This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Encryption is conversion of data or plain text into a form,called cipher text.or conversion of data into unknown format(scramble) is known as encryption. Conversion of the cipher text into a plain text or data to a known format(unscramble) is known as decryption.
How Encryption works:
Encryption program uses an encryption algorithm to encrypt and decrypt the data.Encryption algorithm creates specific strings of data used for encryption,keys that consists of long string of bits or binary numbers. The more bits in the key the more number of possible combinations of binary numbers that makes the code more difficult to break.
Then encryption algorithm scrambles the data by cobining the bits in the key with the data bits.In symmetric encryption the same key is used to scramble and unscramble the data.In asymmetric key encryption two different keys needed, one for encryption and one for decryption.
Why you need Encryption:
Nowadays more and more information is stored on computers and transmitted over the internet,so we need to ensure information security and safety.
One of the most common uses of encryption is encrypting emails and sending sensitive messages,documents and files over the internet is like sending a postcard as all emails are transmitted in a unsecured form. It doesn't depend on if you send emails via public and private networks.your message is totally open to interception by anyone along the way, so anybody your ISP ,your boss etc.can read your emails. Even if you connect to your server and send emails via SSL it only means that your emails can't be seen while transmitting between you and your server.when your email reaches your server it can be seen by your email service provider.then your server sends an email to the recipient in unsecured way and your email also be seen by anyone.
Private network where email directly goes to a mail server and resides there until it retrieved,also doesn't provide necessary security levels .ofcourse you believe that your personal email doesn't contain any private information, but everyone has got something to keep secret from his family,neibours, friends.it could be financial, social,political or professional secrets.There is surely only one way to protect your privacy is - using Encryption.
The following are the some important encryption terms used in cryptography,
Cryptography: The art of hiding information using encryption.
Cryptographer: An individual who practices the cryptography.
Crypt analysis: The art of analizing cryptographic algorithms for identifying the weaknesses.
Plain Text: The information in its original form,also called as clear text.
Cipher Text: The information after the encryption or the data which is unknown to us is called cipher text.
Encryption: The process of changing the plain text into cipher text.
Decryption: The process of changing the cipher text into plain text.
Encryption Algorithm: An algorithm defines how the data is transformed when original plain text data scrambled to cipher text. Both the data sender and recipient must knoe the algorithm used for data transmission. The recipient should use the same algorithm to decrypt the cipher ext back into original plain text.
Encryption Key: Akey is a secret value,which is used as an input to the algorithm along with the plain text data when plain text is converted to cipher text. The same secret key should be used to decrypt the cipher text back into plain text.
BASICS OF SYMMETRIC ALGORITHMS:
Symmetric algorithms works using a secret key ,it means that whenever you want to encrypt or decrypt the messages or data using symmetric algorithms. you need to provide this secret key which will be use ful to encrypt or decrypt the data.following are the characteristics of symmetric algorithms.
The strength of the encryption depends mainly on the secured key.if you give the larger key it harder to hack that code.since it will take more time to the hackers to find the key.
It is based on a simple mathematical operation. So it works faster, hence it is the best choice if you are working with the large amount of data.
One drawback of this type of algorithms is that the secret key should be known to both parties(that who is encrypting and who needs the information or data to decrypt.)
Symmetric based encryption can be broken by the hackers using brute force,but if you make a long key then it will take a long time or even impossible to hack.
Since the secret key is user defined.so hackers can decode/decrypt your information using brute force.but the larger key can protect your data for long time from cracking.
SYMMETRIC ALGORITHM AND SYMMETRIC ALGORITHM CLASS:
The following are the symmetric algorithm and its classes with some information of key
DES - the valid key size and default key size is 64 bit and the default implementation class is DESCryptoServiceProvider.
TRIPLE DES - the valid key size is 128,192 bit,defalt key size is 128 bit and default implementation class is TripleDESCryptoServiceProvider.
AES (RijnDael) - the valid key size is 128,192,256 bit,default key size is 256and default implementation class is RijnDaelManaged.
