Cryptography: the Science of Secure Communication
International Journal of Electrical, Electronics and Computer Systems (IJEECS) ______
Cryptography: The Science of Secure Communication
1Jangala. Sasi Kiran, 2B.Vijay Kumar, 3M.Anusha, 4M.Kavya Department of Computer Science and Engineering 1,3,4VidyaVikas Institute of Technology, Chevella, R.R. Dt –Telengana, India - 501503 2Malla Reddy Engineering College for Women, Maisammaguda, Secunderabad, T.S – India – 500014
Abstract-Day by day network and internet applications is think like a cracker [3][14]. The following background becoming very popular. Sensitive information requires information in security helps in making correct security and safety measures. Security is the most decisions: Attack Recognition, Encryption techniques, challenging aspect in the internet and network Network Security Architecture, Protocol analysis, applications. Encryption algorithm provides the necessary Access control list and vulnerability. For Network protection against the data intruders’ attacks by converting information from its normal form into an security cryptography is present. In cryptography [13] unreadable form. The majority of current web data that can be read and understood without any special authentication is built on username/password. And the measures is called plaintext or clear text. The method of password replacement offers more security, but it is very cover up plaintext in such a way as to hide its substance much difficult to use and expensive to deploy. Security of is called encryption. Encrypting plaintext results in data can be done by a technique called cryptography. So unreadable data called cipher text. We use encryption to everybody say that cryptography is a developing protect the information is hidden from anyone for whom technology, which is important for network security. it is not projected, even those who can see the encrypted Cryptography in the past was used in keeping military data. The process of reversing cipher text to its original information secure to protect the national security. However, the use was limited. At present, the range of plain text is called decryption. cryptography applications have been expanded a lot in the In cryptography three types of algorithms are present. modern area after the development of communication means; cryptography is essentially required to ensure that Symmetric key algorithm, data are protected against penetrations and to prevent the practice of spying. Cryptography is a developing Asymmetric key algorithm technology, which is important for network security. Study on cryptography is still in its developing stages and a Hash function. considerable research effort is still required for secured Cryptographic algorithms play a major role for data user communication. This paper talks about the state of the art security. As the complexity of algorithm is high the risk for a broad range of cryptographic algorithms that are of breaking the original plaintext from that of cipher text used in networking applications. is less. Greater complexity means greater security. Keywords : Network security, cryptography, symmetric Encryption is the process of encoding plain text into encryption, asymmetric encryption and Caesar table. cipher text (secure data).Decryption is the revoking of I. INTRODUCTION the encryption process by which cipher text is converted to plain text, as shown in figure (1). Computer and network security is a new and fast moving technology and as such, is still being well- defined. When considering the desired learning Encryption outcomes of such a course, one could argue that a network security analyst must be capable of analyzing Plain text Cipher text security from the business perspective in order to carryout recent security act, and from the technical view Secret key in order to understand and select the most appropriate security solution. Network security [16] originally Cipher text Plain text focused on algorithmic aspects such as encryption and Decryption hashing techniques. While these concepts very often change, these skills alone are insufficient to protect Figure 1:TheEncryption and Decryption process by computer networks. As crackers troubled away at using the same key (Symmetric Key Cryptographic networks and systems, courses occurred that emphasized Algorithm). the latest attacks. Currently, many gurus believe that to train people to secure networks, they must also learn to ______ISSN (Online): 2347-2820, Volume -3, Issue-11 2015 17 International Journal of Electrical, Electronics and Computer Systems (IJEECS) ______
II. LITERATURE SURVEY optimization of encryption and modulation (single and multirate), the use of Forward Error Correcting (FEC) C. Sanchez-Avila et.al analyzed the structure and design codes to protect encrypted packets from bit errors, and of Rijndael cipher (new AES), remarking its main simulation results for Rijndael cipher. Othman O. advantages and confines, as well asits similarities and Khalifa et.al [18] discussed basic concepts, dissimilarities with DES and Triple-DES. Finally, a characteristics, and goals of various cryptography. In performance comparison among new AES, DES and today’s information age, communication plays an Triple-DES for different microcontrollers has been important role which is contributed to growth of carried out, showing that new AES have a computer cost technologies therefore privacy is needed to assure the of the same order than the one needed by T-DES [17]. security that is sent over communication