERS PUBLIC KEY
DECRYPT WITH RECEIVERS PRIVATE KEY
ORIGINAL TEXT (RECEIVER)
23
Public Key Cryptosystems

• Identify a Ring of elements such that some
  elements have inverses and finding the inverse
  is exponentially complex.
• Choose Private Key in such a way that it is a
  function of the set of elements.
• The multiplication operation of the ring will be
  the encryption
• The inverse of the multiplication is the
  decryption

24
RSA Algorithm

• Key Generation
• Select two large primes P,Q
• Calculate N P Q , ? (N) (P-1)(Q-1)
• Select an integer E such that (? (N),E ) 1
• Calculate D such that DE 1 mod ? (N)
• Public Key E, N
• Private Key D, N

25
RSA ALGORITHM Contd...

• Encryption
• Plain Text M lt N
• Cipher Text C M E mod N
• Decryption
• Cipher Text C
• Plain Text M C D mod N

26
Security of RSA

• Depends mainly on primality of P and Q.
• However, no Efficient, Deterministic algorithm
  for generating large primes is known.
• Only probabilistic algorithms are known.
• Assumes that there is no known polynomial time
  algorithm for factoring large numbers.
• Presently 512 bit key length are also used

27
NTRU Algorithm

• Key Generation
• Choose integers P,Q ( P lt Q ) and two
  Polynomials F and G having coefficients 1, 0, -1
  only
• No. of 1s in FNo. of -1s 1 and No. of 1s in
  GNo. of -1s
• Compute Fp,Fq such that F Fp1(mod P) and F
  Fq1( mod Q) and H P FqG ( mod Q)
• Public Key H
• Private Key F, Fp

28
NTRU Algorithm contd...

• Encryption
• Plain Text M
• Cipher Text E RHM ( mod Q )
• where R is random polynomial
• Decryption
• Cipher Text E
• Compute A FE ( mod Q) and B A (mod P)
• E Fp B ( mod P)

29
Security of NTRU

• Based on Non Truncated Ring of Polynomials
• Not necessary to have large primes

30
Other Methods

• Elliptic crypto systems
• Spline Crypto systems
• Hierarchical Models

31
Digital Signature is....

• A technique of authentication of messages

32
Attributes of Signatures

• SIGNER AUTHENTICATION The Signature should
  indicate who signed a document, message or
  record, and should be difficult for another
  person to produce without authorization.
• DOCUMENT AUTHENTICATION A Signature should
  identify what is signed, making it impracticable
  to falsify or alter either the signed matter or
  the signature without detection.

33
Attributes of Signatures Contd...

• AFFIRMATIVE ACT The affixing of the signature
  should be an affirmative act which serves the
  ceremonial and approval functions of a signature
  and establishes the sense of having legally
  consummated a transaction.
• EFFICIENCY Optimally, a signature and its
  creation and verification process should provide
  the greatest possible assurances of both signer
  authenticity and document authenticity, with the
  least possible expenditure of resources.
• Source American Bar Association - Digital
  Signatures Guidelines, August, 1996

34
Usage of Digital Signatures

• Used to verify the authenticity of the message.
• Used to verify the identity of the sender.
• Used to verify message integrity.
• The receipent, should not be able to use the
  received digital signature to falsely sign
  messages on behalf of the original sender.

35
Avalanche Effect

• A small change in either the plain text or key
  should produce a significant change in the cipher
  text.

36
Methods Used for Digital Signatures

• Public key Cryptosystems like RSA etc..
• Using Hashing Techniques
• Creating a Message Digest

37
Digital Signature using RSA Cryptosystem

• Message is encrypted with the senders private
  key to generate the signature.
• The message is sent to the destination along with
  the signature.
• The recipient decrypts the signature using the
  senders public key.
• If the result matches with the copy of the
  message received, then the authenticity,
  integrity of the message and identity of the
  sender are established.