It should be noted here that all these algorithm classes are derived from abstract class symmetricAlgorithm. And you can see that each class supports different key sizes and these also support for different IV sizes. As all these classes are abstract so we can not directly create any instace of any of these classes.But a SymmetricAlgorithm class expose a shared method named create which can be used to create concrete instance of the class without worrying about how it is implemented.
TYPES OF CRYPTOGRAPHY:
There are 2 types of encryption techniques,
Symmetric or Conventional Encryption
Asymmetric or Public key Encyption
Symmetric or Conventional encryption is one of the old encryption schemes used in very early days and also known as Secret key Encryption. in this scheme both the sender and receiver shares the same secret key for both encryption and decryption. This scheme uses old substitutions and permutations functions of mathematics to replace one character of plain text with other to do encryption and decryption that is why its given the name as Symmetric Encryption scheme.
The following figure shown symmetric encryption scheme,
The algorithm used for symmetric key encryption is called secret key algorithm.since secret key algorithms are mainly used for encrypting the content of the message.so these also called as content encryption algorithms.
The major vulnerability of secret key encryption algorithm are need for sharing thesecret key.one way of solving this is by deriving the same secret key from the both ends from a user given text string (Password)and the algorithm used for this is called password based encryption algorithm.the another solution is to send the key securely from one end to other end.This is done using another class of encryption called asymmetric encryption algorithm.
Strength of the symmetric key encryption depends on the size of the used.for the same algorithm encrypting using longer key makes tougher to break the algorithm than one done with the smaller key.strength of the key is not linear with the length of the key but doubles with each additional bit.
Following are the some symmetric key algorithms used,
DES (Data Encryption Standard) - 64 Bit
TRIPLE DES (Triple- Data Encryption Standard) - 128 Bit
AES (Advanced Encryption Standard) - 256 Bit
ASYMMETRIC KEY ENCRYPTION:
A cryptographic system that uses two keys a public key which is known to everyone and a private key known to only the reciepent of the message is called asymmetric cryptography,and the encryption of the message using those public key and private key is known as asymmetric encryption.
A private key is mainly used for encrypting the message-digest, in such an application the private key algorithm is called message -digest encryption algorithm.a public key is typically used for encrypting the secret key,such application private key algorithm is calley key encryption algorithm.
The following figure shows asymmetric encryption,
Asymmetric encryption uses different keys for encryption and decryption. the decryption key is very hard to derive from the encryption key. The encryption key is public so that any one can encrypt the message,however the decryption key is private so only the receiver is able to decrypt the message.it is common to set up key pairs within a network so that each user has a public and private key. The public key is made available to everyone so that anyone can encrypt the messages but the private key is made available to the person whom it belongs to.
Some asymmetric algorithms works in opposite way such as RSA algorithm .it allows process to work opposite direction as well.a message can be encrypted with a private key and decrypted with a corresponding public key.if the recipient want to decrypt a message with Bob's public key he must know that the message has come from Bob because no one else has senders private key.
The asymmetric algorithms used are
RSA (Rivest, Shamir and Adleman)
Diffie - Hellman
VULNERABILITIES OF ENCRYPTION:
Breaking symmetric encryption:
There are two methods of breaking symmetric encryption
Brute force attack is a form of attack in which each possibility is tried until success isobtained.nothing but a cipher text is deciphered under different keys until the plain text is recovered.no encrypted software that is safe from the Brute force method. But if the no possible keys is high enough it can make a program astronomically difficult to crack using Brute force. But the more bits in a key the more secure it is.
Cryptanalysis is a form of attack that attacks the characteristics of the algorithm to get a specific plain text or the key used.
In every kind of encryption software there is some kind of password that must be created so that the recipients of the information can read it.creating a strong password that cannot be a easily guessed.so it is important as choosing the good algorithm and strong encryption software.
If you forget your password ,you will not be able to decrypt data that you have encrypted.be sure to make a backup copy of your password and store it in a safe place.
