# Fundamentals Of Information Security Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In worldwide the two billion people are using the Internet. Almost all companies, business and government are linked with Internet. People are using the Internet to send the documents, images and videos resources across the computer. So user can easy to open the documents on computer so that type of resources is to related across the network system. so we can called the name is World wide web (WWW). we can also called a cyberspaces, or we can also called in simple word as a Web. This web connects so many web sites, web pages. When we are opening the internet, the hacker are try to hack your system and they are trying to steal your data. So we need to secure the data from attacks. It is a duty to the Cyber security to protect your data from hackers. The main problem is the lack of security in the TCP/IP protocol. It consist of two protocols Transmission control protocol (TCP) and Internet Protocol. The two protocols will break the message in to packets and sending to the other system. IP will read the packets and the readable mode is CLEARTEXT. So it will hide or encrypt the data and sent to inside a TCP/IP packet are to secure.The Information System Security means to protect the automated information system in order to the attain the applicable objectives of prevent the integrity, availability and confidentiality of information systems.

The below figure is CIA triad.

1.2 Cryptography: - It is the science of using mathematics to the encrypt and decrypt the data. It enables you to store the sensitive information it across a insecure networks so that it is cannot be a read by anyone to except the intended of recipient.

It is the science of the securing data, the cryptanalysis is to the science of the analyzing to breaking secure communication. The classical cryptanalysis are involves an interesting combination of analytical to reasoning, to application of the mathematical tools, to pattern finding, patience, determination and luck, it is also called attackers.

Cryptography, to most people, is concerned with keeping communications private. Indeed, the protection of sensitive communications has been the emphasis of cryptography throughout much of its history. As we will see, however, this is only one part of today's cryptography.

1.3 Biometric: It is limiting access to sensitive facilities and computer and net working assets. It is the identification or identity verification of living persons. It is a biological data and biometric authentication that to personal access control. This technology is increasing the accuracy with which the security system cans readily identity of individuals. It is a behavioural characteristics, handwritten characteristics and voice recognitions. It is general term of the used to describe characteristics of a process; Biometric is a PIN numbers for two primary reasons.

It to be identified by the person is to be requiring to physically presenting at the point of identification.

Biometric techniques has based on identification on obviates the need remember to password a token.

2 The Purpose of Cryptography: It is the science of writing in secret codes and it is an ancient art. If some experts that it argue that cryptography appeared spontaneously of the sometime after writing it was invented, with the applications ranging from the diplomatic missives to at war-time battle plans. In the data and telecommunications, of cryptography is the necessary when communicating over any un trusted medium, that which mean includes just about any of the network, particularly in the Internet.

The context of the application-to-application communication, there is some specific security requirements are including:

Authentication: It is a process of proving one identity.

Privacy/confidentiality: It ensures that no one can read the message except the intended of receiver.

Integrity: If the receiver that message received has not been altered in any way from the original.

Non-repudiation: It is a mechanism to prove that it is the sender really sent this message.

3 Stream Ciphers: Cryptography system are generally divided into two ciphers that is stream and block ciphers, it to error-correcting codes which is subdivided into block and conventional codes. Stream and block ciphers is the memory. See the below Figure.

## 3.1 Stream Ciphers vs. Block Ciphers

It is split into block ciphers and stream ciphers, which it is easy to distinguish.

3.2 Stream ciphers: It is encrypted by bits individually. It is achieved by adding the bit from the key stream to a plaintext bit. We have synchronous stream ciphers the key stream depends up only on the key, and the asynchronous are ones are the key stream are also the entire block of plain text of bits at a time in with the same key. So it's mean that the encryption of the plaintext that bit in a given block depends on every other plaintext the bits in same place. In our practice, the vast majority of the block ciphers either they have a block length of the 128 bits (16 bytes) such as the advanced the encryption standards (AES). The block of length is 64 bits (8bytes) so such as the data encryption standard (DES) or triple DES (3DES) algorithm.

4 Encryption: It is the transformation of data into some unreadable form. It is purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into some intelligible form.

Encryption and decryption require the use of some secret information, usually referred to as a key. Depending on the encryption mechanism used, the same key might be used for both encryption and decryption, while for other mechanisms, the keys used for encryption and decryption might be different

But today's cryptography is more than secret writing, more than encryption and decryption. Authentication is as fundamental a part of our lives as privacy. We use authentication though out our everyday life, when we sign our name to some document for instance, and as we move to a world where our decisions and agreements are communicated electronically, we need to replicate these procedures.

