Monday, August 5, 2019
Information Security Using Cryptography Information Technology Essay
Information Security Using Cryptography Information Technology Essay This paper aims to provide a total review of Information security and cryptography, Information security means protecting information and information systems from unauthorized access (PROXY SERVERS), use, disclosure, disruption, modification, or destruction. Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. SECURITY in this contemporary scenarios has become a more sensible issue either it may be in the REAL WORLD or in the CYBER WORLD. In the real world as opposed to the cyber world an attack is often preceded by information gathering. This is also true in the cyber world. Here the bad guys are referred to as intruders, hackers, hijackers, etc. The intruders would first have a panoramic view of the victims network and then start digging the holes. One of the method for protecting information from hackers is Cryptography Cryptography defined as the science and study of secret writing, concerns the ways in which communications and data can be encoded to prevent disclosure of their contents through message interception, using codes ciphers and other methods, so that only certain people can see the real message. Encryption transforms original information, called plaintext, into transformed information, called cipher text, code text or simply cipher, which usually has the appearance of random, unintelligible data. Encryption provides confidentiality, integrity and authenticity of the information transferred from A to B. INTRODUCTION: The objective of this paper is to provide the reader with an insight into recent developments in the field of cryptography. Cryptography was used as a tool to protect national secrets and strategies. The proliferation of computers and communications systems in the 1960s brought with it a demand from the private sector for means to protect information in digital form and to provide security services. DES, the Data Encryption Standard, is the most well-known cryptographic mechanism. It remains the standard means for securing electronic commerce for many financial institutions around the world. The most striking development in the history of cryptography came in 1976 when Diffie and Hellmann published New Directions in Cryptography. The word cryptography comes from a Greek word which means hidden or secret. It is considered as a miraculous boon that will solve all the computer security problems. It is also referred to as science of secret writing. The objective is to provide security to the appropriate layer among the seven layers of networking infrastructure. This topic can be dealt mathematically also. But our focus is on cyber applications and its vitality. While cryptographers work on inventing clever secret codes, cryptanalysts attempt to break these codes. Cryptology encompasses both the subjects. Symantec is launching Norton 360 in India, an online digital security solutions service that could be paid for on basis of actual usage. The company which has various products to provide information security and retrieval of secured information, is also now into providing a regulatory compliances services. This is a sentence published in the famous newspaper The HINDU .This is an excellent evidence to support the sentence Network security is extremely essential. Two entities A and B wish to work over a secure network .but an intruder interrupts and shares their secrets without their knowledge. Now cryptography has the ability to send information between entities in a way that prevents others from reading it. For instance: If the original message was GIVE TWO MILLION he would have encoded the message with SHIFT BY 3 and so the message would now be JLYHWZRPLOORQ which is obviously in an unreadable format unless you know the method of deciphering. BASIC PRINCIPLES: Key concepts For over twenty years information security has held that confidentiality, integrity and availability (known as the CIA Triad) are the core principles of information security. CIA TRAID Confidentiality Confidentiality is a requisite for maintaining the privacy of the people whose personal information the organization holds. Information that is considered to be confidential in nature must only be accessed, used, copied, or disclosed by persons who have been authorized to access, use, copy, or disclose the information, and then only when there is a genuine need to access, use, copy or disclose the information. A breach of confidentiality occurs when information that is considered to be confidential in nature has been, or may have been, accessed, used, copied, or disclosed to, or by, someone who was not authorized to have access to the information. Integrity In information security, integrity means that data can not be created, changed, or deleted without authorization. A loss of integrity occurs when an employee accidentally, or with malicious intent, deletes important data files. A loss of integrity can occur if a computer virus is released onto the computer. A loss of integrity can occur when an on-line shopper is able to change the price of the product they are purchasing. Availability The concept of availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed. Defense in depth During its life time, information may pass through many different parts of information processing systems. There are many different ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms. The