Secret keys Exchanging and Storing:
Symmetric algorithms requires sharing a secret key,both the sender and receiver needs the same key to encrypt or decrypt data.anyone who knows the secret key can decrypt the message.so it is essential that the sender and receiver have a way to exchange secret keys in a sacure manner.the weakness of symmetric algorithms is that if the secret key is discovered all messages can be decrypted.so secret key need to be changed in a regular basis and kept secure during distribution and while using it.
Block ciphers operates in a purely combinational fashion with a fixed transformation applied to a large block of plain text on block by block basis.the most common block size is 8 bytes.each block is heavily processed,block ciphers provide a higher level of security.however block cipher algorithms tends to execute very slowly.
Block ciphers uses the same encryption algorithm for each block,because of this ablock of plain text will always return the same cipher text when encrypted with the same key and the algorithm.because this behaviour can be used to crack a cipher,cipher modes are introduced that will modify the encryption process based on feedback from earlier block encryptions. the resulting encryption provides higher level of security than a simple block encryption.
BLOCK CIPHER MODES:
Cipher block changing mode(CBC) introduces feedback.before each block is encrypted,it is combined with the cipher text of the previous block by a bitwise exclusive OR operation.this ensures that even if the plain text contains many identical blocks,they will each encrypt to a different cipher text block.the initialization vector is combined with the first plain text block by a bitwise exclusive OR operation before the block is encrypted.
The cipher feedback mode(CFB) processes small increments of plain text into cipher text,
Instead of processing an entire block at a time.this mode uses a shift register that is one block in length and devided into sections,for example,if the block size is 8 bytes,with one byte processed at a time,the shift register is devided into 8 sections.
The Electronic code book(ECB) mode encrypts each block individually. This means that any blocks of plain text that are identical and are in the same message,or in different message with same key,will be transformed into identical cipher text blocks.
Most of the plain text messages do not consists of number of bytes that completely filled blocks,often there are not enough bytes to fill the last block.when this happens a padding string will be added to the text.for example,if the block length is 64 bits and the last block contains only 40 bits,24 bits of padding are added.
The PKCS #7 padding string consists of sequence of bytes each of which is equal to the total number of padding bytes added. For example ,if 24 bits(3 bytes )of padding need to be added
The padding string is "03 03 03".
The Zeros padding string consists of bytes set to zero.
STRENGTH OF THE CRYPTO SYSTEM
The strength of the cryto system depends mainly on
Strength of an encryption algorithm
Secrecy of the key
Length of the key
These all should work together within a cryptosystem when discussing about strength of encryption.it refers to how hard it is to figure out the algorithm or key ,whichever is not made public.attempts break the crypto system involves passing the key number of possible ways that can be used to decrypt a message.Breaking a crypto system is accomplished by a brute force attack.which means trying every possible key value until getting the resulting plain text depending on the algorithm and length of the key this can be an easy task or one that is close to impossible. If a key can be destroyed by Pentium processor in three hours then the cipher is not strong at all.
Data Encryption Standard (DES):
The DES algorithm is used to protect the confidential message from public, which is basically private key encryption scheme.To encrypt a text file and to decrypt the encrypted form of a file for getting the orginal plain text the most widely used Data Encryption Standard algorithm is used. It was adopted in 1977 by National Bureau of Standards. It was desighned by IBM based on their own lucifier cipher and input from NSA.
In DES data is encrypted in 64 bit Blocks using a 56- Bit key.The algorithm transforms the 64- bit series of steps into 64 -bit output cipher text.the same steps with the same key, are used to reverse the encryption i.e for decryption.Here basically we give 64-Bit key as input but actually it takes 56- Bit as effective key and the remaining 8 Bits are used as a parity bits. This 56 -Bit key is sufficiently reliable at the time of implementation of DES algorithm.It was able to withstand Brute force attacks and recent work on differential crypt analysis seems to indicate that DES algorithm has strong internal structure.
Design Space of DES:
To implement DES algorithm wed esign the general depiction of DES encryption algorithm which consists of initial permutation of the 64-bit plain text and then goes through 16 rounds, where each round consists permutation and substitution of the plain text bit and the input key bit. And at last goes through a inverse initial permutation to get the 64-Bit cipher text. Decryption works by essentially running DES backwords, first goes through an initial permutation with the same key generation in the opposite order that is key generated In the last round is used first and then goes through an final permutation to undo the initial permutation.