4.1 Stream Ciphers with Encryption and Decryption: Stream ciphers are encrypt to the plaintext it will be bits individually. If we take as an example each bit is encrypted by the adding to a secret key of stream bit is modulo 2.

The encryption and decryption function are to both is simple addition modulo 2, that we can be depict the basic operation of the stream cipher it is the shown on below figure.

The encryption and decryption function are the same. We can use as a simple modulo 2 addition of an encryption. The key stream bits are nature.

The following of the will give us an understanding some of important of stream cipher properties.

4.2 Encryption and Description the same function: It is the reason of the encryption and decryption function that can easily be shown. It will we must have to prove that decryption of the function is actually to produces the plaintext bit is the xi again. That will know that the ciphertext bit yi is computed that using the encryption function yi = xi + si mod 2. It will insert the encryption expression of the description function.

It is the expression (2 si mod 2) to always the value zero since the 2=0 mod 2.

Modulo 2 Addition a good Encryption functions: The mathematical explanation of the given in the context of the One-Time pad in so it is the worth that having the closer looks at the addition modulo 2. The arithmetic modulo 2 as Boolean functions such as AND gates, OR gates, NAND gates, etc. It is the exclusive-OR, also called the XOR, gate. The important fact; Modulo 2 addition is equivalent to the XOR operation.

## 5 Classification of Cryptography:

A message is called as the plaintext the ciphertext is called as coded message. When we have to converting the plaintext to ciphertext r text is called as encryption, and do the reverse process we called as description. They are many schemes are used for the encryption constitute of area study known as cryptography. Such type of encryption known as cryptographic system. Cryptography is a art form dealt with secret of communication for military to a science that helps to secure a system.

Cryptosystems can be categories in of two ways:

Asymmetric Cryptosystems

Symmetric Cryptosystems

5.1 Asymmetric Cryptosystems: It is an asymmetric cryptosystem or we can also called a public key cryptosystem, in that we a have a two different keys are used for the encryption and decryption of the data. This key will be used for encryption it is kept in public and so it has called a public key, and the decryption key will be kept secret and called a private key. This keys are generated in such a way that it is impossible to the derive private key from the public key.

The transmitter and the receiver are both have two keys in an asymmetric system.

5.2 Symmetric Cryptosystems: It is a symmetric cryptosystem or we can also call a private key cryptosystem it uses only one key for the both encryption and decryption of the data. The keys are used for encryption and decryption is called the private key and only the people who are to be authorized for the encryption/decryption would know it. In any symmetric cryptosystem are the encrypted message is to sent over without any public keys attached to it.

5.3 Strong Cryptography: - In the world there is a two kind of cryptography. It will stop to reading the files from your systems. It is strong or weak, that we explained above. It wills more strength is measure it d in the time and the resources it would require to the recover the plaintext.

5.4 Conventional Cryptography: - It is also called Secret-Key or called a symmetric-key encryption; any one of the key is used both for the encryption and decryption. This is used in the Data Encryption Standard (DES), so it is an example of the conventional cryptosystems the Federal Government is used in widely employed. The below diagram tells about to an illustration of the conventional encryption of the process.

cry2.jpg

5.5 Caesar's Cipher: It is a simple example of the conventional cryptography is a substitution cipher. It is a substitution cipher substitutes in one place to information for the. It is most frequently done by offsetting in letters to the alphabet. We have to discuss about the two examples are in Captain Midnight's Secret Decode Ring. it which you may have to owned the when you are a kid, and the Julius Caesar's cipher. If in the both cases, the algorithm is to be offset the alphabet to and the key is to the number of the characters to the offset.

In other example, if we are encode the word "SECRET" to using the Caesar's the key value of the third, then it we offset the alphabet it so that the letter of the 3rd letter down (D) that begins with the alphabet.

So it will start with.

ABCDEFGHIJKLMNOPUQRSTUVWXYZ

So it the sliding everything is to up by 3, then you get

DEFGHIJKLMNOPUQRSTUVWXYZABC

So it will be look like that is

Where D=A, E=B, F=C and so on.

So that will come in this scheme, if the plaintext, "SECRET" encrypts as the "VHFUHW", so someone to allow else to read the ciphertext, then you tell it them that the key is the 3.