media. Kyung Punita Meelu et.al presented the fundamental Jun Choi et.al [6] investigated various cryptographic mathematics behind the AES algorithm along with a algorithms suitable for wireless sensor network based on brief description of some cryptographic primitives that MICAz-type motes in which MD5 and RC4 showed best are commonly used in the field of communication performance in terms of power dissscipation and in security since AES provides better security and has less terms of cryptographic processing time used. implementation complexity and has emerged as one of the strongest and most efficient algorithms in existence III. BACKGROUND AND GOALS today. It also includes several cyber issues, development In this section we will give background information of cipher as well as the analysis of AES security aspects about the ongoing advance of browser-side against different kinds of attacks including the cryptographic functionalities. Then we will identify countermeasures against these attacks and also properties mandatory to provide webmasters and users highlighted some of the important security issues of with a mutual secure and practical authentication. AES algorithm. The future work can be done for the distribution of secret key that is considered as a critical 3.1. Browser Cryptographic Functionalities: issue of AES like other symmetric encryption algorithm 3.1.1 Browsers cryptographic libraries–To support the [15].Susan et.al concluded that the Security field is a HTTPS protocol, all modern browsers provide support new, fast moving profession. A focus on security stabilizes course material, reduces worry about student to some cryptographic operations (e.g. generating the hacking, and helps to provide students that skills client random certificate and then verify message in the Handshake phase of SSL/TLS protocol [5]). For necessary to become security analysts. It also defines the example, one of the main cryptographic libraries is set of skills desired by Network Security analysts as Network Security Services [10] which is a set of open network Security skills emphasize legal foundations, source libraries designed to support cross-platform business practices, attack recognition, network optimization and describes active learning exercises that development of security-entitled applications. assist the students in learning these important skills. This 3.1.2 JavaScript cryptography- In recent discussion of actually summarize all the skills relating to network JavaScript cryptography, a notorious issue has been security, and discussed active learning drills that assist whether or not JavaScript should ever be used for students in learning these important skills. Main focus cryptography. On the one hand, the author in [11] was on security information skills that are to be used in strongly argues that it is totally dangerous to use securing the network [8]. Aameer Nadeem et.al JavaScript cryptography inside the browser. However, presented, performance of 4 secret key algorithms (DES, the authors in [4], [12] argue that claims such as 3DES, AES, Blowfish) were compared by encrypting JavaScript crypto isn’t a serious research area and is input files of various contents and sized on different very bad for the improvement of security. hardware program. The algorithms have been implemented in a regular language, using their standard 3.1.3 CryptoAPI - W3C has created the Web qualifications, to allow a fair evaluation of execution Cryptography Working Group to develop are- speeds. Pentium-II having frequency 266MHz and commendation-track document that defines an API that Pentium-IV with 2.4 MHz machine (running Windows lets developers implement secure application protocols XP OS) are the basis for time measurement with their on the level of Web applications, including message goal to measure the encryption times of considered privacy and authentication services, by exposing trusted algos.[1]. cryptographic primitives from the browser. Mohamed A. Haleem et.al [9] discussed a tradeoff 3.1.4 Certificate and password managers - The five between security and throughput in wireless network most popular browsers (Firefox, Chrome, Internet where Markov Decision Process and OFDM (orthogonal Explorer, Safari, and Opera) provide certificate frequency Division Multiplexing) helped out to organization services. Using this built-in functionality, determine channel estimation, tracking and prediction. It users can display information about the installed also uses channel opportunities (acceptable signal to certificate including personal and authority certificates noise ratio) to maximize the throughput. It defines that the browser trusts, and perform all the important mathematical models to confine the security-throughput certificate management actions (import, export, delete). trade-off, adversary models and their effects, joint ______ISSN (Online): 2347-2820, Volume -3, Issue-11 2015 18 International Journal of Electrical, Electronics and Computer Systems (IJEECS) ______
3.2Design Requirements: Learning from previous proposition boundaries and the ongoing advance in browser-side functionalities, we identify properties required to provide webmasters and users with a common secure and practical web user authentication. 3.2.1 Security - It will be built on a mechanism that solves password security weaknesses User authentication qualifications should be stored securely and even with a database compromise, Strong Auth Figure 2: Simplified model of conventional encryption should not leak any information.
