Cryptography

Introduction

Security is a very important aspect of any software system. Vulnerability is a loophole in the security system. The security breaches are the result of the attacks on the security system utilizing the vulnerability. These breaches can happen to any component of a software system. Some of the important components of a software system are operating system, hardware, application software, database etc. Of late, Internet is playing a major role in providing software solutions. The security breaches in any software system can be categorized as follows.

• Interruption
• Interception
• Modification

• Fabrication

The message in any Internet system gets transmitted from one place to the other. When the message gets stopped in the middle and the data does not go to the required destination, it is called Interruption.

If the data is intercepted in the middle of the flow it is called Interception.

Further more, if the intercepted data is changed it is called Modification.

If some spurious objects are added to the existing message and by skillfully forging the message if the contents get changed it is called as Fabrication.

There are various methodologies of providing security in a system. One of the most important ways of providing security in Internet system is using cryptography.

Cryptography

Cryptography refers to the arts and science of codes and secrets. This can be colloquially called as "secret writing". Encryption is the process of changing the message so that it is not obvious to the world. Decryption is the reverse process. The necessity for going towards cryptography is basically because of the insecurity in the net. The previous sessions saw the inevitability in Internet called as Hacking. It is evident that once the data goes from the client to the server, it has to pass through a lot of intermediate paths. So if any critical data is sent through this media then it is free to be seen by a lot of people. One way of averting this is to lock the message being sent. This locked message can be unlocked and useful data can be retrieved only if the unlocker knows the way it was locked. This locking and unlocking of data is called as Cryptography. The whole point of cryptography is to keep information out of the hands of anyone but its intended recipient. Even if the message gets intercepted, the meaning will not be apparent to the interceptor unless the interceptor is able decipher it.

Of late the encryption algorithm uses a key, so that the cipher text message depends both on the message text and also on the key value. Ciphers act on each character of a message, transforming it according to some repeatable rule or algorithm. Ciphers rely heavily on the use of keys and coding algorithms. The algorithm, which is always kept a secret, manipulates the message to be coded in a repeatable way. A key, which will also be kept secret, provides the starting point for enciphering and deciphering texts. When a single key is used for both encryption and decryption, it is called shared key cryptography and when separate keys are used for the two processes it is called public key cryptography.

Traditionally ciphers use a single key, which a sender and the recipient share. The sender runs the algorithm using the key to turn the plain text message into an encrypted message. The recipient runs the same algorithm in reverse using the same key to decrypt the message as depicted in figure 2.

Assuming K is the key used for encryption, the generic algorithm for shared key cryptography is as follows.

The mathematical equation for the encryption process using the key can be written as follows.

C = E(K, P)

Similarly the mathematical equation for the decryption process can be written as follows.

P = D(K, C)

P = D(K, E(K, P))

Encryption is better if two keys are used. One is used for encryption and the other is used for decryption. The key used for encryption cannot be used for decryption and vice versa. Public key cryptography relies on the fact that it is relatively easy to perform modular arithmetic even on large numbers and that it is relatively difficult to find the factors of very large numbers. This means that a very large number, that has only two factors is used as the basis of an encryption scheme. The encryption is done using one factor and the decryption is done using the other factor. Decrypting the ciphered text using the same key with which it was encrypted, does not reverse the process.

As a result of the nature of modular exponentiation, the two keys work together to create an encryption algorithm. The message is encrypted using one of the keys and the other key is used to decrypt. This is an asymmetric encryption scheme. One key is called public key and can be safely distributed. The other key is called the private key or secret key and is not for distribution as in figure 3.

Suppose K_e is the key used for encryption and K_d is the key used for decryption, then the generic algorithm can be as follows.

The mathematical equation for the encryption process using the key can be written as follows.

C = E(K_e, P)

Similarly the mathematical equation for the decryption process can be written as follows.

P = D(K_d, C)

P = D(K_d, E(K_e, P))

Cryptology is the study of encryption and decryption. Cryptologist is the one who does research and study on the encryption and decryption. Cryptology is of two fields, Cryptography and Cryptanalysis. Cryptography is the practice of using encryption to conceal messages. Cryptanalysis is the study of encryption and encrypted messages with the goal of finding the hidden meanings of the messages. A cryptoanalyst’s main job is to break the encryption scheme. This he does by deducing the meaning of a cipher text message or by creating a decrypting algorithm that matches an encrypting algorithm. He may do all or any of the three different things.

1. Encryption breaking
2. Character representation.
3. Encryption weaknesses.

Any encryption algorithm is theoretically breakable. This means that given enough time, an analyst can determine the algorithm. But the question is practicality. A particular cipher scheme can have an inverse deciphering scheme that requires 10³⁰ operations. Assuming the current computer performs 10¹⁰ operations per second then the decipherment might require 10²⁰ seconds or roughly 10¹² years. So it can be concluded that although the decipherment is theoretically possible, it is practically not feasible.

A group of characters make a message. English language is assumed to be the language for creating messages. When the message is encrypted, the character distribution can be easily found out. Distribution means the frequency of occurrence of a particular character. Once the distribution frequency is found out the cryptanalysis can figure out the actual message.

Cryptanalyst can find out the weaknesses in the algorithms in used for encryption. Ofcourse the algorithm has to be known to the cryptanalyst.

Ciphers

Ciphers predominantly use a key for encryption. A cipher that does not require the use of a key is called keyless cipher.

There are generally two forms of encryption.

When one letter is exchanged for another it is called substitution. Cipher technology uses algorithm for its encryption techniques. It enciphers the characters in the message and the enciphered character is substituted in the place of the oroginal character. There are two techniques of employing substitution.

• Monoalphabetic cipher
• Polyalphabetic cipher

When the order of the letters is rearranged after substituting, it is called transposition or permutation. The goal of transposition is diffusion. It spreads the characters from the message widely across the cipher text. This basically breaks established patterns.

Monoalphabetic cipher is the technique employed wherein the characters are substituted with another character based on some algorithm. Normally the algorithm uses key for encryption. This key can be a single key as in shared key cryptography or a pair of keys as in public key cryptography. The monoalphabetic cipher is a classic example of shared key cryptography. A very famous algorithm that employs this monoalphabetic cipher is Caeser cipher.

The main weakness of the monoalphabetic ciphers is that their frequency distribution reflects the distribution of the underlying alphabet. In English, some letters are used more frequently than others. The letters E, T, and A occur far more frequently than j, Q, and Z. By just analyzing the frequency a cryptoanalyst can easily decipher the enciphered message.

Polyalphabetic cipher overcomes these problems to give an algorithm that is more foolproof. The main problem is that the distribution is not flat. The more flatter the distribution the easier is the deciphering. Polyalphabetic cipher provides a more flat distribution.

The cipher system that has been introduced so far used a single key for both encryption and decryption. This is the example for shared key cryptography. Diffie and Hellman proposed better way of encryption in 1976, which used two keys. One key is designated as the public key and the other private key. This two key system is essentially a one way encryption in the sense that public key is used to encrypt and the private key is used to decrypt it.