5.6 Key Management and Conventional Encryption: It has benefits for the Conventional encryption. This encryption is very fast. This is especially too useful for the encrypting data so that it is not going anywhere. It is alone to means for the transmitting to secure the data can it be quite of expensive the simply due to the difficulty of the secure key distribution. When any one like sender recipient to communicate to securely using the conventional encryption. It must be agree to the key and keep the secret between them.

5.7 Public Key Cryptography: It is problems of key distribution are to solve by public key cryptography, so that to concept of which it was introduced by the Whitfield Differ and Martin Hellman in 1975. It is an asymmetric scheme that we use a pair of the keys for encryption. a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met.

It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it.

Cry3.jpg

5.8 Keys: It is a value that it works with in a cryptographic algorithm are to produce a specific ciphertext. The keys are basically it really, big numbers. It size is measured in bits. It will represent a 1024-bit key is in darn huge. The public key cryptography, is the bigger the key, it more secure the ciphertext. So the public key size and the conventional cryptography's to secret key size are totally unrelated. So the conventional 80-bit key has to the equivalent strength of a 1024-bit of public key. So the conventional 128-bit key is equivalent to a 3000-bit public key. So you need to consider and who might be trying to read your files, how it determined they are, how much the time they have, and what it their resources might to be.

5.9 Digital Signature: Digital signature is a major benefit to public key cryptography is that it provides same employing. It enable to the recipient of a information to it verify that authenticity of the information's origin, and it also verify that the information is intact. The public key digital signatures are to provide authentication and data integrity. It also provides non-repudiation that means it will prevents the sender from claiming to that he or she did not actually send the information. It is the features are every bit as fundamental to the cryptography as it privacy. It serves the same purpose as a handwritten to signature. Handwritten signature is easy counterfeit. It is superior to the handwritten signature in that it is to nearly impossible to counterfeit, and plus it the attests to the contents of the information as well as to the identity of the signer. It the basic manner to which digital signatures are to created is illustrated in the below Figure.

5.10 Hash Functions: It is the system described that above has some problems. It is slow, and it will produce an enormous volume of the data at least to double the size of the original information. It wills improvement one of the above scheme is the addition of a one-way hash function in the process. It will a one-way hash function takes to variable-length input in this case, it will write a message of any length, even thousands of millions of bits and it produces a fixed-length output, it say, 160-bits. The hash function is ensures that, if any of the information is to changed in any way even by just one of bit an entirely different output value is produced. As long as a secure hash function is used, in there is no way to take someone's signature from the one document and attach it to the another, or it to alter a signed message in the anyway. So the slightest change in the signed document it will cause the digital signature verification process to fail.

5.11 Digital Certificates: It is the issue with the public key cryptosystems is to that users must be in constantly vigilant to ensure that they are encrypting to the correct person's key. In an environment where it is safe to freely exchange the keys via public servers to man in the middle attacks are to a potential threat. In this type of the attack, someone is to posts a phony key in with the name and the user ID of the user's intended of the recipient.

5.12 Certificate Distribution: it is utilized when it is necessary to exchange the public keys with to someone else. Who wish to communicate securely for small groups of people, it is easy to the manually exchange of diskettes or emails containing each owner's public key. It is manual public key to distribution, and it is a practical only to a certain the point. Beyond that point, it is to necessary put systems into that place that it can provide the necessary to the security, storage, and the exchange mechanisms so the co workers, and business partners, or to strangers could communicate if they need to be. These can come in the form of storage-only repositories called the Certificate Servers, or the more structured systems that provide the additional key management features and are it called Public Key Infrastructures (PKIs).

## 6 Symmetric Cipher Model:

Symmetric encryption scheme has five categories.

Figure:--

Cry1.jpg

6.1 Plaintext: This is an original message or data; it will put in to the algorithm as input.

6.2 Encryption Algorithm: It will perform the encryption algorithm performs various substitutions and transformations for the plaintext.

6.3 Secret Key: It is also input to the encryption algorithm. It is value independent of the plaintext and algorithm. it will produced to the different output depending on the specific key being used by the time. it exact substitutions and transformations performed by algorithm depend on the key.

6.4 Ciphertext: It is the scrambled message to produce as output. It will depend on the plaintext and the secret key. To a given message, it two different keys will be produce two different ciphertext. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.

6.5 Decryption algorithm: It is essentially the encryption algorithm to run in reverse. It will take the ciphertext and the secret key and it produces the original plaintext.