3.2.2 Usability-It will provide a similar user experience to the conventional password-basedauthentication. Even Cipher is the algorithm that is used to transform the most inexpert user can authenticate without even plaintext to cipher text, this method is called noticingthe background tasks handle by the browser. encryptionor enciphers (encode), in other words, it's a mechanism of converting readable and understandable 3.2.3 Adaptability-Users are unwilling for data into "worthless" data, and it is represented as innovation that alters their behavior [2]. follows- 3.2.4Deployability-Cryptographic algorithms will 퐂 = 퐄 (P) (1) require minimal changes in the browser and theweb 퐊 application, and no additional hardware will be required. Where E(k) is the encryption algorithm using key k. 3.2.5 Cost-efficiency-Cost is always a factor that plays a The opposite of cipher mechanism is called decipher decisive role in real-world scenario. Therefore (decode) that is the algorithm which recovers the cipher cryptographic algorithms will not involve superfluous text, this method is called decryption, in other words it's cost per user, but instead be open source to implement the mechanism of converting" meaningless" data into and deploy by using existing technologies and standards. readable data.
3.2.6 Browser support - It will be implemented as part P =퐃(퐊−ퟏ) C (2) of the browser (core component orextension) to provide adequate security and functionality guarantees. The common simplified cipher algorithm which assigns each character of plaintext into numerical value is called IV. SYMMETRIC AND ASYMMETRIC Caesar cipher,its sums the key value to the numerical CRYPTOGRAPHY value of plaintext character, and then assigns the rest of the division by modular value into cipher text character, 4.1 Symmetric cryptography: where the modular value is the max numerical value Encryption is the safest and the strongest way in plus one [19], The mathematical model of Caesar cipher securing data. Definitely, it is the most frequent one. is
Encryption systems are divided into two main types At encryption side 퐄퐧(x)=(x+n)mod p (3) symmetric and asymmetric. Symmetric encryption is known as secret key or single key, The receiver and At decryption side:퐄퐧(x)=(x-n) mod p (4) sender uses the same key to encrypt the data to decrypt Where x is the plaintext character and x is shift value, the message,. This system was the only system used the following example illustrates Caesar cipher model before discovering and developing the public key. A and the Caesar table will be: safe way of data transfer must be used to moving the secret key between the sender and the receiver in symmetric encryption. Figure 2 shows how the system A B C D E F G H I J K L M N works. Symmetric encryption occurs either by 1 1 1 0 1 2 3 4 5 6 7 8 9 10 substitution transposition technique, or by a mixture of 1 2 3 both. replacement maps each plaintext element into cipher text element, but transposition transposes the O P Q R S T U V W X Y Z positions of plaintext elements. 1 1 1 1 1 1 2 2 2 2 2 2 4 5 6 7 8 9 0 1 2 3 4 5
Table 1:Caesar Table Example: Let the plaintext message is "TELANGANA" and the key value=12, and use the simplest symmetric encryption algorithm, which called "Caesar cipher",
______ISSN (Online): 2347-2820, Volume -3, Issue-11 2015 19 International Journal of Electrical, Electronics and Computer Systems (IJEECS) ______
application that never be implemented using symmetric Plaintext Encryption ProcessCipher Text encryption. Figure.3 shows how the system T→19 (19+12)mod 26 5→F works. E→4 (4+12)mod 26 16→Q
L→11 (11+12)mod 26 23→X
A→0 (0+12)mod 26 12→M
N→13 (13+12)mod 26 25→Z
G→6 (6+12)mod 26 18→S
A→0 (0+12)mod 26 12→M
N→13 (13+12)mod 26 25→Z
A→0 (0+12)mod 26 12→M