The 64-bit input is given to an initial permutation to get 64-bit result(just the input with the bits shuffled) . The 64-bit key is passed through an permutation function to get the 56-bit key which is used to generate sixteen 48-bit per round keys.by taking a different 48-bit subset fof the 56-bit each for the keys.Each round takes as input the 64-bit output of the previous round and the 48-bit per round key and produces a 64-bit output. After the 16 round the 64-bit output has its halves swapped and is then subjected to another permutation which happens to be the inverse of the initial permutation.
Details of Single Round:
The left and right haves of each 64-bit intermediate value are treated as separate 32 -bit quantities labled as left (L) and right (R).the overall processing formulas at each round is as follows. Li= Ri-1, Ri= Li-1 XOR F(Ri-1, Ki) . the round key Ki is 48-bits, the R input is 32-bits, this R input is first expanded to 48-bits using permutation plus an expansion table. The resulting 48-bits are XORed with Ki.this 48-bit result passes through a substitution function that produces a 32-bit output in each halves to get 64-bit output. The substitution consists of a set of 8 S-boxes in the mangler function F. each of which accepts 6-bits as input and produces 4 -bits as output.
The bits of the 64 bit input key are numbered from 1 to 64 and every 8th bit is ignored. The key is first subjected to permutation choice one,the resulting 56-bit key is then treated as two 28-bit quantities labled C0 and D0.
At each round C0-1 and D0-1 are separately subjected to a circular left shift or rotation of 1 or 2 bits that serve as input to next round and also permuted choice two,which provides a 48 bit output that serves ass input to the mangler function F (Ri-1 , Ki).
The decryption process works essentially by running the DES backwards.to decrypt a block we should first run it through the initial permutation to undo the final permutation.we do the the same key generation,though we use the keys in opposite order ( first we use K16,the key generated at last). Then we run 16 rounds just like for encryption . after 16 rounds of decryption the output has its halves swapped and is then subjected to the final permutation.
AES ALGORITHM IMPLEMENTATION:
AES stands for Advanced Encryption Standard, and it is a symmetric key encryption technique which replaces the commonly used DES Data Encryption Standard.
It was the result of a worldwide call for submissions of encryption algorithms issued by the US Government's National Institute of Standards and Technology (NIST) in 1997 and completed in 2000.The winning algorithm Rijndael are developed by two Belgian cryptologists Vincent Rijmen and Joan Daemen. AES provides strong encryption and was selected by NIST as a Federal Information Processing Standard in November 2001 (FIPS-197).
The AES algorithm uses three key sizes 128-, 192- 256-bit encryption key. Each encryption key size causes algorithm to act in a different manner. So the increasing key sizes not only offer a large number of bits with which you can scramble the data, but also increases the complexity of the cipher algorithm.
ENCRYPTION ALGORITHM SELECTION:
The Advanced Encryption Algorithm (AES) was selected for several reasons. The encryption core will need to support a wide range of applications for encrypting a large amount of data.
Two standard algorithms are compared the Advanced Encryption Standard (AES) and the Data Encryption Standard (DES).both of these are symmetric algorithms. The DES algorithm supports a key length of 56- bits where as the AES algorithm supports key lengths of 128, 192, 256- Bits. Given that the block of encrypted data and a block of decrypted data is known,if the 56 -bit DES algorithm could be broken in 1 second simply by trying every possible key the same method using the 128 -bit AES algorithm will take approximately 1.5* 10^14 years to break.192 -bit AES algorithm , 2.8* 10^33 years, the 256-bit AES algorithm 5.1* 10^52 years. It is easy to see that an algorithm with more key bits has a much greater impact on the security.
DESIGN SPACE OF AES:
The AES algorithm is based on simple mathematical transformations whose inverses are difficult to compute without the key. The algorithm has 4 basic transformations