Sei sulla pagina 1di 14

Group No – 8

Mind Mapping:
Definition of 'Cryptography'
Cryptography involves creating written or generated codes that allow
information to be kept secret. Cryptography converts data into a
format that is unreadable for an unauthorized user, allowing it to be
transmitted without unauthorized entities decoding it back into a
readable format, thus compromising the data..

Types of Cryptography
The following are the two types of cryptography:
Symmetric encryption (secret key cryptography)
Asymmetric encryption (public key cryptography)

Symmetric encryption (secret key cryptography) :


The symmetric encryption method uses the same key for encryption
and decryption. As shown in the following figure, the sender uses a
key to encrypt the plaintext and sends the ciphertext to the receiver.
The receiver decrypts the ciphertext with the same key that is used for
encryption and reads the message in plaintext. As a single secret key
is used in this process
symmetric encryption is also known as secret key cryptography. This
kind of cryptography works well when you are communicating with
only a few people.

Asymmetric encryption (public key cryptography):


Asymmetric cryptography uses different keys for encryption and
decryption. In thistype of cryptography, an end user on a public or
private network has a pair of keys: a public key for encryption and a
private key for decryption. Here, a private key cannot be derived from
the public key.
Encryption
There are two types.
1.Stream Cipher

2.Block Cipher
Stream Cipher: Symmetric or secret-key encryption algorithm that encrypts a
single bit at a time. With a Stream Cipher, the same plaintext bit or byte will
encrypt to a different bit or byte every time it is encrypted.

Block Cipher: An encryption method that applies a deterministic algorithm


along with a symmetric key to encrypt a block of text, rather than encrypting
one bit at a time as in stream ciphers

E-Mail Security
PGP( Pretty Good Privacy):
The encryption and decryption processes
First, a quick word about keys. Public and private keys play a vital role in
PGP to encrypt and decrypt the data. Generally, a public key is used to
encrypt the data and is always shared with the end users. The private
key is used to decrypt the data and it is never shared with anyone.

Encrypt a file
After you've created and installed the key, you use it to encrypt a file, either
with or without a passphrase.

ENCRYPT A FILE WITH A PASSPHRASE


Use the following command to encrypt a file with a passphrase:

$ gpg -s --no-tty --always-trust --passphrase "passphrase@test" -u


<Key_Name>-pub-sub.asc "data_file.txt"
If you defined your key in the source system with a passphrase, the same
passphrase must be used in the preceding command. In our example,
“passphrase@test” is the passphrase to be used.

ENCRYPT A FILE WITHOUT A PASSPHRASE


Use the following command to encrypt a file without a passphrase:
$ gpg --encrypt --recipient ‘<Key_Name>-pub-sub.asc’ data_file.txt
Decrypt a file
Use the following command to decrypt a file:

$ echo $PASSPHRASE | gpg --batch --yes --passphrase-fd 0 data_


file.txt.gpg

Advantages of PGP encryption


1. It protects sensitive information.
2. Files and text cannot be misused through email attacks.
3. It protects data against viruses.

HYBRID ENCYPTION

• Hybrid encryption is a mode of encryption that merges two or more


encryption systems. It incorporates a combination of asymmetric and
symmetric encryption to benefit from the strengths of each form of
encryption. These strengths are respectively defined as speed and
security.
• Hybrid encryption is considered a highly secure type of encryption as
long as the public and private keys are fully secure.
• Hybrid encryption is achieved through data transfer using
unique session keys along with symmetrical encryption.
• Public key encryption is implemented for random symmetric
key encryption. The recipient then uses the public key
encryption method to decrypt the symmetric key. Once the
symmetric key is recovered, it is then used to decrypt the
message.
• The combination of encryption methods has various advantages.
• One is that a connection channel is established between two
users' sets of equipment. Users then have the ability to
communicate through hybrid encryption.
• Asymmetric encryption can slow down the encryption process,
but with the simultaneous use of symmetric encryption, both
forms of encryption are enhanced. The result is the added
security of the transmittal process along with overall improved
system performance.