The cipher text which arrives to the receiver is “FQXMZSMZM “, and the cipher text is entered into Figure 3: Simplified Model of Asymmetric Encryption decryptionprocess in the receiver to decrypt the text as Asymmetric encryption is slower and very complicated follow: in calculations than symmetric encryption. Therefore, Cipher Text Decryption Process Plaintext asymmetric encryption deals with plaintext as a group of F→5 (5-12)mod 26 19→T numbers which are manipulated in mathematics, while Q→16 (16-12)mod 26 4→E X→23(23-12)mod 26 11→L the plaintext in symmetric encryption deal as group of M→12(12-12)mod 26 0→A symbols and characters, the encryption process may permute these symbols, or may substitute one symbol by Z→25(25-12)mod 26 13→N another. So the nature of the data determines the system S→18(18-12)mod 266→G of encryption type. And every system has its own uses. M→12(12-12)mod 26 0→A Z→25(25-12)mod 26 3→N For example, asymmetric encryption may be used in M→12(12-12)mod 26 0→A authentication or in sending secret key fordecryption. To understand asymmetric encryption, lets us take RSA
model which is an example on asymmetricencryption, Symmetric encryption has many advantages more than RSA model main steps- asymmetric. Firstly, it is faster since it doesn’t use much time in data encryption and decryption. Secondly, it is RSA Model Steps: easier than asymmetric encryption in secret key Each user generates a public/private key pair by generation. However, it has some disadvantages, for selecting two large primes at random p,q. example key distribution and sharing of the secret key between the sender and the receiver, also symmetric key Computing modular value n=p×q encryption incompleteness, since some application like Calculating the Euler’s function Ф(n)=(p-1)×(q-1). authentication can’t be fully implemented by only using symmetric encryption [7]. Selecting at randomly the public encryption key e, where, 1 ______ISSN (Online): 2347-2820, Volume -3, Issue-11 2015 20 International Journal of Electrical, Electronics and Computer Systems (IJEECS) ______ Computing Ф (n) = (p-1) × (q-1) =2X10=20. VI. ACKNOWLEDGEMENTS Selecting e: gcd (e, 20) =1; choose e=7. I would like to express my cordial thanks to Sri. CA. BashaMohiuddin, Chairman, Smt. Rizwana Begum- Determining d:d×e=1 mod 20 and d×7=1mod 20 Secretary and Sri. Touseef Ahmed-Vice Chairman, we take d=3 i.e (3×7)mod 20 =1 so d=3 Publishing Dr.M.Anwarullah, Principal - Vidya Group of public key p = (7,33) k Institutions, Hyderabad for providing moral support, Keeping private key secret pr = (3,33) encouragement and advanced research facilities. Authors would like to thank the anonymous reviewers The encryption process and decryption process then is for their valuable comments. And they would like to applied to previously calculated parameters as follows thank Dr.V. Vijaya Kumar, Anurag Group of Plain text Encryption Process Institutions for his invaluable suggestions and constant encouragement that led to improvise the presentation 7 T→19 19 mod 33=13 quality of this paper. E→ 04047 mod 33=16 L→11 117 mod 33=11 VI. REFERENCES A→00 007 mod 33=00 [1] AameerNadeem, Dr. M.YounusJaved, ―A N→ 04047 mod 33=16 performance comparison of data Encryption G→06 067 mod 33=30 Algorithm‖, Global Telecommunication A→00 007 mod 33=00 7 Workshops, 2004 GlobeCom Workshops 2004, N→ 0404 mod 33=16 IEEE. A→00 007 mod 33=00 The cipher text will arrive the receiver, and at the [2] C. Herley, “So long, and no thanks for the receiver the cipher text will be entered into decryption externalities: the rational rejection of security process to decrypt the text as follows- advice byusers,” in Proceedings of the workshop Decryption process Plain Text on New security paradigms workshop, 2009, pp. 133mod 33=19 19→T 133–144. 