38
Implementation of digital signatures
Receiver
Channel
Sender
Receivers key generator
Receivers public key
Message
Encrypt Message with public key of Receiver
Message Signature
Encrypted
Hash
Receivers secret key
Message
Decrypt Message with Secret Key
Hash
Decrypt Message with secret key
Compare
Calculate Signature with secret key
Senders public key
Verify Signature with public key
Senders secret key
Senders Key Generator
39
Some Hash Algorithms

• MD5 Message Digest Algorithm
• SHA (Secure Hash Algorithm)
• DSS (Digital Signature Standard)

40
Firewall is...

• A system or group of systems that enforces an
  access control policy between two networks.
• It has the following characteristics
• All traffic from inside the corporate network to
  outside the network, and vice-versa, must pass
  through it
• Only authorized traffic, as defined by the local
  security policy, is allowed to pass through it
  and
• The system itself is immune to penetration.
• Source. International Computer Security
  Associations User Profile Focus Report, 1997

41
Certificate Authorities

• Public keys are normally distributed in the form
  of certificates which are issued by Certificate
  Authorities (CA).
• The CA signs the certificate which legally
  binds the public key with the claimed identity of
  the owner of the public key. This prevents
  miscreants from masquerading as someone else and
  getting hold of secret communications, i.e. it
  ensures that the key obtained from the
  certificate is the correct public key of the
  intended recipient.

42
Some independent third parties

• Better Business Bureau (BBB online)
• TRUSTEe
• Veri-sign
• International Computer Security Association (ICSA)

43
Conclusion

• We need to design our own systems to ensure
  security to enable ourselves to be stronger as a
  nation
• Bharat Ratna Dr. APJ Kalam

44
References

• Coppersmith, D The Data Encryption Standard and
  its strength against Attacks, IBM Journal of
  RD, May,1994
• Diffie, W The First Ten Years of Public Key
  Cryptography, Proc. of IEEE,May92
• Rivest, R, Shamir, A and Adleman, A Method for
  Obtaining Signatures and Public Key
  Cryptosystems, Com. of ACM, Feb 78
• Silverman, I.H, NTRU Cryptosystem,
  http//ntru.com

45
Thank You
46
Some sites of interest

• ABA Digital Signature Guidelines
  http//www.abanet.org/scitech/ec/isc/dsgfree.
  html
• Florida Electronic Signature Act of 1996
  http//www/leg.state.f1.us/session/1996/senat
  e/bills/
• billtext/html/billtet/sbo942.html
• Illinois Electronic Commerce Security Act
  http//www.ag.state.il.us/resource/cecc/ceccac
  t.html
• Malaysia Computer Crimes Act 1997
  http//www.mycert.mimos.mydigital.html
• Signgapore Electronic Transactions Act
  http//www/ec/gov.sg/police.html
• Texas Penal Code-Computer Crimes Statute
  http//www.med.uth.tmc.edu/ecs/statelaw.html

47
Some sites of legal interest

• UCC Article2B
• http//www.law.upenn.edu/library/ulc/ucc2b/2b898.
  html
• UNCITRAL Model Law http//www.un.or.at/uncit
  ral/english/texts/electctom/ml-ec.html
• UNCITRAL Draft Rules http//www.un.or.at/unc
  itral/english/sessions/wg_ec/index.html
• Uniform Electronic Transactions Act
  http//www.law.upenn.edu/library/ulc/ulc.htm
  ueccta
• United States Code
• http//uscode.house.gov/usc.html
• Utah Digital Signature Act
• http//www.jmls.edu/cyber/statutes/udsa.html

48
More About Primes..

• Miller-Rabin Algorithm
• Reletively Primes
• The function ?(n)
• Congruences
• Ferrmats Theorem
• Eulers Theorem
• Fermat Primes
• Mersenne Primes

49
Perfect numbers.

• A positive integer is said to be perfect if the
  sum of all divisors of it( except that number) is
  itself.
• Examples are 6, 28..
• Formula 2 n-1(2n-1) where 2n-1 is a Prime.
• Note 2n-1 is a Prime ? n is a Prime

50
Conclusion

• IT can really make human lives better if proper
  checks and balances and also remedies for the
  problems envisaged are properly taken care off.
• Bharat Ratna Dr. APJ Kalam