MESSAGE DIGEST

• A message digest is a cryptographic hash function containing a


string of digits created by a one-way hashing formula.
• Message digests are designed to protect the integrity of a piece
of data or media to detect changes and alterations to any part of
a message. They are a type of cryptography utilizing hash values
that can warn the copyright owner of any modifications applied
to their work.
• Message digest hash numbers represent specific files containing
the protected works. One message digest is assigned to
particular data content. It can reference a change made
deliberately or accidentally, but it prompts the owner to identify
the modification as well as the individual(s) making the change.
Message digests are algorithmic numbers.
• This term is also known as a hash value and sometimes as a
checksum
• Message digests can be produced on UNIX systems with the
MD5 command. MD5s are securely stored on systems and can
reveal if an unauthorized user has accessed a file. It has been
shown that MD5 is unreliable with problems relating to collision
(where 2 keys for different data are the same) and it is no longer
used.
• File sharing programs, such as peer-to-peer (P2P), utilize
message digests to warn users when downloading identical files.
It can also pinpoint the origin of duplicate downloads. Besides
MD5, SHA and CRC32 are other message digest algorithms.
• Message digests are encrypted with private keys creating a
digital signature. This results in a type of validation ensuring
that the appropriate user is accessing protected information.
Message digests protect one-way hash algorithms taking random
data and transmitting a set length hash value.
• To begin the process a message digest is initialized. Then the
data is processed through the message digest by using updates.
Final operations include padding, during which the message
digest completes the hash computation and resets itself.
However, the digest can be reset at any time during the process.
HASHING

• Hashing is a method of cryptography that converts any form of


data into a unique string of text. Any piece of data can be
hashed, no matter its size or type. In traditional hashing,
regardless of the data’s size, type, or length, the hash that any
data produces is always the same length. A hash is designed to
act as a one-way function   you can put data into a hashing
algorithm and get a unique string, but if you come upon a new
hash, you cannot decipher the input data it represents. A unique
piece of data will always produce the same hash.

KEY MANAGEMENT:
 Definition: Key management is the set of techniques and procedures supporting the
establishment and maintenance of keying relationships between authorized parties.

 A keying relationship is the state wherein communicating entities share common


data(keying material) to facilitate cryptography techniques. This data may include
public or secret keys, initialization values, and additional non-secret parameters.

Creation or Distribution:
Key distribution is the process of distributing (cryptographic) keys to different parties.
Usually this involves mechanisms which are considered "out-of-band", i.e. mechanisms that
don't use the later communication channel for the transport of keys. Alternatively key
distribution can be done by relying the distribution of new keys upon the safe distribution of
old keys.
Storage or destruction:
Secret keys need to be stored securely:
• inside a tamper-resistant hardware security module
• on a smart card or other token
• encrypted with another key and stored on a database
 Storing plaintext keys in software is usually regarded as providing a lower level of
security than storing them in tamperprotected hardware.
 Keys may need to be archived for long periods of time (e.g. 7 years in the case of the
London Stock Exchange).

Key Recovery (KR) :


 The process of retrieving the KM from backup or archive storage is called key
recovery.
 There are several different KR techniques. ¤ The information required to recover that
key may be different for each application or each KR technique.
 The term “Key Recovery Information” (KRI) refers to the aggregate of information
needed to recover the key.
 The KRI includes the key to be recovered and other cryptographic data, the time
when the key was created, the identity of the owner of the key and any conditions that
must be met by a requestor to be able to recover the key management.

Key esrow:
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held
in escrow(Being in escrow is a contractual arrangement in which a third party receives
and disburses money or property for the primary transacting parties) so that, under certain
circumstances, an authorized third party may gain access to those keys. These third parties
may include businesses, who may want access to employees' private communications, or
governments, who may wish to be able to view the contents of encrypted communications.
The technical problem is a largely structural one since access to protected information must
be provided only to the intended recipient and at least one third party. The third party should
be permitted access only under carefully controlled conditions, as for instance, a court order.
Thus far, no system design has been shown to meet this requirement fully on a technical basis
alone. All proposed systems also require correct functioning of some social linkage, as for
instance the process of request for access, examination of request for 'legitimacy' (as by a
court), and granting of access by technical personnel charged with access control.