3 16 mod 33=04 04→E [3] Computer Network Defense Course (CNDC), 113mod 33=11 11→ L 3 Army Reserve Readiness Training Center, Fort 00 mod 33=00 00→A McCoy WI, http:/arrtc.mccoy.army.mil, Jan. 3 16 mod 33=13 13→N 2004. 303mod 33=06 06→G 003mod 33=00 00→A [4 ]“How to improve JavaScript 163mod 33=13 13→N cryptography.”:http://hellais.wordpress.com/2011 003mod 33=00 00→A /12/27/how-to improve-java script-cryptography/. The mathematical model for symmetric and asymmetric [5] IETF, “RFC 5246 - The Transport Layer Security encryption consists of key, encryption and decryption (TLS) Protocol Version algorithm and powerful secured channel for transmitting 1.2.”.:http://tools.ietf.org/html/rfc5246 the secrete key or any channel for transmitting the public [6] Kyung Jun Choi, John –In Song, “Investigation key from the sender to the receiver, the mathematical of feasible cryptographic Algorithm For wireless model similar to equations. sensor network”, International conference on ICACT Feb 20-22, 2006 At Encryption Side: C=Ek (P) [7] K .Thomas, : " The Myth Of The Skytale ". At Decryption Side: P=Dk (C) Taylor & Francis, (1998), Vol (33), pp: 244-260. V. CONCLUSION [8] Like Zhang, Gregory B. White, ―Anomaly Network Security is the most vital component in Detection for Application Level Network Attacks information security because it is responsible for Using Payload Keywords‖, Proceedings of the securing all information passed through networked 2007 IEEE Symposium on Computational computers. Network security consists of the provisions Intelligence in Security and Defense Applications made in an underlying computer network infrastructure, (CISDA 2007). policies adopted by the network administrator to protect [9] Mohamed A.Haleem, ChetanN.Mathur the network and the network-accessible resources from R.Chandramouli,K.P.Subbalakshmi,“Opportunist unauthorized access, and consistent and continuous ic Encryption: A tradeoff between Security and monitoring and measurement of its effectiveness (or Throughput in Wireless Network” IEEE lack) combined together. We have studied various Transactions on Dependable and secure cryptographic techniques to increase the security of computing, vol. 4, no. 4. network. ______ISSN (Online): 2347-2820, Volume -3, Issue-11 2015 21 International Journal of Electrical, Electronics and Computer Systems (IJEECS) ______ [10] Mozilla, Overview“of NSS Information Technology and Knowledge MDN:https://developer.mozilla.org/en- Management, 2011, Vol, No. 4 pp. 113-117. US/docs/Overview _of_NSS. [16] Susan J Lincke, Andrew Hollan, “Network [11] Matasano, “Javascript Cryptography Considered Security: Focus on Security, Skills, and Harmful,” Stability”, Proceedings of 37th ASEE/IEEE 2011:http://www.matasano.com/articles/ Frontiers in Education Conference. javascript-cryptography/. [17] Sanchez-Avila, C. Sanchez-Reillol, R, ―The [12] N. Kobeissi, “Thoughts on Critiques of Rijndael block cipher (AES proposal): A JavaScriptCryptography.”: comparison with DES‖, 35th International http://log.nadim.cc/?p=33. Conference on Security Technology 2001, IEEE. [13] Othman O. Khalifa, MD Rafiqul Islam, S. Khan [18] Othman O. Khalifa, MD Rafiqul Islam, S. Khan and Mohammed S. Shebani, “Communication and Mohammed S. Shebani, “Communication Cryptography”,2004 RF and Microwave Cryptography”,2004 RF and Microwave Conference, Oct 5-6, Subang, Selangor, Conference, Oct 5-6, Subang, Selangor, Malaysia. Malaysia. [14] P.Mateti, “ A Laboratory-Based Course on [19] W .Stallings, " Cryptography and network Internet Security”, Proc. of 34th SIGCSE security, Principles and practices ", Fourth Technical Symp, on Computer Science Edition. Pearson Prentice Hall, (2006):, USA. Education, ACM, 2003, 252-256. [15] PunitaMellu, et al ―AES: Asymmetric key cryptographic System‖, International Journal of ______ISSN (Online): 2347-2820, Volume -3, Issue-11 2015 22