building up, layering on and overlapping of security measures is called defense in depth. Additional insight into defense in depth can be gained by thinking of it as forming the layers of an onion, with data at the core of the onion, people as the outer layer of the onion, and network security, host-based security and applications security forming the inner layers of the onion CRYPTOGRAPHY: OVERVIEW: Security Concerns Security Attacks: Interruption Interception Modification Fabrication Methods of defense: Encryption Software Controls Hardware Controls Physical Controls Encryption Cryptography Cryptanalysis Encryption algorithm types: Asymmetric Symmetric Cryptographic Algorithms: Secret key Public key Hash functions History-Caesar cipher A simple substitution cipher Polyalphabetic substitution example Uses of encryption Applications of cryptography Security Concerns: Unauthorized access to resources. Masquerade as authorized user or end system. E-mail forgery. Malicious attacks. Monitoring and capture of network traffic. Exploitation of software bugs Contributing Factors: Increased Internet use: Home broadband, Greater coverage (wired and wireless): More ubiquitous on-line use: Education, Business, Games, Shoppingà ¢Ã¢â ¬Ã ¦ Lack of awareness of threats and risks. Wide-open network policies. Unencrypted network traffic. Complexity of security measurements and administration. Software bugs. Availability of cracking tools. Security Attacks: Interruption: This is an attack on Availability. Interception: This is an attack on confidentiality. Modification: This is an attack on integrity. Fabrication: This is an attack on authenticity. Methods of defense: Encryption: Encryption is key enabling technology to implement computer security. Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption. Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user, who possesses the cryptographic key, through the process of decryption. Cryptography is used in information security to protect information from unauthorized or accidental discloser while the information is in transit (either electronically or physically) and while information is in storage Cryptography can introduce security problems when it is not implemented correctly. The length and strength of the encryption key is also an important consideration. A key that is weak or too short will produce weak encryption. The keys used for encryption and decryption must be protected with the same degree of rigor as any other confidential information. What is cryptography? Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Cryptology embraces both cryptography and cryptanalysis. Strong cryptography: There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. Cryptographic strength is measured in the time and resources it would require to recover the plaintext. The result of strong cryptography is cipher text that is very difficult to decipher without possession of the appropriate decoding tool. How does cryptography work? A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key-a word, number, or phrase-to encrypt the plaintext. The same plaintext encrypts to different cipher text with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem. Conventional cryptography: In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption. Encryption and decryption: Data that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called cipher text. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption. This could be illustrated using the following diagram: 001010010111001 100101001011001 001011100100101 Encryption and decryption Why Cryptography? Concerned with developing algorithms which may be used to: Conceal the context of some message from all except the sender and recipient (privacy or secrecy), and/or Verify the correctness of a message to the recipient (authentication) Forms the basis of many technological solutions to computer and communications security problems Elements of cryptography: In cryptographic terminology, the message is called plaintext or clear text. Encoding the contents of the message in such a way that hides its contents from outsiders is called encryption. A method of encryption and decryption is called a cipher The name cipher originates from the Hebrew word Saphar, meaning to number. The encrypted message is called the cipher text. The process of retrieving the plaintext from the cipher text is called decryption. Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key. Cryptanalysis: The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key is called Cryptanalysis. Also called code breaking sometimes. Whereas people who do cryptography are cryptographers and practitioners of cryptanalysis are cryptanalysts. Cryptology Cryptology is the branch of mathematics that studies the mathematical foundations of cryptographic methods. Cryptology comes from the Greek words Krypton, meaning hidden, and Graphen, meaning to write. Cryptology is actually the study of codes and ciphers. Cryptology = both cryptography and cryptanalysis. The Key: All modern algorithms use a key to control encryption and decryption; a message can be decrypted only if the key matches the encryption key. The key used for decryption can be different from the encryption key, but for most algorithms they are the same. Encryption Algorithm Types: There are two classes of key-based algorithms: Symmetric (or secret-key) Asymmetric (or public-key) algorithms The difference