There are two requirements for secure use of conventional encryption:

1. It will need a strong encryption algorithm and a minimum, it would like the algorithm to be such an opponent who knows that algorithm and has access to the one or more ciphertext it would be unable to decipher the ciphertext or figure out to the key. This requirement is usually stated in a stronger form the opponent it should be unable to the decrypt ciphertext or discover to the key even if he or she is in possession of a number of ciphertext together with the plaintext that produced each ciphertext.

2. It will Sender and receiver must have a obtained copies of the secret key in a secure fashion and must to keep the key secure. If anyone can discover the key and it knows the algorithm, that all communication using this key is to readable.

## 7 Cryptanalysis and Brute-Force Attack

The objective of the attacking is an encryption system of to recover the key in use to rather than simply to recover the plaintext of the single ciphertext. They are two general approaches to the attacking in a conventional encryption scheme.

7.1 Cryptanalysis: It will attacks rely on the nature of the algorithm plus to perhaps of some knowledge of the general characteristics of plaintext or even some of the sample plaintext-ciphertext of pairs. The type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

7.2 Brute-force Attack: If the attacker tries to every possible key off on a piece of the ciphertext until if an intelligible translation into the plaintext is to obtained. In average, the half of all possible keys must be to try achieving success.

Is any either type of attack succeeds in deducing the key, the effect is catastrophic. The future and past of messages are encrypted with that key are compromised.

We are first considering cryptanalysis and then discuss brute force attacks.

The below table tells about the various types of cryptanalytic attacks based on the amount of the information known to the cryptanalyst. It wills most difficult problem is too presented when all that is available is to the ciphertext only. Some cases, not even the encryption algorithm is known, but we can assume that the opponent does know the algorithm used for encryption. If it possible attack under the circumstances is brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. If to use this approach, the opponent must to have some general idea of the type of plaintext that is concealed, such as English or French text, an EXE file, a Java source listing, an accounting file.

The types of the Attacks on Encrypted Messages:

## Type of Attack

## Known to Cryptanalyst

Ciphertext Only

â€¢ Encryption algorithm

â€¢ Ciphertext

Known Plaintext

â€¢ Encryption algorithm

â€¢ Ciphertext

â€¢ One or more plaintext-ciphertext pairs formed with the secret key

Chosen Plaintext

â€¢ Encryption algorithm

â€¢ Ciphertext

â€¢ Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key

Chosen Ciphertext

â€¢ Encryption algorithm

â€¢ Ciphertext

â€¢ Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

Chosen Text

â€¢ Encryption algorithm

â€¢ Ciphertext

â€¢ Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key

â€¢ Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

## 8 Advantages and Disadvantages of Cryptosystems

## 8.1 Advantages Cryptosystems:

It is a faster cryptosystem.

The Cryptosystems are encrypted data it can be transferred on the link of even if it is a possibility that data will be a intercepted. Since there is no key transmitted within the data, the chances of the data being decrypted are null.

It is a uses password authentication to prove the receiver's identity.

The system only which possesses the secret key can decrypt a message.

The public key is biggest advantage of cryptography is to secure the nature of the private key. In fact, it is never needs to be a transmitted or revealed to anyone.

It is enables use of digital certificates and it digital timestamps, which is a very secure technique of the signature authorization. We will look at the digital timestamps and digital signatures in a moment.

## 8.2 Disadvantages Cryptosystems:

It is a problem of the key transportation. The secret key is to be transmitted of the receiving system and before that actual message is to be a transmitted. Every means of the electronic communication is to insecure as it is impossible to the guarantee of that no one will be able to tap the communication channels. So that only secure way of exchanging the keys would be a exchanging them personally.

It Cannot provide a digital signatures of that cannot be a repudiated

It is a disadvantage of using the public-key of the cryptography for encryption is to speed: there are to popular secret-key encryption in the methods on which are significantly are faster than any of currently available the public-key encryption of the method.

## 9 Conclusions

It is described how the cryptography works. There are so many ways of attacks every one of their systems. The cryptically analysis and attacks on crypto systems. It is a interesting field so the amount of work that is, and it necessity, to done in secret. it tells you the secret is not the key to the goodness of the cryptography algorithm. it is a mathematical theory of behind an algorithm, it is a well known and well document because they are also to well tested and well studied. it is the strength of the cryptography it lies in the choice.