is that symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key. Asymmetric Algorithms: public key Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met. It is computationally infeasible to deduce the private key from the public key. Any one who has a public key can encrypt the information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. Public key algorithm: Symmetric Algorithms Symmetric algorithms can be divided into two categories: (1) stream ciphers and (2) block ciphers. Stream ciphers can encrypt a single bit/byte of plaintext at a time, whereas à ¢Ã¢â ¬Ã ¦ Block ciphers take a number of bits (typically 64 bits in modern ciphers), and encrypt them as a single unit. Secret key and Public key: Hash functions: An improvement on the above scheme is the addition of a one-way hash function in the process. A one-way hash function takes variable-length input-in this case, a message of any length, even thousands or millions of bits-and produces a fixed-length output; say, 160-bits. The hash function ensures that, if the information is changed in any way-even by just one bit-an entirely different output value is produced. As long as a secure hash function is used, there is no way to take someones signature from one document and attach it to another, or to alter a signed message in any way. The slightest change in a signed document will cause the digital signature verification process to fail. Hash Functions History Caesar Cipher: Julius Caesar used a simple alphabet (letter) substitution, offset by 3 letters. Taking the word cipher you would move ahead in the alphabet 3 letters to get FLSKHU. c =3 à ® 3+3 = 6 à ® F i =9 à ® 9+3 = 12 à ® L p =16 à ® 16+3 = 19 à ® S h =8 à ® 8+3 = 11 à ® K e =5 à ® 5+3 = 8 à ® H r =18 à ® 18+3 = 21 à ® U This worked for a while, until more people learned to read and studied his secret cipher. A Simple Substitution Cipher Plaintext: abcdefghijklmnopqrstuvwxyz QIAYMWFUBKPDGJZSOCVLXNETRH Cipher text: Polyalphabetic Substitution Example: Suppose that a polyalphabetic cipher of period 3 is being used, with the three monoalphabetic ciphers M1, M2, M3 as defined below. To encrypt a message, the first 3 letters of the plaintext are enciphered according to ciphers M1, M2, M3 respectively, with the process being repeated for each subsequent block of 3 plaintext letters. a b c d e f g h i j k l m n o p q r s t u v w x y z M1: K D N H P A W X C Z I M Q J B Y E T U G V R F O S L M2: P A G U K H J B Y D S O E M Q N W F Z I T C V L X R M3: J M F Z R N L D O W G I A K E S U C Q V H Y X T P B Plaintext Now is the time for every good man Ciphertext JCQ CZ VXK VCER AQC PCRTX LBQZ QPK Note: The two os in good have been enciphered as different letters. Also the three letters X in the cipher text represent different letters in the plaintext Uses of Encryption: Protecting data from prying eyes is not the only security issue in networking. One can imagine at least four security services: Protecting data from being read by unauthorized persons Verifying the sender of each message (authentication) Preventing unauthorized persons from inserting or deleting messages Making it possible for users to send signed documents electronically Applications of cryptography: Digital signatures have many applications in information security, including authentication, data integrity, and non-repudiation. One of the most significant applications of digital signatures is the certification of public keys in large networks. Certification is a means for a trusted third party (TTP) to bind the identity of a user to a public key, so that at some later time, other entities can authenticate a public key without assistance from a trusted third party There is a lot of information that we dont want other people to see. This can be achieved by cryptography such as Credit card information Private correspondence Social security numbers Personal details Sensitive company information CONCLUSION: Thus Information security measures are needed to protect data from hackers, when it is transmitted between terminal user and computer and between computer and computer and it is also necessary to protect the computer system when there is an attack of virus. The capability of security enabled components still lags behind the claims. Everyone has a different idea of what security is, and what levels of risk are acceptable. Its important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. As and when new security methods are developed, breaking of these methods has increased. So measures have to be taken to fill the loopholes, of which cryptography has and is playing a major role. Cryptography is evergreen and developments in this area are a better option. Basic security challenges in the corporate realm are not yet completely addressed. Nevertheless the cumbersome combats devised against each of the security fissures, yet the cyber MAVERICKS all around the world are succeeding in their ways of perdition. This was quite evident from the E-attacks on BARC server post-September11th cyber attacks on FBI sites where even sophisticated surveillance systems couldnt come to their rescue. A case in point is that, E-ATTACKS are becoming notoriously peerless as compared with the traditional nuke-wars. Consequently, in the quench of thirst for more and more secured systems BIOMETRICS SYSTEM, QUANTUM CRYPTOGRAPHY and many more are innovatively being implemented at a cumulative pace.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.